AnsweredAssumed Answered

Publishing  a service (A tale of two users)

Question asked by rtclark2 on Aug 11, 2015
Latest reply on Aug 11, 2015 by rtclark2

So i have two users; arcgis_db and AD\raclark, one can publish a service the other can not.


It all goes fine till i get to the 'service editor' screen and click 'analyze'. One user, arcgis_db comes back clean and ready to go the other user AD\raclark gets the dread 00179 error 'layers data source must be registered' however the the database i am using is registered with my ArcGIS Server site.


When i look at the server logs i see this...


Server Log


Message:Target:Machine:Code:Method Name:
The connection property set was missing a required property or the property value was unrecognized. Underlying DBMS error[[Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.No extended error.]" DataValidator.GPServerAFGIS.AD.FULLERTON.EDU-1ValidateServerDataStore.Execute



So i can not figure it out. one user can publish a service the other user can not and it stalls out when it comes to registering data with the server.


So what is about the users that is causing this?


arcgis_db is mapped to the 'public' and 'sysadmin' server roles; it is also mapped to the 'Facilities' database as 'db_owner'. So it is the dbo and and 'sysadmin'. its also SQL server authenticated login.


AD\raclark is a mapped to the 'public' server role; he is also mapped to the 'Faclities' database as 'public' and 'data_editor' role (data editor role is given SELECT, INSERT, UPDATE, DELETE privileges on each of the feature datasets / feature classes in the database). He is OS authenticated login.




SQL Server, Windows Server 2012R, drivers are current and correct, arcgis 10.3, arcgis server 10.3





It had to do with how the AGS (ArcGIS Server) account was set up. The AGS is a local account not a AD account, because of this it uses db authentication not OS authentication. And all accounts that have to register data with the server have to use the same authentication as the AGS account.


So because the AGS account (in this case) is db authentication all accounts that are going to register data with the server have to use the same db authentication method.


So since my named account was using OS it would not be able to register anything with the server.



in summary


AGS uses db authentication then the users have to use db authentication, AGS uses OS authentication then the users have to use OS authentication.


A very important point to make and consider when setting up the AGS account.