locked
stsadm createssp Provisioning Failed RRS feed

  • Question

  •  provisioning failed:  user does not have permission to perform this action

    We are on the last step of the Deploy using DBA created databases document in an environment where we do not have dbcreator or securityadmin on the SQL server.  We encounter the message above after about 10 minutes of waiting for the createssp command to complete at the command prompt.
    Environment is Win Server 2003 x64 SP 2 (In a 2 server deployment w/ Central admin installed on both servers, 1 as Index, and 1 as Query)
    w/SQL 2005 x64 SP 2
    MOSS 2007 w/ SP1 (latest MSDN combined version)
    .Net 3.5

    The result is that the SSP admin interfacece is created, but there is a red x on the central admin screen next to the shared service provider name along with the error message above (the MySites, SSP App, and Portal site are all listed under it).  In addition when accessing Search Settings, the following error is displayed:  The seach application is not provisioned because a Shared Service Provider has not been created.

    We followed the document to the T, and have provided access to the appropriate accounts to the databases as instructed.

    When running a SQL trace, we noticed the same error message happens on the following command:
    exec sp_executesql N'declare @user_name sysname select @user_name = SUSER_SNAME(@sid) if (@user_name is not null) exec sp_grantlogin @user_name declare @db_user_name sysname select @db_user_name = name from sysusers where sid = @sid if (@db_user_name is null and @user_name is not null) exec sp_grantdbaccess @user_name, @db_user_name output if not user_id(@db_user_name) in (1,0,3,4) exec sp_addrolemember @role, @db_user_name',N'@sid varbinary(28),@role nvarchar

    It was executed against the config database by the install account.  sp_grantlogin is the problem here and this runs even though the account has already been added to the database.

    This could be a new bug introduced in the MOSS 2007 SP1 installer when using DBA created databases with minimal permissions.


    RobertRFreeman
    Saturday, January 24, 2009 2:10 AM

Answers

  • Hi Robert, this forum is for software developers who are using the Open Protocol Specification documentation to assist them in developing systems, services, and applications. The Open Protocol Specifications can be found at: http://msdn2.microsoft.com/en-us/library/cc203350.aspx. Since your post does not appear to be related to the Open Protocol Specification documentation set we would appreciate it if you could try the 'SQL Server Security' forum at http://social.msdn.microsoft.com/forums/en-US/sqlsecurity/threads/ instead to find the information you are looking for. Thanks!

    Your description of the problem implies a security issue; however, please note we also have a number of SharePoint forums listed on http://forums.microsoft.com/MSDN/default.aspx?siteid=1.

    Regards,
    Bill Wesse - MSFT


    Escalation Engineer
    Saturday, January 24, 2009 1:03 PM
  • Good morning Robert - no problem on the post. I would have been pleased to assist more, save that I don't have much direct experience with Sql security configuration.

    Regards,

    Bill Wesse - MSFT

     


    Escalation Engineer
    Sunday, January 25, 2009 11:32 AM

All replies

  • Hi Robert, this forum is for software developers who are using the Open Protocol Specification documentation to assist them in developing systems, services, and applications. The Open Protocol Specifications can be found at: http://msdn2.microsoft.com/en-us/library/cc203350.aspx. Since your post does not appear to be related to the Open Protocol Specification documentation set we would appreciate it if you could try the 'SQL Server Security' forum at http://social.msdn.microsoft.com/forums/en-US/sqlsecurity/threads/ instead to find the information you are looking for. Thanks!

    Your description of the problem implies a security issue; however, please note we also have a number of SharePoint forums listed on http://forums.microsoft.com/MSDN/default.aspx?siteid=1.

    Regards,
    Bill Wesse - MSFT


    Escalation Engineer
    Saturday, January 24, 2009 1:03 PM
  • Hi.  Sorry for this.  I was in another forum when I posted this, but it put it here.  After restarting the browser, I was able to post to the correct forum.
    RobertRFreeman
    Saturday, January 24, 2009 10:47 PM
  • Good morning Robert - no problem on the post. I would have been pleased to assist more, save that I don't have much direct experience with Sql security configuration.

    Regards,

    Bill Wesse - MSFT

     


    Escalation Engineer
    Sunday, January 25, 2009 11:32 AM