none
Unable to logon to SharedServices1 admin or MySite

    Question

  • I am currently experiencing a strange and seemingly unsolvable login issue with SharedServices1 Admin and coincidently MySite. This is happening even I am   logged onto as local administrator ( which is also site collection administrator) and I navigate from SP Central Administration . The environment has been working fine.

      On each occasion I am presented with a login dialog and I attempt to use administrator or SPFarmerAcc or SPAppPoolSSP or just about anything... “ HTTP Error 401.1- The result is   HTTP error 401 you are not authorized to view this page”

    Anyway, to solve the issue. I have

    1. Deleted and recreated SSP and MYsite web apps
    2. Created new SSPs... SharedServices2 etc.
    3. Deleted all of the above 1) through CA   and 2) with stsadm –o deletessp then recreated the same environment.

     

    This is got be something to do with what or whom SharedServices1 is authenticated against. My main site directory is fine.





    Thursday, July 16, 2009 3:35 PM

Answers

  • Hi,

    The issue was caused by the host header entry in IIS for the SSP admin site.

    In order to resolve the issue, we should disable the loopback check in registry (please backup the registry before you do any modifications, for more information about Description of the Microsoft Windows Registry: http://support.microsoft.com/ID=256986), please follow the steps below:

    1.     Click Start, click Run, type regedit, and then click OK.

    2.     In Registry Editor, locate and then click the following registry key:

    3.     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

    4.     Right-click Lsa, point to New, and then click DWORD Value.

    5.     Type DisableLoopbackCheck, and then press ENTER.

    6.     Right-click DisableLoopbackCheck, and then click Modify.

    7.     In the Value data box, type 1, and then click OK.

    8.     Quit Registry Editor, and then restart your computer.

    Hope it can help you.


    Xue-Mei Chang
    Monday, July 20, 2009 7:35 AM
    Moderator

All replies

  • The SSP Admin site is a separate site collection with its own permissions.

    Go to Central Admin > App Mgmt > Site Collection Administrators > Choose your SSP Admin site in the pulldown > Add your account as an SCA.
    SharePoint Architect || My Blog
    Thursday, July 16, 2009 5:00 PM
  • Thanks for the advice. However,  my account (local administrator) was already added. I have tried adding other local users  as  both primary and secondary Site Collection Administrors but to no avail.  The odd thing is that the settings here are no different to those on  the main site directory which I can logon to without any issues.
    Thursday, July 16, 2009 5:38 PM
  • Ok, when you created the SSP admin site, what was the URL?  Was it just machine name and port, or did you do a host header?  Also, go check the event viewer to see what error is popping up when you fail to log in.

    Are you using Kerberos or NTLM?  Is this WS03 or WS08?
    SharePoint Architect || My Blog
    Thursday, July 16, 2009 5:40 PM

  • Thanks for getting back to me.

    The SSP was created with a host header (served by a DNS service running under linux). I can open a cmd promp and sucessfully ping ssp04.mydomain.com.
    Iam using NTLM for authentication under windows 2003R2

    The event log is giving a bit of a clue

    Event Type:    Failure Audit
    Event Source:    MSSQLSERVER
    Event Category:    (4)
    Event ID:    18456
    Date:        17/07/2009
    Time:        13:11:00
    User:        NT AUTHORITY\SYSTEM

    Details
    Product: SQL Server
    ID: 18456
    Source: MSSQLSERVER
    Version: 10.0
    Component: SQLEngine
    Symbolic Name: LOGON_FAILED
    Message: Login failed for user '%.*ls'.%.*ls
       
    Explanation
    When a connection attempt is rejected because of an authentication failure that involves a bad password or user name, a message similar to the following is returned to the client: "Login failed for user ''. (Microsoft SQL Server, Error: 18456)".

    Additional information returned to the client includes the following:

    "Login failed for user ''. (.Net SqlClient Data Provider)"

    Friday, July 17, 2009 12:22 PM
  • My opinion is that people need to stop using the built-in local admnistrator when building SharePoint.  Use a real domain user account in AD, and if you don't have AD, at least make an account that you then give admin access to everything.

    I don't know exactly what is happening, but it's clearly pointing to invalid credentials or permissions.
    SharePoint Architect || My Blog
    Friday, July 17, 2009 2:13 PM
  • I don't entirely agree with you. Yes I would prefer to use the AD in a production system but for a test environment the  built-in the local administrator account or even a database user should be ok along as valid authentication takes place. I guess this why Microsoft added this type of support to TFS 2008.

    My test installation has been working so far without any problems so this has baffled me as I haven't done anything too exciting in the environment other than add a number of templates, features/webparts.  You have definitely given me a number of ideas though inc repeating the install on another vm but using ipaddress and port no.  it's a pity the HIVE logs don't really say anything.
    Friday, July 17, 2009 5:55 PM
  • I never use a local admin account as it is not how SP was intended to be built.  Even if I don't have AD, I use accounts other than those that are built-in, and I never have any issues like this.  That is not to say it is related in any way, but you clearly have a credentials or permissions issue.  Is your SQL installed on the same machine as SP?
    SharePoint Architect || My Blog
    Friday, July 17, 2009 6:02 PM
  • Hi,

    The issue was caused by the host header entry in IIS for the SSP admin site.

    In order to resolve the issue, we should disable the loopback check in registry (please backup the registry before you do any modifications, for more information about Description of the Microsoft Windows Registry: http://support.microsoft.com/ID=256986), please follow the steps below:

    1.     Click Start, click Run, type regedit, and then click OK.

    2.     In Registry Editor, locate and then click the following registry key:

    3.     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

    4.     Right-click Lsa, point to New, and then click DWORD Value.

    5.     Type DisableLoopbackCheck, and then press ENTER.

    6.     Right-click DisableLoopbackCheck, and then click Modify.

    7.     In the Value data box, type 1, and then click OK.

    8.     Quit Registry Editor, and then restart your computer.

    Hope it can help you.


    Xue-Mei Chang
    Monday, July 20, 2009 7:35 AM
    Moderator
  • Thank you so much for your help Xue-Mei and Clayton. Yes following the regisitry change I am now back in the SharedServices1 admin site... this has taken me a considerable amount of time to resolve. I am currious as why this issue has suddenly starting appearing?
    Monday, July 20, 2009 9:49 AM
  • This is a new issue that just started happening to everyone.  I don't know if it's caused by Windows Server 2008 or by SP2.  Anyone?
    SharePoint Architect || My Blog
    Monday, July 20, 2009 2:05 PM
  • Hi,

    The issue was caused by the host header entry in IIS for the SSP admin site.

    In order to resolve the issue, we should disable the loopback check in registry (please backup the registry before you do any modifications, for more information about Description of the Microsoft Windows Registry: http://support.microsoft.com/ID=256986), please follow the steps below:

    1.     Click Start, click Run, type regedit, and then click OK.

    2.     In Registry Editor, locate and then click the following registry key:

    3.     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

    4.     Right-click Lsa, point to New, and then click DWORD Value.

    5.     Type DisableLoopbackCheck, and then press ENTER.

    6.     Right-click DisableLoopbackCheck, and then click Modify.

    7.     In the Value data box, type 1, and then click OK.

    8.     Quit Registry Editor, and then restart your computer.

    Hope it can help you.


    Xue-Mei Chang

    Awesome! I was scatching my head on this one... this was the fix. Thank you!
    Tuesday, December 27, 2011 12:01 AM