配置一个sharepoint 中型场的时候应用程序日志总是报错:

If you get this error every other minute:
Event Type: Error
Event Source: Office SharePoint Server
Event Category: Office Server Shared Services
Event ID: 6482
Date:  2007-06-05
Time:  11:53:44
User:  N/A
Computer: XXXXXXXX
Description:
Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (3eac0144-1ce6-4219-bba6-b402a50568ea).
Reason: Access to the path 'C:\WINDOWS\system32\drivers\etc\HOSTS' is denied.
Techinal Support Details:
System.UnauthorizedAccessException: Access to the path 'C:\WINDOWS\system32\drivers\etc\HOSTS' is denied.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileInfo.Delete()
   at Microsoft.Search.Administration.Security.HOSTSFile.CleanupDedicatedGathering(Hashtable HOSTSFileMappings, StringBuilder HOSTSComments, IEnumerable obsoleteHosts, String dedicatedName, Boolean isDirty)
   at Microsoft.Search.Administration.Security.HOSTSFile.ConfigureDedicatedGathering(SearchServiceInstance searchServiceInstance, SPServer dedicatedWebFrontEndServer, IList`1 previousWebApplicationHostNames)
   at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.SynchronizeDefaultContentSource(IDictionary applications)
   at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
   at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

You could start troubleshooting by enabling auditing for failure on the HOST-file, in my case it showed that my Server Farm Account (http://technet2.microsoft.com/Office/en-us/library/f07768d4-ca37-447a-a056-1a67d93ef5401033.mspx?mfr=true) failed to do something to the file.

 

Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date:  2007-06-05
Time:  11:53:44
User:  XXXXXX\SPSFarmAAccount
Computer: XXXXXXX
Description:
Object Open:
  Object Server: Security
  Object Type: File
  Object Name: C:\WINDOWS\system32\drivers\etc\hosts
  Handle ID: -
  Operation ID: {0,398988958}
  Process ID: 616
  Image File Name: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\OWSTIMER.EXE
  Primary User Name: SPSFarmAAccount
  Primary Domain: XXXXXX
  Primary Logon ID: (0x0,0x190A8)
  Client User Name: SPSFarmAAccount
  Client Domain: XXXXX
  Client Logon ID: (0x0,0x190A8)
  Accesses: DELETE
   
  Privileges: -
  Restricted Sid Count: 0
  Access Mask: 0x10000

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
According to the Technet article you don't have to add any specific permission om the MOSS server.
But The account need to be able to add some entries to the host file for search purposes.
 
Update: Apparently COMPUTER\WSS_ADMINWPG is suppose to have Modify permissions on the HOSTS-file, which fixes this problem.

Note: These permissions need to be applied to the etc folder itself and not just the host file otherwise SharePoint will delete the file and will not be able to recreate it.

检查后发现application server 上的hosts文件没了,从别的server copy一个过来,然后给WSS_ADMINWPG组赋予写权限即可,etc文件夹也要赋予同样权限。

When starting a full or incremental import of Active Directory, either manually or scheduled, the import is successful, but there is an error thrown as soon as the import is initiated. My assumption is the AD import kicks off several simulateous jobs such as updating users "My SharePoint Sites" in the MOSS and Office 2007 environments.

For reference, to kick off a manual import of AD: Central Administration > Shared Services > User Profile and Properties

Event ID 7888

Event Type: Error
Event Source: Office SharePoint Server
Event Category: Office Server General
Event ID: 7888

Description: A runtime exception was detected. Details follow.

Message: Access Denied! Only site admin can access Data Source object from user profile DB.

Technical Details:
System.UnauthorizedAccessException: Access Denied! Only site admin can access Data Source object from user profile DB.
at Microsoft.Office.Server.UserProfiles.SRPSite.AdminCheck(String message)
at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(IDataRecord rec)
at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(String strDSName)
at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site, Boolean fAllowEveryoneRead)
at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site)
at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.GetDataSource()
at Microsoft.Office.Server.UserProfiles.BDCConnector.RefreshConfiguration(String sspName)

Resolution

  1. Navigate to: Central Administration > Operations > Services on Server > Office SharePoint Server Search.
  2. In the "Configure Office SharePoint Server Search Service Settings" page, locate the account defined for "Farm Search Service Account" and write down the account name.
    1. For reference, the account defined serves as the account for the AD "Configure Profile Account" access account.
    2. For reference, you can get to AD Profile Account page: Central Administration > Shared Services > User Profile and Properties > Configure Profile Import.
  3. Navigate to: Central Administration > Shared Services > Personalization services permissions.
  4. On the "Manage Permissions: Shared Service Rights" page, add the account from before (or edit if already exists). The account needs one of the following permissions; I couldn't figure out which one:
    1. Manage user profiles
    2. Manage permissions

I've tested this resolution several times with success.

For reference, I've updated my Farm Search Service Account with the following permissions since the account in question will most likely be accessing the types of content referenced in the permissions at one point or another:

  • Manage user profiles
  • Manage audiences
  • Manage permissions
  • Manage usage analytics