Thought of sharing my experience on an issue which I encountered recently that took me 10 hrs! to resolve.
To be frank, it consumed an entire day just to understand the issue!
Here it goes,
We all know that the Pages, Lists, Libraries can be shared with other users using the so called "Site Permissions" settings from the "Site Settings" tab or by directly clicking on the "Share" button.
The "Site Permissions" settings can be found under the Site Settings->Users and Permissions.
To my surprise, the "Site Permissions" page started showing "Something went wrong" along with a correlation id. It has to be noted that, there was no issue in accessing the "Site Permissions" of the root site and all other subsites. The issue was only with this particular subsite.
Following are the workaround tried to resolve the issue.
1. Extract the error message from the correlation id either by searching for it in the ULS logs or by executing this simple powershell script.
Merge-SPLogFile -path "D:\ErrorLog.txt" -Correlation "Your-error-correlation-id"
The error message captured in the log was "Token Cache: Failed to get token from distributed cache for " ( ignoring our server details).
2. Tried resolving the distributed cache error by following the steps as suggested here : https://www.habaneroconsulting.com/stories/insights/2013/sharepoint-2013-distributed-cache-bug
Followed by server reboot of web front end, APP server and DB server.
No Luck :( !!!
Now, here comes what exactly resolved my issue!
RESET BROKEN INHERITANCE!
It's a known fact that, when we reset any permissions, the existing permissions would be lost. So we first need to check the existing permissions available in the subsite.
We are not able to open the "Site Permisisons" page but we need to get the list permissions. How can we achieve that???
POWERSHELL comes for the rescue :)
Run the following script to extract the list of permissions available in the site.
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
[void][System.Reflection.Assembly]::LoadWithPartialName
("Microsoft.SharePoint")
$SPSiteUrl = "http://yoursiteurl"
$SPSite = New-Object Microsoft.SharePoint.SPSite($SPSiteUrl);
$ExportFile = "D:\Permissions.csv"
"Web Title,Web URL,List Title,User or Group,Role,Inherited" | out-file $ExportFile
foreach ($WebPath in $SPSite.AllWebs)
{
if ($WebPath.HasUniqueRoleAssignments)
{
$SPRoles = $WebPath.RoleAssignments;
foreach ($SPRole in $SPRoles)
{
foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings)
{
$WebPath.Title + "," + $WebPath.Url + "," + "N/A" + "," +
$SPRole.Member.Name + "," + $SPRoleDefinition.Name + "," +
$WebPath.HasUniqueRoleAssignments | out-file $ExportFile -append
}
}
}
foreach ($List in $WebPath.Lists)
{
if ($List.HasUniqueRoleAssignments)
{
$SPRoles = $List.RoleAssignments;
foreach ($SPRole in $SPRoles)
{
foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings)
{
$WebPath.Title + "," + $WebPath.Url + "," + $List.Title + "," +
$SPRole.Member.Name + "," + $SPRoleDefinition.Name | out-file $ExportFile -append
}
}
}
}
}
$SPSite.Dispose();
Now we are good to reset the broken inheritance using the below script.
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue
#Variables for Web URL, List Name
$WebURL ="http://yoursiteurl"
#get the list object
$web = Get-SPWeb $WebURL
# Check if web has Unique permission - Root webs always uses Unique permission
if ( ($web.HasUniqueRoleAssignments) -and ($web.IsRootWeb -eq $false ) )
{
#Reset broken inheritance
$web.ResetRoleInheritance()
Write-host "Broken Inheritance Reset on web:" $web.URL
}
Try accessing the Site Permissions page NOW :)
Eureka! Its loads !
Now grant the existing permissions manually from the list of permissions extracted.
*Note: Let's us not always rely on the ULS logs. SharePoint sometimes surprises us with unexpected fixes!
Happy SharePointing !!!
To be frank, it consumed an entire day just to understand the issue!
Here it goes,
We all know that the Pages, Lists, Libraries can be shared with other users using the so called "Site Permissions" settings from the "Site Settings" tab or by directly clicking on the "Share" button.
The "Site Permissions" settings can be found under the Site Settings->Users and Permissions.
To my surprise, the "Site Permissions" page started showing "Something went wrong" along with a correlation id. It has to be noted that, there was no issue in accessing the "Site Permissions" of the root site and all other subsites. The issue was only with this particular subsite.
Following are the workaround tried to resolve the issue.
1. Extract the error message from the correlation id either by searching for it in the ULS logs or by executing this simple powershell script.
Merge-SPLogFile -path "D:\ErrorLog.txt" -Correlation "Your-error-correlation-id"
The error message captured in the log was "Token Cache: Failed to get token from distributed cache for " ( ignoring our server details).
2. Tried resolving the distributed cache error by following the steps as suggested here : https://www.habaneroconsulting.com/stories/insights/2013/sharepoint-2013-distributed-cache-bug
Followed by server reboot of web front end, APP server and DB server.
No Luck :( !!!
Now, here comes what exactly resolved my issue!
RESET BROKEN INHERITANCE!
It's a known fact that, when we reset any permissions, the existing permissions would be lost. So we first need to check the existing permissions available in the subsite.
We are not able to open the "Site Permisisons" page but we need to get the list permissions. How can we achieve that???
POWERSHELL comes for the rescue :)
Run the following script to extract the list of permissions available in the site.
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
[void][System.Reflection.Assembly]::LoadWithPartialName
("Microsoft.SharePoint")
$SPSiteUrl = "http://yoursiteurl"
$SPSite = New-Object Microsoft.SharePoint.SPSite($SPSiteUrl);
$ExportFile = "D:\Permissions.csv"
"Web Title,Web URL,List Title,User or Group,Role,Inherited" | out-file $ExportFile
foreach ($WebPath in $SPSite.AllWebs)
{
if ($WebPath.HasUniqueRoleAssignments)
{
$SPRoles = $WebPath.RoleAssignments;
foreach ($SPRole in $SPRoles)
{
foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings)
{
$WebPath.Title + "," + $WebPath.Url + "," + "N/A" + "," +
$SPRole.Member.Name + "," + $SPRoleDefinition.Name + "," +
$WebPath.HasUniqueRoleAssignments | out-file $ExportFile -append
}
}
}
foreach ($List in $WebPath.Lists)
{
if ($List.HasUniqueRoleAssignments)
{
$SPRoles = $List.RoleAssignments;
foreach ($SPRole in $SPRoles)
{
foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings)
{
$WebPath.Title + "," + $WebPath.Url + "," + $List.Title + "," +
$SPRole.Member.Name + "," + $SPRoleDefinition.Name | out-file $ExportFile -append
}
}
}
}
}
$SPSite.Dispose();
Now we are good to reset the broken inheritance using the below script.
Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue
#Variables for Web URL, List Name
$WebURL ="http://yoursiteurl"
#get the list object
$web = Get-SPWeb $WebURL
# Check if web has Unique permission - Root webs always uses Unique permission
if ( ($web.HasUniqueRoleAssignments) -and ($web.IsRootWeb -eq $false ) )
{
#Reset broken inheritance
$web.ResetRoleInheritance()
Write-host "Broken Inheritance Reset on web:" $web.URL
}
Try accessing the Site Permissions page NOW :)
Eureka! Its loads !
Now grant the existing permissions manually from the list of permissions extracted.
*Note: Let's us not always rely on the ULS logs. SharePoint sometimes surprises us with unexpected fixes!
Happy SharePointing !!!
Comments
Post a Comment