Re: Error code = 4060

From: SS (
Date: 06/28/04

Date: Mon, 28 Jun 2004 15:26:06 -0800

Okay, some further diagnoses has happened, as follows, but I haven't
resolved the error completely..

By enabling all the diag logs from central admin, I was able to get a more
descriptive explanation of the problem. '4060' corresponds to an entry in
the SQL Server master.sysmessages table, and it's a 'login failed' error. My
divisional portals are running under a different app pool and identity than
the corporate portal, and the identity of this pool, while having dbo rights
to the central configuration database, did not have rights to the corporate
portal's content database.

I granted the app pool identity read rights to the corporate content db, and
now the message I get back is:
"Retrieving overall status encountered error. Error code = 229"

After looking up 229 in the sysmessages table, I found this was an 'access
denied' error message. This would lead me to believe that the role of
'reader' on the corporate content database was not sufficient.

Read access was given, per this statement from the technet excerpt of the
Sharepoint Resource Kit:
"Although child portal sites must have access to the parent configuration
and content databases for added security, that access can be limited to

Apparently this is not true. With read-only access, I'm still getting an
'access denied' error -- 229. So I'm left with the following question in my
pursuit towards remediating this issue:

What are the _minimum_ required access rights to the central configuration
and content databases (of the parent portal) for the identity of a separate
application pool dedicated to running a child portal?

Any help in obtaining such a list would be very important. I have a copy of
the resource kit book in the mail, and maybe it has some detailed answers,
but until then, I'm stuck..


"Wei-Dong XU [MSFT]" <> wrote in message
> Hi S,
> I haven't met the same issue before. From my view, I'd suggest you can
post one repro steps for me so that I can perform one research on this
> issue.
> Look forward to your reply!
> Best Regards,
> Wei-Dong Xu
> Microsoft Product Support Services
> Get Secure! -
> This posting is provided "AS IS" with no warranties, and confers no

Relevant Pages

  • Re: Terms of Use
    ... nothing about "lists" as being copyrighted. ... to even qualify as a database. ... These rights can be licensed, ... Copyright law is typically designed to protect the fixed expression ...
  • Re: db_denydatawriter
    ... perhaps this also gives read write access on the database to this user? ... Resrictive permissions overrides in its own level. ... However, if she has sysadmin right, then she'll be able to modify that data. ... Is it possible she has some admin rights which override DenyWriter (though ...
  • Re: EMERGENCY: Portal creation failed, yet no log to look at
    ... The portal indexes are not held in the SQL database, ... Removing and reinstalling the binaries on the WFE servers is nearly ... the new farm and restore the databases. ... > restore one of my portals. ...
  • Re: Complete Neophyte Question(s)
    ... No you cannot remove a login from the 'public' role. ... For rights to _use_ objects then the appropriate rights need to be granted ... GRANT SELECT ON dbo.Orders TO OrderViewers ... for a database that is supposed to be secured it is a bad idea ...
  • Re: SUUNTO Vyper PC i/f
    ... username and password. ... to enter the database password. ... I gained access to the data in Suunto v2 using it - but it will NOT allow ... have the rights to the program the DATA is MINE!! ...