Sharepoint access denied- Domain name expired

Similar Messages

• Accessing WAN domain name within my LAN

  Hmmm, I'm not sure if that Subject was very helpful.
  I have a home LAN with several computers, including a laptop that goes with me to work. My desktop hosts a number of services (IMAP, SSH, HTTP, etc). I use dyndns.org to point to my home LAN, and my router uses port forwarding to point those services to the desktop.
  When I'm in my LAN, I reach my desktop by using its local IP address (i.e., 192.168....); when I'm outside my LAN, I reach the desktop using the domain name.
  Since I use my laptop at home and on the road, I need to do annoying things like change Mail.app's server settings everytime I change location.
  Surely there's a better way. Any suggestions?

  I didn't catch what OS the desktop system is running, but configuring bind/named is pretty well documented and not a major task. In my opinion, you're just front-loading all the work at one time rather than messing around with changing your mail application settings.
  If you decided to go that route later, search for "caching name server" and set that up. Then simply add a zone file for the domain you're looking to override on the local network and you're pretty much done.
  I don't know how you retrieve your mail, but if IMAP is an option, you might want to consider using separate mail programs and use IMAP as the method in which you retrieve mail. IMAP assures the clients will be in sync, and you simply configure Mail for one location and another mail client, like Thunderbird or Entourage, for another location. Kludgy, inelegant, but it works because I've used that solution myself. If IMAP isn't available, you can probably get by with POP3 and tell the mail clients to leave the mail on the server. Mail and Thunderbird do a fair job of keeping things sync'd, although IMAP is much more preferable.

• How to access sharepoint site from domain B users .

  SharePoint 2010 is installed in one domain A. another domain created in another country and both domains are trusted.
  and domain B users are added in sharepoint site. But when users of another domain try to access sharepoint site they are not able to access.

  When you say they cant access, what is the issue? 404 error etc. or SharePoint access denied?
  Thanks
  Paul
  Paul Mather | Twitter |
  http://pwmather.wordpress.com | CPS

• Help:Domain name forwarding to .mac URL

  Experts - newbie here - used iweb and built my site. Forwarded my domain name to the .mac URL and everytime I try to access the domain name I get a .mac screen that says my .mac iweb site does not exist. Seemed all rather simple with point and click so now what? Thanks

  everytime I try to access the domain name I get a
  .mac screen that says my .mac iweb site does not
  exist.
  Most likely you made an error in the url. If you would provide the two urls someone could probably help you fix it, otherwise it's pretty impossible.

• SharePoint 2010 - Claims Based Authentication - Access Denied for AD Group members

  We're in the process of migrating our SharePoint 2003 system to 2010 and have used Metavis to migrate the data. We had to do the data migration in a lab environment and then move/attach the content database to our production server. The database attached successfully
  and I, as a site collection administrator, can see all sites and the data therein. We are using claims-based auth with ADFS 2.0 as the provider.
  My users, however, get access denied trying to go anywhere on the site. I have added the Active Directory groups to the appropriate SharePoint groups and have confirmed the groups are appearing with the c:0-.t|adfs|group_name syntax. If I add them as individual
  users (i:05.t|adfs|[email protected]) they can authenticate fine, but not by AD group membership.
  I enabled ADFS tracing and I see that the claim being provided includes the SIDs for all the groups the user belongs to. Using ULS Viewer I can see that SharePoint sees the correct number of claims (it doesn't show what those claims are, just the number) but
  it doesn't seem to be connecting the SIDs passed to the group name used in the permissions list. I have also updated the portalsuperreader and portalsuperuser accounts after the database was moved, just in case there was something weird there.
  The ADFS and SharePoint servers are all in the same AD domain, so they should be able to resolve SIDs ok. I suspect the issue is somehow related to the migration of the content database from a separate
  environment (different domain), but I can't figure out for the life of me how to get the group authentication to work.
  Thoughts?

