none
Lost Access to SPWebApplication after security updates RRS feed

  • Question

  • Hello,

    It appears all our users have lost access to sections of one of our SP 2010 Web Applications after a security update. I have managed to get back access back for myself by giving admin access. I can browse the full length of the site and I can see people are still the correct places within the sharepoint groups/roles but they can access. Is there a script to reapply all permissions that are set?

    Thanks

    Wednesday, June 26, 2019 5:13 PM

All replies

  • What is the Patch you installed for SharePoint 2010 ?


    sharath aluri


    Wednesday, June 26, 2019 5:39 PM
  • In my case, faced a similar issue, where all of a sudden after a particular cumulative update, the users lost permissions for the team sites, Getting Access denied. Users received, "Sorry you don't have access to this page" or "Let us know why you need access to the site". Even users listed as site owners received it.  WebApplication policy level users were able to access the site. 


    After a long investigation, it turned out to be problem with the Distributed caching. So, you could clear the distributed caching and let it rebuilt:

    Command:

    Clear-SPDistributedCacheItem -ContainerType DistributedLogonTokenCache

    Once done, restart IIS on all the web front end servers. Hope this helps. Thank you. 


    Wednesday, June 26, 2019 5:53 PM
  • many thanks will try it
    Wednesday, June 26, 2019 6:56 PM
  • June 2019 CU
    Wednesday, June 26, 2019 6:57 PM
  • Can't find that commandlet on SP 2010 on premise
    Wednesday, June 26, 2019 7:02 PM
  • One thing I noticed original permissions showed as domain\user

    Adding in the user again resulted in i:0#.w|domain\user

    I've deleted the older users and I'm resyncing to see if it will correct

    Wednesday, June 26, 2019 7:09 PM
  • at the same time I was following an article to allow AzureAD proxy access to SharePoint. I wonder if inadvertently changed something given the username format has altered?
    Wednesday, June 26, 2019 7:54 PM
  • Hi,

    Have you run the Configuration Wizard after installing the patch? If not, please run the wizard to apply the SharePoint fixes completely.

    The prefix “i:0#.w|” before the username is an internal code which is the method SharePoint uses to identify the claim type. You can refer to this link for detailed information.

    There is not PowerShell script to re-apply all the existing permissions. You can grant permission to the user policy of a web application with PowerShell.

    Here’s your reference.

    SharePoint: Grant a user to the full control user policy with PowerShell.

    Best regards,

    Chelsea Wu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Thursday, June 27, 2019 9:00 AM
  • Hi,

    Is there any progress on this issue? 

    If you find any replies helpful to you, please remember to mark them as answers. 

    If you have solved the problem yourself, you can reply the solution and mark it as the answer. 

    It will help others who meet the similar question in this forum. 

    Thank you for your understanding.

    Best regards,

    Chelsea Wu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Monday, July 1, 2019 8:55 AM
  • If our users were listed as domain\users within sharepoint prior to the issue occurring would that suggest we weren't using claims authentication prior?

    Not run configuration wizard yet as trying not to introduce too many issues at once

    Thanks

    Monday, July 1, 2019 10:53 AM
  • Hi,

    Claims Authentication Type is not directly related to how usernames are shown in the SharePoint environment.

    You can check the Claims Authentication Type of your web application via Central Administration > Application Management > Manage web Application > Select web application > Authentication Providers.

    I suggest you run the Configuration Wizard after installing the patch to apply the SharePoint fixes completely.

    Best regards,

    Chelsea Wu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Tuesday, July 2, 2019 6:04 AM
  • okay will do but need to get to the bottom of why the username format has changed as it is causing headaches

    Tuesday, July 2, 2019 8:27 AM
  • Hi,

    You can perform a User Profile Synchronization via Central Administration > Application Management > Manage service applications > User Profile Service > Start Profile Synchronization and see if the username format will be back to domain\username.

    If you want to find out the root cause of this issue, I suggest you open a ticket with Microsoft. Then there will be more professional engineers coming for assistance.

    Best regards,

    Chelsea Wu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Wednesday, July 3, 2019 7:42 AM
  • I tried that even deleted all existing profiles and rebuilt the sync but they are still in the other format i.e. with the prefix
    Wednesday, July 3, 2019 7:44 AM