Home » Microsoft Technologies

Access Denied by Business Data Connectivity

I am working on setting up an External Content Type in SPD2010.  The error occurs when trying to add a connection to an SQL database.  I am supplying the Database Server, Database Name, and selecting Connect With User's Identity.

22 Answers Found


Answer 1

Does the user account you're using to make the connection have rights to the SQL DB that you're connecting to?

Answer 2

Yes, I logged into the SQL database  using Windows Authentication on my PC using my account.

Answer 3

That does not happen to me, but these things are usually caused by permissions (or lack thereof) whether it be on the SharePoint side or SQL side.

Answer 4

>>Yes, I logged into the SQL database  using Windows Authentication on my PC using my account

Can you login as an admin to the SQL Server, then go to the Security | Logins | <your-user-name> and check the database mapping and the correponding permissions applied (db_admin etc.,)

Answer 5

Hey guys

Ive just been looking at this issue as we have been having it as well, I think ive found the culprit but im not too sure of a resolution yet.

If you open up the external  content type  in SP Designer you will see a tab of permissions. In the list is the user that created the content  type, there are no other users  allowed access. Im not too sure how to add  to this list yet but i will post when ive sorted it out.

So basically creating an external content type (or at least the way both of us did) only allows access  for the current user by default.

Hope this helps


Answer 6

Based on what ive found this may be a bug in the beta. The link below says there should be a link to edit the permissions of the ECT i dont seem to have this option.


Hope this helps

Answer 7

Double check that you don't have that link.  I thought the same thing, that my link was missing in SPD and it might be a bug.  But the article says go into Central Administration > Manage Service Applications and click on your BCS application.  From there you can see a list of external  content types.  The context menu for each of them has an option "Set Permissions."  

From there you have the standard people picker and can select what groups to give BCS permissions to.  I added a second user and was able then to access  the External List as that user.

Answer 8

Yes, I had to do what aroder just said.  I added these users  in Central Admin within the BCS service application itself.

Answer 9

The error  I am getting is when I am initially trying to setup an external  content type  in SPD2010.  I can't even save it.  From what I am seeing, setting  the permissions gets done after the external content  type is created.

Answer 10

Problem solved.  Whomever was logged into SPD2010 had to be added as a user on the Business Data Connectivity Application Service.  Once this was done, I was able to create the External Content Type.

Answer 11

Tried Joe's last solution. Does not work in Foundation.

Answer 12

I am experiencing the same issue in the following scenario.

One Web Front server  with SharePoint Server 2010
One SQL 2008 Server (here I have created an extra database  (Coffee) which I want to connect  to via an external  content type)

In SPD 2010:

- I create an external content  type

- For Authentication mode on the connection  in the external content type  I choose BDC Identity (meaning the service running the BDC will be the one connecting to the external datasource, not the current user, sort of running with elevated priveleges I guess). MS refers to this as RevertToSelf on technet.

- I create all operations and hit save.

- I create the external list and saves. Everything works fine.

I then hit the external list from the browser and ends up with the following: "Cannot connect to the LobSystem (External System)" when surfing from my client and "Access denied  by Business data  Connectivity" when surfing from the server.

If I look at the external content type in Central Administration under Set Permissions only one user (me, who is the Site Collection Administrator for the site that i connected to in SPD) has permissions. 

add  the service account for the BCS Service application, thinking that guy must have permissions to execute, since he is the one authenticating the connection (see above).

Problem remains the same.

A look in the event viewer:
Could not open connection using 'data source=mydatasource;initial catalog=Coffee;integrated security=SSPI;pooling=true;persist security info=false;connect timeout=60' in App Domain '/LM/W3SVC/1068680523/ROOT-1-129114486771613688'. The full exception text is: Cannot open database "Coffee" requested by the login. The login failed.
Login failed for user 'mybcsserviceaccount'.

A look in the database:
mybcsserviceaccount has no permissions in my Coffee-database.

I manually set mybcsserviceaccount to dbowner in my Coffee-database, and it works like a charm!

But this is clearly not how it's supposed to work (I guess), but currently the only way I can access  the data through my external list.

Or maybe this is the way you have to tweek it when using BDC Identity (RevertToSelf) or User's Identity??
The backend I guess must somehow be aware of the accounts messing with it's data....


