SharePoint By Yagya Shree

SharePoint: How to run SharePoint site using “Kerberos authentication” with “DefaultAppPool” who is running under the identity “NETWORK SERVICE”

leave a comment »

PROBLEM:
———–
-We are trying to set the site collection <http://site url:80>  with Kerberos authentication
–Also we want the identity running the application pool running web application “NETWORK SERVICES”
–Due to these settings changes site gives error message “Cannot connect to the configuration database.”

SYMPTOMS:
—————–
–When ever trying to browse the site, getting error message “Cannot connect to the configuration database.”
–Getting event IDs 3351 in the event viewer under “Application”
ERROR MESSAGE:
————————–
Cannot connect to the configuration database
Event ID 3351
CAUSE:
———–
–Issue with Permission of account which are
NT AUTHORITY\NETWORK SERVICE:-
[default account]

<domainname>\<servername>$:-
[This will be the default account name for the server running SharePoint]

 

RESOLUTION:
——————–

–Add the accounts “NT AUTHORITY\NETWORK SERVICE” and “<domainname>\<servername>$” in following local groups on the SharePoint server

Administrators
IIS_WPG
WSS_ADMIN_WPG
WSS_RESTRICTED_WPG
WSS_WPG

— Add the accounts “NT AUTHORITY\NETWORK SERVICE” and “<domainname>\<servername>$” in following local groups on the SQL server

Administrators
IIS_WPG

–Open the SQL Server Management Studio or any SQL server database access client and give following permission to both the accounts under Security-logins–“NT AUTHORITY\NETWORK SERVICE” and “<domainname>\<servername>$”

Security administration
Database creator
System administrators

–Now in SharePoint server add the following account “NT AUTHORITY\NETWORK SERVICE” to run DCOM services. For that you need to follow the below Microsoft article
<http://technet.microsoft.com/en-us/library/bb633148.aspx>

–Perform IISRESET

–Browse the SharePoint site and it should be opening without any problems

STEPS TO REPRO:
————————–
–In the central administration-Application management-authentication providers–change the authentication type to “Kerberos” instead of “NTLM” for the web application running the SharePoint site collection
–Open the IIS Manager and change the Application pool for the web site to be “DefaultAppPool”
–Change the identity of the “DefaultAppPool” to run under “Network Service”
–Browse the site and you should get the message “Cannot connect to the configuration database.”
EVENT ID:
—————-
Event Type: Error
Event Source: Windows SharePoint Services 3
Event Category: Database
Event ID: 3351
Date:  12/15/2008
Time:  4:06:32 PM
User:  N/A
Computer: Servername
Description:
SQL database login failed. Additional error information from SQL Server is included below.

Login failed for user ‘<domainname>\<servername>$’.

For more information, see Help and Support Center at <http://go.microsoft.com/fwlink/events.asp>.

 

ENVIRONMENT:
———————–
Windows Server 2003 Enterprise (32-bit)
WSS 3.0 with SP1 (32-bit)
SQL Server 2000 with SP4 (32-bit)

KEYWORDS:
———————
Network Service Kerberos DefaultAppPool configuration database connect 3351

Written by Yagyashree

May 1, 2009 at 6:26 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: