views:

463

answers:

3

After a fresh install of WSS 3.0 and creation of a new web application and site collection, I receive the following error when I navigate to the newly create site:

[COMException (0x80070005): Access is denied.
]
   System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +557
   System.DirectoryServices.DirectoryEntry.Bind() +44
   System.DirectoryServices.DirectoryEntry.get_IsContainer() +42
   System.DirectoryServices.ChildEnumerator..ctor(DirectoryEntry container) +36
   System.DirectoryServices.DirectoryEntries.GetEnumerator() +36
   Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.System.Web.IHttpModule.Init(HttpApplication app) +699
   System.Web.HttpApplication.InitModulesCommon() +124
   System.Web.HttpApplication.InitInternal(HttpContext context, HttpApplicationState state, MethodInfo[] handlers) +1162
   System.Web.HttpApplicationFactory.GetNormalApplicationInstance(HttpContext context) +312
   System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext context) +133
   System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) +196
+1  A: 

What type of install do you choose for WSS (e.g. Standalone or Farm)?

As the installation is failing on DirectoryEntry.Bind it looks like an Active Directory issue. Is everything OK with your service accounts? Have you checked Event Viewer for any errors?

Alex Angas
Standalone install.App pool is running as "Network Service"
Chris Ballance
+2  A: 

Seems to me like the application pool account does not have rights to do lookups in your Active Directory.. try running them using a domain account instead of network service.

ArjanP
+1  A: 

You should NEVER use Network Service as the app pool account, It is a user known only on themachine the site is ran on. Create an Active Directory user in your domain to run the app pool under. Then, in the Central Admin website under Operations -> Security Configuration -> Service Accounts set the new user for the app pool

Colin
@Colin: I'm pretty sure if you do a Standalone Install this is what you get and normally it works fine. There are no choices in service accounts as Standalone Install is designed for everything to be on a single server.
Alex Angas
Ok, but if the machine is operating in a domain be it stand-alone or in a farm, it still needs to be able to "talk" to the domain controller, i.e. to verify domain users logging into the website.P.S. I believe stand-alone installations are considered bad practice, and IMHO, they are. I always do a "full" install
Colin