SharePoint 2010, “The specified user or domain group was not found”


Symptom:

The following error is presented when attempting to access service applications within SharePoint 2010, "The specified user or domain group was not found."

 

Cause:

SharePoint 2010 stores security information using the Subject Alternative Name as a literal strings as a result renaming or removing associated accounts will cause the service to fail.

 

Resolution:

  1. Validate the issue exists using the SharePoint 2010 Management Shell (PowerShell) and execute the following:

    Get-SPServiceApplication

  2. Manually gather your service application GUID’s, they are found in IIS under the site “SharePoint Web Services”
  3. Identify the service account using the SharePoint 2010 Management Shell (PowerShell) and execute the following as an example:

    Get-SPServiceApplicationSecurity fe11bf1464f84109bf83ce082e3097be

  4. Once you have identified the effected service application GUID return to IIS and select the virtual directory that matches the effected GUID and select “Basic Settings” and make note of the “Physical Path”, like the example below. In this example the effected service application is User Profile Service Application.

    C:\Program Files\Microsoft Office Servers\14.0\WebServices\Profile

        

  5. Connect to the SharePoint_Config database and execute the following query:

    SELECT [Name], [Version], CAST([Properties] as xml)

    From [SharePoint_Config].[dbo].[Objects] with (nolock)

    Where [Name] LIKE ‘%Profile%’

  6. This will return a set of results, locate the row with the correct service application name, and double click on the xml result. Within the xml result find the key with value within the name value “Serialized”. In the example below three accounts are identified: “FABRIKAM\SharePointFarm; FABRIKAM\SharePointServices; FABRIKAM\John Smith” if any of these accounts have been modified the changes will need to be reverted or restored. Once restored the effected service will become operational.

    <sFld type="String" name="m_SerializedAcl">&lt;acl&gt;&lt;ace identityName="i:0#.w|fabrikam\sharepointfarm" displayName="0#.w|fabrikam\sharepointfarm" sid="" allowRights="18446744073709551615" denyRights="0" /&gt;&lt;ace identityName="i:0#.w|fabrikam\sharepointservices" displayName="0#.w|fabrikam\sharepointservices" sid="" allowRights="18446744073709551615" denyRights="0" /&gt;&lt;ace identityName="i:0#.w|fabrikam\John Smith" displayName="0#.w| fabrikam\John Smith" sid="" allowRights="18446744073709551615" denyRights="0" /&gt;&lt;/acl&gt;</sFld>

  7. Once the services are operational use the SharePoint 2010 Central Administration to manage the accounts assigned to this service under Central Administration > Application Management > Manage Service Application. Then highlight the service and select manage from the ribbon to change the security for the service application.
Advertisements