Tag Archives: Permissions

randypaulo 9:19 am on May 4, 2018
Tags: , FileAdapter, Permissions, ShareFolder   

BizTalk – File Adapter – File transport does not have read/write priveleges

Recently, I have to investigate error related to BizTalk – File Adapter. The error that was thrown was:

The Messaging Engine failed to add a receive location “{Receive Location Name}” with URL “{RecieveLocationPath}\*.*” to the adapter “FILE”. Reason: “File transport does not have read/write privileges for receive location “{RecieveLocationPath}\”. “.

I think the error was obvious, and these are the steps I’ve performed to investigate:

  1. Checked if path exists (duh!).
  2.  Checked the Share Folder settings and Security Settings (looks ok!)
  3.  Double checked which account is accessing the folder in BizTalk Admin Console. Since there was no account specified in the Authentication Tab, then I assume that this is using the default account of the Host Instance.

BTS-FileAdapter-AuthenticationTab

4. Re(enable) the Receive Location (immediately shutdown)

5. Restart the Host Instance, repeat step 4. (doesn’t work)

6. Re-enter the password of Host Instance Service (using services.msc) and restart and repeat 4 (no use!).

6. Reboot the Server (still doesn’t work).

Hmm, weird huh?

What i did next is to go to Shared Folder Management (in the server where the folder is hosted). This can be access using Run-> mmc -> Add/Remove Snap-In -> Share Folder.

From the menu, go to Open Files.

MMC-ShareFolder

What i see is: there are 2 different service accounts of BizTalk connecting to the same share folder server. Hmm.. So i changed one of the Receive Location to use the same account as the other one and repeat Step 4.  After this step, the receive locations are now green again!.

It looks like BizTalk can’t connect to a Share Folder Server using 2 different accounts.

 

 

 

 

 

randypaulo 6:00 pm on February 22, 2012
Tags: , Permissions, ,   

[Powershell] Set user permission in SSRS Item (SQL Reporting Server) using powershell

Combining both (article1 and article2), i was able to come up with a powershell script to set user permission in SQL Reporting Services (SSRS)

<#
.SYNOPSIS
        Set user permissions in SQL Reporting Services using Web Service

.DESCRIPTION
        Set user permissions in SQL Reporting Services using Web Service

.EXAMPLE
        Add-SSRSItemSecurity -webServiceUrl "http://[ServerName]/ReportServer/ReportService2005.asmx" -itemPath "MyReportFolder" -groupUserName RPAULO\User1 -role Browser

.EXAMPLE
        Add-SSRSItemSecurity -url "http://[ServerName]/ReportServer/ReportService2005.asmx" -itemPath "MyReportFolder" -u RPAULO\User1 -r "Content Manager"

#>
function Add-SSRSItemSecurity
(
        [Parameter(Position=0,Mandatory=$true)]
        [Alias("url")]
        [string]$webServiceUrl,

        [Parameter(Position=1,Mandatory=$true)]
        [Alias("path")]
        [string]$itemPath,
        
        [Parameter(Position=2,Mandatory=$true)]
        [Alias("u")]
        [string]$groupUserName,
        
        [Parameter(Position=3,Mandatory=$true)]
        [Alias("r")]
        [string]$role,
        
        [Parameter(Position=2)]
        [bool]$inherit=$true
)

{
        
        #Fix item path if not starting with /
        if(!$itemPath.StartsWith("/")) { $itemPath = "/" + $itemPath}
        
        #Create Proxy
        Write-Host "[Add-SSRSItemSecurity()] Creating Proxy, connecting to : $webServiceUrl"
        $ssrsProxy = New-WebServiceProxy -Uri $webServiceUrl -UseDefaultCredential
        
        $type = $ssrsProxy.GetType().Namespace;
        $policyType = "{0}.Policy" -f $type;
        $roleType = "{0}.Role" -f $type;
        
        Write-Host "[Add-SSRSItemSecurity()] Retrieving all existing policies."
        $policies = $ssrsProxy.GetPolicies($itemPath, [ref]$inherit);
        
        $a = 1;
        foreach($policy in $policies)
        {

                foreach($r in $policy.Roles)
                {
                        $msg = "[Add-SSRSItemSecurity()]  Existing Policy # {0} Group Name: {1}, Role: {2}" -f $a, $policy.GroupUserName, $r.Name
                        Write-Host $msg
                }
                $a+=1;
        }

        $msg = "[Add-SSRSItemSecurity()] Total Existing Policies: " + $policies.Length;
        Write-Host $msg
        
        $Policy = $policies | 
    Where-Object { $_.GroupUserName -eq $groupUserName } | 
    Select-Object -First 1
        
        if (-not $Policy) {
            $Policy = New-Object ($policyType)
            $Policy.GroupUserName = $GroupUserName
            $Policy.Roles = @()
            $Policies += $Policy
                $msg = "[Add-SSRSItemSecurity()] Adding new policy: '{0}'" -f $GroupUserName
                Write-Host $msg
        }

        $r = $Policy.Roles |
            Where-Object { $_.Name -eq $role } |
            Select-Object -First 1
        if (-not $r) {
            $r = New-Object ($roleType)
            $r.Name = $role
            $Policy.Roles += $r
                $msg = "[Add-SSRSItemSecurity()] Adding new role: '{0}'" -f $role
                Write-Host $msg
        }
        
        #Set the policies
        $ssrsProxy.SetPolicies($itemPath,$policies);

}
randypaulo 4:00 pm on September 13, 2011
Tags: , Permissions, Security   

IIS 7 Access to the path ‘c:\windows\system32\inetsrv\’ is denied

If you encountered an error related to:

Access to the path ‘c:\windows\system32\inetsrv\’ is denied.

It means that the credential wherein your site or webservice is running doesn’t have permission to that folder.

Steps below describes how to fix it:

1. Browse to the directory -> %windir%\System32

2. Right Click on the inetsrv folder and select Properties

3. Click the Security Tab -> Click Advance Button

4. Select the Owner Tab and click Edit Button, Select Administrators group and Click Apply.

5. Run the command prompt as Administrator and type:

 cacls %windir%\system32\inetsrv /G :F

Ex: cacls %windir%\system32\inetsrv /G RPAULO\WCFServiceUser:F