HTTP 403 Forbidden error when try browse to a SharePoint web app

Received the following error when browse to a SharePoint web app

The website declined to show this webpage
HTTP 403
Most likely causes:
This website requires you to log in.

http-403

if we create a copy of the web.config file, rename the web.config file, refresh the home page, we receive an “HTTP 404 – Page Not Found” error.

Rename the web.config file back and refresh the page. The site is browse able for a while before failing after some time, We see the following error in Failed Request Tracing

filed-request-tracing

A procmon trace captured while accessing the web app from the server showed the following:

w3wp.exe 4180 CreateFile

C:\inetpub\wwwroot\wss\VirtualDirectories\Web80.Contoso.com80\bin ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize
Disposition: Open
Options: Directory, Synchronous IO Non-Alert
Attributes: n/a
ShareMode: Read, Write, Delete
AllocationSize: n/a
Impersonating: NT AUTHORITY\IUSR

tcs-view

This issue usually occurs when a request from an authenticated user without local admin rights results in a failed read of the /BIN directory by the impersonating w3wp.exe (IIS worker process for ASP.NET) process.

This behavior is typically associated with lack of permissions to the temporary folder /BIN where ASP.Net assemblies are Just In Time (JIT) compiled.

Resolution

The solution is to ensure that the Authenticated Users or \Users group (which usually contains DOMAIN\Users group) has Read & Execute, List Folder Contents and Read permissions on the /BIN folder below

C:\inetpub\wwwroot\wss\VirtualDirectories{Sitename80}.

Follow the steps below to grant the required permissions:

a. Open Windows Explorer and navigate to the /bin directory of your web application
b. Right-click on the folder and click on Properties
c. Go to Security tab and click on Edit
d. Click on Add and add the local server group Authenticated Users or \Users (this usually contains DOMAIN\Users group).
e. Select the Read & Execute, List Folder Contents and Read permissions (if you are planning to add Everyone to the /bin folder, grant Read permissions only)
f. Click OK to apply the new settings
g. Refresh the page and we should be able to browse to the site.

More Information

If an administrator accesses the site/feature that caused the error, the subsequent requests from non-administrators would succeed. This behavior is typically associated with lack of permissions to the temporary folder where ASP.Net assemblies are Just In Time compiled.

The freb trace shows a 403.0 for ManagedPipelineHandler

It seems to go through quite a few ASPNet events – but happens during the ASPNetPageRender – it goes to the ASPNetPageRender Enter, then ASPNetHTTPHandler Leave.Only then does it get a 403.0 which is not an official RFC error. The first sub-status for 403 is 403.0.

Application pool in Classic or Integrated mode

Application Pool in Classic Mode – In this case, we can configure a Wildcard mapping for ASPNET_ISAPI.dll at the website level. That would propagate to child virtual directories. That should not need any further modifications at the virtual directory level.

Application Pool in Integrated Mode – In this case, all relevant virtual directories would need individual modifications. They need to be set for specific handler.

Advertisements
Retrive account password powershell

Content databases contain orphaned Apps SharePoint 2013

SharePoint Health Analyzer rule “Content databases contain orphaned Apps.”

Some situation content database may become corrupted. The corrupted database may contain orphaned apps. Orphaned apps are not accessible, which causes unnecessary resource and license consumption and may result in failures in SharePoint upgrade.

Solution:

Remove app for SharePoint instances from a SharePoint 2013 site.

A user must have the Manage Web site permission to remove an app for SharePoint. By default, this permission is only available to users with the Full Control permission level or who are in the site Owners group.

To remove an app from a SharePoint site

  1. Verify that the user account that is performing this procedure is a member of the Site owners group.
  2. On the site, on the Settings menu, click View Site Contents.
    In the Apps section, point to the app that you want to remove, click …, and then 3. click Remove.
  3. Click OK to confirm that you want to remove the app.

