SharePoint 2010 Permissions Corruption After Server Updates

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/180435

Question

Last night our IT team pushed a bunch of patches that seemed harmless, but this morning we're having severe permissions issues. They didn't do a backup before pushing the patches, so I'm stuck putting out all the fires.

Here are the two SharePoint Patches that were installed.

Security Update for Microsoft SharePoint Server 2010 (KB3115117) farm-deployment

Security Update for Microsoft SharePoint Server 2010 (KB3114871) farm-deployment

Examples of what I'm seeing (problems that did not exist prior to the server updates)

  • List items that can't be opened (Access Denied errors)
  • Top navigation menu missing links (tried to add them back and it won't save)

What I've tried so far.

IISReset Rebooting the Server

I'm seeing a lot of this in ULS.

I see the following when opening an item in a Library that i have access.

05/19/2016 17:59:18.67  w3wp.exe (0x1838)   0x192C  SharePoint Foundation   Logging Correlation Data    xmnv    Medium  Name=Request (GET:https://mysite:443/Lists/Enhancements/DispForm.aspx?ID=91&Source=https%3A%2F%2Fmysite%2Ecom%2FLists%2FEnhancements%2FAllItems%2Easpx&ContentTypeId=0x01030012B7F87673D9D145BA75E229EA158A2C&IsDlg=1)  072165e9-6016-403c-9032-9f96c4628e93
05/19/2016 17:59:18.68  w3wp.exe (0x1838)   0x192C  SharePoint Foundation   Logging Correlation Data    xmnv    Medium  Site=/  072165e9-6016-403c-9032-9f96c4628e93
05/19/2016 17:59:18.68  w3wp.exe (0x1838)   0x192C  SharePoint Foundation   Monitoring  b4ly    High    Leaving Monitored Scope (PostResolveRequestCacheHandler). Execution Time=8.7436 072165e9-6016-403c-9032-9f96c4628e93
05/19/2016 17:59:18.70  w3wp.exe (0x1838)   0x192C  Web Content Management  Publishing  7fz3    Medium  Setting [Display] as the FormContext.FormMode for the current page  072165e9-6016-403c-9032-9f96c4628e93
05/19/2016 17:59:18.72  w3wp.exe (0x1838)   0x192C  SharePoint Foundation   Claims Authentication   0000    Medium  ensureUserExistsInternal2: bUseVerifiedSid: is set to true. 072165e9-6016-403c-9032-9f96c4628e93
05/19/2016 17:59:18.75  w3wp.exe (0x1838)   0x192C  SharePoint Foundation   Claims Authentication   0000    Medium  ensureUserExistsInternal2: bUseVerifiedSid: is set to true. 072165e9-6016-403c-9032-9f96c4628e93
05/19/2016 17:59:18.78  w3wp.exe (0x1838)   0x192C  Web Content Management  Publishing  7fz3    Medium  Setting [Display] as the FormContext.FormMode for the current page  072165e9-6016-403c-9032-9f96c4628e93
05/19/2016 17:59:18.78  w3wp.exe (0x1838)   0x192C  Web Content Management  Publishing  7fz3    Medium  Setting [Display] as the FormContext.FormMode for the current page  072165e9-6016-403c-9032-9f96c4628e93
05/19/2016 17:59:18.80  w3wp.exe (0x1838)   0x192C  SharePoint Foundation   Claims Authentication   0000    Medium  ensureUserExistsInternal2: bUseVerifiedSid: is set to true. 072165e9-6016-403c-9032-9f96c4628e93
05/19/2016 17:59:18.82  w3wp.exe (0x1838)   0x192C  SharePoint Foundation   General 8e2s    Medium  Unknown SPRequest error occurred. More information: 0x80070005  072165e9-6016-403c-9032-9f96c4628e93
05/19/2016 17:59:18.82  w3wp.exe (0x1838)   0x192C  SharePoint Foundation   Monitoring  b4ly    High    Leaving Monitored Scope (CachedObjectFactory: Caching ListItem at: /Lists/Enhancements/91_.000). Execution Time=34.8262 072165e9-6016-403c-9032-9f96c4628e93
05/19/2016 17:59:18.82  w3wp.exe (0x1838)   0x192C  SharePoint Foundation   Monitoring  b4ly    Medium  Leaving Monitored Scope (Request (GET:https://mysite:443/Lists/Enhancements/DispForm.aspx?ID=91&Source=https%3A%2F%2Fmysite%2Ecom%2FLists%2FEnhancements%2FAllItems%2Easpx&ContentTypeId=0x01030012B7F87673D9D145BA75E229EA158A2C&IsDlg=1)). Execution Time=151.3476    072165e9-6016-403c-9032-9f96c4628e93

I see the following when trying to add a heading to the global navigation.

05/19/2016 19:07:14.52  w3wp.exe (0x1838)   0x1A18  SharePoint Foundation   Logging Correlation Data    xmnv    Medium  Name=Request (POST:https://mysite:443/_layouts/AreaNavigationSettings.aspx) 8c789695-d746-40ff-b85b-82e1865638ca
05/19/2016 19:07:14.53  w3wp.exe (0x1838)   0x1A18  SharePoint Foundation   Logging Correlation Data    xmnv    Medium  Site=/  8c789695-d746-40ff-b85b-82e1865638ca
05/19/2016 19:07:14.57  w3wp.exe (0x1838)   0x1A18  SharePoint Foundation   Claims Authentication   0000    Medium  ensureUserExistsInternal2: bUseVerifiedSid: is set to true. 8c789695-d746-40ff-b85b-82e1865638ca
05/19/2016 19:07:14.61  w3wp.exe (0x1838)   0x1A18  SharePoint Foundation   Claims Authentication   0000    Medium  ensureUserExistsInternal2: bUseVerifiedSid: is set to true. 8c789695-d746-40ff-b85b-82e1865638ca
05/19/2016 19:07:14.64  w3wp.exe (0x1838)   0x1A18  Web Content Management  Publishing  ck1b    Medium  Populating navigation children for web: /   8c789695-d746-40ff-b85b-82e1865638ca
05/19/2016 19:07:14.65  w3wp.exe (0x1838)   0x1A18  SharePoint Foundation   Claims Authentication   0000    Medium  ensureUserExistsInternal2: bUseVerifiedSid: is set to true. 8c789695-d746-40ff-b85b-82e1865638ca
05/19/2016 19:07:14.71  w3wp.exe (0x1838)   0x1A18  SharePoint Foundation   Monitoring  b4ly    High    Leaving Monitored Scope (PortalSiteMapNode: Populating navigation children for web: /). Execution Time=75.5994  8c789695-d746-40ff-b85b-82e1865638ca
05/19/2016 19:07:14.71  w3wp.exe (0x1838)   0x1A18  Web Content Management  Publishing  ck1b    Medium  Populating navigation children for web: /   8c789695-d746-40ff-b85b-82e1865638ca
05/19/2016 19:07:14.74  w3wp.exe (0x1838)   0x1A18  SharePoint Foundation   Monitoring  b4ly    High    Leaving Monitored Scope (EnsureListItemsData). Execution Time=11.3265   8c789695-d746-40ff-b85b-82e1865638ca
05/19/2016 19:07:15.60  w3wp.exe (0x1838)   0x1A18  SharePoint Foundation   Monitoring  b4ly    Medium  Leaving Monitored Scope (Request (POST:https://mysite:443/_layouts/AreaNavigationSettings.aspx)). Execution Time=1074.2479  8c789695-d746-40ff-b85b-82e1865638ca

I turned on verbose logging for claims and found this when i get the access denied error.

05/20/2016 09:48:06.43  w3wp.exe (0x3120)   0x2654  SharePoint Foundation   Claims Authentication   fr16    Verbose Token cache entry missing.  a28f4762-1fc4-4ff8-9117-47228eae6afa
05/20/2016 09:48:06.43  w3wp.exe (0x2AB0)   0x29C0  SharePoint Foundation   Claims Authentication   f2uu    Verbose Issuing new security token. 
05/20/2016 09:48:06.43  w3wp.exe (0x2AB0)   0x29C0  SharePoint Foundation   Claims Authentication   f2ut    Verbose Authenticated with login provider. Validating request security token.   
05/20/2016 09:48:06.43  w3wp.exe (0x2AB0)   0x29C0  SharePoint Foundation   Claims Authentication   0000    Verbose Adding claim provider 'System'. 
05/20/2016 09:48:06.43  w3wp.exe (0x2AB0)   0x29C0  SharePoint Foundation   Claims Authentication   0000    Verbose Adding claim provider 'AllUsers'.   
05/20/2016 09:48:06.44  w3wp.exe (0x2AB0)   0x29C0  SharePoint Foundation   Claims Authentication   fe3s    Verbose Token issued with '34' claims   
05/20/2016 09:48:06.50  w3wp.exe (0x3120)   0x2654  SharePoint Foundation   Claims Authentication   0000    Verbose Adding claim provider 'System'. 7e8aa90b-a69d-48c4-9d4a-30372d84c74f
05/20/2016 09:48:06.50  w3wp.exe (0x3120)   0x2654  SharePoint Foundation   Claims Authentication   0000    Verbose Adding claim provider 'AllUsers'.   7e8aa90b-a69d-48c4-9d4a-30372d84c74f
05/20/2016 09:48:06.50  w3wp.exe (0x3120)   0x2654  SharePoint Foundation   Claims Authentication   0000    Medium  ensureUserExistsInternal2: bUseVerifiedSid: is set to true. 7e8aa90b-a69d-48c4-9d4a-30372d84c74f
05/20/2016 09:48:06.53  w3wp.exe (0x3120)   0x2654  SharePoint Foundation   Claims Authentication   0000    Verbose Adding claim provider 'System'. 7e8aa90b-a69d-48c4-9d4a-30372d84c74f
05/20/2016 09:48:06.53  w3wp.exe (0x3120)   0x2654  SharePoint Foundation   Claims Authentication   0000    Verbose Adding claim provider 'AllUsers'.   7e8aa90b-a69d-48c4-9d4a-30372d84c74f
05/20/2016 09:48:06.54  w3wp.exe (0x3120)   0x2654  SharePoint Foundation   Claims Authentication   0000    Medium  ensureUserExistsInternal2: bUseVerifiedSid: is set to true. 7e8aa90b-a69d-48c4-9d4a-30372d84c74f
05/20/2016 09:48:06.61  w3wp.exe (0x3120)   0x2654  SharePoint Foundation   Claims Authentication   0000    Verbose Adding claim provider 'System'. 7e8aa90b-a69d-48c4-9d4a-30372d84c74f
05/20/2016 09:48:06.61  w3wp.exe (0x3120)   0x2654  SharePoint Foundation   Claims Authentication   0000    Verbose Adding claim provider 'AllUsers'.   7e8aa90b-a69d-48c4-9d4a-30372d84c74f
05/20/2016 09:48:06.62  w3wp.exe (0x3120)   0x2654  SharePoint Foundation   Claims Authentication   0000    Medium  ensureUserExistsInternal2: bUseVerifiedSid: is set to true. 7e8aa90b-a69d-48c4-9d4a-30372d84c74f
05/20/2016 09:48:09.49  w3wp.exe (0x3120)   0x2654  SharePoint Foundation   Claims Authentication   ftc8    Verbose Access Denied: Authentication is required.
Était-ce utile?

La solution

Eureka! I figured it out!

Apparently claims expiration needed to be set to a lower time window. I don't understand why a bunch of Microsoft patches would require that but apparently SharePoint was having an issue verifying my permissions with AD.

I ran the following commands from the link below.

Command Prompt:

stsadm.exe -o setproperty -propertyname token-timeout -propertyvalue 2

PowerShell:

$sts = Get-SPSecurityTokenServiceConfig
$sts.FormsTokenLifetime = (New-TimeSpan -minutes 2)
$sts.WindowsTokenLifetime = (New-TimeSpan -minutes 2)
$sts.LogonTokenCacheExpirationWindow = (New-TimeSpan -minutes 1)
$sts.Update()

Command Prompt:

iisreset

Now I just need to figure out:

  1. What beer to pick up tonight so I can celebrate the fact that I found a solution before Microsoft could
  2. When I should revert these settings back to their default. Any ideas???

SharePoint 2013 Claim Expiration and AD Sync

Licencié sous: CC-BY-SA avec attribution
Non affilié à sharepoint.stackexchange
scroll top