SharePoint 2019: Anonymous access no longer working after security update KB5002207 May 2022

Question

Hello everybody!

After installing the current SharePoint 2019 security update, installing the language pack for it, and letting the configuration wizard work, our public-facing site no longer works. I can reach it from internal with no problems. Accessing in anonymously from the outside leads only to an error page telling us that "something" has gone wrong.

We checked:

• anoymous access for the authentication provider (including turning off and on again)
• the anoymous policy for the site
• anonymous permissions in _layouts/15/setanon.aspx
• user "*" allowed in web.config
• anonymous authentication allowed in the IIS site
• rebooting

The site has not been changed at all, and it still works from the internal network. There is no unpublished content pending.

What could have happened, and what could I do about it please?

Best Regards,
Stefan

Answer 1

Hi @Stefan Falk ,
I'm glad to hear you solve the problem ,if you have any issue about SharePoint, you are welcome to raise a ticket in this forum.

By the way, since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others.". and according to the scenario introduced here: Answering your own questions on Microsoft Q&A, I would make a brief summary of this thread:

Issue Symptom:
After installing the current SharePoint 2019 security update, installing the language pack for it, and letting the configuration wizard work, our public-facing site no longer works. I can reach it from internal with no problems. Accessing in anonymously from the outside leads only to an error page telling us that "something" has gone wrong. The site has not been changed at all, and it still works from the internal network. There is no unpublished content pending.

Checked:

• anoymous access for the authentication provider (including turning off and on again)
• the anoymous policy for the site
• anonymous permissions in _layouts/15/setanon.aspx
• user "*" allowed in web.config
• anonymous authentication allowed in the IIS site
• rebooting

Solution:
From StefanFalk-3370：
Attempt to restore the entire VM from a backup created before the update was installed. Then reapply Windows Updates, including SharePoint updates.

Current status:
Eventually everything is normal.

You could click the "Accept Answer" button for this summary to close this thread, and this can make it easier for other community member's to see the useful information when reading this thread. Thanks for your understanding!

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hi @Stefan Falk ,

1.If there is a correlation id in the error report, first check whether there is any problem in the ULS log according to the id.
2.A site collection feature "Limited-access user permission lockdown mode" may be enabled, you could check whether this feature is in a Deactivate state. It should not be active so as to get access at the Application Page Level.
Specific steps: Site Settings->Site collection features->Deactivate "Limited-access user permission lockdown mode"

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

Hello Xuyan,

Thanks for your answer!

I found the correlation id in the logs. There I find the following entry:

Authentication Authorization atd58 Medium Setting status to access denied.

Also, I tried to activate the lockdown feature, but it was already:

PS> Get-SPWebApplication http://extranet | Get-SPSite | ForEach-Object {Get-SPFeature -Site $_} | Where-Object {$_.DisplayName -eq 'ViewFormPagesLockDown'} | Enable-SPFeature -Url http://extranet
Enable-SPFeature : Das Feature 'ViewFormPagesLockDown' (ID: 7c637b23-06c4-472d-9a9a-7c175762c5c4) wurde bereits im Bereich 'http://extranet' aktiviert.
In Zeile:1 Zeichen:155
+ ...  -eq 'ViewFormPagesLockDown'} | Enable-SPFeature -Url http://extranet
+                                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (Microsoft.Share...etEnableFeature:SPCmdletEnableFeature) [Enable-SPFeature], DuplicateNameException
    + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletEnableFeature

Note: http://extranet is the internal name of the very same site that is no longer publicly viewable.

Noteworthy is that I cannot find the ViewFormPagesLockDown feature in the site properties, or I cannot identify its German name. Do you happen to know the German name of that feature?

What else could I do please?

Answer 4

Hello Xuyan,

Sure, thanks! Please see the attached file with all log entries of a single correlation ID. As neither the upload nor pasting did work, please download the text file from https://www.ct-systeme.com/LargeDownloads/2022-05-18_SharePoint-Logs.txt

Answer 5

Hello Xuyan,

Can anything helpful be read from the logs? Thanks a lot!