SharePoint Experts, Information Architects, Expert Witness

We provide consulting in a broad array of business and technology from architecture to design to deployment of global systems with a focus on surfacing data in the enterprise. Specialists in Microsoft, we are a premier provider of SharePoint Expertise (including 2016 and Office 365). We also provide Expert Witness/Legal Expert in eDiscovery, source discovery, patent infrigement, piracy and more! We also have established SICG DLDS s.a. - our counterpart in Costa Rica that specializes in water systems ( - Contact me direct: or call 704-873-8846 x704.

Search This Blog


Friday, January 1, 2016

Checking BitLocker status (Windows 8/Windows 10)

If you've started using BitLocker to encrypt your hard drives (and you should be), you may notice when first started that the system is very sluggish for awhile.

When I turned it on (be aware - not ALL versions of Windows have it - for example Windows 8.1 Pro and Enterprise - I am assuming the same for Windows 10), all went as planned but the system was really slow for a 16GB machine. While I was just setting it up (installing Office, etc.), the system was really bogged down. I let it sit for a day then installed some other things - same issue.

This was really beginning to concern me about the long term performance until I noticed that in the System Tray, the BitLocker icon was there. Right clicking on it is showed "Encrypting". Being a new system with a 1TB drive, I assumed it would take a while so I let it sit for a full day. Checked the status, same deal so wasn't sure if it was stuck or some other major issue.

Looking around for some answers (I obviously didn't want to reboot), I finally found the command line method for managing BitLocker (manage-bde). While this command has a lot of options (locking/unlocking a drive, etc.) it has the option to simply check the status. Open a Command Window (running As Administrator!), enter the command:

manage-bde -status

Viola! It shows the complete information you'd want to know:

Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [drive name]
[OS Volume]

Size: 930.79 GB
BitLocker Version: 2.0
Conversion Status: Encryption in Progress
Percentage Encrypted: 73.8%
Encryption Method: AES 128
Protection Status: Protection Off
Lock Status: Unlocked
<some more info about type of key, etc. here>

<other drives will be listed here>

In short, enabling BitLocker means being very patient. In the case of my drive (930.79 GB), it took over two and a half days to complete!

Tuesday, October 27, 2015

The Trust Relationship Between This Workstation And The Primary Domain Failed

So every now and then, I've come across the error when trying to login to a server:

The Trust Relationship Between This Workstation And The Primary Domain Failed

There are a number of reasons this can happen - basically it means that the Domain Controller and the Server are not communicating. For example, if a domain controller goes down and the server brought up, it cannot communicate to authenticate the server in the domain. This can also happen when system recoveries are necessary or when restoring a Virtual Machine.

One method (though not the best) is to simple login to the server as an Administrator, go to the System Properties, leave the domain by specifying a temporary workgroup name (you'll need the AD Administrator account & password), reboot then join the domain again.

However, there are two better ways to do this by simply resetting the Server Password in Active Directory from the Server you are having issues with. Login as the Server Administrator then via a Command Line (using Run as Administrator), enter the following:

netdom.exe resetpwd /s:<AD server name> /ud:<user name> /pd:*

Where 'AD server name' is the name of the Active Directory server and 'user name' is an account (in format of domain\name) that has permssions in AD.

Note that when you enter this command, it will prompt for a password to the account you specified.

Alternately, you can use PowerShell:

Reset-ComputerMachinePassword [-Credential <PSCredential>] [-Server <String>]

Where 'PSCredential' is the login name and 'String' is the name of the domain controller. For more info on the PowerShell command, see here:

Once either of these methods are used, I suggest rebooting the server - when it comes back up, login with a domain account.

Tuesday, October 6, 2015

Some interesting changes for SharePoint 2016

Overall, SharePoint 2016 is simply an upgrade to 2013. One significant change is that Server Roles must be assigned when installing (i.e. web front end, etc.) and the Distributed Cache role is also new (as a setting that is – 2013’s streamlined model accounted for this role though most folks didn't use it). It is clear that it will require a few more servers in your average farm.

