Monday, May 9, 2011

Error: "The sandboxed code execution request was refused because the Sandboxed Code Host Service was too busy to handle the request"


Some developers are getting this error whenever they try to use a sandboxed solution, or sometimes when they add a sandboxed Web Part to a page, even in circumstances in which the service could not be busy.  There seem to be multiple things that can cause this. The following are some solutions that have worked for others.  If you find a different solution, please report it as a comment to this post. Be sure to double-verify it: undo your solution and verify that the problem comes back, then redo it and verify that the problem goes away.
I. Be sure the sandboxed host service is running on the appropriate servers. The service is called Microsoft SharePoint Foundation Sandboxed Code Service in Central Admnistration. It is called SharePoint 2010 User Code Host in Windows Services. It can be started in either place. 
If you have configured the sandbox to run in local mode, then the service must be running on every front-end web server. If you have configured it to run in remote mode (sometimes called affinity mode), then it must be running on at least one server in the farm. To determine which mode is being used open Central Administration and navigate to System Settings | Manage User Solutions. Scroll down to the Load Balancing section where the mode is set.

II.  Another known cause is certain values in the local computer policy of the servers running the sandboxed host service. The following values should not be enabled.
Computer Configuration -> Administrative Templates -> System -> Remote Procedure Call -> RPC Endpoint Mapper Client Authentication
Computer Configuration -> Administrative Templates -> System -> Remote Procedure Call -> Restrictions for Unauthenticated RPC clients
III.  Another known cause is that SharePoint is trying to check for certificate revocations at crl.microsoft.com. The following are workarounds:
A. There is a registry key that is used by the sandboxed solution infrastructure and sometimes gets the wrong value. To ensure that it is set to the correct value, take these steps on all servers that are running the sandboxed host service :
  1. On the server, click Start | Administrative Tools | Services.
  2. On the Services dialog, scroll to SharePoint 2010 User Code Host.
  3. Note the full user name in the Log On As column. You will need this information later.
  4. Open SharePoint Management Shell.
  5. Enter the following at the command prompt, including all punctuation.
(Get-SPManagedAccount –Identity “username”).Sid.Value
Replace username with the name you obtained in step 3. E.g., Domain\FarmAdmin
This will return the user’s SID (Security ID), which you will use in a later step.
    6.    Open the registry editor and navigate to:
HKEY_USERS\SID you obtained earlier\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
    7.     Be sure the State key value is set to 0x00023e00.
    8.    Restart the sandboxed host service on all servers on which it is to run. It cannot hurt to do an iisreset as well.
B.  You can redirect these attempts by adding the following line to the end of the hosts file located at C:\Windows\System32\drivers\etc:
127.0.0.1     crl.microsoft.com
This must be done on all servers running the sandboxed host service. Then restart the SharePoint 2010 User Code Host service on all these servers. It cannot hurt to do an iisreset as well.
C.  The following workaround changes configuration files which ship with the product which means you may have to redo these steps if the files are ever overwritten by a service pack or other reinstallation.
  1. Navigate to %SHAREPOINTROOT%\UserCode
  2. Open each of the three *.exe.config files and add the following element as a child of the element:
<generatePublisherEvidence enabled=”false”/>
  • Steps 1- 2 must be done on all servers running the sandboxed host service. Then restart the SharePoint 2010 User Code Host service on all servers. It cannot hurt to do an iisreset as well.
     See for more information.

 

No comments:

Post a Comment