This week I restored a local virtual development environment, which I hadn't used for a couple of months. I wanted to reactivate this virtual image because it has a complete installed MOSS environment tailored for a development task. However, when I tried to access any of the local SharePoint sites within the image, be it Central Admin or a provisioned site; for each I received an Access Denied. The error: The file exists. (Exception from HRESULT: 0x80070050). Really annoying, because I needed to quickly be up-to-speed.
Luckily, I was not the first to run into this particular problem. Especially this blog shed light on the problem cause, and on how to solve it. In the process of reactivating the image, I was required to re-associate the local account within Active Directory. As result, AD issued a new Security ID (SID) for that account. And SharePoint internally checks on this SID, not on username, to determine whether an account is to be granted access. The SID is for that purpose administrated per SharePoint site in its content database.
The solution is thus to replace in the SharePoint content databases the invalid old SID with the new issued SID. In essence, this involves the following repair steps:
- Use the dsquery command to determine the AD context information of your account
- Use this to query for the AD Object, and derive the Security ID from it (property objectSid)
- Convert the binary SID into HEX
- Open a SQL Server Query tool, and replace in every SharePoint content database the invalid SID by the determined correct SID
 

No comments:
Post a Comment