Export (0) Print
Expand All
ABS
AND
ASC
COS
DAY
DDB
EXP
FV
IF
INT
LEN
LN
LOG
MAX
Me
MID
MIN
MOD
NOT
IS
NPV
ODD
OR
PI
PMT
PV
SIN
SLN
SUM
SYD
T
TAN
VAR
Expand Minimize

Troubleshooting Other Issues

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Cannot Connect to the Configuration Database Message

I get a "cannot connect to the configuration database" message when I try to set the configuration database for Microsoft .

If you are using SQL Server authentication, and the password associated with the SQL Server system account used to connect to the Microsoft SQL Server databases has expired or changed, you will see a "cannot connect to the configuration database" message until you reset the password in SQL Server. For more information about changing passwords in SQL Server, see Help in SQL Server Enterprise Manager.

You may also see this message if the application pool for the administration virtual server does not have the appropriate rights to the databases in SQL Server. The administration virtual server's application pool account must be a member of the Security Administrators and Database Creators roles for SQL Server, and that account should also be the database owner of the configuration database. The application pool accounts for additional virtual servers must also be database owners for the configuration database, in order to create and manage the content databases for that virtual server.

Verify also that the account for the administration virtual server's application pool is in the both IIS_WPG and STS_WPG local groups. If the account for the application pool is not in these local groups, add the account to these local groups.

Note: You may also see a "service unavailable" message if the password for an Internet Information Services (IIS) application pool identity has changed or expired. For more information about changing passwords for application pool identities, see Service Unavailable Message in this topic.

Database Already Exists Message

When I try to manage a content database on the Manage Content Databases page in SharePoint Central Administration, I get one of the following error messages:

  • Database database_name already exists. (Error code: 1801)

  • The current user or the application pool identity of the virtual server is not the owner of the database database_name on server servername\sharepoint .

This issue may occur when the database owner of the database that you are connecting to is different from the application pool identity that is running under. To resolve this issue, you must change the database ownership and the permissions for the content database to match the identities of the virtual server accounts for content and configuration. The steps for changing the database ownership differ depending on whether you are running SQL Server or Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE).

This issue is also covered by article 828815 in the Microsoft Knowledge Base.

Changing the Database Ownership and Permissions for SQL Server

If you are running Microsoft SQL Server, you can change the ownership and permissions by using SQL Query Analyzer.

Change the database ownership and permissions in SQL Query Analyzer

  1. On the new server, click Start , point to All Programs , point to Microsoft SQL Server , and then click Query Analyzer .

  2. In the Connect to SQL Server dialog box, in the SQL Server box, type the server name, and then click OK .

  3. On the Query menu, click Change Database .

  4. In the Select Database of server_name box, click the configuration database (sts_config), and then click OK .

  5. In the Query pane, type the following query.

    Note: In lines 3 and 4, replace domain\contentaccount and domain\adminaccount with the domain account for the content virtual server and the domain account for the SharePoint Central Administration virtual server. If the accounts are the same, SQL Query Analyzer will display an error, but the process will still succeed.

    DECLARE @AdminVSAccount nvarchar(255)DECLARE @ContentVSAccount nvarchar(255)SET @ContentVSAccount = N'domain\contentaccount';SET @AdminVSAccount = N'domain\adminaccount';EXEC sp_grantlogin @ContentVSAccount;EXEC sp_grantlogin @AdminVSAccount;EXEC sp_changedbowner @AdminVSAccount;IF NOT EXISTS (SELECT * FROM sysusers WHERE name=@ContentVSAccount)EXEC sp_grantdbaccess @ContentVSAccount;EXEC sp_addrolemember 'db_owner', @ContentVSAccount;
    
  6. Click the Execute Query button to update the database.

Changing the Database Ownership and Permissions for WMSDE

If you are running WMSDE, you must perform the following steps: Add the Network Service account to the SYSADMIN role for WMSDE, then use the Manage Content Database page to add the database back to the virtual server, and then remove Network Service from the SYSADMIN role.

Set Network Service as SYSADMIN for WMSDE

  1. Click Start , point to All Programs , point to Accessories , and then click Command Prompt .

  2. At the command prompt, type the following command (where servername is the name of your server) and then press ENTER.

    osql -S 
    
    servername
    \sharepoint -E
    
  3. Type the following command and then press ENTER.

    sp_addsrvrolemember 'nt authority\network service', 'sysadmin'
    
  4. Type go , and then press ENTER.

After the Network Service account has been added to the SYSADMIN role, you can add the content database to the virtual server.

