Access Denied errors in MOSS2007
in [Portal Server]
|
Prev: How to upload document into Sharepoint 2007 using the webservice
Next: Error saving documents to SharePoint 2003 after view in office2007
From: Daniel on 20 Oct 2006 18:37 We'll B2TR was just released and I'm still seeing this bug, is this the case for you guys as well? "Scott Hanks" wrote: > I'm trying to find out, but so far I haven't gotten a reply. > > Scott > > "Jerry Rasmussen" wrote: > > > Scott > > Any idea when Beta2TR will be released? > > > > Scott Hanks wrote: > > > I got a response from someone at Microsoft about this problem. Due to a bug > > > in beta 2, the domain account you're using for the My Site application pool > > > identity must be given farm-level permissions. This is supposed to be fixed > > > in the Beta2TR release. > > > > > > I added the app pool account to the "SharePoint administrator's group" (aka, > > > Farm Administrators), and we can now create My Sites. > > > > > > Hope this helps. > > > > > > Scott > > > > > > "CC-Gov-Mat" wrote: > > > > > >> Mario, > > >> > > >> Thank you for giving me a work around. Here is what I found in my instance > > >> in case others stumble into the same fate: > > >> > > >> In deed this is a permissions problem with the Application Pool for the SSP > > >> Web Application. I fell into the problem by following the installation > > >> instructions at: > > >> http://officebeta.iponet.net/en-us/techcenter/HA100337721033.aspx > > >> > > >> Under the “Security account requirements” section I went ahead and setup a > > >> domain user for SSP Application Pool and another domain user for SSP User, as > > >> well as all the recommended accounts. Both accounts were not granted any > > >> extra group or local privileges for security. > > >> > > >> Under “Configure Office SharePoint Server 2007 services” and “Create the > > >> Shared Services Provider” Step 4 asks you create a new web application for > > >> the SSP. Step 8,9,10 ask you to setup the application pool with a domain user > > >> created for the SSP App Pool with “least privilege”. I did. I believe this is > > >> where the bug is introduced. That “least privilege” user does not have rights > > >> somewhere in the My Site creation process. In tracking to down where, I was > > >> unable to spend enough time to determine which rights to which database the > > >> user does not have enough access too, but it is db_owner of the all the SSP > > >> labeled ones. My guess is that it lies in the Config or AdminContent DBs. > > >> > > >> I was able to use Mario's information to modify the application pool account > > >> in IIS that SSP website is using to authenticate with the MOSS Service > > >> Account instead and presto, My Sites were able to be created. I have > > >> duplicated this one two of my development systems to verify that I was not > > >> entirely crazy. > > >> > > >> Hope this helps others who may be following the instructions to harden their > > >> MOSS beta installations. > > >> > > >> Mat > > >> > > >> > > >> "mario.allegro(a)gmail.com" wrote: > > >> > > >>> I changed the identity of the SharedServices1MySitePool in IIS Manager > > >>> to an user with enough rights on the DB Instance of Officeservers and > > >>> it worked. Took long enough to get the installation done right ;-) > > >>> > > >>> Happy testing > > >>> > > >>> > > >>> CC-Gov-Mat wrote: > > >>>> Jason, > > >>>> > > >>>> I too am experiencing the MySite error. Although, I have not found a > > >>>> solution to the problem, here is some more information for anyone following > > >>>> the thread that can help. It appears to be an authorization issue enforced in > > >>>> SharePoint. I have checked that my user has the appropriate permissions in > > >>>> the SSP by enabling the all the features under "Personalization services > > >>>> permissions" for my user. Per Steve Smith's post, I have had the problem with > > >>>> AD users that have and have not had the website URL in their profiles. (I > > >>>> deleted mine just to be sure). I have repeated the problem on two separate > > >>>> installs, one in the MS Virtual Server environment and one out. The install > > >>>> has been setting the server up as if it were going to be in a farm, but the > > >>>> DB (SQL 2005 SP1) and all services are on a single box for now. Both servers > > >>>> were installed with the WinFX package 3.0.3906.22 and the SSP sites were > > >>>> created using the default install port method. > > >>>> > > >>>> In checking the windows application error logs the following two errors are > > >>>> generated each time I, or others, try to click on "My Site" to create a site > > >>>> for the first time. > > >>>> > > >>>> *** ERROR TEXT *** > > >>>> Event Type: Error > > >>>> Event Source: Windows SharePoint Services 3 > > >>>> Event Category: General > > >>>> Event ID: 6141 > > >>>> Date: 7/25/2006 > > >>>> Time: 11:45:48 AM > > >>>> User: N/A > > >>>> Computer: CCISDEV7M > > >>>> Description: > > >>>> The site /personal/chasem could not be created. The following exception > > >>>> occured: Access is denied. (Exception from HRESULT: 0x80070005 > > >>>> (E_ACCESSDENIED)). > > >>>> > > >>>> *** > > >>>> > > >>>> Event Type: Error > > >>>> Event Source: Office SharePoint Server > > >>>> Event Category: User Profiles > > >>>> Event ID: 5187 > > >>>> Date: 7/25/2006 > > >>>> Time: 11:45:48 AM > > >>>> User: N/A > > >>>> Computer: CCISDEV7M > > >>>> Description: > > >>>> My Site creation failure for user 'CLARK-COUNTY\chasem' for site url > > >>>> 'http://ccisdev7m:55556/personal/chasem'. The exception was: > > >>>> Microsoft.Office.Server.UserProfiles.PersonalSiteCreateException: Failed to > > >>>> Create Site ---> System.UnauthorizedAccessException: Access is denied. > > >>>> (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) > > >>>> at > > >>>> Microsoft.SharePoint.SPGlobal.HandleUnauthorizedAccessException(UnauthorizedAccessException ex) > > >>>> at Microsoft.SharePoint.Library.SPRequest.CreateSite(Guid gApplicationId, > > >>>> String bstrUrl, Int32 lZone, Guid gSiteId, Guid gDatabaseId, String > > >>>> bstrDatabaseServer, String bstrDatabaseName, String bstrDatabaseUsername, > > >>>> String bstrDatabasePassword, String bstrTitle, String bstrDescription, UInt32 > > >>>> nLCID, String bstrWebTemplate, String bstrOwnerLogin, String bstrOwnerName, > > >>>> String bstrOwnerEmail, String bstrSecondaryContactLogin, String > > >>>> bstrSecondaryContactName, String bstrSecondaryContactEmail, Boolean > > >>>> bADAccountMode, B |