In preparation of my upcoming webinar on the new features of Master Data Services 2016, I installed MDS on my system. Otherwise it would be quite hard to give demos, of course. The installation itself went quite smooth, no remarks there. I also enabled Internet Information Services (IIS) on my system, as well as a number of required prerequisites. Of course I forgot a few, but to be honest, the MDS Configuration Manager has become quite good at telling you which ones are missing.
Side note: Matt Smith has a PowerShell script in Github that will install all of the prerequisites for you!
Next I had to install and configure the MDS database, which was quite painless, as usual. But then comes the tricky part: adding the MDS website. First I created a new website using the MDS Configuration Manager, but that did not work. At all. For some reason, IIS searched for the MDS website at …\inetpub\wwwroot\MDS, instead of at the MDS installation folder in Program Files. So I deleted the website and assigned MDS to the default website. That also didn’t work, but this time I got a different error:
The error seemed quite clear: Cannot read configuration file due to insufficient permissions. Just to be sure, I added the user MDSAppPool – created in the MDS Configuration Manager for the MDS Application Pool – to the Administrators group on the machine. A brute-force solution, but since it’s on my own machine for demo purposes, I didn’t really care. Of course it didn’t work. Then I assigned full control permissions for the MDSAppPool user on the folder C:\Program Files\Microsoft SQL Server\130\Master Data Services. Didn’t work. Used the browser in Administrator modus. Also didn’t work. Checked IIS settings and discovered that Windows Authentication was not enabled. So I enable it, but the error persists. This is the point where it all starts to get frustrating. Adding MDSAppPool to the IIS_IUSRS group doesn’t work. Giving that group full control on the MDS directory either.
As a last attempt, I went directly to the web.config file and assigned MDSAppPool full control directly on that file, for which I had to pass numerous UAC verifications. But lo and behold, the MDS website worked!
Conclusion: if you encounter a permission issue on the web.config file, directly assign permissions to it for the MDS application pool user. Adding the user to the admin group does not work, for whatever reason.
I'm hosting a free webinar at MSSQLTips.com at the 19th of December 2024, 6PM UTC.…
The slides and scripts for my session "Tackling the Gaps & Islands Problem with T-SQL…
Sometimes your Microsoft Entra ID account (formerly known as Azure Active Directory) is added as…
In Azure Data Factory (ADF, but also Synapse Pipelines and Fabric Pipelines), you have a…
I wrote a piece of SQL that had some new T-SQL syntax in it: IS…
I'm very excited to announce I've been selected as a speaker for dataMinds Connect 2024,…
View Comments
Great post, thanks a lot!
I also had to grant access to the temp folder of the webapp.
Hi,
Could you please show me the changes you did to the file to assign MDSAppPool full control? Thank you!
Hello Koen,
I'm having the same issue. I have MDS 2014, not so long ago I changed the super user account through the usertable in the MDSDB database. Then I was still getting activity from this account. I noticed it was because the MDS application pool still had the old account. I changed it to the new, and I'm getting this same error.
"Failed to start monitoring changes to 'C:\Program Files\Microsoft SQL Server\110\Master Data Services\WebApplication\admin\web.config' because access is denied."
Can you please show me the changes you did to the file to assign MDSAppPool full control? Thank you!
You go to the file, go to permissions and give the account you configured for the MDSAppPool full permissions.
I misunderstood. I thought you changed some config inside the file. I changed the account running the MDS pool. I'm getting the error MDS can't access: “C:\Program Files\Microsoft SQL Server\110\Master Data Services\WebApplication\Admin\web.config" file. I managed to have the service account to own the admin folder. Now, I don't see this file at all. Any idea about this?
I have no idea. Are logged in as administrator? Maybe try an elevated command prompt?
Thank you for this post. I ran into the same problem and it helped me solve it. I did not give full permissions though, it was enough to tick "Modify" in addition to the default "read" rights.