SharePoint is very effective collaboration platform. The right SharePoint solutions can empower your organization to streamline your business processes, to enhance productivity, and gain competitive advantages. However, SharePoint’s features and business benefits can face issues at times. Below, find some common issues related to SharePoint, and how our team solved them.
Common Errors
After installing and using SharePoint 2010, you will most probably encounter following error messages in the application log:
"Object Cache: The super user account utilized by the cache is not configured. This can increase the number of cache misses, which causes the page requests to consume unnecessary system resources. To configure the account use the following command ‘stsadm -o setproperty -propertyname portalsuperuseraccount -propertyvalue account -url webappurl’. The account should be any account that has Full Control access to the SharePoint databases but is not an application pool account. Additional Data: Current default super user account: SHAREPOINT\system"
"Object Cache: The super reader account utilized by the cache does not have sufficient permissions to SharePoint databases. To configure the account use the following command 'stsadm -o setproperty -propertyname portalsuperreaderaccount -propertyvalue account -url webappurl'. It should be configured to be an account that has Read access to the SharePoint databases. Additional Data: Current default super reader account: NT AUTHORITY\LOCAL SERVICE "
Recently our SharePoint Admin & development team encountered same errors and according to Microsoft’s TechNet Library documentation "By default, the Portal Super User account is the site’s System Account, and the Portal Super Reader account is NT Authority\Local Service. There are two main issues with using the out-of-box accounts".
Issue We Encountered
Our team analyzed the application logs and configured accounts accordingly, thinking things would be good to go again, but that was when things went even more wrong. Users of the site owner group started receiving an “Access Denied” error! Now, if we think logically, users have full control permissions as they belong to the site owner group, and they shouldn’t receive "Access Denied" error.
"Access Denied" error clearly indicated that users in the group might not have permission to access something, but we couldn’t see what it could be?
The Solution through Root Cause Analysis
Our Administrators, Development team, and R&D team were back in action to find out the root cause for the issue and tried several ways to resolve the issue:
- They checked Master Page Gallery for the site collection for any custom permissions, but didn’t come across any issues there.
- They attempted to revert the Object Cache Settings, what we was changed to configure Super User and Super Reader accounts, but the issue remained.
- Our site has many custom web parts, which could have been written to access groups through SharePoint Object Model, using a user’s credential instead of privileges. Our teams started from that point again, went through each custom web part, but the issue remained and custom web parts couldn’t be the cause.
- Our team came across similar reported issues and solutions during their research, and decided to enable anonymous access and remove NTLM authentication through central administration and it finally worked.
- Since our team knew that this wasn’t the right approach for the solution, they disabled anonymous access and enabled NTLM authentication again. They got a shocking result, as users could still access the site.
Finally to implement secure solution, they revoked permissions for each user and again individually configured permissions for each user. Now, users had access to the site just as before. The moral of this story is that super user accounts need full control of the web applications, and the super reader account needs full read on the web applications. These accounts should be separate domain accounts and should not be used to login into the site. In addition, you should avoid poorly written web parts and must properly configure your SharePoint solutions with appropriate privileges.
Call us at 484-892-5713 or Contact Us today to learn more about SharePoint, possible issues, and overcoming them.
