SharePoint 2010: Classic to Claims Migration Gotcha

I’ve been migrating classic mode SharePoint 2010 sites to claims sites for a while now, so much that I even have a script to do it for me. However, for some reason I have never come across the problem I encountered today.

The documentation on converting a classic mode web application to a claims based application I though was pretty solid on technet. Today I came across a strange issue where the site collection administrator was getting access denied in odd locations… or locations I thought were odd because SharePoint hadn’t security trimmed the links as I thought it would if access really was denied.

Turns out there is a small paragraph at the very bottom of the article which essentially points out “don’t forget to update your super user/reader properties!”… which I did! Not sure why I haven’t come across this until now but hope this helps others with the same issue.

The below PowerShell should help you out in fixing the issue:

$wa = Get-SPWebApplication -Identity <web app url>
$wa.Properties[" portalsuperuseraccount"] = "i:0#.w|<super user account in domainlogin format>" 
$wa.Properties["portalsuperreaderaccount"] = "i:0#.w|<super reader account in domainlogin format"
$wa.Update()

Office Web Apps 2013 and SharePoint Issue relating to SSL

Came across and issue during the deployment of Office Web Apps 2013 when hooking up with SharePoint which caused some confusion.

Issue:

Error messages from the web apps when activating through SharePoint documents:

Word Document : "Sorry, there was a problem and we can't open this document. If this happens again, try opening the document in Microsoft Word."
Excel Document: "We couldn't find the file you wanted. It's possible the file was renamed, moved or deleted"
PowerPoint: "Sorry, we ran into a problem. Please try again"
One Note:"Sorry, you don't have permission to edit this notebook."

Cause

It appears the issue was related to Office Web Apps having been deployed on HTTPS while SharePoint was on HTTP.

Resolution

This is mentioned in the tech net documentation but it wasn’t very clear as it appeared to be the opposite way around, but the resolution is to allow SharePoint to use OAuth authentication over http instead of https (thanks to Imp44 for the solution at TechNet Forums )

The solution is to run the following on a SharePoint 2013 Server:

$config = (Get-SPSecurityTokenServiceConfig)
$config.AllowOAuthOverHttp = $true
$config.Update()