Article ID: 2564009 - Last Review: June 24, 2011 - Revision: 5.0

Access denied when deploying a timer Job or activating a feature from SharePoint 2010 content web application

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
Expand all | Collapse all

SYMPTOMS

You get Access Denied when you try to activate a feature in code from SharePoint 2010 web application. This error occurs whenever you try to make changes from the content applications (web front ends) to the config application (central admin application). For example web.config changes. The access denied error happens even when you wrap the code in RunWithElevatedPrivileges.
Back to the top

CAUSE

This is due to a new security feature implemented in SharePoint 2010. This feature explicitly blocks any modifications to the objects inheriting from SPPersistedObject in the Microsoft.SharePoint.Administration namespace and does not allow the content web applications to update the configuration database. This new security feature which controls the behavior is the SPWebService.RemoteAdministratorAccessDenied property in the SharePoint API. Though it can be turned off if needed but as with any security feature, you need to be really careful and perform thorough testing before you turn it off.
Back to the top

RESOLUTION

RemoteAdministratorAccessDenied is a persisted property which can be set to false to disable the feature. You can do this either in a Console app or use Powershell and then perform an IISReset.

//Console app code

SPWebService myService = SPWebService.ContentService; 
myService.RemoteAdministratorAccessDenied = false; 
myService.Update(); 


//PowerShell code

function Set-RemoteAdministratorAccessDenied-False()
{
    [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") > $null
    [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Administration") > $null

    # get content web service
    $contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
    # turn off remote administration security
    $contentService.RemoteAdministratorAccessDenied = $false
   $contentService.Update()         
}

Set-RemoteAdministratorAccessDenied-False
Back to the top
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use (http://go.microsoft.com/fwlink/?LinkId=151500) for other considerations.
Back to the top
APPLIES TO
  • Microsoft SharePoint Foundation 2010
  • Microsoft SharePoint Server 2010
Back to the top
Keywords: 
KB2564009
Back to the top