Enterprise Portal Error During Creation of EP site

By Jackie Olson | August 9, 2016

Symptom:

I am trying to install Enterprise Portal (EP) on a two-server SharePoint farm (1 application server and 1 Web Front End server (WFE)). But the EP install keeps failing at the creation of EP site collections.

This is what I see in the dynamicssetuplog.txt file -

Custom event details:

Error: The Web site http://EPServerHostName:80/sites/DynamicsAx was not created correctly.

Server was unable to process request. ---> Could not load file or assembly 'Microsoft.Dynamics.Framework.Data.AX, Version=6.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. Either a required impersonation level was not provided, or the provided impersonation level is invalid. (Exception from HRESULT: 0x80070542) ---> Either a required impersonation level was not provided, or the provided impersonation level is invalid. (Exception from HRESULT: 0x80070542)

Cause:

Rights issue with the service account that is running the Claims to Windows Token Service

Resolution to Enterprise Portal error during creation of EP site:

Give the service account for Claims to Windows Token Service the rights listed below.

1.  First, check what account is used to run this service in SharePoint central admin by going to Security then click on Configure service accounts.

Jackie O_Security

2.   Click on the drop down by Credential Management (in the field Select one…)

Jackie O_Service Accounts

3.   Select Windows Service - Claims to Windows Token Service.  Note the domain account in the field below "Select and account for this component".  It will be something other than Local System. This is the service account you need to make sure has the rights permissions list below.

Jackie O_Service Accounts 2

Note:  If you are having this issue your service account listed will be a domain account, and something else, not Local System. For example: Domain\SRV_ClaimstoWin

a.      Set the following local policy rights on both the Application server and the WFE server(s) for the above service account (“Domain\SRV_ClaimstoWin”) by running GPedit.msc, then navigate to Computer Configuration> Windows settings> Security settings> Local settings> User rights assignment

1.    Act as part of the Operating System

2.   Impersonate a client after authentication

3.   Log on as a service

b.     Make that service account a local administrator on both servers (Application server and WFE)

4.     Run iisreset on both servers

5.     Restart the “Claims to windows token” service on both machines from Windows services (Start> run>services.msc)

After all these steps we were able to get over the error and Enterprise Portal site collection was created successfully.

Start the Conversation

It’s our mission to help clients win. We’d love to talk to you about the right business solutions to help you achieve your goals.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!

X