Friday, September 18, 2015

Access Denied Error After Migrating from SharePoint 2010 to SharePoint 2013

Problem: After migrating from SharePoint 2010 to SharePoint 2013 using database attach method, all users received "access denied" error and they were unable to login. Made sure, both the source and destination SharePoint farms are in same Active Directory domain.

Root cause:
This is because, by default SharePoint 2013 web applications are created with Claims authentication. So existing classic mode accounts (domain\UserName) are not recognized by claims mode (i:0#.w|domain\username) web application.

Tips: You can verify if your SharePoint 2013 is using claims mode by using: 
(Get-SPWebApplication "<Web App URL").UseClaimsAuthentication

Solution: After some trial and error, found granting permission again to the users resolves the problem. However, its impossible to provide access to all users to wherever they have had permissions again manually, isn't it?

Well, the right solution is: Convert the authentication method from classic-mode to claims-based authentication of the new SharePoint 2013 Web Application!  Converting from Classic mode to Claims based authentication is done in two steps:
  1. Set the authentication method of the web application to claims:
    $WebApp = Get-SPWebApplication -identity http://Your-webapp-url
    $WebApp.UseClaimsAuthentication = $true
  2. Migrate users from classic mode to claims:
    $WebApp = Get-SPWebApplication -identity http://Your-webapp-url

This converts all user accounts to claims format. Do an IISReset, and all should be OK now!

How about the web application policies and Object Cache Accounts?
Don't forget to re-add users granted permission via web application user policies. Here is how to Configuring Web Application User Policy in SharePoint 2013 / 2016. Often, This applies to SPSuperUser and SPSuperReader accounts! Follow this article to grant permission to SharePoint 2013 cache accounts: Configure SharePoint 2013 Object Cache Super User, Super Reader Accounts.

Your new master page could be a culprit in some cases. Try changing to default master page once. In an another case, I ended up adding "NT AUTHORITY\authenticated users " with read access at web application policy. 
This technet article describes in detail on converting classic mode authentication to claims:

You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Document SharePoint Farm
Automatically generate SharePoint documentation.

Check out these SharePoint products:

No comments :

Post a Comment

Please Login and comment to get your questions answered!

You might also like:

Related Posts Plugin for WordPress, Blogger...