SharePoint 2010 + Custom retention formula installation failure + current user is not a farm administrator

Tue, Mar 6, 2012 2-minute read

You may encounter this issue when trying to deploy a Custom Expiration Formula for use as part of records management within SharePoint 2010. The error you may encounter is:

The SPPersistedObject, PolicyConfigService Name=PolicyConfigService, could not be updated because the current user is not a Farm Administrator.

This is a really nasty little error and it may be easy to miss as people have a tendency to use an empty try catch {} in their FeatureActivation so the feature activates but you’re not aware there is a problem. (Well, you become aware of it when for all the activation in the world, the “Use Custom Retention Formula” dropdown never changes from disabled.) It’s particularly annoying because you’re activating a feature at the Site Collection level - why would you need Farm Admin to do it? Well, it’s because it makes changes to the Content Service (or thereabouts) - and this is proven when you go to Central Admin > Security > Configure Information Policy Management > Retention and you’ll notice (after a successful activation) that your custom policy shows up in the “Resources” section.

Once you’ve found the error in the logs, the natural thing to do is to login as a user who is a Farm Administrator (or add your user account to the Farm Admins group in Central Admin.) You may also find that this doesn’t resolve it.

I ran a bunch of things, and eventually resolved it, so I would try these things, in this order:

  1. Retract your solution and deploy it with an account that is a Farm Admin. So even if you add yourself to Farm Administrators, retract the solution, deploy it again and then try and activate the feature. It seems that the deployment itself holds on to permissions of the user at the time it was deployed (or words to that effect) which affects it.
  2. Add your web application application pool accounts to Farm Administrators.
  3. Check your web application pool account have db_owner on the Config database.
  4. See about changing the ContentService.RemoteAdministratorAccessDenied flag to false, from this here.

Good luck.