After moving and upgrading MDS from SQL 2008 to SQL 2019 I upgraded the MDS db and most things seem to work fine except for the Edit Users section. When I click on a user and then edit that user and then click the Functions tab I get an Access is Denied error
I am able to edit Group functions fine.
I can edit/view all other tabs fine (General, Membership,Models, Hierarchy Members)
the IIS logs are spitting out a 302 error (if that helps)
Hi JoeParsons-6182,
Welcome to Microsoft Q&A.
Sorry I am not familiar with Master Data Services. Please refer to https://docs.microsoft.com/en-us/sql/master-data-services/users-and-groups-master-data-services?view=sql-server-ver15 and https://www.mssqltips.com/sqlservertip/4636/permission-changes-in-master-data-services-2016/ which might be helpful.
Best Regards,
Amelia
I figured this out.. MDS app when trying to open the functions tab tries to make a privileged call to SQL using Kerberos to call from the app server to the SQL server. If RC4 encryption is disabled in your domain you need to enable a higher encryption level for your service account for kerberos to work otherwise the service account won't be able to negotiate suitable level encryption for Kerberos. Enabling AES 128 and AES 256 for Kerberos on the app to SQL service account in AD resolves the issue and allows the functions tab to work.
Hi JoeParsons-6182,
Glad to know your issue has been resolved and thanks for your sharing!
Regards,
Amelia
20 people are following this question.
