Problem with Creating Content Sites (Active Directory) - RTF(ine)M!!

From: Gordon McCague (gmccague_at_telus.net)
Date: 06/14/04 

Date: Mon, 14 Jun 2004 15:15:02 GMT

Hi There:

I am deploying Windows Sharepoint Services (STS2) to an Active Directory
Configuration with Remote SQL and found that I was experiencing some issues.
After some research I found the following docuemnt:

http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stsc05.mspx
(Separate Active Directory Directory Service Organization Unit Deployment)

Some Gotchas:

Make sure that each account you use (i.e. sharepoint_admin and
sharepoint_ops) has permissions to the SQL Database of Security
Administrators, Process Administrators, and Database Creators.

Make sure that each account you use (i.e. sharepoint_admin and
sharepoint_ops) has delegated authority to the OU used for the Sharepoint
accounts (Create, delete, and manage user accounts check box and the Read
all user information).

I understand that it is a best practice to create an account for management
for each virtual server you create so you need to make sure that you perform
the above two steps for each of the accounts you create.

When you "Create the configuration database and specify Active Directory
account creation mode" make sure that you specify the "-hh" switch if using
SQL2000 sp3 for you database server on a remote system.

If you receive the following error message when you create a site:

You cannot create the root Web "" unless an explicit inclusion or a proper
wildcard inclusion is defined.

It probably means that you have a problem with one of the above steps.

DNS Configuration is also important. Make sure that your virtual web server
is properly functional as a regular web site from other computers before you
start creating the content sites.

Good Luck!

Relevant Pages

  • Re: Minimizing the number of "setuid root" daemons
    ... >allow me to specify exactly what a particular privileged program can and ... reads system timezone configuration ... local account database ... generic -- maintaining an overall database of allowed actions would be ...
    (comp.os.linux.security)
  • Re: Error code = 4060
    ... which details the local groups the app pool identity must be a member of: ... configuration database, not the content database. ... > Accounts and Passwords" introduce the account of Application pool should ...
    (microsoft.public.sharepoint.portalserver.development)
  • Re: How to disable all this security?
    ... Again, as I said in previous post, you need to know which account is ... actually ruuning the ASP.NET app under different configuration. ... on SQL server and create user to database. ...
    (microsoft.public.vsnet.general)
  • RE: how to login a Windows domaine/user programaticaly in a Web Service ?
    ... You need to authenticate the users against the Active Directory. ... This causes ASP.NET to impersonate the account that is configured as the ... As a result of this configuration, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Best practice for updating account names / login names
    ... We are changing the naming-standard for account names in Active Directory. ... When I check the database for SPS I see user tables with account names ... Columns: tp_Login and nvarchar1 and ...
    (microsoft.public.sharepoint.portalserver.development)