Web Start - access denied?

Hi!
I'm trying to launch my desktop app with webstart
Webstart loads ... my apps full screen GUI displays fine ... but then webstart throws the error:
Access Control Exception : access denied
Where do I change security permissions ? in my app? in webstart?
Thanks!

In the JNLP file.
Or use the JNLP apis for file/socket/other restricted stuff.

Similar Messages

Java Web Start Access

I am using a Java Web Start application to write and read files on a computer. When ever I try to run it, it says access denied. I have tried signing it, but that didn't work. Does anyone got an answer?

You should have the all-permission tag or use javax.jnlp services.
If this answer doesn't suffice, I sugget you post your jnlp and code.
Bye.

Server Service refused to start: Access denied

Hello,
I am trying to start a service:
- Server Service
General: C:\WINDOWS\system32\svchost.exe -k netsvcs
Log On: Local System Account
This service has no dependency.
I am getting an access denied... I am a Local Administrator on this server.
Windows Server 2003 Standard Edition Service Pack 2
PAE Enabled.
Which other place should I verify?
Thanks,
Dom
System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

I would check that KB; http://support.microsoft.com/kb/932762
"Could not start the Server service on Local Computer.
Error 5: Access is denied. "
Description of the error from that KB: The problem is most likely to occur if some third-party server becomes the master browser. When a Windows-based server is the master browser, it does not let any host that is advertising its share to use a server
comment that is larger than 48 bytes. When a third-party server message block (SMB) server becomes the master browser, it lets a host use a server comment that is larger than 48 bytes. In this case, when a Windows Server receives and tries to process the browser
list, the Server service crashes. This behavior occurs because there is an overflow that eventually leads to a heap corruption.
MCP | MCTS 70-236: Exchange Server 2007, Configuring

Unable to access PCD's role properties from Java Web Dynpro (Access Denied

Using the IPcdContext to access the portal roles does not produce the required list of roles due to the following error
Access denied (Object) .....
This occurs once I try to use the lookup() method
I have tried security zones, adding sharingReferences and permission, but no luck.
I have searched the SDN but again whatever I found still gave the same result. I now think that it's a configuration settings rather than code.
Sample code
Hashtable env = new Hashtable();
env.put(Context.SECURITY_PRINCIPAL, strCurrentUser);
env.put(Context.INITIAL_CONTEXT_FACTORY, IPcdContext.PCD_INITIAL_CONTEXT_FACTORY);
//DirContext ictx = new javax.naming.directory.InitialDirContext(env);
// InitialDirContext ictx = new InitialDirContext(env);
InitialContext ictx = new InitialContext(env);
lookupObject = "portal_content";
IPcdContext myPcdContext = (IPcdContext) ictx.lookup(lookupObject);
Any suggestion will be appreciated

Rob,
The only thing I see different as per this [document |https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/6112ecb7-0a01-0010-ef90-941c70c9e401] is following line of codes. Check if adding it resolves the issue:
env.put(com.sap.portal.directory.Constants.REQUESTED_ASPECT, PcmConstants.ASPECT_SEMANTICS);
lookupObject = "pcd:portal_content/"
... note the /
Chintan

Database access with Jave Web Start

Can a java application, that has been deployed by using Java Web Start, access information from a database that's located on the web server from where the application was deployed?

Yes, if you use the type 4 (ie, thin) driver and include the driver's jar file as part of the app.
Technically you can do it with a thick driver but then you have first install the driver on the client machine and I assume this isn't what you are looking for,

Exception while using Java Comm and Java Web Start together

Hello Java Experts!
Here's the problem that's been bothering me. The application i'm developing uses Java Comm API to listen to Serial Ports. The application works absolutely fine when it is run locally.
Now, I need to deploy this remotely using java web start. All resources(dependent jar files) are present on the server and are referenced properly in the JNLP file. All jar files are signed properly.
Still, it throws the following exception.
java.lang.NullPointerException: name can't be null
     at java.io.FilePermission.init(Unknown Source)
     at java.io.FilePermission.<init>(Unknown Source)
     at java.lang.SecurityManager.checkDelete(Unknown Source)
     at javax.comm.CommPortIdentifier.getPortIdentifiers(CommPortIdentifier.java:70)
The exact line of code where it apparently seems to error out is...
Enumeration portList = CommPortIdentifier.getPortIdentifiers();
Are there any security issues involved here? Can a application deployed through java web start access serial ports on the system?
Any pointers as to what the problem might be would be much appreciated.
Thanks in advance!

I have the IBM Communications API. I've
been told that it works with Java Web Start but I
have not tried it. IBM has changed it's download site
so.... I can't point you to it. But I have it(55k zip'ed)
and can send it to you if you post your E-Mail address
of where you would like it sent.
Bruce Houghton
PS If it does work with Web Start please post the
news here. I will be watching.

"access denied" error from Java Web Start

I can successfully download the jar file, but always have error message "access denied" when the java application tries to open a local file in C:\temp\poc1.xml.
I can successfully execute the java application from DOS,but failed when using Java Web Start. The error message is as follows:
Java Web Start Console, started Wed Nov 28 16:30:31 PST 2001Java 2 Runtime Environment: Version
1.3.1 by Sun Microsystems Inc.java.security.AccessControlException: access denied
(java.io.FilePermission C:\temp\poc1.xml read)     at
org.apache.xerces.framework.XMLParser.parse(Unknown Source)     at
org.apache.xerces.framework.XMLParser.parse(Unknown Source)     at
com.hotlocker.client.HLSessionParser.parse(Unknown Source)     at
com.hotlocker.client.UploadDownloadClient.uploadFiles(Unknown Source)     at
com.hotlocker.client.UploadDownload.main(Unknown Source)     at
java.lang.reflect.Method.invoke(Native Method)     at
com.sun.javaws.Launcher.executeApplication(Unknown Source)     at
com.sun.javaws.Launcher.executeMainClass(Unknown Source)     at
com.sun.javaws.Launcher.continueLaunch(Unknown Source)     at
com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source)     at
com.sun.javaws.Launcher.handleLaunchFile(Unknown Source)     at
com.sun.javaws.Launcher.run(Unknown Source)     at java.lang.Thread.run(Unknown Source)

Hi,
you can't get a file like in a "normal" app
because a JWS-app runs in the restricted
sandbox environment by default.
So you either sign your app with a digital certificate
or you use a special FileOpenService (JNLP-API).
You could also put the file into the app-jar and
load it by a classloader.
Regards,
Mathias

FusionApps web service call fails with error access denied (oracle.wsm.security.WSFunctionPermission)

Hi Gurus,
I started test this webservice from EM (Test Web Service)
But while calling the service it is failing with the below error message
access denied (oracle.wsm.security.WSFunctionPermission http://xmlns.oracle.com/apps/prc/poz/suppliers/supplierService/SupplierService#getSupplierVO invoke)
As per OER cookbook i have attached the "oracle/wss_username_token_client_policy" to the Fusion apps web service.
I am trying to pass security credentials to the service by using all the methods... through composite ..through bpel through wsse header but in all cases i am getting similar error.
Please let me know if some one has called the fusion apps web service to create a supplier of solution to my problem as mentioned above.
Is it any policy error or the authorization error ...
Are there any navigation steps I can check the existed permission on this resource etc..,
Thanks in Advance

Hi Sai,
Thanks for the quick and correct response. Yes, after doing the research, I'm also came to same conclusion. But what stops me here is that where exactly I need to check for this permission.
I mean the theory what I built on this Authorization/Permission is that:
For the resource - WebService (SupplierService), there is an assigned application role for which the Entitlement/Permission is provided.
Pls. help me in the below items:
a. What is the application role(in role hierarchy) assigned to this resource(Webservice). Which page I need to check(navigation) this and the required credentials..
b. What is the Entitlement provided for this application role for this operation (getSupplierVO) invoke.. Which page I need to check(navigation) this and the required credentials..
Thanks in Advance.
Thanks & Regards
Madhu

Start workflow in code - access denied

Im trying to start list workflow (sp 2013) from MVC app.
the mvc app (win auth enabled) is running by a user that is site owner.
i always get ASP.NET access denied
var workflowServiceManager = new WorkflowServicesManager(web);
var workflowSubscriptionService = workflowServiceManager.GetWorkflowSubscriptionService();
SPList oList = web.Lists["Employee"];
SPListItem item = oList.GetItemById(557);
//access denied on this line
var subscriptions = workflowSubscriptionService.EnumerateSubscriptionsByList(oList.ID);
thanks

Hi
Earlier I was putting the button (link) in the wrong place now that its in the dataform webpart @ID works !
This link now will jump to the workflows page, the problem is that I have two workflows so the user may start the wrong workflow. Then I tried to link to the initiation page instead but this is where the error occurs.
This is the workflow page link (Copied from browser url)
http://sp20104/HitsMissesApp/_layouts/Workflow.aspx?ID={@ID}&List=deff1c34-4aec-43ad-b1e8-00444d3ab674&Source=http%3A%2F%2Fsp20104%2FHitsMissesApp%2FLists%2FHitsandMisses%2FAllItems%2Easpx
This is the initiation page link, has a few more parameters. (Copied from browser url and used static ID for test)
http://sp20104/HitsMissesApp/_layouts/IniWrkflIP.aspx?List={deff1c34-4aec-43ad-b1e8-00444d3ab674}&ID=6&TemplateID={8f72c2a0-7ec7-44ac-9bb7-c0a527a6b91a}&Source=http%3A%2F%2Fsp20104%2FHitsMissesApp%2FLists%2FHitsandMisses%2FAllItems%2Easpx
When I enter the intitation link in SPD, SPD error with 'Error HRESULT E_FAIL has been returned from a call to a COM component.' and then crashes.
So I can only link to the workflows page not the inititaion page. Perhaps the IniWrkflIP.aspx can only be called from a select page or something?
Code for insering asp link:
<asp:LinkButton runat="server" id="LinkButton1" PostBackUrl="http://sp20104/HitsMissesApp/_layouts/Workflow.aspx?ID={@ID}&List=deff1c34-4aec-43ad-b1e8-00444d3ab674&Source=http%3A%2F%2Fsp20104%2FHitsMissesApp%2FLists%2FHitsandMisses%2FAllItems%2Easpx">Start Workflow Feedback</asp:LinkButton>
Alternatively, the button/link could simply start the workflow as I dont require the initiation page. Dont know if this is any easier though.
Any assistance welcome on this .
Thanks

Access denied - CredentialAccessPermission - error in OIF when starting WLS

All,
In an existing 2-node OIF deployment, a new oif.ear file was deployed and following the deployment via WLS admin console, the application components are not accessible (e.g., accessing application component /fed/user/testspsso results in HTTP 500 error). Examining the WLS server (diagnostic) log, I find the CredentialAccessPermission error and trace listed below. In the WLS admin server log, I see references to the CA cert parsing errors such as:
<Jun 14, 2012 8:32:15 AM MDT> <Notice> <Security> <<server_FQDN>> <AdminServer> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <e74b8846f6eaa8d9:7db63c9e:137eb60bbd9:-8000-0000000000000053> <1339684335728> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
I have reviewed other forum discussions about that error, but I think it's byproduct of the credential error (below). This could be wrong, but I suspect the expiration of a WLS-related repository credential, but I cannot identify which specific credential is the problem.
Any thoughts or recommendations would be much appreciated!!
Thank you!
~Mark
WLS Server error:
[2012-06-14T07:45:19.785-06:00] [wls_oif1] [ERROR] [FED-12064] [oracle.security.fed.controller.web.servlet.AbstractFedServlet] [tid: [STANDBY].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: e74b8846f6eaa8d9:6c0ea937:137eb3cf729:-8000-0000000000000002,0] [APP: oif] Exception: {0}[[
java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=OIF,keyName=userldappassword read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:436)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:496)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:519)
at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:612)
at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.containsCredential(SspCredentialStore.java:299)
at oracle.security.fed.plugins.csf.CSFUtils$1.run(Unknown Source)
at oracle.security.fed.plugins.csf.CSFUtils$1.run(Unknown Source)
at oracle.security.fed.plugins.csf.CSFUtils.getPassword(Unknown Source)
at oracle.security.fed.jvt.discovery.model.config.CSFConfigDiscoveryProvider.createMap(Unknown Source)
at oracle.security.fed.jvt.discovery.model.config.CSFConfigDiscoveryProvider.locateProtocolConfiguration(Unknown Source)
at oracle.security.fed.jvt.discovery.model.config.ChainingConfigDiscoveryProvider.locateProtocolConfiguration(Unknown Source)
at oracle.security.fed.jvt.discovery.model.config.CachingConfigDiscoveryProvider.locateProtocolConfiguration(Unknown Source)
at oracle.security.fed.jvt.discovery.model.session.MemoryActiveIdentityProviderFederationDiscoveryProvider.onRegistration(Unknown Source)
at oracle.security.fed.jvt.discovery.DiscoveryRegistry.registerDiscoveryProvider(Unknown Source)
at oracle.security.fed.jvt.discovery.util.BackEndInitializer.registerProvider(Unknown Source)
at oracle.security.fed.jvt.discovery.util.BackEndInitializer.createDiscoveryRegistry(Unknown Source)
at oracle.security.fed.controller.EventControllerImpl.getActionStateMachine(Unknown Source)
at oracle.security.fed.controller.EventControllerImpl.processEvent(Unknown Source)
at oracle.security.fed.controller.web.servlet.AbstractFedServlet.getServerConfiguration(Unknown Source)
at oracle.security.fed.controller.web.servlet.AbstractFedServlet.initApplicationController(Unknown Source)
at oracle.security.fed.controller.web.servlet.AbstractFedServlet.init(Unknown Source)
at oracle.security.fed.controller.web.servlet.FederationServlet.init(Unknown Source)
at javax.servlet.GenericServlet.init(GenericServlet.java:242)
at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64)
at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:58)
at weblogic.servlet.internal.StubLifecycleHelper.<init>(StubLifecycleHelper.java:48)
at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:539)
at weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletContext.java:1985)
at weblogic.servlet.internal.WebAppServletContext.loadServletsOnStartup(WebAppServletContext.java:1959)
at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1878)
at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3154)
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1508)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:485)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:427)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:201)
at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:249)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:427)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:28)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:637)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:205)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:58)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:52)
at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:31)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:170)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:124)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:181)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:97)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

