Re: 403 error on some site collections
I had a similar issue and I just added that user to local admin group and it fixed it. There were some style files for telerik control in wwwroot and one user was just not able to access the site because of permissions on that folder. I just added him to local admin as this was UAT box. On Fri, Jun 5, 2009 at 3:56 PM, Paul Noone paul.no...@ceosyd.catholic.edu.au wrote: Hi Ajay, I don’t have a \bin dir in either C:\Inetpub\wwwroot or in my root site but I checked permissions on the bin dir in the 12 hive and all looks good. Should the \bin folder for all sites also be readable by user?? Can anyone tell me what the directory permissions should be and why this only seems to affect some users? Someone mentioned that all users also require read access to the web.config in the site root as well. Is this the case? If so it seems easier to just give them read access to every site by default. I can’t seem to find any of this info in the implementation white paper. :\ My main problem is that I inherited this farm and have no idea how it was setup or what might have been done to it. Regards, Paul Online Developer, ICT CEO Sydney *From:* ozmoss@ozmoss.com [mailto:ozm...@ozmoss.com] *On Behalf Of *Ajay *Sent:* Friday, 5 June 2009 12:56 PM *To:* ozmoss@ozmoss.com *Subject:* Re: 403 error on some site collections This helped me.. http://blogs.msdn.com/johnwpowell/archive/2008/05/23/sharepoint-intermittent-403-forbidden-errors.aspx On Fri, Jun 5, 2009 at 2:08 PM, Paul Noone paul.no...@ceosyd.catholic.edu.au wrote: Hi all, We’ve got an issue with some users getting a 403 error on specific site collections even though they’re using the same domain name. For example, all users can access our intranet homepage – http://intranet.domain.com – but some can’t get to – http://intranet.domain.com/*teams* http://intranet.domain.com/teams or http://intranet.domain.com/*docs* http://intranet.domain.com/docs. Both site collections have the same group permissions and http://*.domain.com is a trusted site. Application pools and identities seem OK. About the only difference I can see is that they all have their own content database. We use AD groups to populate the SharePoint site groups and there is no discernible difference between one user and another in AD. BUT…If I explicitly add an affected user to the Visitors group for */teams * *and then remove them*, they magically have access to all the affected site collections. The only thing I can find online that seems related is an old KB article. As we’re running SP1 I don’t think this is relevant. http://www.msblog.org/2007/11/10/getting-403-forbidden-error-in-sharepoint-services-30-or-sharepoint-server-2007/ Is this a known problem or has anyone else experienced this? Kind regards, Paul Noone Online Developer, ICT CEO Sydney ph: (02) 9568 8461 fax: (02) 9568 8483 email: paul.no...@ceosyd.catholic.edu.au web: http://www.ceosyd.catholic.edu.au/ -- Support procedure: https://www.codify.com/lists/support List address: ozmoss@ozmoss.com Subscribe: ozmoss-subscr...@ozmoss.com Unsubscribe: ozmoss-unsubscr...@ozmoss.com List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists -- Support procedure: https://www.codify.com/lists/support List address: ozmoss@ozmoss.com Subscribe: ozmoss-subscr...@ozmoss.com Unsubscribe: ozmoss-unsubscr...@ozmoss.com List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists -- Support procedure: https://www.codify.com/lists/support List address: ozmoss@ozmoss.com Subscribe: ozmoss-subscr...@ozmoss.com Unsubscribe: ozmoss-unsubscr...@ozmoss.com List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists Support procedure: http://www.codify.com/lists/support List address: ozmoss@ozmoss.com Subscribe: ozmoss-subscr...@ozmoss.com Unsubscribe: ozmoss-unsubscr...@ozmoss.com List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists image002.jpg
Re: 403 error on some site collections
