I have a love/hate relationship with SharePoint, and for the last 24 hours I've been leaning on the hate part of the relationship.
I noticed the following messages in my logs on SharePoint:
Object Cache: The super user account utilized by the cache is not configured. This can increase the number of cache misses, which causes the page requests to consume unneccesary system resources.
To configure the account use the following command ‘stsadm -o setproperty -propertyname portalsuperuseraccount -propertyvalue account -url webappurl’. The account should be any account that has Full Control access to the SharePoint databases but is not an application pool account.
Current default super user account: SHAREPOINT\system
Object Cache: The super reader account utilized by the cache does not have sufficient permissions to SharePoint databases.
To configure the account use the following command 'stsadm -o setproperty -propertyname portalsuperreaderaccount -propertyvalue account -url webappurl'. It should be configured to be an account that has Read access to the SharePoint databases.
Current default super reader account: NT AUTHORITY\LOCAL SERVICE
So, I ran the commands and thought everything would be good to go--boy was I wrong. Suddenly I started getting "Access Denied" errors on every page that I went to. The logs weren't helpful in indicating what the issue was either. Finally I found a post here that definately applied to my situration--I was using claims-based authentication, but I had used [domain]\[username] when setting the super reader and super user accounts. I ran the script again with the correct accounts and...I still had the same problem. The only parts of the site I could get into was the site settings--I couldn't get into any other account. As a side note, I found that I also could not connect via SharePoint Designer--it would just result in a looping login.
After hours of trying anything to get this to work, I decided to go to Central Administration and enable anonymous access and remove NTLM authentication. After changing these settings, I was finally able to get into the site! I then crossed my fingers, disabled anonymous access and added NTLM authentication again and voila--I could once again access the site.
Just in case you don't see it in the blog post I referenced in this article, the super user and super reader accounts should be two separate domain accounts that are not used to log into the site. The super user account needs Full Control on the web application and the super reader account needs Full Read on the web application.