Enterprise Portal Error During Creation of EP site
Symptom:
I am trying to install Enterprise Portal (EP) on a two-server SharePoint farm (1 application server and 1 Web Front End server (WFE)). But the EP install keeps failing at the creation of EP site collections.
This is what I see in the dynamicssetuplog.txt file -
Custom event details:
Error: The Web site http://EPServerHostName:80/sites/DynamicsAx was not created correctly.
Server was unable to process request. ---> Could not load file or assembly 'Microsoft.Dynamics.Framework.Data.AX, Version=6.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. Either a required impersonation level was not provided, or the provided impersonation level is invalid. (Exception from HRESULT: 0x80070542) ---> Either a required impersonation level was not provided, or the provided impersonation level is invalid. (Exception from HRESULT: 0x80070542)
Cause:
Rights issue with the service account that is running the Claims to Windows Token Service
Resolution to Enterprise Portal error during creation of EP site:
Give the service account for Claims to Windows Token Service the rights listed below.
1. First, check what account is used to run this service in SharePoint central admin by going to Security then click on Configure service accounts.
2. Click on the drop down by Credential Management (in the field Select one…)
3. Select Windows Service - Claims to Windows Token Service. Note the domain account in the field below "Select and account for this component". It will be something other than Local System. This is the service account you need to make sure has the rights permissions list below.
Note: If you are having this issue your service account listed will be a domain account, and something else, not Local System. For example: Domain\SRV_ClaimstoWin
a. Set the following local policy rights on both the Application server and the WFE server(s) for the above service account (“Domain\SRV_ClaimstoWin”) by running GPedit.msc, then navigate to Computer Configuration> Windows settings> Security settings> Local settings> User rights assignment
1. Act as part of the Operating System
2. Impersonate a client after authentication
3. Log on as a service
b. Make that service account a local administrator on both servers (Application server and WFE)
4. Run iisreset on both servers
5. Restart the “Claims to windows token” service on both machines from Windows services (Start> run>services.msc)
After all these steps we were able to get over the error and Enterprise Portal site collection was created successfully.
Under the terms of this license, you are authorized to share and redistribute the content across various mediums, subject to adherence to the specified conditions: you must provide proper attribution to Stoneridge as the original creator in a manner that does not imply their endorsement of your use, the material is to be utilized solely for non-commercial purposes, and alterations, modifications, or derivative works based on the original material are strictly prohibited.
Responsibility rests with the licensee to ensure that their use of the material does not violate any other rights.