SharePoint 2016 : Resolving issue – Get-SPFarm : Can not access the local farm. Verify that local farm is properly configured, currently available, and that you have the appropriate permission to a database before you try again.

SharePoint 2016 : Resolving issue - Get-SPFarm : Can not access the local farm. Verify that local farm is properly configured, currently available, and that you have the appropriate permission to a database before you try again.
SharePoint 2016 : Resolving issue - Get-SPFarm : Can not access the local farm. Verify that local farm is properly configured, currently available, and that you have the appropriate permission to a database before you try again.

Hi All,

Greetings for the day 🙂 LIFE IS BEAUTIFUL 🙂

Today new issue and resolution 🙂

Background / Details :

Error / Issue :

Get-SPFarm : Can not access the local farm. Verify that local farm is properly configured, currently available, and that you have the appropriate permission to a database before you try again.

SharePoint 2016 - error - Get-SPFarm : Can not access the local farm. Verify that local farm is properly configured, currently available, and that you have the appropriate permission to a database before you try again.
fig : SharePoint 2016 – error

Cause of an error / Why this error :

  • This issue is because current use dosent have “SharePoint_Shell_Access” role on “SharePoint_Config” database
  • The farm administrator (not to be confused with the farm account) does not automatically have access to the content dbs.

What is “SharePoint_Shell_Access role ?

  • The secure SharePoint_SHELL_ACCESS database role on the configuration database replaces the need to add an administration account as a db_owner on the configuration database
  • By default, the setup account is assigned to the SharePoint_SHELL_ACCESS database role. We can use a PowerShell command to grant or remove memberships to this role.
  • Setup assigns the SharePoint_SHELL_ACCESS role to the following databases:
    • The SharePoint_Config database (the configuration database).
    • One or more of the SharePoint Content databases. This database is configurable by using the PowerShell command that manages membership and the object that is assigned to this role.
  • Members of the SharePoint_SHELL_ACCESS role have the execute permission for all stored procedures for the database.
  • Members of this role have the read and write permissions on all of the database tables.
  • If we are planning to use an account to run PowerShell cmdlets on a database, so it must have a db_owner database role or SharePoint_SHELL_ACCESS database role.
  • There is no need to assign a db_owner database role for an account if it already has a SharePoint_SHELL_ACCESS database role.

Solution :

  • In order to use Windows PowerShell for SharePoint Products, a user must be a member of the SharePoint_Shell_Access role on the configuration database and a member of the WSS_ADMIN_WPG local group on the computer where SharePoint Products is installed.

Prerequisites to add the user to “SharePoint_Shell_Admin” role :

  • Must have membership in the securityadmin fixed server role on the SQL Server instance
  • Membership in the db_owner fixed database role
  • Local administrative permission on the local computer.

PowerShell CMDLET to add the user to “SharePoint_Shell_Admin” role : Add-SPShellAdmin

Syntax :

Add-SPShellAdmin
   [-UserName] <String>
   [-AssignmentCollection <SPAssignmentCollection>]
   [-Confirm]
   [-Database <SPDatabasePipeBind>]
   [-WhatIf]
   [<CommonParameters>]

Examples : 

Add-SPShellAdmin -UserName <domain name /username> => adds a new user named username to the SharePoint_Shell_Access role in the farm configuration database only, and also ensures the user is added to the WSS_Admin_WPG local group on each server in the farm

What happens behind the scene when we assign SharePoint_Shell_Access role to user :

  • The user is added to the WSS_Admin_WPG group on all Web servers
  • If the target database does not have a SharePoint_Shell_Access role, the role is automatically created
  • On successfully execution of this cmdlet – the user specified with the UserName parameter will have the SPDataAccess role, if it exists, or db_owner role, if the SPDataAccess role does not exist, on the affected databases

Some more details :

  • This cmdlet is only to be used with a database that uses Windows authentication
  • There is no need to use this cmdlet for databases that use SQL authentication
  • If we specify only the user, the user is added to the role for the farm configuration database
  • If we use the database parameter, the user is added to the role on the farm configuration database, the Central Administration content database, and the specified database.

Thanks for reading 🙂 HAVE A GREAT TIME AHEAD 🙂

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: