Tuesday, June 8, 2021

SharePoint User profile backend logic

 Recently encounter one very interesting domain authentication failed login scenario , which is current SharePoint server hosted at Domain A then have one way Trust with Domain B.

All the SharePoint service account is under Domain A and the problem is Domain A SharePoint service account keep on go to Domain B triggering the authentication failed .

Check on the ULS log , we have encounter that below informaiton provided during authentication failed at Doman B :

  • SPRequest.GetNTFullNamefromLoginEx: UserPrincipalName=, AppPrincipalName= ,bstrLogin=Domain B\UserABC
  •  System.Runtime.InteropServices.COMException: Cannot complete this action.  Please try again.<nativehr>0x80004005</nativehr><nativestack></nativestack>, StackTrace:    at Microsoft.SharePoint.Utilities.SPUtility.GetFullNameFromLoginEx(String loginName, Boolean& bIsDL)     at Microsoft.SharePoint.SPSecurity.ResolveUser(String userName, String& displayName, Byte[]& sidBytes)     at Microsoft.SharePoint.Administration.SPAcl`1.CreateAce(String principalName, T grantRightsMask, T denyRightsMask)     at Microsoft.Office.Server.Administration.UserProfileApplication.get_SerializedAdministratorAcl()     at Microsoft.Office.Server.Administration.UserProfileApplication.GetProperties(Boolean skipPartitionIds)     at Microsoft.Office.Server.Administration.PartitionPropertiesCache.GetApplicationProperties(UserProfileApplicationProxy proxy)     at Microsoft.Office.Server.Administration.PartitionPropertiesCache.RefreshCacheProperties(Object dummy)     at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)     at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)     at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()     at System.Threading.ThreadPoolWorkQueue.Dispatch() 
  •  Cannot complete this action.  Please try again.<nativehr>0x80004005</nativehr><nativestack></nativestack>      
From this log we have encounter that user profile have following backend logic :



resolution :
remove domain B user from user profile admin group.

at No comments: