I have created an external content type in SharePoint 2010 that populates a list from SQL. The list is successfully populated and I can view it through SharePoint. However, if I select the option to "Connect to Outlook" I receive an Error: Access Denied. My account is a farm admin and has full control. The only message I get in the error log is as follows:
Publish Process failed to publish solution for the List Autotask
Clients.
0x80070005Access
denied.
You seems connected as "System Account" in your browser, but are you also connected as the same user in your Windows session?
Outlook don't use the account use in IE but the one you used to logged in into Windows.
The authectication was set to kerberos, once I switched it to NTLM it worked as expected.
Related
I load data into QlikView from a SharePoint Excel-file and get the error: Bad Zip File. But if I sign into SharePoint using QlikView "Open Url..." and then enter my SharePoint credentials, and reload QlikView the script works fine.
But when I use the Management Console to reload a scheduled job, I get the error again: Bad Zip File. And it is because my user isn't signed in. How can I get SharePoint to have the user signed in when the Management Console reloads the scheduled job?
Most setups have QDS (the Distribution Service that reloads QVWs) running under a named account, so you might need to coordinate with your Sharepoint admin to see that that particular account has read access to the .zip file. If you end up finding that QDS uses an account that's local to the QDS server, you might do well to setup a centralized non-human account (on your LDAP or Active Directory, whatever your company uses) to perform the reload...and then have your Sharepoint admin grant access.
We have upgraded TFS 2012 to TFS 2013 and did not have sharepoint installed before. So i installed tfs sharepoint components on a sharepoint server and tfs server and connected them. Everything is fine except excel reports and they give me the following error:
External Data Refresh Failed
The data connection uses Windows Authentication and user credentials could not be delegated. The following connections failed to refresh: TfsOlapReport
i have made sure Claims to windows authentication service is running.
To fix the error, please follow steps below which are quoted from this blog.
On the Team Foundation Server Administration Console, click Extensions for Sharepoint Products.
Select the Sharepoint Web Application which you are using.
Click Modify Access
Enter a user with access rights to the reports inside the Enterprise Application Definition field
Browse to Central Administration in Sharepoint
Select Manage Service Applications
Select Secure Store Service (Type: Secure Store Service Application)
Under Manage Target Applications, Click on New
Enter Target Application ID = "TFS", Display Name = "TFS", Contact Email="Whatever", Target Application Type = "Group", Target Application Page URL = "None" and click Next
Do not enter anything on this page as it's asking for fields name and not the actual credentials.
Enter Target Application Administrators and Members and click ok.
it will take you back to the page that was displayed after performed step 3.
Now right click on "TFS" and select "Set Credentials" and then enter the username and password that this account will be running under.
Now login to the TFS Server and click extensions for Sharepoint products.
Select the sharepoint web application you are using.
Click Modify access.
Enter "TFS" under the Enterprise Application Definition field.
Also just to make sure "Excel Service applications are configured properly, Click on "Excel Service Application "Type: Excel Services Application Web Service Application".
Click on Trusted File Location and make sure the site collection is added to the Trusted File Location and location type is "Microsoft Sharepoint foundation". under Trust children check "children trusted". under Allow external data select "Trusted data connection libraries and embedded".
Go back to page displayed after step 14 and select "Global Settings".
File access method = "impersonation", Under Analysis Services EffectiveUserName, check "Use the EffectiveUserName property".
Check "Use an existing Unattended Service account" radio button and under Target Application ID: enter "TFS".
Also make sure under Trusted Data Providers, the providerid your excel application is using is listed.
Our environment is Sharepoint 2010, with a web application created (and site collection on top), using claims based authentication. The first site is using port 881. It is using integrated windows authentication. Another web application is created, extending the first application, using port 882. This site is using Forms Based Authentication, the membership provider is System.Web.Security.ActiveDirectoryMembershipProvider, named admembers. I have turned off Client Integration on both sites.
When I login to the 881 site, on my corporate network, logged into the machine with the same domain account that sharepoint uses, I can open an Office file saved in a document library, and it subsequently opens in the appropriate Office application, without asking me login again. But, If I login to Sharepoint from a computer that is not on our network, or login to the computer with an account that is not a domain account, I get prompted again to login when openning an Office document. If I choose the option to save, it does not prompt, but if I choose open in the dialog window, I am forced to enter my domain credentials again.
When I login to the 882 site, which uses FBA, I experience the same problem. If I open an Office document, the appropriate Office application opens, and asks me for my credentials, by showing me a dialog window with the sign in page loaded. If I choose to save the file, then I am not prompted to login, and the file saves to a local folder.
I can't expect my users that are off site to login again everytime they open an Office document, like Work, Excel, Powerpoint, etc. I have tried numerous fixes, including disabling client integration, changing the browser handling mode (strict/permissive), changing internet explorer settings (for integrated windows authentication), changing the integrated windows authentication site to use basic authentication, even hacking the page using jquery to call the sharepoint javascript function that execute the "download a copy" function. None of them work: when choosing to "open" the Office document in the browser, the user has to login again, or just close the dialog window without logging in (as long as client integration for the zone is turned off).
I'm looking to get this accomplished using windows authentication or forms based authentication.
Help!
I found this answer in a similar post which seemed to fix the problem for me when I tested it. The gist of it is you need to deny the HTTP Verbs OPTIONS and PROPFIND in IIS. Having said this, I'm not an IIS guru and am not exactly sure what this means or what else it might affect. Can anyone else shed some light on this?
A bit of background, I'm using SharePoint 2010, on an FBA site.
You have the standard three use cases:
Employee intranet access
Employee remote access
Partner remote access
Employee intranet access
This normally always works out of the box, and it looks like it is working for you.
Employee remote access
The only way that i have seen this work (and i have tried many ways) is to get TMG or ISA. Basically ISA is setup in FORMS auth with SSL, it captures the auth details, and then passes them to the sharepoint server. (and other servers if you have them eg OWA for sharepoint mail web parts)
If you select the "Is private computer" option on the ISA login screen, then Office documents share the auth cookie and don't prompt for another login. I had so many problems, but as soon as i installed TMG, they all went away. I would not recommend any other approach now.
The added bonus of this method, is that remote employees are treated as the same account as the intranet user. The way you are setup with a seperate web application, means that they will be different accounts, so things like [checkout/modifiedby/createdby/personalisation] will be different accounts (though they look the same)
Partner remote access
This may never ever work on some clients (especially Vista), as IE needs to share the authentication with Office
If this is sharepoint 2010, try this.
Get-SPSecurityTokenServiceConfig
Look at your UseSessionCookies value in the output. If True, apply the powershell below.
$sts = Get-SPSecurityTokenServiceConfig
$sts.UseSessionCookies = $false
$sts.Update()
If UseSessionCookies is true, you will have to login to any docs u want to download...
I am getting an error when trying to sync some calendars with Outlook. The error is
"Task 'SharePoint' reported error (0x80070005): 'You do not have permission to view this SharePoint List (Site Name - Calendar Name). Contact the SharePoint site administrator. HTTP 302'"
This error is intermittent (removing the calendar from Outlook and re-syncing it sometimes resolves it temporarily) and does not effect all users at the same time.
I have full control of the site as well as the calendar in question. I have tried breaking permission inheritance and setting unique permissions on the calendar with no change. I have checked AAM and all is correct (site is accessed the via the same URL internally and externally)
Our site uses both Forms Based Authentication and Windows Authentication. This issue is experience by users using AD (have not tried any FBA users).
Setup the URL for default and intranet (I know, I know) - just try it. We thought internet was right too - but kept hitting our heads against the wall. If it breaks something, try setting the value for all 3 zones - default, internet and intranet... may the luck be with you.
Go into SharePoint Central
Administration
Go to Operations Under Global
Configuration, select Alternate
access mappings
Choose your Alternate Access Mapping
Collection from the dropdown (e.g.
SharePoint - 80)
Make the Default zone your new DNS
name, including if it's SSL'ed or not
(e.g. http://portal.company.com or
https://portal.company.com)
They were having the same errors
I'm trying to bring external content into our SharePoint environment. We are running SP 2010. The data I want to bring in exists in Sql Server. What I'm struggling to do is map the logged in SharePoint user to an underlying sql user.
In SharePoint I have created a new Target Application in the Secure Store Serivce:
Target Application ID: TestApp
Target Application Type: Group
I have specified two fields:
Name :: Type
User Name :: User Name
Password :: Password
--these are not the Windows User Name and Windows Password types just the basic types
Target Application Administrators and Members are both set as myself (AD User).
In SharePoint Designer I've created a new External Content Type. I've added a connection of (Type -> Sql Server). I've set the database server name to the server name that is not on the same box as SharePoint and I've set the database name. I've selected the Connect with Impersonated Custom Identity option and set the Secure Store Application Id to TestApp. When I click OK I get prompted for credentials so I enter the Sql Server user credentials and the connection succeeds. I expand out the tables, right click the table I want accessible, and click Create All Operations. I go through the wizard and enter one limit filter.
Next I right click MyTable in the External Content Types windows, select External List, and give it a name. Next I go into Central Admin and set the credentials of TestApp.
Now when I log into SharePoint I can see my external list in the left hand TOC. I click on the list and I get the error Access Denied by Business Data Connectivity with a correlation code. I've opened up the logs to see what is being returned which has some interesting logs but I'm not sure exactly how to remedy the problem:
Log:
Access Denied for User '0#.w|domain\myuser, which may be an impersonation by 'domain\myuser'. Securable MethodInstance with Name 'Read List' has ACL that contains
Another Log:
Error while executing web part: Microsoft.SharePoint.SPException: Access denied by Business Data Connectivity. ---> Access Denied for User '0#.w|domain\myuser', which may be an impersonation by 'domain\myuser'. Securable MethodInstance with Name 'Read List' denied access.
I know if I'm using pass through creds we will need kerbors to handle the double hop but didn't think I would need kerbos with cred mapping to a sql server user.
Any help would be greatly appreciated!!!!
I was playing around with BCS and ran into what I think is a similar problem. This helped to solved the problem. See if this helps
http://www.zimmergren.net/archive/2010/05/08/access-denied-by-business-data-connectivity-solution.aspx
This happens because you have not set access on the BCS object that you created. Go into Central Administration and select your External Content Type or other object and select Set Permissions from the dropdown. Your authentication is working or you would not be able to save the object you created to the metadata store. You now need to tell the metadata store who has access to the objects you created in BCS.