RE: Access is Denied error

Hello Siva -

The event log message from ENTSSO -

"The SSO service is running under a local administrator account. This is
not
recommended for security reasons. See documentation for details."

This is telling you that the service account that you have configured for
ENTSSO is a local administrator on your computer. It does not mean it is
*the* Administrator account, it means that this account (which, from what
you say is your account?) is a member of the local Administrators group,
and hence it this account has administrator privileges on your computer.

It is only a warning, it will not affect the behavior of ENTSSO or BizTalk.
However, it is a good idea for security reasons (potential elevation of
privilege) to run the ENTSSO service under an account which is not in your
local Administrators group.

However: if you change the ENTSSO service account you need to first backup
the master secret, then change the service account, then restore the master
secret. I would just leave it for now until you get everything working and
then attempt this later.

I am not sure why your BizTalk service is not starting. The BizTalk service
does depend on the ENTSSO service.

Best thing to do is stop both BizTalk and ENTSSO, clear your Application
event log, then start ENTSSO, then take a look in the event log to make
sure it started OK, then start BizTalk. If there are any ENTSSO errors
please let me know.


--------------------
Thread-Topic: Access is Denied error
thread-index: AcbiXeqraDLNUoxHTiS48C6ZG2asOA==
X-WBNR-Posting-Host: 209.135.64.116
From: =?Utf-8?B?U2l2YQ==?= <siva@xxxxxxxxxxxxxxxxx>
References: <37CBA663-D86A-42B0-847D-516C1EEEE861@xxxxxxxxxxxxx>
Subject: RE: Access is Denied error
Date: Wed, 27 Sep 2006 10:54:02 -0700
Lines: 58
Message-ID: <62088078-3766-436F-B473-43B374A0DABD@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.biztalk.server
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.biztalk.server:12375
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.biztalk.server

I solved this issue. If any one have same issue follow the link to solve
it.
http://support.microsoft.com/kb/841893/
They are 2 ways to solve this issue.
1. Modify Group policy for the RPC Endpoint Mapper Client Autedication to
Enabled
2. Modify Registry.
I used the first one and it works fine now.

I have another issue now. I am getting the following warning message in
Event Viewer
The SSO service is running under a local administrator account. This is
not
recommended for security reasons. See documentation for details.
SSO service account:

and also BizTalk is not starting itself after I reboot the service.

SSO is logon under my user account, not in local addmin. BizTalk set to
automatic start. Why do I still get these problem?

Can any one help me to fix these issues?
--
Thank you,

Siva



"Siva" wrote:

Hi,
I am getting the following error message when I try to view the
property of
sent ports that I already created. Also the Receive ports showing the
defualt
settings when I try to view the receive ports that I already created.

Error message : Could not retrieve transport type data for Primary
Transport
of Send port "port name" from config store. Access is denied.

When I restar the ENTSSO, I am getting the following warning message:
1. The SSO service is running under a local administrator account. This
is
not recommended for security reasons. See documentation for details.
SSO service account: <my user account >

2.
Failed to retrieve master secrets. Verify that the master secret server
name
is correct and that it is available.
Secret Server Name: <My machine name>
Error Code: 0x80070005, Access is denied.

I loged under the domin user name, not local mechine.
I am getting this issue after I install the Win XP Service Pack 2. I am
not
sure this may cause this problem.

Could any one help me to fix this please.
--
Thank you,

Siva



This posting is provided "AS IS" with no warranties, and confers no rights.

EBusiness Server Team

.

Relevant Pages

  • RE: Why should we disable local administrator accounts?
    ... I understand that you have concerns on disabling local Administrator ... Account on client workstations in SBS domain. ... At least if your local admin passwords are ...
    (microsoft.public.windows.server.sbs)
  • Re: local administrator account password policy
    ... computers that hold critical data are physically secured, ... less risk of local administrator passwords being compromised as it is easy ... computers] will make password cracking much more difficult after the policy ... account access smart cards. ...
    (microsoft.public.windows.server.security)
  • Re: Cant Modify Local Security Setting - Windows XP SP 2
    ... If you logon to your computer as a local administrator you will not be ... account will no longer allow your to logon to your computer once removed ... > problem because the system will not refresh the domain policies. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Access is Denied error
    ... The SSO service is running under a local administrator account. ... Also the Receive ports showing the defualt ...
    (microsoft.public.biztalk.server)
  • Re: How hard would it be to script this process
    ... scripting that little bit might be somewhat simpler for you ... > Log in as Local Administrator Account and do the following: ... > b) Rename the built-in Administrator account, ... > a) Create a domain account user profile. ...
    (microsoft.public.windows.server.scripting)
Loading