Metadata Storeのアクセス許可の設定に関するビジネスデータ接続によって拒否されました
https://sharepoint.stackexchange.com//questions/82750
-
10-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian質問
メタデータストア権限を設定しようとすると、このエラーが発生し続けます
私はファーム管理者であり、SharePointを起動するためにフルアクセス権を持っています。 私がここに私のログを見ることをさらに見るところが起こったことです。
SPSecurityContext:
Could not retrieve a valid windows identity for username 'DOMAIN\UserName' with UPN 'username@domain.com'. UPN is required when Kerberos constrained delegation is used. Exception: System.ArgumentException: Token cannot be zero.
at System.Security.Principal.WindowsIdentity.CreateFromToken(IntPtr userToken)
at System.Security.Principal.WindowsIdentity..ctor(IntPtr userToken, String authType, Int32 isAuthenticated)
at System.Security.Principal.WindowsIdentity..ctor(IntPtr userToken)
at Microsoft.IdentityModel.WindowsTokenService.S4UClient.CallService(Func`2 contractOperation)
at Microsoft.SharePoint.SPSecurityContext.GetWindowsIdentity(). b566569c-fb43-705a-1a09-c60c3572d56a
Unexpected No windows identity for DOMAIN\UserName. b566569c-fb43-705a-1a09-c60c3572d56a
Access Denied for User '0#.w|DOMAIN\UserName', which may be an impersonation by 'DOMAIN\ServiceUser'. Securable IMetadataCatalog with Name 'ApplicationRegistry' has ACL that contains: b566569c-fb43-705a-1a09-c60c3572d56a
Unexpcted 'Business Data Connectivity Service' BdcServiceApplication logging server side AccessDeniedException before marshalling and rethrowing on client side: Access Denied for User '0#.w|DOMAIN\UserName', which may be an impersonation by 'DOMAIN\ServiceUser'. Securable IMetadataCatalog with Name 'ApplicationRegistry' denied access.
Stack Trace:
at Microsoft.SharePoint.BusinessData.SharedService.IndividuallySecurableMetadataObjectAccessor.SetAccessControlEntries(MetadataObjectStruct metadataObjectStruct, AccessControlEntryStruct[] aces, String settingId, DbSessionWrapper dbSessionWrapper)
at Microsoft.SharePoint.BusinessData.SharedService.BdcServiceApplication.<>c__DisplayClass2c.<Microsoft.SharePoint.BusinessData.SharedService.IBdcServiceApplication.SetAccessControlEntries>b__2... b566569c-fb43-705a-1a09-c60c3572d56a
at Microsoft.SharePoint.BusinessData.SharedService.BdcServiceApplication.Execute[T](String operationName, UInt32 maxRunningTime, ExecuteDelegate`1 operation) b566569c-fb43-705a-1a09-c60c3572d56a
Micro Trace Tags: 0 nasq,0 e5mb,9 9f5y,82 bz7l,0 g220,6 g0k9,0 9f4c b566569c-fb43-705a-1a09-c60c3572d56a
私は何を間違っていますか?どうすればいいですか?私たちはKerberosを使用していません、そして、BDCのためにそれを無効にするのですか?
解決
Ok I solved this issue after nearly a week of tinkering and Gooling, none of what I had done so far fixed it. So I gave up searching and reverted my efforts in creating another fresh instance of Sharepoint 2013, after installation I chose all defaults and check if it gives me the same error, to my surprise it didn't so I searched the differences and applied it with my live Sharepoint.
There are 2 main differences and here they are:
- I migrated from classic-mode to claims-based authentication and followed this steps from TechNet http://technet.microsoft.com/en-us/library/gg251985.aspx
- Then I reverted my claims to windows service to run as local account then restarted the service.
Now I can "Set Metadata Store Permissions"
他のヒント
Make sure 'DOMAIN\Userame' is member of WSS_WPG group. Also logout-login to propagate the membership through the domain.
