"Access Denied" when configuring SharePoint to View Operations Manager Data

  • Article

 

Problem

Recently I worked on an issue where one of our customer was getting Access Denied when adding the Operations Manager Web Part, and logs did not give us clear indication as to where exactly we were failing

Please refer to “Using SharePoint to View Operations Manager Data” TechNet article to know how to integrate Operations manager

Symptoms

We received Access Denied when adding the operations manager web part on the site collection and following stack is logged in the ULS logs

[Date and Time] w3wp.exe (0x1B94) 0x1540 Unknown Operations Manager 40 Verbose Error - <PortalWebPart.InitializeWebPartConfiguration> Error: System.Configuration.ConfigurationErrorsException: The Web Part cannot access the configuration list. This is probably caused by insufficient permissions. Contact your system administrator. ---> System.Threading.ThreadAbortException: Thread was being aborted. at System.Threading.Thread.AbortInternal() at System.Threading.Thread.Abort(Object stateInfo) at System.Web.HttpResponse.End() at Microsoft.SharePoint.Utilities.SPUtility.Redirect(String url, SPRedirectFlags flags, HttpContext context, String queryString) at Microsoft.SharePoint.Utilities.SPUtility.RedirectToAccessDeniedPage(HttpContext context) at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(HttpContext context) at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex) at Microsoft.SharePoint.Library.SPRequest.GetListsWithCallback(String bstrUrl, Guid foreignWebId, String bstrListInternalName, Int32 dwBaseType, Int32 dwBaseTypeAlt, Int32 dwServerTemplate, UInt32 dwGetListFlags, UInt32 dwListFilterFlags, Boolean bPrefetchMetaData, Boolean bSecurityTrimmed, Boolean bGetSecurityData, Boolean bPrefetchRelatedFields, ISP2DSafeArrayWriter p2DWriter, Int32& plRecycleBinCount) at Microsoft.SharePoint.SPListCollection.EnsureListsData(Guid webId, String strListName) at Microsoft.SharePoint.SPListCollection.Undirty() at Microsoft.SharePoint.SPBaseCollection.GetEnumerator() at System.Linq.Enumerable.<CastIterator>d__aa`1.MoveNext() at System.Linq.Enumerable.WhereEnumerableIterator`1.MoveNext() at System.Linq.Enumerable.FirstOrDefault[TSource](IEnumerable`1 source) at Microsoft.EnterpriseManagement.SharepointIntegration.SPListCollectionExtensions.GetList(SPListCollection lists, String listName) at Microsoft.EnterpriseManagement.SharepointIntegration.PortalConfigurationCollection.<>c__DisplayClass2.<.ctor>b__0() --- End of inner exception stack trace --- at Microsoft.EnterpriseManagement.SharepointIntegration.PortalConfigurationCollection.<>c__DisplayClass2.<.ctor>b__0() at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass4.<RunWithElevatedPrivileges>b__2() at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode) at Microsoft.EnterpriseManagement.SharepointIntegration.PortalConfigurationCollection..ctor(String listName) at Microsoft.EnterpriseManagement.SharepointIntegration.PortalConfiguration.TryInitializeWebPartConfiguration(PortalWebPart webPart, PortalConfiguration& configuration, String& errorMessage) 616c88fc-47d7-4ac0-b155-da3d7859e21c

 

Resolution

After some digging we realized that it was failing for a list on Central Administration,in order to fix this make sure your web application pool has permissions to add to “Operations manager web console environments” (https://Central administration site/operationsmanager)

There are high chances that you will get another Access denied and following will be get logged in the ULS log

System.Data.SqlClient.SqlException: The EXECUTE permission was denied on the object 'proc_EnumLists', database 'SharePoint_AdminContent_b87e98fd-b2fc-49c0-8025-aef8851561ea', schema 'dbo'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)   
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)   
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)   
at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()   
at System.Data.SqlClient.SqlDataReader.get_MetaData()   
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)   
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)   
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)   
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)   
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)   
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior)   
at Microsoft.SharePoint.Utilities.SqlSession.ExecuteReader(SqlCommand command, CommandBehavior behavior, SqlQueryData monitoringData, Boolean retryForDeadLock)

In order to fix this we need to grant Web Applications Application Pool DBO rights to the Central Administration Content Database