Server error in ‘/’ Application when creating a sub-site with full control user

When creating a new publishing sub-site or a new page  in a new web application, the user (with full control ) encounters the following server side .Net error.

2017-09-29_13-50-07.jpg

In order to make sure the issue is on a farm level, a new web application was created with NTLM authentication using the Enterprise Publishing template.

Steps to reproduce :

  1. Open a new browser with a new test user account with full control permission on the site.
  2. http://ServerName:Port/sites/TestSiteCollection/
  3. Make sure the user have full control by checking site permission.
  4. Try to create a new test sub-site using the publishing template.
    1. Wiki template also produced the same error.

2017-09-29_13-49-22

We have tried changing the error code to remove custom error message through the Config file, but with no avail. Microsoft support  were able to pin point the problem to the site Collection http://domain/yoursitename/DeviceChannels/AllItems.aspx. this library is a system library generated when activating the publishing feature. It seems this happened since the list didn’t inherit permission correctly or by design had broken inheritance, and didn’t include all authenticated users with read rights. In order to resolve this issue, we added to this list permission to the “NT AUTHORITY\authenticated users” with Read rights. We also added the Farm Admin account (used in the site application pool) with Full Control.

This resolved this issue in my case, I would like to give a shout-out to Furqan Sayyed, and his group leader, Gaurav Mishra, for working hard on this needle in a haystack, and not given up until coming with the right solution. Good work for Microsoft support team!