Sunday, September 2, 2012

SharePoint 2013 Managed Account Error - Requested registry access is not allowed

1 comment

This is first time I came across error saying "Requested registry access is not allowed".  Error was thrown while creating managed account for User profile application.  As every SharePoint error is tied up with correlation id, was the closed to get clue about potential problem. Check below snapshot of error thrown.

Found one entry from all other  related to the issue by matching correlation id, which was signaling issue due to authentication.

Application error when access /_admin/registeraccount.aspx, Error=Requested registry access is not allowed.   at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)     at Microsoft.SharePoint.Administration.SPCredentialManager.GetMasterKey(SPFarm farm)     at Microsoft.SharePoint.Administration.SPCredentialManager.GetFarmEncryptionKey(SPFarm farm)     at Microsoft.SharePoint.Administration.SPCredentialManager.EncryptWithMasterKey(SecureString sstrPassphrase)     at Microsoft.SharePoint.Administration.SPEncryptedString.SetSecureStringValue(SecureString sstrValue)     at Microsoft.SharePoint.Administration.SPManagedAccount.Update()     at Microsoft.SharePoint.WebControls.RegisterAccountControl.BtnSubmit_Click(Object sender, EventArgs args)     at System.Web.UI.WebControls....        208dc99b-07aa-10f5-0000-0a031a12d122

After searching on the same on web, I was able to find that there is some registry entry which do not have access  rights.  Which means that while creating managed account it uses information from this registry, but as user under which managed account was created do not have access to this registy.

One can open registry using regedit command. In Registery editor go to 

HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\15\Secure\FarmAdmin

Check central  administration app pool Identity  have permission on FarmAdmin. Permission can be check on right clicking FarmAdmin --> Permissions.

After adding admin app  pool identity and giving full rights , I was able to create managed account.

Note : Wrong changes in registry might affect your system, so make yourself 100% sure before doing any changes.


Mate said...

In my case I was not able to uninstall .WSP packages in SP2013 due the CreateSolutionDeployTimerJob failed. The odd behavior was that in Central Admin I was able to see the WSP in "retracting" mode but suddenly it was in deployed mode again. Remember also to check the event viewer and not only ULS logs, the "Requested registry access is not allowed" will show up only in the event viewer. Thanks for the post!