"Access Denied" Error After Server Change

Similar Messages

• IIS Server 7.5 403 Forbidden Access Denied Error after submitting login Page

  Hi All,
  Need help to resolve below error:
  403 - Forbidden: Access is denied.
  You do not have permission to view this directory or page using the credentials that you supplied.
  Getting this error once hitting submit button, here i am entering only user name it should give an alert msg asking for the password. 
  The application is running on IIS server 7.5 and recently enabled Anonymous Authentication and since then it is giving this error.
  But if i am accessing the application locally it means in server machine it is working but from remote system it gives 403 error.
  Regards,
  Kirti

  Hi,
  it's difficult to say what exactly is causing without more info on you confiuration.
  I'm, from you description, assuming a webpage that was configured for forms authentication. You enabled anonymous authentication and now it no longer works.
  Forms authentication relies on webpage logic. In most cases, you cannot replace it 'like that' by another authentication method as the login page contains logic on how to store the usercredentials and/or authorization and were to go after authentication
  has finished.
  Anonymous authentication relies on the  application pool identitiy (or the anonymous user) having RX access to the content. Depending the configurations you made when enabling anonyous authentication, you might aditionnaly need to assign an identity
  to the anonymous user and configure ntfs privilges on the content.
  Check IIS logs and event logs for information. if you do not succeed to resolve, I would suggets to post on teh iis.net forums and include detailed configuration information.
  MCP/MCSA/MCTS/MCITP

• Access Denied Error For Shared Folder with Win Server 2008R2 Task Manager Scheduled Task

  Hi,
  I have scheduled a Task with the Task scheduler. It invokes an .EXE file after every 5 min.
  The application is supposed to access some files lying on a different Server's shared path, process them and move them across folders on the Shared path only.
  Problem: When the .EXE gets executed from the Task scheduler, I am getting "Access Denied to the Shared path" error. I have already given Full Control to Everyone as well as to the Account with which the Task has been configured with.
  Another important point to note is, if I run the .EXE manually, the solution is able is able to do everything intended; I don't get any Access Denied error.
  Kindly help me with what needs to be done in order that this issue is resolved. This is really urgent for me.
  Thanks a lot in advance..
  AC

  Hello Alex,
  first of all, make sure your task was correctly create: How to Create Advanced Tasks with the Task
  Scheduler.
  Please, read these:
  TechNet Library Task Security Context
  TechNet Forums post How
  does "Run with the highest privileges" really work in Task Scheduler ? - Look at the answer "...When you want to run a program with admin rights from a standard user account, you have to select "run whether the user is logged
  on or not" and select a user which is member of the admingroup."
  TechNet Forums post
  Log on as batch job right (written on previous post)
  serverfault Task Scheduler is not executing the program
  serverfault
  unable to schedule a task (access denied)
  UAC: Do you receive the User Account Control "Windows need your permission to continue" message to approve the scheduled application ?
  If yes, maybe "Run with highest privileges" option will not take precedence of the UAC. While the Admin Approval Mode for built-in Administrator account is enabled, UAC will still ask for approval according to the settings on the Behavior
  of elevation to prompt for the administrators. Check whether the "User Account Control: Admin Approval Mode for built-in Administrator account" is enabled. If yes, disable it or change the setting on "User Account Control: Behavior
  of elevation to prompt for the administrators" to elevate without prompting.
  Local Computer Policy ---> Computer Configuration ---> Windows Settings ---> Security Settings ---> Local policies ---> Security Options (source: Task
  Scheduler "run with highest privileges": does not work on Windows Server 2008 ?)
  Bye,
  Luca
  Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights. Whenever you see a helpful reply, click on [Vote As Help] and click on [Mark As Answer] if a post answers your question.

• After spring break as of March 26th we are receiving access denied errors

  After spring break as of March 26th we are receiving access denied errors with faculty and students attempt to access private courses on our CWU on iTunes U site.  Anyone else have this problem?

  Hi,
  How many Domain Controllers are in the domain? Are they using static IP addresses? If not, please assign static IP addresses on DCs.
  In addition, would you please run DCdiag on a Domain Controller then post out the results?
  Best Regards,
  Amy

• I cannot get iTunes or QuickTime to install. I receive an "access denied" error even after uninstalling both completely.

  I cannot get iTunes to install on my Windows 7 PC. I have uninstalled iTunes and QuickTime completely, and downloaded the newest versions. On installation, I receive an "access denied" error for both. I am on an administrator account, run as administrator, deleted my temp folder, everything. I cannot get either to install. Any suggestions? Very frustrating.

