I have seen this very obscure SharePoint issue a few times and almost impossible to identity and resolve without extensive debugging. So, I just wanted to get this blog out there to help the next SharePoint Admin that may experience this situation with a quick resolution.
While trying to access the sitehttp://sharepointusers are intermittently presented with 403 and 500 errors and the site remains inaccessible until performing a manual IIS RESET. However, after resetting IIS the site may remain operational for a very short time before the issue reoccurs.
When this issue occurs, you will find the following COMException recorded in the ULS Logs.
12/14/2018 14:48:11.11 w3wp.exe (0x22A0) 0x270C SharePoint Foundation Runtime tkau Unexpected
System.Runtime.InteropServices.COMException: Cannot complete this action. Please try again.
This issue is caused by an excessive amount of AD / SharePoint groups or user permissions being added to site collections, list & libraries or pages, which fully consumes the maximum allowed “in-memory security cache” (owssvr!VsecCacheManager) which is 2mb by default.
Once this memory has been exceeded, SharePoint is unable to verify user security and responds with a 500/403 error for all users at the server level.
To resolve this problem, increase the “SecurityCacheMemoryAllowed” setting from the default of 2MB to 20MB.
Registry DISCLAIMER: Modifying REGISTRY settings incorrectly can cause serious problems that may prevent your computer from booting properly. Microsoft cannot guarantee that any problems resulting from the configuring of REGISTRY settings can be solved. Modifications of these settings are at your own risk.
Click Start, click Run, type regedit, and then click OK
In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0
Right-click 14.0, point to New, and then click Key
Note: If you are using SharePoint 2013 the key will be under 15.0 and 16.0 with SharePoint 2016.
TypeSecurityCacheOptions, and then press ENTER
Right-clickSecurityCacheOptions, point to New, and then click DWORD value
TypeSecurityCacheMemoryAllowed, and then press ENTER
Right-clickSecurityCacheMemoryAllowed, and then click Modify
In the Value data box, change the Base todecimal, type the value20, and then click OK
Execute an IISRESET and manually restart the “IIS Administration service”