cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Remote Web Access Is Not Allowed For Your User Account
By
sbs-team
Published Apr 04 2019 04:26 PM 936 Views
sbs-team
Microsoft
‎Apr 04 2019 04:26 PM

Remote Web Access Is Not Allowed For Your User Account

‎Apr 04 2019 04:26 PM
First published on TechNet on May 18, 2012

[Today's post comes to us courtesy of Rituraj Choudhary from Commercial Technical Support]


After Small Business Server 2011 Standard has been updated with Update Rollup 2, some users may not be able to log on to the Remote Web Access with the following error:


“Remote Web Access is not allowed for your user account. Contact the person who manages your server.”



In the "C:\Program Files\Windows Small Business Server\Logs\WebApp\RemoteAccess.log" file, you will see the following:


[12468] 120419.103511.7516: RemoteAccess: [Identity] CheckUserInGroup hit exceptions: System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at Microsoft.WindowsServerSolutions.Web.Security.SBSRoleProvider.IsGroup(String distinguishedName)
at Microsoft.WindowsServerSolutions.Web.Security.SBSRoleProvider.CheckUserInGroup(String userDn, String groupDn, List`1 processedGroups)
[12468] 120508.103511.7526: RemoteAccess: [Identity] CheckUserInGroup user:CN=April Reagan,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Contoso,DC=local. group:CN=Windows SBS Admin Tools Group,OU=Security Groups,OU=MyBusiness,DC=Contoso,DC=local
[12468] 120419.103511.8186:: RemoteAccess: [Identity] GetRolesForUser 'CONTOSO\AprilReagan': hasAccess=False, isAdmin=False, inLink=False, inAdminTools=False, allComputers=False




This happens due to the fact that some Active Directory User or Organizational Unit name contains a forward slash (‘ / ’) character. The current resolution is to remove the offending character (‘ / ’) from the name(s).


To find the offending User or OU , you may simply browse through the Active Directory Users and Computers console. If you are assisting someone, you may ask for a LDIFDE dump of the users and the Organizational Units as:

ldifde -f users.txt -d "dc=contoso,dc=local" -p subtree -r "(objectCategory=User)" -l "cn"
ldifde -f org.txt -d "dc=contoso,dc=local" -p subtree -r "(objectCategory=organizationalUnit)" -l "ou"

(In the above examples, “ dc=contoso,dc=local ” is the distinguished name of the domain; change it as per your environment)

Once you get the output, look for the user or organizational unit names with character ‘/’ in their name. Remove the character and modify it conventionally. That should take care of this issue.


In the following example, getting rid of the ‘ / ’ from the name of “Test o/u” will fix the issue:


dn: OU=Domain Controllers,DC=Contoso,DC=local
changetype: add
ou: Domain Controllers


dn: OU=MyBusiness,DC=Contoso,DC=local
changetype: add
ou: MyBusiness



dn: OU=Test o/u,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Contoso,DC=local
changetype: add
ou: Test o/u



Open Active Directory Users and Computers to rename the object and remove the ‘/’ character.


0 Likes
Like
Version history
Last update:
‎Apr 04 2019 04:26 PM
Updated by:
Labels