To remove an app by using Windows PowerShell

Verify that you have the following memberships:

a. securityadmin fixed server role on the SQL Server instance.
b. db_owner fixed database role on all databases that are to be updated.
c. Administrators group on the server on which you are running the Windows PowerShell cmdlets.
d. Site Owners group on the site collection to which you want to install the app.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 15 Products cmdlets.

On the Start screen, click SharePoint 2013 Management Shell.

type the following commands, and press ENTER after each one:

$instances = Get-SPAppInstance -Web
#Gets all apps installed to the subsite you specify.

$instance = $instances | where {$_.Title -eq ”}
#Sets the $instance variable to the app with the title you supply.

Uninstall-SPAppInstance -Identity $instance
#Uninstalls the app from the subsite.

is the path site collection or subsite that contains the app.
is the title of the app you want to remove.

At the question “Are you sure you want to perform this action?”,
type Y to uninstall the app.

Locate and remove app instances in all locations

An app for SharePoint in the App Catalog is available for users to install.Users can install apps for SharePoint on many sites.

Below two Windows PowerShell scripts can be used to find all locations for a specific app and then uninstall all instances from every location.

First script to locate all instances of a specific app in a SharePoint environment. Then use the second script to uninstall all instances of the app from the SharePoint environment.

To locate specific apps by using Windows PowerShell (save as script and run script)

Verify that you have the following memberships:

a. securityadmin fixed server role on the SQL Server instance.
b. db_owner fixed database role on all databases that are to be updated.
c. Administrators group on the server on which you are running Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets

1. save the below script as “Get-AppInstances.ps1”

This Windows PowerShell script gets all app instances from your SharePoint 2013 farm for a specified App ID on a specified web application. You specify the App ID and the web application URL and the script will remove all of the instances of the App for all webs in that web application.

param(
[Parameter(Mandatory=$true)] [Guid] $productId,
[Parameter(Mandatory=$true)] [String] $webAppUrl
)

function GetAllInstances($productId = $null, $webAppUrl = $null)
{
$outAppName = “”;
$sites = Get-SPSite -WebApplication $webAppUrl
$outWebs = @()
foreach($site in $sites){
if($site.AdministrationSiteType -ne “None”){
continue;
}
$webs = Get-SPWeb -site $site
foreach($web in $webs) {
$appinstances = Get-SPAppInstance -Web $web
foreach($instance in $appinstances) {
if($productId -eq $instance.App.ProductId) {
if ($outAppName -eq “”) {
$outAppName = $instance.Title;
}
$outWebs += $web;
}
}
}
}
return ($outAppName,$outWebs)
}
Write-Host “This script will search all the sites in the webAppUrl for installed instances of the App.”
$confirm = Read-Host “This can take a while. Proceed? (y/n)”
if($confirm -ne “y”){
Exit
}

$global:appName = $null;
$global:webs = $null;

{
$returnvalue = GetAllInstances -productId $productId -webAppUrl $webAppUrl;
$global:appName = $returnvalue[0];
$global:webs = $returnvalue[1];
}
);

$count = $global:webs.Count;
if($count -gt 0){
Write-Host “App Name:” $global:appName;
Write-Host “Product Id: $productId”;
Write-Host “Number of instances: $count”;
Write-Host “”;
Write-Host “Urls:”;

foreach($web in $global:webs) {
Write-Host $web.Url;
}
}
else {
Write-Host “No instances of the App with Product Id $productId found.”;
}
return;

  1. Now Open “SharePoint 2013 Management Shell”
  2. Change to the directory where you saved the file.

  3. At the Windows PowerShell command prompt, type the following command:

./ Get-AppInstances.ps1 -productId -webAppUrl

is the GUID ID of the App
and is the full URL of the web application.

