HTTP 403 Forbidden error when try browse to a SharePoint web app

Received the following error when browse to a SharePoint web app

The website declined to show this webpage
HTTP 403
Most likely causes:
This website requires you to log in.

http-403

if we create a copy of the web.config file, rename the web.config file, refresh the home page, we receive an “HTTP 404 – Page Not Found” error.

Rename the web.config file back and refresh the page. The site is browse able for a while before failing after some time, We see the following error in Failed Request Tracing

filed-request-tracing

A procmon trace captured while accessing the web app from the server showed the following:

w3wp.exe 4180 CreateFile

C:\inetpub\wwwroot\wss\VirtualDirectories\Web80.Contoso.com80\bin ACCESS DENIED Desired Access: Read Data/List Directory, Synchronize
Disposition: Open
Options: Directory, Synchronous IO Non-Alert
Attributes: n/a
ShareMode: Read, Write, Delete
AllocationSize: n/a
Impersonating: NT AUTHORITY\IUSR

tcs-view

This issue usually occurs when a request from an authenticated user without local admin rights results in a failed read of the /BIN directory by the impersonating w3wp.exe (IIS worker process for ASP.NET) process.

This behavior is typically associated with lack of permissions to the temporary folder /BIN where ASP.Net assemblies are Just In Time (JIT) compiled.

Resolution

The solution is to ensure that the Authenticated Users or \Users group (which usually contains DOMAIN\Users group) has Read & Execute, List Folder Contents and Read permissions on the /BIN folder below

C:\inetpub\wwwroot\wss\VirtualDirectories{Sitename80}.

Follow the steps below to grant the required permissions:

a. Open Windows Explorer and navigate to the /bin directory of your web application
b. Right-click on the folder and click on Properties
c. Go to Security tab and click on Edit
d. Click on Add and add the local server group Authenticated Users or \Users (this usually contains DOMAIN\Users group).
e. Select the Read & Execute, List Folder Contents and Read permissions (if you are planning to add Everyone to the /bin folder, grant Read permissions only)
f. Click OK to apply the new settings
g. Refresh the page and we should be able to browse to the site.

More Information

If an administrator accesses the site/feature that caused the error, the subsequent requests from non-administrators would succeed. This behavior is typically associated with lack of permissions to the temporary folder where ASP.Net assemblies are Just In Time compiled.

The freb trace shows a 403.0 for ManagedPipelineHandler

It seems to go through quite a few ASPNet events – but happens during the ASPNetPageRender – it goes to the ASPNetPageRender Enter, then ASPNetHTTPHandler Leave.Only then does it get a 403.0 which is not an official RFC error. The first sub-status for 403 is 403.0.

Application pool in Classic or Integrated mode

Application Pool in Classic Mode – In this case, we can configure a Wildcard mapping for ASPNET_ISAPI.dll at the website level. That would propagate to child virtual directories. That should not need any further modifications at the virtual directory level.

Application Pool in Integrated Mode – In this case, all relevant virtual directories would need individual modifications. They need to be set for specific handler.

Advertisements

Sharepoint 2013 – 404 Not Found while accessing site collection from outside

Error :

I have a Sharepoint 2013 running on a Windows Server 2012. Following issue appeared:

I made a new Site-Collection as wiki. Everything (links,…) works fine on the server but when I want to access the wiki from outside (not localhost) the server runs in a 404 Not found error.

http://localhost/sites/wiki/Pages/Home.aspx - works fine(localhost)

http://10.38.0.15/sites/wiki/Pages/Home.aspx - doesn't work.

I checked the IIS settings, all servers are up and running. The log file has no errors in it.

Resolution :

The most common cause for this is that you don’t have the IIS host header configured correctly. The 404 will appear because you are hitting a different IIS web site and not the one you intended to.

If you go into IIS Manager and click on “Sites” in the right hand pane there will be a column called bindings and a column called ID.

IIS will check in the order of ID for the first site that matches. Make sure the default site is stopped. If you see bindings that look like the following:

ID 1: Bindings: *:80

ID 2: Bindings: http://www.yoursite.com:80

http://www.othersite.com will match ID 1. Any other site that doesn’t specify a port or https: will be directed to ID 2.

You need to ensure that the site you are trying to access matches your bindings. The “www.yoursite.com” is added to the site via “New Web Application” in SharePoint.

There is a field called Host: in Central Administration. This should match what you are typing from inside and outside the server.

If you need the site to respond to multiple names, you need to extend the web application.

Assuming you used the default of claims authentication, here are the instructions for that:

I am not sure if this is still required in Server 2012, but disabling the loopback check might also help, although this usually results in a 401, and repeated attempts to log in. Here are the instructions for that.

CA MSG:rsCustomAction.exe failed to configure Error code 1 sharepoint SSRS Addin fails

While configuring SharePoint Server Reporting Services (SSRS) at my client, I had a really strange problem on one of the farms… I couldn’t get the SSRS Addin to install. I tried rebooting, repairing but nothing. After digging out in the logs, I found this funny error message:

CA MSG : rsCustomAction.exe failed to configure, Error code is: 1

CustomAction RSSP_CAInstall_64 returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

ca msg-:rscustomaction exe failed to configure error code 1

ca msg-:rscustomaction exe failed to configure error code 1 Also, for the information I was running SQL 2012 SP1 + Windows Server 2012 R2. You might also see something like this in the logs:


Also, for the information I was running SQL 2012 SP1 + Windows Server 2012 R2. You might also see something like this in the logs:
CA MSG:rsCustomAction.exe failed to configure Error code 1

CA MSG:rsCustomAction.exe failed to configure Error code 1

Long Story Short, after a lot of googling and asking for help from SQL & SharePoint masters, I found out that the bug is because I had a line commented in the web.config file of a web application. As strange as this may sound, after deleting the commented line, the install went through perfectly. I couldn’t find any official documentation on this, so if this worked for you please share it in the comments!

Drop a comment if this helped!

something went wrong error

500 Internal Server Error sharepoint2013 SSRS

While trying to install SharePoint Server Reporting Services got into error “SSRS Errors, Gotta catch ‘em all!“. The error is basically getting a “The remote server returned an error: (500) Internal Server Error” whenever you click on either “System Settings” or “Manage Jobs

manage reporting services setting

manage reporting services setting

The error:

something went wrong error

something went wrong error

This doesn’t tell us much, however when we go into Event Viewer we find two event IDs that are related to this and they both have similar messages.

event viewer error message

event viewer error message

Event ID 6398

event viewer error message2

event viewer error message2

The thing we find in common in both those errors is “Could not find permission set named ‘ASP.Net’”. Here are the steps. What you probably already done to get to the error:

  • Install Reporting Servers + Addin
  • Run the PowerShell commands (Install-SPRSService & Install-SPRSServiceProxy & get-spserviceinstance -all |where {$_.TypeName -like “SQL Server Reporting*”} | Start-SPServiceInstance)
  • Create the SSRS Service Application.

What I did to fix it:

  • Delete the SSRS Service Application as well as Databases.
  • Run the following PowerShell command: “get-spserviceinstance -all |where {$_.TypeName -like “SQL Server Reporting*”} | Stop-SPServiceInstance
  • Run the following PowerShell command: “Install-SPRSService –Uninstall
  • Run the following PowerShell command: “Install-SPRSServiceProxy –Uninstall
  • Go to Control Panel, Select SQL Server and then click REPAIR. Do a full repair of the SSRS + Addin feature (you shouldn’t have anything else installed on the server anyway, so just select all)
  • Run the PowerShell commands (Install-SPRSService & Install-SPRSServiceProxy & get-spserviceinstance -all |where {$_.TypeName -like “SQL Server Reporting*”} | Start-SPServiceInstance)
  • Create the SSRS Service Application.

Now everything should work! Drop a comment if this helped!