When you promote a MOSS box (WSS v3.0 included of course), you will find that your service accounts will be all out of shape.

If you try and hit any of your WSS v3.0 hosted web sites, including any central administration sites, you will receive errors. If you try and run the configuration wizard you will also more than likely end up at the end of that with an error saying something similar to “the account name is invalid”.

If you disable custom errors in the web.config for your web site, you will more than likely find this error message:

The current identity (NT AUTHORITY\NETWORK SERVICE) does not have write access to ‘C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files’.

So what does this mean? Essentially, when you promoted it to a DC, the network service account has lost privileges to the ASP.NET temporary files and / or the IIS Metabase.

To fix this, navigate to your framework directory and run aspnet_regiis –ga “NT AUTHORITY\NETWORK SERVICE”

This will re-grant the network service account ACL permission to the necessary locations.

Hope this helps!

Posted by on June 6, 2007 in General Development.

3 Comments

About cosier

Matthew Cosier is the Chief Technology Officer at Hazaa. We are a group of experienced consultants based in Melbourne, Australia who solve business problems using Microsoft Technology. For more information, please visit http://www.hazaa.com.au

3 responses »

  1. Mike says:
    September 11, 2008 at 9:37 am

    On a 2003 server with SP1 that’s just been promoted to DC, an initial install of WSS 3.0 with SP1 kept failing with the configuration wizard stopping at Step 2 with an error “Failed to connect (or create) configuration database, group already exists”. The command mentioned in this article did not help! 😦

    Reply
  2. Vin says:
    June 13, 2009 at 7:54 am

    The command mentioned in this article dies nor run on my machine

    Reply

Leave a comment