Last week we created a new Site Collection and published it to our company. We added an active directory universal security group to our visitor group in Sharepoint.
After some time the first users complaint that they have no access to the site collection. Really strange was that all users without sid history had no problem.
Finally we found this article: KB2722087
“Each SharePoint service application must run the C2WTS locally. The C2WTS does not open any ports and cannot be accessed by a remote caller. Further, the C2WTS service configuration file must be configured to specifically trust the local calling client identity.”
Its mandatory that the Claims2WinowsTokenService runs on ALL WebFrontends and Backend Servers! (don’t think its necessary on real Backend Server without user interfaces like search server)
Recent Comments