Re: Restored Server but SharePoint refusing admin access

Thanks for posting the resolution, Quilnux - that was a lot of typing and I'm sure will help others in future :-).

--
Les Connor [SBS MVP]


"Quilnux" <Quilnux@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:BF6BABE4-EE3A-4830-A54D-ED16108C61A4@xxxxxxxxxxxxxxxx
I went ahead and forwarded my post to the SharePoint forums. They were able
to help get it working. I figured since I posted here I would go ahead and
provide the solution here so anyone else may use it if needed.

First of all, They did confirm what you and I stated earlier about the SID
and Binary IDs being different. The primary goal was to either change the
SID/BID or remove the user from the database and add it again. (To be clear,
removing the user from the database is not the same thing as removing them
from the SharePoint site. evidentally removing them from the site just
disables their access. The still exist in the database). Since we cannot get
access to the Windows Internal Database (SQL Embedded: MSSQL$MICROSOFT#SSEE)
we have to force access to it. First, open the Named Pipe from the server
(locally or from a RDP/TS), In SQL Configuration Manager go to SQL Server
2005 Network Configuration and go to the properties page of the "Protocols
for MICROSOFT#SSEE". Insure Named Pipes is enabled. Also remember (or copy to
the clipboard) the Pipe name. Use SQL Management Studio and use the pipe name
for the SQL Server address to access the database. If you are unable to
connect (Access Denied error) like I had you will have to add yourself to the
policy list for the web application. Here comes the tricky part. If you
previously were in the web applications user list (regardless of what role
you had) you cannot access the database from that account. The system will
complain that you already exist. You will need to use an administrator
account which has not been previously used or create a new administrator
account. (This part sucks for Active directory users if you have strict
security policies). Nonetheless once you have a non-sharepoint administrator
account open the SharePoint Central Administration site. Go to Application
Management. Click "Policy for Web Application" Make sure the web application
you are wanting access to is listed at top right (Change is if not). then
click add users. Fill in the form with the administrator account that you
either created or has never had access to SharePoint. Once you are done you
will need to open the database server again with the pipe name but under the
newly added administrator account (for me, since I added a new admin account
to the server I just right-clicked SQL Management Studio and chose "Run As"
but if you use an existing admin you will need to get them to do this or get
their password). Once SQL Management Studio is running under the newly added
admin context you should have no problems accessing the named pipe. Once
there locate the Content Database name for the Web Application you need
access to and open the table "UserInfo" Once done you will see all the users
for this web application. locate your account and remove it from the table
completely. disconnect. Open a new command window (CMD) under the newly added
admin account (Just like SQL Mangement studio). use stsadm to add a new user
for yourself. use your existing server account (stsadm.exe -o adduser -url
<url of web application to add new account to> -userlogin <DOMAIN\User>
-useremail <email@xxxxxxxxxxxxxxx> -role <Role Name such as Full Control;
Must match an existing role for this web application; use stsadm.exe -o
enumroles -url <WebAppURL> to get a list> -username <Display Name as it would
appear in SharePoint; "FirstName LastName"> -siteadmin

Use Site Admin is you are taking over the site. If there is an existing site
admin who will stay the site admin do not use -siteadmin in your command.

Once you run this you should have full access to the web application. If you
are not to have full access (Full control role) you can use a different role
type.

"Bill Peng" wrote:

Well, this won't work for sharepoint 3.0...

FYI.
http://technet2.microsoft.com/windowsserver/WSS/en/library/64171b8c-5608-4e69-881a-67996080b7ff1033.mspx?mfr=true

In addition, posting to sharepoint newsgroup can be a good idea.

Sincerely,
Bill

"Quilnux" <Quilnux@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6D85453C-8F9C-48F1-9E1F-34EB6486B50E@xxxxxxxxxxxxxxxx
> I have not had a chance to try this yet. I will get the oppertunity
> tomorrow.
> Just to be clear, we are using SharePoint 3.0 not 2.0. Will that still > be
> the
> same for your suggestion? I didn't know the user templates would touch
> 3.0.
> I'll let you know of the results tomorrow.
>
> "Bill Peng" wrote:
>
>> I think your assumption is correct. Please open server management, and
>> change user permission. then use appropriate user template to rebuild
>> user
>> permissions. this can restore default sharepoint permissions for every
>> user.
>>
>> Sincerely,
>> Bill
>>
>> "Quilnux" <Quilnux@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:5EF53C5C-68CB-48BE-915F-D30E8E9A7812@xxxxxxxxxxxxxxxx
>> > Hello, (We are using SharePoint Services 3.0)
>> >
>> > We recently had to reinstall our server. We also had to manually
>> > re-enter
>> > all user accounts including administrator accounts. We have >> > everything
>> > working now except SharePoint. We are able to run a successful >> > restore
>> > (we
>> > used the stsadm.exe command-line). We can tell it is correctly >> > restored
>> > by
>> > the database file sizes however it will not let anyone in. We get an
>> > "Access
>> > Denied" error. We can access the Central Administration Site without
>> > any
>> > problems. Its only the SharePoint site. I've done restores before >> > but
>> > never
>> > seen a site not let an admin in after one. Also, I tried accessing >> > the
>> > database server using SQL Server Management Studio but it won't let >> > us
>> > in
>> > that either. I would assume the issue has something to do with the
>> > SID's
>> > being different for the new admin accounts. Is there anyway to get >> > into
>> > the
>> > site or a way that we can add one of the new admin accounts to the >> > site
>> > to
>> > let us in?
>> > Thank you for your help.
>>
>>

.

Relevant Pages

  • Re: ADP/SQL Server 2000 Security Problem
    ... The server is running Windows 2003. ... I'll also test using a SQL Server account and see what happens. ... it worked in MSDE 2000. ... I have not created any new accounts for the production database. ...
    (microsoft.public.access.adp.sqlserver)
  • Re: Help with WSS 3.0 Server Farm Config - Backend SQL 2005
    ... I had to use only "sharepoint" to get the ... What interest me though is that the database get created but fails after ... Virtual Server with DBSVR ... an account local to the WEBSVR) to create and access the SQL server, ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Restored Server but SharePoint refusing admin access
    ... > SID/BID or remove the user from the database and add it again. ... >, In SQL Configuration Manager go to SQL> Server ... > you had) you cannot access the database from that account. ... > newly added administrator account (for me, since I added a new admin ...
    (microsoft.public.windows.server.sbs)
  • Re: Keep getting this error when trying to use Web Parts in VS2005 Beta 2. Why?
    ... > setup another database. ... >> operation or the server is not responding. ... This is necessary because the web server account will ... >> This is necessary because the web server account will attempt to ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Single Sign On Database Connection Issues
    ... SSOSrv, I'm having difficulty on the "Manage Server Settings for Single ... to define the necessary database. ... So after assigning the appropriate security to the user account, ...
    (microsoft.public.sharepoint.portalserver)