0

We are on SharePoint Server Subscription edition on-premise. We are seeing "Access denied contact administrator" when users are trying to access word/excel files. when we checked logs I can see the below two errors Handling access denied for non browser request. IsOAuth: 'False'. 403 Access denied. We tried increasing the Distributed Cache resuesttime values and other values on DIstributed cache and rebooted the servers but nothing helped. The issue is intermittent which is hitting hard for us. Can any one suggest what could be issue and action that needs to be taken to resolve. Thank you!

Improve this question

1 Answer 1

Reset to default
0

It sounds tricky. Anything more you can say about the users affected by the issue? All of them? Only in a specific location? Specific devices? Specific type of user/ department? Only at specific times (weekend, 6pm)?

There are a few things you could try:

  • Check if OAuth authentication is properly configured and the Secure Token Service (STS) is functioning correctly.

    Get-SPAuthenticationRealm

  • the App Management Service application

  • I assume you checked the Distributed Cache and restarted it (with "rebooted the servers")

    Use-CacheCluster

    Get-CacheHost

    Stop-SPDistributedCacheServiceInstance

    Start-SPDistributedCacheServiceInstance

  • If you're using a multi-server farm, ensure Distributed Cache is properly configured across all servers and that Request Management isn't misrouting tokens or requests inconsistently.

  • Check your Office Online Server: https://powershellscripts.github.io/articles/en/Server/Office%20Online%20Server%20Troubleshooting%20in%20Sharepoint%20Environment/ (bunch of suggestions in the article, better and worse)

  • Check if clock synchronization between the SharePoint servers and Office clients is correct. If the clocks between servers and clients are not in sync, tokens may appear expired.

  • network firewalls or proxy configurations??

Improve this answer
2
  • Its happening to all users but intermittent . Checked OAuth and is good checked App Managemtn Service App and is working Distributed Cache service is checked and restarted and rebooted the servers as well I will check Office online server how to check clock synch between SP Server and Office client there was a firewall change on last week then this weird stuff started Commented Sep 24, 2024 at 16:40
  • I found the below errors after doing verbose logs WopiHiddenFrame: getTargetHelper: targetUrl is null for docx/Word and action PreloadView GenerateWacUrl failed to produce a URL/actionEntry for docx, Word, en-US any idea on these? Commented Sep 24, 2024 at 18:48

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.