This topic describes the features you can use to administer Delegated Administration Console. For more detailed information about these features, see "Administering Delegated Administration Console" in Delegated Administration Console Help.
Delegated Administration Console provides messages for the following types of errors:User input errors
For user input errors, Delegated Administration Console provides a meaningful error message that helps the user correct the problem. User input errors are generated by typing incorrect passwords and characters that are not allowed by the system.System errors
For system errors, Delegated Administration Console displays an error message that indicates the date, time, and identification number of the error. The system administrator can use this data to research information about the error in Delegated Administration Console Config Center. The service provider administrator can also configure Delegated Administration Console to display a detailed error message to the user. For security reasons, it is recommended that you use this option only in a test environment.Database connection errors
For database connection errors, Delegated Administration Console displays a "fatal error" message. This means that Delegated Administration Console is unable to read or write to the database and is therefore unable to function properly. The service provider administrator must research the error in the event log of the server running Delegated Administration Console to determine the cause of the problem. Information about such errors appears in the WSH category.
Delegated Administration Console provides options for getting detailed information about the functioning of Microsoft Provisioning System that you can use for debugging. One debugging option is to write a copy of each XML request submitted by Delegated Administration Console to a file. This information is useful for analyzing how Delegated Administration Console functions in the default configuration. It is also useful for verifying that any customization you have made to Delegated Administration Console is functioning properly. For more information about customizing Delegated Administration Console, see Customizing Delegated Administration Console.
Another debugging option is to write complete information about each page that is rendered by Delegated Administration Console. With this option, Delegated Administration Console records every action it took while rendering the page. This can be useful for debugging problems in a development environment after you have customized Delegated Administration Console or the user interface (UI) framework.
This is also a debugging option to display the Internet Protocol (IP) address of the server running Delegated Administration Console. The address appears at the bottom of each Delegated Administration Console page. If you are running Delegated Administration Console on more than one server, this information is useful for determining which server a user is on when experiencing an error.
You can select an option to display the Microsoft Provisioning Framework audit log in Delegated Administration Console Config Center. By default, the domain administrator is the only user account with privileges to view the Microsoft Provisioning Framework audit log. If you want another user or group, such as service provider administrators, to view the audit log, you must give that user account or group permissions to view the Microsoft Provisioning Framework audit database in SQL Enterprise Manager. For more information about configuring these permissions, see the troubleshooting topic "Microsoft Provisioning Framework audit database information not available to users other than domain administrators" in Troubleshooting Delegated Administration Console.
Delegated Administration Console uses the Advanced View feature of Active Directory to make the private container visible only to service provider administrators. This helps secure the contents of the private container from unauthorized access. There are two constants in the global.asa file of Delegated Administration Console that control this functionality:
To make the private container visible to other groups, you can change the WAT_global_showinAdvancedViewOnly_RPN constant to the number corresponding to the role priority number (RPN) of the appropriate group. For more information about the private container, see Active Directory hosting configuration. For more information about RPNs, see Understanding roles and privileges.
In Config Center, you can select one of three modes for Exchange and Internet Information Services (IIS). Depending on the mode you select, Delegated Administration Console displays, disables, or hides the links related to the service. The modes are as follows:Enabled
When you select this mode for Exchange or IIS, all the links related to that service are available in Delegated Administration Console, and administrators, customer service representatives (CSRs), and end users can access the features of the service. Use this mode when you want to provision the service.Disabled
When you select this mode for Exchange or IIS, all the links related to that service are hidden. No one can access the features of the service. Use this mode when you do not want to provision the service.Maintenance
When you select this mode for Exchange or IIS, all the links related to that service are disabled. They appear shaded in the user interface, and the links do not function when clicked. Use this mode when you want to perform maintenance on a server running the service, or if you need to make it temporarily unavailable.