I am trying to log into a new SharePoint application, which has it's authentication method set to Claims based authentication (CBA). The user I am logging in with is Site collection admin. When trying to log in I get the access denied page. When looking in the event log on the WFE the site is running on, I see the following error:
An exception occurred in Active Directory claim provider when calling SPClaimProvider.FillResolveClaim(): Requested registry access is not allowed.
Event ID: 8307
User: NT AUTHORITY\IUSR
I get why IUSR would not have registry access, but why would SharePoint run a request under that account, the webapp is running under a domain service account? Pretty much everything is running as it should except this web app. The Claims based authentication is needed because of search requirements (one-way domain trusts).
