7. května 2012 20:06
I have farm that I upgraded from 07 to 2010. In doing so, I setup claims-based authentication because one of the sites uses FBA. Another site (extranet) was previously used with basic authentication... basically local accounts on the box and those users have access to certain sites.
The issue I'm having is that some of the users are unable to login now. In my ULS logs, I see the following error:
SPSecurityTokenService.PopulateOutputIdentity() failed to lookup UPN for user 'SPNEW\AVC': System.ComponentModel.Win32Exception: No mapping between account names and security IDs was done
at Microsoft.SharePoint.Win32.SPSecur32.GetUserNameEx(EXTENDED_NAME_FORMAT nameFormat)
at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.PopulateOutputIdentity(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity)
In the process of the upgrade, I changed the machine name of the server as well. So I wrote some PowerShell to interate through all the SPWebs and called Remove-SPUser for the local accounts with the old machine name. I then used the UI to add the users back into the site.
But these users still get access denied pages, with the error message in the logs. I cannot even make new local accounts, and grant those accounts access to the sites. If I do make a new account, I still get access denied. Any ideas?
8. května 2012 4:17
CHeck for loopback issue.Make sure your profile sync is correct and running
Destin -MCPD: SharePoint Developer 2010, MCTS:SharePoint 2007 Application Development
8. května 2012 9:19
have you migrated from Windows Classics to Claim based authentication? If so you need to upgrade your users to use claims!
- Označen jako odpověď Shimin Huang 18. května 2012 6:22