Strange Sharepoint 403 error
https://stackoverflow.com/questions/1781057
-
21-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I've installed a Sharepoint site for my team. Everything work fine. But suddenly, I've found that I can not edit the quicklaunch menu: every time I click on Add Item or edit an Item, I get a 403 error.
I've logged with administrator account. I've tried using different browsers such as chrome, firefox, but no hope. The same errors occur when I access Advanced permissions under User and Permission.
Clicking to edit permissions for any group in the list will also cause a 403 error. I think that I may have done some wrong setting with permissions, but I can not figure out what I have done, as I'm pretty new with Sharepoint.
Can you guys tell me how to troubleshoot this problem?
Regards,
Solution
You can configure diagnostic logging settings to show why SharePoint gave you a 403 error in the SharePoint Trace Log file.
In central Admin: On the top navigation bar, click Operations.
- On the Event Throttling section, in the Select a category menu, select General
- In the Least critical event to report to the event log menu, select Warning
- In the Least critical event to report to the trace log menu, select Verbose
- Click OK
Go to the Path specified for the Trace Log and reproduce the error. Then open up the last modified sharepoint log file and search for "Denied" (searching up from the bottom of the file). You should see the cause of the 403 error in the log file.
OTHER TIPS
Log in with the site collection administrator account. You most likely removed your own administrative rights from the site (I still don't know why SP will let you do this).
Once you are in, give your normal network account back its administrative permissions.
The site collection administrator account has godlike permissions within its site collection and can override all configured permissions on all securable objects in its domain.
Check your ntfs permissions on c:\program files\common files\microsoft shared\web server extentions\12\template\layouts\user.aspx
USE THESE CAREFULLY
You probably have a incorrect setup in the service accounts making your server block some internal requests. Try to disabled the Loopback Check:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
Create a DWORD named 'DisableLoopbackCheck' with a '1' value.
Also make sure your Application Pool (IIS Manager) is running under an actual never-expires user account not the System Account.
Please do not turn off the LoopbackCheck. Turning it off will fix the issue but it also opens you up to a reflection attack which even script kiddies have the ability to do. Instead please use the BackConnection Host file instead.
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 Add a Multistring value named BackConnectionHostName In this type in the name of your host names. Example: StackOverflow.com Type each of the names you use to call SharePoint one on each line.
What we are doing here is letting the server know to respond to itself if called by something other than its host name.
