In meiner letzten SharePoint Installation wurde ich mit einem Active Directory mit Windows NT 4.0 Wurzeln begrüßt. Die Domäne wurde von “kunde.de” auf “neu.kunde.de” upgegraded. Der NETBIOS Name der Domain ist somit “kunde.de” und der Full Qualified Domain Name (FQDN) ist “neu.kunde.de”. In der Vergangenheit hatte ich keine gute Erfahrung mit FQDN’s im Bezug auf den SQL Server gemacht. Mein Versuch den Server über den vollen Namen anzusprechend, ist gescheitert (Pre SP1 Erfahrung).
Im aktuellen Fall haben wir versucht, den FQDN für die Angabe der Domain Accounts in der Form “neu.kunde.de\accountname” zu verwenden. Bis zur Provisionierung des Shared Service Provider hat das auch super funktioniert. Das Erstellen des SSP endete mit folgender Seite: 
In der Liste der SSP’s gab es mehr Details: 
Im Eventlog:
A runtime exception was detected. Details follow.
Message: Windows NT user or group 'ms.local\svcMossProd' not found. Check the name again.
A runtime exception was detected. Details follow. Message: Windows NT user or group 'ms.local\svcMossProd' not found. Check the name again. Techinal Details: System.Data.SqlClient.SqlException: Windows NT user or group 'ms.local\svcMossProd' not found. Check the name again. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at Microsoft.Office.Server.Data.SqlSession.ExecuteNonQuery(SqlCommand command) at Microsoft.Office.Server.Data.SqlServerManager.GrantLogin(String user) at Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeConfigurationDatabaseAccess(SharedComponentSecurity security) at Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeAccessControl(SharedComponentSecurity sharedApplicationSecurity) at Microsoft.Office.Server.Administration.SharedResourceProvider.Microsoft.Office.Server.Administration.ISharedComponent.Install() at Microsoft.Office.Server.Administration.SharedResourceProvider.Provision()
Die SharePoint Logs:
06/24/2009 17:32:42.34 OWSTIMER.EXE (0x0788) 0x0DC4 Office Server Office Server General 6pqn High Granting user 'ms.local\svcMossProd' login access to server 'moss-prod-db'. 06/24/2009 17:32:43.04 OWSTIMER.EXE (0x0788) 0x0DC4 484 880i High System.Data.SqlClient.SqlException: Windows NT user or group 'ms.local\svcMossProd' not found. Check the name again. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(C... 06/24/2009 17:32:43.04* OWSTIMER.EXE (0x0788) 0x0DC4 484 880i High ...ommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at Microsoft.Office.Server.Data.SqlSession.ExecuteNonQuery(SqlCommand command) 06/24/2009 17:32:43.04 OWSTIMER.EXE (0x0788) 0x0DC4 484 880j High SqlError: 'Windows NT user or group 'ms.local\svcMossProd' not found. Check the name again.' Source: '.Net SqlClient Data Provider' Number: 15401 State: 1 Class: 11 Procedure: 'sp_grantlogin' LineNumber: 49 Server: 'W2K8-PROD-SQL' 06/24/2009 17:32:43.04 OWSTIMER.EXE (0x0788) 0x0DC4 484 880k High at Microsoft.Office.Server.Data.SqlServerManager.GrantLogin(String user) at Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeConfigurationDatabaseAccess(SharedComponentSecurity security) at Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeAccessControl(SharedComponentSecurity sharedApplicationSecurity) at Microsoft.Office.Server.Administration.SharedResourceProvider.Microsoft.Office.Server.Administration.ISharedComponent.Install() at Microsoft.Office.Server.Administration.SharedResourceProvider.Provision() at Microsoft.Office.Server.Administration.SharedResourceProviderJob.Execute(Guid targetInstanceId) at Microsoft.SharePoint.Administration.SPTimerJobInvoke.Invoke(TimerJobExecuteData& data, Int32& result) 06/24/2009 17:32:43.05 OWSTIMER.EXE (0x0788) 0x0DC4 484 880l High ConnectionString: 'Data Source=moss-prod-db;Initial Catalog=master;Integrated Security=True;Enlist=False;Pooling=False' ConnectionState: Open ConnectionTimeout: 15 06/24/2009 17:32:43.06 OWSTIMER.EXE (0x0788) 0x0DC4 484 880m High SqlCommand: 'sp_grantlogin' CommandType: StoredProcedure CommandTimeout: 0 Parameter: '@loginame' Type: NVarChar Size: 128 Direction: Input Value: 'ms.local\svcMossProd' 06/24/2009 17:32:43.12 OWSTIMER.EXE (0x0788) 0x0DC4 Office Server Office Server General 900n Critical A runtime exception was detected. Details follow. Message: Windows NT user or group 'ms.local\svcMossProd' not found. Check the name again. Techinal Details: System.Data.SqlClient.SqlException: Windows NT user or group 'ms.local\svcMossProd' not found. Check the name again. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.Sq... 06/24/2009 17:32:43.12* OWSTIMER.EXE (0x0788) 0x0DC4 Office Server Office Server General 900n Critical ...lCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean re 06/24/2009 17:32:43.13 OWSTIMER.EXE (0x0788) 0x0DC4 Office Server Office Server Shared Services 7fxr Exception (Watson Reporting Cancelled) System.Data.SqlClient.SqlException: Windows NT user or group 'ms.local\svcMossProd' not found. Check the name again. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.Sql... 06/24/2009 17:32:43.13* OWSTIMER.EXE (0x0788) 0x0DC4 Office Server Office Server Shared Services 7fxr Exception ...Command.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at Microsoft.Office.Server.Data.SqlSession.ExecuteNonQuery(SqlCommand command) at Microsoft.Office.Server.Data.SqlServerManager.GrantLogin(String user) at Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeConfigurationDatabaseAccess(SharedComponentSecurity security) at Microsoft.Office.Se... 06/24/2009 17:32:43.13* OWSTIMER.EXE (0x0788) 0x0DC4 Office Server Office Server Shared Services 7fxr Exception ...rver.Administration.SharedResourceProvider.SynchronizeAccessControl(SharedComponentSecurity sharedApplicationSecurity) at Microsoft.Office.Server.Administration.SharedResourceProvider.Microsoft.Office.Server.Administration.ISharedComponent.Install() at Microsoft.Office.Server.Administration.SharedResourceProvider.Provision()
Aus irgendeinem Grund konnte der Account nicht korrekt auf den SQL Server zugreifen. Eine Analyse der IIS Application Pool Accouts hat gezeigt, dass dort einige Accounts in der Form “neu.kunde.de\accountname” (FQDN) und andere in der Form “neu.kunde\accountname” (NETBIOS) gespeichert wurden:
In der Datenbank werden die User wie folgt gelistet (NETBIOS):
Lösung:
Das Problem ist also der FQDN. Das Provisioning des SSP wird jede Minute erneut versucht und hinterläßt die entsprechenden Spuren im Eventlog und im SharePoint Log. Jetzt ist die Hilfe von STSADM gefragt, damit die Accounts wieder gerade gezogen werden können. Einfach alle Accounts nach Anleitung des folgenden KB auf die Form “kunde.de\accountanme” (NETBIOS) ändern:
KB 934838: How to change service accounts and service account passwords in SharePoint Server 2007 and in Windows SharePoint Services 3.0
Nach den Änderungen wurde der SSP provisioniert und ich konnte weiter machen :-)
Erst heute mit der Lösung “in der Hand” bin ich mit den richtigen Schlagwörtern über Bing.com zu folgendem Blog Post gekommen:
Thaddparker: Error in using FQDN Domain Names and MOSS 2007
Ein kurzer Check hat gezeigt, dass die Verwendung in Form von “accountname@neu.kunde.de” ebenfalls beim Provisionieren des SSP nicht funktioniert:
Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchAdminSharedWebServiceInstance (15226029-e4cd-4ad6-aefc-965019284510). Reason: The specified account name is invalid. Parameter name: account Techinal Support Details: System.ArgumentException: The specified account name is invalid. Parameter name: account ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at Microsoft.Office.Server.Utilities.WindowsSecurity.ValidateAccount(NTAccount account, Boolean throwIfInvalid) --- End of inner exception stack trace --- at Microsoft.Office.Server.Utilities.WindowsSecurity.ValidateAccount(NTAccount account, Boolean throwIfInvalid) at Microsoft.Office.Server.Administration.SharedAccessRule.Validate() at Microsoft.Office.Server.Administration.SharedComponentSecurity.SetAccessRule(SharedAccessRule accessRule) at Microsoft.Office.Server.Administration.SharedResourceProvider.GetApplicationSecurity() at Microsoft.Office.Server.Administration.SharedWebServiceInstance.ProvisionSharedResourceProviderWebConfigSettings(SharedResourceProvider srp) at Microsoft.Office.Server.Administration.SharedWebServiceInstance.Synchronize() at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)
Leason learned? Es steckt halt immer noch zu viel Tahoe in SharePoint und NETBIOS rulez :-(
Ciao Marco
