Accesso negato dalla connettività dei dati aziendali sul contesto dei permessi dei metadati del negozio

sharepoint.stackexchange https://sharepoint.stackexchange.com//questions/82750

Domanda

Quando provo a configurare i permessi del negozio di metadati, continuo a ricevere questo errore

Inserire l'immagine Descrizione qui

Io sono l'amministratore della fattoria e ho pieno accesso su SharePoint per iniziare. Ora come ho perforato ulteriormente guardando i miei tronchi qui è quello che è successo.

SPSecurityContext: 
Could not retrieve a valid windows identity for username 'DOMAIN\UserName' with UPN 'username@domain.com'. UPN is required when Kerberos constrained delegation is used. Exception: System.ArgumentException: Token cannot be zero.     
at System.Security.Principal.WindowsIdentity.CreateFromToken(IntPtr userToken)     
at System.Security.Principal.WindowsIdentity..ctor(IntPtr userToken, String authType, Int32 isAuthenticated)     
at System.Security.Principal.WindowsIdentity..ctor(IntPtr userToken)     
at Microsoft.IdentityModel.WindowsTokenService.S4UClient.CallService(Func`2 contractOperation)     
at Microsoft.SharePoint.SPSecurityContext.GetWindowsIdentity(). b566569c-fb43-705a-1a09-c60c3572d56a
Unexpected  No windows identity for DOMAIN\UserName.    b566569c-fb43-705a-1a09-c60c3572d56a
Access Denied for User '0#.w|DOMAIN\UserName', which may be an impersonation by 'DOMAIN\ServiceUser'. Securable IMetadataCatalog with Name 'ApplicationRegistry' has ACL that contains:     b566569c-fb43-705a-1a09-c60c3572d56a
Unexpcted   'Business Data Connectivity Service' BdcServiceApplication logging server side AccessDeniedException before marshalling and rethrowing on client side: Access Denied for User '0#.w|DOMAIN\UserName', which may be an impersonation by 'DOMAIN\ServiceUser'. Securable IMetadataCatalog with Name 'ApplicationRegistry' denied access. 

Stack Trace:    
at Microsoft.SharePoint.BusinessData.SharedService.IndividuallySecurableMetadataObjectAccessor.SetAccessControlEntries(MetadataObjectStruct metadataObjectStruct, AccessControlEntryStruct[] aces, String settingId, DbSessionWrapper dbSessionWrapper)    
at Microsoft.SharePoint.BusinessData.SharedService.BdcServiceApplication.<>c__DisplayClass2c.<Microsoft.SharePoint.BusinessData.SharedService.IBdcServiceApplication.SetAccessControlEntries>b__2...    b566569c-fb43-705a-1a09-c60c3572d56a
at Microsoft.SharePoint.BusinessData.SharedService.BdcServiceApplication.Execute[T](String operationName, UInt32 maxRunningTime, ExecuteDelegate`1 operation)   b566569c-fb43-705a-1a09-c60c3572d56a
Micro Trace Tags: 0 nasq,0 e5mb,9 9f5y,82 bz7l,0 g220,6 g0k9,0 9f4c b566569c-fb43-705a-1a09-c60c3572d56a
.

Cosa sto sbagliando?Come posso aggiustare questo?Non stiamo usando Kerberos e come faccio a disabilitarlo per BDC? On Old SharePoint 2010 Non ho mai avuto questo problema.

È stato utile?

Soluzione

Ok I solved this issue after nearly a week of tinkering and Gooling, none of what I had done so far fixed it. So I gave up searching and reverted my efforts in creating another fresh instance of Sharepoint 2013, after installation I chose all defaults and check if it gives me the same error, to my surprise it didn't so I searched the differences and applied it with my live Sharepoint.

There are 2 main differences and here they are:

  1. I migrated from classic-mode to claims-based authentication and followed this steps from TechNet http://technet.microsoft.com/en-us/library/gg251985.aspx
  2. Then I reverted my claims to windows service to run as local account then restarted the service.

enter image description here

Now I can "Set Metadata Store Permissions"

enter image description here

Altri suggerimenti

Make sure 'DOMAIN\Userame' is member of WSS_WPG group. Also logout-login to propagate the membership through the domain.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a sharepoint.stackexchange
scroll top