Forum Discussion
AD Guest Users unable to access SharePoint Online
We have:
- M365 with SharePoint Online
- A communication site set up in SharePoint Online
- A bunch of about 300 guest users from other companies
The Problem:
- A certain fraction of the guests from other companies cannot access the SharePoint. They always get the „You need permission to access this site“ form. They can fill it out, our admins get the request, grant access, but still the users see the „You need permission to access this site“ site.
What we did to debug:
- We worked through this guide: https://learn.microsoft.com/en-us/sharepoint/troubleshoot/administration/sharepoint-online-inaccessible
- We worked through the „"Access Denied" or "You need permission" errors in SharePoint Online and OneDrive“ guide: https://learn.microsoft.com/en-us/sharepoint/troubleshoot/administration/access-denied-or-need-permission-error-sharepoint-online-or-onedrive-for-business
- Especially we run through the „Check User Access diagnostic“ tool in the Admin center. For all users affected, it tells us, that appropriate rights are given and the users should be able to access the site.
- We checked our own AD as well as ADs of the companies we invited the users from if there seems to be anything strange. Nothing seems suspicious.
- We deleted and re-invited guest users in our AD. Nothing changes even with a new user id.
- We assured, that we are not hitting any threshold, i.e. that after a certain amount of guests new guests get blocked. We still see single n+1 Users, that can access.
Some more information:
- It seems quite random, which users are affected. We could reproduce with at least one user from each tentant we invited guests from, while at the same time we have users from each tentant that can access without problems.
- It does not seem to relate with our communication site in Sharepoint, its access to our SharePoint in general, that is blocked.
Any help appreciated!
Andreas__ Mildly related, and otherwise for future reference...
Context: new communication-site setup for an extranet, added some guest-users from our msp-domain tenant to test things out as 'guests' > registering as guests worked (ended on the 'my apps' on that tenant?!) > entered the sharepoint-site url > all having Sharepoint-error below(https://tenantname.sharepoint.com/_forms/default.aspx > 'signing in is not complete' in page title browser)
Something went wrong
We're sorry, sign-in isn't working right now. But we're on it! Please try again later.
ID: 687f0fa1-4053-8000-3a1e-34ac4495b2a3
Issue Type: Unknown issue.
Resolution: tried a personal email-adres (not tied to our msp-domain) to try again and that one worked without a problem?!
Rootcause?: not 100% sure, but because we as a MS-partner for this client also have a GDAP-partner-relationship and a B2B External Identities automatically setup, I guess there was a conflict with the created guest-user vs the B2B-rights.
(some PowerShell for the B2B-functionality: Blimped | SharePoint Guest Access and Entra B2B)
michaelarens Curious if there are any updates. I believe I'm seeing similar issues.
- something we also noticed lately are Guest-users that are marked as 'Risky Users' (check your Entra logs) > they need to change their password to resolve this.
Hi Luke Petterson ,
sorry to say no. Also, after six weeks we have still not received helpful reply from Microsoft to our ticket.
