AutoSPInstaller is a great project that facilitates Automated SharePoint installation including Sharepoint 2010, 2013, 2016 and 2019.
Auto SP Installer provides a powerful way to deploy and configure a single-server development environment to multiple-server SharePoint farm.
During the AutoSPInstaller run, received an Access Denied error when trying to provision the root Site Collection for my new Web Application.
--------------------------------------------------------------
--------------------------------------------------------------
- Creating web applications...
- Web app "Portal" already provisioned.
- Setting up managed paths for "https://hub.1GN.local:443"
- Setting up explicit managed path "help" at "https://hub.1GN.local:443" and HNSCs...
- Done setting up managed paths at "https://hub.1GN.local:443"
--------------------------------------------------------------
- Applying object cache accounts to "https://hub.1GN.local:443"...
- Done applying object cache accounts to "https://hub.1GN.local:443"
- Checking for Site Collection "https://hub.1GN.local"...
- Creating Site Collection "https://hub.1GN.local"...
--------------------------------------------------------------
- Script halted!
Exception : System.UnauthorizedAccessException:
0x80070005Access denied.
at Microsoft.SharePoint.SPGlobal.HandleUnauthorizedAccessException(UnauthorizedAccessExceptio
n ex)
v Microsoft.SharePoint.Library.SPRequest.CreateSite(Guid gApplicationId, String bstrUrl, Int
32 lZone, Guid gSiteId, Guid gDatabaseId, String bstrDatabaseServer, String bstrDatabaseName, S
tring bstrDatabaseUsername, String bstrDatabasePassword, String bstrTitle, String bstrDescripti
on, UInt32 nLCID, String bstrOwnerLogin, String bstrOwnerUserKey, String bstrOwnerName, String
bstrOwnerEmail, String bstrSecondaryContactLogin, String bstrSecondaryContactUserKey, String bs
trSecondaryContactName, String bstrSecondaryContactEmail, Boolean bADAccountMode, Boolean bHost
HeaderIsSiteName, Int32 iDatabaseVersionMajor, Int32 iDatabaseVersionMinor, Int32 iDatabaseVers
ionBuild, Int32 iDatabaseVersionRevision, String bstrSiteSchemaVersion)
v Microsoft.SharePoint.Administration.SPSiteCollection.Add(SPContentDatabase database, SPSit
eSubscription siteSubscription, String siteUrl, String title, String description, UInt32 nLCID,
Int32 compatibilityLevel, String webTemplate, String ownerLogin, String ownerName, String owne
rEmail, String secondaryContactLogin, String secondaryContactName, String secondaryContactEmail
, String quotaTemplate, String sscRootWebUrl, Boolean useHostHeaderAsSiteName, Boolean override
CompatibilityRestriction)
v Microsoft.SharePoint.PowerShell.SPCmdletNewSite.CreateDataObject()
v Microsoft.SharePoint.PowerShell.SPNewCmdletBase`1.InternalProcessRecord()
v Microsoft.SharePoint.PowerShell.SPCmdlet.ProcessRecord()
TargetObject : Microsoft.SharePoint.PowerShell.SPCmdletNewSite
CategoryInfo : InvalidData: (Microsoft.Share...SPCmdletNewSite:SPCmdletNewSite) [New-SPSite], UnauthorizedAcce
ssException
FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletNewSite
ErrorDetails :
InvocationInfo : System.Management.Automation.InvocationInfo
ScriptStackTrace : at CreateWebApp, D:\Install\AutoSPInstaller\AutoSPInstaller\AutoSPInstallerFunctions.ps1: line
2790
at CreateWebApplications, D:\Install\AutoSPInstaller\AutoSPInstaller\AutoSPInstallerFunctions.p
s1: line 2575
at Setup-Farm, D:\Install\AutoSPInstaller\AutoSPInstaller\AutoSPInstallerMain.ps1: line 209
at , D:\Install\AutoSPInstaller\AutoSPInstaller\AutoSPInstallerMain.ps1: line 408
at , : line 1
PipelineIterationInfo : {}
PSMessageDetails :
Cause:
The default web site with an ID of 1 was removed before the script was run. There is a call within the AutoSPInstaller function where the default Web Site is stopped after adding the Managed Accounts, and because of this Security Token Service is not available causing the Access Denied issue.
Resolution:
Open IIS Manager. When the AutoSPInstaller script has finished adding the Managed Accounts into Central Admin, go to IIS and start the SharePoint Web Service web site which should have the Default ID of 1.
This will allow the Site Collection to create because the Security Token Service can verify your credentials.