Scenario and investigation of the problem:
You created search service application and your search service is running correctly. Your crawl is indexing sites, you have many items in index. Your ‘All sites’ scope has many items.
Users get no results when searching for content. There is no error on a results page, just saying that there are no results. Users get correct results when searching for people.
You go to site settings >Search scopes and see that All Sites scope has ZERO items, unlike Central Administration.
You try to create a new scope to separate your site content, again, it show items in Central Admin but after scopes update, it still shows ZERO elements in site collection search scopes, scope status in READY.
There are no errors in Event Log.
There are no errors in ULS.
You try to create a new Search Service Application but you get same results.
Google has pointed me into right direction but it was really long process and many clues in between.
First important fact:
You should reconfigure your diagnostic logging to show Verbose for Search Service. you can restart SharePoint Timer Service to start a new log file
After I did that I get interesting log in ULS:
Query Processor Unexpected AuthzInitializeContextFromSid failed with 2. The querying user’s Active Directory object may be corrupted, invalid or inaccessible. Query results which require non-Claims Windows authorization will not be returned to this querying user.
This has pointed me into the right direction to this thread
Also, this is really good stuff on Search service issue resolution:
And, at the very end, this is official technet KB:
So basically, this was fix:
1.Write and run a script:
$ssa = Get-SPEnterpriseSearchServiceApplication “<Your Search Service Application Name>” #you find search service application name on a list of all service applications
2.Run full crawl on all your data sources
3.Look at your site collection scopes – they should now have >ZERO count – search is working and returning results (yuppie!)
4.One glitch that I noticed – now in Search service application – View scopes, they show ZERO… hmmm… no idea why, before running this script situation was opposite… but search is now finally working for all users and this is what counts!!! Client is happy!!!
Now, why would this happen to you, providing your search was working, you remember it working correctly. Well, I did not find direct reason but it this particular setup, domain controller and all users in Active Directory were maintained by other company – service provider. I am only guessing that they may have changed service account policies, domain trust levels etc. In similar scenarion, the keyword to diagnosing it is AuthzInitializeContextFromSid