0

Receiving Random 403 Forbidden Errors on Your TFS SharePoint site? I Was.

by Angela 24. September 2013 16:57

So let’s start by explaining what was happening. I had just unraveled a mess of TFS/SharePoint/Reporting security that rivaled improperly-put-away-Christmas-lights levels of tangled.  All kinds of duplication, broken inheritance because of inexperienced admins adding individuals (instead of the AD groups I had setup) at every level of the SharePoint hierarchy, you name it!  So one day I get a head-scratcher of an issue from a business user who is customizing a TFS SharePoint portal for a project.

They were trying to edit the queries behind a couple of custom TFS web parts and were getting “403 Forbidden” errors at seemingly random times.  It would work on Monday but be broken on Tuesday and work again Wednesday.

image

I was not getting that error, but of course I am god of everything as the TFS admin, so there is little I cannot do.  But I also noticed not many other folks were experiencing the issue, well, to be precise not one other person was receiving the error.  In the same AD groups, in different AD groups, nada.  I verified all of the groups this person belonged to, checked and rechecked his AD group membership, made sure SharePoint still had all the correct security inheritance in place. Nothing was out of place. And every once in a while the user would be able to complete that same action again without the error. Seemingly, whenever I went in and performed the action he was being denied. What the WHAT?!? Now I was *really* intrigued. 

Needless to say, we did fix the issue, but not without some serious internet scouring. I was about to post to MSDN forums when i stumbled upon the issue.  This obscure Microsoft Support post fixed our problem.  So I should note for background purposes that this TFS instance began as a 2008 installation running against a super old version of WSS.  It has been upgraded twice, by me, and we are now happily running on TFS 2012.3 with WSS 3.0, and hopefully soon to be TFS 2013 and the latest release of SharePoint Server. The server had SURELY gone through the security updates described in the Support post.  But since no one used the TFS SharePoint sites until I came along and fixed all of the security, no one had encountered this super old issue until very recently. Luckily I was on-site when it did, because while frustrating, it was also fun to troubleshoot.  I am weird that way :)

Tags:

Application Lifecycle Management | ALM | TFS 2012 | TFS 2010 | TFS 2008 | TFS 2013 | Team Foundation Server | TFS | TFS Administration | TFS Upgrade

Powered by BlogEngine.NET 2.7.0.0
Original Design by Laptop Geek, Adapted by onesoft