Access denied by Business Data Connectivity when trying to add myself to the BDC Metadata Store

Originally I was trying to create a ECT in SharePoint Designer 2010, on the production server, and every attempt fails with the error "Access denied by Business Data Connector" and I found the post "Deploying a BDC Model project to SharePoint 2010"
which suggests that I may not have rights to the BCD Metadata Store: "It seems that an account are you using to deploy solution doesn't have sufficient permission in the BDC Metadata Store."
So I tried to set myself (individual windows user) up to have rights via:  "Central Administration->Application Management->Manage Service Application->Business Data Connectivity Service->Click Set Metada Store Permission
on the ribbon->Set Permission you need and tick the checkbox "Propagate permission to all"; and pressing the OK button an error dialog displays stating Access denied by Business Data Connectivity.
What should I check next?

I'm in a situation similar to MarkDavisHQ's.  I was able to get the Metadata Store working by:
Making the BDC app pool identity a local administrator (before that, I was seeing lots of WcfSendRequeust like this in the logs - but I'm still not sure this escalation was necessary.   I have since removed the app pool identity from local administrators
and it ):
Starting the (SharePoint) Claims to Windows Token Service
Can anyone else confirm whether or not local admin privileges are required?
For those who may be stuck at a similar spot,  here are the log excerpts that helped me.
Before I changed the local admin membership, this was appearing in the logs:
04/22/2012 15:03:26.62    w3wp.exe (0x0FFC)    0x0DF4    SharePoint Foundation    Runtime    tkau    Unexpected    Microsoft.BusinessData.Infrastructure.AccessDeniedException:
Access denied by Business Data Connectivity.    at Microsoft.SharePoint.BusinessData.SharedService.BdcServiceApplicationProxy.Execute[T](String operationName, UInt32 maxRunningTime, ExecuteDelegate`1 operation, Boolean performCanaryCheck, Boolean
isChannelThatDelegatesIdentity)     at Microsoft.SharePoint.BusinessData.SharedService.BdcServiceApplicationProxy.SetAccessControlEntries(MetadataObjectStruct metadataObjectStruct, AccessControlEntryStruct[] aces, String settingId)    
at Microsoft.SharePoint.BusinessData.Infrastructure.BdcAccessControlList.SaveAs(MetadataObjectStruct metadataObjectStruct, String settingId, BdcServiceApplicationProxy serviceProxy)     at Microsoft.SharePoint.BusinessData.Administration.IndividuallySecurableMetadataObject.SetAccessControlList(IAccessControlList
acl, String settingId)     at Microsoft.SharePoint.ApplicationPages.ManageBDCPermissions.OkButton_Click(Object sender, EventArgs e)     at System.EventHandler.Invoke(Object sender, EventArgs e)    
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)     at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)     at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl,
String eventArgument)     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    c448101d-363b-4e70-bac4-3ffb0c3313dc
After I changed the membership, I hit this one (which was resolved by starting the Claims to Windows Token Service ):
04/22/2012 21:50:44.54    w3wp.exe (0x1030)    0x0CF4    SharePoint Foundation    Claims Authentication    bz7l    Medium    SPSecurityContext.WindowsIdentity:
Could not retrieve a valid windows identity for NTName='XYZDEV1\e-hugh.kelley', UPN='[email protected]'. UPN is required when Kerberos constrained delegation is used. Exception: System.ServiceModel.EndpointNotFoundException: There was no endpoint listening
at net.pipe://localhost/s4u/022694f3-9fbd-422b-b4b2-312e25dae2a2 that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.IO.PipeException: The pipe endpoint
'net.pipe://localhost/s4u/022694f3-9fbd-422b-b4b2-312e25dae2a2' could not be found on your local machine.      --- End of inner exception stack trace ---    Server stack trace:      at System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeName(Uri
uri)     at System.ServiceModel.Channels.NamedPipeConnectionPoolRegistry.NamedPipeConnectionPool.GetPoolKey(EndpointAddress address, Uri via)     at System.ServiceModel.Channels.CommunicationPool`2.TakeConnection(EndpointAddress
address, Uri via, TimeSpan timeout, TKey& key)     at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)     at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan
timeout)     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)     at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan
timeout)     at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)     at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)    
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)     at Microsoft.IdentityModel.WindowsTokenService.S4UClient.IS4UService_dup.UpnLogon(String
upn, Int32 pid)     at Microsoft.IdentityModel.WindowsTokenService.S4UClient.<>c__DisplayClass1.<UpnLogon>b__0(IS4UService_dup channel)     at Microsoft.IdentityModel.WindowsTokenService.S4UClient.CallService(Func`2
contractOperation)     at Microsoft.SharePoint.SPSecurityContext.GetWindowsIdentity().    090b18ec-3a6f-4367-a74b-b6a113a62507
04/22/2012 21:50:44.54    w3wp.exe (0x1030)    0x0CF4    SharePoint Foundation    Claims Authentication    g220    Unexpected    No windows identity
for xyzdev1\e-hugh.kelley.    090b18ec-3a6f-4367-a74b-b6a113a62507

