SharePoint Experts, Information Architects, Expert Witness

We provide consulting in a broad array of business and technology from architecture to design to deployment of global systems with a focus on surfacing data in the enterprise. Specialists in Microsoft, we are a premier provider of SharePoint Expertise (including 2016 and Office 365). We also provide Expert Witness/Legal Expert in eDiscovery, source discovery, patent infringement, piracy and more! We also have established SICG DLDS s.a. - our counterpart in Costa Rica that specializes in water systems (http://www.crwatersolutions.com) - Contact me direct: david_sterling@sterling-consulting.com or call 704-873-8846 x704.

Search This Blog

Thursday, December 6, 2012

SharePoint BCS 2010/2013 - Login failed for IUSR account

Using the Business Connectivity service (BCS) in either SharePoint 2010 or SharePoint 2013 you may come across the message “login failed for <system>\IUsr account” when you try to display the external list in SharePoint. You may wonder why since this account has nothing to do with SharePoint (and for those of you that are not aware of this account, it is the default IIS account – used when a user is not authenticated). This is similar to the old 'double hop' issue we've had with SharePoint since 2003.

The problem is simple – when accessing data OUTSIDE of SharePoint (and not using Kerberos), it may default to the IUSR account when attempting to access the data.

The best fix is to ensure that all services are properly assigned and that the SharePoint Web Services are not running as Local System. However, a quick fix (or until you find the proper one) is to simply grant the IUSR account access to the data source (or database).

By default, the IUSR account is designated by the system name (as a local account); for example server1\iusr. However, you will find that you cannot add the account that way in SQL Server – instead, use NT AUTHORITY\IUSR and you’ll be able to add it. Be sure to grant the proper permissions in the database in question and also grant public access to the master database.

After adding, return to SharePoint and refresh – all should be good!

No comments: