BizTalk BAM Portal URL authorization failed for the request (Event code 4007)

Posted: April 26, 2013  |  Categories: BAM BizTalk

Last day I was able to convince my client to use, for the first time, BAM for tracking and monitoring of specific processes. As I anticipated, 1-hour work resulted in a major impact (for better) on the people responsible for these tasks in the organization.

However, after I deploy my BAM Definition and tracking profile in a production environment and everything was working well, i.e., processes were running successfully and data was being tracked (I was able to see the tracking data in the database)…

If you don’t know, and contrary to what I thought also, the only user that always has access to the view and cannot be added to or removed from the view(s) is the Database Owner (BAMPrimaryImport). So the user that made the deploy of this BAM Definition don’t necessarily have access to this particular view in the BAM Portal!

In this particular case, I’m also the Database Owner, but when I try to access to BAM Portal the access was constantly being denied me and always asking to enter my credentials when browsing to it… even when I gave access to another domain user to this view and tested with these credentials the problem remained.

After examining the logs in the event I found this information message:

BAM Web Event Information

With the following details:

Event code: 4007
Event message: URL authorization failed for the request.
Event time: 23-04-2013 15:55:52
Event time (UTC): 23-04-2013 14:55:52
Event ID: 053c6e752b6a4de8ae400a9a9d7d26b1
Event sequence: 10
Event occurrence: 9
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/1/ROOT/BAM-1-130112015742350508
Trust level: BAMPortal_Minimal
Application Virtual Path: /BAM
Application Path: D:\Program Files (x86)\Microsoft BizTalk Server 2010\BAMPortal\
Machine name: MyMachine

Process information:
Process ID: 9560
Process name: w3wp.exe
Account name: DOMAIN\bts-bam-ap

Request information:
Request URL: http://localhost/BAM
Request path: /BAM
User host address: 192.168.***.***
Is authenticated: True
Authentication Type: Negotiate
Thread account name: DOMAIN\MYUSER

Custom event details:


Well, unfortunately, this problem or similar problems can happen for many reasons:

Fortunately for me, I have an E2E test environment which is an almost exact replica of PROD with which I could compare to see what was the problem and that was working well.

One thing I was sure: I had permission problems!

The first thing was to analyze the basic settings of the application pool like: credentials or .net version and so on… however, everything was properly configured and equal to the test environment.

After a few minutes, I remembered the basics… if you remember the BizTalk Configuration experience, you use the BizTalk Server configuration tool to specify whether BAM is enabled, and to specify the Web service accounts, the Windows groups that can view portal, and the Web site that will host the portal.

BAM Portal Configuration

That you also can see in “.Net Authorization Rules” under BAM website:

BAM IIS Net Authorization Rules

Using the principle of least privilege, user accounts should have restrictive permissions to perform routine tasks in the BAM portal. BizTalk BAM Portal Users is the group, at least for me but this may change according to your configurations, where you defined the users or groups that can access to BAM Portal Web site.


In my case, after checking in AD, there was no one configured to have access to BAM Portal.

To solve this problem you have to configure the users or groups that you want to have access to BAM Portal under the “BizTalk BAM Portal Users” in your Active Directory.

After this operation, everything start work fine! Exactly as it should.

Author: Sandro Pereira

Sandro Pereira lives in Portugal and works as a consultant at DevScope. In the past years, he has been working on implementing Integration scenarios both on-premises and cloud for various clients, each with different scenarios from a technical point of view, size, and criticality, using Microsoft Azure, Microsoft BizTalk Server and different technologies like AS2, EDI, RosettaNet, SAP, TIBCO etc. He is a regular blogger, international speaker, and technical reviewer of several BizTalk books all focused on Integration. He is also the author of the book “BizTalk Mapping Patterns & Best Practices”. He has been awarded MVP since 2011 for his contributions to the integration community.

Leave a Reply

Your email address will not be published. Required fields are marked *


Back to Top