woensdag, april 16, 2014

Strange access denied in publishing sites

Recently one of my clients had some strange behavior on their production farm. Team sites no worries, but when they started using publishing sites things went bad. Suddenly unexpected access denieds were showing up, even users with full control webapp rights were not able to access the site. Mostly when checking out pages, or changing the navigation settings.

Luckily we got a helpful hint: we should review the super user full control and super user read accounts for the object cache, as described on the following page:


By default the users are as follows:

  • Super User Full Control: the site’s System Account;
  • Super User Read: NT Authority\Local Service.

In a claims authentication application, this default Super User Read cannot be resolved, which automatically leads to an access denied for the object cache.


As described in the page above. You can also use this excellent script of Stef van Hooijdonk dating back from 2010, available via:


Geen opmerkingen: