none
suddenly a working bcs cannot connect to the lobsystem (external system). sharepoint 2010

    Question

  • Hi all

    A sudden error for a working bcs list,  when trying to view the list using the bcs in sharePoint 2010 ,

    the error msg is :

    cannot connect to the lobsystem (external system)

    and the log :

    SharePoint Foundation       Business Data     8080    Critical    Could not open connection using 'data source="SQLSERVER, PORTNo";initial catalog=DBNAME;integrated security=SSPI;pooling=true;persist security info=false' in App Domain '/xx/W3SVC/xxxxx/ROOT-x-xxxxxxxxxx'. The full exception text is: Cannot open database "DBName" requested by the login. The login failed.  Login failed for user 'XX\xxAdminxx'.    xxxxxxxxxxxxxxx

    the user account that is mentioned in error msg as login failed , is the db owner of the database, and as mentioned it was a working list, where else i could find a useful info other than this log failed ??? as it seems to be not the case, thank you for any advice


    azoozazooz

    Thursday, March 21, 2013 12:57 PM

Answers

  • Hi,

    After a good struggle I got solution for this.

    Following are the pointers that I collected:

    1. Every article I found against "Cannot connect to the LobSystem (External System)." error message pointed to addition of user(s), providing permission and mapping the database on the sql end.
    2. Apart from above some article talked on kind of authentication to be used for BCS like viz; BDC Identity (RevertToSelf) and Impersonated Windows Identity (Secure Store Service)

    In my case I tried all of these in following manner:

    1. Since users were required to be added and mapped to the sql server I added these many user/groups on SQL end
      • NT AUTHORITY\NETWORK SERVICE
      • NT AUTHORITY\IUSR
      • NT AUTHORITY\ANONYMOUS LOGON

    As per the sequence above finally all SQL errors were suppressed, I mapped all these to the database of my interest and provided them dbreader permission.

    1. In my previous post I mentioned that Secure store service was not working in my case so I troubleshoot that to make it work. Since mine is FARM Installation on same server, so I have to start and configure all the services on the server. Once I did this then I came back to Secure Store Service and created it successfully and later created the user token.

    Anyways I still feel this should not be way because just for the sake of allowing access to BCS one should not add anonymous logon and others to the database.


    Manish Patil http://patilmanishrao.wordpress.com Posting is provided AS IS with no warranties, and confers no rights.

    Manish Patil's Blog

    ↑ Grab this Headline Animator

    Tuesday, May 7, 2013 7:41 AM

All replies

  • Hi,

    Same is in my case. I'm also getting the same error "Cannot connect to the LobSystem (External System)."

    I'm connecting SQL Server 2008 R2 Database and using Authentication mode: "BDC Identity" (These are the same values in Connection Properties for Default and Client)

    There is one more issue on my server: I'm not able to create "Secure Store Service Application" neither from CA nor with Powershell. Surprisingly its not giving me any error nor I was successful to trace any log wrt this.

    Any pointer will be good help.


    Manish Patil http://patilmanishrao.wordpress.com Posting is provided AS IS with no warranties, and confers no rights.

    Manish Patil's Blog

    ↑ Grab this Headline Animator

    Thursday, May 2, 2013 1:47 PM
  • Hi,

    After a good struggle I got solution for this.

    Following are the pointers that I collected:

    1. Every article I found against "Cannot connect to the LobSystem (External System)." error message pointed to addition of user(s), providing permission and mapping the database on the sql end.
    2. Apart from above some article talked on kind of authentication to be used for BCS like viz; BDC Identity (RevertToSelf) and Impersonated Windows Identity (Secure Store Service)

    In my case I tried all of these in following manner:

    1. Since users were required to be added and mapped to the sql server I added these many user/groups on SQL end
      • NT AUTHORITY\NETWORK SERVICE
      • NT AUTHORITY\IUSR
      • NT AUTHORITY\ANONYMOUS LOGON

    As per the sequence above finally all SQL errors were suppressed, I mapped all these to the database of my interest and provided them dbreader permission.

    1. In my previous post I mentioned that Secure store service was not working in my case so I troubleshoot that to make it work. Since mine is FARM Installation on same server, so I have to start and configure all the services on the server. Once I did this then I came back to Secure Store Service and created it successfully and later created the user token.

    Anyways I still feel this should not be way because just for the sake of allowing access to BCS one should not add anonymous logon and others to the database.


    Manish Patil http://patilmanishrao.wordpress.com Posting is provided AS IS with no warranties, and confers no rights.

    Manish Patil's Blog

    ↑ Grab this Headline Animator

    Tuesday, May 7, 2013 7:41 AM
  • Hi,

    More thing I got to see about NTLM, Kerberose one nice link to put some light on it.


    Manish Patil http://patilmanishrao.wordpress.com Posting is provided AS IS with no warranties, and confers no rights.

    Manish Patil's Blog

    ↑ Grab this Headline Animator

    Tuesday, May 7, 2013 11:14 AM