Similar Messages

  • "Access denied by Business Data Connectivity" on trying to connect to SQL server for creating external content type

    I was trying to create external client type but whenever I try to connect to Database server it is showing me error"Access denied by Business Data Connectivity". I have given the Secure Store Target Application ID coorectly and it is setup coorectly.
    In BDC service application I have given myself all the permissions( edit,execute,Selectable in clients,Set Permissions) through set metadata store permission option in it.
    Please suggest what other reason can be there for the error.
    Thanks and Regards
    Gaurav

    Hi Gaurav,
    If you have given your account all permissions through setting metadata store permission, the issue should be resolved.
    For a better trouble shooting , I suggest you do as the followings:
    1. Assign administrators to a Business Data Connectivity service application
    Here is a detailed article for your reference:
    http://technet.microsoft.com/en-us/library/ff973113.aspx
    2. You can try to recreate a Business Data Connectivity service application to test whether it works.
    http://www.dotnetcurry.com/showarticle.aspx?ID=794
    Best regards,
    Zhengyu Guo
    Zhengyu Guo
    TechNet Community Support

  • Error while crawling LOB contents. ( Access denied by Business Data Connectivity. )

    Hi,
    When I execute Incremental or Full Crawl I get 17000 error and only 1 success.
    The error is:
    Error while crawling LOB contents. ( Access denied by Business Data Connectivity. )
    I went to Central Admin > Security > Specify Web application Policy > Search for the service account for crawl and it's "svc_SPSearch"
    I went to Central Admin > Application Management > Manage Service Application > BDC Service > I select all the affected external sources > then Set Object Permission in ribbon > Added "svc_SPSearch" with execute rights > then
     kick incremental crawl...
    After this I still get 17000 error, 1 success.. Still an error.
    I am not sure how the crawler's trust to FAST infrastructure works.
    Your response is appreciated. Thanks!
    -Fran

    I have the same issue. 
    I have Configured the BDC Service application using SQL external content. The connection was successful and I am able to see the external content in the List "BDC Demo" . But when I search in the BDC Demo site it gives nothing.
    So I checked in the crawl logs and identified that it shows " 1 " under error. to further drill down the issue , I went to click on "1" and see the error message : Error while crawling LOB contents SharePoint 2013 .
    I have created an external DB named BCSDemo_DB for which I have granted my search Service account read& write permission.
    I have added the same account under administrators for both secure store and BCS service applications. 
    I have done index reset , done a full crawl but the error still occurs.
    Can someone please advise if I am missing something.
    Regards

  • Error when trying to add examplesserver to the target....

    Can anyone point out what I'm not doing correctly,
    -Configuring the J2ee Deployathon
    -WL 6.1 Sp2
    -Oracle 9i
    -db name - petstore
    -server - server1
    url - jdbc:weblogic:oracle:petstore
    driver - weblogic.jdbc.oci.Driver
    Properties - user=SYSTEM
    password=manager
    server=server1
    I was able to use the utils.Schema to upload (Oracle.sql) the data to the database
    petstore.
    This is the error message when I try to add the examplesserver in target for the
    connection pool:
    <Aug 7, 2002 9:42:17 AM CDT> <Notice> <WebLogicServer> <Started WebLogic Admin
    Server "examplesServer" for domain "exam
    les" running in Development Mode>
    Starting Loading jDriver/Oracle .....
    ---------- LOGIN ERROR CODE: 24327
    ---------- LOGIN ERROR CODE: 24327
    <Aug 7, 2002 9:43:36 AM CDT> <Error> <JDBC> <Cannot startup connection pool "petstorePool"
    weblogic.common.ResourceExce
    tion:Could not create pool connection. The DBMS driver exception was:java.sql.SQLException:
    ORA-24327: need explicit attach before authenticating a user - (SYSTEM/********@beavis_petstore.
    2eedom) at weblogic.db.oci.OciConnection.getLDAException(OciConnection.java:164)
    at weblogic.jdbc.oci.Driver.connect(Driver.java:112).....
    Thanks in Advance,
    David Truong

    Can anyone point out what I'm not doing correctly,
    -Configuring the J2ee Deployathon
    -WL 6.1 Sp2
    -Oracle 9i
    -db name - petstore
    -server - server1
    url - jdbc:weblogic:oracle:petstore
    driver - weblogic.jdbc.oci.Driver
    Properties - user=SYSTEM
    password=manager
    server=server1
    I was able to use the utils.Schema to upload (Oracle.sql) the data to the database
    petstore.
    This is the error message when I try to add the examplesserver in target for the
    connection pool:
    <Aug 7, 2002 9:42:17 AM CDT> <Notice> <WebLogicServer> <Started WebLogic Admin
    Server "examplesServer" for domain "exam
    les" running in Development Mode>
    Starting Loading jDriver/Oracle .....
    ---------- LOGIN ERROR CODE: 24327
    ---------- LOGIN ERROR CODE: 24327
    <Aug 7, 2002 9:43:36 AM CDT> <Error> <JDBC> <Cannot startup connection pool "petstorePool"
    weblogic.common.ResourceExce
    tion:Could not create pool connection. The DBMS driver exception was:java.sql.SQLException:
    ORA-24327: need explicit attach before authenticating a user - (SYSTEM/********@beavis_petstore.
    2eedom) at weblogic.db.oci.OciConnection.getLDAException(OciConnection.java:164)
    at weblogic.jdbc.oci.Driver.connect(Driver.java:112).....
    Thanks in Advance,
    David Truong

  • TS3297 I keep getting an error when trying to add songs to the iCloud. Error reads: "We could not complete your iTunes_Store request. An unknown error occurred (4002)" I have tried to completely delete iTunes and reinstall but still getting error.

    I keep trying to download songs to ICloud but keep getting an error: "We could not complete your itunes_store request. An unknown error occurred(4002)"
    I have deleted itunes and reinstalled but continue to get error. Want else can I do?

    Thanks jdnjo.  Your fix also worked in Windows 8!

  • Premiere freezes when trying to add media to the timeline.

    Dxdiag:
    I start up Premiere.
    I import a file via File > Import...
    I drag the file but it doesn't move and causes the program to freeze.
    I have updated all my drivers already and this has been going on for the past 6 months but now I need the program for my next class.

    Apparently iTunes froze because of an .m3u file that was in the folder.  The icon for the .m3u file was the same as the .mp3 files and I hadn't noticed it until I attempted to play the file as a last resort to add the music to iTunes.

  • Opportunity - Access denied.(SBL-DAT-00284) Error

    I am getting error as Access denied.(SBL-DAT-00284) when I am trying to create a new opportunity record.
    I checked Roles and access profile. Setup looks correct there. Any idea of issue. Thanks VK

    I was access profile issue. I resolved. Thanks VK

  • External content type error: Business Data Connectivity object not found.

    Hello
    I have to change the external database (external system) for an external content type. The database view on the new database is exactly the same as on the old database.
    After changing the external system of the external content type, this happens:
    When I try to add a new item to the list, I get this error under the external data field:
    "Business Data Connectivity object not found. Administrators, see the server log for more information."
    Also, when I try to update the external data field, it is not possible because the buttons are grey.
    When I add a new external data field to the same list, I can use the external content type. For some reason the current external data field doesn't update.
    Any ideas?
    Any help would be much appreciated!

    Have you implemented both ‘Read List’ & ‘Read Item’ operations in your ECT?
    This may be helpful -
    https://sharepointcreations.wordpress.com/2014/03/13/business-data-connectivity-object-not-found/
    Thanks
    Ganesh Jat [My Blog |
    LinkedIn | Twitter ]
    Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful.

  • Sharepoint 2013 adding ECT fails with "Access Denied by Business Connectivity Service"

    Using SharePoint Designer 2013 I am attempting to setup an External Content Type to a SQL DB. I have setup the SQL database with a valid login that was also used to setup an account with the Secure Store Service. I am running SharePoint 2013 designer and
    have opened my site with administrative credentials. No matter what, I continue to get the "access denied" message when I try to add this SQL database to my ECT section in SPD. All users have access to invoke the BCS app.
    I have deleted and recreated the BCS service application and it is running with farm credentials and temporarily I added the farm account to the local admin account....and again verified that all users have rights to run BCS...
    In all other aspects my SharePoint sites are working, I can modify and add via SPD and publish...etc...but I cannot add a connection to an external SQL server. I have also verified through Excel that I can connect to my SQL DB with the same credentials that
    I am trying in SharePoint and everything works.
    Most of the posts I see in this area relate to permissions or access problems AFTER the ECT connection is created. My problem is I can't even get a connection created.

    Here are the error logs that are generated when I try to connect....maybe this will help someone tell me where to correct the issue.....(I removed the actual domain names) but my account was listed which is an admin on the sharepoint system and domain.
    06/25/2013 16:48:00.24 w3wp.exe (0x1908) 0x0EE4 Business Connectivity Services Business Data 9f4c Unexpected 'Business Data Connectivity Service' BdcServiceApplication logging server side AccessDeniedException before marshalling
    and rethrowing on client side: Access Denied for User '0#.w|"domain\my account', which may be an impersonation by 'Domain\"sharepoint admin account"'. Securable IMetadataCatalog with Name 'ApplicationRegistry' denied access. Stack Trace:   
    at Microsoft.SharePoint.BusinessData.SharedService.ModelAccessor.Create(MetadataObjectStruct rawValues, MetadataObjectStruct applicationRegistryStruct, DbSessionWrapper dbSessionWrapper)     at Microsoft.SharePoint.BusinessData.SharedService.BdcServiceApplication.Execute[T](String
    operationName, UInt32 maxRunningTime, ExecuteDelegate`1 operation) 97fe289c-5245-e040-0f76-59614537398e
    06/25/2013 16:48:00.24 w3wp.exe (0x1908) 0x0EE4 Business Connectivity Services Business Data g0kc High Access Denied for User '0#.w|domain\my user account', which may be an impersonation by 'Domain\"sharepoint admin account"'.
    Securable IMetadataCatalog with Name 'ApplicationRegistry' has ACL that contains: 97fe289c-5245-e040-0f76-59614537398e

  • Error when click Manage in Business Data Connectivity Service Sharepoint 2013

    Dear all,
    In Sharepoint central administration, I click manage service applications. Then, I click New > Business Data Connectivity Service. After create new Business Data Connectivity Service, when I click Manage to manage this new Business Data Connectivity Service,
    there is error "Cannot complete this action as the Business Data Connectivity Shared Service is not responding. Please contact your administrator." In event viewer, there is error ""The BDC Service application is not accessible. The full
    exception text is : The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'NTLM'.
    I have tried to delete and create the BDC Service application, but it still did not work. I have tried to restart BDC Service and do iisreset, but it still did not work.
    Please help. Thank you.
    Best regards,
    Johanna

    Hi,
    According to your post, my understanding is that you get an issue about the Business Data Connectivity Service.
    To quickly and accurately find the issue, I recommend you can check the event log and ULS log to see if anything unexpected occurred.
    For SharePoint 2013, by default, ULS log is at
    C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS
    You can check the ULS log by the methods here:
    http://blogs.msdn.com/b/opal/archive/2009/12/22/uls-viewer-for-sharepoint-2010-troubleshooting.aspx
    http://msdn.microsoft.com/en-us/library/gg193966(v=office.14).aspx
    Thanks & Regards,
    Jason
    Jason Guo
    TechNet Community Support

  • Connecting to Sharepoint Online Access Web Tables - error - The business data connectivity metadata sore is currently unavailable

    I have a SharePoint Online E3 site kbhp2-public.SharePoint dot com  on which I have created an Access Web App.  Now, I need to use an External Content Type to access the underlying database tables, which I understand to be stored somewhere
    in Azure.  The ID of the server is bxh1ixb9lo.database.windows.net and the ID of the database is db_9857fa7d_4bf1_4558_be8c_24543b041e2.
    I have done the following so far:
    Set Metadata Store Permissions
    Created Secure Store credentials Mapping
    But when I opened the SharePoint site in SharePoint Designer and clicked on External Content Types, I get the Message:
    The business data connectivity metadata store is currently unavailable.
    Any guidance you can give me will be greatly appreciated
    Steve

    Hi Steve,
    It is Windows Azure SQL Database forum. Your question is more related to SharePoint Online.
    Please post the question in the Office 365 or online services forum. It is appropriate and more experts will assist.
    http://social.technet.microsoft.com/Forums/msonline/en-US/home?forum=onlineservicessharepoint
    http://community.office365.com/en-us/f/154.aspx
    Regards,
    Fanny Liu
    Fanny Liu
    TechNet Community Support

  • HT4993 getting error message could not activate cellular data network when trying to access the internet without using wifi.  what do i need to do?  i have already restore the phone.

    getting error message could not activate cellular data network when trying to access the internet without using wifi.  what do i need to do?  i have already restore the phone.

    contact your phone carrier as they handle cellular network.

  • I receive "Database access denied" when trying to add component 4543BD

    I receive "Database access denied" when trying to add component 4543BD to my schematic. This component was added from a previous version. I'm using Multisim version 12.0.0  Student edition.
    Solved!
    Go to Solution.

