Tag Archives: Permission

Accounts used to install and configure SharePoint 2013

Account Purpose Requirements
SQL Server service account The SQL Server service account is used to run SQL Server. It is the service account for the following SQL Server services:  MSSQLSERVER  SQLSERVERAGENT   If you do not use the default SQL Server instance, in the Windows Services console, these services will be shown as the following:  MSSQL  SQLAgent Use either a Local System account or a domain user account. If you plan to back up to or restore from an external resource, permissions to the external resource must be granted to the appropriate account. If you use a domain user account for the SQL Server service account, grant permissions to that domain user account. However, if you use the Network Service or the Local System account, grant permissions to the external resource to the machine account (). The instance name is arbitrary and was created when SQL Server was installed.
Setup user account The Setup user account is used to run the following:  Setup  SharePoint Products Configuration Wizard  Domain user account.  Member of the Administrators group on each server on which Setup is run.  SQL Server login on the computer that runs SQL Server.  Member of the following SQL Server roles:  securityadmin fixed server role  dbcreator fixed server role   If you run Windows PowerShell cmdlets that affect a database, this account must be a member of the db_ownerfixed database role for the database.
Server farm account or database access account The server farm account is used to perform the following tasks:  Configure and manage the server farm.  Act as the application pool identity for the SharePoint Central Administration Web site.  Run the Microsoft SharePoint Foundation Workflow Timer Service.  Domain user account.   Additional permissions are automatically granted for the server farm account on Web servers and application servers that are joined to a server farm. The server farm account is automatically added as a SQL Server login on the computer that runs SQL Server. The account is added to the following SQL Server security roles:  dbcreator fixed server role  securityadmin fixed server role  db_owner fixed database role for all SharePoint databases in the server farm
Sorry we could’t follow the document or site sharepoint 2013

Sorry we could’t follow the document or site sharepoint 2013

Problem

Now what this is really about and the reason why you stopped at this post. SharePoint 2013 gives an error when you hit the ‘Follow‘ button with the next message: Something went wrong.

Sorry we could’t follow the document or site sharepoint 2013

Sorry we could’t follow the document or site sharepoint 2013

In this example I tried to follow a document in a library.

Cause

This pop-up doesn’t provide a lot of information. except that it’s not working. The next step is to check the good old SharePoint logs at the ‘15 Hive‘ location: C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions15LOGS

Analyzing the log file shows that there is a problem opening the content database hosting the users
My Sites. Now it starts to get interesting. reading further down the logs shows the name of the user account that has failed to login. (search the term ‘for Cannot open database’)

Sorry we could’t follow the document or site sharepoint 2013

Sorry we could’t follow the document or site sharepoint 2013

The cause of this problem is that the Application Pool Account has no access to the database. This is most probably caused by the service accounts that are used for the SharePoint default web application and the My Sites web application.

This can easily be checked with a PowerShell script :

Add-WindowsFeature Web-WMI | Format-List
Get-CimInstance -Namespace root/MicrosoftIISv2 -ClassName IIsApplicationPoolSetting -Property Name, WAMUserName, WAMUserPass | select Name, WAMUserName, WAMUserPass

powershell app pool account

powershell app pool account

Solution:

This is what you’ve all been waiting for! How do I solve this annoying issue.
Well the resolution is pretty easy. You have to go to the database server and give the Application Pool Account access to the needed database.

Open your SQL server and correct instance and select the user that you’ve found in the SharePoint log. In my case this was the user: ‘TESTSP_WebApps

Go to the Security – Logins node and right-click on the user that you found earlier in the SP Logs and select properties.

Sorry we could’t follow the document or site sharepoint 2013

Sorry we could’t follow the document or site sharepoint 2013

Now select the ‘User Mapping‘ node and select the My Sites content database.
Also select the ‘SPDataAccess‘ and hit the OK button.

SQL login properties user maping settings

SQL login properties user maping settings

Close the SQL Server and go back to your SharePoint site.

Your set to go and ready to follow documents, Libraries, Sites, etc.

filename invalid or too long 1920x1080

filename invalid or too long SharePoint

Advertisements

Advertisements

The filename invalid or too long. Specify a different filename

"The filename invalid or too long Specify a different filename" error while opening document library in windows explorer mode.

File name invalid or too long

File name invalid or too long

For testing  I tried to upload a single file using browser but its generated error as below:

Sorry, something went wrong.The URL ‘Shared documents/Project budget.xlsx’ is invalid.

File name invalid or too long

File name invalid or too long

Actually filename is not very long at all, including the full path. I looked into the ULS logs (for the time i tried to upload file) and found log as as below:

Exception thrown storing stream in new SqlRemoteBlob: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. —> Microsoft.Data.SqlRemoteBlobs.BlobStoreException: There was a generic database error. For more information, see the included exception. —> System.Data.SqlClient.SqlException: RBS Error. Original Error: Number 297, Severity 16, State 1, Procedure rbs_fs_sp_check_pool_size, Line 31, Message: The user does not have permission to perform this action.  Transaction count after EXECUTE indicates a mismatching number of BEGIN and COMMIT statements. Previous count = 1, current count = 0.     at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)

I have RBS (Remote Blob Storage) enabled for this content database so it appears that, this has got messed up somehow.  After reading various other blog posts and TechNet articles I began some trial and error with the database permissions.

Solution :

So as to resolve this issue we need to grant the service account used by the application pool "db_owner" rights on the content database, in addition to the "db_rbs_* " permissions.

File name invalid or too long

File name invalid or too long

The original error about the filename being too long or invalid is very misleading, there is no hint of a permissions.

Advertisements

Advertisements

Something went wrong 1920x1080

Something went wrong after enabling RBS

Advertisements

Advertisements

Something went wrong error after enabling RBS

I have just configured and enabled RBS for my SharePoint 2013 environment and now when I try to access the site I get the following error message: Sorry, Something went wrong Something went wrong error after enabling RBS sharepoint

Cannot complete this action.

Please try again.

Yet another fine example of unhelpful error messages from Microsoft!  Well, a quick check of the Event Log revealed nothing so I moved on to the ULS log.  Just before the error was generated the following lines were recorded in the log

System.Data.SqlClient.SqlException (0×80131904): The EXECUTE permission was denied on the object ‘rbs_fn_get_blob_reference’, database ‘WEBBWORLD_Content_Portal’, schema ‘mssqlrbs’.

SQL error code from last error 229 – The EXECUTE permission was denied on the object ‘rbs_fn_get_blob_reference’, database ‘WEBBWORLD_Content_Portal’, schema ‘mssqlrbs’.

Clearly the problem was down to permissions.  After a bit of trial and error I discovered that the fix was to grant the following permissions to the Application Pool account on the content database:

  • db_rbs_admin
  • db_rbs_filestream_maintaner_1
  • db_rbs_filestream_reader_1
  • db_rbs_filestream_writer_1
  • db_rbs_maintainer
  • db_rbs_reader
  • db_rbs_writer
Advertisements

Advertisements