Tuesday, April 15, 2014

SharePoint 2013: The given key was not present in the dictionary

Problem

You are attempting to register a new managed account to your SharePoint Server 2013 farm.  After entering the account details, and then clicking OK, you see the error, The given key was not present in the dictionary.

Solution
 
The cause of this issue likely involves AD permissions.
  1. As Administrator, launch the Active Directory Users and Computers administrative tool.
  2. Connect to the appropriate domain controller.
  3. From the View menu, Advanced Features.
  4. Double-click the account you want to register:  its Properties dialog appears.
  5. Select the Security tab. 
    Listed on this tab are all the other AD accounts and groups and their permissions relative to this account.
  6. Look for the farm service account:
    • If you find it, verify that the following permissions have been enabled for the farm service account:
      • Read account restrictions.
    • If you don't find it, add it, and then grant it the Read account restrictions permission.(see notes 1 and 2).
  7. Click Apply and exit.
  8. Register the account.
References
Notes
  1. Central Administration must interrogate AD in order to verify the account you want to register.  CA runs on the farm service account.  Therefore the farm service account must have the permissionto read certain AD properties of any account you may want to register with the farm.
  2. The Read account restrictions permission is actually a sub-permission of the Read permission.  If you start out by enabling the Read option (second one down), this in turn enables all of the granular read sub-permissions, including the Read account restrictions permission.  You can verify this by enabling Read and then scrolling down.  In the customer environment, I have found that enabling the Read permission covers all bases.  However, my own testing has found that just enabling the Read account restrictions permission is sufficient.
  3. Contrast this error message with the one you see for wrong password: 
    .

No comments: