Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

MOSS Beta 2 - "Failed to secure the SharePoint resources"

113 views
Skip to first unread message

LaRoux

unread,
May 26, 2006, 2:32:01 PM5/26/06
to
Fresh install Win2003 R2 Ent. + Application Server Role in Virtual Server
2005 R2. Prerequisites installed without incident.

First Attempt: Logged in as Domain "Administrator", Installation of MOSS
completed successfully as Single Server. Configuration failed on Task
configdb. Here's the applicable log entries:

05/25/2006 14:54:29 8 INF Now joining to farm at server
MOSS\OfficeServers database
SharePoint_Config_786aa3af-9cf2-4668-a0a9-807e8537af4a
05/25/2006 14:54:46 8 ERR Task configdb has failed with an
unknown exception
05/25/2006 14:54:46 8 ERR Exception:
System.InvalidOperationException: This access control list is not in
canonical form and therefore cannot be modified.
at
System.Security.AccessControl.CommonAcl.SetQualifiedAce(SecurityIdentifier
sid, AceQualifier qualifier, Int32 accessMask, AceFlags flags, ObjectAceFlags
objectFlags, Guid objectType, Guid inheritedObjectType)
at
System.Security.AccessControl.DiscretionaryAcl.SetAccess(AccessControlType
accessType, SecurityIdentifier sid, Int32 accessMask, InheritanceFlags
inheritanceFlags, PropagationFlags propagationFlags)
at
System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
at
System.Security.AccessControl.CommonObjectSecurity.SetAccessRule(AccessRule
rule)
at
System.Security.AccessControl.RegistrySecurity.SetAccessRule(RegistryAccessRule rule)
at Microsoft.SharePoint.Administration.SPDiagnosticsService.Provision()
at Microsoft.SharePoint.Administration.SPFarm.Join()
at
Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()
at
Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()
at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()

I spent a while trying to figure out why it would have failed and finally
decided to rerun the config program to reread the message. This time it
completed the configdb task and then failed on Task secureresources.

Here's that section of log:

05/25/2006 16:55:13 8 ERR Task secureresources has failed
with an unknown exception
05/25/2006 16:55:13 8 ERR Exception:
System.InvalidOperationException: This access control list is not in
canonical form and therefore cannot be modified.
at
System.Security.AccessControl.CommonAcl.RemoveQualifiedAces(SecurityIdentifier
sid, AceQualifier qualifier, Int32 accessMask, AceFlags flags, Boolean
saclSemantics, ObjectAceFlags objectFlags, Guid objectType, Guid
inheritedObjectType)
at
System.Security.AccessControl.DiscretionaryAcl.RemoveAccess(AccessControlType
accessType, SecurityIdentifier sid, Int32 accessMask, InheritanceFlags
inheritanceFlags, PropagationFlags propagationFlags)
at
System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
at
System.Security.AccessControl.CommonObjectSecurity.ResetAccessRule(AccessRule
rule)
at
System.Security.AccessControl.RegistrySecurity.ResetAccessRule(RegistryAccessRule rule)
at
Microsoft.SharePoint.PostSetupConfiguration.ResourceAccess.SetRegistryAccessRule()
at Microsoft.SharePoint.PostSetupConfiguration.ResourceAccess.Secure()
at
Microsoft.SharePoint.PostSetupConfiguration.SecurityTask.SecureResources()
at Microsoft.SharePoint.PostSetupConfiguration.SecurityTask.Run()
at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()

After doing more research, I decided to uninstall MOSS (which completed
clean), install SQL 2005 Developer ed., and then rerun the install logged in
as a Domain User account configured as SQL sysadmin, dbcreator, and
securityadmin, choosing the option to become the first server in a server
farm. The exact same sequence of failures occurred. First the configdb,
rerun, and then the secureresources.

I'll probably start on a fresh copy but if anyone has seen this error and
knows a work around, please let me know.

--
Harold

Armbruster, René

unread,
May 27, 2006, 12:01:02 PM5/27/06
to
Hi Harold,

did you choose an existing SQL Server or used the MSDE option? If you used
an existing SQL Server, did you add the domain administrator as sysadmin,
security admin and db creator within the SQL Server? Which account did you
use as service account for the SPS ?

br

René

"LaRoux" schrieb:

udo.e...@technidata.de

unread,
May 29, 2006, 11:56:00 AM5/29/06
to
have you solved the problem??
I get exactly the same error message.

Udo

Hollis Paul [MVP - Outlook]

unread,
May 29, 2006, 3:28:35 PM5/29/06
to
In article <1148918160.7...@g10g2000cwb.googlegroups.com>,
wrote:

> have you solved the problem??
> I get exactly the same error message.
>
Do you guys not know about Google and its search engine? Take the
error message "Failed to secure the SharePoint resources", without the
quotes, browse to the Google home page, and put it into the Google
search control. Among other items, it will show you two documents on
F5 that will show you how to secure the SharePoint resources. Try that
and then reinstall. See if that works.

But as a general check out tool, you should always take the text of the
error message and stuff it into Google and search on it. Microsoft
would like you to do that on the MSN site, also, but I rarely get
results there. The Technet search site is much better, and sometimes
the MSDN works. But Google is clearly the best.

--
Hollis Paul
Mukilteo, WA USA


Plo...@gmail.com

unread,
May 31, 2006, 10:54:06 AM5/31/06
to

Hollis Paul [MVP - Outlook] a écrit :

Plo...@gmail.com

unread,
May 31, 2006, 10:56:27 AM5/31/06
to
I've got the same problem "Failed to secure the SharePoint resources"

05/31/2006 16:49:04 10 ERR Task secureresources has


failed with an unknown exception

05/31/2006 16:49:04 10 ERR Exception:


Filemon log :


3739 16:49:04 psconfigui.exe:3440 OPEN C:\WINDOWS\symbols\dll\mscorlib.pdb PATH
NOT FOUND Options: Open Access: All
3740 16:49:04 psconfigui.exe:3440 OPEN C:\WINDOWS\dll\mscorlib.pdb PATH
NOT FOUND Options: Open Access: All
3741 16:49:04 psconfigui.exe:3440 OPEN C:\WINDOWS\mscorlib.pdb NOT
FOUND Options: Open Access: All
3742 16:49:04 psconfigui.exe:3440 CLOSE C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll SUCCESS


Help me
thx

LaRoux

unread,
Jun 1, 2006, 6:44:01 AM6/1/06
to
"Hollis Paul [MVP? - Outlook]" wrote:
> Do you guys not know about Google and its search engine?

Yes, I've heard of Google. Thank you for asking.

>it will show you two documents on F5 that will show you how to secure the SharePoint resources.

These documents are on how to configure F5 firewall products to enable
secure access to SharePoint from outside the firewall. Hardly a MOSS Beta
configuration primer.

> But as a general check out tool, you should always take the text of the
> error message and stuff it into Google and search on it.

I always do a search on error text, with quotes around it so I don't get
millions of useless answers like how to configure a firewall. Of course if I
search on the quoted error message now, I get four different sites with
copies of this same message thread.

>But Google is clearly the best.

I prefer Yahoo.

--
Harold

LaRoux

unread,
Jun 1, 2006, 6:52:01 AM6/1/06
to
> did you choose an existing SQL Server or used the MSDE option?

In the first install, I used the MSDE. In the second install, I pointed it
at a fresh 2005 Dev. SQL, installed on the same system.

>did you add the domain administrator as sysadmin, security admin and db creator within the SQL
> Server? Which account did you use as service account for the SPS ?

In the first install, I did exactly as you describe, I added the domain
admin to each of those three groups and used the domain admin account as the
service account. In the second install, I created a Service account
specifically for SharePoint, added it to domain admins and the three SQL
security groups. Same result.

--
Harold

LaRoux

unread,
Jun 1, 2006, 6:56:02 AM6/1/06
to
I've been out of the office so I haven't been able to make any more attempts.
I did get some feedback from another beta installer that he thought it might
be more likely to succeed installing on the Longhorn Beta.

Possibly unrelated, I had a lot of trouble (performance) running the Vista
Beta on a Virtual Server instance. Are you running the MOSS installation on
Virtual Server? Is anyone who has been successful running on Virtual Server?

--
Harold

LaRoux

unread,
Jun 1, 2006, 6:58:01 AM6/1/06
to
Are you running on Virtual Server? I'm trying to see if it might be our
environment.
--
Harold

Joe

unread,
Jun 1, 2006, 12:50:02 PM6/1/06
to
Hi all,
I am in the same boat. The install is on a vmWare image. Same logs. No
useful hits on Google, MSN, Yahoo, dogpile, MS technet (internet and June
2006 CD)... will keep trying, and let all know if I determine the fix.

thanks

joe

Joe

unread,
Jun 3, 2006, 9:48:02 PM6/3/06
to
http://officebeta.iponet.net/en-us/products/FX101517541033.aspx?ofcresset=1

Config
After installing the Office Server Beta, you get the following error in the
configuration wizard:

This access control list is not in canonical form and therefore cannot be
modified.

This issue will occur if you are using Sysinternal's Newsid utility to
reset the SID of the machine or image.

To work around this issue do the following:


Remove the Office Server Beta install.
Join a workgroup.
Remove machine account from domain.
Run sysprep from Windows Support Tool's deploy.cab.
Reboot and rejoin the domain.
Install the Office Server Beta.

You can also build the server from scratch and not use NewSID.

LaRoux

unread,
Jun 5, 2006, 4:53:02 PM6/5/06
to
> You can also build the server from scratch and not use NewSID.

This worked for me. The other multi-step method still failed.

--
Harold

Barnett@discussions.microsoft.com Tim Barnett

unread,
Jun 7, 2006, 4:13:02 PM6/7/06
to

"LaRoux" wrote:

> > You can also build the server from scratch and not use NewSID.
>
> This worked for me. The other multi-step method still failed.
>
> --
> Harold
>

sysprep did nothing to solve the problem. Re-installing the virtual server
and NOT using the NewSID did thre trick.

Ivan

unread,
Jun 26, 2006, 8:13:02 PM6/26/06
to
Hi there,

I have the same issue as well it seems that this error then triggers a
number of other errors in the log (naturally). I am running 2 boxes (Both VM)
on is SQL 2005 and the other to be a web server. AD is on another box on the
domain.

All a fresh installs .. well not exactly they are pre build OS environments
that then get propmoted as memeber servers before I insall anything.

would this be the correct way to install this BETA?


Regards,

Ivan brebner

SY

unread,
Jul 3, 2006, 1:59:01 AM7/3/06
to
A complete re-install seemed take care of this issue.

RRFreeman

unread,
Aug 14, 2006, 3:32:01 PM8/14/06
to
Well put LaRoux. :)

Fuinadan

unread,
Sep 22, 2006, 9:32:02 AM9/22/06
to
Hi, All.

Better later then never. It looks like here is the fix:
http://www.combined-knowledge.com/Downloads/StandaloneDomainController.zip
Unpack and read "readme.txt".

JD

unread,
Sep 29, 2006, 2:41:01 PM9/29/06
to
I encountered similar errors. The above download did not work for me. I was
able to install by updating the permissions on some of the registry keys as
described on page linked below.

http://blogs.interknowlogy.com/billsheldon/archive/2006/05/22/2705.aspx

0 new messages