This helped me.. http://blogs.msdn.com/johnwpowell/archive/2008/05/23/sharepoint-intermittent-403-forbidden-errors.aspx On Fri, Jun 5, 2009 at 2:08 PM, Paul Noone paul.no...@ceosyd.catholic.edu.au wrote: Hi all, We’ve got an issue with some users getting a 403 error on specific site collections even though they’re using the same domain name. For example, all users can access our intranet homepage – http://intranet.domain.com – but some can’t get to – http://intranet.domain.com/*teams* http://intranet.domain.com/teams or http://intranet.domain.com/*docs* http://intranet.domain.com/docs. Both site collections have the same group permissions and http://*.domain.com is a trusted site. Application pools and identities seem OK. About the only difference I can see is that they all have their own content database. We use AD groups to populate the SharePoint site groups and there is no discernible difference between one user and another in AD. BUT…If I explicitly add an affected user to the Visitors group for */teams * *and then remove them*, they magically have access to all the affected site collections. The only thing I can find online that seems related is an old KB article. As we’re running SP1 I don’t think this is relevant. http://www.msblog.org/2007/11/10/getting-403-forbidden-error-in-sharepoint-services-30-or-sharepoint-server-2007/ Is this a known problem or has anyone else experienced this? Kind regards, Paul Noone Online Developer, ICT CEO Sydney ph: (02) 9568 8461 fax: (02) 9568 8483 email: paul.no...@ceosyd.catholic.edu.au web: http://www.ceosyd.catholic.edu.au/ -- Support procedure: https://www.codify.com/lists/support List address: ozmoss@ozmoss.com Subscribe: ozmoss-subscr...@ozmoss.com Unsubscribe: ozmoss-unsubscr...@ozmoss.com List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists Support procedure: http://www.codify.com/lists/support List address: ozmoss@ozmoss.com Subscribe: ozmoss-subscr...@ozmoss.com Unsubscribe: ozmoss-unsubscr...@ozmoss.com List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists
Re: 403 error on some site collections
ok this is slightly different so i am not sure if this is related has anyone ever tried to use this little Publishing tool called 'Check for Unpublished Items' from site with form based authentication? I am having a problem to get it to work because it just kept on giving me javascript error. The site requires SSL and the address is https://testsite.com (our internal site name) After tracing the code and web service calls, it looks like it's trying to connect to https://testsite.com/_vti_bin/PublishingService.asmx however the response i am getting is always 403 forbidden hence nothing is returned in the response and javascript crashed. However when i try it on site with integrated windows authentication that tool will work with no problem. Does anyone know what's causing it? Regards Christian Ajay akhanna...@gmail .com To Sent by: ozmoss@ozmoss.com ozmoss@ozmoss.com cc Subject 06/05/2009 10:55 Re: 403 error on some site AMcollections Please respond to ozmoss@ozmoss.com This helped me.. http://blogs.msdn.com/johnwpowell/archive/2008/05/23/sharepoint-intermittent-403-forbidden-errors.aspx On Fri, Jun 5, 2009 at 2:08 PM, Paul Noone paul.no...@ceosyd.catholic.edu.au wrote: Hi all, We’ve got an issue with some users getting a 403 error on specific site collections even though they’re using the same domain name. For example, all users can access our intranet homepage – http://intranet.domain.com – but some can’t get to – http://intranet.domain.com/teams or http://intranet.domain.com/docs. Both site collections have the same group permissions and http://*.domain.com is a trusted site. Application pools and identities seem OK. About the only difference I can see is that they all have their own content database. We use AD groups to populate the SharePoint site groups and there is no discernible difference between one user and another in AD. BUT…If I explicitly add an affected user to the Visitors group for /teams and then remove them, they magically have access to all the affected site collections. The only thing I can find online that seems related is an old KB article. As we’re running SP1 I don’t think this is relevant. http://www.msblog.org/2007/11/10/getting-403-forbidden-error-in-sharepoint-services-30-or-sharepoint-server-2007/ Is this a known problem or has anyone else experienced this? Kind regards, Paul Noone Online Developer, ICT CEO Sydney ph: (02) 9568 8461 fax: (02) 9568 8483 email: paul.no...@ceosyd.catholic.edu.au web: http://www.ceosyd.catholic.edu.au/ Support procedure: https://www.codify.com/lists/support List address: ozmoss@ozmoss.com Subscribe: ozmoss-subscr...@ozmoss.com Unsubscribe: ozmoss-unsubscr...@ozmoss.com List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists Support procedure: https://www.codify.com/lists/support List address: ozmoss@ozmoss.com Subscribe: ozmoss-subscr...@ozmoss.com Unsubscribe: ozmoss-unsubscr...@ozmoss.com List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists = Disclaimer: This message is intended only for the use of the person to whom it is expressly addressed and may contain information
RE: 403 error on some site collections
What's got me totally flummoxed is why adding affected users as individuals to the Visitors group resolves the access issues. It's almost as though SharePoint isn't able to get the membership from the AD groups. Regards, Paul Online Developer, ICT CEO Sydney From: ozmoss@ozmoss.com [mailto:ozm...@ozmoss.com] On Behalf Of Paul Noone Sent: Friday, 5 June 2009 1:56 PM To: ozmoss@ozmoss.com Subject: RE: 403 error on some site collections Hi Ajay, I don't have a \bin dir in either C:\Inetpub\wwwroot or in my root site but I checked permissions on the bin dir in the 12 hive and all looks good. [cid:image001.jpg@01C9E5ED.DF2A9710] Should the \bin folder for all sites also be readable by user?? Can anyone tell me what the directory permissions should be and why this only seems to affect some users? Someone mentioned that all users also require read access to the web.config in the site root as well. Is this the case? If so it seems easier to just give them read access to every site by default. I can't seem to find any of this info in the implementation white paper. :\ My main problem is that I inherited this farm and have no idea how it was setup or what might have been done to it. Regards, Paul Online Developer, ICT CEO Sydney From: ozmoss@ozmoss.com [mailto:ozm...@ozmoss.com] On Behalf Of Ajay Sent: Friday, 5 June 2009 12:56 PM To: ozmoss@ozmoss.com Subject: Re: 403 error on some site collections This helped me.. http://blogs.msdn.com/johnwpowell/archive/2008/05/23/sharepoint-intermittent-403-forbidden-errors.aspx On Fri, Jun 5, 2009 at 2:08 PM, Paul Noone paul.no...@ceosyd.catholic.edu.aumailto:paul.no...@ceosyd.catholic.edu.au wrote: Hi all, We've got an issue with some users getting a 403 error on specific site collections even though they're using the same domain name. For example, all users can access our intranet homepage - http://intranet.domain.com - but some can't get to - http://intranet.domain.com/teams or http://intranet.domain.com/docs. Both site collections have the same group permissions and http://*.domain.com is a trusted site. Application pools and identities seem OK. About the only difference I can see is that they all have their own content database. We use AD groups to populate the SharePoint site groups and there is no discernible difference between one user and another in AD. BUT...If I explicitly add an affected user to the Visitors group for /teams and then remove them, they magically have access to all the affected site collections. The only thing I can find online that seems related is an old KB article. As we're running SP1 I don't think this is relevant. http://www.msblog.org/2007/11/10/getting-403-forbidden-error-in-sharepoint-services-30-or-sharepoint-server-2007/ Is this a known problem or has anyone else experienced this? Kind regards, Paul Noone Online Developer, ICT CEO Sydney ph: (02) 9568 8461 fax: (02) 9568 8483 email: paul.no...@ceosyd.catholic.edu.aumailto:paul.no...@ceosyd.catholic.edu.au web: http://www.ceosyd.catholic.edu.au/ Support procedure: https://www.codify.com/lists/support List address: ozmoss@ozmoss.commailto:ozmoss@ozmoss.com Subscribe: ozmoss-subscr...@ozmoss.commailto:ozmoss-subscr...@ozmoss.com Unsubscribe: ozmoss-unsubscr...@ozmoss.commailto:ozmoss-unsubscr...@ozmoss.com List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists Support procedure: https://www.codify.com/lists/support List address: ozmoss@ozmoss.com Subscribe: ozmoss-subscr...@ozmoss.com Unsubscribe: ozmoss-unsubscr...@ozmoss.com List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists Support procedure: https://www.codify.com/lists/support List address: ozmoss@ozmoss.com Subscribe: ozmoss-subscr...@ozmoss.com Unsubscribe: ozmoss-unsubscr...@ozmoss.com List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists Support procedure: http://www.codify.com/lists/support List address: ozmoss@ozmoss.com Subscribe: ozmoss-subscr...@ozmoss.com Unsubscribe: ozmoss-unsubscr...@ozmoss.com List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists inline: image001.jpg