A few week ago, I got the error "You do no have rights to perform this operation" message when I tried to manage the Single Sign-On setting on MOSS2007. I asked P'Knight DBA and P'Pop DBA to check if the rights of the user account I used is a member of public database in the configuration database and it's the member of serveradmin fixed server role in the instance of MS SQL Server or not, and it is. Thus, I opened a case to Microsoft. Microsoft Support Engineer suggested me to check the Single Sign-On service logon account in Windows Server 2003 service. And I found that why the error occured. My Single Sign-on Service logon account was set as Local System. It has to be set as the correct domain account that I use with MOSS.
With the help of Microsoft and the idea from SharePoint 2003 article http://support.microsoft.com/kb/889645 , it may concluded that we have to make sure that the user account we're gonna use to set the SSO must be..
- Log On As in Microsoft Single Sign-On Service in Windows Server 2003
- Member of Administrator/Local group of MOSS2007
- Member of public database role on the config database
- Member of serveradmin fixed server role in the instance of SQL Server that SSO DB is gonna be located
No comments:
Post a Comment