|
Home > Archive > Commerce Server Solution Sites > June 2004 > permissions issue on unpacking the retail solutions site
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
permissions issue on unpacking the retail solutions site
|
|
|
| Retail
The page cannot be displayed
We apologize for the inconvenience. Please try again later. If the problem persists, please contact our webmaster.
--------------------------------------------------------------------------------
Error Type:
Microsoft Commerce Configuration (0x80040E09)
SELECT permission denied on object 'Sites', database 'MSCS_Admin', owner 'dbo'. SiteConfig:Initialize
/LM/w3svc/1512230758/Root/retail/include/global_siteconfig_lib.asp, line 195
Browser Type:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Page:
GET /retail/Default.asp
Time:
Wednesday, June 02, 2004, 10:27:43 AM
| |
|
| I should note that I have encountered this on a Windows 2003 Server box employing windows integrated security - but not active directory services. I have another box installed with just SQL security and it works fine. I assume there is one step out of t
he dozens that I missed in setting up the security properly. I'm going over the documentation and haven't spotted the missing item yet. Any ideas?
Thanks!
| |
|
| I've made some progress by granting access to the Sites table in the MSCS_Admin database...
-------------Excerpt from Securing your Site - Using Windows Authentication----------------
1. Click Start, point to Programs, point to Microsoft SQL Server, and then click Enterprise Manager.
2. In the SQL Server Enterprise Manager screen, in the Tree pane, expand Microsoft SQL Servers, expand SQL Server Group, expand <ServerName> (Windows NT), expand Databases, expand MSCS_Admin, right-click Roles and then click New Database Role.
3. In the Database Role Properties - New Role dialog box, in the Name text box, type Anonymous_IIS_Role.
4. In the Database role type section, select Standard role, and then click OK.
The standard role you created and named Anonymous_IIS_Role appears in the Roles pane on the SQL Server Enterprise Manager screen.
5. In the Roles pane, right-click Anonymous_IIS_Role, and then click Properties.
6. In the Database Role Properties - Anonymous_IIS_Role dialog box, click Permissions.
7. In the Database Role Properties - MSCS_Admin dialog box,in the SELECT column, select the ResourceProps, Resources, SiteResources, and Sites check-boxes, and then click OK.
8. In the SQL Server Enterprise Manager screen, in the Tree pane, expand Microsoft SQL Servers, expand SQL Server Group, expand <ServerName> (Windows NT), expand Security, and then click Logins.
9. In the SQL Server Enterprise Manager screen, in the Logins pane, right-click <DomainName>\Anonymous, and then click Properties.
Note: You created the user account named <DomainName>\Anonymous, where <DomainName> is the name of your active directory domain, in Step 2: Create Required Accounts.
10. In the SQL Server Login Properties - <DomainName>\Anonymous dialog box, select MSCS_Admin.
11. In the Database roles for MSCS_Admin section, select the Anonymous_IIS_Role check-box, and then click OK.
-----------------------
but now I'm getting:
-----------------------
Retail
The page cannot be displayed
We apologize for the inconvenience. Please try again later. If the problem persists, please contact our webmaster.
--------------------------------------------------------------------------------
Error Type:
Microsoft OLE DB Provider for SQL Server (0x80040E09)
SELECT permission denied on object 'Decode', database 'Retail_commerce', owner 'dbo'.
/LM/w3svc/1512230758/Root/retail/include/global_siteconfig_lib.asp, line 280
Browser Type:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Page:
GET /retail/Default.asp
-------------------
I assume it is a similar process to grant access to the Decode table, but I don't see it in the documentation anywhere.
| |
|
| Nice. Now that access has been granted, we time out. I'm not impressed.
Retail
The page cannot be displayed
We apologize for the inconvenience. Please try again later. If the problem persists, please contact our webmaster.
--------------------------------------------------------------------------------
Error Type:
Active Server Pages, ASP 0113 (0x80004005)
The maximum amount of time for a script to execute was exceeded. You can change this limit by specifying a new value for the property Server.ScriptTimeout or by changing the value in the IIS administration tools.
/retail/Default.asp
Browser Type:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 1.0.3705)
Page:
GET /retail/Default.asp
| |
|
| I increased the scriptTimeout value to 600 instead of just 90, and after about 3 minutes the initial retail page finally loaded. What is taking it soooooooooooooooooooooooooo long? When using just SQL authentication the page is loaded almost instantanio
us. This is just the retail pup freshly installed. I haven't tweaked anything yet.
| |
| Vinayak Tadas[MSFT] 2004-06-28, 7:29 pm |
| See this link
http://msdn.microsoft.com/library/d...-us/csvr2002/ht
m/cs_se_securecode_vxuh.asp
Step 7: Create SQL Login Accounts for Each Required Account
Step 8: Run the Commerce Server Database Security Scripts
Step 9: Add the Required Accounts to the Database Roles
You need to grant permissions for the runtime user to the Retail_commerce
database
--------------------
Thread-Topic: permissions issue on unpacking the retail solutions site
thread-index: AcRJikJm8ZBi1bL4RQW2mcIbDkAMww==
X-WN-Post: microsoft.public.commerceserver.solutionsites
From: "=?Utf-8?B?QnVydA==?=" <anonymous@discussions.microsoft.com>
References: <75250147-8038-4C34-A2BA-D4635D910962@microsoft.com>
<1598928E-D965-43EC-BEEC-D0FC5490C0F7@microsoft.com>
Subject: RE: permissions issue on unpacking the retail solutions site
Date: Thu, 3 Jun 2004 09:46:04 -0700
Lines: 42
Message-ID: <E9380E9C-F39C-4FF1-8A77-6D911E3B4437@microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.commerceserver.solutionsites
Path: cpmsftngxa10.phx.gbl
Xref: cpmsftngxa10.phx.gbl
microsoft.public.commerceserver.solutionsites:5793
NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
X-Tomcat-NG: microsoft.public.commerceserver.solutionsites
I've made some progress by granting access to the Sites table in the
MSCS_Admin database...
-------------Excerpt from Securing your Site - Using Windows
Authentication----------------
1. Click Start, point to Programs, point to Microsoft SQL Server, and then
click Enterprise Manager.
2. In the SQL Server Enterprise Manager screen, in the Tree pane, expand
Microsoft SQL Servers, expand SQL Server Group, expand <ServerName>
(Windows NT), expand Databases, expand MSCS_Admin, right-click Roles and
then click New Database Role.
3. In the Database Role Properties - New Role dialog box, in the Name text
box, type Anonymous_IIS_Role.
4. In the Database role type section, select Standard role, and then click
OK.
The standard role you created and named Anonymous_IIS_Role appears in the
Roles pane on the SQL Server Enterprise Manager screen.
5. In the Roles pane, right-click Anonymous_IIS_Role, and then click
Properties.
6. In the Database Role Properties - Anonymous_IIS_Role dialog box, click
Permissions.
7. In the Database Role Properties - MSCS_Admin dialog box,in the SELECT
column, select the ResourceProps, Resources, SiteResources, and Sites
check-boxes, and then click OK.
8. In the SQL Server Enterprise Manager screen, in the Tree pane, expand
Microsoft SQL Servers, expand SQL Server Group, expand <ServerName>
(Windows NT), expand Security, and then click Logins.
9. In the SQL Server Enterprise Manager screen, in the Logins pane,
right-click <DomainName>\Anonymous, and then click Properties.
Note: You created the user account named <DomainName>\Anonymous, where
<DomainName> is the name of your active directory domain, in Step 2: Create
Required Accounts.
10. In the SQL Server Login Properties - <DomainName>\Anonymous dialog box,
select MSCS_Admin.
11. In the Database roles for MSCS_Admin section, select the
Anonymous_IIS_Role check-box, and then click OK.
-----------------------
but now I'm getting:
-----------------------
Retail
The page cannot be displayed
We apologize for the inconvenience. Please try again later. If the problem
persists, please contact our webmaster.
----------------------------------------------------------------------------
----
Error Type:
Microsoft OLE DB Provider for SQL Server (0x80040E09)
SELECT permission denied on object 'Decode', database 'Retail_commerce',
owner 'dbo'.
/LM/w3svc/1512230758/Root/retail/include/global_siteconfig_lib.asp, line 280
Browser Type:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Page:
GET /retail/Default.asp
-------------------
I assume it is a similar process to grant access to the Decode table, but I
don't see it in the documentation anywhere.
Thanks
Vinayak Tadas
Microsoft
http://blogs.msdn.com/vinayakt
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2002 Microsoft Corporation. All rights
reserved.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Get Secure! For more info visit http://www.microsoft.com/security. Please
reply to the newsgroups only. Thanks
|
|
|
|
|