Symptom:

“403 FORBIDDEN” from SharePoint 2007 when

  • Uploading a file , sometimes for some users
  • Adding users for users have full control permission

Analysis:

  • Scenarios –
    • Only happens sometimes
    • Only happens for some users
    • Never happened to me (the Admin with full control)
    • It will work again for a while once I modified (removed/re-added, changed permission, etc.) that user
    • It happens if using my machine and log in as that user
  • Suspects –
    • Active Directory time out
    • Cache on the local  machine
    • Cache on the server
    • Running out of RAM on the server
    • Quality of the network
    • SQL errors
  • Trouble shooting –
    • Restart SQL services (SQL & SSAS were consuming a lot of memory)
    • Remove and re-add the user from different levels with different permission
    • Change SharePoint’s logging setting to collect more logs (Central Administration > Operations > Diagnostic Logging  – General/Information/Verbose)
    • Apply 2008R2 SP1
    • Anonymous access for SharePoint’s web App in IIS
    • Check the service account running the SharePoint web App

Root Cause:

The App (running as Network Service) does not have enough permission to access the Bin directory. From the log files (C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\LOGS), you will see the following errors:

05/07/2012 12:59:54.77 w3wp.exe (0x180C)                       0x2668 Windows SharePoint Services   General                       8nca Verbose Application error when access /_layouts/Upload.aspx, Error=Access to the path ‘C:\inetpub\wwwroot\bin’ is denied.   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption)     at System.IO.DirectoryInfo.GetFiles(String searchPattern, SearchOption searchOption)     at System.Web.Configuration.CompilationSection.LoadAllAssembliesFromAppDomainBinDirectory()     at System.Web.Configuration.CompilationSection.LoadAssembly(AssemblyInfo ai)     at System.Web.Configuration.AssemblyInfo.get_AssemblyInternal()     at System.Web.Compilation.CompilationUtil.GetTypeFromAssemblies(AssemblyCollection assem…

Solution:

Give the “Read/Execute” permission on “C:\inetpub\wwwroot\bin” to “<machine>\Users”

Reference:

  • Thanks to John W Powell’s post, I finally got this resolved. Before I went ahead modified the folder permission after reading his post, I was having some difficult time to collect the actual error to confirm the root cause.
Advertisements