Exception: System.InvalidOperationException: An error occurred while getting information about the user sharepoint at server xxx.com: Access is denied
at Microsoft.SharePoint.Win32.SPNetApi32.NetUserGetInfo1(String server, String name)
at Microsoft.SharePoint.Administration.SPManagedAccount.GetUserAccountControl(String username)
at Microsoft.SharePoint.Administration.SPManagedAccount.Update()
at Microsoft.SharePoint.Administration.SPProcessIdentity.Update()
at Microsoft.SharePoint.Administration.SPApplicationPool.Update()
at Microsoft.SharePoint.Administration.SPWebApplication.CreateDefaultInstance(...)
...
at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()
Initial troubleshooting focused on common assumptions: insufficient SQL permissions, incorrect domain account privileges, or network connectivity issues. The database server was confirmed to be reachable, and the specified domain account had full administrative rights—both on the domain and locally on the SharePoint server. The configuration database itself was successfully created, ruling out SQL access as the root cause.
After extensive research and consultation with community forums—with no relevant results in Chinese-lanugage resources—the solution emerged from a single comment by an international user: the Configuration Wizard does not run under the context of the domain account specified during setup; it runs under the context of the currently logged-in user.
This means that even if you enter a domain service account (e.g., DOMAIN\sp_farm) in the wizard’s input fields, the underlying processes still attempt to validate and interact with Active Directory using the credentials of the person pyhsically or remotely logged into the server. If you’re logged in as a local administrator (e.g., SERVER\Administrator), SharePoint tries to query AD for information about the sp_farm account using the local system’s context—which lacks the necessary domain authentication rights.
The fix is simple but easily overlooked: log out of the server entirely, then log back in using the exact domain account intended for SharePoint farm configuration. Once authenticated as that domain user, launch the Configuration Wizard. The wizard will now successfully resolve the account’s properties via domain LDAP queries, and the database creation process completes without error.