Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Access denied when deploying a timer Job or activating a feature from SharePoint 2010 content web application

Access denied when deploying a timer Job or activating a feature from SharePoint 2010 content web application

Symptoms

You get Access Denied when you try to activate a feature in code from SharePoint 2010 web application. This error occurs whenever you try to make changes from the content applications (web front ends) to the config application (central admin application). For example web.config changes. The access denied error happens even when you wrap the code in RunWithElevatedPrivileges.

↑ Back to the top

Cause

This is due to a new security feature implemented in SharePoint 2010. This feature explicitly blocks any modifications to the objects inheriting from SPPersistedObject in the Microsoft.SharePoint.Administration namespace and does not allow the content web applications to update the configuration database. This new security feature which controls the behavior is the SPWebService.RemoteAdministratorAccessDenied property in the SharePoint API. Though it can be turned off if needed but as with any security feature, you need to be really careful and perform thorough testing before you turn it off.

↑ Back to the top

Resolution

RemoteAdministratorAccessDenied is a persisted property which can be set to false to disable the feature. You can do this either in a Console app or use Powershell and then perform an IISReset.

//Console app code

SPWebService myService = SPWebService.ContentService; 
myService.RemoteAdministratorAccessDenied = false; 
myService.Update(); 


//PowerShell code

function Set-RemoteAdministratorAccessDenied-False()
{
    [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") > $null
    [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Administration") > $null

    # get content web service
    $contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
    # turn off remote administration security
    $contentService.RemoteAdministratorAccessDenied = $false
   $contentService.Update()         
}

Set-RemoteAdministratorAccessDenied-False

↑ Back to the top

Keywords: kb

↑ Back to the top

Article Info
Article ID : 2564009
Revision : 3
Created on : 4/18/2018
Published on : 4/19/2018
Exists online : False
Views : 97