Wednesday, January 24, 2007

Permissions. Can't live with them, can't remove them

Here's an annoying little problem that has been pestering my life for a good day or so. On a newly installed win2k3 server with SQL Express 2005 I was trying to install the Sitecore Demo-site "Printers Inc.". Since the demo-site uses attached databases to SQL Express 2005 it was supposedly fairly easy to install: unpack a zip file, setup IIS, set the right login/password for your connectionstring in a config file.
All done, and try to open the site, but get greeted with this message:

Server Error in '/' Application.

Unable to open the physical file "D:\sites\Sitecore\MySite\Databases\sc53Master_Data.mdf". Operating system error 5: "5(Access is denied.)".
An attempt to attach an auto-named database for file D:\sites\Sitecore\MySite\Databases\sc53Master_Data.mdf failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share.


Okay...Looks like a permissions thing I thought...So I hurry and give ASPNET and NETWORK SERVICE users full rights on the entire site, and set it to propagate rights to children (security, who needs it anyway?!). Still the same problem....At this point I actually start reading the error message more carefully..Oh, it actually suggest 3 possible error scenarios...well - let me see: It's on a local disk, so forget about the UNC thing. A visit to SQL Server management studio proofs that there's no database with the same name (why would there be? it's a brand new server). And I had just made sure that the permissions were right.
At this point I naturally went to the no.1 problem-fix with microsoft products - but even a full reboot didn't seem to do the trick...Now what?! Checked with the local SQL-server wizards and our sysadmin guru....posted the problem on SDN5 Forum...still no luck.
After wasting too much time I (we) reached the point of desperation where you try out stuff that just doesn't make sense in trying to solve this problem - like setting up the SQL Express service to run as "Local System" instead of "Network Service". And what do you know - it paid off...all of a sudden everything worked splendidly. Still doesn't make sense to me - Network Service had full permissions for the databases....arggh.

No comments: