Skip to main content

Insufficient access rights to perform the operation. (Exception from HRESULT: 0x80072098)

While accessing the active directory (AD) and authorization manager (AZMAN) , If you get “  Insufficient access rights to perform the operation. (Exception from HRESULT: 0x80072098) “ message check the  account that is being used to get the LDAP query from AD . 

ERROR DETAILS

Exception Details: System.Runtime.InteropServices.COMException: Insufficient access rights to perform the operation. (Exception from HRESULT: 0x80072098)

Source Error:
Line 154:    'Session("FullName") = System.Security.Principal.WindowsIdentity.GetCurrent.Name.ToString()
Line 155:
Line 156:    If Not User.IsInRole("Role1") Then
Line 157:          Response.Redirect("./Login.aspx")
Line 158:    End If

 Stack Trace : ....

SOLVE IT

Steps to do check the app pool rights:

  1. Click on the website name that you are having problem with in IIS 
  2. In the right panel you will see 'Basic Settings'. Click It.
  3. Select the specific pool option and enter the name of the account@domain and the password. 
Please note that this app pool account will have the same domain user name . Sometimes having different names causes problems.
  1. Click Ok
  2. Test the site. 

WHY DID WE DO IT

The app pool account is being used to get the LDAP query from AD did not have rights to read the role


Having set multiple sites I have seen the major cause of problem is the rights of the account pool that is messed up. Even if it displays correctly sometimes just reentering it , solves it.

Labels:

Comments

Post a Comment

Popular posts from this blog

Sql Server database Read_Only / Read_Write

The ALTER DATABASE command allows a database administrator to modify SQL Server databases and their files and filegroups. This includes permitting the changing of database configuration options. Why Read Only ? When you need to ensure that the data is a database is not modified by any users or automated processes, it is useful to set the database into a read-only mode. Once read-only, the data can be read normally but any attempts to create, updated or delete table rows is disallowed. This makes the read-only mode ideal when preparing for data migration, performing data integrity checking or when the data is only required for historical reporting purposes. Make Database Read Only USE  [master] GO ALTER DATABASE  [TESTDB]  SET  READ_ONLY  WITH  NO_WAIT GO Make Database Read/Write USE  [master] GO ALTER DATABASE  [TESTDB]  SET  READ_WRITE  WITH  NO_WAIT GO In case you get the following error message make the database single user: Msg 5070, Level 16, Stat
Post a Comment
Read more

Query Active Directory from SSMS - 3 steps

Step1: Get the Servers Run the following command to get the list of all linked servers. sp_linkedservers Note: sp_helpserver can also be used to list the available servers Step 2: Add the server you want to connect to [This is important, because most people mess up here] To add a linked server we will use the following command sp_addlinkedserver EXEC sp_addlinkedserver @server=N'S1_instance1', @srvproduct=N'', @provider=N'SQLNCLI', @datasrc=N'S1\instance1'; Step 3: Query the Active Directory DECLARE @Application TABLE (cn varchar(50)); DECLARE @ApplicationCN varchar(50); DECLARE @SQLString nvarchar(MAX); DECLARE @ApplicationName varchar(20)= 'yy' -- name of the container DECLARE @Role varchar(20) = 'xxx' DECLARE @Domain nvarchar(20) = 'a.com' -- if this is a.com SET @SQLString='SELECT cn FROM OPENQUERY(ADSI,''SELECT cn FROM ''''LDAP://' +@Domain +''''
1 comment
Read more