Creating a Site Collection - Get “Error in resolving user”

sharepoint.stackexchange https://sharepoint.stackexchange.com//questions/53192

Question

I have a SharePoint 2013 environment in a DEV_DOMAIN that was upgraded from SharePoint 2010

COMPANY_DOMAIN should have a trust set up with DEV_DOMAIN.

I'm logged into the site as COMPANY_DOMAIN\first.last

When I create a site collection I get the following error in the logs

Error in resolving user 'COMPANY_DOMAIN\first.last' : System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): Logon failure: unknown user name or bad password. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at Microsoft.SharePoint.WebControls.PeopleEditor.SearchFromGC(SPActiveDirectoryDomain domain, String strFilter, String[] rgstrProp, Int32 nTimeout, Int32 nSizeLimit, SPUserCollection spUsers, ArrayList& rgResults) at Microsoft.SharePoint.Utilities.SPUserUtility.ResolveAgainstAD(String input, Boolean inputIsEmailOnly, SPActiveDirectoryDomain globalCatalog, SPPrincipalType scopes, SPUserCollection usersContainer, TimeSpan searchTimeout, String customFilter) at Microsoft.SharePoint.Utilities.SPActiveDirectoryPrincipalResolver.ResolvePrincipal(String input, Boolean inputIsEmailOnly, SPPrincipalType scopes, SPPrincipalSource sources, SPUserCollection usersContainer) at Microsoft.SharePoint.Utilities.SPUtility.ResolveWindowsPrincipal(SPWeb web, SPWebApplication webApp, String input, SPPrincipalType scopes, Boolean inputIsEmailOnly).

My first guess is there is some sort of issue with the trust between the domains, but I'm not sure what I should be looking for.

Update 1
It is using claims based authentication.

I can create the site collection using a DEV_DOMAIN account and setting the site collection admin to be a DEV_DOMAIN account, but if I set site collection admin to be a COMPANY_DOMAIN account it fails.

If I try to add a COMPANY_DOMAIN account as a user to the newly created site collection it cant find any users in that domain.

Running stsadm command for people picker and the result looks correct.

stsadm -o getproperty -pn peoplepicker-searchadforests -url http://site

results in 

<Property Exist="Yes" Value="forest:COMPANY_DOMAIN.com.au,COMPANY_DOMAIN\user1,*****; forest:DEV_DOMAIN.Company.local,DEV_DOMAIN\user2,*****" />
Was it helpful?

Solution

The answer was simple.

DEV_DOMAIN\user2 user account had expired

It had actually expired a while ago, it appears that in SharePoint 2010 the account doesn't actually authenticate it is just used. But in SharePoint 2013 the account does attempt to authenticate

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top