  I am am seeing exactly the same scenario being played out as  phitzdisco, on a Dell running Windows 7, and normally a very stable install at that. Steps followed
  Uninstalled all the software correctly, following instructions, in the Program & program(x86) folders
  Rebooted
  Cleaned out the \appdata\local\temp directory
  Download the latest iTunes
  Run as user and a second time through after repeating the steps above as administrator
  Three "Access is Denied" messages in the install
  Log file iTunes64SetupD2C.log shows
       fdintCLOSE_FILE_INFO
          file name in cabinet = Bonjour64.msi
       fdintCOPY_FILE
         file name in cabinet = SetupAdmin.exe
         uncompressed file size = 77136
       fdintCLOSE_FILE_INFO
          file name in cabinet = SetupAdmin.exe
  Executing: "C:\Windows\system32\msiexec.exe" /i "C:\Users\Paul\AppData\Local\Temp\IXP322.TMP\iTunes64.msi" INSTALL_SUPPORT_PACKAGES=1
  Returning: 1603
  In the SetupAdmin1B84.log we see
  MessageType: INSTALLMESSAGE_ACTIONSTART
  Message: Action 09:05:24: AllocateRegistrySpace. Allocating registry space
  Returning:   1L
  MessageType: INSTALLMESSAGE_INFO
  Message: Action start 09:05:24: AllocateRegistrySpace.
  Returning:   1L
  MessageType: INSTALLMESSAGE_INFO
  Message: Action ended 09:05:24: AllocateRegistrySpace. Return value 1.
  Returning:   1L
  MessageType: INSTALLMESSAGE_ACTIONSTART
  Message: Action 09:05:24: ProcessComponents. Updating component registration
  Returning:   1L
  MessageType: INSTALLMESSAGE_INFO
  Message: Action start 09:05:24: ProcessComponents.
  Returning:   1L
  MessageType: INSTALLMESSAGE_ERROR
  Message: Access is denied.
  Returning:   1L
  MessageType: INSTALLMESSAGE_INFO
  Message: Action ended 09:05:33: ProcessComponents. Return value 3.
  Returning:   1L
  MessageType: INSTALLMESSAGE_COMMONDATA
  Message: Message type: 2, Argument: 0
  Returning:   1L
  MessageType: INSTALLMESSAGE_COMMONDATA
  Message: Message type: 2, Argument: 1
  Returning:   1L
  MessageType: INSTALLMESSAGE_INFO
  Message: Action ended 09:05:33: INSTALL. Return value 3.
  Returning:   1L
  MessageType: INSTALLMESSAGE_INFO
  Message: Property(S): UpgradeCode = {529316F8-601C-48AB-BAF6-D9E09938D8D3}
  Returning:   1L
  MessageType: INSTALLMESSAGE_INFO
  Message: Property(S): INSTALLDIR = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\
  Returning:   1L
  The other 6 logs files are also present, but somewhat large to post unless required.
  I hope this can potential help us both find the issue

• "general access denied error" while implementing out-of-process COM Server Implementation in Windows Phone 8.1

  I have a Service (.exe) where I was registering for my COM Component like below
  CoInitializeEx(NULL, COINIT_MULTITHREADED);
  HRESULT hres = CoInitializeSecurity(NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_NONE, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, 0);
  if (hres != S_OK)
  OutputDebugStringA("Security Descriptor not initialized");
  ITypeLib* pTypeLib;
  HRESULT hr_1 = LoadTypeLibEx(L"ServiceIdl.tlb", REGKIND_REGISTER, &pTypeLib);
  if (pTypeLib != NULL)
  pTypeLib->Release();
  RegisterServer(L"Service.exe", CLSID_classAImpl, L"ClassAImpl Sample", L"Component.ClassAImpl", L"Component.ClassAImpl.1", 0);
  g_hEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
  DWORD reg = 0;
  IClassFactory *pIFactory = new classAFactory;
  HRESULT hr0 = CoRegisterClassObject(CLSID_classAImpl, pIFactory, CLSCTX_LOCAL_SERVER, REGCLS_MULTIPLEUSE, &reg);
  if (FAILED(hr0))
  OutputDebugStringA("classAImpl is not registered");
  CoUninitialize();
  exit(1);
  HRESULT hr1 = CoResumeClassObjects();
  if (hr1 == S_OK)
  OutputDebugStringA("classAImpl is Resumed Registering");
  WaitForSingleObject(g_hEvent, INFINITE);
  CloseHandle(g_hEvent);
  CoRevokeClassObject(reg);
  pIFactory->Release();
  CoUninitialize();
  From Client Code I am CreatingInstance  Like Below
  COSERVERINFO si;
  MULTI_QI qi;
  COAUTHINFO cai = { RPC_C_AUTHN_NONE, RPC_C_AUTHZ_NONE, 0, RPC_C_AUTHN_LEVEL_NONE, RPC_C_IMP_LEVEL_IMPERSONATE, 0, EOAC_NONE };
  si.dwReserved1 = 0;
  si.pwszName = L"\\\\localhost";
  si.pAuthInfo = &cai;
  si.dwReserved2 = 0;
  qi.pIID = &IID_classA;
  qi.pItf = NULL;
  qi.hr = 1;
  CoInitializeEx(NULL, COINIT_MULTITHREADED);
  HRESULT hr = CoCreateInstanceEx(CLSID_classAImpl, 0, CLSCTX_LOCAL_SERVER, &si, 1, &qi);
  hr returning error "general access denied error";

  I think we may run into the limitations mentioned in the remarks of CoCreateInstanceFromApp doc(show as below). If you can provide a repro project, I
  can give you more details about what happens.
  The CoCreateInstanceFromApp function reads class registrations only from Fusion contexts and manifests, and from the HKLM\SOFTWARE\Classes\CLSID registry hive.
  Only built-in classes that are supported in the app container are supplied. Attempts to activate unsupported classes, including all classes installed by 3rd-party code as well as many Windows classes, result in error code
  REGDB_E_CLASSNOTREG.
  The CoCreateInstanceFromApp function is available to Windows Store apps. Desktop applications can call this function, but they have the same restrictions as Windows Store apps.
  If you are trying to call some windows classes in your library, I will suggest you check how to create windows runtime out of process component by viewing
  this sample. This is what I usually do.
  To be honest, I did not try to implement the out of process COM component using the method you tried as we previsouly do on desktop. I will suggest you try to register a very simple library(like a signle class and single interface which returns an integer),
  and see if it will work.
  <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
  Thanks
  Alan Yao
  MSDN Community Support
  Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

