Friday 23 December 2016

SharePoint Site asking password again and again

Hi All,

Today I am going talk about a very wired behavior of SharePoint.

Issue-
When you are opening a SharePoint site in  Internet Explorer it is asking for user credentials again and again and mostly it is asking for password 3 times and then shows a blank screen. This issue is coming for all the users even also for Site Collection Admin or Farm Administrators. 

Here i will like to mention that i was using a Hosted site collection.

Some trouble shooting i did in my case -

  1. I tried to open this site in Mozila Firefox and Google Chrome and found that site is working fine in both. Sharepoint is simply asking for a user name and password and allowing me to access the site. The difference I noticed here is that, When I am trying to access SharePoint in IE and getting credential prompt at that time it is show that connecting to servername.domain.root.loc while logically it should show site url in that window (as it is doing in Mozila and Chrome). By this step I was sure that we are missing something and it is giving issue with Internet Explorer only.
  2. So I visited different blogs, most of them suggest to add the site in trusted sites, or Local Intranet sites. also suggesting to bypass proxy if we are using but in my case we were not using any proxy. I tried all these stuff but no result. Even I tried to enable Internet Explorer for logging in to site with System credentials but it also did not helped me.
After doing all the above stuff i was again on same page that my site is not opening in IE or also in SharePoint designer.

Resolution -
After doing a lot of research work, I was sure that the issue is coming due to some authentication configuration.
So below are the steps how i solved the issue-
  1. I go to IIS Manager in the wfe servers of SharePoint.
  2. Expend the sites
  3. Selected the Defective site.
  4. Double clicked on Authentication. and click on "Windows Authentication".
  5. Select Provided in the left hand side tool box.
  6. Here you will see two providers "Negotiate" and "NTLM". Here leave NTLM and remove the other one.
  7. Click on "OK" and restart the IIS services.

Now open your site in IE or SharePoint designer and it should work.

5 comments:

  1. Hi, could you mention the root cause of the above issue which you were facing?

    ReplyDelete
    Replies
    1. We are using NTLM authentication in our environment but by mistake we selected Karbose authentication. Actually we imported the web application from other farm and it was configured for Karbose by SharePoint while import process. But is was expected to do so and when change the authentication it started working. :)

      Delete
  2. Another way to fix this would be to leave iis alone, run setSPN -L Domain\SP_Site_AP

    setSPN -L SP_Site_AP

    setspn -S HTTP/sitename Domain\SP_Site_AP

    setspn -S HTTP/sitename.domain.com Domain\SP_Site_AP

    setspn -S HTTP/mysites Domain\SP_Site_AP

    setspn -S HTTP/mysites.domain.com Domain\SP_Site_AP

    Where sp_site_ap is the identity for the app pool that runs the site

    These commands need to be run by domain admin or enterprise admin

    Then on each server in the farm, open the account in active directory, delegation tab, trust the server for delegation

    Then on SharePoint servers run klist purge

    Then reset iis

    Then access the site

    ReplyDelete
  3. Also make sure disableloopbackcheck is set to 1 and not zero

    ReplyDelete
  4. And leave web app at negotiate Kerberos

    ReplyDelete