Fix Access Denied Error after migrating to SharePoint 2013!File Repair Tool Blog
This blog will describe the problem that occurs in sites after migrating from SharePoint 2010 to SharePoint 2013. Let us take one example:
Scenario
Suppose you are working for a client, they had several groups and you have to build the collaboration portal for every group. One of the most important things is that few of the sites were already present in SharePoint 2010, but it is in different standalone servers. Migration was the important things here as the existing sites contain huge data and user base.
The need for you was to create a portal or web application which will have migrated sites and new collection of sites as per decided site structure. As per to the decided design and architecture you have build a new web application and stared to create the site hierarchy. As part of this you followed the standard approach database detach and attach way and migrated the existing SharePoint 2010 sites. At that particular time the migration was successful and you were able to access the site with the system account. However, when you tried to access them later with couple of site admins, you get the error message “Access Denied” with any user id.
Root cause
When you created the Web application by default in SharePoint 2013, it gets generated with claim authentication. And when you migrate the data DB to 2013, it identify the users account only in this format i:0#.w|domainusername. Hence it is an AD account therefore it does not able to identify the DomainUserName format. SharePoint presume all users to be claim users and leave them so. Thus, a normal windows users – “DomainUserName” appears as “i:0#.w|DomainUserName”. Furthermore it uses the username in the same format to verify it permission but it is not able to detect a matching entry for the users as the database has Windows users – “DomainUserName”. Thus, your sites offer you with error message “access denied”.
Take a note that System Account will work because its “DomainUserName” is never used and System account is a key word that is used by SharePoint for the application verification. Hence, it is left unaffected.
Solution
To fix this issue you have to migrate share point 2010 and converter to claims format it to 2013. But to remain on safe side, do not directly change the SharePoint 2010 site to claims format in a construction environment as it will not permit the existing Windows accounts users to login and the existing site of SharePoint 2010 will become inaccessible.
Follow below power shell script that converts classic mode site to claims mode:
This script command will converts user accounts to claims format:
On implementing the first script command (to allow claim authentication) the SharePoint database is made ready to claims based authentication, however the existing site users was windows users, are not “migrated” to be unstated by claims authentication.
The second command script is for “migrate” users. MigrateUser ($true) will help you to convert all users account to claims format and thereafter the usernames are correctly identified by the SharePoint and hence the permission for users are read correctly by SharePoint and therefore the site permission works fine.
Recommended solution
The above script commands fix the above problem in most of the cases. But sometimes it does not work at such point of time you can use third party SharePoint Repair tool to quickly fix the SharePoint “Access Denied” error. It is recommended by the SharePoint experts because such tools come with advance algorithm that automatically detect the issue and fix it. It also comes helpful in fixing index corruption in SharePoint server database, repairs corrupted SharePoint database file, etc. So, whenever your SharePoint Database file becomes inaccessible due to corruption you can use SharePoint Repair Tool.
How To Fix Access Denied Error after migrating to SharePoint 2013
- Firstly launch the SharePoint Recovery Tool you would find an interface. This interface screen displays two options to recover SharePoint data: ‘Complete Repair’ and ‘Document Recovery’ Select as per your requirement.
- If you choose ‘Complete Repair’, the screen will show the options for selecting and searching SQL Server (.MDF) files. Click on ‘Select File’ to select a SharePoint database for repair. If you do not know the actual path of the database which you want to repair, click on the ‘Search File’ to locate the MDF file in a specific drive. After selecting the desired file initiate the scanning process
- After finishing the scan, the software would generate a tree of all SharePoint database tables and will display it in the left pane. You can select the table in the tree and can have the entire preview in the right pane. Then Click on ‘Repair’ to begin repairing for the selected database.
- After clicking on ‘Repair’, this dialog box will appear. Specify the SQL Server name or Instance name and the desired destination path. Click on the ‘Browse’ option to choose the destination path. And select ‘OK’ button.
- Once this process gets completed, you would find a dialog box that displays this message ‘Recovered file saved at the desired location. This shows that Recovery Process has successfully completed’. And select ‘OK’ button.
- You would find another dialog box that asks whether you want to attach the repaired database to the web application. If you click on ‘Yes’ button, the above dialog box will be displayed. In the web application URL type, the name of the corrupt database and SQL Server Instance name. Then Select ‘OK’ button and proceed. When the process gets finished, you would be able to access the repaired database by opening the web application.