Troubleshooting: Anonymous access on a public SharePoint site collection failing

SharePoint vs. Anonymous

Ah, everyone’s favorite, classic topic! Debugging SharePoint On-Premises configuration issues is the best thing since sliced bread, right? This post is about allowing/enabling Anonymous Access to a site collection – a simple configuration, that “simply works” like once every ten times you try it.

Symptoms

A lot of different ways to hit your head on this one. In any case, your on-premises SharePoint doesn’t allow anonymous access to a site where you are trying to allow it. Most typically, they’ll just encounter 401 error when accessing the site, or they might be missing some of the content or styles, resulting in partially broken site.

Causes

Usually incorrect configuration or non-published resources. Multiple reasons can cause this, though, I’ll describe some of them below with the solutions.

Solutions

A lot of things to check – let’s go through all of the most typical issues here! Continue reading

How to fix “- – the web site does not support SharePoint Online credentials. The response status code is ‘Unauthorized'” error

SharePoint is not broken - it just does't work

While running some SharePoint Online -PowerShell commandlets, or connecting to a SharePoint Online site from your app, you get a following (or similar) error about your SharePoint Online credentials being unauthorized for something you should definitely be authorized to do:

Cannot contact web site 'https://<tenant>-admin.sharepoint.com/' or the web site does not support SharePoint Online credentials. The response status code is 'Unauthorized'.

And that’s not all – by digging into the full error message, you find the underlying internal error:

MSDAVEXT_Error=917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.

What awakens my curiosity, is this line:

Access denied. Before opening files in this location, you must first browse to the web site and select the option to login automatically.

However, when you open your browser, you can actually log in without a hitch. If that’s the case, this might be a weird internal error in SharePoint Online. Nothing you can do permissions/configuration-wise, but luckily – there’s a hazy and weird, but simple PowerShell-based fix! 

Continue reading

Call to sites Graph API requires “owner” permissions for site collection regardless of app permissions

Okay – yet another weird issue, and a hacky workaround. I was developing an app that was calling a SharePoint site through Graph API, using jQuery $.ajax call (developed in TypeScript), and ran into surprising 401 errors. I did find a workaround, but am also working on an actual fix.

Description

To get SharePoint site ID, which is needed when accessing SharePoint lists, the calls seemed to fail for my test accounts. Everything was working fine for my developer account, which was a global admin, so the first thing I was suspecting was of course permissions…

The first offending test account was a Group member, and a restricted reader in the site collection I was trying to access via Graph. The account was also a contributor on the root site of the tenant. And all of my accounts were licensed with E3/E5.

I knew that this part of the code was supposed to get a site id for a certain SharePoint site collection with a call to Graph API, similar to this one:

https://graph.microsoft.com/v1.0/sites/<tenant>.sharepoint.com:/sites/<site>/

It worked for my developer account, but just wouldn’t work for the test accounts! This is the error I got: Continue reading

4 ways to fix error AADSTS65001 (The user or administrator has not consented to use the application)

Azure AD Login error

Fixing issues with Azure AD authentication for Enterprise applications can be tricky. This article contains multiple different fixes to an issue, where granting admin consent has somehow failed. Not all of the different solutions will work for all situations, though! That’s why I included a couple of different options to try… 🙂

Why do you even get issues with Admin Consent (like AADSTS65001)?

Imagine this: You’re trying to add or use an app, but the requires such permissions from your tenant, that only an administrator can grant. Typically to add this kind of an app, you’ll have to be a global administrator.

This is when an admin consent is required for the usage of the app – and if that hasn’t been granted, you’ll get errors about administrators not having consented to the use of the app you’re accessing.

Additionally, just to make the investigation just a bit more complicated, if it’s an enterprise application, it could also be in an invalid state after someone tried adding the app without sufficient permissions.

I’ve been investigating a lot of these issues in relation to organizations using a mobile app, which the customer has been deploying as an enterprise application. Most of the things should apply for web-based apps or console programs or whatever else you’re deploying, too – especially if they’re enterprise applications in Azure AD!

The whole error might look something like this: Continue reading

Fixing the “For security reasons DTD is prohibited in this XML document.” issue

"For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method."

This post describes a couple of ways to fix the issue “For security reasons DTD is prohibited in this XML document”. At least for me, it appeared when trying to access SharePoint Online using Powershell or a console program using OfficeDev.PnP (which in turn uses CSOM).

Error

When running any piece of code, whether in PowerShell, .exe console or anything else than in the code behind relies on .NET Framework, you get an error like this:

For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method.

Continue reading

Fixing Lenovo T460S Wifi connectivity issues (removing the evil versions of Intel Dual Bank Wireless-AC 8260 driver)

I recently received a new work laptop – Lenovo T460S. A cute little thing with impressive performance and reasonably good battery life. However, what people frequently complaing about online in regards of this laptop, is its absolutely, horribly awful wifi. This, in turn, is probably caused by it’s bad wifi chip, Intel Dual Bank Wireless-AC 8260. And they’re right – it’s a load of crap.

Continue reading

Fixed: Cannot use JSX unless the ‘–jsx’ flag is provided

Typescript & React.JS

This blog post is about fixing issues related to building a project with TypeScript files. Basically, if your jsx or tsx -files are not getting built to js-files (which is what the browser understands) in Visual Studio’s build, this post might solve the issue for you.

Description

While converting a project using React.js to TypeScript (and, hence, to use .ts and .tsx files instead of .js and .jsx) I stumbled upon this error:

Cannot use JSX unless the '--jsx' flag is provided

The project would not build a .tsx-file with ReactDOM.render(…) in it. This is a huge issue, of course, as my JavaScript-files would not update during the deployment. This means, that all of the code in TypeScript and React is not ran in the browser.

Continue reading

Duplicate object values in ASP.NET MVC Display Templates? Easy fix!

Duplicate String values

Are you getting duplicate object values (or whatever those Objects output in .ToString())? Eh, so was I, after I edited the display template for String. Found a fix, though.

Description

Okay – I just ran into one of my more stupid mistakes since.. Well, since forever.

I had made some quick and simple edits in String.cshtml display template (among quite a few other edits before building again and seeing what happened), as I added support for Enum values there. After that I started getting duplicate values for String-typed properties. 

Apparently, mistakes were made.

Solution

Luckily, this was easy to fix (but probably still worth documenting):

I had added the code for handling Enum-values, and also changed “@model String” -declaration to awful “@Model object” -one. Changing the type was supposed to happen, but capitalizing the model messed up my DisplayTemplate. Instead of casting the model to object, I was simply calling Model at the start of the template (basically, that was a shorthand for Model.ToString()), hence the “String object String”-kind of duplicate values on the display template.

Continue reading

Powershell Error: Cannot uninstall the LanguagePack 0 because it is not deployed.

Powershell: languagepack 0

Have you ever run into this, very non-descriptive and weird SharePoint error message “Cannot uninstall the LanguagePack 0 because it is not deployed”? You could encounter it while running some PowerShell scripts – most typically, when trying to update a wsp solution.

I have, and luckily often easily solved!

Symptoms

Assume you’re trying to install, update or uninstall a SharePoint solution (.wsp package) using PowerShell-commands Install-SPSolution, Update-SPSolution or Uninstall-SPSolution (respectively). Operation fails with the following (or similar) error:

Error: Cannot uninstall the LanguagePack 0 because it is not deployed

I have actually seen this also in the form of “Cannot uninstall Language Pack 0 because it is not deployed”. However, I think the more relevant form of the error is the one that pops up in the PowerShell. See below for an example!

Error "Update-SPSolution : Cannot uninstall the LanguagePack 0 because it is not deployed."

Error “Update-SPSolution : Cannot uninstall the LanguagePack 0 because it is not deployed.”

In Central Admin the solution is in Error state.

151117_ca

Problem

Not really clear, to be honest – most likely, it’s an issue in how SharePoint localizes some of the content types or other declarative artifacts.

Solution

You can find quite a lot of solutions online, but they weren’t really working for me. I tried restarting services, removing the package and meddling with the dll-files, but to no avail. However, the actual “last operation details” on the CA page hinted, that the problem was in fact in one of the features. The feature in question included some content types, and toying around with them is like playing baseball with hand grenades, so you have to tread carefully in cases like these.

Continue reading