• Access denied errors in domain logs after configuring Ldap and restricting access to users

  Hi Experts,
  I'm getting access denied errors in my domain logs , this log is written continiously ..Has any one encountered the same issue and fixed this?
  ####<Sep 2, 2014 2:30:07 PM EDT> <Error> <Default> <ftizsldmwapp001.ftdc.cummins.com> <AdminServer> <[ACTIVE] ExecuteThread: '27' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <096a131bdb6c126e:6cecae89:14834848020:-8000-0000000000009bc8> <1409682607304> <J2EE JMX-46335> <MBean attribute access denied.
    MBean: EMDomain:EMTargetType=j2ee_application,name=em,type=EMIntegration,Application=em
    Getter for attribute HostName
    Detail: Access denied. Required roles: Admin, Operator, Monitor, executing subject: principals=[]
  TIA,
  -Karthik

  Hi Experts,
  I'm getting access denied errors in my domain logs , this log is written continiously ..Has any one encountered the same issue and fixed this?
  ####<Sep 2, 2014 2:30:07 PM EDT> <Error> <Default> <ftizsldmwapp001.ftdc.cummins.com> <AdminServer> <[ACTIVE] ExecuteThread: '27' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <096a131bdb6c126e:6cecae89:14834848020:-8000-0000000000009bc8> <1409682607304> <J2EE JMX-46335> <MBean attribute access denied.
    MBean: EMDomain:EMTargetType=j2ee_application,name=em,type=EMIntegration,Application=em
    Getter for attribute HostName
    Detail: Access denied. Required roles: Admin, Operator, Monitor, executing subject: principals=[]
  TIA,
  -Karthik

• Access denied error while writing a file to the file system - myfileupload.saveas() throws system.unauthorizedexception

  hi,
  as part of my requirement , i have to perform read and  write  operations of  few files [ using the file upload control in my custom visual web part] and on submit button click.
  but while writing these files - with the help of  fileupload control - and when i use  myfileupload.saveas(mylocation);
  - i am saving these files into my D:\ drive of my server , where i am executing my code -, am getting access denied error.
  it throws system.unauthorizedexception.
  i have given full control on that folder where i was trying to store my attached files. and also  after following asp.net forums,
  i have added  iusr group added and performed all those steps such that, the file is saved in my D:\ drive.
  but unfortunately  that didnt happen.
  also
  a) i am trying the code with runwithelevatedprivileges(delegate() )  code
  b) shared the drive within the  d :drive where i want o save the files.
  c) given the full privieleges for the app pool identity- in my case , its
  network service.
  the  other strange thing is that, the same code works perfectly in  other machine, where the same sp, vs 2012  etc were installed .
  would like to know, any other changes/ steps i need to make it on this  server, where i am getting the  error.
  help is  appreciated!

  vishnuS1984 wrote:
  Hi Friends,
  I have gone through scores of examples and i am failing to understand the right thing to be done to copy a file from one directory to another. Here is my class...So let's see... C:\GetMe1 is a directory on your machine, right? And this is what you are doing with that directory:
  public static void copyFiles(File src, File dest) throws IOException
  // dest is a 'File' object but represents the C:\GetMe1 directory, right?
  fout = new FileOutputStream (dest);If it's a directory, where in your code are you appending the source file name to the path, before trying to open an output stream on it? You're not.
  BTW, this is awful:
  catch (IOException e)
  IOException wrapper = new IOException("copyFiles: Unable to copy file: " +
  src.getAbsolutePath() + "to" + dest.getAbsolutePath()+".");
  wrapper.initCause(e);
  wrapper.setStackTrace(e.getStackTrace());
  throw wrapper;
  }1) You're hiding the original IOException and replacing it with your own? For what good purpose?
  2) Even if you had a good reason to do that, this would be simpler and better:
  throw new IOException("your custom message goes here", e);
  rather than explicitly invokign initCause and setStackTrace. Yuck!

• Access Denied error on Registry Key with CRXIR2A SP6

  We ship now the latest CRXI version (2ASP6) with our application. One of our users (Win7 Home SP1)  gets an error on instantiating a report. Using ProcMon.exe this seems to be caused by an Access Denied error when accessing the  HKLM\Software\Wow6432Node\Business Objects\Suite 11.5\Crystal Reports key. What can be the cause?

  Hello Ludek,
  I had to take ownership and then change persmissions to full. The problem did not go away however. As I noticed that the register key mentioned did not contain any subkeys I tried to remove it. This again failed because of persmission denied error. Funnily some subkeys suddenly showed up. I took ownership, changed permissions and tried again. Lo and behold the subkeys I tried to delete (and in which no subkeys were visible) suddenly showed more subkeys. At this point I stopped fearing that I was damaging the client's computer. The subkeys were related to the RAS server. Does that say anyting to you?
  André

• EFS Encrypted Files over home workgroup network via WebDAV avoiding Active Directory fixing Access Denied errors

