Problems with Office Project Server after Migration to new Domain

B

Bastian

Hello everybody,

at first some system details:

- Win2003 R2 Standard 32Bit Server
- Office Project Server 2007
- SQL Server 2005
- SharePoint Services 3.0
- W2k8 Domain

We've migrated our Project-Server some time ago to a new domain:

- Old Domain: INTERN
- New Domain: COMPANY

We've used this tutorial from Brian Smith for the migration:
http://blogs.msdn.com/brismith/arch...007-migration-from-one-domain-to-another.aspx
We had no problems with the migration and we carefully moved over the old
project-serviceaccounts from the old to the new domain (with sidHistory). The
server was running fine for 6-7 weeks.

Then an error occured while opening project web-access. So we've rebooted
the machine with the effect, that the 'project application service"
within sharepoint central administrator cannot be started anymore. Here are
some errors from the sharepoint logs:

02/02/2010 16:16:39.52 w3wp.exe (0x0598) 0x07C0
Windows SharePoint Services Topology 0 Medium
Adding INTERN\wssadmin to local group 2.
02/02/2010 16:16:39.58 w3wp.exe (0x0598) 0x07C0
Windows SharePoint Services Topology 0 Medium
Adding INTERN\wssadmin to local group 0.
02/02/2010 16:16:39.61 w3wp.exe (0x0598) 0x07C0
Project Server Project Server Provisioning 95xl Exception
System.InvalidOperationException: 1387 bei
Microsoft.SharePoint.Win32.SPNetApi32.NetLocalGroupAddMember(String
groupName, String userName) bei
Microsoft.SharePoint.Administration.SPProvisioningAssistant.AddGroupMember(String
username, Int32 group) bei
Microsoft.SharePoint.Administration.SPProvisioningAssistant.ProvisionIisApplicationPool(String
name, ApplicationPoolIdentityType identityType, String userName, SecureString
password, TimeSpan idleTimeout, TimeSpan periodicRestartTime) bei
Microsoft.SharePoint.Administration.SPMetabaseManager.ProvisionIisApplicationPool(String
name, Int32 identityType, String userName, SecureString password, TimeSpan
idleTimeout, TimeSpan periodicRestartTime) bei
Microsoft.Office.Server.Administration.SharedWebServiceInstance.CreateSharedW...
02/02/2010 16:16:39.61* w3wp.exe (0x0598) 0x07C0
Project Server Project Server Provisioning 95xl Exception
....ebServiceApplicationPool(SharedResourceProvider srp) bei
Microsoft.Office.Server.Administration.SharedWebServiceInstance.Synchronize()
bei
Microsoft.Office.Server.Administration.SharedWebServiceInstance.Provision()
02/02/2010 16:16:42.08 OWSTIMER.EXE (0x07E4) 0x0270
Office Server Office Server Shared Services 7fy6 Exception
System.ArgumentException: Der angegebene Kontoname ist ungültig.
Parametername: account --->
System.Security.Principal.IdentityNotMappedException: Manche oder alle
Identitätsverweise konnten nicht übersetzt werden. bei
System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection
sourceAccounts, Type targetType, Boolean forceSuccess) bei
System.Security.Principal.NTAccount.Translate(Type targetType) bei
Microsoft.Office.Server.Utilities.WindowsSecurity.ValidateAccount(NTAccount
account, Boolean throwIfInvalid) --- Ende der internen
Ausnahmestapelüberwachung --- bei
Microsoft.Office.Server.Utilities.WindowsSecurity.ValidateAccount(NTAccount
account, Boolean throwIfInvalid) bei
Microsoft.Office.Server.Administration.SharedAccessRule.Validate() bei
Mi...
02/02/2010 16:16:42.08* OWSTIMER.EXE (0x07E4) 0x0270
Office Server Office Server Shared Services 7fy6 Exception
....crosoft.Office.Server.Administration.SharedComponentSecurity.SetAccessRule(SharedAccessRule
accessRule) bei
Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeAccessControl(SharedComponentSecurity
02/02/2010 16:16:42.08 OWSTIMER.EXE (0x07E4) 0x0270
Office Server Office Server Shared Services 6pog Warning
Synchronization for Shared Services Provider 'PWA_SSP' has failed. The
operation will be retried. Reason: Der angegebene Kontoname ist ungültig.
Parametername: account Technical Support Details: System.ArgumentException:
Der angegebene Kontoname ist ungültig. Parametername: account --->
System.Security.Principal.IdentityNotMappedException: Manche oder alle
Identitätsverweise konnten nicht übersetzt werden. bei
System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection
sourceAccounts, Type targetType, Boolean forceSuccess) bei
System.Security.Principal.NTAccount.Translate(Type targetType) bei
Microsoft.Office.Server.Utilities.WindowsSecurity.ValidateAccount(NTAccount
account, Boolean throwIfInvalid) --- Ende der internen
Ausnahmestapelüberwachung --- b...
02/02/2010 16:16:42.08* OWSTIMER.EXE (0x07E4) 0x0270
Office Server Office Server Shared Services 6pog Warning
....ei
Microsoft.Office.Server.Utilities.WindowsSecurity.ValidateAccount(NTAccount
account, Boolean throwIfInvalid) bei
Microsoft.Office.Server.Administration.SharedAccessRule.Validate() bei
Microsoft.Office.Server.Admi

So it looks like that he still is trying to start the Project Server as user
'INTERN\wssadmin'. We've done the following without any effect:

- Checked all Users on IIS Application-Pools and reset them to the new
Domainaccount
- Checked all necessary windows services and reset them, too
- The users are still local administrators

Sharepoint still running without any problems but project wouldn't start. Is
there something which would might check? Are there
any possibilities to reinstall project with our 'old' projects in the old
database?

Thanks in advance for you help!

Best Regards,

Bastian
 
M

Martin Laukkanen

Hi Bastian,

Definitely looks like your service accounts are bad, I would check in the
following place in addtion to where you have already looked:

- SSP Service Credentials - From the Shared Services Administration page of
Central Admin, click the menu to edit your SSP.

My guess would be that it is somewhere in the SSP as if the rest of
SharePoint appears to be running unless you run Search and things like Excel
Services you might not even notice the issue. But from your configuration I
doubt you have any of those..

Failing that the relatively painless solution would be to reprovision your
PWA instance, this can be done with the same databases rather easily by just
creating a new PWA instance using those databases, preferably after
deprovisioning your old PWA instance or backup / restoring your four
databases with new names. Just when you provision the PWA instance specify
the database names that already exist.

HOWEVER, when doing that you will lose all of your workspaces and any PWA
site customisations, all of which are stored in the SharePoint content
database. One way to get around this is described in this blog post:
http://blogs.msdn.com/brismith/arch...ving-a-copy-of-production-to-test-part-2.aspx

Otherwise as your WSS is still running, using the STSADM -o EXPORT / STSADM
-O IMPORT commands to export / import all workspace sites in your content
database is another option (search technet for the full command refernece).
That will eventually get you right back where you started.

Hope that helps.
 
B

Bastian

Hi Martin,

at first thank you for your fast answer. The problem has been solved and the
solution was much easier than your advice ;-)

While finding out how to "reprovisioning" a pwa instance I've come across
how to edit my standard ssp...There I can set logon username and password...
and that's it - the old domain account was still defined there... ;-)

Sometimes I wish SSP-Centraladministration would be more comfortable and
such "hidden functions" might be avoided.

Have a nice day.

Best Regards,

Bastian
 
G

Gary Chefetz

Bastian:

You'll be delighted to know that the dreaded SSP goes away in 2010. Much
nicer!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top