I recently reset the group policy on an NS7 with "secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose" I did not realize the issues it would cause. It has effectively jacked up all the permissions for the install. So far I have run these steps:
- Ran the command from the AKB to reset the Altiris Service account on everything
- Added NETWORK SERVICE permissions to the c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files folder
- Added the SQL service account back as a local admin on the box
Everything is almost back I think. The last issue is NETWORK SERVICE permissions to the database. I checked the security context and this doesn't appear to be handled there, it has to be NTFS permissions. I have pasted the error below. Can anyone tell me where my permissions are missing?
I know I can probably repair or unisntall and re-install the NS, but since this is a TEST server and since I know it is a simple NTFS thing, I would prefer to know what the issue is. Hopefully someone has dealt with this before.
Here is the error I get at most pages:
Server Error in '/Altiris/NS' Application.
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
Source Error:
The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:
1. Add a "Debug=true" directive at the top of the file that generated the error. Example:
<%@ Page Language="C#" Debug="true" %>
or:
2) Add the following section to the configuration file of your application:
<configuration>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>
Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.
Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario. |
Stack Trace:
[SqlException (0x80131904): Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.]
System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) +435
System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) +82
System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +105
System.Data.SqlClient.SqlConnection.Open() +111
Altiris.NS.Utilities.DbUtils.OpenConnection(SqlConnection dbConn) +50
[AeXException: Failed to open database connection. Current user is NT AUTHORITY\NETWORK SERVICE. Error: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.]
Altiris.NS.Utilities.DbUtils.OpenConnection(SqlConnection dbConn) +190
Altiris.NS.Utilities.DbUtils.CreateConnection(String configKey) +489
Altiris.NS.ContextManagement.AdminDatabaseContext.OpenDbConnection() +11
Altiris.Database.DatabaseContext`1.Initialize(Boolean beginTransaction, IsolationLevel isolationLevel) +29
[DatabaseNotReadyException: Failed to construct DatabaseContext object. Connection to database failed.]
Altiris.NS.ContextManagement.AdminDatabaseContext.ThrowDatabaseNotReadyException(String exceptionDetails, Exception innerException) +37
Altiris.Database.DatabaseContext`1.Initialize(Boolean beginTransaction, IsolationLevel isolationLevel) +77
Altiris.Database.DatabaseContext`1.GetContext(Boolean createNewTransaction, IsolationLevel isolationLevel, Boolean independentContext) +621
Altiris.Database.DatabaseContext`1.GetContext(Boolean createNewTransaction, IsolationLevel isolationLevel) +61
Altiris.Database.DatabaseContext`1.GetContext(Boolean createNewTransaction) +55
Altiris.Database.DatabaseContext`1.GetContext() +42
Altiris.NS.Security.SecurityTrusteeManager.GetAssignedTrustees(String[] sids) +270
Altiris.NS.Security.SecurityTrusteeManager.GetCurrentUserMemberships(Boolean includeUser) +983
[AeXException: Unable to retrieve the list of memberships of the current user. This most likely caused by the security context not having been set.]
Altiris.NS.Security.SecurityTrusteeManager.GetCurrentUserMemberships(Boolean includeUser) +1353
Altiris.NS.Security.SecurityMonitor.GetEffectivePrivileges() +99
[AeXException: Unable to determine the effective privileges for the current user.]
Altiris.NS.Security.SecurityMonitor.GetEffectivePrivileges() +676
Altiris.NS.Security.PrivilegePermission.GetEffectivePrivileges() +4
Altiris.NS.UI.access_denied.CreateChildControls() +128
System.Web.UI.Control.EnsureChildControls() +87
Altiris.NS.UI.access_denied.Page_Load(Object sender, EventArgs e) +109
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +15
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +33
System.Web.UI.Control.OnLoad(EventArgs e) +99
ASP.access_denied_aspx.OnLoad(EventArgs e) +10
System.Web.UI.Control.LoadRecursive() +47
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1436
|
Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433
Thank you