none
SharePoint 2013 A potentially dangerous Request.Path value was detected from the client (%). %2520 in URL.

    Question

  • Hi,

    If you deployed SharePoint 2013 and your user logon name accounts have space characters, the users will receive "Sorry, something went wrong Correlation ID: 00000000-0000-0000-0000-000000000000" if they are accessing specific sections of your sites.

    I am describing a little bit how the problem can be reproduced. I have:

    • SharePoint 2013 with CU August 13 2013 (15.0.4535.1000) – latest CU available for SharePoint 2013 (at this moment).
    • User Profile Synchronization Service properly configured.
    • One user account who has space characters in the value of sAMAccountName (e.g. Smith John)
    • One user account who doesn’t have space characters in the value of sAMAccountName (e.g. Smith.John)

    If you authenticate to SharePoint 2013 using "ITECH\Smith John" and go to "Newsfeed" -> "I'm following" section and click to get the sites / documents you are following, SharePoint will return "Sorry, something went wrong Correlation ID: 00000000-0000-0000-0000-000000000000".

    In the SharePoint logs you will get:
    "Application error when access /personal/itech_smith%20john/Social/Sites.aspx, Error=A potentially dangerous Request.Path value was detected from the client (%). 
    at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()   
    at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)"

    "System.Web.HttpException: A potentially dangerous Request.Path value was detected from the client (%).   
     at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()    
     at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)"

    "Getting Error Message for Exception System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (%).    
     at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()    
     at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)"

    If you look carefully, the URL address looks like "http://yourdomain/personal/itech_ smith%2520john/Social/Sites.aspx". The problem is the %2520 which normally should be %20.

    If you manually correct the URL (http://yourdomain/personal/itech_ smith%20john/Social/Sites.aspx) you will get to the correct page.

    If you authenticate to SharePoint 2013 using "DOMAIN\Smith.John" you will not encounter the issue described above.

    Is it possible Microsoft support to check and come with a patch for this issue?

    Best regards,
    Iftode Viorel

    • Edited by iftvio Wednesday, October 2, 2013 10:39 PM
    Wednesday, October 2, 2013 10:28 PM

Answers

  • The CU April 2014 (15.0.4605.1000) is fixing the issue. Please read carefully.

    In April 2014 Microsoft released SP1 for SharePoint 2013 and after that they pulled out the first release (KB2817439). In case you still have the first SP1 release media PLEASE DO NOT DEPLOY IT.
    Later, end of April 2014, Microsoft re-released SP1 for SharePoint 2013 (15.0.4569.1000 KB2880551) – this SP1 was released in April, but DOES NOT CONTAINS the fix for the “Sorry, something went wrong Correlation ID: 00000000-0000-0000-0000-000000000000” issue.
    The CU April 2014 (15.0.4605.1000) which was released to public in May 2014 (KB2878240) contains the fix - please deploy this one.


    Simply deploying the CU will not fix the issue. You MUST delete all the personal site collections created previously. If you will not delete the previously site collections, after deploying CU April 2014 (15.0.4605.1000), users will get “Something went wrong Sorry, we couldn't follow the site. Technical Details InternalError : Could not follow the item XXXXXXX”, or “Something went wrong Sorry, we couldn't follow the document. Technical Details InternalError : Could not follow the item XXXXXXX” when they will try to follow a site/document. This will happen only for the users who already have the personal site collection created before the CU April 2014 (15.0.4605.1000) deployment.
    Please use Remove-SPSite PowerShell cmdlet to delete the sites. ATTENTION! All the content stored by the users in those personal site collections will be lost – so make sure you backup them first (just in case).
    After you will delete the personal site collections, SharePoint 2013 will recreate them (the personal sites creation is asynchronous – please give some time). Done. At this point the users have new personal sites, they will be able to use the social features and the “Sorry, something went wrong Correlation ID: 00000000-0000-0000-0000-000000000000” is fixed.

    • Marked as answer by iftvio Tuesday, May 13, 2014 9:21 AM
    • Edited by iftvio Tuesday, May 13, 2014 9:22 AM
    Tuesday, May 13, 2014 9:20 AM

All replies

  • That is unusual to have a space within the sAMAccountName.  This does sound like a 'bug' (probably a scenario that wasn't tested), but I'd imagine that it may also be a won't-fix bug.

    You can always open a PSS case with Microsoft.  They'll refund any case to you that is deemed a 'bug'.


