SharePoint Server 2010 Search - not returning results but crawling without errors
-
Tuesday, June 08, 2010 8:29 AM
I have created a Search Service Application on a SharePoint Server 2010 (RTM) Farm and used the default Content Source. I started a Full Crawl and it suceeded with no errors etc. I ran it a few times and no issues.
But if I go to the Intranet Portal Web Appliaction and do a search for a document that would have been crawled it does not show up in search results...nothing does. I am not getting any errors in Event Log or ULS Logs relevant to Search.
How can I troubleshoot this problem further?
SharePoint Solution Architect, Perth Australia - Microsoft Virtual Technology Specialist - MCTS WSS Dev, WSS Adm, MOSS Dev, MOSS Adm - http://wss.made4the.net/ - Founder of http://www.sharepointdevwiki.com/
Answers
-
Thursday, July 01, 2010 8:38 AM
sorry forgot to come and add solution as resolved with product team:
Just had a look in logs and discovered this after tuning ULS:
06/10/2010 10:33:02.72 w3wp.exe (0x1594) 0x1064 SharePoint Server Search Query Processor g2j3 High AuthzInitializeContextFromSid failed with ERROR_ACCESS_DENIED. This error indicates that the account under which this process is executing may not have read access to the tokenGroupsGlobalAndUniversal attribute on the querying user's Active Directory object. Query results which require non-Claims Windows authorization will not be returned to this querying user. da324c89-8a72-4b2b-a2b9-ed5cab78c16d
Found this in support web site:
http://support.microsoft.com/kb/842423
and
http://mattstratton.com/tech-tips/configuring-sharepoint-2010-search-in-a-one-way-trust-scenario
In order to call the AuthzInitializeContextFromSid, the caller “service account” needs to able to read the TGGAU attribute. In Windows 2000 and Windows 2003 domain, members of the Pre-Windows 2000 Compatibility Access group are able read the TGGAU attribute. At a minimum, certain service accounts like the search service account need to be a member of this group. See the resources section for more information.
SO I added the search service account to the group:
Add the Windows account to the Windows Authorization Access group by using the Active Directory Users and Computers snap-in.
And fixed it!
SharePoint Solution Architect, Perth Australia - Microsoft Virtual Technology Specialist - MCTS WSS Dev, WSS Adm, MOSS Dev, MOSS Adm - http://wss.made4the.net/ - Founder of http://www.sharepointdevwiki.com/- Marked As Answer by Aaron Han - MSFTModerator Friday, July 09, 2010 5:20 AM
All Replies
-
Wednesday, June 09, 2010 5:04 PM
Jeremy,
Try seeing if you can get any results at all from your content source. For example use a query such as ContentSource:"Local SharePoint Sites". This will give you an idea of what is in your index.
Thanks,
Corey
Corey Roth blog: www.dotnetmafia.com twitter: @coreyroth -
Thursday, June 17, 2010 6:00 PMHi, I have same problem. I see that I search with the same user of search service it work!! I not understand....
-
Thursday, June 17, 2010 7:15 PMMight be a silly question but did you manually create a Search Center and wire it up?
John Ross
SharePoint Server MVP | Sr. Consultant SharePoint911: SharePoint Consulting
Blog: http://www.sharepoint911.com/blogs/john
Twitter: @JohnRossJr
Professional SharePoint 2010 Branding and User Interface Design -
Friday, June 18, 2010 3:13 PM
Yes, I've also setup by hand ... but nothing. Now try again but for the sake ...
It works perfectly with the administrator account or the account of FARM research service. No ordinary user sees nothing.
Absolutely nothing! -
Friday, June 18, 2010 4:01 PMModerator
If farm admin can see the result that means you may have wrong permission. Security trimming happened and user cannot see the result.
-
Sunday, June 20, 2010 7:06 AMYou're right, I think this too, but I checked everything several times without success. I created a local user in the users group and I have added as users visit a site. This user correctly performs the search. At this point I have a problem with domain users ... but where?! I have to give rights of access / use the application search?
Any ideas?
Thank you. -
Monday, June 21, 2010 9:31 PM
I've just blogged on configuring SharePoint 2010 search and "search" service account provisioning... It might help you visualize any settings that may have been missed.
http://sharepointgeorge.com/2010/configuring-enterprise-search-sharepoint-2010/
Blog: http://sharepointgeorge.com Twitter: http://twitter.com/georgekhalil -
Tuesday, June 22, 2010 7:40 AM
Thanks and congratulations for the article.
Unfortunately I did everything well, although I used always the same account. But this is not the problem.Instead, I noticed that I can not insert a new managed account. When I try to do so, the system answers me: "The given key was not present in the dictionary.".
If I do I force the thing through PowerShell, let me go but then the GUI no longer works.
Although I try Configure Synchronization Connections, tells me that "Cannot navigate to the requested page while User Profile Synchronization is running. Please...". The Sync is not running and the Search is also stopped...
I try another machine. I would not like the change from RC> RTM has caused problems.
We'll let you know and if you can think of more ...
Thank you.
-
Tuesday, June 22, 2010 1:51 PM
No! Same problems.
Then the problem is really the use of a single domain account for all services?
I put the machine as an administrator, SQL Server, but nothing changes!
Local users (group users) configured in the SharePoint group visitors can see the results, domain users not! I put the Domain Users but no result.The'm trying them all. Provo also users of different service but I do not want to believe it....
-
Thursday, July 01, 2010 8:16 AM
Hello, you have any ideas?
I installed a new environment with another new domain and everything worked properly.
The research work for administrator users, services and visitors.So the problem may be the domain in production? But where? There must be a solution, what does the domain with the search for data in "local"?
Help, I'm going crazy!
-
Thursday, July 01, 2010 8:38 AM
sorry forgot to come and add solution as resolved with product team:
Just had a look in logs and discovered this after tuning ULS:
06/10/2010 10:33:02.72 w3wp.exe (0x1594) 0x1064 SharePoint Server Search Query Processor g2j3 High AuthzInitializeContextFromSid failed with ERROR_ACCESS_DENIED. This error indicates that the account under which this process is executing may not have read access to the tokenGroupsGlobalAndUniversal attribute on the querying user's Active Directory object. Query results which require non-Claims Windows authorization will not be returned to this querying user. da324c89-8a72-4b2b-a2b9-ed5cab78c16d
Found this in support web site:
http://support.microsoft.com/kb/842423
and
http://mattstratton.com/tech-tips/configuring-sharepoint-2010-search-in-a-one-way-trust-scenario
In order to call the AuthzInitializeContextFromSid, the caller “service account” needs to able to read the TGGAU attribute. In Windows 2000 and Windows 2003 domain, members of the Pre-Windows 2000 Compatibility Access group are able read the TGGAU attribute. At a minimum, certain service accounts like the search service account need to be a member of this group. See the resources section for more information.
SO I added the search service account to the group:
Add the Windows account to the Windows Authorization Access group by using the Active Directory Users and Computers snap-in.
And fixed it!
SharePoint Solution Architect, Perth Australia - Microsoft Virtual Technology Specialist - MCTS WSS Dev, WSS Adm, MOSS Dev, MOSS Adm - http://wss.made4the.net/ - Founder of http://www.sharepointdevwiki.com/- Marked As Answer by Aaron Han - MSFTModerator Friday, July 09, 2010 5:20 AM
-
Wednesday, September 01, 2010 5:57 AM
I'm struggling with same problem.
I have added search user to the Windows Authorization Access group and made server boot to front-end.
All Scope shows 0, but intranet portal search works ok. I made new scope, but still zero.
Why scope shows still 0?
-
Wednesday, September 15, 2010 5:28 PM
I have the same problem but are using Windows 7 so no AD.
The error is different
SPSecurityTokenService.PopulateOutputIdentity() failed to lookup UPN for user 'WIN7DH\Administrator': System.ComponentModel.Win32Exception: No mapping between account names and security IDs was done at Microsoft.SharePoint.Win32.SPSecur32.GetUserNameEx(EXTENDED_NAME_FORMAT nameFormat) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.PopulateOutputIdentity(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity)
How to fix?
-
Thursday, November 04, 2010 3:29 PM
I am having somewhat having the same issue and i have already spent hours trying to figure this out. I have 2 web applications( test site and production site) on the same server and they are both included under one content source called "local Sharepoint sites" I have initiated a crawl several times but they failed. Nonetheless, the search on the test site is returning results regardless of the fact that the crawls have failed, but the production site is yet to return any results. I am not getting any error messages so i know it is just not crawling. My question is, why is the test site crawling and the production site isn't? I have also tried creating two separate content sources for both web applications and that didn't work.
I would try adding search user to the Windows Authorization Access group and make the server boot to front-end but the problem only exists within one web application. Can anyone please help me? Thanks.
-
Wednesday, April 27, 2011 4:36 PM
This really helped me out! THANKS!!!!!
I also had to add the SP farm account to the WAA security group. Searching works like a champ now!!
-Brad
-
Friday, April 29, 2011 7:13 PMHi George. I read your article on setting up search in SharePoint, and it's really good. I set up search on my sharepoint install, and the whole site worked just fine, but I couldn't narrow down the search to just a site, etc. So I ended up deleting it and starting over. I have been struggling with getting it back to work at all. Last night I finally got it to work, and it would even do a search just on my site. However, I discovered that I am the only user that the search will work for. All other users have no results when searching. Can you tell me what might be causing this?
-
Thursday, June 02, 2011 2:34 PM
We have the same problem where users can not see search results.
At the end we found out that the problem was related to some permissions in Active Directory on the single users. We solved our issue like that:
- go into the active directory console on your domain controller (if you have more than one, go to your primary to avoid synchronization conflicts)
- enable in the menu bar the "advanced mode" of the console
- now go to the user that is not able to see search results and press right-mouse -> properties
- in the security tab locate the entry of the "authenticated users", click on them. The "read" permission should be activated. If this is deactivated, then the search does not return any results.
Now how can we perform and fix this for 5000+ ad users?
sharepointer
.png){kind=spacer}