  Brilliant idea. Unfortunately that didn't work - I can get to the new site as the site collection owner, but members of groups to which I assigned permissions still get Access Denied. :-(

• Access denied when adding people to SharePoint group

  Hi all,
       I've been having problems with my SharePoint 2010 deployment that wasn't deployed by me. Sound familiar? Anyways, here is my problem: I try to add people to a SharePoint group and I'm getting:
  Access Denied.
  You do not have permission to perform this action or access this resource.
  Troubleshoot issues with Microsoft SharePoint Foundation.
  Correlation ID: 930333d7-64dc-4135-8f51-686303a9847c
  Date and Time: 7/29/2014 2:21:11 PM
  I've been having problems with pulling AD members in one of my site collections for awhile now. Been troubleshooting with what information I can find online. One step I took was to blank out the LDAP search string for each site collection so that it's not
  limited to certain OUs. 
  Also I am getting security log entries that my farm account is trying to authenticate as a privileged [administrative permissioned] account for an employee that is no longer with us. Coincidentally enough he's the one that deployed this SharePoint solution
  originally.
  I need help in tracking down why I cannot add users to groups in this one site collection; but my root site collection I can add people no problem.
  Environment:
  Server1: SQL 2008 R2 on Windows Server 2008 R2
  Server2: SharePoint 2010 with Enterprise CALs on Server 2008 R2
  Current event viewer entries of note:
  Load control template file /_controltemplates/TaxonomyPicker.ascx failed: Could not load the assembly ';Microsoft.SharePoint.Portal, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'. Make sure that it is compiled before accessing the page.
  Object Cache: The super user account utilized by the cache is not configured. This can increase the number of cache misses, which causes the page requests to consume unneccesary system resources.
  To configure the account use the following command 'stsadm -o setproperty -propertyname portalsuperuseraccount -propertyvalue account -url webappurl'. The account should be any account that has Full Control access to the SharePoint databases but is not an application pool account.
  Additional Data:
  Current default super user account: SHAREPOINT\system
  A logon was attempted using explicit credentials.
  Subject:
  Security ID: domain\farm_account
  Account Name: farm_account
  Account Domain: domain
  Logon ID: 0x79c13
  Logon GUID: {e25efc28-8db1-ea76-9a8e-6d0143a681d9}
  Account Whose Credentials Were Used:
  Account Name: former_admin_employee
  Account Domain: domain
  Logon GUID: {00000000-0000-0000-0000-000000000000}
  Target Server:
  Target Server Name: domain_controller.domain.net
  Additional Information: domain_controller.domain.net
  Process Information:
  Process ID: 0x13b0
  Process Name: C:\Windows\System32\inetsrv\w3wp.exe
  Network Information:
  Network Address: -
  Port: -
  This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

  Hello,
  > he's the one that deployed this SharePoint solution originally.
  Are you trying to add user by custom solution? If so then it seems your code is using the impersonate method to run code with admin privileged (i.e. RunWithElevatedPrivileges or User token).
  If this is the case then you have to first add new account as site collection in site then change that web application pool identity on IIS. Go to IIS-->select your web app pool-->then  go to properties and  verify which account is been used
  there. If it is old then replace with your account.
  Let us know your result
  Hemendra:Yesterday is just a memory,Tomorrow we may never see
  Please remember to mark the replies as answers if they help and unmark them if they provide no help

• ExceptionMessage: 'Access denied. Only machine administrators are allowed to create administration service job definitions of type: Microsoft.TeamFoundation.SharePoint.WebAccess.ApplyWebConfigModificationsJobDefinition