    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Friday, October 4, 2013 2:30 AM
    Moderator
  • I opened a support call with MS support for this problem.
    I will post here the resolution.

    Friday, October 4, 2013 9:51 AM
  • Hey, do you have any new informations on this case for us?
    Monday, November 4, 2013 1:47 PM
  • Hey, do you have any new informations on this case for us?

    The Microsoft support reproduced the problem in their test environment, they confirmed the software bug and promised they will release a patch.

    Waiting ... 

    Monday, November 4, 2013 8:19 PM
  • Today I received and e-mail from the Microsoft support team. They are waiting the Business Impact statement status approval.

    ... still waiting for the hotfix.

    Monday, November 18, 2013 10:18 AM
  • Thanks for keeping everyone up2date.
    Monday, November 18, 2013 12:41 PM
  • I'm having this very same problem. All of our user IDs in Active Directory are "Firstname Lastname" with an embedded space. Have you heard anything from Microsoft?
    Wednesday, December 18, 2013 11:25 PM
  • Hi all,

    This is the most recent update from the Microsoft support.

    "The product group have informed me that we plan to release a hotfix associated with your case (SR: XXXXXXXXXXXX110).  However, it is important to note at this point that a number of further steps will need to be completed before any final hotfix is released.  The scheduled release of your hotfix is expected to be in the April 2014 Cumulative Update.
     
    Currently we release hotfixes every two months in the form of a Cumulative Update.  If you would like to read more about the CU servicing program for SharePoint please read the following article - http://support.microsoft.com/kb/953878 and/or consult the following blog post - http://blogs.technet.com/b/office_sustained_engineering/archive/2008/07/01/office-hotfixes-to-be-delivered-on-a-defined-schedule-in-the-form-of-cumulative-updates.aspx

    Please note, the expected Cumulative Update date is a deadline that the product team has set for themselves.  If the fix is more complicated than they anticipated then it is possible for this date to change.  If this happens, I will update you as soon as I can. Please let me know if you have any questions.

    Best regards,
    E.P.B.
    Escalation Engineer
    Global Business Support
    EMEA SharePoint"

    In short, I wrote about this problem (and at the same time contacted the Microsoft Support) in October 2013. Probably the fix for this issue will be available in the April 2014 Cumulative Update.

    Microsoft Support confirmed the URL encoding issue. 6 months it takes to fix it (if...). :)

    Wednesday, January 8, 2014 11:55 AM
  • Can you provide the full SR #? I need this as an example of a bug with a long turnaround time. The SR can only be viewed within Microsoft.

    Trevor Seward

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, January 8, 2014 3:00 PM
    Moderator
  • Hey, sorry to bother again. Since April is not that far ahead, did you get any new informations? Can you provide the SR number here, because we want to contact Microsoft Support aswell and referencing your ticket would help to narrow down the issue.

    Regards Andreas MCPD SharePoint 2010. Please remember to mark your question as "answered"/"Vote helpful" if this solves/helps your problem.

    Wednesday, February 19, 2014 9:42 AM
  • Hey, sorry to bother again. Since April is not that far ahead, did you get any new informations? Can you provide the SR number here, because we want to contact Microsoft Support aswell and referencing your ticket would help to narrow down the issue.

    Regards Andreas MCPD SharePoint 2010. Please remember to mark your question as "answered"/"Vote helpful" if this solves/helps your problem.


    No, I didn't get any other updates from them. Here is the SR:113100410838110. However I found a workaround for my test environment.
    Thursday, February 20, 2014 10:37 AM
  • Hey, sorry to bother again. Since April is not that far ahead, did you get any new informations? Can you provide the SR number here, because we want to contact Microsoft Support aswell and referencing your ticket would help to narrow down the issue.


    Regards Andreas MCPD SharePoint 2010. Please remember to mark your question as "answered"/"Vote helpful" if this solves/helps your problem.


    No, I didn't get any other updates from them. Here is the SR:113100410838110. However I found a workaround for my test environment.
    Could you please share your workaround no matter what it might be! Any help is appreciated!

    Regards Andreas MCPD SharePoint 2010. Please remember to mark your question as "answered"/"Vote helpful" if this solves/helps your problem.

    Thursday, February 20, 2014 10:38 AM
  • What I am posting here is a workaround and I can recommend to you ONLY for the test environment, or if really need to present to a customer the social features of SharePoint 2013 and you have to use their AD infrastructure.
    As I explained in the first post http://social.msdn.microsoft.com/Forums/en-US/ce4274e7-3d2a-4f6a-8e50-3f448ac05389/sharepoint-2013-a-potentially-dangerous-requestpath-value-was-detected-from-the-client-2520#ce4274e7-3d2a-4f6a-8e50-3f448ac05389, this problem is caused by the wrong URL encoding SharePoint is creating if your user accounts contains space characters in the value of sAMAccountName (e.g. Smith John).
    For this issue I opened the incident with the Microsoft Support in October 2013. From them I got all the time the “if/maybe promise” the problem will be fixed by the April 2014 Cumulative Update. :) :) :) Yes, 7 months to correct URL encoding.

    It is up to you if you wait the April 2014 Cumulative Update and hope this problem is fixed or you apply this workaround. Yes, I wrote "hope this problem is fixed" because Microsoft Support reply does not guarantee the fix in next Cumulative Update (check their reply http://social.msdn.microsoft.com/Forums/en-US/ce4274e7-3d2a-4f6a-8e50-3f448ac05389/sharepoint-2013-a-potentially-dangerous-requestpath-value-was-detected-from-the-client-2520#ce299f5d-a617-4a2f-a22d-5301d191ac04).

    Anyway, the workaround is to DISABLE User Profile Synchronization Service Proxy - User Profile to SharePoint Full Synchronization timer job, backup the personal site collection, restore it under a different URL, update some fields in the user profile and clear the user browser cache.

    OK, now let’s take them one by one:
    1. DISABLE User Profile Synchronization Service Proxy - User Profile to SharePoint Full Synchronization. Yes is really really necessary to do this if you want to not get into issues with this workaround.
    In short what is happening if you still leave it enable? The personal site will became inaccessible. After you will backup and restore the personal site, even if you restore the personal site under an URL that doesn’t contain space characters, this timer job will alter the paths for all the documents hosted inside that personal site, but will not alter the URL.
    e.g. Your site URL will be something like http:// [yourSkydriveURL]/personal/itech_john_smith, but in the database the timer job will change the files path to personal/itech_john smith (DirName from [dbo].[AllDocs]). Of course if this happens your site colletion URL is not matching the file paths and that personal site is unusable.  

    This is a clear indication the buggy code is called even by the User Profile Synchronization Service Proxy - User Profile to SharePoint Full Synchronization timer job.
    If you disable this timer job you will not encounter issues with this workaround.

    2. From powershell you will extract the existing personal sites.
    Get-SPSite -WebApplication http://[yourSkydriveURL] | Select Url

    3. Backup the personal site collection.
    Backup-SPSite -Identity "http://[yourSkydriveURL]/personal/itech_john smith" -Path "E:\Skydrive\john_smith.bak"

    4. Remove from SharePoint the site collection you previously backed up.
    Remove-SPSite -Identity "http://[yourSkydriveURL]/personal/itech_john smith"

    5. Restore your personal site under a different path (the URL must not contain space characters).
    Restore-SPSite -Identity "http://[yourSkydriveURL]/personal/itech_john_smith" -Path "E:\Skydrive\john_smith.bak"

    6. Check the restored site.
    Get-SPSite -WebApplication http://[yourSkydriveURL] | Select Url

    7. Update the values for Feed service provider defined identifier and Personal site from the the user profile (Central Administration -> Manage service applications -> User Profile Synchronization Service -> Manage User Profiles). Update the correct URL for Feed service provider defined identifier and Personal site fields.

    8. Ask the user to clear the browser cache and access again the farm sites. This time if he will go to the Newsfeed section and check the documents / sites he follows, he will be redirected to an existing path.

    I applied this workaround in my test environment for a limited number of users.
    Waiting also the Cumulative Updates for the production environment.

    And one more thing, in my support call, except the first Microsoft Support employee who helped with the bug testing & documentation, everybody else ... (OMG) ...  asked me to wait, wait, wait 7 months for a URL encoding fix (having the impression a computer is replying to me). Different topic, but embarrassing.
    Thursday, February 20, 2014 10:50 AM
  • An update - SharePoint 2013 SP1 (http://support.microsoft.com/kb/2817429) does not fix this issue.  The problem is still present in this version (15.0.4569.1000).

    Friday, March 7, 2014 11:36 AM
  • Since my company got some support cases left, I opened an other case regarding this problem and I just received confirmation that this issue will be fixed with CU April 2014. Since it's not long until april, I'll be waiting for the CU.

