In meiner letzten SharePoint Installation wurde ich mit einem Active Directory mit Windows NT 4.0 Wurzeln begrüßt. Die Domäne wurde von “kunde.de” auf “neu.kunde.de” upgegraded. Der NETBIOS Name der Domain ist somit “kunde.de” und der Full Qualified Domain Name (FQDN) ist “neu.kunde.de”. In der Vergangenheit hatte ich keine gute Erfahrung mit FQDN’s im Bezug auf den SQL Server gemacht. Mein Versuch den Server über den vollen Namen anzusprechend, ist gescheitert (Pre SP1 Erfahrung).

Im aktuellen Fall haben wir versucht, den FQDN für die Angabe der Domain Accounts in der Form “neu.kunde.deaccountname” zu verwenden. Bis zur Provisionierung des Shared Service Provider hat das auch super funktioniert. Das Erstellen des SSP endete mit folgender Seite:
image_2

In der Liste der SSP’s gab es mehr Details:
image_8

Im Eventlog:
A runtime exception was detected. Details follow.
Message: Windows NT user or group ‘ms.localsvcMossProd’ not found. Check the name again.

A runtime exception was detected. Details follow.
Message: Windows NT user or group 'ms.localsvcMossProd' not found. Check the name again.
Techinal Details:
System.Data.SqlClient.SqlException: Windows NT user or group 'ms.localsvcMossProd' not found. Check the name again.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at Microsoft.Office.Server.Data.SqlSession.ExecuteNonQuery(SqlCommand command)
at Microsoft.Office.Server.Data.SqlServerManager.GrantLogin(String user)
at Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeConfigurationDatabaseAccess(SharedComponentSecurity security)
at Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeAccessControl(SharedComponentSecurity sharedApplicationSecurity)
at Microsoft.Office.Server.Administration.SharedResourceProvider.Microsoft.Office.Server.Administration.ISharedComponent.Install()
at Microsoft.Office.Server.Administration.SharedResourceProvider.Provision()

Die SharePoint Logs:

06/24/2009 17:32:42.34     OWSTIMER.EXE (0x0788)                       0x0DC4    Office Server                     Office Server General             6pqn    High        Granting user 'ms.localsvcMossProd' login access to server 'moss-prod-db'.
06/24/2009 17:32:43.04     OWSTIMER.EXE (0x0788)                       0x0DC4                                      484                               880i    High        System.Data.SqlClient.SqlException: Windows NT user or group 'ms.localsvcMossProd' not found. Check the name again.     at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)     at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)     at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)     at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)     at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)     at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(C...
06/24/2009 17:32:43.04*    OWSTIMER.EXE (0x0788)                       0x0DC4                                      484                               880i    High        ...ommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)     at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)     at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)     at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()     at Microsoft.Office.Server.Data.SqlSession.ExecuteNonQuery(SqlCommand command)
06/24/2009 17:32:43.04     OWSTIMER.EXE (0x0788)                       0x0DC4                                      484                               880j    High        SqlError: 'Windows NT user or group 'ms.localsvcMossProd' not found. Check the name again.'    Source: '.Net SqlClient Data Provider' Number: 15401 State: 1 Class: 11 Procedure: 'sp_grantlogin' LineNumber: 49 Server: 'W2K8-PROD-SQL'
06/24/2009 17:32:43.04     OWSTIMER.EXE (0x0788)                       0x0DC4                                      484                               880k    High           at Microsoft.Office.Server.Data.SqlServerManager.GrantLogin(String user)     at Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeConfigurationDatabaseAccess(SharedComponentSecurity security)     at Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeAccessControl(SharedComponentSecurity sharedApplicationSecurity)     at Microsoft.Office.Server.Administration.SharedResourceProvider.Microsoft.Office.Server.Administration.ISharedComponent.Install()     at Microsoft.Office.Server.Administration.SharedResourceProvider.Provision()     at Microsoft.Office.Server.Administration.SharedResourceProviderJob.Execute(Guid targetInstanceId)     at Microsoft.SharePoint.Administration.SPTimerJobInvoke.Invoke(TimerJobExecuteData& data, Int32& result)
06/24/2009 17:32:43.05     OWSTIMER.EXE (0x0788)                       0x0DC4                                      484                               880l    High        ConnectionString: 'Data Source=moss-prod-db;Initial Catalog=master;Integrated Security=True;Enlist=False;Pooling=False'    ConnectionState: Open ConnectionTimeout: 15
06/24/2009 17:32:43.06     OWSTIMER.EXE (0x0788)                       0x0DC4                                      484                               880m    High        SqlCommand: 'sp_grantlogin'     CommandType: StoredProcedure CommandTimeout: 0     Parameter: '@loginame' Type: NVarChar Size: 128 Direction: Input Value: 'ms.localsvcMossProd'
06/24/2009 17:32:43.12     OWSTIMER.EXE (0x0788)                       0x0DC4    Office Server                     Office Server General             900n    Critical    A runtime exception was detected. Details follow.  Message: Windows NT user or group 'ms.localsvcMossProd' not found. Check the name again.  Techinal Details: System.Data.SqlClient.SqlException: Windows NT user or group 'ms.localsvcMossProd' not found. Check the name again.     at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)     at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)     at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)     at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)     at System.Data.SqlClient.Sq...
06/24/2009 17:32:43.12*    OWSTIMER.EXE (0x0788)                       0x0DC4    Office Server                     Office Server General             900n    Critical    ...lCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)     at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean re
06/24/2009 17:32:43.13     OWSTIMER.EXE (0x0788)                       0x0DC4    Office Server                     Office Server Shared Services     7fxr    Exception    (Watson Reporting Cancelled) System.Data.SqlClient.SqlException: Windows NT user or group 'ms.localsvcMossProd' not found. Check the name again.     at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)     at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)     at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)     at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)     at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)     at System.Data.SqlClient.Sql...
06/24/2009 17:32:43.13*    OWSTIMER.EXE (0x0788)                       0x0DC4    Office Server                     Office Server Shared Services     7fxr    Exception    ...Command.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)     at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)     at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)     at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()     at Microsoft.Office.Server.Data.SqlSession.ExecuteNonQuery(SqlCommand command)     at Microsoft.Office.Server.Data.SqlServerManager.GrantLogin(String user)     at Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeConfigurationDatabaseAccess(SharedComponentSecurity security)     at Microsoft.Office.Se...
06/24/2009 17:32:43.13*    OWSTIMER.EXE (0x0788)                       0x0DC4    Office Server                     Office Server Shared Services     7fxr    Exception    ...rver.Administration.SharedResourceProvider.SynchronizeAccessControl(SharedComponentSecurity sharedApplicationSecurity)     at Microsoft.Office.Server.Administration.SharedResourceProvider.Microsoft.Office.Server.Administration.ISharedComponent.Install()     at Microsoft.Office.Server.Administration.SharedResourceProvider.Provision()     

Aus irgendeinem Grund konnte der Account nicht korrekt auf den SQL Server zugreifen. Eine Analyse der IIS Application Pool Accouts hat gezeigt, dass dort einige Accounts in der Form “neu.kunde.deaccountname” (FQDN) und andere in der Form “neu.kundeaccountname” (NETBIOS) gespeichert wurden:

image_10

In der Datenbank werden die User wie folgt gelistet (NETBIOS):

image_6

Lösung:

Das Problem ist also der FQDN. Das Provisioning des SSP wird jede Minute erneut versucht und hinterläßt die entsprechenden Spuren im Eventlog und im SharePoint Log. Jetzt ist die Hilfe von STSADM gefragt, damit die Accounts wieder gerade gezogen werden können. Einfach alle Accounts nach Anleitung des folgenden KB auf die Form “kunde.deaccountanme” (NETBIOS) ändern:

KB 934838: How to change service accounts and service account passwords in SharePoint Server 2007 and in Windows SharePoint Services 3.0

Nach den Änderungen wurde der SSP provisioniert und ich konnte weiter machen :-)

Erst heute mit der Lösung “in der Hand” bin ich mit den richtigen Schlagwörtern über Bing.com zu folgendem Blog Post gekommen:

Thaddparker: Error in using FQDN Domain Names and MOSS 2007

Ein kurzer Check hat gezeigt, dass die Verwendung in Form von “accountname@neu.kunde.de” ebenfalls beim Provisionieren des SSP nicht funktioniert:

Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchAdminSharedWebServiceInstance (15226029-e4cd-4ad6-aefc-965019284510).
Reason: The specified account name is invalid.
Parameter name: account
Techinal Support Details:
System.ArgumentException: The specified account name is invalid.
Parameter name: account ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
at System.Security.Principal.NTAccount.Translate(Type targetType)
at Microsoft.Office.Server.Utilities.WindowsSecurity.ValidateAccount(NTAccount account, Boolean throwIfInvalid)
--- End of inner exception stack trace ---
at Microsoft.Office.Server.Utilities.WindowsSecurity.ValidateAccount(NTAccount account, Boolean throwIfInvalid)
at Microsoft.Office.Server.Administration.SharedAccessRule.Validate()
at Microsoft.Office.Server.Administration.SharedComponentSecurity.SetAccessRule(SharedAccessRule accessRule)
at Microsoft.Office.Server.Administration.SharedResourceProvider.GetApplicationSecurity()
at Microsoft.Office.Server.Administration.SharedWebServiceInstance.ProvisionSharedResourceProviderWebConfigSettings(SharedResourceProvider srp)
at Microsoft.Office.Server.Administration.SharedWebServiceInstance.Synchronize()
at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)

Leason learned? Es steckt halt immer noch zu viel Tahoe in SharePoint und NETBIOS rulez :-(

Ciao Marco