Add the content database

  1. Click Start , point to All Programs , point to Administrative Tools , and then click SharePoint Central Administration .

  2. On the SharePoint Central Administration page, under Virtual Server Configuration , click Configure virtual server settings .

  3. On the Virtual Server List page, click the virtual server you want to add the content database to.

  4. On the Virtual Server Settings page, under Virtual Server Management , click Manage content databases .

  5. On the Manage Content Databases page, under Content Databases , click Add a content database .

  6. In the Database Information section, click Specify database server settings .

  7. In the Database server box, type the name of the database server.

  8. In the Database name box, type the name of the database.

  9. In the Database Capacity Settings section, type a number in the Number of sites before a warning event is generated box.

  10. Type a number in the Maximum number of sites that can be created in this database box.

  11. Click OK .

After the content database has been restored, you can reset the SYSADMIN role to not include the Network Service account.

Restore the SYSADMIN role

  1. At the OSQL command prompt, type the following command and then press ENTER.

    sp_dropsrvrolemember 'nt authority\network service', 'sysadmin'
    
  2. Type go , and then press ENTER.

General Site Use Issues

  • Site users report that they can't get to a list, document library, discussion board, or survey, yet I can see it listed on the Document Libraries, Discussion Boards, or Lists page.

    The default view may have been deleted. Do one of the following:

    • Set an existing view as the default view.

    • Create a new view to use as the default view.

    Note: To specify a default view or create a new view you must be a member of the Web Designer site group or a site group that has the Manage Lists right.

  • I can no longer modify a view by using my Web browser.If a view is modified extensively by using a -compatible Web page editor, such as Microsoft , it can no longer be modified in the Web browser.

    Note: To modify a view you must be a member of the Web Designer site group or a site group that has the Manage Lists right.

  • I can't get custom Active Server Pages to work correctly on my site.

    By default, the ISAPI filter for blocks the use of any ASP pages that are not part of the installation. If you want to use custom ASP pages with your SharePoint sites, you must put the ASP pages in a separate virtual directory and create an excluded path for the directory in . This allows Internet Information Services (IIS), rather than , to control the directory and allows the ASP pages to run. Also, IIS does not allow ASP pages to be displayed by default. You may also need to allow Active Server Pages in IIS before your custom Active Server Pages work correctly. For more information, see the IIS Help system. Active Server Pages issues are also covered by article 828810 in the Microsoft Knowledge Base.

    Note: To perform these steps, you must be a member of the local Administrators group on the server running .

Full-Text Search Issues

  • Full-text searching does not include any file types other than .doc, .xls, .ppt, .txt, and .htm in the search results.

    If you are using the full-text searching for Microsoft SQL Server 2000, the following filters are installed by default: .doc, .xls, .ppt, .txt, and .htm. You can install custom filters to allow you to search other file types. For more information about enabling full-text searching, see Managing and Customizing Search . For more information about adding filters to SQL Server full-text searching, see the SQL Server 2000 documentation.

  • I can't enable search for a server.

    Is your server running -compatible search server software, such as Microsoft SQL Server 2000 or later? By default, installs the Microsoft SQL Server 2000 Desktop Engine (Windows) (WMSDE) database. However, to enable the search functionality, the server's back-end database must be running Microsoft SQL Server 2000 or another -compatible search server.

    Is your server part of a server farm? If each server in the server farm is not running -compatible search server software, such as Microsoft SQL Server 2000 or later, the search controls may not appear. To resolve this problem, make sure that all servers in the server farm are running -compatible search server software.

  • Enabling full-text searching has failed.

    If you are enabling full-text searching with Microsoft SQL Server in a server farm environment, the process can time out or fail if one of the servers is offline or has a hard disk drive failure. If enabling full-text searching is taking more than a minute or two, you can restart the SQL Server services and run a stored procedure to enable searching.

