Some More MOSS Gotchas

Happy New Year! I hope that you had fun during the holidays and you didn't eat too much - or at least you can balance it with some gym exercise in the upcoming days. :)

A few weeks ago, I installed MOSS at a Customer here in Ireland and I had more difficulties than I ever expected. Part of the problems were due to product problems (hopefully, they will be solved by SP1), the other part was caused by a very strict Group Policy configuration. I chose the best ones and blogged here to help you guys out from the trouble:

SharePoint Timer Service Fails to Start

After the first restart on my fresh MOSS box, I got the famous error message on the logon screen: "At least one service failed to start". It turns out that it's the SharePoint Timer Service that failed to start. I get the following error message in the application log:

Source: Office SharePoint Server.
Category: Office Server Shared Services.
Event ID: 6482.
Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (894b2244-ea64-4466-8aa3-99db5c7f6706).
Reason: Logon failure: the user has not been granted the requested logon type at this computer

Techinal Support Details:
System.ComponentModel.Win32Exception: Logon failure: the user has not been granted the requested logon type at this computer
at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.SynchronizeDefaultContentSource(IDictionary applications)
at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)

If I fix it by re-typing the username and password, I get a popup saying the the account is granted a "Log on as a Service" right. Then after another restart, the problem starts again.

Resolution: for the first look, it seems the Windows forgets the password that I typed, but after some research, it turns out that the reason is that the account used to run the SharePoint Timer Service lost the "Log on as a Service" privilege due to Group Policy restrictions. Make sure that your service account has this right granted in the Local Security Policy snap-in.

SharePoint Doesn't Crawl People

The symptoms are that even if people objects were successfully imported, they are not crawled by MOSS search. The following error entry can be found in the crawl log and event log:

Error in PortalCrawl Web Service
Event ID: 2436
Category: Gatherer
Source: Office Server Search
The start address <sps3://did-spt-01:6376> cannot be crawled.
Context: Application 'Default SSP', Catalog 'Portal_Content'
Error in PortalCrawl Web Service. (0x80042617)

The content source Uri starting with sps3:// is the people database's content source. For some reason, by default, it's pointing to the SSP's Uri (address and port).

Resolution: changed the default sps3://did-spt-01:6376 to sps3://did-spt-01:80

DCOM Activation Errorsin the System Log:

I got an error in the system log:

Type: Error
Source: DCOM
Category: None
Event ID: 10016
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1} to the user XXX SID {XXX}. ...

Resolution: found that the GUID points to the IIS WAMREG admin Service DCOM app (dcomcnfg), however this user already had all activation permissions on it. Now, I granted all access permissions as well which solved the problem.

Access is Denied to the User Profile DB:

Event Type: Error
Event Source: Office SharePoint Server
Event Category: Office Server General
Event ID: 7888
Date: 9/01/2007
Time: 2:12:07 PM
User: N/A
Computer: xxxxxx
A runtime exception was detected. Details follow.
Message: Access Denied! Only site admin can access Data Source object from user profile DB.

Techinal Details:
System.UnauthorizedAccessException: Access Denied! Only site admin can access Data Source object from user profile DB.
at Microsoft.Office.Server.UserProfiles.SRPSite.AdminCheck(String message)
at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(IDataRecord rec)
at Microsoft.Office.Server.UserProfiles.DataSource._LoadDataSourceDef(String strDSName)
at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site, Boolean fAllowEveryoneRead)
at Microsoft.Office.Server.UserProfiles.DataSource..ctor(SRPSite site)
at Microsoft.Office.Server.UserProfiles.UserProfileConfigManager.GetDataSource()
at Microsoft.Office.Server.UserProfiles.BDCConnector.RefreshConfiguration(String sspName)

Resolution: added the user profile import account to the local admins group on the MOSS box