Tuesday, August 6, 2013

Access denied on accessing SharePoint site through Alternate Access Mapping (AAM) URL

Last month I ran into an authentication issue after upgrading to SharePoint 2013 (See last post). I was glad to have solved that, but now I have an "Access denied" error when using Alternate Access Mapping (AAM) Urls. 

The Problem


I've created a SharePoint site that has been configured with an alternate access URL.
I can access the SharePoint site using localhost (on the SharePoint server) but when I access it using the alternate URL, I get this page with access denied message.
Surprisingly, when I access the page remotely using same AD credentials, can access the site without any problem.
The access denied page that comes up does not have a SharePoint background, its a white page with access denied message.
I added myself as administrator with full control to the Sharepoint site.
Why does this happen?
When accessing locally, you may be running afoul of the security loopback feature.  This prevents malware on the local server from bypassing web security by coming back to the same machine using an alias.  There are several ways to do this, as detailed in this KB article - http://support.microsoft.com/kb/896861/en-us
The Fix
The basic way to shutoff loopback checking (not ideal security, by the way).

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Quit Registry Editor, and then restart your computer.


References:
Access denied on accessing sharepoint site through alternate access mapping URL

Error 401.1 when using Integrated Authentication

Wednesday, July 24, 2013

Authentication issues after upgrading to Sharepoint 2013 - "Sorry, this site hasn't been shared with you"

Recently I ran into this problem after restoring a site collection backup in Sharepoint 2013.

The roles and permissions were all there but all users still got this message

"Sorry, this site hasn't been shared with you."

Very annoying. What could be causing this?

After some googling I came across this on technet

Migrate from classic-mode to claims-based authentication in SharePoint 2013

The source site collection for the backup was originally upgraded from Sharepoint 2010 to 2013, and claims authentication was not enabled.

I ran the following powershell commands to switch from classic to claims based authentication

$WebAppName = "<Web App Url>"
$wa = get-SPWebApplication $WebAppName
$wa.UseClaimsAuthentication = $true
$wa.Update()
$wa.MigrateUsers($true)

$wa.ProvisionGlobally()

Users were able to successfully authenticate after running the above commands. Problem Solved.

Friday, May 24, 2013

Sharepoint 2010 Tags & Notes Permissions




 
In a SharePoint 2010 site, that was not created using the team site template, users can't see each other's notes.


 To fix this
  •  Login to the Central Administration .
  •  Click on Manage Service Applications -> User Profile Service Application ->
  •  Click "Setup My Sites" under "My Site Settings"








                 
  • Scroll down to the "Security Trimming Options" section.
  • Click "Show all links regardless of permission". This allows everyone to see each other's notes on all sites in the farm.
  • You can also specify the site Url(s), for more control over who sees notes, tags, feeds & ratings .




  •   After clicking "Ok" I can see other people's notes.