There are some cosmetic changes to the site templates (they changed the header a little bit – site settings now in a new black bar at the top of the page):

Overall, the installation process and adding servers is pretty much the same. All of the service applications are the same – and surprisingly, PerformancePoint is still available (Microsoft hinted at dropping that two years ago). They did add a new service for Project Server (see below). Site deployment remains the same and templates are the same as 2013.

As for features, annoyingly, the Access App feature is automatically enabled meaning you have to turn it off it you don't want your users using that (the security issues around Access still remain). This time though, they did expand on the explanation of what it’s for (in 2013, it just said Access web app).

They have added some new ones (not sure if this represents a merge of Project Server but sure looks like it; since this is preview, they might not include these in the final):

  • Announcement Tiles - Enables Announcement Tiles feature and adds the webpart to the site.
  • Project Proposal Workflow - Provides a review workflow for managing project proposals.
  • Project Web App Connectivity - Provides the lists required within a Project Site for integration with Project Web App including issues, risks, and deliverables.
  • Project Server Approval Content Type - This content type is used by the Project Server Approval workflow
  • Project Web App Permission for Excel Web App Refresh - When this feature is active, users can refresh reports containing Project Web App data within Excel Web App.
  • Project Web App Ribbon - Contains the ribbon controls for Project Web App pages.
  • Project Web App Settings - Project Web App PMO Settings
  • Sample Proposal - Sample workflow for Project Server

The Services on Server has changed a bit too, in addition to the Roles, they’ve added a new Restart option and an indicator if the Service is in Compliance (not 100% on the last one, but would appear to be based on the Role of the server):

Probably the biggest changes is the new 2016 Hybrid Feature – this allows connection to Office 365 and OneDrive:
“With hybrid features, you can take a best-of-both-worlds approach by providing access to Office 365 productivity services and offerings directly within SharePoint Server 2016. To learn more about SharePoint hybrid solutions, visit the 'SharePoint Hybrid Solutions Center' (”

So – there you have it! As the preview, Microsoft is usually around 3 months to customer release – I expect we’ll see the final in December!

Troubles installing SharePoint 2016

If you are working with the pre-release SharePoint 2016 preview, you may get an error when trying to install. The error in the System Event Application log - Event ID 5586 shows the error as:

Unknown SQL Exception 53 occurred. Additional error information from SQL Server is included below.

A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)

There are a variety of reasons this may occur, most notable:

1) Not using a SQL Alias - this has been a problem will all SharePoint versions. If you attempt to use the SQL instance name it will work - sort of. If it is the default instance you might be OK but usually services like the User Profile will not. If you've not setup an alias before, the command is "cliconfg". Be sure to enable TCP/IP and Named Pipes (with TCP/IP as the priority).

2) An actual network problem - some have experienced this in networks where the DNS is flakey; often adding all of the farm servers to the Hosts file (on all servers) will correct.

3) Incorrect settings in SQL Server - if SQL is set to Named Pipes vs. TCP/IP, this will occur.

4) Something else - sometimes, simply re-running the installation will 'fix' the issue. I had this occur on a fresh system; I rebooted and ran again and the install completed.

Hope this helps!

Tuesday, September 29, 2015

Issues with SharePoint 2013 Search - Event ID 1357

New installation - first time I came across this issue and there's no excuse for it. Apparently one of the SharePoint updates (one can only assume) seems to drop the proper permissions within the Search environment and suddenly, you get no new crawls.

You will most likely get Warnings in the event application log for Event ID 1357. The message (cuttting it down to the relevant info):

A database error occurred. Source: .Net SqlClient Data Provider Code: 229 occurred 0 time(s) Description:  Error ordinal: 1 Message: The EXECUTE permission was denied on the object 'proc_MSS_CrawlAdmin', database 'DSNet_Search_AdminDB', schema 'dbo'., Class: 14, Number: 229, State: 5    at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, 

Go to the SQL Server and check - the Search Service Account probably doesn't have the proper permissions on the Search Databases. In my case, I had ALREADY checked these and they were changed.

In a low risk environment, assign it DBO rights. For high risk, it must have Security Admin and DDL Admin rights. Alternately, you can grant the rights to that account via the Database > Security settings (granting execute to all of the Stored Procecdures).

Wednesday, September 16, 2015

SharePoint 2013 Search Crawler failing, Event ID 1400

You might come across this issue when setting up a new farm - the errors vary, but in the System Event Application log, you will begin seeing warnings with Event ID 1400.

The issue is that the Search Service account doesn't have the proper local secuity policies set. Most of us are familiar with setting:

  • Impersonate a Client After Authentication
  • Logon as a Service

However, unique to this account, it needs:

  • Adjust memory quotas for a process

If the account doesn't have Adjust memory rights, the 1400 error occurs and SharePoint will not crawl content.

To fix, simply search for "Local Security Policy" and open it. Expand the Local Policies then select User Rights Assignment and add the Search Service Account (and the Farm Account) to each of the above polices:

Run an IISReset on the farm then start a new crawl.

Wednesday, August 26, 2015

Creating a Failover Cluster in VMWare Workstation 11

How To Create A Failover Cluster using VMWare Workstation

So....I'd seen a number of posts on this and while I had tried it in the past, I always seemed to have issues when trying to create a Cluster using Workstation (ESX, etc. different story). The steps were always a bit vauge on one item or another and issues like the 2nd machine not starting, inability to validate the cluster, etc.

Here's the How To that works:

1) Power down both servers

Stupid suggestion right? Of course you should start with the servers off and anyway, most of the settings here would cause you to have to reset the server so....

2) Backup the VMX Files

Navigate to the folder where the first server is and find the <servername>.vmx file. Right click on the VMX file and send it to a zip file in case you need to restore it! Repeat for the second server.

Don't do this to your own peril.

3) Add a second NIC to each server

Likely when you created the server(s), there was only a single NIC adapter added and the cluster needs two (one for the network, one to communicate between the cluster servers). The first NIC created should be set to Bridged. 

From the VMWare Console, click VM in the menu then select Settings... to open up the Virtual Machine Settings. Click the Add... button to open the Add Hardware Wizard and select Network Adapter. Click Next >, select Host-only, leave other settings as is and click Finish.

When done, it should look something like this:

Note: If you don't do the Host-only setting, it won't work.

4) Create the Shared Drives

A cluster needs at minimum a Quorum disk (used to sync between the servers) and a data disk (you can add any number of disks as needed).

Create a new folder wherever you keep your VM's stored and call it ClusterDrives (or whatever name you want). On the 'first' server (whichever you pick as the starting point), add the Quorum disk (you'll repeat this process for each disk you add):

a) Open the VM Settings as above (when you added NIC's). 

b) Click the Add... button to open the Add Hardware Wizard

c) Click Hard Disk to select it and click Next > to display the Select a Disk Type page

d) Leave the type selected as SCSI then select Independent and Persistent as shown (we don't want them to be tempermental now do we?):

e) Click Next > to display the Select a Disk page:

f) You can choose the type of disk here - but for most cases, leave this as Create a new virtual disk (you'll have to do different on server 2) then click Next > 
g) On the Specify Disk Capacity page, select the disk size - for the Quorom disk (ONLY!), 512 is fine - click to select Allocate all disk space now and click to select Store virtual disk as a single file as shown:

Adding additional data disks for stuff like SQL, you obviously will use a more realistic size - like 100GB. However, be aware that I have had trouble trying to use the Multiple Files option for any size (to be expected - usually it would be SAN storage that is dedicated if you are seriously setting up for a production environment). 

h) Click Next > to open the Specify Disk File page:

This is where you control where the disk will be created - click the Browse... button and browse to the folder you created. 

Type in the name of the disk, for example QuorumDisk.vmdk:


* Someone apparently thought that the name extension to the right was a 'suggestion'?

i) Click the Open button - when you return to the Specify Disk File page, the path should be shown instead of just the file name. 

j) Click the Finish button to create the disk.

Now repeat the above to create a Data disk. When you do that, the size of the disk should be 1GB at least though you can make it as large as you have capacity for. Be sure to name the disk file correctly (i.e. DataDisk.vmdk). You can add additional disks as well if you setting this up for SQL Server (i.e. Data Disk, Log Disk, etc.).

