01
Jul
09

sharepoint 2007 WebPartPages.asmx & 500 Errors

Today’s Issue:

Error while using IE to edit a Sharepoint 2007 page behind a BIGIP LTM 6400 v10.0.1 configured for SSL Offloading:

Cannot retrieve properties at this time

Where We Are:

After deploying a Virtual Server for the Sharepoint 2007 site using the Application Templates in version 10.0.1, site admins cannot create new pages, or edit existing content using the “Edit Content” hyperlink when using IE.  Workaround at this point is one of two options:

Leave the site behind F5, and edit content in another browser

  • Pro:  Allows you to edit content
  • Con:  Editor window is small, simple text box, no rich formatting

Move site out from behind F5, and edit content in IE

  • Pro: Allows full editing capabilities
  • Con:  Site is no longer load balanced

How We Got Here

As outlined in another post and over on DevCentral, we used the new Sharepoint 2007 Application Template to move an existing site from it’s single WFE setup, to being behind our LTM 6400.  The current setup only utilizes 1 WFE now, but we have plans to expand as time & funding permit.

As we’ve discussed, the move went fine, the template seems to have provided all of the necessary nuts & bolts to make everything function, but now that we’ve dug in some more, we’ve encountered a relatively significant problem.

If the content cannot be readily edited, new content be added, etc, using the tools that have been provide (read: approved for use) then we don’t really have a viable site.

We’re really not talking about rocket science here, which is the maddening part (well one of them).  The pages we’re talking about are simple “Basic” HTML web pages, as defined within Sharepoint, added to a generic Document Library.

Steps to reproduce:

Pre-existing site configuration:

  • Windows 2008 Server, IIS7
  • MS Office Sharepoint 2007 (SP2)
  • 2 IPs – Website URL, and Server IP (both on same subnet)
  • .NET Framework 3.5 (SP1)
  • Site bound to “All Unassigned” on port 443
  • Site configured for NTLM Authentication
  • Local SSL Certificate
  1. Open IE and browse to https://websiteURL
  2. Click “Sign In” link in top right, provide admin credentials for site
  3. Open existing document library
  4. Open existing document
  5. Click the “Edit Content” link
    edit_content
  6. Use the Rich Text Editor Webpage Dialog to edit the page, and save changes
    expected

Site configuration behind F5 LTM 6400 10.0.1

  • Windows 2008 Server, IIS7
  • MS Office Sharepoint 2007 (SP2)
  • Single IP – Server IP (remove 2nd IP from NIC configuration)
  • .NET Framework 3.5 (SP1)
  • Site bound to “All Unassigned” on port 443 (you can’t remove this binding , or the https_VirtualServer monitor fails and site won’t load)
  • Site bound to “All Unassigned” on port 80
  • Site configured for NTLM Authentication
  • Complete Sharepoint 2007 Application Template within F5 10.0.1 GUI to create Virtual Server, Pools, Nodes, etc to utilize SSL Offloading, and to respond on the IP for the websiteURL, pointing to the WFE described above
  1. Open IE and browse to http://websiteURL (F5 should redirect you to https://websiteURL per iRule created by application template)
  2. Click “Sign In” link in top right, provide admin credentials for site
  3. Open existing document library
  4. Open existing document
  5. Click the “Edit Content” link
    edit_content
  6. Popup appears:  “Cannot retrieve properties at this time”

The IIS logs show the following entries for these scenarios:

When it does work:

6/30/2009    15:57:36    FQDN IP    POST    /_vti_bin/WebPartPages.asmx    -    443    domain\admin.user    Client Workstation IP    200

When it doesn’t work:

6/30/2009    16:04:14    WFE Node1 IP    POST    /_vti_bin/WebPartPages.asmx    -    80    domain\admin.user    F5 IP    500

So from my post over at DevCentral, Hoolio recommends using Fiddler to examine what’s going on.  Here’s what we see when it breaks:

#	Result	Protocol	Host	URL	Body	Caching	Content-Type	Process	Comments
 130	401	HTTPS	websiteURL
 /_vti_bin/WebPartPages.asmx	341		text/html; charset=us-ascii	iexplore:4588
 131	500	HTTPS	websiteURL
 /_vti_bin/WebPartPages.asmx	534	private 	text/xml; charset=utf-8	iexplore:4588
 132	304	HTTPS	websiteURL
 /_themes/Lacquer/siteactionsmenugrad_lacquer.gif	0	private,max-age=0 		iexplore:4588

To me, it’s not much, but maybe something to someone else.

Once again, if I run through the same process above on another browser, I can actually get the content edited, but I cannot see the rich text editor… I’m only in a text box (HTML markup appears to be allowed).

ff_edit

We did have a look at the AAM’s and pointed them to HTTP instead of HTTPS, but that seemed to break everything (I’ve left a comment over with TheF5Guy, but nothing back there yet either).

We also confirmed that the binding to 443 still needs to be there, even though the SSL Offloading should be passing everything to the node on 80.  If you take out the 443 binding, the pool for the Virtual Server gets marked as down immediately, and the page dies.

So now it’s your turn… what do you think it is that’s holding everything up?  Please feel free to comment here, and/or respond over on DevCentral.

UPDATE:

It’s been a while, but we just finally figured out our AAM issue (and YES in fact, it was AAM after all, not the F5 directly!)…

As outlined  here, it turns out to fix the AAMs, we had this:

https://server  |  Default  | https://server
https://www.server.com  |  Internet  | https://www.server.com
http://www.server.com  |  Intranet  |  http://www.server.com

but it should have been:

https://server  |  Default  | https://server
https://www.server.com  |  Internet  | https://www.server.com
http://www.server.com  |  Internet  |  https://www.server.com

A point of note that had us discouraged that we were going in the wrong direction for a while, you can’t just change the zone one the existing Public URL entry by changing the value in the drop-down in Central Admin, you have to actually remove it, then use Add Internal URLs to get the new one in.

Success came in part from this article, even though ISA isn’t involved for us, it got us thinking the right way.

SUCCESS!!!

Advertisements

3 Responses to “sharepoint 2007 WebPartPages.asmx & 500 Errors”


  1. 1 MeAndMyBIGIP
    July 1, 2009 at 12:50 pm

    Here’s a very helpful tip for FIrefox 3.x users trying to see traffic in Fiddler:

    * Go to My Documents > Fiddler2 > Scripts. There should be a file called BrowserPAC.js. Make note of the full path for this file.
    * Open Firefox 3.0. Open the Tools menu and click Options.
    * Under the Network Tab, click Connection > Settings.
    * Under Setting > Choose “Automatic proxy configuration URL” and put the full path to BrowserPAC.js in the text box.
    * Click OK

    NOTE: if you close Fiddler, firefox will give you a bunch of proxy errors and nothing will load. Go back into the Proxy config and un-check the box next to “Automatic…” and change back to your previous setting. FIrefox appears to retain the value you entered for future use.

    From- http://blogs.vertigo.com/personal/bellis/Blog/archive/2008/06/25/quick-tip-making-fiddler-work-with-localhost-and-firefox-3-0.aspx

  2. 2 TomH
    October 1, 2013 at 4:10 pm

    While my fix was different than yours, your advice to use Fiddler finally gave me the information to fix this problem! In my case, a third party tool that had been installed in the farm, and then removed after an evaluation period, did not clean up the files on both farm servers. The workflows failed because of missing Feature files in the 14 hive on the server missing those obsolete feature files. Copying them back over allowed the function workflow editing in SPD to work again. This was a very bizarre problem and not in the least obvious.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: