Custom Technology Solutions, Inc

Corporate Blog

Custom Technology Solutions, Inc - Corporate Blog

Remote Web Access Is Not Allowed For Your User Account

[Today's post comes to us courtesy of Rituraj Choudhary from Commercial Technical Support] After Small Business Server 2011 Standard has been updated with Update Rollup 2, some users may not be able to log on to the Remote Web Access with the following error: “Remote Web Access is not allowed for your user account. Contact the person who manages your server.” In the “C:Program FilesWindows Small Business ServerLogsWebAppRemoteAccess.log” file, you will see the following: [12468] 120419.103511.7516: RemoteAccess: [Identity] CheckUserInGroup hit exceptions: System.Runtime.InteropServices.COMException (0×80005000): Unknown error (0×80005000)    at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)    at System.DirectoryServices.DirectoryEntry.Bind()    at System.DirectoryServices.DirectoryEntry.get_AdsObject()    at System.DirectoryServices.PropertyValueCollection.PopulateList()    at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)    at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)    at Microsoft.WindowsServerSolutions.Web.Security.SBSRoleProvider.IsGroup(String distinguishedName)    at Microsoft.WindowsServerSolutions.Web.Security.SBSRoleProvider.CheckUserInGroup(String userDn, String groupDn, List`1 processedGroups) [12468] 120508.103511.7526: RemoteAccess: [Identity] CheckUserInGroup user:CN=April Reagan,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Contoso,DC=local. group:CN=Windows SBS Admin Tools Group,OU=Security Groups,OU=MyBusiness,DC=Contoso,DC=local [12468] 120419.103511.8186:: RemoteAccess: [Identity] GetRolesForUser ‘CONTOSOAprilReagan’: hasAccess=False, isAdmin=False, inLink=False, inAdminTools=False, allComputers=False This happens due to the fact that some Active Directory User or Organizational Unit name contains a forward slash (‘ / ’) character. The current resolution is to remove the offending character (‘ / ’) from the name(s). To find the offending user or OU, you may simply browse through the Active Directory Users and Computers console. If you are assisting someone, you may ask for a LDIFDE dump of the users and the Organizational Units as:     ldifde -f users.txt -d “dc=contoso,dc=local” -p subtree -r “(objectCategory=User)” -l “cn”    ldifde -f org.txt -d “dc=contoso,dc=local” -p subtree -r “(objectCategory=organizationalUnit)” -l “ou” (In the above examples, “ dc=contoso,dc=local ” is the distinguished name of the domain; change it as per your environment) Once you get the output, look for the user or organizational unit names with character ‘/’ in their name. Remove the character and modify it conventionally. That should take care of this issue. In the following example, getting rid of the ‘ / ’ from the name of “Test o/u” will fix the issue: dn: OU=Domain Controllers,DC=Contoso,DC=local changetype: add ou: Domain Controllers dn: OU=MyBusiness,DC=Contoso,DC=local changetype: add ou: MyBusiness … … … dn: OU=Test o/u,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Contoso,DC=local changetype: add ou: Test o/u … … … Open Active Directory Users and Computers to rename the object and remove the ‘/’ character.

Continued here:
Remote Web Access Is Not Allowed For Your User Account