  This is for information to help others
  KEYWORDS:
    - Sharing EFS encrypted files over a personal lan wlan wifi ap network
    - Access denied on create new file / new fold on encrypted EFS network file share remote mapped folder
    - transfer encryption keys / certificates
    - set trusted delegation for user + computer for EFS encrypted files via
  Kerberos
    - Windows Active Directory vs network file share
    - Setting up WinDAV server on Windows 7 Pro / Ultimate
  It has been a long painful road to discover this information.
  I hope sharing it helps you.
  Using EFS on Windows 7 pro / ultimate is easy and works great. See
  here and
  here
  So too is opening + editing encrypted files over a peer-to-peer Windows 7 network.
  HOWEVER, creating a new file / new folder over a peer-to-peer Windows 7 network
  won't work (unless you follow below steps).
  Typically, it is only discovered as an issue when a home user wants to use synchronisation software between their home computers which happens to have a few folders encrypted using windows EFS. I had this issue trying to use GoodSync.
  Typically an "Access Denied" error messages is thrown when a \\clientpc tries to create new folder / new file in an encrypted folder on a remote file share \\fileserver.
  Why such a EFS drama when a network is involved?
  Assume a home peer-to-peer network with 2pc:  \\fileserver  and  \\clientpc
  When a \\clientpc tries to create a new file or new folder on a \\fileserver (remote computer) it fails. In a terribly simplified explanation it is because the process on \\fileserver that is answering the network requests is a process working for a user on
  another machine (\\clientpc) and that \\fileserver process doesn't have access to an encryption certificate (as it isn't a user). Active Directory gets around this by using kerberos so the process can impersonate a \\fileserver user and then use their certificate
  (on behalf of the clienpc's data request).
  This behaviour is confusing, as a \\clientpc can open or edit an existing efs encrypted file or folder, just can't create a new file or folder. The reason editing + opening an encrypted file over a network file share is possible is because the encrypted
  file / folder already has an encryption certificate, so it is clear which certificate is required to open/edit the file. Creating a new file/folder requires a certificate to be assigned and a process doesn't have a profile or certificates assigned.
  Solutions
  There are two main approaches to solve this:
       1) SOLVE by setting up an Active Directory (efs files accessed through file shares)
            EFS operations occur on the computer storing the files.
            EFS files are decrypted then transmitted in plaintext to the client's computer
            This makes use of kerberos to impersonate a local user (and use their certificate for encrypt + decrypt)
       2) SOLVE by setting up WebDAV (efs files accessed through web folders)
             EFS operations occur on the client's local computer
             EFS files remain encrypted during transmission to the client's local computer where it is decrypted
             This avoids active directory domains, roaming or remote user profiles and having to be trusted for delegation.
             BUT it is a pain to set up, and most online WebDAV server setup sources are not for home peer-to-peer networks or contain details on how to setup WebDAV for EFS file provision
           READ BELOW as this does
  Create new encrypted file / folder on a network file share - via Active Directory
  It is easily possible to sort this out on a domain based (corporate) active directory network. It is well documented. See
  here. However, the problem is on a normal Windows 7 install (ie home peer-to-peer) to set up the server as part of an active directory domain is complicated, it is time consuming it is bulky, adds burden to operation of \\fileserver computer
  and adds network complexity, and is generally a pain for a home user. Don't. Use a WebDAV.
  Although this info is NOT for setting up EFS on an active directory domain [server],
  for those interested here is the gist:
  Use the Active Directory Users and Computers snap-in to configure delegation options for both users and computers. To trust a computer for delegation, open the computer’s Properties sheet and select Trusted for delegation. To allow a user
  account to be delegated, open the user’s Properties sheet. On the Account tab, under Account Options, clear the The account is sensitive and cannot be delegated check box. Do not select The account is trusted for delegation. This property is not used with
  EFS.
  NB: decrypted data is transmitted over the network in plaintext so reduce risk by enabling IP Security to use Encapsulating Security Payload (ESP)—which will encrypt transmitted data,
  Create new encrypted file / folder on a network file share - via WebDAV
  For home users it is possible to make it all work.
  Even better, the functionality is built into windows (pro + ultimate) so you don't need any external software and it doesn't cost anything. However, there are a few hotfixes you have to apply to make it work (see below).
  Setting up a wifi AP (for those less technical):
     a) START ... CMD
     b) type (no quotes): "netsh  wlan set hostednetwork mode=allow ssid=MyPersonalWifi key=12345 keyUsage=persistent"
     c) type (no quotes): "netsh  wlan start hostednetwork"
  Set up a WebDAV server on Windows 7 Pro / Ultimate
  -----ON THE FILESERVER------
     1  click START and type "Turn Windows Features On or Off" and open the link
         a) scroll down to "Internet Information Services" and expand it.
         b) put a tick in: "Web Management Tools" \ "IIS Management Console"
         c) put a tick in: "World Wide Web Services" \ "Common HTTP Features" \ "WebDAV Publishing"
         d) put a tick in: "World Wide Web Services" \ "Security" \ "Basic Authentication"
         e) put a tick in: "World Wide Web Services" \ "Security" \ "Windows Authentication"
         f) click ok
         g) run HOTFIX - ONLY if NOT running Windows 7 / windows 8
  KB892211 here ONLY for XP + Server 2003 (made in 2005)
  KB907306 here ONLY for Vista, XP, Server 2008, Server 2003 (made in 2007)
    2 Click START and type "Internet Information Services (IIS) Manager"
    3 in IIS, on the left under "connections" click your computer, then click "WebDAV Authoring Rules", then click "Open Feature"
         a) on the right side, under Actions, click "Enable WebDAV"
    4 in IIS, on the left under "connections" click your computer, then click "Authentication", then click "Open Feature"
         a) on the "Anonymous Authentication" and click "Disable"
         b) on the "Windows Authentication" and click "Enable"
        NB: Some Win 7 will not connect to a webDAV user using Basic Authentication.
          It can be by changing registry key:
             [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
             BasicAuthLevel=2
         c) on the "Windows Authentication" click "Advanced Settings"
             set Extended Protection to "Required"
