Freigeben über

SP 2013 :: Error occured: System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied

  • Artikel

When users try to search they get following error in the Search Center Site:

Sorry, something went wrong.

Search has encountered a problem that prevents results from being returned. If the issue persists, please contact your administrator.

 

image

In the ULS logs, you would notice errors similar to following:

SearchServiceApplicationProxy::GetQueryParameterSpecification--Error occured: System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.

Cause

The issue happens if the default Local Farm Account does not have permission to the Search Service Application.

Steps to identify and rectify the issue

# Review the ULS logs from the Query Server for the correlation Id. You would see messages similar to following:

07-26-2015 01:44:55.41        w3wp.exe (0x4F00)        0x341C        SharePoint Server Search        Query        dka5        High        SearchServiceApplicationProxy::GetUserPreferenceSerializeHelperForTenant--Error occured: System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.    Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)     at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)     at Microsoft.Office.Server.Search.Administration.ISearchSiteAdministrationServiceApplication.GetUserPreferenceSerializeHelperForTenant(Guid tenantId, Byte[] userID)     at Microsoft.Office.Server.Search.Administration.SearchServiceApplicationProxy.<>c__DisplayClass27f.<GetUserPreferenceSerializeHelperForTenant>b__27e(ISearchServiceApplication serviceApplication)     at Microsoft.Office.Server.Search.Administration.SearchServiceApplicationProxy.DoSpLoadBalancedUriWsOp[T](WebServiceBackedOperation`1 webServiceCall, Int32 timeoutInMilliseconds, Int32 wcfTimeoutInMilliseconds, String operationName)

07-26-2015 01:46:05.03        w3wp.exe (0x4F00)        0x5190        SharePoint Server Search        Query        dka5        High        SearchServiceApplicationProxy::GetQueryParameterSpecification--Error occured: System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.    Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)     at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)     at Microsoft.Office.Server.Search.Query.Rules.IQueryRuleOperations.GetQueryParameterSpecification(SearchObjectFilter filter)     at Microsoft.Office.Server.Search.Administration.SearchServiceApplicationProxy.DoSpLoadBalancedUriWsOp[T](WebServiceBackedOperation`1 webServiceCall, Int32 timeoutInMilliseconds, Int32 wcfTimeoutInMilliseconds, String operationName

07-26-2015 01:46:13.75        w3wp.exe (0x1130)        0x09AC        SharePoint Server Search        Query        dka5        High        SearchServiceApplicationProxy::GetSearchServiceApplicationInfo--Error occured: System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.    Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)     at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)     at Microsoft.Office.Server.Search.Query.ISearchQueryServiceApplication.GetSearchServiceApplicationInfo()     at Microsoft.Office.Server.Search.Administration.SearchServiceApplicationProxy.DoSpLoadBalancedUriWsOp[T](WebServiceBackedOperation`1 webServiceCall, Int32 timeoutInMilliseconds, Int32 wcfTimeoutInMilliseconds, String operationName)

# Navigate to the permission of the search service application from the central admin site and check if you have the Local Farm account added to it. If not, we need to add it.

 

image

# Steps to give permission to the Local Farm account, run following from the SharePoint Management Shell and then again navigate to the permissions to ensure the Local Farm Account has permission.

$farmid = Get-SPFarm | Select Id

$ssa = Get-SPEnterpriseSearchServiceApplication -Identity “Search Service Application”

$security = $ssa | Get-SPServiceApplicationSecurity

$claimprovider = (Get-SPClaimProvider System).ClaimProvider

$principal = New-SPClaimsPrincipal -ClaimType "https://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" -ClaimProvider $claimprovider -ClaimValue $farmid

Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights "Full Control"

$ssa | Set-SPServiceApplicationSecurity -ObjectSecurity $security

 

image

 

Post By :Paresh Gandhi [MSFT]

Comments

  • Anonymous
    March 23, 2016
    It's not working. After running the commands I'm unable to open permissions from CA.I run the following to restore:revoke-spobjectsecurity $security -allset-spserviceapplicationsecurity -identity $securityBut the Local Farm is still not showing on Permissions page.
  • Anonymous
    March 23, 2016
    This is the error: Exception of type 'System.ArgumentException' was thrown. Parameter name: claim
    • Anonymous
      March 23, 2016
      and the solution is:run this : $farmID = Get-SPFarm | select id then $farmidcopy the IDpaste it in permissions... and do check nameadd with Full Controland you will have Local Farm added
  • Anonymous
    June 30, 2017
    I agree it is not working. Make sure that you first make a copy of the security object to restore if necessary. I can confirm Ionut's method and restore.