I recently changed the user of an app pool to a newly created one, apparently closed from the existing one and I'm getting this error in the event log:
Failed to execute request because the App-Domain could not be created. Error: 0x80070005 Access is denied.
Any ideas? Is this an incorrect username/password or configuration?
Related
According to the docs, to create a list, a Sites.ReadWrite.All application permission is needed.
I have an Azure app with exactly that permission:
Yet, when trying to create a list I still get access denied.
403 : Forbidden
[...]
[Some information was truncated for brevity, enable debug logging for more details]
Exception in thread "main" com.microsoft.graph.http.GraphServiceException: Error code: accessDenied
Error message: Access denied
The full output can be found here. The complete code which reproduces the behavior can be found here. The application requires access without a user. The access token is generated through a client assertion flow.
The question is: What's wrong here? Is it the documentation which is outdated? Or am I doing something wrong?
We've set up our deployments to run using Workload Identity. Each deployment has its own technical identity, a GCP service account set up with the required IAM roles, and a Kubernetes service account to match (both linked as described in the Workload Identity documentation).
This all works just fine, with one small problem: almost every time a pod starts it gives this error:
Error: Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information. at GoogleAuth.getApplicationDefaultAsync (/home/node/node_modules/google-auth-library/build/src/auth/googleauth.js:155:19) at processTicksAndRejections (internal/process/task_queues.js:97:5) at async GoogleAuth.getClient (/home/node/node_modules/google-auth-library/build/src/auth/googleauth.js:486:17) at async GrpcClient._getCredentials (/home/node/node_modules/google-gax/build/src/grpc.js:88:24) at async GrpcClient.createStub (/home/node/node_modules/google-gax/build/src/grpc.js:213:23)
It then crash-loops and typically comes up later, after 2 or 3 retries. Very very odd...
To make matters worse, every now and then we get this error instead:
Error: 403 undefined: Getting metadata from plugin failed with error: Could not refresh access token: A Forbidden error was returned while attempting to retrieve an access token for the Compute Engine built-in service account. This may be because the Compute Engine instance does not have the correct permission scopes specified: Could not refresh access token: Unsuccessful response status code. Request failed with status code 403 at Object.callErrorFromStatus (/home/node/node_modules/#grpc/grpc-js/build/src/call.js:31:26) at Object.onReceiveStatus (/home/node/node_modules/#grpc/grpc-js/build/src/client.js:176:52) at Object.onReceiveStatus (/home/node/node_modules/#grpc/grpc-js/build/src/client-interceptors.js:342:141) at Object.onReceiveStatus (/home/node/node_modules/#grpc/grpc-js/build/src/client-interceptors.js:305:181) at /home/node/node_modules/#grpc/grpc-js/build/src/call-stream.js:124:78 at processTicksAndRejections (internal/process/task_queues.js:79:11)
And when we see this, it's basically game over until we try all kinds of black voodoo to try and get the service back up (usually it boils down to us deleting the entire auth stuff for that service and recreating things from scratch).
Anyone has any idea what could be going on here?
Our cluster is running 1.16.13-gke.1, and has Istio 1.6.7 installed (using the Istio operator).
So... the mystery has been solved.
There was an obscure but stupid but in our operator that provisions both the IAM and Kubernetes service accounts, including the necessary bindings.
There was a situation with a namespace being deleted that could end up in removing all the bindings to any other namespace :-( So this explains the error above, the moment this happened we got 403 errors (obviously, looking back on it now).
Bug has been fixed today, so all should be well now.
I have a requirement to delete some roles from an app registration.
Have tried to do this on the Azure portal both directly in the manifest editor and by downloading / editing / uploading the manifest JSON.
I get the following error:
Failed to update application xxxxxx. Error details:
CannotDeleteEnabledEntitlement.
I also tried to set "isEnabled" property to "false" and delete the roles after that with no success.
Anyone have any pointers on how to overcome this issue?
As you mentioned in your post, the deletion of any OAuth2Permission is a 2 step process:
You must first disable the permission, and push that to the directory.
Then you can delete the permission.
The error message you are showing in your post is a result of you not disabling the permission first. You will need to share details about the error you get if trying to delete the disabled permission fails as well.
I have a old application and the other developer was using connection string like this
<add key="test" value="Data Source=Serzero;Database=NijaDatabase;trusted_connection=true;Connect Timeout=360"/>
My question is that the application is ruining perfectly on the local server access remote database when i am using VS2010 but when i am hosting this my application on the IIS on my machine getting error ...Locally applicaiton working fine login logout everything but on IIS getting this error when try to log in
Login failed for user
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed for user .
Source Error:
You need to either add Integrated Security=False;User Id=userid;Password=password to your connection string.
We are getting the following Access Denied Error, whenever we edit the view of any document library or any list etc., or change any properties, it takes to the following URL with the message:
URL: /_vti_bin/owssvr.dll?CS=65001
Error Message: Access Denied Error: You do not have permission to perform this action or access this resource
Logs Message: w3wp.exe (0x12B4) 0x0F0C Windows SharePoint Services General 6t8b Verbose Looking up context site ://me.com/_vti_bin/owssvr.dll in the farm XYZ.
in web.config
set trace enabled="false"
Check if you have tampered 15/ISAPI/Web.config