If you’ve been setup the SSP 2.0 for the first time and try to open the web site you might come up with the above mention error message on the web site. This is something I came across during my testing on SSP 2.0 setup.
Initially my concern has been the SQL setup, I’ve used SQL 2008 setup on Windows 2008 R2 Ent SP1 machine where are not supported! At least I need to setup the SP2 for the SQL. Never the less after applying the SQL SP2 I found out it is not the case.
According to the SSP documentation you’ll have to create service accounts as follows,
VMMSSP server component setup
Running the Windows Service implementation of the VMMSSP server component, the Virtual Machine Manager Self-Service Portal 2.0 service, and underlying services and processes. The server component also uses this account for external communication, such as:
· Communicating with the VMM server and performing tasks that require interacting with the VMM server.
· Communicating with the VMMSSP database.
Make sure this is an Active Directory domain account.
Before you install the VMMSSP server component, make sure this account has administrative permissions on the VMM Administrator Console.
You must also make sure that this account is granted Local Administrator permissions on the computer where you plan to install the server component.
Use a low-privilege domain account
Application Pool Identity
VMMSSP website component setup
Running the application pool used for the VMMSSP website component. The VMMSSP website component also uses this account for external communication, such as:
· Communicating with the VMMSSP server and database components.
· Running tasks that require interacting with the other self-service portal components.
This account can be a domain account.
Use a low-privilege domain account.
Taken from official documentation on SSP 2.0
For both service account and the application pool identity I’ve used the same account. It seems like with Application Pool Identity has not accepted the created service account with the lease privilege given to it. Even after adding the service account to the local Administrator group of the SSP setup server problem still exist. Bit of web search and TechNet forums found out the issue related to the Application Pool Identity service is not having enough permission with the service account. To narrow the issue I’ve assigned the Domain Administrator account for the VMSSP Application Pool,
After that recycle the Application pool and tried to access the SSP site and what do you know it solve the problem!
But the actual question remains why it didn’t work with the least privilege which needs further investigation.