I have been following the Microsoft TechNet article instructions to install BDC Models to SharePoint, I executed the command line
C:\Program Files\Duet Enterprise\1.0> DuetConfig.exe /importBDC "DRIVE:\PATH\models.xml" /Addusers "END_USERS" /Username "USERNAME" /Password "PASSWORD" /Email "EMAIL_ADDRESS" /BDCServiceApplication "BDC_SERVICE_APP_NAME"
The command line responded with the error message
Starting import of models from DRIVE:\PATH ...
Attempting to import model: ENTITY
Creating Secure Store application WSDL to store credentials, required to fetch WSDL from SAP Backend for importing the BDC models.
[ERROR] Failed to create target application in Secure Store. Error Message: Failed to create Secure Store Application WSDL. Error: Unable to obtain master key..
Fix the previous error and retry.
Failed to import model: ENTITY
The SharePoint ULS logs recorded an error message in the Claims Authentication category.
SPSecurityContext.WindowsIdentity: Could not retrieve a valid windows identity for NTName='DOMAIN\account', UPN='account@DOMAIN'. UPN is required when Kerberos constrained delegation is used.
No windows identity for DOMAIN\account.
I’ll put the full stack trace at the end of the post.
The SharePoint farm is made up of two web front end servers and two application servers. The Business Data Connectivity service instances and Secure Store service instances were running on the two application servers only. I executed the command on one of the application servers.
The Claims to Windows Token Service was not started on any of the servers. Why should it be? There isn’t any mention of this service in any of the deployment steps via TechNet.
RESOLUTION: I started the service through SharePoint Central Administration on both of the application servers and re-ran the command to import BDC Models. In this scenario, the service identity is “Local Service” and not a domain account. And they all lived happily ever after.
DATE TIME w3wp.exe (0x1278) 0x1DF4 SharePoint Foundation Claims Authentication bz7l Medium SPSecurityContext.WindowsIdentity: Could not retrieve a valid windows identity for NTName='DOMAIN\user', UPN='account@DOMAIN'. UPN is required when Kerberos constrained delegation is used. Exception: System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at net.pipe://localhost/s4u/022694f3-9fbd-422b-b4b2-312e25dae2a2 that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.IO.PipeException: The pipe endpoint 'net.pipe://localhost/s4u/022694f3-9fbd-422b-b4b2-312e25dae2a2' could not be found on your local machine. --- End of inner exception stack trace --- Server stack trace: at System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeName(Uri uri) at System.ServiceModel.Channels.NamedPipeConnectionPoolRegistry.NamedPipeConnectionPool.GetPoolKey(EndpointAddress address, Uri via) at System.ServiceModel.Channels.CommunicationPool`2.TakeConnection(EndpointAddress address, Uri via, TimeSpan timeout, TKey& key) at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout) at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade) at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.IdentityModel.WindowsTokenService.S4UClient.IS4UService_dupUpnLogon(String upn, Int32 pid) at Microsoft.IdentityModel.WindowsTokenService.S4UClient.c__DisplayClass1.b__0(IS4UService_dup channel) at Microsoft.IdentityModel.WindowsTokenService.S4UClient.CallService(Func`2 contractOperation) at Microsoft.SharePoint.SPSecurityContext.GetWindowsIdentity().
DATE TIME w3wp.exe (0x1278) 0x1DF4 SharePoint Foundation Claims Authentication g220 Unexpected No windows identity for DOMAIN\account.
Shnuggets 