Access Denied to Portal Site
- From: "Howard Pinsley" <headly@xxxxxxxxxxxxx>
- Date: Mon, 20 Jun 2005 10:31:39 -0400
I'm posting this on this managed site at the request of Wei-Dong XU [MSFT].
His suggestions are at the bottom along with my responses:
My portal is configured for Windows Authentication only. It disallows
anonymous access (both via IIS settings and sharepoint admin).
Right now only users that are either Windows Administrators OR in the
Sharepoint Administrators site group can access the portal. Regular
domain users get access denied (in actually IE puts up a login screen
after silently failing to get the user's credentials authenticated).
Reentering the credentials doesn't work.
The IIS log on the server simply shows HTTP 401 errors on
/default.aspx. Interestingly, the users's browser is directed to a
page with are URL like
http://server/_layouts/1033/reqacc.aspx?type=list&name=%7B3ACFA70C%2D3846%2D42C9%2DAF23%2D1FE39F02DD71%7D
The issue appears to be accessing lists on the portal. Notice the
list's name is given (a GUID). I matched it up to a list on my portal.
It corresponded to a survey we were testing. After I deleted the
survey web part from my portal's home page, the GUID changed and now
references the EVENTS list (and there is an events web part on the
portal page).
I must be missing something with the Portal security config. Note that
authenticated users have no trouble getting to regular sharepoint sites
on the same server. It's just the portal's site collection.
Any ideas?
>> From Wei-Dong XU:
>> ==============
>> The Integrated Windows authentiction of Sharepoint is based on the IIS
>> Integrated windows authentication. So for your issue, I'd have three
>> suggestions:
>> 1. whether any update/modification at your domain controller ban these
>> domain accounts
>>
No, they're valid accounts. And as I mentioned, they have no trouble
getting to non-portal WSS sites (which require authentication as well).
>> 2. At IIS6 new architecture, each site has its own worker process or
>> share
>> one worker process with other sites. So please check the identity of the
>> Sharepoint site worker process; assign one domain admin account to this
>> worker process for the troubleshooting.
>> http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/7
>> 6be66e2-1db1-432e-95be-14ff59c2ec75.mspx
The identity of the worker process is indeed a domain account -- but not a
domain administrator. The account is, however, in the local Administrators
group on the Sharepoint server.
>> 3. whether these baned accounts are in one site group which has been
>> granted no access to the Sharepoint portal.
>>
As far as I know, no such group exists.
Thanks for your help.
Howard
.
- Follow-Ups:
- RE: Access Denied to Portal Site
- From: Yan-Hong Huang[MSFT]
- RE: Access Denied to Portal Site
- From: Wei-Dong XU [MSFT]
- RE: Access Denied to Portal Site
- Prev by Date: RE: Newbie question: SPS navigation
- Next by Date: Error datatype cannot be converted to/from a native DS datatype
- Previous by thread: Change Permissions
- Next by thread: RE: Access Denied to Portal Site
- Index(es):
Relevant Pages
|
