I have a problem, that I no longer can access Central Administration Website, only the Sharepoint itself.
I was running installation of Sharepoint 2010 Server with administrative account ImTheAdmin, who is a Domain Admin in the MYDOMAIN domain. Using ImTheAdmin I installed Sharepoint 2010 on one of the Windows 2008 R2 member servers. Besides that, I made ImTheAdmin the primary administrator of the Sharepoint. ImTheAdmin became the only user of this Sharepoint 2010 server after installation.  I installed everything on one box with default installation settings. I used builtin SQL server, not Standard or Enterprise.
What then happened is:
Using ImTheAdmin account, I opened Central Administration Website, and it said, that I need to change the Farm Account, as the account for Farm was the default one (I think it was network service).
So I created a regular domain user in AD Users and Computers called MYDOMAIN\SPFarmAccount.
Then using IE, I went to the Central Administration Website page, which is meant for changing farm account usernames. I put in MYDOMAIN\SPFarmAccount down in to the form of Central Administration Website, added the check mark, that it would react to password changes, and pressed Change.
Browser worked for a while, and after that nothing seemed to work. Neither my Sharepoint, nor Central Administration website. When going to Central Administration Website, it kept returning error: Can't access configuration database.
Then I went to do multiple things to fix this. Went to command prompt, ran stsadm -o updatefarmcredentials -userlogin MYDOMAIN\SPFarmAccount -password password, restarted IIS with iisreset -noforce, restarted Sharepoint SQL server database.
After that I regained access to the regular Sharepoint website, but Central Administration Website keeps asking me for a password. I try it with ImTheAdmin, trying it with MYDOMAIN\SPFarmAccount -- to no avail.
Help.

Hi,

check the application pool account for the central admin, also try to disable the loopback

Thanks for a reply.

I went to the IIS Manager, expanded the Application Pools node, and I see there:

Name Status .NET Managed Identity
Sharepoint Central Administration v4 Started v2.0 Integrated MYDOMAIN\SPFarmAccount

So I think it's alright.

 

Sorry, I don't know how to disable loopback. Is this a registry tweak like in:  http://support.microsoft.com/kb/926642/en-us ?

As I haven't changed anything, I still have this problem. Any more ideas?

Now I'm thinking, maybe a problem is that I had installed Sharepoint Foundation 2010, then used Add/Remove programs to remove it, and then I installed Sharepoint Server 2010?

I managed to get access to the Central Administration Website by using the local administrator account of that Windows Server! Yahoo! At least I can see something and configure now...

Now it all came down to the problem, that in Central Administration, I can't access Configure Service Accounts link.

A new page opens:

Error

 

The specified user or domain group was not found.

 

Troubleshoot issues with Microsoft SharePoint Foundation.

Correlation ID: aca9d18c-a984-41ad-a748-396ff9959236

Date and Time: 9/6/2010 3:58:01 PM

 

By the way, why it says Microsoft Sharepoint Foundation, when it's Sharepoint Server 2010, that I have installed.

 

Hi, you have to access it by the farm account , try to figure the farm account and access the site by it

Hi ,

check these links it could be useful for you to diggin with your error regarding the ID

http://sharepoint.microsoft.com/Blogs/GetThePoint/Lists/Posts/Post.aspx?ID=353

http://www.wictorwilen.se/Post/Working-with-SharePoint-2010-Correlation-ID-in-PowerShell-and-code.aspx

Hi,

Best to start over fresh.

The farm account (=timer account) needs all kinds of rights on IIS, databases, local file system etc. You can try to grand it manually every time you bump into an issue, but it'll cost you more time and frustration than installing fresh (and learning as you go)

Everyone starts with a high level account for the first setup, you want to see it work asap, right ;-)

If you have not already found this, start here, (http://technet.microsoft.com/nl-nl/sharepoint/ee518643(en-us).aspx)

good luck.

 

 

I see...

Just to inform you, what I found with regards to the GUID:

 

Name=Request (GET:http://vm4:29469/_admin/FarmCredentialManagement.aspx) [w3wp] [SPUpgradeSession] [DEBUG] [2010.09.06 17:54:25]: CanUpgrade [SPContentDatabase Name=SharePoint_AdminContent_63dd5e9f-6eae-433...] returned: True. [w3wp] [SPUpgradeSession] [DEBUG] [2010.09.06 17:54:25]: NeedsUpgrade [SPContentDatabase Name=SharePoint_AdminContent_63dd5e9f-6eae-433...] returned: False. [w3wp] [SPUpgradeSession] [DEBUG] [2010.09.06 17:54:25]: IsBackwardsCompatible [SPContentDatabase Name=SharePoint_AdminContent_63dd5e9f-6eae-433...] returned: True. Site=/ Constructed a new async cache named Profile Property Cache The SPPersistedObject with Name User Profile Service Application, Id 1e997717-8092-4e12-86dd-037bcd4396b9, Parent a44e79c6-2c30-4c54-9fd3-028eeb52bc88 failed to initialize with the following error: Microsoft.SharePoint.SPException: The specified user or domain group was not found. ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.     at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)     at System.Security.Principal.NTAccount.Translate(Type targetType)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedSuffix)     --- End of inner exception stack trace ---     at Microsoft.SharePoint.Adminis... ...tration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedSuffix)     at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromFullName(String fullName)     at Microsoft.SharePoint.Administration.SPAce`1.GetBinaryId(UTF8Encoding encoding)     at Microsoft.SharePoint.Administration.SPAce`1..ctor(String principalName, String displayName, Byte[] securityIdentifier)     at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, Byte[] securityIdentifier, T grantRightsMask, T denyRightsMask)     at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)     at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.InitializeAcl()     at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStorePro... ...vider persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state) Exception occured while connecting to WCF endpoint: Microsoft.SharePoint.SPException: The specified user or domain group was not found. ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.     at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)     at System.Security.Principal.NTAccount.Translate(Type targetType)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedSuffix)     --- End of inner exception stack trace ---     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedSuffix)     at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromF... ...ullName(String fullName)     at Microsoft.SharePoint.Administration.SPAce`1.GetBinaryId(UTF8Encoding encoding)     at Microsoft.SharePoint.Administration.SPAce`1..ctor(String principalName, String displayName, Byte[] securityIdentifier)     at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, Byte[] securityIdentifier, T grantRightsMask, T denyRightsMask)     at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)     at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.InitializeAcl()     at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state)     at Microsoft.Share... ...Point.Administration.SPConfigurationDatabase.GetObject(Guid id, Guid parentId, Guid type, String name, SPObjectStatus status, Byte[] versionBuffer, String xml)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.FetchObject(Guid id)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid id, Boolean checkInMemoryCache, Boolean checkFileSystemCache)     at Microsoft.SharePoint.SPConnectedServiceApplication.get_ApplicationAddresses()     at Microsoft.SharePoint.SPServiceLoadBalancer.<get_EndpointAddresses>d__0.MoveNext()     at Microsoft.SharePoint.SPRoundRobinServiceLoadBalancer.GetEndpoints(IEnumerable`1 applicationAddresses)     at Microsoft.SharePoint.SPRoundRobinServiceLoadBalancer.BeginOperation()     at Microsoft.Office.Server.UserProfiles.Moss... ...ClientBase`1.get_Channel()     at Microsoft.Office.Server.UserProfiles.MossClientBase`1.ExecuteOnChannel(String operationName, CodeBlock codeBlock)     at Microsoft.Office.Server.UserProfiles.ProfilePropertyServiceClient.ExecuteOnChannel(String operationName, CodeBlock codeBlock) UserProfileApplicationProxy.InitializePropertyCache: Microsoft.Office.Server.UserProfiles.UserProfileException: The specified user or domain group was not found. ---> Microsoft.SharePoint.SPException: The specified user or domain group was not found. ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.     at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)     at System.Security.Principal.NTAccount.Translate(Type targetType)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedSuffix)     --- End of inner exception stack trace ---     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderM... ...anager.GetProviderUserKey(String encodedSuffix)     at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromFullName(String fullName)     at Microsoft.SharePoint.Administration.SPAce`1.GetBinaryId(UTF8Encoding encoding)     at Microsoft.SharePoint.Administration.SPAce`1..ctor(String principalName, String displayName, Byte[] securityIdentifier)     at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, Byte[] securityIdentifier, T grantRightsMask, T denyRightsMask)     at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)     at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.InitializeAcl()     at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider persistedStoreProvider, G... ...uid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid id, Guid parentId, Guid type, String name, SPObjectStatus status, Byte[] versionBuffer, String xml)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.FetchObject(Guid id)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid id, Boolean checkInMemoryCache, Boolean checkFileSystemCache)     at Microsoft.SharePoint.SPConnectedServiceApplication.get_ApplicationAddresses()     at Microsoft.SharePoint.SPServiceLoadBalancer.<get_EndpointAddresses>d__0.MoveNext()     at Microsoft.SharePoint.SPRoundRobinServiceLoadBalancer.GetEndpoints(IEnumerable`1 applicationAddresses)     at Mic... ...rosoft.SharePoint.SPRoundRobinServiceLoadBalancer.BeginOperation()     at Microsoft.Office.Server.UserProfiles.MossClientBase`1.get_Channel()     at Microsoft.Office.Server.UserProfiles.MossClientBase`1.ExecuteOnChannel(String operationName, CodeBlock codeBlock)     at Microsoft.Office.Server.UserProfiles.ProfilePropertyServiceClient.ExecuteOnChannel(String operationName, CodeBlock codeBlock)     --- End of inner exception stack trace ---     at Microsoft.Office.Server.UserProfiles.ProfilePropertyServiceClient.ExecuteOnChannel(String operationName, CodeBlock codeBlock)     at Microsoft.Office.Server.UserProfiles.ProfilePropertyServiceClient.GetProfileProperties()     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.RefreshProperties(Guid applicationID)     at Microsoft... ....Office.Server.Utilities.SPAsyncCache`2.GetValueNow(K key)     at Microsoft.Office.Server.Utilities.SPAsyncCache`2.GetValue(K key, Boolean asynchronous)     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.InitializePropertyCache() User Profile Application Proxy failed to retrieve partitions from User Profile Application: Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException: No User Profile Application available to service the request. Contact your farm administrator.     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_ApplicationProperties()     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_PartitionIDs()     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.IsAvailable(SPServiceContext serviceContext) User Profile Application Proxy failed to retrieve partitions from User Profile Application: Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException: No User Profile Application available to service the request. Contact your farm administrator.     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_ApplicationProperties()     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_PartitionIDs()     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.IsAvailable(SPServiceContext serviceContext) User Profile Application Proxy failed to retrieve partitions from User Profile Application: Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException: No User Profile Application available to service the request. Contact your farm administrator.     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_ApplicationProperties()     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_PartitionIDs()     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.IsAvailable(SPServiceContext serviceContext)

