Category Archives: SharePoint 2013

HTTP 403 Forbidden error when try browse to a SharePoint web app

Posted on by
1

Received the following error when browse to a SharePoint web app

The website declined to show this webpage
HTTP 403
Most likely causes:
This website requires you to log in.

http-403

if we create a copy of the web.config file, rename the web.config file, refresh the home page, we receive an “HTTP 404 – Page Not Found” error.

Rename the web.config file back and refresh the page. The site is browse able for a while before failing after some time, We see the following error in Failed Request Tracing

filed-request-tracing

A procmon trace captured while accessing the web app from the server showed the following:

w3wp.exe 4180 CreateFile

C:\inetpub\wwwroot\wss\VirtualDirectories\Web80.Contoso.com80\bin ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize
Disposition: Open
Options: Directory, Synchronous IO Non-Alert
Attributes: n/a
ShareMode: Read, Write, Delete
AllocationSize: n/a
Impersonating: NT AUTHORITY\IUSR

tcs-view

This issue usually occurs when a request from an authenticated user without local admin rights results in a failed read of the /BIN directory by the impersonating w3wp.exe (IIS worker process for ASP.NET) process.

This behavior is typically associated with lack of permissions to the temporary folder /BIN where ASP.Net assemblies are Just In Time (JIT) compiled.

Resolution

The solution is to ensure that the Authenticated Users or \Users group (which usually contains DOMAIN\Users group) has Read & Execute, List Folder Contents and Read permissions on the /BIN folder below

C:\inetpub\wwwroot\wss\VirtualDirectories{Sitename80}.

Follow the steps below to grant the required permissions:

a. Open Windows Explorer and navigate to the /bin directory of your web application
b. Right-click on the folder and click on Properties
c. Go to Security tab and click on Edit
d. Click on Add and add the local server group Authenticated Users or \Users (this usually contains DOMAIN\Users group).
e. Select the Read & Execute, List Folder Contents and Read permissions (if you are planning to add Everyone to the /bin folder, grant Read permissions only)
f. Click OK to apply the new settings
g. Refresh the page and we should be able to browse to the site.

More Information

If an administrator accesses the site/feature that caused the error, the subsequent requests from non-administrators would succeed. This behavior is typically associated with lack of permissions to the temporary folder where ASP.Net assemblies are Just In Time compiled.

The freb trace shows a 403.0 for ManagedPipelineHandler

It seems to go through quite a few ASPNet events – but happens during the ASPNetPageRender – it goes to the ASPNetPageRender Enter, then ASPNetHTTPHandler Leave.Only then does it get a 403.0 which is not an official RFC error. The first sub-status for 403 is 403.0.

Application pool in Classic or Integrated mode

Application Pool in Classic Mode – In this case, we can configure a Wildcard mapping for ASPNET_ISAPI.dll at the website level. That would propagate to child virtual directories. That should not need any further modifications at the virtual directory level.

Application Pool in Integrated Mode – In this case, all relevant virtual directories would need individual modifications. They need to be set for specific handler.

 

search diagnostics and reports sharepoint

Posted on by
Reply

We can access and analyze several query and crawl health reports, logs and usage reports from the Search service application in the SharePoint Central Administration to monitor the health of the search system.

The health reports and logs only contain information after a full crawl has completed. To run a full crawl, we have to set up a Search service application, add at least one content source, and then start a full crawl.

To view the health reports and the crawl log, one have to be an administrator of the Search service application. Alternatively, an administrator who is a member of the Farm Administrators group can grant user accounts Read permissions on the Search service application. A user account that has Read permissions can only view the Search service application status page, the health reports and the crawl log.

Query health reports:

  1. Trend
  2. Overall
  3. Main Flow
  4. Federation
  5. SharePoint Search Provider
  6. People Search Provider
  7. Index Engine

To view query health reports:

  1. Verify that the user account that is performing this procedure is an administrator of or has Read permissions to the Search service application.
  2. In Central Administration, under Application Management, click Manage service applications.
  3. On the Service Applications page, click the Search service application.
  4. On the Search Administration page, in the Quick Launch, in the Diagnostics section, click Query Health Reports.
  5. On the Search Service Application: Query Latency Trend page, click the query report that you want to view.