    Hi Diarra,
    I checked my database and  the  4543 is not in the Student Edition. If you opened a schematic that was created in a higher version such as the Educaiton Edition and copied the part to your database, when you place this part you will get the access denied message. 
    Attached is a schematic with the part, you can open it and build you circuit around it.
    Tien P.
    National Instruments
    Attachments:
    4543.ms12 ‏62 KB

  • An internal database error occurred in the Business Data Connectivity Shared Service. SQL Error Number : 229

     Recently i upgraded my SharePoint server 2013 to SP1, after the upgrade i received following message in manage database Status page " Databases running in compatibility range, upgrade recommended" 
    for Business Data Connectivity Database. Then i ran Sharepoint Configuration wizard, which fixed that error on that page but i am getting a error message while accessing BDCApplication page in manage service applications pagein central admin"
    An internal database error occurred in the Business Data Connectivity Shared Service. SQL Error Number : 229
    Sys Log :
    The BDC Service application failed due to a SQL Exception: SQLServer host WSQLD05\DV. The error returned was: 'The EXECUTE permission was denied on the object 'proc_ar_GetAdministrationMetadataCatalogByPartitionId', database 'sp_BusinessDataConnectivity_DV13',
    schema 'dbo'.'
    I checked the Db role of the service app pool account, it has SPDataAccess permission over the Database. i cant recreate another application without knowing the root cause. I hope i can get better option to troubleshoot the issue.
    Thank you

    As per the error message, you can at least grant the BDC service application pool account the EXECUTE perimssions on the sp_BusinessDataConnectivity_DV13 database
    Edwin Sarmiento SQL Server MVP | Microsoft Certified Master
    Blog |
    Twitter | LinkedIn
    SQL Server High Availability and Disaster Recover Deep Dive Course

  • Cannot connect to Business Data Connectivity Metadata Store

    I am trying to connect to an external data source (web service) that is hosted on another server through SharePoint designer.
    I go to the external content type section->new content type-> External system "click here to discover external data sources and define operations"
    Add connection->data source type ="wcf service"
    enter url in the "service metadata url" and "service endpoint url"
    Try to connect. While trying to connect, it gives me this error
    "Cannot connect to Business Data Connectivity Metadata Store"
    error details: "The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults(either from ServiceBehaviorAttribute or from the <serviceDebug> configuration
    behavior) on the service in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK  documentation and inspect the server trace logs."
    Any help would be greatly appreciated.

    Hello.
    This solution with New-SPTrustedRootAuthority helped me in the following situation (which is like the one in the topic):
    I have a WCF service hosted on the SharePoint web site with dynamic binding. SharePoint web site is configured with host header (DNS alias) and SSL. Kerberous is enabled (this config does not work with NTLM only). I use Secure Store Service identity (Windows
    type) when configuring BSC connection to the service. When I try to connect to this WCF service from SharePoint Designer to create an external content type, I get this errror: "Cannot connect to Business Data Connectivity Metadata Store".
    These two steps resolved the issue:
    1) Add SSL certificate of the web site where WCF service is hosted to the "Trusted Root Certification Authorities" of "Certificates (Local Computer)"
    2) Run the following command in SharePoint PowerShell console:
    foreach ($cert in (Get-ChildItem cert:\LocalMachine\Root)) { if (!$cert.HasPrivateKey) {New-SPTrustedRootAuthority -Name $cert.Thumbprint -Certificate $cert } }

Maybe you are looking for

  • Safari 7.0.1 crashes in OS 10.9.1

    A few days ago, Safari started crashing. Safari opens, but not into a window. When I try to open a window, or do pretty much anything else, it crashes. Here are all the steps I've taken: – First of all, I read every other discussion I could find on t

  • Help w/ connecting MacBook to HDTV

    I want to be able to connect my macbook (black) to my LG HDTV. I am using the DVI adapter to VGA (RGB). All I get is "no signal" on my TV. When I tried it out w/my Dell (didn't need the DVI adapter since my Dell has a VGA input), it worked right away

  • Query on pricing Scales in LSMW

    Hai, I have a problem on scales,  In LSMW  through recording method i am creating pricing condition using XK15 transaction. But my problem is if material has 2 or 3 scales, at end of batch input session i am getting last scale value Ex :  Matnr     

  • PO History

    Hi ABAPers,    Can any one tell me what are the tables to be taken to display PO History. If possible can any send me a report on PO History. Its urgent.. waiting for your reply.. Thanks Kumar

  • A HOST command in PL/SQL?

    Hello guys! :) I need to execute some SFTP commands on the database server to another SFTP server. In oracle forms theres a built in called "HOST" which executes native commands on the server. Is there something similar to that in PL/SQL? Also, im wo