none
Attempted to perform an unauthorized operation when trying to modify search managed property

    Question

  • Hi,

    I'm getting the error message "The settings could not be saved because of an internal error: Attempted to perform an unauthorized operation" when trying to modify one of search managed properties (in search schema).

    I found out I need to be local administrator for Search server to modify it with success. The problem is that if AD group - of which my account is a member - is added to search server local administrators I'm getting the error message but if I add my account directly to the local administrators group (not via other AD group) everything works fine.

    Does anybody know why is that?

    Tuesday, July 11, 2017 10:08 AM

All replies

  • Hi Przlwo,

    SharePoint caching the user's memberships on login, changes made to a security group are identified only after the cache has expired, possibly taking a long time for it to happen.

    More information refer to the article below:

    https://sergeluca.wordpress.com/2013/07/06/sharepoint-2013-use-ag-groups-yes-butdont-forget-the-security-token-caching-logontokencacheexpirationwindow-and-windowstokenlifetime/

    Best regards,

    Grace Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, July 12, 2017 11:42 AM
  • Hi Grace WR,

    This time the cache settings are not the case.

    I just done as follow:

    1. made sure my account is added directly to SharePoint server "Local Administrators"

    2. tried to modify "CreatedBy" property in "Search Schema" by change "Refinable" to "Yes - active" - SUCCESS

    3. removed my account from "Local Administrators" but kept AD group that my account is a member of.

    4. closed IE

    5. Opened CA again and tried to modify "CreatedBy" property in "Search Schema" by change "Refinable" to "No" - NO SUCCESS !!!

    All steps done one by one. Do you have any other idea?


    • Edited by Przlwo Friday, July 14, 2017 8:07 AM
    Friday, July 14, 2017 8:05 AM
  • As a test, or as a potential workaround, open up Services.msc, find the "Claims to Windows Token Service" in the list of services, note which service account the service is running as, add that service account to the local administrators group of the server(s), and restart the C2WTS service.  That worked for us.

    Some additional error message data from the ULS logs:

    SearchServiceApplication::SetManagedPropertyMappings--Exception: System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.   

     at Microsoft.Office.Server.Search.Administration.SearchObjectAccessChecker.CheckParentFarmRights(IInternalSearchServiceApplication app, SearchObjectLevel level, SearchObjectRight right, Boolean throwException)   

     at Microsoft.Office.Server.Search.Administration.SchemaOperations.PromoteImplicitCrawledProperty(CrawledPropertyInfo implicitCp, Schema schema)   

     at Microsoft.Office.Server.Search.Administration.SchemaOperations.SetManagedPropertyMappings(ManagedPropertyInfo managedProperty, IEnumerable`1 mappingCollection, SearchObjectOwner owner)   

     at Microsoft.Office.Server.Search.Administration.SearchServiceApplication.SetManagedPropertyMappings(ManagedPropertyInfo managedProperty, IEnumerable`1 mappingCollection, SearchObjectOwner owner)

     
    Thursday, January 18, 2018 4:26 PM
  • I opened browser with 'run as administrator' and that resolved the issue.
    Friday, October 12, 2018 6:23 PM