Thanks to a recent customer I have a new troubleshooting tidbit for SharePoint 2010′s people picker. Thanks to Microsoft and a fellow technician for the help with this. If the People picker returns a call back error when searching for accounts in a remote domain in a one way trust take the following steps:
1. Ensure that the AD trust is working correctly. This can be done in Active Directory Domains and Trust on the Domain Controller.
2. The Farm Account should be a member of the local machine’s administrator group.
3. On the “HKLM\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure” registry key ensure the following permissions are in place and are being inherited in the sub-keys
* WSS_WPG Read permission
* WSS_Admin_WPG Full Control
* WSS_RESTRICTED_WPG_V4 Full Control
4. Get and copy the peoplepicker-searchadforests property value via stsadm command:
stsadm -o getproperty -url <URL> -pn peoplepicker-searchadforests
5. Clear the peoplepicker-searchadforests property value via stsadm command:
stsadm -o setproperty -url <URL> -pn peoplepicker-searchadforests -pv “”
6. Rerun the password encrypt command with different password:
stsadm -o setapppassword -password <NewPassword>
NewPassword can be anything you want.
7. Set the peoplepicker-searchadforests property value via stsadm command:
stsadm -o setproperty -url <URL> -pn peoplepicker-searchadforests -pv “domain:domain.local;domain:domain2.local,domain\username,password”
Generating a password encrypts is really remarkable in callback error, I think we are using SharePoint 2010 for share our ideas, expertise and creating customers solutions for specific needs, if there is any error occur, it will leads to complexity for IT field, after all SharePoint helps us to cut training maintenance costs, saves our times and focus on higher business priorities.