Registry Access Errors In SharePoint 2013 – Requested Registry Access Is Not Allowed
I can’t imagine I am the only one that ran / has run into this, so thought I would jot down a quick note. In SharePoint 2013, when creating service accounts / managed accounts you may get the error:
somewhere in the ULS logs:
requested registry access is not allowed
or in the ASP.NET stacktrace:
Application error when access /_admin/registeraccount.aspx, Error=Requested registry access is not allowed.
at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
at Microsoft.SharePoint.Administration.SPCredentialManager.GetMasterKey(SPFarm farm)
at Microsoft.SharePoint.Administration.SPCredentialManager.GetFarmEncryptionKey(SPFarm farm)
at Microsoft.SharePoint.Administration.SPCredentialManager.EncryptWithMasterKey(SecureString sstrPassphrase)
at Microsoft.SharePoint.Administration.SPEncryptedString.SetSecureStringValue(SecureString sstrValue)
at Microsoft.SharePoint.Administration.SPManagedAccount.Update()
at Microsoft.SharePoint.WebControls.RegisterAccountControl.BtnSubmit_Click(Object sender, EventArgs args)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
No good, accounts are pretty important :) The easiest way to debug registery access issues is to use Process Monitor:
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
Bubbling up the same error when running the Process Monitor you will see that this error primarly occurs when an account is trying to access:
HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin
In a standalone install, this will be NETWORK SERVICE. So just add that user with permissions and you can create as many accounts as you want!
Articles & Research
-
SharePoint Security -
SharePoint Development -
SharePoint Architecture -
Claims Authentication -
Forefront For SharePoint -
AIS / Dynamics GP -
Team Foundation Server -
Pex And Moles -
ISA/TMG/IAG/UAG -
DPM -
Cardspace -
Research Methodology -
Rural ICT Development -
Numerical Analysis -
Multi-Level Research -
Knowledge Management -
Personal/Off-Topic
Latests SharePoint Development Posts
- SharePoint 2013 High Availability And Business Continuity
- Designing Global (WAN) SharePoint 2013 Environments Part 2
- Designing Global (WAN) SharePoint 2013 Environments Part 1
- Using Information Policies In SharePoint 2013
- Information Policy Management In SharePoint 2013
- Co-authoring In SharePoint 2013
Latests SharePoint Security Posts
- Security In Business Connectivity Services In SharePoint 2013
- Planning Security When Migrating To SharePoint
- User Profile Database Architecture In SharePoint 2013
- Why Use User Profiles In SharePoint 2013
- SharePoint 2013 Planning User Profile Synchronization With Directory Services (AD DS,Novell, SJSDS)
- SharePoint 2013 User Profile Property Mapping And Synchronizing Groups