Devit!

One thing that can be frustrating for any developer is when you run into a problem and despite millions of search results when searching for a resolution nothing seems to solve the issue.  I thought I would share some simple solutions to two very frustrating WSS issues we’ve run into this past year.

The first issue is intermittent 403 Forbidden errors on a WSS (Windows Sharepoint Services) site.  We were seeing  anonymous users in our test environment who couldn’t use the website at all until an admin logged in.  After someone had logged in then anyone could use the website with or without a login.  What ended up being the problem was a permissions issue on the bin folder for the website.  To fix this problem please follow the simple steps below.

1. Ensure all sub folders that are virtual directories on the site are using the same application pool as the root site.  (This didn’t help me as everything was set properly, however I read countless posts of this causing problems for others)
2. Add read access on the bin folder for the account IUSR.  (You don’t need to add read access to the files, which is somewhat confusing but none the less that protects the files from being downloaded)
3. Success!

If you have any other problems please post your questions/solutions below.

Continuing on, I also ran into a strange DCOM error popping up in Eventlog on most of our servers with WSS sites running.  The error looks like this…

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1} to the user <serverName>\networkservice SID (S-1-5-21-<serviceSID>). This security permission can be modified using the Component Services administrative tool.

Needless to say, getting this error several hundred times a day in Eventlog is not ideal.  The resolution is rather simple but not overly easy to explain.  Please carefully follow the steps below.

1. Copy the GUID (In my case it was {61738644-F196-11D0-9953-00C04FD919C1})
2. Open the registry editor by running regedit
3. Click on ‘My Computer’ at the top then select Edit -> Find and Paste the Guid (remove the {})
4. You should see an application name in the right pane when the Guid is found – in my case this was “IIS WAMREG admin service”
5. Close the registry editor and open Component Services from Control Panel -> Administrative Tools
6. Expand Component Services, My Computer, DCOM Config and find the application name discovered above in step #4.
7. Right click on the the application name and select “Properties” then select the Security tab
8. The first block should be set to Customize – select edit on the right side.
9. Now add the service account (in my case this was network service) and add the appropriate access which in my case was “Local Activiation” (which you can see in the error above)
10. Success!

Please share this information as both of these errors can be both frustrating and a waste of time.

Good luck and happy coding!