Monday, June 15, 2009

Biztalk BAM Portal Issues

I tried to configure BAM for the first time and failed with error Access Denied 401.2.
Event code: 4007
Event message: URL authorization failed for the request.
Event time: 15.06.2009 10:21:22
Event time (UTC): 15.06.2009 08:21:22
Event ID: db49acbf6d1c42d9b3228e5e8abdf0ce
Event sequence: 2
Event occurrence: 1
Event detail code: 0

Application information:
    Application domain: /LM/W3SVC/1/ROOT/BAM-1-128895276813021664
    Trust level: BAMPortal_Minimal
    Application Virtual Path: /BAM
    Application Path: C:\Program Files\Microsoft BizTalk Server 2009\BAMPortal\

Process information:
    Process ID: 5172
    Process name: w3wp.exe
    Account name: NISHIL\Administrator

Request information:
    Request URL: 
    Request path: /BAM/Default.aspx
    User host address: ::1
    User: NISHIL\Administrator
    Is authenticated: True

I configured BAM using Administrator account as User everywhere ,even on the BAM App pool ,So for sure I knew this error is not about authentication.
What I found is in Biztalk Configuration Tool under BAM portal I had selected windows group "Role Name" ,"Bam Portal Users" as "Administrators" so that the Administrator User can easily access the portal.
But this is not correct.
I reconfigured BAM portal using "Role Name" as "Biztalk Server Administrators" and it worked fine.
Might be the group needs to be one of the Biztalk groups.Hope this post helps somebody.
Other Solutions found on google which did not work for me were
1).Adding IIS 6 Management tools for backaward compatilibity since I use Windows 2008 and IIS 7 and Biztalk 2009.
2).Changing AuthenticationProviders cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"