Errors in a new MDS web site (I) : Access is Denied
In this series of post, I am going to show you the most common (and not so common) problems we can find when creating a new web site and how to troubleshoot them.
The access denied error when deploying a web site in Master Data Services, is one of the most classical issues, and probably the first one you are going to deal with if you are new to MDS.
First of all, let's see how to enable MDS logs. They will help us to identify what's going on:
In the path program_files\Microsoft SQL Server\<version>\Master Data Services\WebApplication edit the web config.
1.- Uncomment the section below by removing the yellow portion:
<!-- <add name="LogFileListener" type="System.Diagnostics.TextWriterTraceListener" initializeData="c:\temp\MdsTrace.log" traceOutputOptions="DateTime" /> -->
2.- In the initializeData parameter, type the path and the name of the log file that will be created.
3.- In the system.diagnostics section. Change the switchValue to "All".
<source name="MDS" switchType="System.Diagnostics.SourceSwitch" switchValue="All">
4.- Save the changes and restart the apppool. If you cannot restart it, the web application will reload configuration settings in a couple of minutes, so let's wait for the log file to appear in the folder.
5.-Reproduce the problem
6.- Stop the application pool and retrieve the log file (may need to wait for writing to finish; there could be a delay after stopping the app pool)
7.- Open the web.config file with a text editor and change the switchValue back to “Off” or the prior value.
Once the logs are enabled let's see the first case.
When accessing the MDS website, we get a blank page containing a message "Access is Denied":
Access is denied can be caused by different reasons, today I want to show you the most typical.
In the logs we see the following error message:
MDS Error: 0 : A Windows identity could not be obtained from the current Windows principal or the user property is null.
MDS Stop: 2 : RequestContext.InitializeCurrentUser
MDS Error: 0 : LogError : The user does not have access to the application.
That happens when anonymous authentication is enabled in the MDS web site.
Disabling Anonymous authentication will solve the issue. Only Windows authentication must be enabled:
Usually the application pool restart is no required, so you can try again after a couple of minutes.