ERR9999 appears when you try to open the SSP 2.0 site

If you’ve been setup the SSP 2.0 for the first time and try to open the web site you might come up with the above mention error message on the web site. This is something I came across during my testing on SSP 2.0 setup.

clip_image001

Initially my concern has been the SQL setup, I’ve used SQL 2008 setup on Windows 2008 R2 Ent SP1 machine where are not supported! At least I need to setup the SP2 for the SQL. Never the less after applying the SQL SP2 I found out it is not the case.

According to the SSP documentation you’ll have to create service accounts as follows,

Account Name

Requested during

Used for

Prerequisites

High Security

Service Account

VMMSSP server component setup

Running the Windows Service implementation of the VMMSSP server component, the Virtual Machine Manager Self-Service Portal 2.0 service, and underlying services and processes. The server component also uses this account for external communication, such as:

· Communicating with the VMM server and performing tasks that require interacting with the VMM server.

· Communicating with the VMMSSP database.

Make sure this is an Active Directory domain account.

Before you install the VMMSSP server component, make sure this account has administrative permissions on the VMM Administrator Console.

You must also make sure that this account is granted Local Administrator permissions on the computer where you plan to install the server component.

Use a low-privilege domain account

Application Pool Identity

VMMSSP website component setup

Running the application pool used for the VMMSSP website component. The VMMSSP website component also uses this account for external communication, such as:

· Communicating with the VMMSSP server and database components.

· Running tasks that require interacting with the other self-service portal components.

This account can be a domain account.

Use a low-privilege domain account.

Taken from official documentation on SSP 2.0

For both service account and the application pool identity I’ve used the same account. It seems like with Application Pool Identity has not accepted the created service account with the lease privilege given to it. Even after adding the service account to the local Administrator group of the SSP setup server problem still exist. Bit of web search and TechNet forums found out the issue related to the Application Pool Identity service is not having enough permission with the service account. To narrow the issue I’ve assigned the Domain Administrator account for the VMSSP Application Pool,

clip_image003

After that recycle the Application pool and tried to access the SSP site and what do you know it solve the problem!

clip_image005

But the actual question remains why it didn’t work with the least privilege which needs further investigation.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s