    Regards Andreas MCPD SharePoint 2010. Please remember to mark your question as "answered"/"Vote helpful" if this solves/helps your problem.

    Wednesday, March 26, 2014 8:19 AM
  • The CU April 2014 (15.0.4605.1000) is fixing the issue. Please read carefully.

    In April 2014 Microsoft released SP1 for SharePoint 2013 and after that they pulled out the first release (KB2817439). In case you still have the first SP1 release media PLEASE DO NOT DEPLOY IT.
    Later, end of April 2014, Microsoft re-released SP1 for SharePoint 2013 (15.0.4569.1000 KB2880551) – this SP1 was released in April, but DOES NOT CONTAINS the fix for the “Sorry, something went wrong Correlation ID: 00000000-0000-0000-0000-000000000000” issue.
    The CU April 2014 (15.0.4605.1000) which was released to public in May 2014 (KB2878240) contains the fix - please deploy this one.


    Simply deploying the CU will not fix the issue. You MUST delete all the personal site collections created previously. If you will not delete the previously site collections, after deploying CU April 2014 (15.0.4605.1000), users will get “Something went wrong Sorry, we couldn't follow the site. Technical Details InternalError : Could not follow the item XXXXXXX”, or “Something went wrong Sorry, we couldn't follow the document. Technical Details InternalError : Could not follow the item XXXXXXX” when they will try to follow a site/document. This will happen only for the users who already have the personal site collection created before the CU April 2014 (15.0.4605.1000) deployment.
    Please use Remove-SPSite PowerShell cmdlet to delete the sites. ATTENTION! All the content stored by the users in those personal site collections will be lost – so make sure you backup them first (just in case).
    After you will delete the personal site collections, SharePoint 2013 will recreate them (the personal sites creation is asynchronous – please give some time). Done. At this point the users have new personal sites, they will be able to use the social features and the “Sorry, something went wrong Correlation ID: 00000000-0000-0000-0000-000000000000” is fixed.

    • Marked as answer by iftvio Tuesday, May 13, 2014 9:21 AM
    • Edited by iftvio Tuesday, May 13, 2014 9:22 AM
    Tuesday, May 13, 2014 9:20 AM
  • I can't confirm the "you have to delete all personal site collections" fact. Although I haven't deployed the April CU to our product environment I can say, that our test personal sites started working right after I installed the CU.

    Nothing had to be deleted, the link magically started working even for all the sites I had followed earlier (months ago).


    Regards Andreas MCPD SharePoint 2010. Please remember to mark your question as "answered"/"Vote helpful" if this solves/helps your problem.

    Tuesday, May 13, 2014 9:27 AM
  • Nothing had to be deleted, the link magically started working even for all the sites I had followed earlier (months ago).


    Regards Andreas MCPD SharePoint 2010. Please remember to mark your question as "answered"/"Vote helpful" if this solves/helps your problem.

    After you deployed CU April 2014 (15.0.4605.1000) have you tried to follow new sites/documents?

    Before deploying CU April 2014 (15.0.4605.1000) my farm was upgraded to SP1 (​15.0.4569.1000). Intentionally I created a test account having a space character in the value of sAMAccountName. The personal site collection has been created and I used that account to follow couple of sites and documents.

    After I upgraded to CU April 2014 (15.0.4605.1000) the “I’m following” links worked, but I was not able to follow any other site/document (the “Something went wrong Sorry, we couldn't follow the site/document.” was returned each time). However I was able to follow people.

    I created a second account having a space character in the value of sAMAccountName. The profile was created and didn’t get any issues in using that account.

    The difference between first test account and second test account was the personal site for the second test account has been created after the deployment of CU April 2014 (15.0.4605.1000).

    I deleted the personal site for the user where the “Something went wrong Sorry, we couldn't follow the site/document.” message was returned each time. SharePoint recreated it and done - I was able to use again the follow site/document option.

    Tuesday, May 13, 2014 11:00 AM
  • Yes I've tried to follow new sites/documents and it worked before and after I followed them. To be fair I didn't create any new personal sites after installing SP1 (which I've done a few weeks back), because the failure was there before and I knew that it didn't got solved in SP1.

    So I don't say you're wrong, just that it worked for me. Maybe someelse can post his experience here.


    Regards Andreas MCPD SharePoint 2010. Please remember to mark your question as "answered"/"Vote helpful" if this solves/helps your problem.

    Tuesday, May 13, 2014 11:26 AM