Friday, May 16, 2014

SharePoint 2013: Critical Event 6398: The Execute method of job definition Microsoft.SharePoint.Administration.SPAppInstallationJobDefinition... threw an exception

Problem

You review the Application event log on one of your SharePoint Server 2013 farm web front end (WFE) servers and find the following critical event occuring every five minutes:
Log Name:      Application
Source:        Microsoft-SharePoint Products-SharePoint Foundation
Date:          [Date/Time]
Event ID:      6398
Task Category: Timer
Level:         Critical
Keywords:      
User:          [FarmAccount]
Computer:      [WFE1]
Description:
The Execute method of job definition 
Microsoft.SharePoint.Administration.SPAppInstallationJobDefinition 
(ID 16bfab57-4403-44da-9092-37f0f81fb32e) threw an exception. More 
information is included below.

Access to the path 'C:\ProgramData\Microsoft\SharePoint\AppInstallation'
is denied.
Event Xml:
...
Solution
  1. Open Windows Explorer, and navigate to C:\ProgramData\Microsoft.
  2. Right-click the SharePoint subfolder, and then choose Properties.
  3. Select the Security tab.
  4. Take  note of any entries here that display as SIDS only.
  5. Perform SID lookup, both against AD and against the local machine.
  6. Verify that the following two user groups are added and that they have been configured with the following permissions:
    1. WSS_ADMIN_WPG
      1. Full Control
    2. WSS_WPG
      1. Read & Execute
      2. List folder contents
      3. Read
  7. Remove any corrupted accounts/groups that appear here (you will see their SIDS only).
  8. Reboot the server.
References
Notes
  • I have found that performing a full re-installation of SharePoint Server 2013 (including configuration) seems to sometimes cause corruptions among the local user groups that SharePoint configures and that existing user groups are not properly cleaned up or overwritten when performing a re-installation.
  • I have found that this critical event can be temporarily resolved by adding the (AppFabric) Distributed Cache service account to the local Administrators group on each server hosting the Distribute Cache service.  I had to reboot the server after doing this, or the new account privileges was not realized.
  • Through investigation, the SIDS that I found here did not match up with the current SIDS for the WSS_ADMIN_WPG and WSS_WPG user groups already configured on the WFEs (the SIDS will be different from WFE to WFE - these are local user groups).  I think that these orphaned SIDS may reflect earlier SIDS for these same user groups from a previous installation.
  • The farm service account is a member of the WSS_WPG and WSS_ADMIN_WPG local user groups.

No comments: