Basically, we had a situation on a 2010 farm where users no matter what permission they were granted on the SharePoint site, either directly or via AD groups. They would get prompted for username and password when ever they try tried to navigate the site. It was happening just on this farm and not on others.
Users basically cannot use the site properly. Some resources like images and .css from sitecollection images folder would always be locked. And any SharePoint URL resource that was not a full path with the .aspx file in the end. The site would not resolve the URL showing a blank page to the user.
However, we found using the Farm Admin account was OK.
We also found if users were placed into the Administrators group in the WFE server itself, the problem went away.
We scratched our heads and look everywhere to see what was causing this including.
- IIS7
- Firewall blocking authentication with AD
- Trust between Domain
- Examine local desktop’s local security policy in secpol.msc. Examine the - > Local Policies -> Security Options -> Network Security: LAN Manager authentication level
It turns out the main culprit was actually a Server Hardening script that was ran on the server.
Some settings put into our Server in the User Rights Assignment section of the Local Security Policy that caused the login issue.
(Bypass traverse checking). Once added domain Authenticated Users, the login problem was resolved.
Actually MS Support has highlighted this problem can happen for when users edit the site with SP Designer 2010, but it appears the setting affect nearly all usage of the site. See their support article below.
http://support.microsoft.com/kb/982948
No comments:
Post a Comment