When you are done, the drives created will appear in the Virtual Machine Settings page:

Tip: Make SURE they show (Persistent) - if not, delete and create again.

Next, it is necessary to set the SCSI Controller for the disk(s) - fortunately, this is a LOT easier in Workstation 11 - click on one of the new hard disks created then in the properties panel on the right, click the Advanced... button:

On the Hard Disk Advanced Settings page, set the SCSI of the disk to use Controller 1 instead of 0 and pick which Disk number to use - in this case, SCSI 1:0 (Controller 1, disk 0):

Note: this is cool they made this available - in the past, it was all in editing (see below) - this ensures you will be able to designate the disks to a different controller - no fuss, no muss.

Repeat this for all the disks added - be sure to keep track of which disk is on which disk channel - they MUST match on the second server when you add the disks!

5) Add the Disks to the Second Server

Using the VM Settings for the second server, repeat the process to add disks - this time however, you will NOT create disks, you will simply select an existing disk:

After you have added the disks, select each and use the Advanced settings to change the SCSI Controller and disk numbers. Be SURE to match the first server.

6) Modifying the VMX Files

Next, it is necessary to update the VM server configuration file for each server. Navigate to the folder where the first server is and find the <servername>.vmx file. Create a second backup of the vmx file before you edit (you are on your own if you don't).

Right click and open this file with notepad.

Search for the disk settings in this file by searching for SCSI1 - this should bring you to the section where the cluster drives are defined (you can search for the file path or disk file name too). This should look similar to this:

scsi1.present = "TRUE"
scsi1.virtualDev = "lsisas1068"
scsi1:0.present = "TRUE"
scsi1:0.fileName = "H:\ClusterDrives\QuoromDisk.vmdk"
scsi1:0.mode = "independent-persistent"
scsi1:1.present = "TRUE"
scsi1:1.fileName = "H:\ClusterDrives\DataDisk.vmdk"
scsi1:1.mode = "independent-persistent"

The lines above are the only ones you need to check (you'll find a few others) - mainly to make sure that the 'present = "TRUE"' is, uh, present.

Yours MAY look a litte different, for example:

scsi1.virtualDev = "lsisas1068"

Might be:

scsi1.virtualDev = "lsilogic"

Just below these lines, add the following:

disk.locking = "false"
diskLib.dataCacheMaxSize = "0"

Without these last two lines, starting the VM will cause it to lock the drives and block the other server from accessing them. See the troubleshooting at the end.

Save the changes and exit Notepad. 

Now, Rinse & Repeat: Make the exact same changes to the second server vmx file. Cut and paste if you can (I do not know why but this made a difference - twice!). 

6) Format the Shared Disks on the First Server

Power on the first server where the disks were added. Login using an Administrator account then using Administrative Tools > Computer Management  > Disk Management, bring the disks "Online" then format them - assign the Drive Letter accordingly (i.e. Quorum disk = Q:).

* I can't explain the Disk Management console here so I am assuming you know it.

7) Add the Shared Disks on the Second Server

Power on the second server. Login using an Administrator account then using Administrative Tools > Computer Management  > Disk Management, bring the disks "Online". When you do this, they should pop right up with the proper names you assigned on the first server HOWEVER the drive letters will be different. Right click on each drive and change the drive letter to match the first server.

And at this point you are done - you now have a shared network with shared disks ready to install a Failover Cluster!


Second VM will not start?

1) Check the vmx file and make sure lines:

disk.locking = "false"
diskLib.dataCacheMaxSize = "0"

were added.

2) If set, try changing the line:

scsi1.virtualDev = "lsilogic"


scsi1.virtualDev = "lsisas1068"

Second VM can't see the drives?
Shutdown, restore the backup vmx file for the second server and repeat the process.

How to back out?

Shutdown both servers (force power off if necessary), restore the backup vmx file for each server and power on. This will NOT delete the virtual drives.

Hey folks - we do this for a living - leave comments, subscribe and never hesitate to send a link around!