         NB: Extended protection enhances the windows authentication with 2 security mechanisms to reduce "man in the middle" attacks
    5 in IIS, on the left under "connections" click your computer, then click "Authorization Rules", then click "Open Feature"
         a) on the right side, under Actions, click "Add Allow Rule"
         b) set this to "all users". This will control who can view the "Default Site" through a web browser
         NB: It is possible to specify a group (eg Administrators is popular) or a user account. However, if not set to "all users" this will require the specified group/user account to be used for logged in with on the
  clientpc.
         NB: Any user account specified here has to exist on the server. It has a bug in that it usernames specified here are not validated on input.
    6 in IIS, on the left under "connections" click your computer, then click "Directory Browsing", then click "Open Feature"
         a) on the right side, under Actions, click "Enable"
  HOTFIX - double escaping
    7 in IIS, on the left under "connections" click your computer, then click "Request Filtering", then click "Open Feature"
         a) on the right side, under Actions, click "Edit Feature Settings"
         b) tick the box "Allow double escaping"
       *THIS IS VERY IMPORTANT* if your filenames or foldernames contain characters like "+" or "&"
       These folders will appears blank with no subdirectories, or these files will not be readable unless this is ticked
       This is safe btw. Unchecked (default) it filters out requests that might possibly be misinterpreted by buggy code (eg double decode or build url's via string-concat without proper encoding). But any bug would need to be in IIS basic
  file serving and this has been rigorously tested by microsoft, so very unlikely. Its safe to "Allow double escaping".
    8 in IIS, on the left under "connections" right click "Default Web Site", then click "Add Virtual Directory"
         a) set the Alias to something sensible eg "D_Drive", set the physical path
         b) it is essential you click "connect as" and set
  this to a local user (on fileserver),
         if left as "pass through authentication" a client won't be able to create a new file or folder in an encrypted efs folder (on fileserver)
               NB: the user account selected here must have the required EFS certificates installed.
                          See
  here and
  here
          NB: Sharing the root of a drive as an active directory (eg D:\ as "D_Drive") often can't be opened on clientpcs.
        This is due to windows setting all drive roots as hidden "administrative shares". Grrr.
         The work around is on the \\fileserver create an NTFS symbollic link
            e.g. to share the entire contents of "D:\",
                  on fileserver browse to site path (iis default this to c:\inetpub\wwwroot)
                  in cmd in this folder create an NTFS symbolic link to "D:\"
                  so in cmd type "cd c:\inetpub\wwwroot"
                  then in cmd type "mklink /D D_Drive D:\"
          NB: WebDAV will open this using a \\fileserver local user account, so double check local NTFS permissions for the local account (clients will login using)
           NB: If clientpc can see files but gets error on opening them, on clientpc click START, type "Manage Network Passwords", delete any "windows credentials" for the fileserver being used, restart
  clientpc
    9 in IIS, on the left under "connections" click on "WebDAV Authoring Rules", then click "Open Feature"
         a) click "Add authoring rules". Control access to this folder by selecting "all users" or "specified groups" or "specified users", then control whether they can read/write/source
         b) if some exist review existing allow or deny.
             Take care to not only review the "allow access to" settings
             but also review "permissions" (read/write/source)
         NB: this can be set here for all added virtual directories, or can be set under each virtual directory
    10 Open your firewall software and/or your router. Make an exception for port 80 and 443
         a) In Windows Firewall with Advanced Security click Inbound Rules, click New Rule
               choose Port, enter "80, 443" (no speech marks), follow through to completion. Repeat for outbound.
            NB: take care over your choice to untick "Public", this can cause issues if no gateway is specified on the network (ie computer-to-computer with no router). See "Other problems+fixes"
  below, specifically "Cant find server due to network location"
         b) Repeat firewall exceptions on each client computer you expect to access the webDAV web folders on
  HOTFIX - MAJOR ISSUE - fix KB959439
    11 To fully understand this read "WebDAV HOTFIX: RAW DATA TRANSFERS" below
        a) On Windows 7 you need only change one tiny registry value:
             - click START, type "regedit", open link
             -browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV\Parameters]
             -on the EDIT menu click NEW, then click DWORD Value
             -Type "DisableEFSOnWebDav" to name it (no speech marks)
             -on the EDIT menu, click MODIFY, type 1, then click OK 
             -You MUST now restart this computer for the registry change to take effect.
        b) On Windows Server 2008 / Vista / XP you'll FIRST need to
  download Windows6.0-KB959439 here. Then do the above step.
           NB microsoft will ask for your email. They don't care about licence key legality, it is more to keep you updated if they modify that hotfix
    12 To test on local machine (eg \\fileserver) and deliberately bypass the firewall.
          a) make sure WebClient Service is running
              (click START, type "services" and open, scroll down to WebClient and check its status)
          b) Open your internet software. Go to address "http://localhost:80" or "http://localhost:80"
              It should show the default "IIS7" image.
              If not, as firewall and port blocking are bypassed (using localhost) it must be a webDAV server setting. Check "Authorization Rules" are set to "Allow All Users"           
          c) for one of the "virtual directories" you added (8), add its "alias" onto "http://localhost/"
                  e.g. http://localhost/D_drive
              If nothing is listed, check "Directory Browsing" is enabled
    13 To test on local machine or a networked client and deliberately try and access through the firewall or port opening of your router.
          a) make sure WebClient Service is running
              (click START, type "services" and open, scroll down to WebClient and check its status)
          b) open your internet software. Go to address "http://<computer>:80" or "http://<computer>:80".
                eg if your server's computer name is "fileserver" go to "http://fileserver:80"
                It should show the default "IIS7" image. If not, check firewall and port blocking. 
                Any issue ie if (12) works but (13) doesn't,  will indicate a possible firewall issue or router port blocking issue.
