Login failed for user 'NT AUTHORITY\NETWORK SERVICE'

Brandon's picture
Brandon
August 13th, 2009

I recently reset the group policy on an NS7 with "secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose" I did not realize the issues it would cause. It has effectively jacked up all the permissions for the install. So far I have run these steps:

- Ran the command from the AKB to reset the Altiris Service account on everything
- Added NETWORK SERVICE permissions to the c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files folder
- Added the SQL service account back as a local admin on the box

Everything is almost back I think. The last issue is NETWORK SERVICE permissions to the database. I checked the security context and this doesn't appear to be handled there, it has to be NTFS permissions. I have pasted the error below. Can anyone tell me where my permissions are missing?

I know I can probably repair or unisntall and re-install the NS, but since this is a TEST server and since I know it is a simple NTFS thing, I would prefer to know what the issue is. Hopefully someone has dealt with this before.

Here is the error I get at most pages:

Server Error in '/Altiris/NS' Application.

Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.

Source Error:

The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:

1. Add a "Debug=true" directive at the top of the file that generated the error. Example:

  <%@ Page Language="C#" Debug="true" %>

or:

2) Add the following section to the configuration file of your application:

<configuration>
   <system.web>
       <compilation debug="true"/>
   </system.web>
</configuration>

Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.

Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.

Stack Trace: 

[SqlException (0x80131904): Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.]
   System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) +435
   System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) +82
   System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +105
   System.Data.SqlClient.SqlConnection.Open() +111
   Altiris.NS.Utilities.DbUtils.OpenConnection(SqlConnection dbConn) +50

[AeXException: Failed to open database connection. Current user is NT AUTHORITY\NETWORK SERVICE. Error: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.]
   Altiris.NS.Utilities.DbUtils.OpenConnection(SqlConnection dbConn) +190
   Altiris.NS.Utilities.DbUtils.CreateConnection(String configKey) +489
   Altiris.NS.ContextManagement.AdminDatabaseContext.OpenDbConnection() +11
   Altiris.Database.DatabaseContext`1.Initialize(Boolean beginTransaction, IsolationLevel isolationLevel) +29

[DatabaseNotReadyException: Failed to construct DatabaseContext object. Connection to database failed.]
   Altiris.NS.ContextManagement.AdminDatabaseContext.ThrowDatabaseNotReadyException(String exceptionDetails, Exception innerException) +37
   Altiris.Database.DatabaseContext`1.Initialize(Boolean beginTransaction, IsolationLevel isolationLevel) +77
   Altiris.Database.DatabaseContext`1.GetContext(Boolean createNewTransaction, IsolationLevel isolationLevel, Boolean independentContext) +621
   Altiris.Database.DatabaseContext`1.GetContext(Boolean createNewTransaction, IsolationLevel isolationLevel) +61
   Altiris.Database.DatabaseContext`1.GetContext(Boolean createNewTransaction) +55
   Altiris.Database.DatabaseContext`1.GetContext() +42
   Altiris.NS.Security.SecurityTrusteeManager.GetAssignedTrustees(String[] sids) +270
   Altiris.NS.Security.SecurityTrusteeManager.GetCurrentUserMemberships(Boolean includeUser) +983

[AeXException: Unable to retrieve the list of memberships of the current user. This most likely caused by the security context not having been set.]
   Altiris.NS.Security.SecurityTrusteeManager.GetCurrentUserMemberships(Boolean includeUser) +1353
   Altiris.NS.Security.SecurityMonitor.GetEffectivePrivileges() +99

[AeXException: Unable to determine the effective privileges for the current user.]
   Altiris.NS.Security.SecurityMonitor.GetEffectivePrivileges() +676
   Altiris.NS.Security.PrivilegePermission.GetEffectivePrivileges() +4
   Altiris.NS.UI.access_denied.CreateChildControls() +128
   System.Web.UI.Control.EnsureChildControls() +87
   Altiris.NS.UI.access_denied.Page_Load(Object sender, EventArgs e) +109
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +15
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +33
   System.Web.UI.Control.OnLoad(EventArgs e) +99
   ASP.access_denied_aspx.OnLoad(EventArgs e) +10
   System.Web.UI.Control.LoadRecursive() +47
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1436

Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

Thank you

Filed under: ,
0 votes
EMercado's picture
EMercado
14 weeks 3 days ago

Sounds like anonymous access

Sounds like anonymous access has been enabled in IIS for that web page. You'll want to turn that off in IIS Manager. It's under Directory Security for Default Web Page ->Altitirs->NS (right click on "NS" and choose Properties, hit edit on Authentication and Access control).

0 votes
Brandon's picture
Brandon
14 weeks 2 days ago

Tried with no change

For Default Website it was enabled. For Altiris>NS it was not. I tried turning it off for Default website but there was no change. I verified on another server its Default was on and set the same way. Thanks for the idea though.

0 votes
Renztech's picture
Renztech
5 days 10 hours ago

Here's a couple of direct MS links that i used to address this

http://support.microsoft.com/kb/259733

http://msdn.microsoft.com/en-us/library/ms143504(lightweight).aspx

0 votes
Brandon's picture
Brandon
5 days 5 hours ago

Thank you very much for the

Thank you very much for the links. I ended up rebuilding the server so I can't try them.

0 votes