Skip to main content

SharePoint - Search Service Application (SSA) - Attempted to perform an unauthorized operation

On my current project I needed to adjust and add some search mapping via SharePoint's Central Administration web site.

This should have been very straight forward as you have the ability to add managed properties and mappings easily via the UI.

However, when I went to save my changes I got the error "The settings could not be saved because of an internal error: Attempted to perform an unauthorized operation".







Now this was very confusing as I am administrator on the server and added into all of the correct SharePoint groups. I also tried the same action via PowerShell and got the same error.  

After a few hours of research and head scratching I managed to get to the bottom of the problem which is the way my user account had been added as an administrator to the server.

In the company I work for to make it easier to manage the administrators on a server a group is created in active directory called "servername_admins". This group is added to the local administrators group on the server and all of the people who need to be administrators are added into this group. This works well and you might be thinking what is the problem?

Well SharePoint doesn't like it. SharePoint expects to find your user account directory added to the servers actual "Administrators" group. As I was already an administrator on the server I manually added myself to this account to save the search changes and it worked like a charm.

Interestingly if you check the documentation from Microsoft they do actually mention the need for the farm administrator to be included in the "Administrators" group on each server in the farm.

https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/plan-for-administrative-and-service-accounts

That's all for now, until next time! 



Labels:

Comments

Post a Comment

Popular posts from this blog

Sharepoint feature activation and strange timeouts....

  So I have been meaning to write a blog entry for some time now and at last I have finally manage to drag together a few coherent sentences and get the ball rolling. So what topic have I picked to start my blogging experience with at Conchango? Well Sharepoint of course! Anyway down to business and the reason for the post is that the other day I had to deal with an issue surrounding a timeout when activating a feature via the "ManageFeatures.aspx" page within the Windows Sharepoint Services (WSS) user interface. The feature itself was somewhat of a beast and did a lot of work within the "FeatureActivated" method behind the screens setting up lists, creating content etc which meant it was going to take a long time to complete.  So a timeout issue? Well as it turns out yes. The problem is that activating a feature via the "ManageFeatures.aspx" page means that the request to activate the feature is handled by asp.net and as such i...
Post a Comment
Read more

Debugging hidden features in SharePoint

Well it’s been a while since I have done a blog entry so I thought I would ease myself back into them with a small post about how to debug a hidden feature. As everyone knows in SharePoint you have the ability to make a feature hidden which means it doesn’t show up via the UI. This is useful if you don’t want users deactivating or activating a feature in the wrong site etc and making a mess of things. However, to debug these features I until quite recently use to switch the “hidden” attribute back to “false” so I could activate the feature via the UI and attached the debugger to the “w3wp” to see what gremlins were making my code go up in a cloud of smoke. However I learnt the other day about the “Debugger.Launch();” method which enables you to launch a debugger for your code and attach to the relevant process to enabling debugging (see http://msdn.microsoft.com/en-us/library/system.diagnostics.debugger.launch.aspx ). Now all I need to do when I want to debug my hidden featu...
Post a Comment
Read more