HTTP 403 Forbidden error when try browse to a SharePoint web app

Received the following error when browse to a SharePoint web app

The website declined to show this webpage
HTTP 403
Most likely causes:
This website requires you to log in.

http-403

if we create a copy of the web.config file, rename the web.config file, refresh the home page, we receive an “HTTP 404 – Page Not Found” error.

Rename the web.config file back and refresh the page. The site is browse able for a while before failing after some time, We see the following error in Failed Request Tracing

filed-request-tracing

A procmon trace captured while accessing the web app from the server showed the following:

w3wp.exe 4180 CreateFile

C:\inetpub\wwwroot\wss\VirtualDirectories\Web80.Contoso.com80\bin ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize
Disposition: Open
Options: Directory, Synchronous IO Non-Alert
Attributes: n/a
ShareMode: Read, Write, Delete
AllocationSize: n/a
Impersonating: NT AUTHORITY\IUSR

tcs-view

This issue usually occurs when a request from an authenticated user without local admin rights results in a failed read of the /BIN directory by the impersonating w3wp.exe (IIS worker process for ASP.NET) process.

This behavior is typically associated with lack of permissions to the temporary folder /BIN where ASP.Net assemblies are Just In Time (JIT) compiled.

Resolution

The solution is to ensure that the Authenticated Users or \Users group (which usually contains DOMAIN\Users group) has Read & Execute, List Folder Contents and Read permissions on the /BIN folder below

C:\inetpub\wwwroot\wss\VirtualDirectories{Sitename80}.

Follow the steps below to grant the required permissions:

a. Open Windows Explorer and navigate to the /bin directory of your web application
b. Right-click on the folder and click on Properties
c. Go to Security tab and click on Edit
d. Click on Add and add the local server group Authenticated Users or \Users (this usually contains DOMAIN\Users group).
e. Select the Read & Execute, List Folder Contents and Read permissions (if you are planning to add Everyone to the /bin folder, grant Read permissions only)
f. Click OK to apply the new settings
g. Refresh the page and we should be able to browse to the site.

More Information

If an administrator accesses the site/feature that caused the error, the subsequent requests from non-administrators would succeed. This behavior is typically associated with lack of permissions to the temporary folder where ASP.Net assemblies are Just In Time compiled.

The freb trace shows a 403.0 for ManagedPipelineHandler

It seems to go through quite a few ASPNet events – but happens during the ASPNetPageRender – it goes to the ASPNetPageRender Enter, then ASPNetHTTPHandler Leave.Only then does it get a 403.0 which is not an official RFC error. The first sub-status for 403 is 403.0.

Application pool in Classic or Integrated mode

Application Pool in Classic Mode – In this case, we can configure a Wildcard mapping for ASPNET_ISAPI.dll at the website level. That would propagate to child virtual directories. That should not need any further modifications at the virtual directory level.

Application Pool in Integrated Mode – In this case, all relevant virtual directories would need individual modifications. They need to be set for specific handler.

Advertisements
Retrive account password powershell

Partial Index Reset of a single content source

Partial Index Reset of a single content source

This script will remove and re-add your content source’s start addresses.

SharePoint will more or less rebuild the index for these sources, when the next full crawl is started.

$sourceName = “Local SharePoint sites”

$SSA = Get-SPEnterpriseSearchServiceApplication

$source = Get-SPEnterpriseSearchCrawlContentSource -Identity $sourceName -SearchApplication $SSA

$startaddresses = $source.StartAddresses | ForEach-Object { $_.OriginalString }

$source.StartAddresses.Clear()

ForEach ($address in $startaddresses ){ $source.StartAddresses.Add($address) }

Retrive account password powershell

IIS Reset on all SP Servers using PowerShell

This script will list all SP Servers and restarts IIS on all of them.

add-PSSnapin microsoft.sharepoint.powershell
$spserver = get-spserver | ?{$_.role -eq “Application”}
foreach ($server in $spserver)
{
write-host “Performing IIS Reset on Server:”$server.name
iisreset $server.Name
}

Site not appear in IIS Manager,error opening in SharePoint Designer

I have created a site collection and then create two team sites on sharepoint server. Sites are working fine from central Admin but they are not appearing in IIS manager. Also when I try to edit a sharepoint site on SharePoint designer 2010 follwing error comes.

Unable to open website following causes:

1) the web server may not have sharepoint installed

2)The web server may be temporarily out of service

3)if you are connecting through a proxy server the proxy settings may be incorrect

4) An error may be occurred in the web server

The IIS manager only showing the follwing sites SharePoint 80 and SharePoint central admin

When I try to create a site on SharePoint designer following error comes:

The web site must be created on a server that is running Microsoft SharePoint foundation server please choose another location.

I have installed SharePoint server 2010, SharePoint foundation server 2010 and SharePoint designer on my pc.

Solution :

  • In IIS Manager, you’re only going to see the Web apps, the site collections and sites are wont show up (if you have another web app that isn’t showing up, that’s a bigger issue. I’d delete it and try to recreate it).

  • The SharePoint Designer issue, I’ve had before. For me, the issue was a firewall setting. But basically if you can get to the pages with the browser, make sure you have correct permissions set for your login, etc.

Deployment error web.config is invalid IIS Web Site

Error :

Deployment error “The web.config is invalid on this IIS Web Site”

I’ve developed a web part that deploys and works properly in my DEV environment. When I attempt to deploy to PROD I get the following error:

SOMESERVER : https://sharepointtechnicalsupport.com/ : SharePoint – 41981 :
Error: The web.config is invalid on this IIS Web Site:

C:\Inetpub\wwwroot\wss\VirtualDirectories\41981\web.config.

SOMESERVER : https://sharepointtechnicalsupport.com/ : SharePoint – 41981 : Error: The web.config is invalid on this IIS Web Site:

C:\Inetpub\wwwroot\wss\VirtualDirectories\41981\web.config.

SOMESERVER1 : https://sharepointtechnicalsupport.com/ : SharePoint – 23994 : Error: The web.config is invalid on this IIS Web Site:

C:\Inetpub\wwwroot\wss\VirtualDirectories\23994\web.config.

None of these virtual directories exist.

Solution :

In Central Administration-> Operation-> Services on Server, please stop the Windows SharePoint Services Web Application service, SharePoint will remove the sites in IIS. And then start the Windows SharePoint Services Web Application service again, SharePoint will recreate the sites in IIS based on information stored in configuration database.

A SharePoint web application can have several zones, each zone will have a separate site in IIS. You will not see all the zones in Central Administration->Application Management->Web Application List. You can find the information in Central Administration->Operation->Alternate Access Mapping.

SharePoint sites not opening locally IIS Error

I am having this strange problem . All of a sudden all of the new sites created in the SharePoint are not opening locally. And even iis is failing to pick up the ip binding with a site. All my existing sites when browsed from IIS manager are giving certificate error and ultimately showing connection problem error. Only thing that was done was the patching this week. I have no idea why all this is happening. Has any one faced similar problems before.

Solution :

  • try stopping the Foundation Web service on the affected farm member and re-starting it.

  • If you were adding SSL certs to the IIS sites, it may be a case of attempting to use the same IP with different SSL certificates across IIS web sites.  IIS 7.5 and below do not support SNI, so you have to have a unique IP:SSL Cert combination, or get a Wildcard or SAN certificate instead.