Activating Sharepoint Timer Job

The best pratice to create a custom sharepoint timer job is to create a feature with web application scope and to instantiate a SPJobDefinition there. This is becuase it is application pool id's credentail that is used during feature activation, and only central admin pool id which is farm account has sufficient privilege.

When activating from other web application whose pool id is not farm account (by best practice, it should not), you may see one or both errors as follow:

• In browser, "unknown error" and in window event log, "EXECUTE permission denied on object 'proc_putObject' "

Cause: application pool id doesn;t (and should not) have write permission to config database

Workaround: assign application pool id as db_owner of sharepont config database

After that, you might get anohter error (if the app pool id is not sharepoint server local admin) when you try to activate (with permission on config database, you can now unactivate feature, but not activate)

• In browser, "HTTP 403 error (someone saying 404 error), and in ULS log, "...Microsoft\SharePoint\Config\bd189eb6-92d0-4ca5-87b0-770f542e3f0a\cache.ini' is denied"

Cause: Sharepoint need to cache timer jobs in WFE (so it doesn't need to get them from sql as often as every minute) and app pool id (in WSS_WPG group) doesn't have that file permission. In contrast, farm account in WSS_Admin_WPG has full permission on the folder of "C:\Documents and Settings\All Users\Application Data\Microsoft\SharePoint".

Workaround: assign full control permission to application id for that folder or add app pool id into WSS_ADMIN_WPG group.

But the real solution is to activate timer job feature in the central admin, which means you need to create a feature of web application scope.