User Profile Application Proxy failed to retrieve partitions from User Profile Application: Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException: No User Profile Application available to service the request. Contact your farm administrator.     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_ApplicationProperties()     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_PartitionIDs()     at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.IsAvailable(SPServiceContext serviceContext)

Also, after running:

stsadm.exe -o updatefarmcredentials -userlogin MYDOMAIN\SPFarmAccount -password mypassword

I also started getting The specified user or domain group was not found.

 

It's very strange, because I can easily login with MYDOMAIN\SPFarmAccount to any computer.

Rob_H's offer is very tempting, thanks, but I still have some time, and I want to spend troubleshooting. Otherwise, you never know, when you fall into this same pitfall when in production.

My update worked successfully.

All I needed to do was:

1) Register the account as a managed account

2) Go to the Configure Service Accounts page and Select the Farm Account and set the new managed account

4) Reboot the SP2010 server.
I did try restarting the Central Admin app pool but there was no difference.

It was failing before the reboot with the same error you were receiving "Can't access configuration database."

When I ran process monitor it showed that there were access denied error when the w3wp process was accessing the registry keys for the configdb and Office Server\14.0 areas. When I checked the new farm account had been added to the WSS_Admin_WPG group so it had access on the registry keys already. My guess is the reboot fix its security token, there is probably a service you can restart like the timer service to get it to work so you might want to try that.

Also, my change was done on a single server 2010 environment (1 SP2010 box and 1 SQL server) so there may be a difference if you have multiple SP2010 servers.

When it all worked, what I did not do, is item (1). I went straight to Configure Service Accounts. The SPFarmAccount has become a Managed account automatically. Maybe that's where the problem is?

I don't think restarting a service would help, as I have rebooted machine a number of times already.

 

So the current situation is like this:

I can only run Central Administration website using local server administrator account.

When in Central Administration, these two links throw me an error:

Configure Service Accounts

and

Manage Service Applications.

• Edited by MD_Post Tuesday, September 07, 2010 6:33 AM

Found one place already where I got it wrong...

