Say SORRY at first that I really don't know how to submit feedback to Microsoft.
I had tried every edition of SharePoint and SQL Server. Which the new released SharePoint Server 2016 occur the error below again and again when running Configuration Wizard:
An error occurred while getting information about the user sp_admin at server hub.com: access denied
Other edition likes SharePoint Server 2013 and (SQL Server 2012 SP3 or 2014 SP1) works fine with same configuration.
So two questions,
How to do feedback?
How to resolved this bug?
Make sure you are running the setup with the setup user account (spAdmin) and configured its necessary security roles for the sql server:
securityadmin (fixed server role)
dbcreator (fixed server role)
See this reference for details about suggested domain accounts and their security roles.
Related
We have CRM 2016 On-premise (IFD Configured) and SharePoint 2016 On-premise (with SSL) . We are trying to enable server based SharePoint integration for this.
The place where we started was from the Microsoft article https://technet.microsoft.com/en-us/library/dn949332.aspx#BKMK_Setup
Now we are struggling with the running the powershell command on the CRM server
.\CertificateReconfiguration.ps1 -certificateFile c:\Personalcertfile.pfx -password personal_certfile_password -updateCrm -certificateType S2STokenIssuer -serviceAccount contoso\CRMAsyncService -storeFindType FindBySubjectDistinguishedName
It gives the error
The service accounts are given permission on the Certificate.
Could be a basic question- but from the powershell command that has to be run, would that need a new pfx file or does it have to be the certificate that was used while configuring IFD for CRM?
Ignoring this error tried enabling the SP integration but it popped out an error saying site Invalid (and no more details). Event viewer pointed to CRM Plugin error on 'ValidateSharePointSite'
I can see the message using network capture tool Microsoft Message Analyzer. I can see the I receive Kerberos error "KDC_ERR_C_PRINCIPAL_UNKNOWN: Client not found in Kerberos database".
I can see all parts of the message, I have been searching online and tried a few things and did not work.
But in order to understand the problem, what does the "client" mean here?
- Is it the Server / Computer that is requesting
- Is it the Application that is requesting
The error is for KRB_TGS_REQ which means that its requesting for a token.
Would be great if anyone could help understand, which I believe can lead to a resolution.
Added more Details:
We have a SharePoint farm setup with SQL Reporting Services (SharePoint Integrated mode) and Excel Services. We have a datasource defined in Sharepoint which are used in SSRS Reports and Excel Reports. We use Windows Authentication from Sharepoint to SQL. When we test connection on Sharepoint datasource we get an error which says Cannot convert Windows token to Claims token. On opening the reports in SSRS we also receive error.
Strange part is that it works for some users which is why I'm not sure how to tackle this issue. If its SQL Server previlage issue, we have assigned sys admin role, this user also added as admin in SSRS. If AD or SPN issue it must not work for all users not for individual users.
I can see successful KRB_TGS_REQ for an admin user but fails for a normal user. No clue what to look for.
Kerberos Message :
KRB_TGS_ERROR, KDC_ERR_C_PRINCIPAL_UNKNOWN: Client not found in Kerberos database, Cname: nothing, Realm: SUB.DOMAIN.COM, Sname: SP_SVC_ACT
Does this mean that the delegation is not working?
Hi I am new to SAP Business Object Central Management Console and trying to schedule a crystal report. For this I made an ODBC connection to a database(NCBODS) in the Server machine using windows authentication. I also gave same windows credentials in CMC as shown in below image. But It gives me an error saying
Error Message:
Error in File C:\Program Files\Business Objects\BusinessObjects Enterprise 11.5\Data\procSched\SDDVCTRTRCH11.reportjobserver\~tmp5448125TH7b9b16.rpt: Unable to connect: incorrect log on parameters. Details: [Database Vendor Code: 18456 ]
I have given the same windows credentials that I use to connect to the app server. Still I am getting "incorrect log on parameters"
But when I use a SQL Authenticated Login in the ODBC connection and also use the same SQL Login credentials in CMC it works fine.
So the problem here is when I use the windows credentials it throws error but works fine when SQL credentials are used. Is there any way I can use windows credentials in CMC?? I really appreciate if any one can help me on this
If you create an ODBC DSN with authentication set to trusted connection (Windows authentication), be aware that a different account will be used when creating the DSN and when using it in BusinessObjects:
When creating the connection: the DSN is created using the credentials you're logged on with (i.e. your Windows AD user account)
When running a report: the connection to the database is initiated through BusinessObjects, thus the account which BusinessObjects is running with, will be used to connect to the database.
In other words, you need to make sure that following requirements are met:
Your SIA (Server Intelligence Agent) which runs your CMS, Crystal Reports servers, etc must be configured to run with an Active Directory service account. By default, it runs with the Local System Account, which will not be able to log on to your database (as it's a local account, it's not even able to access network resources).
You need to grant the service account you used to configure the SIA in step 1 the necessary rights to your database.
Remarks:
If you're using AD SSO, you cannot schedule the report so that it uses the Active Directory credentials of a certain user (because BOBJ doesn't store these credentials, it only verifies them at logon).
If you're not using AD SSO, but are authenticating users to the BusinessObjects platform (InfoView) with manual AD authentication, you can set the option Synchronization of Credentials. This forces BOBJ to store the AD credentials when the user authenticates.
The credentials are stored in the user profile (Database Credentials).
This will be a simple answer for those used to Windows authentication but as Solaris Sysadmin I am just looking for some clarification on how to implement Windows Authentication between an application running on an IIS7 Web Site (running on Server 2008 R2) and a Microsoft SQL 2008 Server.
The application at the moment uses this tag:
Data Source=mydbserverhostname;Initial Catalog=TheDBName;User ID=testuser; Password=apassword
In the specifications it is supposed to use this:
Data Source=mydbserverhostname;Initial Catalog=TheDBName;Integrated Security=SSPI;
I would like to go back and get the Windows Authentication working before I have to deploy to Production. From my understanding of Windows I need to have a Windows Domain account to authenticate against a Service Account which has been set on the SQL Server 2008.
What I am missing is how to achieve this and how to get it running as a service so that I can log out and leave IIS7 running the site and the SQL Server talking to each other.
I have read a couple of similar questions on this forum but the answers seem to be "just switch to SQL Authentication" which I need to avoid in the final implementation.
Any help would be appreciated.
When using the DefaultAppPool change the Identity to a custom username and password that matches the service account that has been created on the SQL Server/(LDAP) as per:
http://www.iis.net/learn/manage/configuring-security/application-pool-identities
Logging in as administrator to Window 2008 R2 I can access all files on the server, naturally.
If I then login to SQL Server 2008 R2 as sa, I cannot access some flat files, for example, to Restore or dump data via bcp. (I can access all flat files via Import/Export Wizard though.)
I end up moving backup files around the file system until I find somewhere that works, or dumping data files to places I would prefer not to use.
How do I give sysadmin rights to these forbidden folders?
Why would my predecessor have blocked sysadmin access to these areas, do you think?
It's because when you are logged into SQL server as SA, you are the admin for SQL server, not the Windows server itself.
You are constrained to what the SQL server service account has rights to access on the machine as that is the context in which SQL server runs.
To be able to access these windows locations from within SQL server, first identify the name of the service account that is actually running the SQL server service and then give the permissions on the folders to this account.
To find the SQL Server service account, you can query the sys.dm_server_services DMV to find the account:
SELECT * FROM sys.dm_server_services
This will show you the service account set for each service, alternatively, you could just look in either the services console in Windows or SQL server configuration manager to see what account the SQL server is logging on as.
This DMV was introduded in SQL Server 2008 R2 SP1, so won't work in earlier versions, the following article has some information on various ways to find the service account:
Get SQL Server Service Account using T-SQL