To uninstall specific apps from all locations by using Windows PowerShell (save as script and run script)

1. Verify that you have the following memberships:

a. securityadmin fixed server role on the SQL Server instance.
b. db_owner fixed database role on all databases that are to be updated.
c. Administrators group on the server on which you are running Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets

2. save the below script as “Remove-App.ps1”

This Windows PowerShell script removes all app instances from your SharePoint 2013 farm for a specified App ID on a specified web application. You specify the App ID and the web application URL and the script will remove all of the instances of the App for all webs in that web application.

param(
[Parameter(Mandatory=$true)] [Guid] $productId,
[Parameter(Mandatory=$true)] [String] $webAppUrl
)

function RemoveInstances($productId = $null, $webAppUrl = $null)
{
$outAppName = “”;
$sites = Get-SPSite -WebApplication $webAppUrl
$outWebs = @()
foreach($site in $sites){
if($site.AdministrationSiteType -ne “None”){
continue;
}
$webs = Get-SPWeb -site $site
foreach($web in $webs) {
$appinstances = Get-SPAppInstance -Web $web
foreach($instance in $appinstances) {
if($productId -eq $instance.App.ProductId) {
if ($outAppName -eq “”) {
$outAppName = $instance.Title;
}
$outWebs += $web;
Write-Host “Uninstalling from” $web.Url;
Uninstall-SPAppInstance -Identity $instance -confirm:$false
}
}
}
}
return ($outAppName,$outWebs)
}

$confirm = Read-Host “This will uninstall all instances of the App and is irreversible. Proceed? (y/n)”
if($confirm -ne “y”){
Exit
}

$global:appName = $null;
$global:webs = $null;

{
$returnvalue = RemoveInstances -productId $productId -webAppUrl $webAppUrl;
$global:appName = $returnvalue[0];
$global:webs = $returnvalue[1];
}
);

$count = $global:webs.Count;
if($count -gt 0){
Write-Host “All the instances of the following App have been uninstalled:”;
Write-Host “App Name:” $global:appName;
Write-Host “Product Id: $productId”;
Write-Host “Number of instances: $count”;
Write-Host “”;
Write-Host “Urls:”;

foreach($web in $global:webs) {
Write-Host $web.Url;
}
}
else {
Write-Host “No instances of the App with Product Id $productId found.”;
}
return;

  1. Open SharePoint 2013 Management Shell
  • Change to the directory where you saved the file.

  • At the Windows PowerShell command prompt, type the following command:

  • ./ Remove-App.ps1 -productId -webAppUrl

    is the GUID ID of the App
    is the full URL of the web application.

    If the issue still persists like as below

    If you have an orphaned app in the initialized state on a site and you delete the site, Health Analyzer reports that there’s an error and the auto-fix doesn’t work.”

    Apply CU November 2016 which will 100% resolve the issue

    SharePoint Server 2013 (KB3127933)
    SharePoint Foundation 2013 (KB3127930)

    New APP created once "Project Functionality" feature is activated.

    Activate site Features create APP in Site Contents SharePoint2016

    Today I successfully installed SharePoint Server 2016 on-premises overcoming few errors related to prerequisite as per my previous posts.

    You can see below previous posts :

    1. Windows Server Appfabric: Installation error SharePoint 2016
    2. Cannot connect to database master at SQL Server at server_name. The database might not exist, or the current user does not have permission to connect to it Error SharePoint 2016
    3. Failed to create configuration database. An exception of type Microsoft.SharePoint.Upgrade. SPUpgrade Exception was thrown. Additional exception information: One or more types failed to load. Please refer to the upgrade log for more details Error SharePoint 2016
    4. Program can’t start because api-ms-win-crt-heap-l1-1-0.dll is missing SharePoint2016
    5. Unable to install Microsoft Information Protection and control Client 2.1 error SharePoint 2016

    Here I am very excited to let you know the “SharePoint APP” created in “Site Contents” by activating the “site feature“.

    you may take it very easy but its not as simple as to resolve issues sometimes, that time it will help you a lot.

    a. “Default APP” once site is created, before activating any feature.

    Default APP in Site Contents with no feature activate

    Default APP in Site Contents with no feature activate, once site is created

    b. New APPs  added in Site Contents  after “Publishing Feature” is activated

    New APPs added in Site Contents after

    New APPs added in Site Contents after “Publishing Feature” is activated

    c. New APPs  added in Site Contents  after “Content Organizer” feature is activated.

    New APPs added in Site Contents after

    New APPs added in Site Contents after “Content Organizer” feature is activated.

    d. New APPs  added in Site Contents  after “Community Site” feature is activated.

    Site-Contents-Community-Site-Feature-activate

    Site-Contents-Community-Site-Feature-activate

    e. New APPs  added in Site Contents  after “Site Feed” feature is activated.

    New APPs added in Site Contents after

    New APPs added in Site Contents after “Site Feed” feature is activated.

    f. New APPs  added in Site Contents  after “Project Functionality” feature is activated.

    New APP created once

    New APP created once “Project Functionality” feature is activated.

    amazon     amazonsp2016  amazonsp2016_2

    Configure Multiple App Domain

    Introduction

    One of the feature updates of the March 2013 Public Update for SharePoint 2013 enables you to use multiple app domains in SharePoint 2013 environments with alternate access mapping or host-header web application configurations.

    Microsoft introduced a new concept with SharePoint 2013 and Office 365 to extend the out of the box functionality instead of the normal approach of farm solutions now you can add apps (add ins) through Java script code or using .net and hosting apps outside SharePoint environment without need to go and deploy code into SharePoint which increase the 
    re-usability, enhance the security and assure that SharePoint farm stability and code isolation.

    To have apps working you need to configure App Domain which is a corner stone to have apps working, at some cases you will need to have more than one app domain configured so I am going through this topic in the few lines.

    Why we need multiple App Domains?

    • You could use app domain on alternate access mappings or host-header web application configurations.
    •  Configure an app domain for each web application zone and use alternate access mapping and host-header web application configuration.
    •  If you could not Share same app domain because web applications are not having same application pool identity and authentication schema is not matching.

    Steps to configure multiple app domain

    Follow the below steps to create another app domain for specific web application taking into account that you already have a app domain and this is a new one for your host header web application.

    1-    Configure the first app domain: refer to the links below to configure it if you don’t have existing app domain

    2-    Open SharePoint Shell as administrator and run the following commands

    $contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
    $contentService.SupportMultipleAppDomains = $true
    $contentService.Update()

    3-   Then do IIs reset.

    4-   Created Forward Lookup Zone in DNS for another AppDomain (testdomain.mycompany.com), make sure this is new domain and differes than any     other domain you created before.
    5-  Then run this command

    New-SPWebApplicationAppDomain –AppDomain “testdomain.mycompany.com” –port 81 –WebApplication http://testsite.companydomain.com  [This link is external to TechNet Wiki. It will open in a new window.]

    6-    Then do IIS reset.

    Note: you need to use a port that is not used before.

    Design Notes:

    • You cannot use IIS ports that are already being used when you configure app domains.
    • If the app domain is configured to use secure sockets layer (SSL) you must configure the app domain to use a wildcard certificate and bind the SSL to a different port from the web application SSL port.

    Overall Apps is an important and interesting topic and it is the future for developing and extending functionality of SharePoint and Office 365 and it differs from case to case if you need to have one app domain on your on premise environment or more than one app domain per the design notes and benefits I presented, but I recommend if you can utilize one app domain and share it across all web application but if you have design constraints the you can add multiple web app domain knowing that this will increase the operations effort from configuring and maintaining.

    Prepare SharePoint 2013 farm for App development and debugging step by step

    There are many great articles that talks about how to configure your SharePoint 2013 farm for apps development. At the end of this article I will list a lot of these great references. I’m going to try to summarize the important things you need to know and also cover few FAQs along the way.

    First of all, you need to know that there are two main types of SharePoint apps you can develop on prim in your local SharePoint 2013 farm:

    1. SharePoint hosted apps
    2. SharePoint provider hosted apps

    The third type SharePoint Auto hosted (Azure auto hosted apps) is only available on SharePoint online tenants part of Office 365. Also it’s important to note that if you plan to publish your SharePoint app into the SharePoint store to make some money the above mentioned types (Hosted & provider hosted) are the only allowed ones as long as they don’t request full control permission. For more details about the submission requirements check this link.

    In order to make your SharePoint 2013 farm ready to develop and deploy apps you need the following:

    1. Turn oncreate required services and service applications
    2. Configure DNS records along with SharePoint Web Applications
    3. Configure required service applications
    4. Prepare your toolsenvironment

    I’m going to go through the above steps quickly.

    First: Turn onCreate required services and service applications

    You need to turn on the following services:

    1. App Management Service
    2. Microsoft SharePoint Foundation Subscription Settings service

    serviceappsfordevapps

    Next step is to create the following service applications:

    1. App Management Service Application:

    This service application is responsible of tracking app licenses and app permissions …etc. This service application can be created from Central admin or via PowerShell.

    2. Subscription settings service:

    This service is responsible of generating the apps url, it also maintains tenants subscriptions in a multitenant deployment. This service application cannot be created from Central Admin. You will need to use PowerShell commands to create it. Use the following commands Article>:

    # Gets the name of the managed account and sets it to the variable
    # $account for later use

    $account = Get-SPManagedAccount “”

    # Create an application pool for the Subscription Settings service application.
    # Use a managed account as the security account for the application pool.
    # Store the application pool as a variable for later use.

    $appPoolSubSvc = New-SPServiceApplicationPool
    -Name SettingsServiceAppPool -Account $account

    # Create the Subscription Settings service application, using the
    # variable to associate it with the application pool that was created earlier.
    # Store the new service application as a variable for later use.

    $appSubSvc = New-SPSubscriptionSettingsServiceApplication

    –ApplicationPool $appPoolSubSvc –Name SettingsServiceApp

    –DatabaseName

    # Create a proxy for the Subscription Settings service application.

    $proxySubSvc = New-SPSubscriptionSettingsServiceApplicationProxy
    –ServiceApplication $appSubSvc

    Where:

    • is the name of the managed account in the SharePoint farm.
    • is the name of the Subscription Settings service database.

    At the end of this step I want to mention that you have to start and create these two service applications to enable apps deployment and development in your farm. So this step is mandatory in case you are wondering.

    Second: Configure DNS records along with SharePoint Web Applications

    Since I’m talking about a development environment here, I’m going to assume that your dev box is hosted in your company’s domain or at your local virtual environment. So you will not need to purchase any domain names or anything. This step confuses a lot of developers specially the ones who don’t have a lot of experience in with windows domain and active directory services. To keep it simple I’m going to suggest a specific setup that you can follow.

    There are two things you need to touch in this step:

    1. DNS manager
    2. Central Admin (probably)

    First thing you need to do is to setup the required domain names you are going to use for your apps and SharePoint sites …etc. You will need a separate domain name for your apps (recommend to be totally separate and not a sub-domain of a domain you use to host SharePoint applications that will use the apps – this is for security physical isolation purposes). Let’s dig a little deeper into this:

    I want to have one domain name created for my intranet:

    DNS: Intranet.yourdomain.com

    IP: 192.168.0.113

    I want to have another domain name created for my apps:

    DNS: Apps.com

    IP: 192.168.0.113

    Note: I’m using the same IP-address for both domain names since I only have one SharePoint box in my 2013 farm and one network card (NIC).

    I will use my Intranet site (which is a team site) for developing my apps. So I will use the root site collection under that Sharepoint application to deploy and debug my apps.

