I'm troubleshooting a SharePoint 2010 404 issue when attempting to access a web application using an elevated user account. The account I am using is the Farm Setup account which is local and domain admin as well as admin on sql.
The server is 2012 RT with all the Windows updates applied and the SharePoint Build number is the 14.0.7162.500 which is the December 2015 release.
Upon first accessing the my site web I am immediatly prompted for user name and password which I enter. The prompt is repeated a number of times usually resulting in a Unauthorized notice. Sometime, however after a few repeated login attempts the page miraculously displays.
Using Fiddler I can see the repeated logins resulting in 404 on the /favicon.ico file log linked here.
I am hoping someone has seen this behvior before and can help me fix it.
Related
I try to give new users in our domain access to our VSTS. We have MSDN enterprise subscriptions via MPN. The subscription is assigned and visible for the user if he logs in my.visualstudio.com with his work account. If the user tries to access the VSTS at [ourprojects].visualstudio.com he gets “VSTS login fails with 401 not authorized – [user] has multiple accounts associated with it. Your work or school account does not have access to [ourprojects].visualstudio.com, but your personal account does have access. “.
Signing in with the personal account as suggested by the error message leads to another error: “This Microsoft account does not exist.” This is correct. The account in charge is definitely a work account in Microsoft Azure Active Directory. So the first error message is somehow strange and leads into the wrong direction.
Our domain accounts are synchronized with Azure Active Directory (AAD). I can see the new users both in our domain and AAD. The user can login into my.visualstudio.com with his work account. So sync with Windows Server AD and AAD looks working correctly. MSDN assignment works, too.
Loggin into my.visualstudio.com redirects to the login page of our domain. thsi is corect and works fine. But this redirect does not take place loggin into VSTS.
For other older accounts in our domain VSTS access with work account works completely fine. Has anybody experienced similar problems?
Finally I talked to Microsoft support. It turned out that this VSTS account is not backed by Azure Active Directory. It has to be converted to do so.
To check if a Azure DevOps/VSTS account is backed by AAD, you can look in the settings page ("gears"->Settings) of Azure DevOps at the very bottom.
I have created trial account in MS Dynamic 365 CRM. I have logged and created a new user by making my role into global administrator using Microsoft Office 365 Admin Portal. I have also completed that to successfully. But when I tried to create groups (for user roles) I'm getting error like this
Message: The server was unable to process the request due to an internal error. For more information
about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute
or from the configuration behavior) on the server in order to send the exception
information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation
and inspect the server trace logs.
Your request couldn't be completed. Please try again in a few minutes.
I have tried many time still getting same error.
How can I fix this ?
How can assign user into groups and permissions
Please change the Question subject line - its misleading. Actual security roles creation & assigning users can be done from Settings - Security menu from Dynamics 365 instance url.
But you are facing issues in Office 365 Admin portal. Please try to reach out to contacts in https://www.microsoft.com/en-us/dynamics/crm-customer-center/contact-technical-support.aspx but am not sure will they support trial orgs or not.
There are quite a lot of threads and questions about this issue. However, non-of them helped me.
I have got an MVC4 app running on IIS8 without any probblem. I need to move this app to Windows 2012 R2 Server which has IIS8.5.
Whichever user I give access to folder, I still get following exception.
HTTP Error 401.0 - Unauthorized
You do not have permission to view this directory or page.
Most likely causes:
The authenticated user does not have access to a resource needed to process the request.
Here is the error trace screenshot
Regarding IIS Site Setup, Anonymous Authentication and Forms Authentication are enabled.
Lastly, I have given Server\IIS_USERS, App Pool Account, IUSR, Server\Users readn and write access to make it work, but still same error.
Could anyone help me with this please?
Thanks.
edit updated with new information
I've been trying to configure a ASP.Net site to use windows authentication impersonation, and use this to call Sharepoint 2010 web services.
I've enabled impersonation and windows authentication on the site, and given in a "classic" .net 4.0 app pool identity. I display the user that is logged in. When the site is run from the server, everything works fine - the user is impersonated correctly. Tried with several user accounts (but all local admins...). This can upload a file to sharepoint which records the "Created by" "Modified by" as the site user (and not the app pool identity). This is the situation I want.
When run from a client machine, it fails. The page is loaded, but it seems to fail when it tries to access the Sharepoint lists service with a 401 unauthorised. Further inquiries have shown me the following info the Sharepoint weblogs when calling the list.asmx service:
2012-01-12 22:42:52 10.197.104.208 POST /iain/Cesa/_vti_bin/Lists.asmx - 80 - 10.143.16.141 Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+4.0.30319.239) 401 0 0 13
2012-01-12 22:42:52 10.197.104.208 POST /iain/Cesa/_vti_bin/Lists.asmx - 80 - 10.143.16.141 Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+4.0.30319.239) 401 1 2148074254 3
2012-01-12 22:42:52 10.197.104.208 POST /iain/Cesa/_vti_bin/Lists.asmx - 80 - 10.143.16.141 Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+4.0.30319.239) 401 1 5 1
From: http://support.microsoft.com/kb/969060 I know that: "The win32 status of "2148074254" (also defined as -2146893042 / 0x8009030E / SEC_E_NO_CREDENTIALS) means "No credentials are available in the security package." In other words, the client has not sent any credentials."
This looks like my web site is not passing the impersonated credentials to the Sharepoint site. Is there any way of solving this? Because it works from the server I'm sure it can work, but I'm at my wits end trying to find a solution.
This is caused by windows authentication using NTLM rather than Kerberos (I thought it was using Kerberos...).
I'm looking into getting Kerberos properly configured, but this is a big task. In the meatime I have simply moved the site and it is now hosted on the same SharePoint web front end as the web services it is contacting. Now there is now double hop, no need for deleaged credentials, and so it works :)
I am getting the error below while getting the Search Crawlers to work:-
The start address sts4://mysites/contentdbid={3d198865-7f27-4633-bd71-902795032d78} cannot be crawled.
*Context: Application 'Search_index_file_on_the_search_server', Catalog 'Search'*
Details:
Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has "Full Read" permissions on the SharePoint Web Application being crawled. (0x80041205)
I have checked all permissions and they appear to be in order.
While investigating this problem I discovered that when I RDP to the SharePoint server and connect to the sites whilst on the server (locally to the server) I get access denied.
The Central Administration works just fine, but all the other Web Applications (intranet & mysites) will not allow me to login. I get prompted to enter username and password (like I do when connecting to CA) but it never accepts the login. These sites work without any problems when accessed from client workstations.
When I check the site log file it is reporting a http 401 Unauthorised error.
Note: The sites are not using Claims Authentication
Any ideas on how to fix this?
Thanks,
Andrew
You're probably having the loopback issue problem. Follow instructions in this KB article: http://support.microsoft.com/kb/896861