The following table shows which reports are available.

query-health-report

Crawl health reports:

SharePoint 2013 provides the following reports about crawl health:

  1. Crawl Rate
  2. Crawl Latency
  3. Crawl Queue
  4. Crawl Freshness
  5. Content Processing Activity
  6. CPU and Memory Load
  7. Continuous Crawl

To view crawl health reports

  1. Verify that the user account that is performing this procedure is an administrator of or has Read permissions to the Search service application.
  2. In Central Administration, under Application Management, click Manage service applications.
  3. On the Service Applications page, click the Search service application.
  4. On the Search Administration page, in the Quick Launch, in the Diagnostics section, click Crawl Health Reports.
  5. On the Search Service Application: Crawl Reports page, click the crawl health report that you want to view.

The following table shows which reports are available.

crawl-health-report

Crawl log:

The crawl log tracks information about the status of crawled content. This log lets you determine whether crawled content was successfully added to the index, whether it was excluded because of a crawl rule, or whether indexing failed because of an error. The crawl log also contains information such as the time of the last successful crawl and whether any crawl rules were applied. You can use the crawl log to diagnose problems with the search experience.

To view the crawl log

  1. Verify that the user account that is performing this procedure is an administrator of the Search service application, or has Read permissions to it.
  2. In Central Administration, under Application Management, click Manage service applications.
  3. On the Service Applications page, click the Search service application.
  4. On the Search Administration page, in the Quick Launch, in the Diagnostics section, click Crawl Log.
  5. On the Crawl Log – Content Source page, click the view that you want.

crawl-log-views

Additional columns in the Content Source, Host Name and Crawl History views:

content-source-host-name-crawl-history-view

Usage reports (search report):

To view usage reports

  1. Verify that the user account that is performing this procedure is an administrator of or has Read permissions to the Search service application.
  2. In Central Administration, under Application Management, click Manage service applications.
  3. On the Service Applications page, click the Search service application.
  4. On the Search Administration page, in the Quick Launch, in the Diagnostics section, click Usage Reports.
  5. On the View Usage Reports page, click the usage or search reports view that you want view.

usage-report-search-report

 

Set Maximum Number of Site Collections in SharePoint Content Database using PowerShell

Posted on by
Reply

For Particular Requirement, client want to dedicate a database for a single site collection. When we create a site collection from central admin, site is placed automatically in any available content database. To prevent any other sites to be created on the particular content database, We can set the maximum number of sites limit.

To set maximum number of site collections on a particular content database, navigate to:

  • Central Administration >> Application Management >> Management Content databases
  • Select our target web application in which the particular content database is attached
  • Pick the target database from the list
  • Now, in the “Manage Content Database Settings” page we can set the maximum number of sites for the content database.

set-max-number-of-site-collections-in-a-content-database

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Variables for processing
$WebAppURL =”https://sharepointtechnicalsupport.com”
$MaxSiteCount=1
$WarningSiteCount = 0

#Get all content databases of the web application
$ContentDBColl = Get-SPContentDatabase -webapplication $WebAppURL

#Iterate through each database in the web application
foreach($Database in $ContentDBColl)
{
#Check the current No. of sites
if($MaxSiteCount -ge $Database.CurrentSiteCount)
{
#Set Maximum Sites, warning level Counts
Set-SPContentDatabase -Identity $Database.Name -MaxSiteCount $MaxSiteCount -WarningSiteCount $WarningSiteCount
Write-host “Max Sites Settings updated for the database:” $Database.name -ForegroundColor Green
}
else
{
write-host “MaxSiteCount must be > = current site count! No changes made in $($Database.Name)” -ForegroundColor Red
}
}