  Hi,
  I am getting error "Access Denied" when my code tries to get "SPWebService.JobDefinition" with an AppPool account of content site. The same core runs correctly for the AppPool of CentralAdmin site.
  Lemme provide some background of the servers
  - We have multi-server FARM
  - WFE and APP servers are in different domains, there is one-way trust between the domains.
  - We have UAC (User Access Control) set as high on each server
  - My site is internet site
  Lines of Code are following
  SPWebServiceservice =
  SPWebService.ContentService
  varsyncTimerJob =
  fromSPJobDefinitionjob
  inservice.JobDefinitions
                     wherejob.Name
  == "MyJob"
  selectjob;
  I am running the above code with in SPSecurity.RunWithElevatedPrivileges so the above code is running with APP POOL account. I m getting
  the error in the 2nd line where I have a LINQ query. And I m assuming this is because of "service.JobDefinition" line. Can anyone help me?
  Detailed Error:
  An exception has occurred.   ExceptionType: 'TargetInvocationException'   ExceptionMessage: 'Exception has been thrown by the target of an invocation.'   StackTrace: ' 
  at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)     
  at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     
  at Microsoft.SharePoint.Administration.SPAutoSerializingObject.GetInstanceFromType(Type type, String typename)     
  at Microsoft.SharePoint.Administration.SPPersistedObject.GetInstance(XmlNode xml, Guid classId, Boolean bResolveMissingTypes)     
  at Microsoft.SharePoint.Administration.SPFileSystemCache.FetchObjectFromFileSystem(Guid id)     
  at Microsoft.SharePoint.Administration.SPFileSystemCache.GetValue(Guid id)     
  at Microsoft.SharePoint.Administration.SPCache`2.get_Item(K key)     
  at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid id, Boolean checkInMemoryCache, Boolean checkFileSystemCache)     
  at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid id)     
  at Microsoft.SharePoint.Administration.SPConfigurationDatabase.Microsoft.SharePoint.Administration.ISPPersistedStoreProvider.GetObject(Guid id)     
  at Microsoft.SharePoint.Administration.SPPersistedObjectCollection`1.get_Item(Guid objId)     
  at Microsoft.SharePoint.Administration.SPPersistedObjectCollection`1.<GetEnumeratorImpl>d__0.MoveNext()     
  at System.Linq.Enumerable.WhereEnumerableIterator`1.MoveNext()     
  at System.Linq.Enumerable.Count[TSource](IEnumerable`1 source)     
  at Project1.SharePoint.Common.UtilityHelper.IsSyncSchedulingDisabled(StringBuilder logMessage)'   Source: 'mscorlib'   TargetSite: 'System.Object InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)'   ------------------------------------------------------------  
  Inner exception:   ------------------------------------------------------------    ExceptionType: 'SecurityException'    ExceptionMessage: 'Access denied.  Only machine administrators are allowed to create administration
  service job definitions of type: Microsoft.TeamFoundation.SharePoint.WebAccess.ApplyWebConfigModificationsJobDefinition, Microsoft.TeamFoundation.SharePoint.WebAccess, Version=11.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.'    StackTrace:
  at Microsoft.SharePoint.Administration.SPAdministrationServiceJobDefinition..ctor(String name, SPService service, SPServer server, SPJobLockType lockType)      
  at Microsoft.TeamFoundation.SharePoint.WebAccess.ApplyWebConfigModificationsJobDefinition..ctor()'    Source: 'Microsoft.SharePoint'    TargetSite: 'Void .ctor(System.String, Microsoft.SharePoint.Administration.SPService, Microsoft.SharePoint.Administration.SPServer,
  Microsoft.SharePoint.Administration.SPJobLockType)'
  Any help will be appreciated.

  The bottom of your stack trace begs to differ:
  at Microsoft.TeamFoundation.SharePoint.WebAccess.ApplyWebConfigModificationsJobDefinition..ctor()'   
  Source: 'Microsoft.SharePoint'    TargetSite: 'Void .ctor(System.String, Microsoft.SharePoint.Administration.SPService, Microsoft.SharePoint.Administration.SPServer, Microsoft.SharePoint.Administration.SPJobLockType)'
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• Sharepoint 2013 adding ECT fails with "Access Denied by Business Connectivity Service"

  Using SharePoint Designer 2013 I am attempting to setup an External Content Type to a SQL DB. I have setup the SQL database with a valid login that was also used to setup an account with the Secure Store Service. I am running SharePoint 2013 designer and
  have opened my site with administrative credentials. No matter what, I continue to get the "access denied" message when I try to add this SQL database to my ECT section in SPD. All users have access to invoke the BCS app.
  I have deleted and recreated the BCS service application and it is running with farm credentials and temporarily I added the farm account to the local admin account....and again verified that all users have rights to run BCS...
  In all other aspects my SharePoint sites are working, I can modify and add via SPD and publish...etc...but I cannot add a connection to an external SQL server. I have also verified through Excel that I can connect to my SQL DB with the same credentials that
  I am trying in SharePoint and everything works.
  Most of the posts I see in this area relate to permissions or access problems AFTER the ECT connection is created. My problem is I can't even get a connection created.

  Here are the error logs that are generated when I try to connect....maybe this will help someone tell me where to correct the issue.....(I removed the actual domain names) but my account was listed which is an admin on the sharepoint system and domain.
  06/25/2013 16:48:00.24 w3wp.exe (0x1908) 0x0EE4 Business Connectivity Services Business Data 9f4c Unexpected 'Business Data Connectivity Service' BdcServiceApplication logging server side AccessDeniedException before marshalling
  and rethrowing on client side: Access Denied for User '0#.w|"domain\my account', which may be an impersonation by 'Domain\"sharepoint admin account"'. Securable IMetadataCatalog with Name 'ApplicationRegistry' denied access. Stack Trace:   
  at Microsoft.SharePoint.BusinessData.SharedService.ModelAccessor.Create(MetadataObjectStruct rawValues, MetadataObjectStruct applicationRegistryStruct, DbSessionWrapper dbSessionWrapper)     at Microsoft.SharePoint.BusinessData.SharedService.BdcServiceApplication.Execute[T](String
  operationName, UInt32 maxRunningTime, ExecuteDelegate`1 operation) 97fe289c-5245-e040-0f76-59614537398e
  06/25/2013 16:48:00.24 w3wp.exe (0x1908) 0x0EE4 Business Connectivity Services Business Data g0kc High Access Denied for User '0#.w|domain\my user account', which may be an impersonation by 'Domain\"sharepoint admin account"'.
  Securable IMetadataCatalog with Name 'ApplicationRegistry' has ACL that contains: 97fe289c-5245-e040-0f76-59614537398e

• Root cause of error " Access denied. You do not have permission to perform this action or access this resource" - workflow - SharePoint 2013

  Good evening, technet community
  I hope you are doing well.
  When configuring my SharePoint workflow, I encounter the problem below:
  Problem Description:
  Let's say my domain is: test.com, my group user is: test\group , my user is: test\user1
  Except an admin account with full control at both "Web Application" and "Site Collection", all others account all have problem when creating a list item. After creating a list item, the workflow status is "cancelled" immediately
  with the following message:
  RequestorId: 262a35e4-99f4-40f0-929b-5d04b415f147. Details: System.ApplicationException: HTTP 401 {"Transfer-Encoding":["chunked"],"X-SharePointHealthScore":["0"],"SPClientServiceRequestDuration":["10"],"SPRequestGuid":["262a35e4-99f4-40f0-929b-5d04b415f147"],"request-id":["262a35e4-99f4-40f0-929b-5d04b415f147"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"MicrosoftSharePointTeamServices":["15.0.0.4420"],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1;
  RequireReadOnly"],"Cache-Control":["max-age=0, private"],"Date":["Thu, 06 Nov 2014 12:14:28 GMT"],"Server":["Microsoft-IIS\/7.5"],"WWW-Authenticate":["NTLM"],"X-AspNet-Version":["4.0.30319"],"X-Powered-By":["ASP.NET"]}
  {"error":{"code":"-2147024891, System.UnauthorizedAccessException","message":{"lang":"en-US","value":"Access denied. You do not have permission to perform
  this action or access this resource."}}} at Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context) at System.Activities.CodeActivity.InternalExecute(ActivityInstance instance, ActivityExecutor executor,
  BookmarkManager bookmarkManager) at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor executor, BookmarkManager bookmarkManager, Location resultLocation)
  - The workflow is still fail even I assign "full control" to my users group "test\group" – at Site Collection level.
  Surprisingly, I have successfully found a solution for this error message. However, I still have some points that I do not clearly understand. Let's start with my solution first.
  Solution:
  *** i. Assign permission policy at Web Application level – Central Admin site ***
  1. Central Administration ==> Application management
  ==> Manage Web application 
  2. Go to "permission policy", then create a new permission level. This permission level contains all "edit item" permission.
  3. Select "user policy", then I assign it directly to my user account: test\user1.
  *** ii. Assign "edit item" permission at Site Collection level ***
  1. Site Setting ==> Site permission
  2. Assign "Edit" permission to my test\group.
  (Actually I removed all permissions of my user group at Site Collection level. It seem my group has inherited permission from Web Application level, is that correct? )
  *** iii. Create a new list item and workflow runs ……. ***
  ==> My question is:
  1. Why I cannot assign permission to my users group - "test\group" -
   at "Web Application" level? Instead I have to assign permission policy for each users, one by one?
  2. Could you please let me know how to collect full detail error message of workflow status?
  Thank you very much! Have a nice weekend.

