Wednesday, May 18, 2011

Profile page access exception troubleshoot

As I mentioned in the last post, the profile page may not be able to access with the following error message:
In this case, I would say it should be an authentication issue. To resolve it, we should understand the BCS modes. Please look at the following table
Name SPD Model
Pass Through User’s Identity PassThrough
SSO (Windows) Impersonated Custom/Windows Identity RdbCredentials / WindowsCredentials
Revert To Self BDC Identity RevertToSelf

Let's go through them one by one to get a general idea quickly.
1. Pass Through: authenticate to the external system with the same credentials that were used to authenticate to SharePoint. Kerberos supports only. It will not function by default in NTLM, because NTLM does not allow for delegation of identity
2. SSO: we can use the credentials in Secure Store to sign you in again on the server.
3. Revert To Self: Using Revert To Self means to connect to the external system as the IIS application pool that is servicing the request. Because the application pool of a SharePoint farm is a very highly privileged account, it is not a recommended security practice to use Revert To Self in deployment environments.

All right! We already knew what they stand for currently. Let's focus on how to resolve our issue.
Okay. Based on BCS modes, we have three solutions.
1. Use Kerbero authentication. I haven't try this one.
2. Use SQL Authentication and save the credential into Secure Store service application (Recommend)
For this solution, you can refer to Laura Rogers's post
The only one point you need to notice is the SQL Server user must have the SQL Authentication permission

3. Use Revert to Self mode.
    a. Click Start -> All Programs -> Microsoft SharePoint 2010 Products -> SharePoint 2010 Management Shell
    b. In the opening window, enter the following commands
        $bdc = Get-SPServiceApplication | where {$_ -match "Business Data Connectivity Service"}
        $bdc.RevertToSelfAllowed = $true

    c. Restart your server

No comments:

Post a Comment