In my case, I had to untick the "Use TLS 1.0" option in Settings - Advanced - Cypher - Protocols. Don't know exact translation into English, got Italian localization. Adding screenshot for reference.
[http://imageshack.us/photo/my-images/840/catturazz.jpg/ Screenshot]

Error (access denied) when starting Client Runtime Audit Browser

LS,
After starting the OC4J instance, I try to start the Client Runtime Audit Browser. For a brief moment I see a DOS-box, then an IE-page appears saying the following:
======================================================
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://127.0.0.1:8999/owbb/RABLogin.uix
The following error was encountered:
Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
======================================================
Any idea whether this is a local problem?
I've tried applying the settings as mentioned in the configuration guide, but the Bypass option for the proxy is impossible to set since we do not use a proxy server.
Your thoughts?
Regards, Patrick

Good morning All,
Maybe I've got the wrong idea of what is all needed to be able to run the RAB locally, but I thought that starting the OC4J instance would be sufficient to get started.
In the Installation and Configuration Guide the following is mentioned:
2.7 Step 6. Configure the Web Browser for Design and Runtime Audit Browsers
2.7.1 Add "LOCALHOST" to Your Web Browser Proxy Server Bypass List
2.7.2 Configure the Cache Management in Your Web Browser
2.7.3 Configure Warehouse Builder with a Net Service Name
As said before:
@2.7.1, we do not use a proxy (according to Internet Explorer settings) therefore I can't add 'localhost' to the bypass-list, but then again I think that it does not need to be, since there is nothing to be bypassed in the first place.
2.7.2 has been implemented.
@2.7.3, I added the net service name manually to TNSNAMES.ORA (since I also needed that to be able to get on to the database using TOAD and SQL*Plus).
We do not have 9iAS integration for RAB, nor do we have OEM integration.
Are there other things that need to be implemented? Mentioned so far have been HTTP-server and RTP services, but paragraph 2.7 does not mention anything about this. Maybe there are certain services that need to be running on the server (like HTTP and/or RTP), even though I would like to run the RAB locally?
Where does one actually need RTP for?
Thanks in advance.
Cheers, Patrick

How to get access to the local file system when running with Web Start

I'm trying to create a JavaFX app that reads and writes image files to the local file system. Unfortunately, when I run it using the JNLP file that NetBeans generates, I get access permission errors when I try to create an Image object from a .png file.
Is there any way to make this work in Netbeans? I assume I need to sign the jar or something? I tried turning "Enable Web Start" on in the application settings, and "self-sign by generated key", but that made it so the app wouldn't launch at all using the JNLP file.

Same as usual as with any other web start app : sign the app or modify the policies of the local JRE. Better sign the app with a temp certificate.
As for the 2nd error (signed app does not launch), I have no idea as I haven't tried using JWS with FX 2.0 yet. Try to activate console and loggin in Java's control panel options (in W7, JWS logs are in c:\users\<userid>\appdata\LocalLow\Sun\Java\Deployment\log) and see if anything appear here.
Anyway JWS errors are notoriously not easy to figure out and the whole technology in itself is temperamental. Find the tool named JaNeLA on the web it will help you analyze syntax error in your JNLP (though it is not aware of the new syntax introduced for FX 2.0 and may produce lots of errors on those) and head to the JWS forum (Java Web Start & JNLP Andrew Thompson who dwells over there is the author of JaNeLA).

Failed to start hibernate.target: Access denied

I upgraded my machine yesterday and the Hibernate item in kmenu->Leave are missing. also "systemctl hibernate" dont work:
$ systemctl hibernate
Failed to execute operation: Sleep verb not supported
Failed to start hibernate.target: Access denied
log:
Mar 08 22:50:56 arch polkitd[720]: Registered Authentication Agent for unix-process:2370:106040 (system bus name :1.86 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 08 22:50:56 arch dbus[363]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.87" (uid=1000 pid=2370 comm="systemctl hibernate -i ") interface="org.freedesktop.systemd1.Manager" member="StartUnit" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/sbin/init ")
Mar 08 22:50:56 arch polkitd[720]: Unregistered Authentication Agent for unix-process:2370:106040 (system bus name :1.86, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Suspend works fine.
Last edited by ReiserFS (2014-03-09 12:35:46)

I've got this same problem. For me it's because I haven't got a swap partition (even though I thought I set this machine up with one...). Perhaps you also don't have a swap partition, or maybe it's not mounted? Anyway, I would start with the Swap page of the wiki.

Error 5: Access Denied can not start the DHCP Client service on Local Computer.

Ran into this error problem with both the DHCP and BFE service. Neither will start and both give me the same error code 5 access denied.
Found this little nugget below:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp
Right click and choose Permissions. There should be the following:
System = Full Control
Local Service = Read
Network Service = Read
Local Admin = Full Control
Local Users = Read
Dhcp = Read with special permissions
No problem adding the missing Local Service and Network Service. How does one add Dhcp? Is there a way to create this because under permissions there is no way to add this or search it up. Is there a NetSH reset command that will add this in for me?
The Netlogon service was not running and to get the Netlogon service going I ran NetSH int ip reset and it started to work. The other services were not running either and I was hoping they would after resetting IP
Any ideas on to fix this problem? Also, the user turned off the laptop when it was doing updates. Still I do not think it would have created this headache.
TIA
Spammer Hammer

Hi,
Was your issue resolved?
If no, please reply and tell us the current situation in order to provide further help.
Karen Hu
TechNet Community Support

Access Denied Web Application with Claims authentication NTLM only when using secondary URL

I have a SharePoint 2010 server farm with 2 web front ends, an application server and a database server. Both front ends are internal to
our network and are not behind a load balancer.
NOTE THAT I HAD TO SUBSTITUTE hzzp with hzzp so that I had no links in the body of this post since I am not verified
I setup a new web application called "SharePoint 41171" with:
Public URL:
hzzp://testserver1:41171
Claims authentication
NTLM only: no forms auth
No SSL
New web site "SharePoint 41171"
New app pool
New content database
I create a top level site collection and name mydomain\myusername as the primary site collection admin
I am able to access this site as expected at
hzzp://testserver1:41171 with the aforementioned site collection owner id: mydomain\myusername
I add an alternate access mapping for a secondary URL for this web application in the Intranet zone:
hzzp://iwatest.mydomain.com
So my AAMs for the site read as:
hzzp://testserver1:41171
Default     hzzp://testserver1:41171
hzzp://iwatest.mydomain.com
Intranet     hzzp://iwatest.mydomain.com
When I attempt to log on to
hzzp://iwatest.mydomain.com with the same user name and password, I get "access denied".
I can access this site using
hzzp://iwatest.mydomain.com if I log in as the farm account. This is the only account that seems to work.
Side Note: If I create a separate web application without claims - just NTLM and create the same AAMs, I can login fine with the same secondary
URL and the same user name
IP address properly maps to this machine.
I reviewed the ULS logs and find the following:
10/30/2012 16:20:23.45              w3wp.exe (0x0E78)
                0x1724       SharePoint Foundation              Monitoring
                nasq                        Medium Entering
monitored scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom))
10/30/2012 16:20:23.45              w3wp.exe (0x0E78)
                0x1724       SharePoint Foundation              Logging Correlation Data
      xmnv                        Medium Name=Request (GET:hzzp://iwatest. mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)
8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
10/30/2012 16:20:23.45              w3wp.exe (0x0E78)
                0x1724       SharePoint Foundation              Logging Correlation Data
      xmnv                        Medium Site=/          8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
10/30/2012 16:20:23.45              w3wp.exe (0x0E78)
                0x1724       SharePoint Foundation              General
                   8e2s                        Medium
Unknown SPRequest error occurred. More information: 0x80070005       8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
10/30/2012 16:20:23.45              w3wp.exe (0x0E78)
                0x1724       SharePoint Foundation              Monitoring
                b4ly                        Medium Leaving
Monitored Scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)). Execution Time=8.66003919492561   8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
Basically it tells me that access is denied. I didnt see anything that stood out here.
I found this article:
hzzp://social.technet.microsoft.com/Forums/en-US/sharepointadminprevious/thread/ded9188b-ee03-4ef0-bb50-3ad138110e0c, which pointed me in the direction of ensuring that the portal
super user and portal reader accounts were properly added to my web application. I followed the every popular article on doing this:
hzzp://technet.microsoft.com/en-us/library/ff758656.aspx, but still no luck. As per the thread, I added the 2 domain accounts to the user policy with appropriate privilege
and then set them as the super user and super reader accounts via powershell, and yes I did prefix those names with "i:0#.w|mydomain\". To be exta sure, I repeated this for all web applications on this server with slightly different powershell steps
depending on wether or not claims was enabled on the web application.
The Claims to Windows Token Service is running.
I saw some mention of ensuring that the secure token service is running with a proper application pool account, but we are not running that service
and I cant imagine what that would have to do with my situation.
I have deleted and readded the web application and repeated these steps to no better effect.
I gave the mydomain\myusername full control for the web application through the user policy, ensured that it was indeed the primary site collection
owner and added it to the default site owners group. None of this helped.
I changed the application pool account to the farm account. No change in behavior.
Rebooted IIS and the machines many times along the way.
Further, when I attempt to sign in as a different user after being denied, I get "an unexpected error has occured message. I found the following
in ULS:
10/30/2012 11:19:03.71 w3wp.exe (0x182C)
0x1210 SharePoint Foundation                 Logging Correlation Data
xmnv     Medium              Name=Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/accessdenied.aspx?loginasanotheruser=true&Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)
cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.71 w3wp.exe (0x182C)
0x1210 SharePoint Foundation                 Logging Correlation Data
xmnv     Medium              Site=/    cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.72 w3wp.exe (0x182C)
0x1210 SharePoint Foundation                 General
         8e2s                Medium              Unknown SPRequest error occurred.
More information: 0x80070005      cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.72 w3wp.exe (0x182C)
0x1210 SharePoint Foundation                 Runtime
        tkau                Unexpected       System.NullReferenceException: Object reference not set to an instance
of an object.    at Microsoft.SharePoint.ApplicationPages.AccessDeniedPage.LogInAsAnotherUser()     at Microsoft.SharePoint.ApplicationPages.AccessDeniedPage.OnLoad(EventArgs e)     at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)            cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.74 w3wp.exe (0x182C)
0x1210 SharePoint Foundation                 Monitoring
b4ly                Medium              Leaving Monitored Scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/accessdenied.aspx?loginasanotheruser=true&Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)).
Execution Time=22.5439266722447           cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
By the way, this occurs for the farm account also after a successful login and an attempt to sign in as a different user.
Any help would be greatly appreciated

Thanks spadminspadmin:
I have, though I am not sure that what I've added there is correct:
The URL that I am trying to use to access the web application's IIS site is hxxp://iwatest.mydomain.com. I added a binding to the IIS site as follows:
Type    Host name                      port        IP address
http     iwatest.mydomain.com     41171     *
Is that correct?

Web Start - access denied?

Similar Messages

Maybe you are looking for