SharePoint Search Returns No Results

Recently I had a problem where no results were being returned when performing a search in a SharePoint site. I checked the crawl log and sure enough the results were being crawled. The site collection was in a web application that was using Windows authentication, I had another web application on the farm that was using Claims authentication and the search results were working as expected. The SharePoint servers are in a service domain seperate than the corporate domain, and there is a one way trust to the corporate domain from the service domain.

After some investigation, the following was found in the SharePoint logs:


12/02/2011 13:26:29.59 w3wp.exe (0x39CC) 0x1B34 SharePoint Server Search Query Processor g2j3 High AuthzInitializeContextFromSid failed with ERROR_ACCESS_DENIED. This error indicates that the account under which this process is executing may not have read access to the tokenGroupsGlobalAndUniversal attribute on the querying user's Active Directory object. Query results which require non-Claims Windows authorization will not be returned to this querying user. 06652a9d-db8c-462d-a845-9ef1dad6aa0c


After some additional investigation, the problem appeared to be the search service application account does not have rights to read the active directory account of the user performing the search. Doing some additional searches eventually turned up the following Microsoft KB article:

http://support.microsoft.com/kb/2344518

The following resolution in the arcticle resolved the issue for me:


$searchapp = Get-SPEnterpriseSearchServiceApplication
$searchapp.SetProperty("ForceClaimACLs",1)