Restart the SQL Server processes

  1. On your computer running SQL Server, open a command prompt and run the following commands:

    net stop mssearch

    net stop mssqlserver

    net start mssqlserver

    net start mssearch

  2. Open SQL Server Query Analyzer and connect to the database for .

  3. Run the following stored procedures:

    exec proc_DisableFullTextSearch

    exec proc_EnableFullTextSearch

Restoring a List, List Item, or Document

  • A user deleted an item, document, or list, and now needs to recover it.If you have a recent backup of either the content database or the site, you can restore the backup to a new, temporary server or site, and then copy the deleted item, document, or list to the original site. After you have recovered the list, item, or document, you can delete the restored version of the database or site. For more information, see Backing Up and Restoring Databases and Backing Up and Restoring Web Sites .

    Note: To copy an entire list or document library, save the list or document library (including the content) as a list template, and then import the list template and create a list or document library based on that template. When you include the content in the template, your new instance of the list includes all of the items or documents from the old list. List templates do not include per-list permission settings or created by or modified by data from the original list. For information about creating a list template, see Working with Templates .

Service Unavailable Message

  • I get a "service unavailable" message when I try to view my site or the administration pages for my site or server.If the password for the application pool for a virtual server has expired or changed, you will see a "service unavailable" message until you reset Internet Information Services (IIS) and SQL Server to accept the new password.

    Note: You may also see a "cannot connect to configuration database" error message if you are using SQL Server authentication and the password associated with the system account for SQL Server has expired or changed. If you see this message, you must reset the password in SQL Server. For more information about changing passwords in SQL Server, see Help in SQL Server Enterprise Manager.

Reset an application pool password in IIS

  1. Click Start , point to All Programs , point to Administrative Tools , and then click Internet Information Services (IIS) Manager .

  2. Click the plus sign next to your server name.

  3. Click the plus sign next to Application Pools .

  4. Right-click the application pool that needs to be updated, and then click Properties .

  5. In the "Application Pool ID" Properties dialog box, click the Identity tab.

  6. Under Application pool identity , in the Password box, type the new password, and then click OK .

  7. In the Confirm Password dialog box, type the password again, and then click OK .

After you change the password in IIS, you must restart IIS to connect with the new password. To restart IIS, type iisreset on the command line.

Security Issues

  • I want to prevent users from seeing links to areas in this site, such as Site Administration.

    Rather than hiding links and controls from users, checks users' rights when they click links or try to perform actions on the site. If a user is not a member of a site group or cross-site group with the proper rights, he or she cannot enter site administration or change the settings for a site, list, or library. There are no administrative controls to hide links from unauthorized users.

  • I've deleted users from my site, but I'm still being notified that my quota is full and I can't add any more users.

    To have any effect on your user quota, users must be removed at the site collection level. You can do this by using SharePoint Central Administration or the Manage Site Collection Users page in Site Administration. Removing users from individual sites will not allow you to add more users. To remove site collection users by using the Site Administration pages, do the following:

    1. On the top link bar, click Site Settings .

    2. In the Administration section, click Go to Site Administration .

    3. In the Site Collection Administration section, click View site collection user information .

    4. Select the check box next to the users that you want to delete, and then click Remove Selected Users .

    Note: You must be a site collection administrator to remove users from a site collection.

  • I removed a user from a site but he or she is still receiving alerts from it.

    When you remove a user from a Web site, site group, or cross-site group after he or she has created alerts, you must manually delete any alerts that he or she has set up. This is also true for any lists or libraries where you change security settings to limit access. If a user has set up alerts for the list or library, he or she will continue to receive them after you change the security settings. For information on deleting alerts for users, see Managing Alerts .

Usage Analysis Issues

  • I see a "no data" message or a message that usage reports are not available when I try to view the Site Usage Report page

    Usage analysis must be turned on, and users must have visited a page in your site before any data can appear on the Site Usage Report page. If you are seeing the error "No usage data is available for this web" on this page, verify that usage analysis has been turned on for the server.

    If the site is new (created today), or has not been used before today, no data will appear until the usage log processing has been done (usually within 24 hours).

    If there has been no activity on the site for the past 31 days, the Site Usage Report page will say that usage reports are not available.

    For more information about enabling usage analysis, see Configuring Usage Analysis .

  • I extended a new virtual server, and the usage analysis processing is not working for the new virtual server.

