• Locked Locked
  • Replies 7 replies
  • Subscribers 5 subscribers
  • Views 5838 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What permissions does the ControlPoint service account need to report on MySites/Personal Sites storage? Every day my ControlPoint error report is full of Access Denied errors for the farm admin account.

james b whitlock
over 6 years ago

 

4/24/2018 2:02:21 AM xxxc\xxxxxxxx (redacted)

ID #: 2222751: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Stack: at Microsoft.SharePoint.SPGlobal.HandleUnauthorizedAccessException(UnauthorizedAccessException ex)

at Microsoft.SharePoint.Library.SPRequest.GetSiteUsageSummary(String bstrUrl, Int64& plDiskUsed, Int64& plBWUsed, Int64& plVisits, Int64& plHits)

at Microsoft.SharePoint.SPSite.get_Usage()

at xcCore.Logic.Traverse.getSiteSums(SPWeb spweb)

at xcCore.Logic.Traverse.PopulateStorageColumns(DataRow workRow, IxcCPSite iSite, DataRow topLevelRow)

at xcCore.Logic.Traverse.TraverseSiteCollection(DataRow& workRow, Boolean& renewRow, IxcCPSite iSite, SPLevel level)

4/24/

  • over 6 years ago

    Hi James,

     

    The ControlPoint service account needs to be a:

     

    • Local administrator on all the WFE servers of the farm.
    • Farm administrator
    • Domain account

     

    For additional information, please refer to the documentation below:

     

    Installation and Service Account Requirements

    www.metalogix.com/.../ControlPoint-Advanced-Installation-Guide.pdf

     

     

    Regards,

    Cyrus

  • over 6 years ago

    Thanks for the reply. However, all of the conditions are met. There are no errors for any other web application analytics. All the errors in the logs are for the User Personal Sites (MySites) Web Application. There's an Access Denied error for each personal site. The account getting the error is the Farm Admin service account. It should have access to everything. I've also verified permissions in SQL. ​Nothing helps.

  • over 6 years ago

    Hi James,

     

    Can you please confirm if the ControlPoint service account has Full Control permissions on the WAP containing MySites?

     

     

    Regards,

    Cyrus

  • over 5 years ago

    I have confirmed. The service account has full control to the WAP. I have also manually add perms to the MySites content DB as db_owner. I'm not having this issue with any other WAP. Only My_Sites (personal sites). ControlPoint Discovery is pulling info for MySites and I can manage/report on MySites from the CP Console. There's no issue there. I'm just getting an error in CP log for each MySite so my daily logged error report has thousands of error lines and is around 5mb. ​It seems that the only issue is with "SharePoint.Library.SPRequest.GetSiteUsageSummary". Not inherent access to the WAP. Is there something that needs to be enabled for the MySites WAP?

  • over 5 years ago

    Hi James,

     

    Please do the following:

     

    1. Run the attached script to validate and re-add (as needed) the service account to each WAP's User Policy.
    2. Log in to the ControlPoint server using the installation account, run the License Manager as an administrator, select "Added SharePoint Web Application or Content Database" and click "Record License Info". This will grant the necessary permission to the service account on the SharePoint and ControlPoint databases.

     

    Let me know if the issue persists.

     

     

    Regards,

    Cyrus

  • over 5 years ago

    I have validated the perms in the MySites WAP User Policy. The issue still persists. I have also validated permissions for the service account directly on the SQL Content Database.

       (All zones) ControlPoint XXX\XXXXXX-spcp Full Control, Allow Analytics 

       (All zones) ControlPoint i:0#.w|XXX\XXXXXXX-spcp Full Control, Allow Analytics ​

  • over 5 years ago

    I think I found the issue. I've been focusing on the MySites WAP User Policy and database permissions​. I never thought to look at the WAP Permissions global options in Central Admin. I took a look and unlike all of our other WAP's, the box for View Analytics Data was not checked. So no matter how or where I granted the service account perms, the WAP was not allowing the User Policy perms to the Analytics data for the WAP. I checked the box and saved. I'll know in the next 48 hours if it resolved the issue.