03 October 2011

How do I – Solve the Access Denied error in SharePoint 2010 under Claims or Classic auth when accessing portal root while content access works fine

Sometimes in a SharePoint 2010 environment, you could encounter a problem where accessing a portal URL directly, e.g. http://portal.company.com. When attempting to access the URL, you could get presented with a simple “Access Denied” error such as this:

In addition, if you’re trying to access a NLB load balanced IP from your App server, you could be challenged for logon three time before getting Access Denied. The problem in this case is that the web application is thinking it has anonymous access enabled, but it actually does not. When a request for the root portal comes into the web app, the app does not challenge the requestor for credentials and when passed onto IIS without credentials and Anonymous Access not turned on, the result is an Access Denied error.
In order to resolve this, we will enable Anonymous Access on the web app and then turn it back off again.
Start by navigating to Central Administration.
Click “Application Management” in the left menu.
Under the Web Applications section, click “Manage web applications”.

A list of all your web apps is displayed.
Select the web app in question.
In the ribbon, click “Authentication Providers”

A popup window with your authentication providers opens. In our case, we see Claims.
Click the link under Zone, in our case “Default”.

Scroll down to the Anonymous Access section.
Check the “Enable anonymous access” check box.
Scroll down and click “OK”.

Now attempt to access your portal e.g. http://portal.company.com, and ensure that you’re able to resolve correctly. Once confirmed, simply follow the above steps again and uncheck the anonymous access check box this time. Once again check your access and all should be good.
Hope that saves someone some time.


No comments:

Post a Comment

Comments are moderated only for the purpose of keeping pesky spammers at bay.

SharePoint Remote Event Receivers are DEAD!!!

 Well, the time has finally come.  It was evident when Microsoft started pushing everyone to WebHooks, but this FAQ and related announcement...