locked
New MDS install. Getting Access Denied browsing to GettingStarted.aspx RRS feed

  • Question

  • I just finished going through the MDS setup process.  Verified web server and db server settings.  The first time I tried to browse to the new site,  I get the simple message "Access Denied".

    I verified that the service account and windows group I am a member of, have access to the site.

    In SQL Server Profiler, I can see just three lines which indicate success:

    RPC:Completed exec sp_reset_connection .Net SqlClient Data Provider

    Audit Login -- network protocol: TCP/IP

    RPC:Completed

    declare @p2 nvarchar(max) 

    set @p2=N'3600'
    exec [mdm].[udpSystemSettingGet] @SettingName=N'DatabaseTimeOut',@SettingValue=@p2 output
    select @p2

    So, why am I getting Access Denied?  What have I missed?


    Tuesday, May 24, 2016 3:16 PM

Answers

  • I fixed it.  In the web config, I changed MDS4 to MDS1 and it works.

    Now I'm bummed out that the Excel Add in doesn't work with SQL Server 2008 R2. (sigh...)

    • Marked as answer by G Britton Tuesday, May 31, 2016 8:11 PM
    Tuesday, May 31, 2016 8:11 PM

All replies

  • 1. What's the account you used to launch the configuration tool and create database. Is it your account or service account.

    You can double check the mds database mdm].[tblUser] table. The user of id 1 is the usually the user has super user permission.

    2. Can you login as the Super User account and verify WebUI works.
    If it does not work, check if the website has Windows Authentication enabled in the IIS manager.

    3. If the super user works.
    Check if the Group you added has any functional permission. For testing purpose, give super user functional permission to the group

    4. If the group setting is fine. Run iisreset to restart the services.

    Tuesday, May 24, 2016 8:40 PM
  • 1. What's the account you used to launch the configuration tool and create database. Is it your account or service account.

    You can double check the mds database mdm].[tblUser] table. The user of id 1 is the usually the user has super user permission.

    2. Can you login as the Super User account and verify WebUI works.
    If it does not work, check if the website has Windows Authentication enabled in the IIS manager.

    3. If the super user works.
    Check if the Group you added has any functional permission. For testing purpose, give super user functional permission to the group

    4. If the group setting is fine. Run iisreset to restart the services.

    1. The account used to launch the config tool is my account (I have admin rights on the box)

    2. I tried both with my id and logging in as the service account. both result in the Access Denied message.  

    Also, how can I see if the website has Windows Authentication enabled in the IIS manager.?

    3. I didn't add any groups.  I just ran the MDS config.

    I really don't know IIS at all (and didn't really want to learn it in depth).  I was hoping that the MDS config would wire everything up behind the scenes.

    What should I look at next?

    Wednesday, May 25, 2016 1:14 PM
  • Usually, the MDS config tool should configure the windows authentication. I only see it failed to do so on client SKU of windows. like home edition  of windows 7,8,10.

    If you are not running home edition windows then:

    To check IIS setting.

    1. Run Inetmgr in the start menu/run on windows 7, 10. (Or search Inetmgr in windows 8)

    2. Go to the website/application of MDS

    3. Check the Windows Authentication is enabled.



    Wednesday, May 25, 2016 9:15 PM
  • OK, did that but when I tried to restart IIS I got:

    >iisreset

    Attempting stop...
    Internet services successfully stopped
    Attempting start...
    Restart attempt failed.
    The IIS Admin Service or the World Wide Web Publishing Service, or a service dep
    endent on them failed to start.  The service, or dependent services, may had an
    error during its startup or may be disabled.

    Thursday, May 26, 2016 1:47 PM
  • In spite of the error I posted above, the service is indeed up and running.  I am able to connect to my new MDS web app from the web server.  However, when I try to connect from a client machine I get this error:

    The requested service, 'http://wvd00010.d2-tdbfg.com/MDS1/service/service.svc/bhb' could not be activated. See the server's diagnostic trace logs for more information.

    ------------------------------
    Program Location:


    Server stack trace: 
       at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
       at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
       at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
       at System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]: 
       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       at Microsoft.MasterDataServices.ExcelAddInCore.MDSService.IService.EndServiceVersionGet(IAsyncResult result)
       at Microsoft.MasterDataServices.ExcelAddInCore.MDSServiceClient.EndServiceVersionGet(IAsyncResult ar)
       at Microsoft.MasterDataServices.ExcelAddInCore.Types.Operations.ServiceVersionGetOperation.EndOperation(IAsyncResult ar)
       at Microsoft.MasterDataServices.ExcelAddInCore.Operations.OperationExecuter.<>c__DisplayClassc.<ExecuteOperationAsync>b__b()
       at System.Threading.Tasks.Task`1.InnerInvoke()
       at System.Threading.Tasks.Task.Execute()

    The server's event log has an entry like this at the same time:

    WebHost failed to process a request.
     Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/17653682
     Exception: System.ServiceModel.ServiceActivationException: The service '/MDS1/service/service.svc' cannot be activated due to an exception during compilation.  The exception message is: Service 'MDS2' has zero application (non-infrastructure) endpoints. This might be because no configuration file was found for your application, or because no service element matching the service name could be found in the configuration file, or because no endpoints were defined in the service element.. ---> System.InvalidOperationException: Service 'MDS2' has zero application (non-infrastructure) endpoints. This might be because no configuration file was found for your application, or because no service element matching the service name could be found in the configuration file, or because no endpoints were defined in the service element.
       at System.ServiceModel.Description.DispatcherBuilder.EnsureThereAreNonMexEndpoints(ServiceDescription description)
       at System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost)
       at System.ServiceModel.ServiceHostBase.InitializeRuntime()
       at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)
       at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
       --- End of inner exception stack trace ---
       at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
       at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath)
     Process Name: w3wp
     Process ID: 140

    The web.config file for MDS has this:

    <masterDataServices>
      <instance virtualPath="" siteName="MDS" connectionName="MDS2"
       serviceName="MDS1" />
      <instance virtualPath="MDS1" siteName="Default Web Site" connectionName="MDS2"
       serviceName="MDS2" />
     </masterDataServices>
    	<connectionStrings>
      <add name="defaultMdsConnection" connectionString="Data Source=(local);Initial Catalog=MDM_Sample;Integrated Security=True;Connect Timeout=3600" />
      <add name="MDS2" connectionString="Data Source=WVD00011;Initial Catalog=MDS;Integrated Security=True;Connect Timeout=3600" />
     </connectionStrings>

    So I got further, but it is still unusable.  What should I try next?


    • Edited by G Britton Thursday, May 26, 2016 2:25 PM bolded text
    Thursday, May 26, 2016 2:24 PM
  • Are you modified the web.config manually? Looks like the MDS2 services are not configured correctly.

    I suggest to recreate MDS application.

    1. Go the master data service configuration tool and remove all the website and applications.

    2. Verify in the iis manager, there is no MDS/MDS1/MDS2 website or application.

    3. In master data service, create a MDS application under DefaultWebSite and select the MDS database.

    Thursday, May 26, 2016 10:26 PM
  • "Are you modified the web.config manually? Looks like the MDS2 services are not configured correctly."

    Nope, just using the MDS config tool

    "1. Go the master data service configuration tool and remove all the website and applications."

    I can't see anyway to remove the website and applications in the MDS config tool.

    So, I deleted the website, applications and pools using IIS manager.  After recreating the MDS website, the config file now looks like this:

    <masterDataServices>
      <instance virtualPath="MDS" siteName="Default Web Site" connectionName="MDS1"
       serviceName="MDS4" />
     </masterDataServices>
    	<connectionStrings>
      <add name="MDS1" connectionString="Data Source=WVD00011;Initial Catalog=MDS;Integrated Security=True;Connect Timeout=3600" />
     </connectionStrings>

    ...though why the service name is MDS4 I cannot imagine.  Anyway, the net result is the same.  When accessing MDS from the Excel Add-in I get:

    The requested service, 
    'http://wvd00010.d2-tdbfg.com/MDS/service/service.svc/bhb' 
    could not be activated. See the server's diagnostic trace logs for more information.

    ...and on the IIS server:

    System.ServiceModel.ServiceHostingEnvironment+HostingManager/33711845 
    
       System.ServiceModel.ServiceActivationException: The 
    service '/MDS/service/service.svc' cannot be activated due to 
    an exception during compilation. The exception message is: 
    Service 'MDS4' has zero application (non-infrastructure) 
    endpoints. This might be because no configuration file was 
    found for your application, or because no service element 
    matching the service name could be found in the configuration 
    file, or because no endpoints were defined in the service 
    element.. ---> System.InvalidOperationException: Service 
    'MDS4' has zero application (non-infrastructure) endpoints. 
    This might be because no configuration file was found for 
    your application, or because no service element matching the 
    service name could be found in the configuration file, or 
    because no endpoints were defined in the service element. at 
    System.ServiceModel.Description.DispatcherBuilder.EnsureThere
    AreNonMexEndpoints 
    
    How can I fix this endpoint thing?

    Friday, May 27, 2016 1:39 PM
  • I fixed it.  In the web config, I changed MDS4 to MDS1 and it works.

    Now I'm bummed out that the Excel Add in doesn't work with SQL Server 2008 R2. (sigh...)

    • Marked as answer by G Britton Tuesday, May 31, 2016 8:11 PM
    Tuesday, May 31, 2016 8:11 PM