Make sure your Database Access account is an admin on the central administration server, otherwise you’ll get access denied errors when trying to create new web applications. This is because the db access account won’t have the ability to edit the metabase. Oh, and this bubble up by MOSS saying that you, the logged in user doesn’t have access, which is completely inaccurate, especially since I was a Farm Administrator. In addition you’ll see the error message listed below in the Application event logs.
Log Name: Application
Source: ASP.NET 2.0.50727.0
Date: 3/18/2008 10:58:42 AM
Event ID: 1309
Task Category: Web Event
Level: Warning
Keywords: Classic
User: N/A
Computer:Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 3/18/2008 10:58:42 AM
Event time (UTC): 3/18/2008 3:58:42 PM
Event ID: c59d97a1bbf8405cba1d837292259be4
Event sequence: 4767
Event occurrence: 8
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/236168797/ROOT-1-128503227503346172
Trust level: WSS_Minimal
Application Virtual Path: /
Application Path: C:inetpubwwwrootwssVirtualDirectories37466
Machine name:
Process information:
Process ID: 3720
Process name: w3wp.exe
Account name:
Exception information:
Exception type: COMException
Exception message: Access is denied.Request information:
Request URL: http://:24055/_admin/extendvs.aspx
Request path: /_admin/extendvs.aspx
User host address: fe80::e48a:75aa:9034:9106WSS_Minimal
User:Is authenticated: True
Authentication Type: NTLM
Thread account name:Thread information:
Thread ID: 9
Thread account name:Is impersonating: False
Stack trace: at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.HandleAccessDenied(Exception ex)
at Microsoft.SharePoint.ApplicationRuntime.BaseApplication.Application_Error(HttpApplication app)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorAppHandler(Object oSender, EventArgs ea)
at System.Web.HttpApplication.RaiseOnError()
I hate having service accounts admins on boxes.