    If usage analysis processing was configured before you extended the virtual server, it must be enabled manually for the new virtual server. To enable usage analysis for the new virtual server, you can use either of the following methods:

    1. Use the command-line tool Stsadm.exe with the setproperty operation to set the schedule for usage analysis on the new virtual server. To set the schedule, run the following operation:

      stsadm.exe -o setproperty -pn job-usage-analysis-pv "daily between HH:MM:SS and HH:MM:SS" -url <URL to virtual server>
      
    2. Use the Configure Usage Analysis page to reconfigure usage analysis for all virtual servers.

    Note: Usage analysis information is not available until the usage analysis processing has been run at least once.

  • The number of users that I'm seeing is higher than I expected.

    If you have removed users from a subsite, but not from the site collection, the users will still appear in the usage data. If you are trying to remove users so that you are under your quota, you must remove users at the site collection level, not at the subsite level.

    Also, server administrators are included as users in the usage analysis results, even though they are not members of a site. If they perform actions within a site or run a monitoring utility on a site collection, those activities are included in the usage analysis results. However, server administrators are not counted towards user quotas.

For more information about enabling usage analysis, see Configuring Usage Analysis .

SSL Termination Is Not Supported

My alert message URLs are wrong and I get an "Access denied" message when I try to upload a document to a document library.

Secure Sockets Layer (SSL) termination is a configuration where an HTTPS request from the client is first processed by either a proxy server or a firewall, and then the request is forwarded to a Web server by using HTTP. SSL termination is not supported for . If SSL termination is configured, alert messages may contain the wrong URL (HTTP rather than HTTPS), and your users may not be able to upload documents to document libraries (they receive an Access Denied message after attempting to authenticate).

This issue is also covered by article 831106 in the Microsoft Knowledge Base.

Web Part Errors on the Home Page

I get one of the following errors when I view the home page of my site:

  • Web Part Error: Cannot deserialize (convert an XML stream back into an object) the Web Part on the server.

  • Web Part Error: One of the properties of the Web Part has an incorrect format. Windows SharePoint Services cannot deserialize the Web Part. Check the format of the properties and try again.

These errors can be caused when permissions that configured on the Windows Temp directory were unintentionally reset (perhaps during an upgrade to the operating system). To resolve this issue, make sure that the following permissions are configured correctly.

Windows directory

Required permissions

%WinDir%\Temp

Administrators - Full control

SYSTEM - Full control

STS_WPG - Read, Write

Network Service (for a domain controller only) - Read, Write

%WinDir%\System32\Logfiles

STS Administrators - Full Control

SYSTEM - Full control

STS_WPG - Read, Write

Network Service (for a domain controller only) - Read, Write

Note: If your usage analysis log files are stored in a different location, you must also be sure that the permissions for those log files match the permissions for the Logfiles directory above.

For more information about the permissions needed for to perform as expected, see Files and Permissions . This issue is also covered by article 826786 in the Microsoft Knowledge Base.

Assigned IP Addresses Are Not Supported

When I try to modify my site or add or export Web parts I get one of the following error messages:

  • Cannot retrieve properties at this time.

  • The server could not complete your request. Contact your Internet service provider or Web server administrator to make sure that the server has the FrontPage Server Extensions or SharePoint Services installed.

This problem may occur when one or both of the following conditions are true:

  • You have configured the virtual server in IIS to have an assigned IP address, and then extended the virtual server with .

  • You have configured the virtual server in IIS to use host headers, and then extended the virtual server with , and then you installed a Web Part assembly to the Bin folder instead of to the global assembly cache.

In each of these configurations, cannot obtain sufficient information from the virtual server to load the Web Part or Web Parts on the site. To address these issues, use one of the following methods, as appropriate to your situation:

  1. Assigned IP addresses are not supported. If you have assigned an IP address in IIS, you must change the IP address to use All Unassigned before you can use . For more information about changing the IP address in IIS, see the IIS Help system.

  2. If you host a virtual server that has a host header name and you installed a Web Part assemblies to the Bin folder, you must move the assembly to the global assembly cache. For more information, see the .

  3. Consider using scalable hosting mode for . For more information, see Server Farm with Multiple Host Names Deployment .

This issue is also covered by article 830342 in the Microsoft Knowledge Base.

Configuring Kerberos Authentication

When a virtual server is extended with , the virtual server is configured to use Integrated Windows authentication. By configuring Integrated Windows authentication on the virtual server, the virtual server can run as a domain account, and you do not have to configure a service principal name (SPN) in Active Directory directory services. If your environment requires Kerberos authentication, you must first enable Kerberos in IIS, and then configure a service principal name (SPN) in Active Directory directory services for the domain account that the virtual server is running as. You do not have to configure the service principal name if the application pool identity for the virtual server is configured to use a built-in security principal (such as Network Service or Local System).

Enabling Kerberos in IIS

There are two methods you can use to enable Kerberos in IIS. You can choose between these two methods, depending on your needs:

  • Manually edit the IIS metabase.

    If you are enabling Kerberos for only one virtual server, you can directly edit the IIS metabase.

  • Use IIS administration scripts to edit the IIS metabase.

    If you need to enable Kerberos authentication for several virtual server, consider using a script that you can run for each virtual server.

Method 1: Manually edit the IIS metabase to enable Kerberos authentication

  1. On the server running IIS, open Notepad, and then open the Metabase.xml file that is located in the following folder on the hard disk, where %systemroot% is the path and folder name where Microsoft Windows is installed:

    
    
    %systemroot%
    
    
    \System32\Inetsrv
    
  2. In the <IIsWebServer> section, locate the following line:

    NTAuthenticationProviders="NTLM"
    
  3. Modify the line so that it reads exactly as follows:

    NTAuthenticationProviders="Netgotiate,NTLM"
    
  4. Save the file, and then quit Notepad.

  5. Open a command prompt, and then restart IIS by typing iisreset .

Method 2: Use an IIS administration script to edit the IIS metabase and enable Kerberos authentication

  1. On the server running IIS, open a command prompt.

  2. Change to the Inetpub\Adminscripts folder, and then type the following line, where Drive is the hard disk drive where Windows is installed, and then press ENTER :

    cd 
    
    Drive
    :\inetpub\adminscripts
    
  3. Type the following line, where xx is the virtual server ID number, and then press ENTER .

    cscript adsutil.vsb get w3svc/
    
    xx
    /NTAuthenticationProviders
    

    Note: The virtual server ID of the default Web site in IIS is 1.

    The following string is returned:

    ntauthenticationproviders: (STRING) "NTLM"
    
  4. To enable Kerberos on the virtual server, type the following line, where xx is the virtual server ID number, and then press ENTER .

    cscript adsutil.vsb get w3svc/
    
    xx
    /NTAuthenticationProviders "Negotiate,NTLM"
    
  5. Type iisreset and then press ENTER to restart IIS.

Configuring Server and Account Delegation and Configuring a Service Principal Name for the Domain Account

After you have enabled Kerberos in IIS, you must configure a service principal name for the domain account that the virtual server is running under.

Note: You do not need to perform these steps if the virtual server application pool identity is using one of the built-in security principals (such as Network Service or Local System). The built-in accounts are automatically configured to work with Kerberos authentication.

If you use a remote computer running SQL Server 2000 for your configuration and content databases, and you want to use the built-in Network Service account as a domain account, you must add the domain\computername$ entry to SQL Server and grant it Database Creators and Security Administrators permissions. This allows to connect to the remote computer running SQL Server and create and manage the configuration and content databases. For more information about granting permissions in SQL Server, see Remote SQL Server Deployment .

If the server running IIS is a member of the domain, but is not a domain controller, the server must be trusted for delegation before Kerberos authentication can work correctly.

Configure the server running IIS to be trusted for delegation

  1. On the domain controller, start Active Directory Users and Computers.

  2. In the left pane, click Computers .

  3. In the right pane, right-click the name of the server running IIS, and then click Properties .

  4. Click the General tab, and then select the Trust computer for delegation check box.

  5. Click OK .

If the application pool identity is configured to use a domain user account, the user account must be trusted for delegation. before you can use Kerberos authentication.

Configure the domain account to be trusted for delegation

  1. In Active Directory Users and Computers, in the left pane, click Users .

  2. In the right pane, right-click the name of the user account, and then click Properties .

  3. Click the Account tab, and then under Account Options , select the Account is trusted for delegation check box.

  4. Click OK .

If the application pool identity is a domain user account, you must configure a service profile name (SPN) for that account.

Configure a service profile name for the domain account

  1. Download and install the Setspn.exe command line utility from the Microsoft Web site .

  2. Open a command prompt, and then run the following command:

    Setspn -A HTTP/
    
    ServerNameDomain
    \
    
    username
    
    
    

    Where ServerName is the fully-qualified domain name of the server, domain is the name of the domain, and username is the name of the user account.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft