DevFacto Recognized for Excellence in Managed Services


CRN®, a brand of The Channel Company, has named DevFacto to its 2017 Managed Service Provider (MSP) 500 list in the Elite 150 category. This annual list recognizes North American solution providers with cutting-edge approaches to delivering managed services. Their offerings help companies navigate the complex and ever-changing landscape of IT, improve operational efficiencies and maximize their return on IT investments.

In today’s fast-paced business environments, MSPs play an important role in helping companies leverage new technologies without straining their budgets or losing focus on their core business. CRN’s MSP 500 list shines a light on the most forward-thinking and innovative of these key organizations.

“Managed service providers play an increasingly important role in the day-to-day operations of businesses across North America,” said Robert Faletra, CEO of The Channel Company. “MSPs help organizations streamline their spending, effectively allocate limited resources, and benefit from advanced expertise in the latest technologies. We congratulate the service providers on CRN’s 2017 MSP500 list, who have continually succeeded in meeting their customers’ changing needs and help them get the most out of their IT investments.”

DevFacto is honored to be recognized with this award and would like to thank all of our clients, partners and team members who have made this possible.


A Tale of Two Governances – Part One: Health Benchmark

When you read about governance, it is often focused on what I call the “foundational governance”.  In the case of information technology we focus on foundational information governance, or the way we intend to use our information within the organization. Read more

ECM Governance – Part Five

In this post, I will finish off the definitions of the different principles and then we can move on from there to venture more in-depth about ECM governance. Read more

ECM Governance – Part Four

In this post, we continue the description of different categories of guiding principles for a SharePoint implementation (note that these are not the only categories as some may need to be added or removed depending on the purpose of the solution).

Read more

Assessing Your SharePoint Maturity

I find a common challenge with SharePoint is identifying where to go with it or what to do next. What is the greatest opportunity on which to focus your efforts?

Read more

ECM Governance – Part Three


Guiding Principles Continued…

In my last post, we examined the idea of guiding principles and how they are used to set a foundation for our ECM. We identified several categories or “Areas of Impact” that these principles could be separated into and next, I would like to start by detailing the intent of each of those categories.

Read more

ECM Governance – Part Two


Guiding Principles

In this post, I would like to continue along with the ECM governance work we previously started and delve further into the core of what defines governance: guiding principles.

If you want to consider implementing governance of any type, you are going to need to define a foundation on which to build rules for how things will be governed. Read more

ECM Governance – Part One



If you were ever looking for a main cause for the failure of SharePoint implementations, look no further than ECM Governance.  Over the next couple weeks I am going to share some insights I have experienced with governance of enterprise content and what organizations need to do to ensure the successful implementation and use of solutions like SharePoint and OpenText Content Server. Read more

401 ACCESS DENIED SharePoint 2007 Anonymous

“ACCESS DENIED 401.5” – On first load, canceling the prompt shows “401 ACCESS DENIED” but you can refresh the page and it works fine without any future prompt until app pool recycle.

I recently had the misfortune of trying to resolve an access denied issue in SharePoint 2007 running on a Windows 2008 OS, which means IIS 7.5 as the web host platform. The other web front end which was Windows 2003 with IIS 6 was working fine (don’t get me started on why they decided to mix and match the load balanced front end OS and IIS versions).

Typically, getting an access denied issue on an anonymous site can mean one of the following:

  1. You didn’t further enable anonymous access for the target web application zone.
  2. Your bindings in IIS are set up incorrectly and you’re still navigating to the authorization required zone.
  3. You didn’t enable anonymous access permissions at the site collection level.

All of these are addressed by this TechNet article.

For the more advanced issues:

  • You set up restrictive anonymous access permissions at the web application policy level.
    • Central Admin>Application Management>Policy for Web Application
    • From the left most navigation (Quick nav area) there is a “See Also”. In there you will see “Change Anonymous Access Permission Policy” where you can block access to ‘anonymous’ despite granting it in the site collection level.
  • You’re experiencing ACL issues for the anonymous access account (and IIS issue), this is usually accompanied by a 401.3 ACCESS DENIED and you actually get to see the access denied SharePoint page.
    • In this instance, you can use the failed request tracking provided by IIS to debug file access issues.
    • You can use the specific list ID or file ID from the query string on the access denied page to determine which library you need access to.
  • You have required files checked out or otherwise not checked in to a major version and published.
    • When editing the page under the Tools menu you will find Check for unpublished items. This report can help you find items not published which may be affecting anonymous access.  This tool can help you find any images or css files that are failing authorization causing multiple prompts for login while still being able to access the page.
    • There is also a report from the manage content and structure page which can help identify unpublished items in the site collection: http://servername/_layouts/sitemanager.aspx?rptmode=3″>http://servername/_layouts/sitemanager.aspx?rptmode=3
  • You’ve selected the wrong caching profile in the object cache settings (located in site settings). It should be set for public anonymous if your site is a published internet page.
  • If you’ve landed here and you were looking for a SharePoint 2010 problem where even site collection administrators are getting the access denied SharePoint page, you may have forgotten to configure your super reader and super user accounts for publishing portals…
    • If you’re using windows auth make sure the super reader user as a policy defined at the web app policy level that grants full read.
    • If you’re using Claims Authentication and you are getting Access Denied for Site Collection Administrators, you need to set the portal super reader and portal super user accounts to use their respective claims identities instead of the windows domain account format – click here.

And finally, the one which cost me two and a half days trying to locate and debug and ultimately spawned this blog post…

You are getting a “401 ACCESS DENIED” blank white screen, your IIS logs are reporting 401.5 errors, failed request tracing is returning nothing, event logs are returning nothing, and even the ULS log is returning nothing usable other than just saying “ACCESS DENIED”.

More specifically, I found the following set of entries:

General 8xfr Verbose
PermissionMask check failed. asking for 0x00010000, have 0x00000000
General 8xfr Verbose
PermissionMask check failed. asking for 0x46871000, have 0x00030041
General 8kh7 High
Access denied.

I asked Google many different ways and read almost a hundred blog posts, stack over flow questions, and forum posts:

  • Access denied on first load only
  • Access denied 401.5 sharepoint 2007
  • Access denied anonymous sharepoint 2007 iis 7
  • Access denied anonymous output cache
  • Access denied anonymous 401.5 “sharepoint”
  • Anonymous 401.5 sharepoint IIS 7.5

Sadly none of them worked for me.

My issue turned out to be a very deep web.config file configuration issue, someone changed something on the server (I have no idea why… and isn’t it always those mystery changes people made but never recorded that get you?)

I found this forum post.

I would have loved to have known how they came to that conclusion to set batch debug compilation to off.

The issue was that the web.config had:  <compilation batch="true" debug="true">

The reason why it was getting access denied on the first load of the page for anonymous users was some-how related to how the initial compile was run, and having that batch="true" was causing the problem.

To fix my issue, changed batch="true" to batch="false".  However this could also be caused by the entry missing the value settings, as they default to batch="true".

I hope you find this post helpful in diagnosing and fixing anonymous access denied issues in SharePoint 2007.

Although I might add to this, even though it fixed the issue it didn’t fix it “the right way”.

Batch compilation is designed to help IIS / ASP.NET save time and cache the compilation results, as outlined here.

So the real problem would be more related to the fact that their organization has potentially made a security change which causes the account that pre-compiles the pages to lose access to a required directory.  Unfortunately even when using process monitor, I wasn’t able to catch any access denied issues, so sadly the real problem eludes me.  I’m sure if I had more time to sit down and dig through all of their group policy settings I could find out how it came to be broken.

Originally posted by DevFacto Microsoft Certified Master, Kevin Cole, at SPDev.Info()