配置一个sharepoint 中型场的时候应用程序日志总是报错:
Event Source: Office SharePoint Server
Event Category: Office Server Shared Services
Event ID: 6482
Date: 2007-06-05
Time: 11:53:44
User: N/A
Computer: XXXXXXXX
Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (3eac0144-1ce6-4219-bba6-b402a50568ea).
System.UnauthorizedAccessException: Access to the path 'C:\WINDOWS\system32\drivers\etc\HOSTS' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileInfo.Delete()
at Microsoft.Search.Administration.Security.HOSTSFile.CleanupDedicatedGathering(Hashtable HOSTSFileMappings, StringBuilder HOSTSComments, IEnumerable obsoleteHosts, String dedicatedName, Boolean isDirty)
at Microsoft.Search.Administration.Security.HOSTSFile.ConfigureDedicatedGathering(SearchServiceInstance searchServiceInstance, SPServer dedicatedWebFrontEndServer, IList`1 previousWebApplicationHostNames)
at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.SynchronizeDefaultContentSource(IDictionary applications)
at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)
You could start troubleshooting by enabling auditing for failure on the HOST-file, in my case it showed that my Server Farm Account (http://technet2.microsoft.com/Office/en-us/library/f07768d4-ca37-447a-a056-1a67d93ef5401033.mspx?mfr=true) failed to do something to the file.
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 2007-06-05
Time: 11:53:44
User: XXXXXX\SPSFarmAAccount
Computer: XXXXXXX
Description:
Object Open:
Object Server: Security
Object Type: File
Object Name: C:\WINDOWS\system32\drivers\etc\hosts
Handle ID: -
Operation ID: {0,398988958}
Process ID: 616
Image File Name: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\OWSTIMER.EXE
Primary User Name: SPSFarmAAccount
Primary Domain: XXXXXX
Primary Logon ID: (0x0,0x190A8)
Client User Name: SPSFarmAAccount
Client Domain: XXXXX
Client Logon ID: (0x0,0x190A8)
Accesses: DELETE
Privileges: -
Restricted Sid Count: 0
Access Mask: 0x10000
检查后发现application server 上的hosts文件没了,从别的server copy一个过来,然后给WSS_ADMINWPG组赋予写权限即可,etc文件夹也要赋予同样权限。
When starting a full or incremental import of Active Directory, either manually or scheduled, the import is successful, but there is an error thrown as soon as the import is initiated. My assumption is the AD import kicks off several simulateous jobs such as updating users "My SharePoint Sites" in the MOSS and Office 2007 environments.
For reference, to kick off a manual import of AD: Central Administration > Shared Services > User Profile and Properties
Event ID 7888
Event Type: Error
Event Source: Office SharePoint Server
Event Category: Office Server General
Event ID: 7888
Description: A runtime exception was detected. Details follow.
Message: Access Denied! Only site admin can access Data Source object from user profile DB.
Technical Details:
System.UnauthorizedAccessException: Access Denied! Only site admin can access Data Source object from user profile DB.
at Microsoft.Office.Server.UserProfiles.SRPSite.AdminCheck(String message)
at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(IDataRecord rec)
at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(String strDSName)
at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site, Boolean fAllowEveryoneRead)
at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site)
at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.GetDataSource()
at Microsoft.Office.Server.UserProfiles.BDCConnector.RefreshConfiguration(String sspName)
Resolution
- Navigate to: Central Administration > Operations > Services on Server > Office SharePoint Server Search.
-
In the "Configure Office SharePoint Server Search Service Settings" page, locate the account defined for "Farm Search Service Account" and write down the account name.
- For reference, the account defined serves as the account for the AD "Configure Profile Account" access account.
- For reference, you can get to AD Profile Account page: Central Administration > Shared Services > User Profile and Properties > Configure Profile Import.
- Navigate to: Central Administration > Shared Services > Personalization services permissions.
-
On the "Manage Permissions: Shared Service Rights" page, add the account from before (or edit if already exists). The account needs one of the following permissions; I couldn't figure out which one:
- Manage user profiles
- Manage permissions
I've tested this resolution several times with success.
For reference, I've updated my Farm Search Service Account with the following permissions since the account in question will most likely be accessing the types of content referenced in the permissions at one point or another:
- Manage user profiles
- Manage audiences
- Manage permissions
- Manage usage analytics