Hi,

I'm trying to get Excel Web Access to work on Sharepoint and I think
that my error has to do with an IIS security setting, but I'm not entirely
sure.

Failure scenarios:
a) Adding an Excel Web Part on a web part page reports "Excel Web
Access: An error has occurred", and
b) viewing an excel file in a browser reports "A registry error
occurred."

Relevant sharepoint configuration:
1. The document library is set up as a trusted location (Central admin
2. Excel Calculation Services is running (Central admin > Operations >
Services on server > Excel Calculation services = started).
3. Something else I'm missing maybe??

Troubleshooting taken:
A log file on the server (C:\Program Files\Common Files\Microsoft
Shared\Web Server Extensions\12\LOGS\MOSS-20090525-1413.log) whose
location was determined from the Sharepoint central administration
(Sharepoint central admin -> Operations -> Diagnostic Logging -> Trace
Log path) reveals a clue: "Failed to add webpart http%25<snip>Excel
%2520Web%2520Access.  Exception System.InvalidOperationException:
There is an error in XML document (1, 106). --->
System.Security.SecurityException: Requested registry access is not
allowed. at System.ThrowHelper.ThrowSecurityException
(ExceptionResource resource)     at
Microsoft.Win32.RegistryKey.InternalOpenSubKey(String name,
RegistryKeyPermissionCheck permissionCheck, Int32 rights)     at
Microsoft.Win32.RegistryKey.OpenSubKey(String name,
RegistryKeyPermissionCheck permissionCheck, RegistryRights rights)
at Microsoft.Office.Excel.Server.ExcelServerRegionalSettings. <>
c__DisplayClass4.<GetInstalledUICultures>b__3()     at..." which
suggests to me that something is trying to read from the registry with
unauthorized privileges. I don’t know if I’m missing an IIS or
Sharepoint configuration step, but this seems to be the root of the
problem.

Solution attempted:
I'm somewhat unsure which user needs privileges to where
exactly. Googling suggests giving ASPNET or NETWORK SERVICE read
permission to the registry node HKEY_LOCAL_MACHINE\SYSTEM
\CurrentControlSet\Services\Eventlog. In our server, in IIS Manager ->
Application Pools -> ShareServices1 -> Properties -> Identify the user is
NETWORK SERVICE, so maybe that's the right user. In IIS Manager ->
Application Pools -> SharePoint - 7777 -> Properties -> Identify (note our
SharePoint deployment is on port 7777, so this application pool might be of
interest) the user is ADMINISTRATOR. I have tried giving Full Control rights
to all of NETWORK SERVICE, ASPNET, and ADMINISTRATOR to that registry node to
no avail. Am I on the right track? Is definitely a security related problem?

Thanks for your help,

Tim Partridge

Solved:

Since the registry error was very vague (“Registry access denied”), we ran
Regmon on the server and logged for errors. Then we reproduced the error in
Sharepoint (selected “View in browser” from the dropdown menu of an Excel
spreadsheet from the Sharepoint documents library) and Regmon was able to
report which registry node was denying read access to Sharepoint. I don’t
remember exactly which one, but the procedure of running Regmon to determine
which registry node read was failing is a general solution to problems where
Sharepoint reports “Registry access denied.” Permitting NETWORK USER to read
the node eliminated the problem. It seems so logical now!

status code 200 logged in log file
Single Sign On Intranet Windows Username Authentication (ASP.NET)
IIS
IIS 6 AUX command - is it patched?
Certificate Options
2003/IIS6 Permissions maze.....
Securing virtual directories
Logs in Windows Server
Issue with username set to Guest instead of client username
View Contents of an old CRS file