How do I – Solve the Access Denied error in SharePoint 2010 under Claims or Classic auth when accessing portal root while content access works fine

Written by Cornelius J. van Dyk on . Posted in How Do I...

Sometimes in a SharePoint 2010 environment, you could encounter a problem where accessing a portal URL directly, e.g. http://portal.company.com.  When attempting to access the URL, you could get presented with a simple “Access Denied” error such as this:
image
In addition, if you’re trying to access a NLB load balanced IP from your App server, you could be challenged for logon three time before getting Access Denied.  The problem in this case is that the web application is thinking it has anonymous access enabled, but it actually does not.  When a request for the root portal comes into the web app, the app does not challenge the requestor for credentials and when passed onto IIS without credentials and Anonymous Access not turned on, the result is an Access Denied error.
In order to resolve this, we will enable Anonymous Access on the web app and then turn it back off again.
  • Start by navigating to Central Administration.
  • Click “Application Management” in the left menu.
  • Under the Web Applications section, click “Manage web applications”.
image
  • A list of all your web apps is displayed.
  • Select the web app in question.
  • In the ribbon, click “Authentication Providers”
image
  • A popup window with your authentication providers opens.  In our case, we see Claims.
  • Click the link under Zone, in our case “Default”.
image
  • Scroll down to the Anonymous Access section.
  • Check the “Enable anonymous access” check box.
  • Scroll down and click “OK”.
image
Now attempt to access your portal e.g. http://portal.company.com, and ensure that you’re able to resolve correctly.  Once confirmed, simply follow the above steps again and uncheck the anonymous access check box this time.  Once again check your access and all should be good. 
Hope that saves someone some time.


Cheers
C




image

Tags: , , ,

Trackback from your site.

Cornelius J. van Dyk

Born and raised in South Africa during the 70's I got my start in computers when a game on my Sinclair ZX Spectrum crashed, revealing it's BASIC source code. The ZX had a whopping 48K of memory which was considered to be a lot in the Commodore Vic20 era, but more importantly, it had BASIC built into the soft touch keyboard. Teaching myself to program, I coded my first commercial program at age 15.

After graduating high school at 17, I joined the South African Air Force, graduating the Academy and becoming a Pilot with the rank of First Lieutenant by age 20. After serving my country for six years, I made my way back into computer software.

Continuing my education, I graduated Suma Cum Laude from the Computer Training Institute before joining First National Bank where my work won the Smithsonian Award for Technological Innovation in the field of Banking and Insurance. Soon I met Will Coleman from Amdahl SA, who introduced me to a little known programming language named Huron/ObjectStar. As fate would have it, this unknown language and Y2K brought me to the USA in 1998.

I got involved with SharePoint after playing around with the Beta for SharePoint Portal Server 2003. Leaving my career at Rexnord to become a consultant in 2004, I was first awarded the Microsoft Most Valuable Professional Award for SharePoint in 2005, becoming only the 9th MVP for WSS at the time. I fulfilled a life long dream by pledging allegiance to the Flag as a US citizen in 2006. I met the love of my life and became a private consultant in 2008. I was honored to receive my ninth MVP award for SharePoint Server in 2013.

Leave a comment

You must be logged in to post a comment.