SharePoint 2019 User Profile --> Manage User Permissions

%3CLINGO-SUB%20id%3D%22lingo-sub-869791%22%20slang%3D%22en-US%22%3ESharePoint%202019%20User%20Profile%20--%26gt%3B%20Manage%20User%20Permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-869791%22%20slang%3D%22en-US%22%3E%3CP%3EHowdy!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20found%20a%20very%20strange%20issue%20within%20the%20User%20Profile%20service%20of%20SharePoint%202019.%20First%20of%20all%20some%20information%20about%20our%20topology%3A%3C%2FP%3E%3CUL%3E%3CLI%3E4%20SP%20Servers%20(Minrole)%3A%3CUL%3E%3CLI%3E2%20WFE%20with%20DC%3C%2FLI%3E%3CLI%3E2%20Application%20with%20Search%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3CLI%3EVersion%2016.0.10349.20000%3C%2FLI%3E%3CLI%3EWindows%20Server%202019%20is%20the%20OS%3C%2FLI%3E%3CLI%3EOffice%20Online%20and%20SQL%202016%20info%20is%20out-of-scope%20for%20this%20issue.%3C%2FLI%3E%3C%2FUL%3E%3CP%3EWe%20are%20migrating%20our%20environment%20from%20SharePoin%202010%20to%20SharePoint%202019.%20The%20mysites%20will%20be%20migrated%20at%20the%20last%20phase%20of%20the%20project.%20Therefor%20we%20would%20like%20to%20disable%20the%20mysite%20creation.%20Within%20the%20'Manage%20User%20Permission'%20you%20can%20adjust%20the%20settings%20for%20the%20creation%20of%20the%20personal%20site.%20But%20when%20we%20modify%20these%20settings%20I%20get%20a%20popup%20with%20the%20message%20'Sorry%2C%20this%20site%20hasn't%20been%20shared%20with%20you'.%20I%20already%20checked%20many%20things%3A%3C%2FP%3E%3CUL%3E%3CLI%3EUls%20log%20is%20giving%20me%20an%20Access%20Denied%3C%2FLI%3E%3CLI%3EThe%20user%20who%20is%20modifying%20the%20permissions%20is%20admin%20on%20the%20mysite.%3C%2FLI%3E%3CLI%3EThe%20user%20is%20Farm%20Admin%20and%20also%20has%20specific%20permissions%20on%20the%20User%20Profile%20App%20(Full%20Control)%3C%2FLI%3E%3CLI%3EGave%20temporarily%20direct%20database%20permissions%20for%20the%20User%20Profile%20Service%20account%20on%20the%20mysite%20database...%3C%2FLI%3E%3CLI%3EWhen%20I%20change%20the%20mysite%20url%20in%20the%20User%20Profile%20app%20to%20for%20example%20http%3A%2F%2Ffake%2C%20then%20I%20can%20change%20the%20permissions.%20But%20they%20are%20not%20applied%20as%20the%20Mysite%20URL%20is%20not%20correct.%3C%2FLI%3E%3CLI%3EAls%20tried%20to%20change%20the%20permissions%20via%20Powershell...(Revoke-SPObjectPermission)%2C%20but%20I%20cannot%20find%20the%20good%20permissions.%20Also%201%20claim%20cannot%20be%20found%20(c%3A0!.s%7Cwindows)%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlmost%20think%20it's%20a%20bug..%20but%20as%20i'm%20not%20100%25%20sure%20i'm%20writing%20this%20question.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-869791%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EPermissions%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPowerShell%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1235688%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%202019%20User%20Profile%20--%26gt%3B%20Manage%20User%20Permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1235688%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20I%20have%20exactly%20the%20same%20issue%20on%20my%20SP%202019%20farm.%20Did%20you%20ever%20found%20a%20solution%20to%20this%20problem%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1237396%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%202019%20User%20Profile%20--%26gt%3B%20Manage%20User%20Permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1237396%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F4256%22%20target%3D%22_blank%22%3E%40Gottfried%20Jocham%3C%2FA%3E%2C%20We%20did%20login%20with%20the%20farm%20account%20on%20the%20server.%20Its%20not%20best%20practice%2C%20but%20the%20only%20solution.%20Also%20what%20we%20notices%20is%20that%20when%20you%20change%20the%20url%20of%20the%20Mysite%20Host%20Location%20to%20for%20example%20http%3A%2F%2Ffakeurl%20then%20you%20can%20make%20the%20notification.%20So%20it%20looks%20something%20related%20to%20permissions%20on%20the%20mysite%20web%20app%20itself.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Howdy!

 

I've found a very strange issue within the User Profile service of SharePoint 2019. First of all some information about our topology:

  • 4 SP Servers (Minrole):
    • 2 WFE with DC
    • 2 Application with Search
  • Version 16.0.10349.20000
  • Windows Server 2019 is the OS
  • Office Online and SQL 2016 info is out-of-scope for this issue.

We are migrating our environment from SharePoin 2010 to SharePoint 2019. The mysites will be migrated at the last phase of the project. Therefor we would like to disable the mysite creation. Within the 'Manage User Permission' you can adjust the settings for the creation of the personal site. But when we modify these settings I get a popup with the message 'Sorry, this site hasn't been shared with you'. I already checked many things:

  • Uls log is giving me an Access Denied
  • The user who is modifying the permissions is admin on the mysite.
  • The user is Farm Admin and also has specific permissions on the User Profile App (Full Control)
  • Gave temporarily direct database permissions for the User Profile Service account on the mysite database...
  • When I change the mysite url in the User Profile app to for example http://fake, then I can change the permissions. But they are not applied as the Mysite URL is not correct.
  • Als tried to change the permissions via Powershell...(Revoke-SPObjectPermission), but I cannot find the good permissions. Also 1 claim cannot be found (c:0!.s|windows)

 

Almost think it's a bug.. but as i'm not 100% sure i'm writing this question.

2 Replies
Highlighted

Hi, I have exactly the same issue on my SP 2019 farm. Did you ever found a solution to this problem?

Highlighted

@Gottfried Jocham, We did login with the farm account on the server. Its not best practice, but the only solution. Also what we notices is that when you change the url of the Mysite Host Location to for example http://fakeurl then you can make the notification. So it looks something related to permissions on the mysite web app itself.