Microsoft KB Archive/238372

= Publishing Project Fails to Replicate Because of User-Level Authentication Problem =

Article ID: 238372

Article Last Modified on 10/23/2000

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition

-



This article was previously published under Q238372



SYMPTOMS
If you have permissions to operate a project, the project files may fail to replicate. When you use either Microsoft Management Console (MMC) or the HTML-based Web Administration (WebAdmin) tool for Microsoft Membership Server that is included with Site Server 3.0, the CrsDemo project fails to start. This returns a red aborted report on the CrsSourceSystem. The project status is listed as "Running," and then is immediately changed to "Completed."

The project may fail to replicate the next time that you start the project with project-level authentication configured. When you view the security log with auditing configured on the CrsEndpointSystem, you may receive the following error message:

Event ID 529: Logon failure, crs user, ...invalid username or password.



CAUSE
Project-level authentication fails with event 529 because of a problem that involves the MMC Site Server Administration Content Replication System (CRS) publishing snap-in. When you configure the project-level authentication account from the Security tab, the user value is saved in the following registry value:

SOFTWARE/Microsoft/CRS/Projects/ProjectName/username

However, this does not save the password value in the same project key. This results in the authentication failure when you attempt to operate the project.

NOTE: Project-level authentication operates successfully with a user account that has no password. This configuration operates with project-level authentication because you do not need to provide a password value.



WORKAROUND
To work around this problem, you can use the default CRS publishing authentication account. Under this account, authentication takes place when you set the correct password.

To successfully implement authentication, perform the following steps:
 * 1) From the Site Server Administration MMC, click Publishing Properties, and then click Advanced.
 * 2) On the Advanced tab, click Default Authentication Account.
 * 3) Provide an account that has full administrative privileges for the file replication resources.
 * 4) From the MMC, click Projects, click ProjectName, and then click Properties.
 * 5) On the Properties tab, click Security.
 * 6) Leave the project-level authentication account user name and password blank.

You can also assign operator security permissions to allow the user to operate a project. You must assign these permissions on the source and endpoint systems. The user can log on and perform operations with the project. You must also assign read, write, and create permissions to the files and folders located on the source system that are associated with the project. You cannot access projects that you do not assign permissions to. Also, you must assign the user "log on locally" privileges to operate the project on a system. By default, only administrators have this privilege on Domain Controllers.

The CRS default authentication account allows the project files to replicate. The CRS publishing service uses the configured credentials to impersonate. As a result, if this account has administrative privileges on the source and target system, access is available for replication based on the permissions available for that account.



STATUS
Microsoft has confirmed that this is a problem in Site Server version 3.0.

Keywords: kbbug kbpending KB238372

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.