I went to SQL Management studio, and got a look what kind of permissions does MYDOMAIN\SPFarmAccount have on the database. And it seems that because I had renamed my farm account before (RENAMING! THAT'S WHAT I DID WRONG!), I had an old unrenamed account written in User Mapping for database User Profile Service Application_SyncDB_GUID. Changed it to what it has to be.

Restarted server.

Same problems remaining. Rob_H seems to be more right than ever (start over ;)... I'll spend some more time though.

What is also interesting, that not only cannot I get to the Configure Service Accounts or Manage Service Applications pages, but in Sharepoint 2010 Management Shell I get this:

PS C:\Windows\system32> Get-SPServiceApplication

Get-SPServiceApplication : The specified user or domain group was not found.

At line:1 char:25

+ Get-SPServiceApplication <<<<

    + CategoryInfo          : InvalidData: (Microsoft.Share...viceApplication:

   SPCmdletGetServiceApplication) [Get-SPServiceApplication], SPException

    + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletGetServiceApplication

Ok, and so I fixed the bigger part of my issue the: The specified user or domain group was not found. problem.
Actually it really was because I have created a new farm account by a new name, and then tried to reassign it Farm Account role. Something must have gone wrong in the process.
So this is how I fixed it:
I temporarily created a user in active directory with the old username SPOldFarmAccount. And all started to work:
Get-SPServiceApplication
Configure Service Accounts
Manage Service Applications
Then, while I have this old account, I did this:
stsadm -o updatefarmcredentials -userlogin POST\SPNewFarmAccount -password mypassword
iisreset /noforce
And I could delete the user from Active Directory with the old username for good. Everything kept working.
Looks nice, but...


My initial problem, that I can't access Central Administration by my Farm Account, or the domain user that installed the sharepoint, remains. I only can access it by a local Administrator account of the sharepoint machine.

Oops... My Sharepoint failed again...

I just ran the "SharePoint 2010 Products Configuration Wizard" hoping that it would upgrade the Sharepoint with the Installed Windows Update patch, that is awaiting, and it failed with the very same User Not Found. And all the other three (Get-SPServiceApplication, Central Admin->Configure Service Accounts, Central Admin->Manage Service Applications), started to fail again on me.

 

 

Recreated the old farm account user, and ran the product configuration wizard successfully...

Oops... I wrote all these answers by my other Windows Live ID...

Looks like accessing Central Administration Website by a user account, which installed Sharepoint is worked around in a very easy way: in Internet Explorer I disabled Integrated Windows Authentication, and the Central Administration Website opened easily. Why is it so? What should I do, in order to access it WITH Integrated Windows Authentication on?

Hi MD,

Seeing the threat still open i'm adding another cent.

To answer your question: start over. 

I think you are looking in the wrong direction. The setup is broken and changing IE settings give you different errors then before. This has nothing to do with a solution, just seeing different errors witch are symptoms of earlier mistakes. 
 
Somewhere above you stated that you wanna investigate this so you can later help a production environment. This will never happen in a production environment (i hope) because the first thing you should do is install and configure it correctly.

The timer service account (the farm account nowadays) is to important in to many places to mess about with and think you got it fixed. You'll introduce more errors than you solve.

Again, just my cent in the bucket.  

 

Also, if you are using Kerberos authentication, check that there are SPN's in place for the new account.

go to a DC, open ADSIEDIT and browse to the new service account.

Under serviceprocessname make sure there is an entry for the SQL server: MSSQLsvc/<sqlsvrname fqdn>:1433

where <sqlsvrname fqdn> is the fully quallified domain name of your SharePoint SQL server (server.domain.com).

- Jake.

I had a similar issue.  I solved it with the following steps:

 

1) Opened IIS Services Manager

2) Clicked on Application Pools

3) Found SharePoint Central Administration v4

4) Changed the Identity back to Network Service

5) Went back to my Central Administration Web Page and refreshed it.  Viola!  I have access again

 

Hope this helps.

 

• Proposed as answer by Hemendra AgrawalMVP, Moderator Thursday, November 29, 2012 11:55 AM
• Marked as answer by Hemendra AgrawalMVP, Moderator Tuesday, September 03, 2013 11:38 AM

a bit late, but I had the same issue.

Simply rerun PSCONFIGUI to apply new credentials where applicable. Everything works fine for me.

hth

Thanks a lot you saved my life ! ;)

Thanks that work...

Thank! It works for me..