Problem
You review the Application event log on one of your SharePoint Server 2013 farm web front end (WFE) servers and find the following critical event occuring every five minutes:
You review the Application event log on one of your SharePoint Server 2013 farm web front end (WFE) servers and find the following critical event occuring every five minutes:
SolutionLog Name: Application Source: Microsoft-SharePoint Products-SharePoint Foundation Date: [Date/Time] Event ID: 6398 Task Category: Timer Level: Critical Keywords: User: [FarmAccount] Computer: [WFE1] Description: The Execute method of job definition Microsoft.SharePoint.Administration.SPAppInstallationJobDefinition (ID 16bfab57-4403-44da-9092-37f0f81fb32e) threw an exception. More information is included below. Access to the path 'C:\ProgramData\Microsoft\SharePoint\AppInstallation' is denied. Event Xml: ...
- Open Windows Explorer, and navigate to C:\ProgramData\Microsoft.
- Right-click the SharePoint subfolder, and then choose Properties.
- Select the Security tab.
- Take note of any entries here that display as SIDS only.
- Perform SID lookup, both against AD and against the local machine.
- Verify that the following two user groups are added and that they have been configured with the following permissions:
- WSS_ADMIN_WPG
- Full Control
- WSS_WPG
- Read & Execute
- List folder contents
- Read
- Remove any corrupted accounts/groups that appear here (you will see their SIDS only).
- Reboot the server.
- Sharepoint Execute method, Access denied to AppInstallation not clear service accounts
- Well-known security identifiers in Windows operating systems
- Windows PowerShell Tip of the Week: Determining the SID for a Local User Account
- Account permissions and security settings in SharePoint 2013
- I have found that performing a full re-installation of SharePoint Server 2013 (including configuration) seems to sometimes cause corruptions among the local user groups that SharePoint configures and that existing user groups are not properly cleaned up or overwritten when performing a re-installation.
- I have found that this critical event can be temporarily resolved by adding the (AppFabric) Distributed Cache service account to the local Administrators group on each server hosting the Distribute Cache service. I had to reboot the server after doing this, or the new account privileges was not realized.
- Through investigation, the SIDS that I found here did not match up with the current SIDS for the WSS_ADMIN_WPG and WSS_WPG user groups already configured on the WFEs (the SIDS will be different from WFE to WFE - these are local user groups). I think that these orphaned SIDS may reflect earlier SIDS for these same user groups from a previous installation.
- The farm service account is a member of the WSS_WPG and WSS_ADMIN_WPG local user groups.
No comments:
Post a Comment