    In order to create these domain names you need to login to your domain controller and open DNS manager. First thing you need to do is to create the domain name for Intranet. To do this follow the steps:

    intranetdnspstools

    1. Expand Forward lookup Zones then select your domain SWRanger.com
    2. Then right click on the selected domain node
    3. Select net Host (A or AAAA)… option
    4. Enter the name Intranet
    5. Enter the IP-Address (SharePoint box IP address) 192.168.0.113
    6. Hit Add Host

    Now the next step is to create the apps domain name and have it point to the SharePoint box, follow the steps:

    appsdns

    1. Right click on Forward lookup zones the select New Zone
    2. In the New Zone Wizard click Next.
    3. In the Zone Type page click Next.
    4. In the Active Directory Zone Replication Scope page, select the appropriate replication method then click Next (The Default setting is fine in dev environments with one DC).
    5. In the Zone Name page, in the Zone name box type the name for your new app domain name Apps.com, and then click Next.
    6. The New Zone Wizard shows the new domain name for apps.
    7. On the Completing the New Zone Wizard page, review the settings, and then click Finish.

    Now you need to create a wildcard alias for the new apps domain name so that SharePoint can generate any alias (app instance id) under your domain and still resolve to your SharePoint server. Follow the steps:

    appdnswildcard

    1. Expand Forward Lookup Zones
    2. Select your new Apps domain Apps.com
    3. Right click and select New Alias (CNAME)
    4. Type “*” in the Alias name field
    5. Under Fully qualified domain name (FQDN) for target host: Click Browse
    6. In the Look in field select your domain name that contains your intranet domain name
    7. In the Records section double click on the records until you find your Host (A) record pointing to your intranet site Intranet.yourdomain.com
    8. Select your intranet domain name Intranet.yourdomain.com
    9. Click OK
    10. Click OK

    Now your DNS records are ready. All you need to do is to make sure that you have the appropriate settings on IISSharePoint so that IIS will listen on your apps domain name Apps.com and rout the request to a SharePoint application which will redirect your app accordingly.

    Before we configure IISSharePoint you want to make sure that your DNS configuration for the App domain name is working properly. To test that, ping the new apps domain name with a random sub-domain for instance ping the following: abc1234567.Apps.com if you get a response back with the IP Address of your SharePoint box that means you are golden and ready to go to the next step.

    In this step instead of changing IIS settings by adding more bindings to an existing site (if possible) we will just create a new SharePoint application on port 80 that doesn’t have a host name. This way this SharePoint application will work as a catch all for any DNS name created for the deployed app instances. Here are the important settingsconfiguration for the new SharePoint application you will create:

    Name: Anything – I would call it something that identifies it as a catch all for apps requests

    Port: 80

    Host Header:

    Claims Type: Enable Windows Authentication | Integrated Windows authentication | NTLM (Note SharePoint Apps don’t support ClaimsKerberos combination)

    App Pool: Use the same account as the one used for your SharePoint Applications that will use the apps or an account that has access to these SharePoint application’s content databases

    Database Name: Anything – We will not create any site collections for this SharePoint application nor will need a content db. So make sure you remove this content database after the application is created

    catchallspapp

    This step is complete now.

    Third: Configure required service applications

    Now you are ready to configure your App Management settings for the farm. Follow the steps below:

    configappmanagement

    1. Open Central Admin
    2. Navigate to Apps from the left nav then click on App Management | Configure App URLs
    3. Enter the App DNS you created in the previous step Apps.com in the App domain field
    4. Enter an App prefix, in my case I’m going to enter app
    5. Click OK

    This step is complete. Now your farm is ready to deploy new apps.

    Fourth: Prepare your toolsenvironment

    There are few things you need to know about before your start developing apps for SharePoint. The two main thing I would highlight here are:

    1. Use a Developer Site for deploying and testing your apps or enable the Developer feature

    Visual studio 2012 will complain about a missing feature Developer if you attempt to deploy an application to a SharePoint site that is not created with the “Developer Site” template since it will be missing required lists and content types. So if you for example try to deploy your app (Using Visual Studio F5) to a team site or a publishing portal you will get the following error in Visual studio’s Error List:

    Error occurred in deployment step ‘Install app for SharePoint’: Sideloading of apps is not enabled on this site.

    sildeloadingerror

    In order to overcome this issue you need to enable the Developer feature on your Site collection where you want to deploy and test your apps using Visual Studio. Since this feature is hidden you will not see it in the list of the site collection feature, so you will need to enable it using PowerShell:

    Enable-SPFeature e374875e-06b6-11e0-b0fa-57f5dfd72085 -url http://Intranet.yourdomain.com

    enablesideloading

    1. Don’t use Farm admin (System Account) to deploy and test apps

    SharePoint will not allow you to install nor uninstall apps using the farm account (System Account). If you try to deploy your app using Visual Studio F5 you will get one of the following errors if you do it using System Account:

    1. Error occurred in deployment step ‘Install app for SharePoint’: The System Account cannot perform this action.

    deploysystemaccounterror

    1. Cannot perform this action
    2. Sorry, something went wrong Please refresh the page and try again.

    deploysystemaccounterrorui

    So avoid this issue you need to log in to SharePoint with a different account (not the farm admin) andor running Visual studio with a different account other than the farm admin. Since in SharePoint 2013 we have removed the Sign in a different user menu option, you can get to it through the following URL:

    /_layouts/closeConnection.aspx?loginasanotheruser=true

    So the URL of our site should look like this:

    http://Intranet.SWRanger.com/_layouts/closeConnection.aspx?loginasanotheruser=true

    This will prompt you for credentials that allows you to switch users.

    Here are some other issues you might encounter and how to address them:

    1. When deploying an app through Visual Studio you get the following error:

    In the Error List:

    Error occurred in deployment step ‘Install app for SharePoint’: Failed to install app for SharePoint. Please see the output window for details.

    applockdownerror

    In the output window:

    CorrelationId: 7ec1dfb0-4a04-46f6-8b22-1f4f28f6dd0a

    ErrorDetail: There was a problem applying the web template for the app web.

    ErrorType: App

    ErrorTypeName: App Related

    ExceptionMessage: Feature with Id ‘23330bdb-b83e-4e09-8770-8155aa5e87fd’ is not installed in this farm, and cannot be added to this scope.

    Source: AppWeb

    SourceName: App Web Deployment

    Error occurred in deployment step ‘Install app for SharePoint’: Failed to install app for SharePoint. Please see the output window for details.

    applockdownerror1

    That error suggests that SharePoint is trying to activate a web scoped feature called AppLockdown feature on the app web but it couldn’t find that feature installed in the farm in the first place. All you need to do is to install that feature to the farm using PowerShell:

    Install-SPFeature Applockdown

    installapplockdownps

    That is going to solve your problem.

    1. When you try to deploy your app using a different developer account you used before or using a copy of the app VS project you get the following error:

    Error occurred in deployment step ‘Install app for SharePoint’: The provided App differs from another App with the same version and product ID.

    deployappissue

    In order to overcome that issue, navigate to your target site collection and do the following steps:

    1. Install the app if existed by navigating to Site Contents then hovering on the app and clicking Remove (Remember don’t do this with the System Account or it won’t work)

    uninstallapp

    1. Navigate to Apps in Testing library and remove the app from there as well
  • Navigate to App Packages library and remove the app from there if existed

  • Lastly before I conclude here I would like to mention that you definitely want to plan to use SSL certificates to secure your SharePoint sites and apps traffic since they use clear text for the Auth tokens. It’s however not required, so your apps will work fine without SSL. That might be acceptable in in Dev environments but never acceptable in production. I’m planning to include the steps of configuring self-services SSLs in development environments soon.

    With that you should have all the information you need to start developing SharePoint apps. If you have any questions please leave me a comment.

    https://technet.microsoft.com/en-us/library/fp161236.aspx

    http://sharepointchick.com/archive/2012/07/29/setting-up-your-app-domain-for-sharepoint-2013.aspx

    http://www.nothingbutsharepoint.com/2013/02/13/configure-an-environment-for-apps-for-sharepoint-2013-aspx/