07-24-2020 08:44 AM
07-24-2020 08:44 AM
We have SP 2019 on premise. Recently, we attempted to add an AD local security group to a SP group to give permission to a collection. The name resolves but when I hit the share the group does not show up in the permission list. No indication of any action at all nor any errors that I could see. We were able to last Tuesday as I see a group in there with that date added by our developer. If we attempt to add an AD user to the permission group it works just fine. This would be painful if we have to add users this way. I believe there was an update ran over the weekend but need to confirm. We checked other collections and seems to the same case throughout the entire site. Is there anything I can check or verify as to why an AD sec group can no longer be added?
07-26-2020 03:57 PM
07-29-2020 11:46 AM
@Trevor Seward Hey Trevor, thanks for the response. I looked at those logs and it looks like the user profile sync service account is not working. The account is not locked so I'm not sure if its a different issue as the error indicates a failure to decrypt the connection password. I have not seen this error before. I rather not change the password yet as I think my old sharepoint admin used it elsewhere which we are identifying. Would this be related to my inability to add AD security groups to sharepoint permission.
General 7200 Critical Failed to decrypt connection password for ConnectionForectName 'domain.local', ConnectionSynchronizationOU 'DC=SOG,DC=Local', ConnectionUserName 'domain\account'. Please refresh connection credentials. a77c6a9f-4b17-a0cf-6cd8-e9f87678dff3
07-29-2020 11:50 AM
08-11-2020 10:28 AM
We ran a full synchronization and it resolved this issue with the user profile sync. We are still having the issue where we can only ad domain user accounts but not domain security group. Is there any other way to troubleshoot this?
08-11-2020 12:33 PM
We figured it out. We ran a command for the people picker to our trusted 2nd domain and on sharepoint servers and not just frontends. Needed to be ran on app server as well but had to find the app cred key from front ends and imported them. Seems to work now.