Jack of all that is Microsoft, Master of None

July 24, 2008

Got Long MOSS Service Account Names?

Are you planning on creating and using some long-named MOSS service accounts?  Maybe something like TestMOSSMySiteAdmin01 or TestMOSSSSPAppPool01?  Well if you do, then take note – I’ve had two separate occasions where I have an AD account with more than 20 characters as the username, and MOSS isn’t happy about it.  I ran across this a while ago at a client site and thought it was something wrong with their environment, and let it slide… but my buddy and fellow B&R colleague Mr. Bob Fox ran into this yesterday, and was quite surprised that this happens.

So here’s the deal…

You’ve got your account, ‘TestMOSSMySiteAdmin01’ – you go and create it in Active Directory, typically by just specifying the Full Name & User Logon Name, and your screen looks something like this:

 

 

 

 

 

 

 

 

 

 

 

 

 

Notice a couple of things here:

§  The user logon name is exactly what I want – the full account name.

§  But the ‘User Logon Name (per-Windows 2000) has been truncated by one character (character #21)

So now we hop over to our MOSS environment, as we want to bring up a new Web Application for our MySites, and use this account.  We run through the typical web app setup, and specify the full username:

 

 

 

 

 

But when we submit this information, we get a username/password combination error:

 

 

Event thought I’ve entered everything correctly. 

So after ripping my hair out, this is where the Active Directory account’s User logon name (pre-Windows 2000) comes into play.  From what I can tell, this is what MOSS is using when you input a username – so in this case, I have to truncate the name of my service account in the web application setup form:

 

Notice that I had to cut off the last number – to match what AD was showing.  Now, when I submit this, my web application gets created properly.  And to verify that it took the shortened name, I open up IIS, and voila – using the truncated account logon name:

 

 

 

And while I’m running Server 2008 with IIS7, I have confirmed this is the same on Server 2003 with IIS6. 

So in the end, the moral of the blog post is that whenever you can, keep your service account names to under 20 characters.  If you can’t beware of this issue.

-Chris

Technorati Tags:
, , , ,

Advertisements

4 Comments »

  1. There is a workaround for this, use the account name in the following format: TestMOSSMySiteAdmin01@brandsolutions.com

    Regards,
    Marten

    Comment by Marten Ataalla — November 18, 2008 @ 2:24 am

  2. Chris,

    It’s kind of funny that Microsoft would have the SharePoint solution use the sAMAccountName rather than the UPN when it’s passing credentials. Haven’t figured out why they’re using the old school stuff when we live in the 2003+ era.

    Nice post nonetheless as a reference for the kids that don’t realize that there is a character limitation on the sAMAccountName.

    Cheers,
    du

    Comment by Dan Usher — January 18, 2009 @ 2:15 pm

  3. Monday’s drop rebounded from an intraday low
    of 1739. Our report has found that the point-of-care segment constitutes a major part
    of the total IVD services industry. Trading stocks online can
    be very lucrative, but it is a risky business so you need
    to make sure you take all the precautions possible.

    Comment by http://kiso.sys.eng.shizuoka.ac.jp/ — March 27, 2014 @ 5:19 am

  4. Right here is the perfect website for everyone
    who wants to understand this topic. You understand a whole lot its almost hard
    to argue with you (not that I really would want to…HaHa).
    You certainly put a brand new spin on a topic which has been written about for a long time.
    Great stuff, just great!

    Comment by Zelda — October 8, 2014 @ 8:42 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: