question

JoeParsons-6182 avatar image
0 Votes"
JoeParsons-6182 asked AmeliaGu-msft commented

Master Data services SQL 2008 to SQL 2019 - post upgrade issue Users function tab access denied

After moving and upgrading MDS from SQL 2008 to SQL 2019 I upgraded the MDS db and most things seem to work fine except for the Edit Users section. When I click on a user and then edit that user and then click the Functions tab I get an Access is Denied error

I am able to edit Group functions fine.

I can edit/view all other tabs fine (General, Membership,Models, Hierarchy Members)

the IIS logs are spitting out a 302 error (if that helps)

sql-server-general
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi JoeParsons-6182,

Welcome to Microsoft Q&A.
Sorry I am not familiar with Master Data Services. Please refer to https://docs.microsoft.com/en-us/sql/master-data-services/users-and-groups-master-data-services?view=sql-server-ver15 and https://www.mssqltips.com/sqlservertip/4636/permission-changes-in-master-data-services-2016/ which might be helpful.

Best Regards,
Amelia

0 Votes 0 ·

1 Answer

JoeParsons-6182 avatar image
1 Vote"
JoeParsons-6182 answered AmeliaGu-msft commented

I figured this out.. MDS app when trying to open the functions tab tries to make a privileged call to SQL using Kerberos to call from the app server to the SQL server. If RC4 encryption is disabled in your domain you need to enable a higher encryption level for your service account for kerberos to work otherwise the service account won't be able to negotiate suitable level encryption for Kerberos. Enabling AES 128 and AES 256 for Kerberos on the app to SQL service account in AD resolves the issue and allows the functions tab to work.



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi JoeParsons-6182,

Glad to know your issue has been resolved and thanks for your sharing!

Regards,
Amelia

0 Votes 0 ·