The EXECUTE permission was denied on the object ‘proc_GetProductVersions’- Insufficient SQL database permissions for user

With SharePoint 2010 RTM production farm, the following error was being logged in application event logs with severity level Critical when users try to open some of the site administration pages. An example is Site Actions > More Options page.

Insufficient SQL database permissions for user ‘Name: <user id> SID: <GUID> ImpersonationLevel: Impersonation’ in database ‘SharePoint_Config’ on SQL Server instance ‘<DB Server>’. Additional error information from SQL Server is included below.

The EXECUTE permission was denied on the object ‘proc_GetProductVersions’, database ‘SharePoint_Config’, schema ‘dbo’.


In order to resolve the issue, I provided Execute permission to the database role “WSS_Content_Application_Pools” into the stored procedure “proc_GetProductVersions”. I performed the following steps to do this.

  1. In the database server, expand SharePoint Config database and naviage to Programmability/Stored Procedures/dbo.proc_GetProductVersions using SQL Server Management Studio.
  2. Right click on the above stored procedure and select Properties.
  3. On the popup screen, select Permissions on the left and click Search button.
  4. On the new popup screen, click Search, select [WSS_Content_Application_Pools] database role and click OK.
  5. Click OK again.
  6. On the first popup screen, select the role, check Execute permission and click OK.

There is no need to restart any services for this change to take effect.

failure trying to synch site GUID for ContentDB GUID WebApp GUID.

After performing a full farm restore from one farm to another, I noticed that the following event is being logged into application event logs in every one hour.

Event ID: 5553

failure trying to synch site <GUID> for ContentDB <GUID> WebApp <GUID>.  Exception message was Cannot insert duplicate key row in object ‘dbo.UserMemberships’ with unique index ‘CX_UserMemberships_RecordId_MemberGroupId_SID’.
The statement has been terminated..

After researching for some time I got really confused because all the online discussions talk about content database being detached and attached to a different farm without running “preparetomove” command. But what I did was a farm restore not a content database attach. The solution discussed everywhere was to run the following commands.

stsadm –o preparetomove –contentdb <GUID> –site <URL>

stsadm –o sync –deleteolddatabases 5

But reading further I realized that with SharePoint 2010, there is no longer a “preparetomove” switch with stsadm. SharePoint keeps the same GUID for any content databases attached. Then I found this post and as per the instructions in it, I ran the following command.

stsadm –o sync –deleteolddatabases 0

I waited for few hours for the User Profile to SharePoint Full Synchronization job to complete and verified that the error mentioned above has gone.

Event ID 1004, MsiInstaller: Detection of product ‘{90140000-104C-0000-1000-0000000FF1CE}’, feature ‘PeopleILM’, …

With a fresh installation of SharePoint 2010 RTM, you may find the following warning being logged into application events in event viewer.

Event ID: 1004


Detection of product ‘{90140000-104C-0000-1000-0000000FF1CE}’, feature ‘PeopleILM’, component ‘{1C12B6E6-898C-4D58-9774-AAAFBDFE273C}’ failed.  The resource ‘C:\Program Files\Microsoft Office Servers\14.0\Service\Microsoft.ResourceManagement.Service.exe’ does not exist.

The reason is, the account NETWORK SERVICE doesn’t have permission into the “Service” folder within “C:\Program Files\Microsoft Office Servers\14.0\”. This can be resolved by providing NETWORK SERVICE read/write permission into this folder. In some of the online discussions it’s mentioned that it may also require permission into SQL folder in the same location. So, instead of finding the individual folders the account needs permission to, it’s easy to provide NETWORK SERVCIE read/write permission to the parent folder “C:\Program Files\Microsoft Office Servers\14.0\”.

Document Library columns do not show up in View Properties/Edit Properties page

If you run into the issue where SharePoint 2007/2010 Document Libraries does not show some of the columns in View Properties/Edit Properties page, check if the columns are included in the default content type of the library. In order to do that,

  1. Go to document library settings > Advanced settings
  2. Select “Yes” for “Allow management of content types?” radio buttons and click OK
  3. Under the Content Types section in document library settings, click on the name of default content type (eg: “Document”) and check if the columns are present
  4. If the columns are not listed, click on “Add from existing site or list columns”, select desired columns in the list box on left, add them to list box on right and click OK.
  5. Go to advanced library settings again, select “No” for “Allow management of content types?” radio buttons and click OK.

Microsoft Announces Service Pack I for Office 2010 and SharePoint 2010

The Microsoft Office Sustained Engineering Team has announced on Monday, May 16, 2011 that the Service Pack I form Office 2010 is on track to be released late June. According to the announcements, following are some of the improvements built into Office 2010 desktop products as well as SharePoint 2010.

  • Outlook fixes an issue where “Snooze Time” would not reset between appointments.
  • The default behavior for PowerPoint "Use Presenter View" option changed to display the slide show on the secondary monitor.
  • Integrated community content in the Access Application Part Gallery.
  • Better alignment between Project Server and SharePoint Server browser support.
  • Improved backup / restore functionality for SharePoint Server
  • The Word Web Application extends printing support to “Edit Mode.”
  • Project Professional now synchronizes scheduled tasks with SharePoint task lists.
  • Internet Explorer 9 “Native” support for Office Web Applications and SharePoint
  • Office Web Applications Support for Chrome
  • Inserting Charts into Excel Workbooks using Excel Web Application
  • Support for searching PPSX files in Search Server
  • Visio Fixes scaling issues and arrowhead rendering errors with SVG export
  • Proofing Tools improve spelling suggestions in Canadian English, French, Swedish and European Portuguese.
  • Outlook Web Application Attachment Preview (with Exchange Online only)
  • Office client suites using “Add Remove Programs” Control Panel.

See Microsoft blog for more information.

Microsoft Service Pack Uninstall Tool for the 2007

Traditionally, you cannot uninstall Microsoft Office service packs without completely uninstalling the Microsoft Office products. The 2007 Microsoft Office suite Service Pack 2 (SP2) is the first service pack to support uninstalling the updates for the 2007 Office desktop products. The Microsoft Service Pack Uninstall Tool for the 2007 Microsoft Office suite (Oarpman.exe) lets you uninstall all the updates for the 2007 Office desktop products that are included in the 2007 Office suite SP2. See Microsoft Support site for more details.

Error in InfoPath forms which access SharePoint web services over a secured connection

When an InfoPath web enabled form tries to access a SharePoint web services (usually for getting user profile information, values from custom list etc.) from a web application using a secured connection (SSL), it may show the following error.

You do not have permissions to access a Web service that provides data required for this form to function correctly.

In the ULS log or Windows Event Viewer in the web front end server you will see the following error.

An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=<some text>, OU=<some text>, O=<some text>, L=<some text>, S=<some text>, C=<some text>\nIssuer Name: CN=<some text>, O="<some text>", C=US\nThumbprint: <some text>\n\nErrors:\n\n The root of the certificate chain is not a trusted root authority..

This is because, when you use SSL certificate for your web application URL, the certificate needs to be imported into SharePoint trusted root certificate store (if you are using NTLM). If you are using claims based authentication, you may need to import the certificate you used for token signing. I have explained how you can in export the certificate and import it into SharePoint trusted root certificate store in this article.