why I can't open my sharepoint site on sharepoint server - Local Access Permission in DCOM
Recently I am working on to build a SharePoint staging environment for my company. This is a brand new staging environment. So I created the AD accounts and did all those setspn, account delegation stuff. Created the sites/site collections following our build docs. It was a seemly successful drill except one issue – I can’t open the default sharepoint site on the sharepoint server – sharepoint.xyz-stage.com even though the account I log on (mossservices) is the account I use to build the entire sharepoint sites and is in local administrators group. But I can open the site from another machine. Here is some error in event viewer:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{61738644-F196-11D0-9953-00C04FD919C1}
to the user xyz-STAGE\MOSSPortalAdmin SID (S-1-5-21-3439712273-356373770-983286714-1126). This security permission can be modified using the Component Services administrative tool.
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{61738644-F196-11D0-9953-00C04FD919C1}
to the user xyz-STAGE\MOSSServices SID (S-1-5-21-3439712273-356373770-983286714-1118). This security permission can be modified using the Component Services administrative tool.
Search registry for the above CLSID {61738644-F196-11D0-9953-00C04FD919C1} – it’s point to IIS Admin and IIS WAMREG Admin
Here is what I did to fix the issue. Start-run - type dcomcnfg and browser to DCOM config and look for IIS admin service and grant administrators local access permission and did the same thing for IIS WAMREG Admin Service. Also make sure the above mentioned accounts are part of local administrators group.
I can now open the site without any issues!