Friday, May 29, 2009

Provisioning failed SharePoint Shard Service (SSP)

I had very good experience last week one our customer installed and configure SharePoint on Server Farm Environment, When they installed Server A as Web front-end server, Server B as Complete setup and Enable only Office SharePoint Search service.

When I try to start to create and configure SharePoint Shard Service (SSP) the system start to surface following error.

Provisioning failed: Windows NT User or group ‘Domain Name\username’ not found. Check the name again


I was cracking our mind (1 day) and seeking help from various people and search Internet. There is no correct solution, Finally Tech net help me resolve the issue.

Accounting to Tech Net. When you configure Share Point Shard Service “ The user account must be a domain user account, but the user account does not have to be a member of any particular security group. It is recommended that you use the principle of least privilege and select a unique user account that does not have administrative rights on your front-end servers or on your back-end database servers. You can use the user account that you specified as the Microsoft Office SharePoint Server 2007 service account; however, if that user account is a member of a security group that has administrative rights on your front-end servers or your back-end database servers, you will not be following the principle of least privilege. The user name must be in the format DOMAIN\username.”

Then, I notice that Server B uses to Local Service account to run the Search Service. Due that when try to create Share Service from Server A it prompt Provision error.

According to SharePoint Best Practices you must have few set of account, to setup SharePoint. Where as my customer use one account setup SharePoint.

One of the biggest recommendations when installing a SharePoint environment is to think carefully about what accounts are going to run which roles that are used. TechNet has a large section on this called Plan for administrative and service accounts.

You can get the comprehensive list from site and article called SharePoint User Accounts for Least Privilege Installs

No comments: