Tuesday, April 3, 2012

EventID 2214 SharePoint 2010

On a SharePoint server that is running Forefront Security for SharePoint, you may receive an error message when you try to access a non-SharePoint site

When Microsoft Forefront Security for SharePoint is installed on a SharePoint server, non-SharePoint sites may have problems accessing the Internet Server API (ISAPI) filter that is installed by Forefront Security.

On Internet Information Services (IIS) 7, users who browse to these sites may receive the following error message:

HTTP Error 500.0 - Internal Server Error

Calling LoadLibraryEx on ISAPI filter "D:\Program Files\Microsoft Forefront Protection for SharePoint\FSSPUsernameFilter.dll" failed

On IIS 6, users who browse to non-SharePoint sites may receive the following error message: 

Service Unavailable


To work around this issue, use one of the following methods.

Internet Information Services 7 (IIS 7)

1.      In IIS Manager, navigate to a non-SharePoint Web site that is experiencing this issue.

2.      Select the Web site, and then double-click ISAPI filters. 

3.      In the Filter pane, select FSSP Username Filter.

4.      In the Actions pane, click Remove.

5.      In the confirmation dialog box, click Yes.

Test the site to determine whether the issue is resolved. If the issue is not resolved, an IIS restart of the Web site may be necessary. You can do this through the IIS administrator.

Internet Information Services 6 (IIS 6)

To determine whether issue that is described in this article is the same issue that you are experiencing, examine in the Application Event Viewer. If if the ISAPI filter is causing this issue, the following error will be logged:

Type: Error         

Event ID: 2214

The HTTP Filter DLL C:\\Program Files\Microsoft Forefront Protection for SharePoint\FSSPUsernameFilter.dll failed to load. The data is the error. 

On IIS 6 servers, the ISAPI filter is not exposed at the individual site level. To resolve the issue, add the account that the non-SharePoint site is running as to the ISS_WPG and WSS_WPG security groups. On these servers, look up the account that the non-SharePoint site is running as. You can do this by looking at the credentials on the application pool that the site is running under. After you have the account that the non-SharePoint site is running as, follow these steps to resolve the problem:

1.      Add the account that the non-SharePoint site is running as to the ISS_WPG and WSS_WPG security groups. This makes sure that the Web site has permissions to load the ISAPI filter in the Forefront for SharePoint directory.

2.      For the changes to take effect, you must run an IISReset. To do this, open a command prompt, and then type IISReset. This shuts down and restarts all IIS services

No comments:

Post a Comment