Strange problems resolving a user account – thanks people picker…


A customer came to me with an odd issue recently. Their customized sites were throwing errors when navigating to document libraries, and few other areas. We cracked open the ULS logs, and ran across the following. (After we repro'ed with ULS logging set to verbose) Looking at the logs,  I noticed a few things. First, I started with the log info that was logged at High and Unexpected. In the 5th line of the ULS pasted below, I could see my PortalSuperReader account. Looking at the last line (scroll wide!), I could see Publishing features erroring. Those are in Microsoft.SharePoint.Publishing namespace.

Looking at the authentication chain for the PortalSuperReader account, something didn't add up. In line 1 I decode the claim. In line 2, I get the loginname. In line 3, I can tell that I have a user account. In line 4, I can find the user name claim token. Then, in line 5, I see "User key value from token is not a user key so throwing. UserKey: 'i:0#.w|contoso\portalsuperreader'." This seems contradictory to what the last 4 lines said. I've seen plenty of issues with authentication failures, but those instances usually stand out. All accounts for a certain OU/domain/etc. fail, and there's a wide spread authentication problem. This wasn't that scenario. Something odd was going on with JUST this account.

After some troubleshooting, and some help from support, we realized that a recent change to our people picker settings were causing a problem. We excluded returning service accounts (null email address in this instance), so we couldn't resolve this account, when it was needed by the publishing features. The important take away here is that your PortalSuperReader and PortalSuperUser accounts need to be discoverable by the people picker. If they are not, anything that leverages the Publishing features, will likely not work. (Notice I said likely 😉  )

I outline how to manage the people picker in Another People Picker Post.

09/01/2017 13:50:16.67 w3wp.exe (0x10CC) 0x25E8 SharePoint Foundation Claims Authentication a6o32 Verbose Decoded claim: ClaimType: 'http://schemas.microsoft.com/sharepoint/2009/08/claims/userlogonname', OriginalIssuer: 'Windows', Value: 'contoso\portalsuperreader', ValueType: 'http://www.w3.org/2001/XMLSchema#string' 450f159e-08ca-a02b-f3d7-9fd897f186fc
09/01/2017 13:50:16.67 w3wp.exe (0x10CC) 0x25E8 SharePoint Foundation Claims Authentication a6o33 Verbose GetClaimsUserLoginName: SPOriginalIssuerType 'Windows', claim type 'http://schemas.microsoft.com/sharepoint/2009/08/claims/userlogonname' 450f159e-08ca-a02b-f3d7-9fd897f186fc
09/01/2017 13:50:16.67 w3wp.exe (0x10CC) 0x25E8 SharePoint Foundation Claims Authentication a6o34 Verbose Determined that the claim indicates a user account, attempting to fetch claim. 450f159e-08ca-a02b-f3d7-9fd897f186fc
09/01/2017 13:50:16.67 w3wp.exe (0x10CC) 0x25E8 SharePoint Foundation Claims Authentication a5rih Verbose Found user name claim for token. UserName: 'i:0#.w|contoso\portalsuperreader'. 450f159e-08ca-a02b-f3d7-9fd897f186fc
09/01/2017 13:50:16.67 w3wp.exe (0x10CC) 0x25E8 SharePoint Foundation User Key aysye Unexpected User key value from token is not a user key so throwing. UserKey: 'i:0#.w|contoso\portalsuperreader'. 450f159e-08ca-a02b-f3d7-9fd897f186fc
09/01/2017 13:50:16.67 w3wp.exe (0x10CC) 0x25E8 SharePoint Foundation Runtime tkau Unexpected System.InvalidOperationException: Operation is not valid due to the current state of the object. at Microsoft.SharePoint.SPUserToken.GetClaimsUserKey() at Microsoft.SharePoint.SPGlobal.CreateSPRequestAndSetIdentity(SPSite site, String name, Boolean bNotGlobalAdminCode, String strUrl, Boolean bNotAddToContext, Byte[] UserToken, SPAppPrincipalToken appPrincipalToken, String userName, Boolean bIgnoreTokenTimeout, Boolean bAsAnonymous) at Microsoft.SharePoint.SPSite.GetSPRequest() at Microsoft.SharePoint.SPSite.get_Request() at Microsoft.SharePoint.SPSite.OpenWeb(Guid gWebId, Int32 mondoHint) at Microsoft.SharePoint.Publishing.CachedArea.GetIdentityWeb(Guid webId, SPSite elevatedSite, Boolean isSuperUser) at Microsoft.SharePoint.Publishing.CachedArea.GetChildListByGuid(Guid listIdGuid) at Microsoft.SharePoint.Publishing.CommonUtilities.GetCachedList(SPWeb web, Guid listId) at Microsoft.Office.RecordsManagement.Controls.DeclareRecordAction.<>c__DisplayClass1.<GetDeclareRecordInfo>b__0() at Microsoft.Office.Server.Utilities.MonitoredScopeWrapper.RunWithMonitoredScope(Action code) at Microsoft.Office.RecordsManagement.Controls.DeclareRecordAction.GetDeclareRecordInfo() at Microsoft.Office.RecordsManagement.Controls.InPlaceRecordsRibbon.Page_PreRenderComplete(Object sender, EventArgs e) at System.EventHandler.Invoke(Object sender, EventArgs e) at System.Web.UI.Page.OnPreRenderComplete(EventArgs e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) 450f159e-08ca-a02b-f3d7-9fd897f186fc
09/01/2017 13:50:16.67 w3wp.exe (0x10CC) 0x25E8 SharePoint Foundation General ajlz0 High Getting Error Message for Exception System.Web.HttpUnhandledException (0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.InvalidOperationException: Operation is not valid due to the current state of the object. at Microsoft.SharePoint.SPUserToken.GetClaimsUserKey() at Microsoft.SharePoint.SPGlobal.CreateSPRequestAndSetIdentity(SPSite site, String name, Boolean bNotGlobalAdminCode, String strUrl, Boolean bNotAddToContext, Byte[] UserToken, SPAppPrincipalToken appPrincipalToken, String userName, Boolean bIgnoreTokenTimeout, Boolean bAsAnonymous) at Microsoft.SharePoint.SPSite.GetSPRequest() at Microsoft.SharePoint.SPSite.get_Request() at Microsoft.SharePoint.SPSite.OpenWeb(Guid gWebId, Int32 mondoHint) at Microsoft.SharePoint.Publishing.CachedArea.GetIdentityWeb(Guid webId, SPSite elevatedSite, Boolean isSuperUser) at Microsoft.SharePoint.Publishing.CachedArea.GetChildListByGuid(Guid listIdGuid) at Microsoft.SharePoint.Publishing.CommonUtilities.GetCachedList(SPWeb web, Guid listId) at Microsoft.Office.RecordsManagement.Controls.DeclareRecordAction.<>c__DisplayClass1.<GetDeclareRecordInfo>b__0() at Microsoft.Office.Server.Utilities.MonitoredScopeWrapper.RunWithMonitoredScope(Action code) at Microsoft.Office.RecordsManagement.Controls.DeclareRecordAction.GetDeclareRecordInfo() at Microsoft.Office.RecordsManagement.Controls.InPlaceRecordsRibbon.Page_PreRenderComplete(Object sender, EventArgs e) at System.EventHandler.Invoke(Object sender, EventArgs e) at System.Web.UI.Page.OnPreRenderComplete(EventArgs e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.HandleError(Exception e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) 450f159e-08ca-a02b-f3d7-9fd897f186fc
Comments (0)

Skip to main content