locked
Active Directory Claims based Authentication error in SharePoint RRS feed

  • Question

  • I am trying to log into a new SharePoint application, which has it's authentication method set to Claims based authentication (CBA). The user I am logging in with is Site collection admin. When trying to log in I get the access denied page. When looking in the event log on the WFE the site is running on, I see the following error:

    An exception occurred in Active Directory claim provider when calling SPClaimProvider.FillResolveClaim(): Requested registry access is not allowed.

    Event ID: 8307

    User: NT AUTHORITY\IUSR

    I get why IUSR would not have registry access, but why would SharePoint run a request under that account, the webapp is running under a domain service account? Pretty much everything is running as it should except this web app. The Claims based authentication is needed because of search requirements (one-way domain trusts).

    Wednesday, March 16, 2011 11:57 AM

Answers

All replies