  Thank you for your very detail response.
  Point 1: Yes my 2 service: user profile & profile sync service are running. I performed "full synchronization" as well. Actually i've tried 3 another action plans before coming up with the solution i posted:
  *** Actions completed ***
  1. Activate the feature: workflow can use app permissions.
  Site actions > Site Settings > Site features >activate the feature below:
   Workflows can use app permissions
  2.
  Refresh trusted security token services metadata feed
  Get-SPTimerJob
  "RefreshMetadataFeed"
  | Start-SPTimerJob
  - then restart the machine.
  3. Start full user profile synchronization.
  Point 2:
  - Yes my user had Edit permission at workflow task list + list affected by workflow.
  I have just remove all permissions of my user at "Site Collection" level. However, when i show my user permissions at my workflow task list and my users still have "Edit" Permission ( assigned at Web Application level. These permissions
  still exist even after my workflow task list stop inheriting permission).
  ==> the problems probably belongs to "permission" at "Site Collection level". It seems "permission level at my Site Collection does not work". All users accounts are also suffer from the same issues except farm admin account
  ( which has full control at Web Application level).
  I would appreciate if your guys can guide me how to make "permission" at my "Site Collection level" work again?
  Thank you very much.

• Access denied. When trying to upload files into SharePoint with PowerShell

  AM trying to upload a bunch of files into SharePoint using PowerShell. I have a code that works on my local machine, but when I get on the server, it does not. Here is what my block of code looks like
  $webUrl = "http://SampleSite"
  $libraryName = "My Lib"
  $docLibraryUrlName = "My%20ContentType"
  $fileLocation = "C:\test\"
  $contentType = "My ContentType"
  #Open web and library
  $web = Get-SPWeb $webUrl
  $docLibrary = $web.Lists[$libraryName]
  $files = ([System.IO.DirectoryInfo] (Get-Item $fileLocation)).GetFiles()
  ForEach($file in $files)
  #Open file
  $fileStream = ([System.IO.FileInfo] (Get-Item $file.FullName)).OpenRead()
  # Gather the file name
  $FileName = $File.Name
  #remove file extension
  $NewName = [IO.Path]::GetFileNameWithoutExtension($FileName)
  #split the file name by the "-" character
  $FileNameArray = $NewName.split("_")
  #Add file
  #$folder = $web.getfolder($docLibraryUrlName)
  $folder = $web.getfolder($docLibrary)
  write-host "Copying file " $file.Name " to " $folder.ServerRelativeUrl "..."
  $spFile = $folder.Files.Add($folder.Url + "/" + $File.Name, $fileStream, $true)
  $spItem = $spFile.Item
  #populate metadata
  $spItem["First Column"] = $FileNameArray[0]
  $spItem["Second Column"] = $FileNameArray[1]
  $spItem.Update()
  $fileStream.Close();
  Again, this code works fine on my local machine but doesn't when I move this to the server. When I step through the code, I noticed that when I look at the data returned for my $folder variable in this snippet
  $folder = $web.getfolder($docLibrary)
  It shows the EffectiveRawPermissions to be "Open, BrowseUserInfo, UserClientIntegration" on the server...however, the EffectiveRawPermissions on my local machine is "FullMask". Does this have any effect on the ability of my code to be
  able to upload the files into SP on the server? I have never run into this issue, so am not sure how this makes sense...so I really appreciate any insight. Thanks
  I am getting this error when the code attempts to perform the "Add" function...
  Exception calling "Add" with "3" argument(s): "<nativehr>0x80070005</nativehr><nativestack></nativestack>Access denied."
  At C:\PowerShellScripts\tester.ps1:70 char:3
  +         $spFile = $folder.Files.Add($folder.Url + "/" + $File.Name, $fileStream, $true ...
  +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
      + FullyQualifiedErrorId : UnauthorizedAccessException
   ...Please help

  RunWithElevatedPriv basically impersonates the webapp's app pool account, which should have full control over the entire webapp... this would work, but is not recommended for several reasons:
  - first and foremost, you shouldn't NEED to bypass the SP security model
  - second and still important, the app pool may be hosting other webapps as well, so the risk of a bug causing security-related problems within the RunWithElev codeblock is no longer scoped to the current webapp, but also other webapps that share the same
  app pool account.
  - third, same as number two, but for service accounts, and possibly even the farm... not a good practice, but a lot of SP installs aren't configured correctly, so the entire farm may be using one account... now, the RunWithElev is not just a webapp admin,
  not just a multiple webapp admin, but may be able to affect service apps, or possibly the entire farm.
  - fourth, the audit info (created by, modified by) will reference the system account, instead of your account... not a very accurate audit trail in that case.
  If you have a legit need to add the files, you should be able to get the necessary permissions (which is basically just contribute within the library / folder) easily enough.
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• Access denied when upgrade SharePoint app in on premise deployment while it succeeds in fresh deployment

  We deployed a SharePoint hosted app then used it for a while then we needed to upgrade it to be provider hosted app.
  we used the same AppID and name with the new package then uploaded the package to the app catalog.
  the old app in the site contents now has a note that there is a newer version and prompts to upgrade.
  the upgrade fails with access denied even for site collection administrator.
  is there really some permission issue or the upgrade can't be done?
  We are volunteers, if the reply help you mark it as your answer. thanks!!

  Hi,
  According to your post, my understanding is that you got access denied error when upgrade the SharePoint hosted app to provider hosted app.
  How did you upgrade a SharePoint hosted app to a provider hosted app?
  They are two different type apps, why not just create a new provider hosted app?
  To create a provider hosted app, we should create a certificate that is used as “security token issuer”.
  There are two articles about creating provider hosted  high trust app, you can have a look at them.
  http://blog.karstein-consulting.com/2013/01/08/create-provider-hosted-high-trust-app-for-sharepoint-2013-short-guide/
  http://msdn.microsoft.com/en-us/library/fp179901.aspx
  What’s more, there is an topic about the troubleshooting tips for SharePoint high trust app, you can refer to it.
  http://blogs.technet.com/b/speschka/archive/2012/11/01/more-troubleshooting-tips-for-high-trust-apps-on-sharepoint-2013.aspx
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support

• Access denied errors in domain logs after configuring Ldap and restricting access to users

  Hi Experts,
  I'm getting access denied errors in my domain logs , this log is written continiously ..Has any one encountered the same issue and fixed this?
  ####<Sep 2, 2014 2:30:07 PM EDT> <Error> <Default> <ftizsldmwapp001.ftdc.cummins.com> <AdminServer> <[ACTIVE] ExecuteThread: '27' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <096a131bdb6c126e:6cecae89:14834848020:-8000-0000000000009bc8> <1409682607304> <J2EE JMX-46335> <MBean attribute access denied.
    MBean: EMDomain:EMTargetType=j2ee_application,name=em,type=EMIntegration,Application=em
    Getter for attribute HostName
    Detail: Access denied. Required roles: Admin, Operator, Monitor, executing subject: principals=[]
  TIA,
  -Karthik

  Hi Experts,
  I'm getting access denied errors in my domain logs , this log is written continiously ..Has any one encountered the same issue and fixed this?
  ####<Sep 2, 2014 2:30:07 PM EDT> <Error> <Default> <ftizsldmwapp001.ftdc.cummins.com> <AdminServer> <[ACTIVE] ExecuteThread: '27' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <096a131bdb6c126e:6cecae89:14834848020:-8000-0000000000009bc8> <1409682607304> <J2EE JMX-46335> <MBean attribute access denied.
    MBean: EMDomain:EMTargetType=j2ee_application,name=em,type=EMIntegration,Application=em
    Getter for attribute HostName
    Detail: Access denied. Required roles: Admin, Operator, Monitor, executing subject: principals=[]
  TIA,
  -Karthik

• Any ideas why some boxes/domains would get "access denied" on nmConnect?

  I have four boxes running NodeManager, with 2-3 domains on each box. I want to be able to use WLST to connect to the NodeManager on each box, to perform certain operations. On each box, I've created each domain using the same process (it's entirely possible I missed a step somewhere). The application deployed to each of these domains (the same application is deployed) appears to be working ok. The admin console also works perfectly fine. I can stop and start managed servers from the console.
  I execute wlst on each box exactly the same way. At each prompt, I enter a fully-qualified "nmConnect()" call, specifying the user, pwd, machine, nmport, domain name, domain path, and "ssl". I've verified all of these field values (like the password) many times. On all but one of these boxes, the result of this call is:
  Traceback (innermost last):
  File "<console>", line 1, in ?
  File "<iostream>", line 1379, in nmConnect
  WLSTException: "Error occured while performing nmConnect : Cannot connect to Node Manager.Access to domain '<domain name>' for user 'weblogic' denied Use dumpStack() to view the full stacktrace"
  I've carefully examined any meaningful differences between these domains, and I can't see anything that might cause this. Of the four domains, two of them are in production mode, and the other two are not. The only one that does not fail the connection is not in production mode (but note that the other that is not in production mode also fails).
  What else could be the cause of this?

  At first I thought this was working fine. It now works fine from WLST. Unfortunately, the admin console now fails to see the nodemanager. I even tried restarting the admin server. No luck.
  I then copied back the old nm_password.properties file (I made a backup first) and now WLST fails, but the admin console can see the nodemanager, so it's back to where it was.
  What's curious is that the contents of the properties file after wlst hashed it was different from the original hashed value, and the wlst-hashed value was very odd. The original hashed value ended with "0\=" at the end of the line. After I replaced the "hashed" property with the cleartext properties "username" and "password" and then ran wlst, the new contents of the "hashed" property was in TWO lines, where the first line ended with "0\=" as before, but the next line contained the last five characters of the password value that I entered. I tried this on three different boxes, and the behavior was the same, with respect to the odd hashing.

• How to add domain name to SharePoint URL so SharePoint used FQDN address?

  Hello,
   I have SharePoint sites with fully qualified domain name (FQDN). I have DNS and SharePoint configured to access sites with the FQDN links. I work in an organization with users who have logins in different domains, SharePoint servers are in different domains,
  and users who connect to the SharePoint externally. So, the FQDN links used for SharePoint sites works great in getting users connected. However, some users enter sites with no FQDN, i.e http://sharepointsite v.s. http://sharepointsite.domain.com, and some
  of the SharePoint features do not work or they may not be able to connect to sites. 
  The problem is that users have short-cuts or favorites or hyper-links with links that are non-FQDN.
  In my alternative access mappings, I have both settings for non-FQDN and FQDN, like http://server  and http://server.domain.com, but this does not help. The public URL zone is the FQDN and the site collection is the FQDN URL.
  Is there a way for DNS to add the domain.com automatically to web links, if they don't have them?  Anything I can do differently in SharePoint?
  Paul

  I actually posted that question on that site.
  In the alternative access mappings, I tried adding a http://site as in Internal URLs in the default zone and SharePoint would not take it.  I tried adding the URL in the intranet zone and SharePoint said it was already
  added.
  So, this did not work.
  DNS settings are:
  Alias (CNAME) = sharepointsite
  Fully Qualified Domain Name (FQDN)  = sharepointsite.domain.com
  Fully Qualified Domain Name (FQDN) for target host = server.domain.com
  When I type in sharepiontsite in IE address bar, it will revert to
  http://sharepointsite.domain.com.  So, that is working, but the URL is not converted to a FQDN with a full address, like
  http://sharepointsite/project/default.aspx
  I am still stuck. Any other suggestions?
  Paul

• HELP! Password Expired & Must Be Changed but Access Denied when trying to do so

  Hi,I have an HP 5740e thin client and for some reason the local user account is requiring a password change.  Yet, when I try to change the password it says Access Denied.  And further, I can't get it to allow me to switch to a different account like Administrator to login.  I've held down the SHIFT key when booting, but it still goes straight to that local user account & the expired password prompt. I'm stuck in an endless loop and don't know how to get out of it.  Safe Mode puts me into the same situation.  And I can't update BIOS because I can't get in at all. OS = Windows Embedded Standard 7 I've also tried to reinstall the latest image off the HP website using a USB drive but it fails every time. I've tried 2 different USB drives with same exact error no each.  Image trying to install = SP56020ERROR:  An unexpected condition occurred Does anyone have a suggestion?

  I was finally able to get in as Administrator using RDP from my desktop.  I didn't realize that the thin client name was missing a digit so that's why I was unsuccessful prior to this. Once I got in remotely, I was able to look at the permissions for the local user account.  Now I see what was wrong.[Checked]      User cannot change password[Unchecked] Password never expires I still don't know why I couldn't install a new factory image, but at least I'm now able to work with this unit.  I also disabled the auto login for now. Sorry to have littered the Forum!