Forum Discussion
Guest sees page for 2 seconds then access denied to Group SP site
So you may have seen my posts over the months as I try to use GROUPS to support external users (my customers). It has now been over a week on my latest support ticket with no response or even attempt at diagnosing the issues our tenant is facing. HUNDREDS of my external users are unable to access content (and yes they are all set correctly in AzureAD). All the permissions have been checked with PS.
Why am I mad? Well this morning, I get an email from my support "ambassador" recommending I read a THIRD PARTY website on SharePoint permissions. It may be a good article but is that the best support can do?
And anyway, it is the (expletive deleted) auto-provisioned site for a GROUP, I had nothing todo with how it is setup and the users permissioned. I just add someone to a GROUP and it all should work, well it did until abot two weeks ago.
So I have tried the support route and it is not working so can someone tell me what these errors in the browser console log indicate?
blah, blah ...
18. Ignored setting non-registered setting 'searchux.strings.RefinerPane.ariaRemoveRefinerLabel'.
12.sp-pages-search_a6bd02ab633026ef31aa.js (1,8979)
19. 2
HTTP400: BAD REQUEST - The request could not be processed by the server due to invalid syntax. (XHR)GET - https://iasahome.sharepoint.com/sites/cita-p003/_api/SP.Directory.DirectorySession/Group('13cb6371-f512-45e8-aa3b-8cd5b3f5894d')?$select=PrincipalName,Id,DisplayName,Alias,Description,InboxUrl,CalendarUrl,DocumentsUrl,SiteUrl,EditGroupUrl,PictureUrl,PeopleUrl,NotebookUrl,Mail,IsPublic,CreationTime,Classification,yammerResources,teamsResources,allowToAddGuests,isDynamic
20. HTTP403: FORBIDDEN - The server understood the request, but is refusing to fulfill it. (XHR)GET - https://iasahome.sharepoint.com/_vti_bin/DelveApi.ashx/authtoken/loki?d=1521330891068
21. HTML1300: Navigation occurred.
AccessDenied.aspx (1,1)
22. HTTP400: BAD REQUEST - The request could not be processed by the server due to invalid syntax. (XHR)GET - https://iasahome.sharepoint.com/sites/cita-p003/_api/SP.Directory.DirectorySession/Group('13cb6371-f512-45e8-aa3b-8cd5b3f5894d')?$select=PrincipalName,Id,DisplayName,Alias,Description,InboxUrl,CalendarUrl,DocumentsUrl,SiteUrl,EditGroupUrl,PictureUrl,PeopleUrl,NotebookUrl,Mail,IsPublic,CreationTime,Classification,yammerResources,teamsResources,allowToAddGuests,isDynamic
23. HTML1506: Unexpected token.
NB: I see the article that mentions this but after a quick review it doesn;t tell me how to fix the situation
https://techcommunity.microsoft.com/t5/SharePoint-Support-Blog/Unexpected-Access-Denied-Invitations-via-Group-Membership-result/ba-p/170693
- Latest update for those interested; we have confirmed this behaviour on new Group sites; interestingly the site is accessible to the GUEST when it is empty but as soon as the first item is added to the document library the issue occurs and AccessDenied.aspx appears again. The Support engineers don't seem to be very familiar with Groups so would really help if someone could lend them a hand :-) [Ticket #:7689974] [Ticket #:7608078]
- Bump - hope you get this sorted out.
- Nope, ticket still open [Ticket #:7689974]. Seems several customers have the issue - completely reproducible .
- Can you share more details about the page your users are accessing? Apparently you have there a custom development...can you confirm this?
- No no no, no custom dev it is just the site created for an Office 365 Group. site URL is https://iasahome.sharepoint.com/sites/cita-p003/ and I can add you as an external guest of you want ...
- Is there a simple way to turn off Delve? Looking through SP admin looks like I would have to turn off search?
- Toby Bianchi
Microsoft
Hi David,
Thanks for reading my blog. Unfortunately, mine was targeted to a group of support requests that we've been working in SharePoint support. Based on the errors, what seems to be happening is that there are some delve queries that your external users do not have access to.
Unfortunately, I can't speak to anything further than that; what is interesting is that I have another customer with something that looks similar. However, they aren't getting an access denied, but rather are being prompted to sign in.
I'd be interested to know if you've got anything on these groups sites that leverage Delve.- Hi Toby, thanks for responding. Nothing using Delve other than what is built into a standard site provisioned by GROUP creation, what ever that may be. Search/Delve is running on the site ( I have about 20 such GROUPS ) and I confirmed that Search and Delve are active and working on the tenant. I cannot stress enough that this is just a site setup by creating a Group using the Office 365 Outlook interface. Nothing else has been done. Create Group, add guest members, access using the link in the email sent, they see the site for two seconds and then some script or part on the page is failing and redirecting to accessdenied.aspx I have added two support engineers to the group already (admin@infostorage.onmicrosoft.com and melvincraft@outlook.com) to demonstrate - totally reproducible. Can add you as well if you send me an account to use - Pernille-Eskebo.com or @outlook.com to dslight@iasaoffice.org ....
- Thanks for responding. Nothing leveraging Delve, although I guess it is active on the tenant.