         c) for one of the "virtual directories" you added (8), add its "alias" onto "http://<computername>:80/"
                 eg if alias is "C_driver" and your server's computer name is "fileserver" go to "http://fileserver:80/C_drive"
                 A directory listing of files should appear.
  --- ON EACH CLIENT ----
  HOTFIX - improve upload + download speeds
    14 Click START and type "Internet Options" and open the link
          a) click the "Connections" tab at the top
          b) click the "LAN Settings" button at the bottom right
          c) untick "Automatically detect settings"
  HOTFIX - remove 50mb file limit
    15 On Windows 7 you need only change one tiny registry value:
        a) click START, type "regedit", open link
        b) browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
         c) click on "FileSizeLimitInBytes"
         d) on the EDIT menu, click MODIFY, type "ffffffff", then click OK (no quotes)
  HOTFIX - remove prompt for user+pass on opening an office or pdf document via WebDAV
   16 On each clientpc click START, type "Internet Options" and open it
           a) click on "Security" (top) and then "Custom level" (bottom)
           b) scroll right to the bottom and under "User Authentication" select "Automatic logon with current username and password"
           SUCH an easy fix. SUCH an annoying problem on a clientpc
     NB: this is only an issue if the file is opened through windows explorer. If opened through the "open" dialogue of the software itself, it doesn't happen. This is as a WebDAV mapped drive is consdered a "web folder" by windows
  explorer.
  TEST SETUP
    17 On the client use the normal "map network drive"
              e.g. server= "http://fileserver:80/C_drive", tick reconnect at logon
              e.g. CMD: net use * "http://fileserver:80/C_drive"
           If it doens't work check "WebDAV Authoring Rules" and check NTFS permissions for these folders. Check that on the filserver the elected impersonation user that the client is logging in with (clientpc
  "manage network passwords") has NTFS permissions.
    18 Test that EFS is now working over the network
         a) On a clientpc, map network drive to http://fileserver/
         b) navigate to a folder you know on the \\flieserver is encrypted with EFS
         c) create a new folder, create a new file.
             IF it throws an error, check carefully you mapped to the WebDAV and not file share
                i.e. mapped to "http://fileserver" not "\\fileserver"
             Check that on clientpc the required efs certificate is installed. Then check carefully on clientpc what user account you specified during the map drive process. Then check on the \\fileserver this
  account exists and has the required EFS certificate installed for use. If necessary, on clientpc click START, type "Manage Network Passwords" and delete the windows credentials currently in the vault.
         d) on clientpc (through a webDAV mapped folder) open an encrypted file, edit it, save it, close it. On the \\fileserver now check that file is readable and not gobble-de-goup
         e) on clientpc copy an encrypted efs file into a folder (a webDAV mapped folder) you know is not encrypted on \\fileserver. Now check on the \\fileserver computer that the file is readable and not gobble-de-goup (ie the
  clientpc decrypted it then copied it).
          If this fails, it is likely one in IIS setting on fileserver one of the shared virtual directories is set to: "pass through authentication" when it should be set to "connect as"
          If this is not readable check step (11) and that you restarted the \\fileserver computer.
    19 Test that clients don't get the VERY annoying prompt when opening an Office or PDF doc
        a) on clientpc in windows explorer browse to a mapped folder you know is encrypted and open an office file and then PDF.
              If a prompt for user+pass then check hotfix (16)
    20 Consider setting up a recycling bin for this mapped drive, so files are sent to recycling bin not permanently deleted
        a) see the last comment at the very bottom of
  this page: 
  Points to consider:
     - NB: WebDAV runs on \\fileserver under a local user account, so double check local NTFS permissions for that local account and adjust file permissions accordingly. If the local account doesn't have permission, the webDAV / web folder share won't
  either.
    - CONSIDER: IP Security (IPSec) or Secure Sockets Layer (SSL) to protect files during transport.
  MORE INFO: HOTFIX: RAW DATA TRANSFERS
  More info on step (11) above.
  Because files remain encrypted during the file transfer and are decrypted by EFS locally, both uploads to and downloads from Web folders are raw data transfers. This is an advantage as if data is intercepted it is useless. This is a massive disadvantage as
  it can cause unexpected results. IT MUST BE FIXED or you could be in deep deep water!
  Consider using \\clientpc to access a webfolder on \\fileserver and copying an encrypted EFS file (over the network) to a web folder on \\fileserver that is not encrypted.
  Doing this locally would automatically decrypt the file first then copy the decrypted file to the non-encrypted folder.
  Doing this over the network to a web folder will copy the raw data, ie skip the decryption stage and result in the encrypted EFS file being raw copied to the non-encrypted folder. When viewed locally this file will not be recognised as encrypted (no encryption
  file flag, not green in windows explorer) but it will be un-readable as its contents are still encrypted. It is now not possible to locally read this file. It can only be viewed on the \\clientpc
  There is a fix:
        It is implimented above, see (11) above
        Microsoft's support page on this is excellent and short. Read "problem description" of "this microsoft webpage"
  Other problems + fixes
    PROBLEM: Can't find server due to network location.
       This one took me a long time to track down to "network location".
       Win 7 uses network locations "Home" / "Work" / "Public".
       If no gateway is specified in the IP address, the network is set to '"unidentified" and so receives "Public" settings.
       This is a disaster for remote file share access as typically "network discovery" and "file sharing" are disabled under "Public"
       FIX = either set IP address manually and specify a gateway
       FIX = or  force "unidentified" network locations to assume "home" or "work" settings -
  read here or
  here
       FIX = or  change the "Public" "advanced network settings" to turn on "network discovery" and "file sharing" and "Password Protected Sharing". This is safe as it will require a windows
  login to gain file access.
    PROBLEM: Deleting files on network drive permanently deletes them, there is no recycling bin
         By changing the location of "My Contacts" or similar to the root directory of your mapped drive, it will be added to recycling bin locations
        Read
  here (i've posted a batch script to automatically make the required reg files)
  I really hope this helps people. I hope the keywords + long title give it the best chance of being picked up in web searches.

  What probably happens is that processes are using those mounts. And that those processes are not killed before the mounts are unmounted. Is there anything that uses those mounts?

• Access Denied Error while accessing "Site Settings Access requests and invitations"

  Hi,
  I am getting Access Denied Error while accessing "Site Settings > Access requests and invitations" in SharePoint  2013 online. Currently I am the owner of the site and have "FULL CONTROL" access. I am able to access using
  site collection account. So, what permission I have to give my regular account to access this page?
  Thanks, Pal

  Hello,
  Have you recently changed the Owners group of the site collection or removed the user from the original owners group? 
  The reason I am asking is when the Access requests and invitations list are created, the permissions are given only to the default owners group at the time that the Access Request list was created.  If this "regular account" is not part of that owners
  group, the user will receive access denied.  Site Collection Admins always have permissions for the Access Request List.
  A workaround for the Access Denied issue is listed in the KB article http://support.microsoft.com/kb/2911390/en-us.  By giving the correct group or user the permissions to this list, the users will not receive
  the Access Denied issue anymore.  
  Preferably, in order to grant the user the full permissions ( you will see features like resending invitations may still fail after implementing the above workaround) there is one other workaround that may be required depending on what the original issue
  was.  Below are additional steps to restore full functionality.
  1)Access the /_layouts/15/permsetup.aspx of the site collection, make sure the default Owners Group
  is set correctly.  (There is a group selected)
  2) Add user to that Owners Group.  (Issue may be resolved at this step if the site collection Owners
  Group was never changed, if not continue to next step.)
  3) Implement workaround on http://support.microsoft.com/kb/2911390/en-us, by adding that owners
  group as Full control on Access Request list Permissions.
  Let me know how this works out for you.
  - Shpendi Jashari

• Access denied error on updating list through custom webpart

  hi
  I have created one webpart having multiple view option.
  On selection of items from one view user is clicking on next button to get 2nd view (THis is causing postback) and on selection of 2nd view items user is clicking on next buton for 3rd view.
  On third view he can see the submit button. On click on submit button the selected items are updateing in one list and also updating data in other lists.
  The list in which we are updating data have limited access to all users. But previously user were able to upate the list.
  But after implimenting this multiple view with next button which  postbacks on click user are getting access denied error while updating the list. If i provide contribute access to that list then they able to submit the changes properly. But even after
  that they got the error at first time.
  Any body got this type of issue?
  Is the post back on custom webpart cause access denied error?
  i have written my code like this to updat list,
  protected void btnUpdate_Click(object sender, EventArgs e)
  try
  SPSite site = new SPSite(SPContext.Current.Site.ID);
  SPWeb myWeb = site.OpenWeb(SPContext.Current.Web.ID);
  SPSecurity.RunWithElevatedPrivileges(delegate()
  using (SPSite ElevatedSite = new SPSite(site.ID))
  using (SPWeb ElevatedWeb = ElevatedSite.OpenWeb(myWeb.ID))
  ElevatedSite.AllowUnsafeUpdates = true;
  ElevatedWeb.AllowUnsafeUpdates = true;
  //code to update multiple lists
  catch (Exception ex)
  Please suggest any solution for this.

  Yes I checked with ULS log viewer.
  Its very helpfull as reading that text log file is very difficuelt.
  I found that if user spend more time on that webpart then session veriables on that webpart gets expired and at the time of redirection of user to newly created list using below code currentNewList becomes empty and its redirection to wrong list(_abc) which
  is dummy list and user dont have any access.
  currentNewList = NewListName+ "_abc"
  SPUtility.Redirect(currentNewList.DefaultViewUrl, SPRedirectFlags.Default, HttpContext.Current);
  So I modified the code to reload the session data when user clisk on submit button.

• 403 Access Denied Error

  Dear SAP Experts,
  We have an inbound scenario, which uses AS2 adapter connectivity.
  Trading Partner AS2 --> Seeburger AS2 (SAP PI 7.1)
  SAP PI uses HTTPS protocol, while Trading Partner uses HTTP protocol.
  Our trading partner is using Mozilla Firefox, and they tried pinging the inbound URL of SAP PI, but they encountered 403 Access Denied Error. They already loaded the SSL certificate of SAP PI in their server.
  Is Mozilla firefox application is not advisable for the connection?
  I've tried pinging the inbound url in public internet, and it was successful. (405 Status)
  Kindly advise.
  Thank you..
  Gerberto

  Hi Gerberto,
    Pls check the following:
  1) AS2ID of the party for you partner in PI is the correct.
  2) AS2ID of the party which is receiving messages is the correct.
  3) whether the the AS2 certificates  updated properly or not (might be cache issues) either at your end or the third party's end.
  4) the path that you mention in the Receiver/ Sender Agreement for the certoficate location might be wrong.
  the other reasons for 403 errors and eliminate one by one.
  403.1 - Execute access forbidden.
  403.2 - Read access forbidden.
  403.3 - Write access forbidden.
  403.4 - SSL required.
  403.5 - SSL 128 required.
  403.6 - IP address rejected.
  403.7 - Client certificate required.
  403.8 - Site access denied.
  403.9 - Too many users.
  403.10 - Invalid configuration.
  403.11 - Password change.
  403.12 - Mapper denied access.
  403.13 - Client certificate revoked.
  403.14 - Directory listing denied.
  403.15 - Client Access Licenses exceeded.
  403.16 - Client certificate is untrusted or invalid.
  403.17 - Client certificate has expired or is not yet valid.
  Also you can refer the following thread...
  Seeburger AS2 Sender  Adapter : http: 403 error
  Regds,
  Pinangshuk.

• HFM reports giving "Access Denied" error

  Hi All,
  I am in a really critical situation.
  I am getting "Access Denied" error on accessing any of HFM reports through web or FR studio...all planning reports are working fine...
  I think the DCOM settings have some problem...
  FR is not able to communicate with HFM cluster
  can anyone suggest resolution for this..
  please...thanks in advance

  Hi J,
  Follow the steps below for configuring HFM Cluster and Enabling DCOM and report back any errors or success.
  In the meantime I'll forward you on a troubleshooting guide and checklist.
  1.) Are HFM users still able to access HFM Applications?
  -David
  *Failed To Connect To HFM Application When Using Financial Reporting Studio : "Error connecting to database connection : Server/Cluster is incorrectly configured." [ID 1238573.1]* --------------------------------------------------------------------------------
  Modified 30-DEC-2010 Type PROBLEM Status PUBLISHED
  Applies to:
  Hyperion BI+ - Financial Reporting
  Information in this document applies to any platform.
  Symptoms:
  In Financial Reporting Studio, users are trying to run reports that use a HFM datasource are getting an error.
  "Error connecting to database connection [name]: Server/Cluster is incorrectly configured. Please reconfigure your Cluster or Server connection."
  Cause:
  Financial Reporting Studio is not able to locate the HFM cluster.
  Testing also determined that the HFM client could not connect to the HFM cluster.
  The HFM cluster was not correctly configured.
  Solution:
  Set up the HFM cluster on the FR Studio machine.
  1. Go to Start > All Programs > Hyperion >Financial Management >Server and Web Configuration
  2. Go to the Server/Cluster Registration tab.
  3. Enter the computer name of the HFM server used to get cluster information or the name of the single server if using a non-clustered environment. The HFM server needs to be referenced exactly as it is on the HFM server (hostname/IP/FQDN/clustername, as well as case-sensitivity for any letters).
  4. Apply and OK.
  5. Restart FR Studio.
  Important!:  Make sure that you Enable DCOM on the Server/Cluster Registration tab.
  Note:
  If HFM client is not on the FR Studio box, it will need to be installed prior to set up of the HFM cluster as listed above.
  *Run a Financial Reporting Report with a Financial Management (HFM) Data Source: Error 1001 Invalid Server Cluster [ID 754416.1]* --------------------------------------------------------------------------------
  Modified 11-FEB-2010 Type PROBLEM Status PUBLISHED
  Applies to:
  Hyperion BI+ - Version: 9.0.1.0.00 to 11.1.1.3.00 - Release: 9.0 to 11.1
  Information in this document applies to any platform.
  Symptoms:
  You receive the following error when you run a Financial Reporting report with a Financial Management data source. You receive the message in Financial Reporting Studio and in Workspace.
  "Error: 1001 error connecting to database connection. Server cluster is incorrectly configured. Please reconfigure your cluster or server connection"
  Cause:
  The Financial Reporting Reports Server, Financial Reporting Web Server, and the Financial Reporting Studio workstation must be configured against the same HFM cluster or single server. The cluster or server name must be registered with Shared Services.
  Solution:
  Verify that Financial Management configuration on the Financial Reporting Reports Server, Financial Reporting Web Server, and the local desktop match the configuration on the Financial Management servers, as follows:
  From the Start Menu, select Programs: Oracle EPM: Foundation: EPM Configurator.*
  Select Financial Management.
  Make the necessary changes on each machine so that it matches the HFM server configuration.
  *In System 9, the path is Programs: Hyperion Solutions: Foundation: Configuration Utility.
  Edited by: D2 on Jan 18, 2011 11:32 AM

• Windows 7 time sync returns Access Denied error

  I have recently configured my AD PDC Windows 2008 Server to syncronize with time.windows.com.  I am trying to get my AD Windows 7 Pro clients to sync with the server, however anytime I run w32tm /resync, net stop w32tm or net start w32tm I get an
  Access Denied error on the client.  I have tried it logged in as both the domain admin and the local admin.  For some reason I can start and stop the W32 Time Service from the Services console, but it doesn't resync the time when it restarts.  Why
  am I being denied access when logged in as the domain administrator?  

  Hi,
  Did you set any group policy to prevent client from changing the services?
  I suggest you take the ownership of %WINDIR%\System32\W32TM.EXE, disable the security software and firewall on both side to check the result. Also re-configure the
  group policy related to Windows Time Service and re-apply them.
  In addition, I suggest contacting Server Forum to confirm with the issue.
  Win Server Forum
  http://social.technet.microsoft.com/Forums/en-US/category/windowsserver
  Best Regards,
  Niki
  Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.