Answer 13

I ended up having to setup a Secure Store Identity with a user that had access  to the DB, then I added my domain users  group under the "set permissions" on the external  connector - and everyone is able to access the BDC.



Answer 14

I agree with Joe:

Whomever was logged into SPD2010 had to be added as a user on the Business Data Connectivity Application Service.  Once this was done, I was able to create the External Content Type.

This worked for me.



Answer 15

dear all.. i have related problem with different error  mesg

when i click new external  content type, and type  the server  and dbname and optional name

i get this mesg

The BDC Service application Business data  Connectivity is not accessible. The full exception text is: Method not found: 'Void Microsoft.BusinessData.Infrastructure.AccessDeniedException..ctor(Microsoft.BusinessData.Infrastructure.IAccessControlList, System.Type, System.String, Microsoft.BusinessData.Infrastructure.IExceptionHelper)'.

same in event viewer.. can someone help me with this?

admin is on BDC, created new BDC service, admin is on all sql  server and my database  that i connect  to..

nothing worked 4 me. !!

appreciate your fast responce


Answer 17

i fixed it... thanks... by going in the BCS service and adding administrator from the permissions in the ribbon...

this worked.. thanks..


Answer 18

Hi Joe .

you should go to central administration>application management>manage service applications>Business data  connection service>manage :

   then choose your external  content type, and then go to set object permissions after that add  your user account and then choose the permissions you want to assign to your user , i recommend you choose all of them .

you should restart you should restart your iis after that .

hope it'll help you and sorry for my english !


Answer 19


After adding the user as suggested by Adam, We have to specify that atleast one user is having "Set Permissions".



Answer 20

I have this exact same problem but can't set any object permissions from Central admin because there are NO external  content types there.  How did you add  a user to the service?


Answer 21

See this post Access denied  by business  data connectivity

Answer 22

My problem was not having configured the secure store service which is needed.


Hi All ,

 I have created Business Data Connectivity Model Project.Then I builded &Deployed it.

When I try to click My External Content Type List I am getting the below Message

" Access denied by Business Data Connectivity ".Please suggest me the solution

With best tRegards,




Creating an external BDC list, from within sharepoint is no problem . I know about the BDC permissions that need to be set in the Central Admin aswell.

I tried to do the same with VS2010 and when deploying i'm getting this nasty error : Access Denied by Business Data Connectivity . (see screenshot)

The exact same error occurs when trying to set the MetaData Store Permissions in Central Admin.  (see screenshot). Changing The Object Permissions works only the MetaData Store permissions give this error


Thanks for reading,



edit : http://img18.imageshack.us/img18/9789/accessdenied.png





I want to import an application definition to my Business Data Catalog (BDC).

I log into my Shared Service and select Import application definition.

I am redirected to page that says Error: Access Denied

My account is:

1. An Administrator on the windows server running sharepoint
2  A member of the Farm Administrators
3. Added individually with Full Control to Central Administation
4. Added individually with Full Control to my shared service.


Hi All,

I am creating a custom site workflow using visual studio2010 for sharepoint foundation2010. My workflow sequence is as follow:

1) I started the site workflow using code as item is created in external list.

2) A approval task is created in Task List.

3) As the task is approved by user I create a list item in my custom list and I capture the custom list ItemAdded event.

4) On ItemAdded event I update approval status in external list item. ( here i am getting error).

In step 4, As I access external list item or any of its property, I am getting error "Access denied by Business Data Connectivity". I try to debug and find that the web.CurrentUser is "Sharepoint\system".

I try to give permission on BCS to this user, Sharepoint don't able to find this user in people picker. I added the user NTSecurity\System user to bcs permissions list in central admin. but still same error.

Also I try with SPSecurity.RunWithElevatedPrilivages but still the same error is occurred.

I try to find it and get that workflow is always run with the Sharepoint\System account context.

I create same workflow with sharepoint designer2010 and its working fine.



Can BDC (Business Data Connectivity) act as the primary source for user profile? I wanted to populate user profile from an external database (SQL Server) only and will not import from  Active Directory.

Thank you


I created an ECT - - I was using SPD2010 on the server where SharePoint Server is installed - - both running at the same version - 14.0.4763.1000, which is also the same version I'm using on my local computer.

I can successfully open the site on my local computer - no problem. However, when I click on 'External Content Types' in the Navigation menu, the error I get is shown in the subject line here. (If it matters, I have VS.Net 2010, along with .Net 4.0 installed on my computer.)

My boss, however, can access the ECT section just fine on his computer, using SPD.

Any ideas?


Hi all,

I've got the BCS model template missing in Visual Studio and cannot recall what I'm missing. I've got all the other SP 2010 templates except that 1.


Just installed VS 2010 on a box with Server 2008 R2 and SharePoint server 2010. My other pc has SharePoint Foundation installed and it's got the Business Data Connectivity Model Template.

Any ideas?







I have just installed SharePoint 2010 and SQL Server 2008 R2 in POWERPIVOT for SharePoint mode. I then ran the farm configuration wizard and started the BDC service and it succeeds. When I then navigate to the "Manage Service Applications" page and click on the BDC server application just created I get the below error.  

"The requested service, 'http://pvgbssc1spw001:32843/41bef9072ff944ff9130fcc1b5eb335e/BdcService.svc/http' could not be activated. See the server's diagnostic trace logs for more information."

I have checked the server diagnostic trace logs, but dont find any error there. The other features of SharePoint seem to work file.

Below is the error from the windows event viewer.

WebHost failed to process a request.
 Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/17653682
 Exception: System.ServiceModel.ServiceActivationException: The service '/41bef9072ff944ff9130fcc1b5eb335e/BdcService.svc' cannot be activated due to an exception during compilation.  The exception message is: The farm is unavailable.. ---> System.InvalidOperationException: The farm is unavailable.
   at Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceManager.get_Local()
   at Microsoft.SharePoint.IdentityModel.SPServiceIssuerNameRegistry..ctor()
   at Microsoft.SharePoint.SPServiceHostOperations.Configure(ServiceHostBase serviceHost, SPServiceAuthenticationMode authenticationMode)
   at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.ConfigureServiceHost(ServiceHostBase serviceHost, SPServiceAuthenticationMode authenticationMode)
   at Microsoft.SharePoint.BusinessData.SharedService.BdcServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.CreateService(String normalizedVirtualPath)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
   --- End of inner exception stack trace ---
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
   at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath)
 Process Name: w3wp
 Process ID: 2768

Have any of you faced this error before? Any help will be much appreciated.




there was no endpoint listening at http://servername/_vti_bin/BDCAdminService.svc that could accept the message, this is often caused by an incorrect address or SOAP action.

see innerException, if present, for more details.

the remote server returned  an error : (404) Not Found.

this happens when i try to create new external content type from SPD.. may be this should be posted in SPD forum but i think it has to do with configuration needed.. so i posted it here..

i get this before the above error mesg and when i click on the left in SPD the external content types: the business data connectivity metadata store is currently unavailable

can someone help me with this?

appreciate your fast response.

Hi all,
I'm getting "BDC Metadata Store is Currently Unavailable" when navigating to the External Content Types object in SPD 2010. So I installed the WCF Hotfix and since that didn't solve it I was going to delete the existing Business Data Connectivity entry and create a new one. The problem is that I get:

The HTTP service located at https://promossx:32844/cea366cd621e4f71946ea21862d5df3a/BdcService.svc/https is too busy.

And I'm stuck...Any Ideas on what to troubleshoot next?

One thing that might be relevant, this farm has already had a set back, the sharepoint VM died on me so another was installed (the one I'm using now) and connected to the existing farm databases...could this be the issue...?

Environment Context:
Farm with 2 machines, a Windows 2008 R2 with MSS 2010 and another with SQL 2008 as database server.


Running SharePoint Server 2010 RTM. Fresh install in production not via the wizard but a vanilla install and bringing services up one by one. Just brought up the Business Data Connectivity Service. Other services currently up are Managed Metadata Service and User Profile Service. Two web applications with services deployed to both web applications. The scenario below holds true when connecting to a site on either web application.

1) Open a site, i.e., root portal site, in SharePoint Designer 2010

2) Click External Content Types. Error returned: "The Business Data Connectivity Metadata Store is currently unavailable" is returned.

3) Click Ok then click New | External Content Type. Error returned "THe server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults...".

The Business Data Connectivity Service status in Central Administration is Started. Any ideas?



I'm using Sharepoint 2010 RTM and I setup users profiles Active Directory synchronization successfully. Now I would like to import additional user properties such as User Picture (URL) and User Birthday from a SQL Database. I created an External Content using Sharepoint Designer and I successfully managed to access data within an external list (View and Edit is working fine).

I added the new synchronization connection (1:1 on WorkEMail attribute) and launched a full synchronization. Now, if I edit the existing user property "Picture" I can select the Source Data Connection but the Attribute list is always empty ! If I create a new custom property with the same type as Picture property (URL), all is working fine and the property is correctly populated when synchronizing...

Do you have any idea why I can create a custom property and successfully map it to my BDC field but can not do the same on existing user profile properties ??

Thanks for your feedback !



I just got my SharePoint 2010 RC version installed, after using Beta for 6 months, and I am getting the following error when clicking on External Content Types in Designer: "The Business Data Connectivity Metadata Store is currently unavailalbe"

Is there a fix for this? Thanks.


I have created an external content type and it works well. But after I restart the BDC service I can not access this service anymore. I get the error "The HTTP request are not allowed with client authentication scheme 'Anonymous' ". How can I solve this problem?
I'm getting "BDC Metadata Store is Currently Unavailable" when navigating to the External Content Types object in SPD 2010. Hot fix is installed.  No errors in the eventlog? 

I'm having problems getting Business Data Services to work. When I go into:

Central Administration -> Service Applications -> Business Data Connectivity Services

I get the error 'keyset does not exist'

I've been doing some reading and come to the conclusion it's something to do with authentication? We use NTLM authentication and I'm wondering if we need to set up sharepoint to use kerberos.

Does anybody know about this problem?





I am getting the following error when runnind SP designer and referencing external content types.


The BDC service is running on the server, however if I click the link to configure the service I get:


The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error.

and in the event log:

The BDC Service application BDCTest is not accessible. The full exception text is: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error.

An exception occurred when trying to issue security token: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error.


Can anyone please help?






Hi, I am using Fast for Sharepoint and I have created a simple Employee database in SQL server 2008 and I am trying to crawl this database.

Using Sharepoint designer, I have created an external repository and I have configured it to look at my test database. After trying to crawl this database - I get two successfyul documents crawled - which are just junk documents. And 5 errors.  The errors say:

Error while crawling LOB contents. ( IEntity could not be found using criteria 'Id=2502'. )

I also noticed that if I was to disable "Defaul Action" from the BDC configuration, then I get all successful crawled documents. However, if I click on any of those documents in the search page, then it brings me to "unkown page". 

This makes sense since Default Action (View Profiles) is disabled. Does anyone know how to avoid this error message above without having to disable Defaul Action check box? 

P.S. I can also see that the connection between SQL Server - BDC - SP is working since when I create a user profile page, I can see that data populate.  


Hi Everyone,

                  I have a scenario where I have to get the data from two of the stored proc's in the SQL Server and create an assocation between those models.I cannot use Sharepoint designer as there is no relationship existing between those two entities.So,I have used visual studio business data connectivity model to fulfill this requirement.I created the model with filter descriptors,input parameters and all and related those as suggested by MSDN and used LINQ to SQL to pull the actual stored procedure into the readlist and readitem methods.My issue here is,when I debug this project,I am receiving an error message tht says "remote procedure cannot be debugged.this usually indicates debugging hasn't been enabled".Then I changed the debug entry in the web.config to true to solve this issue.But,still I received the same error...what do you think might be stopping me from going ahead..ur suggestions and tips helps me a lot..


Thanks all..



I created a connection to the business-data according to this video http://msdn.microsoft.com/en-us/vstudio/ff623022.aspx, but on C#.

When you try to display information using the profile page displays an error:

Business Data Connectivity is configured incorrectly. Administrators, see the server log for more information.


Just tried to create a list based on the external source:

Unable to display this Web Part. To troubleshoot the problem, open this Web page in a Microsoft SharePoint Foundation-compatible HTML editor such as Microsoft SharePoint Designer. If the problem persists, contact your Web server administrator.


But if you start debugging in VS 2010, then the data was successfully retrieved in the project and the portal displays the above error.
The files that are located in the LOGS are no errors.


<< Previous      Next >>

Microsoft   |   Windows   |   Visual Studio   |   Sharepoint   |   Azure