SharePoint Experts, Information Architects, Expert Witness

We provide consulting in a broad array of business and technology from architecture to design to deployment of global systems with a focus on surfacing data in the enterprise. Specialists in Microsoft, we are a premier provider of SharePoint Expertise (including 2016 and Office 365). We also provide Expert Witness/Legal Expert in eDiscovery, source discovery, patent infringement, piracy and more! We also have established SICG DLDS s.a. - our counterpart in Costa Rica that specializes in water systems (http://www.crwatersolutions.com) - Contact me direct: david_sterling@sterling-consulting.com or call 704-873-8846 x704.

Search This Blog

Monday, May 28, 2018

Remote Desktop Access (On-Premise & Azure) Error "CredSSP Encryption Oracle Remediation"

So, recent update in Microsoft has broken RDP across the globe. It's not necessarily a server problem, but many (unfortunately) allow for Automatic Update on their laptop/desktop and Microsoft added this update without any notice. When you try to RDP (Remote Desktop Connection), the error is "CredSSP Encryption Oracle Remediation" - The error will look similar to this:



So, if you are using servers on-premise, the only fix is to a) run update on all systems you intend to use RDP with (laptops, desktops, etc.) then b) run update on ALL of the servers you intend to connect to. A REAL pain, but the only way to fix it properly. I know the pain - I had to spend an entire weekend running updates (some 'packaged' which always makes me nervous in what is actually in it) and test every server.

Now, if you are using Azure, you will come across the same error - this one is a bit tricky but fortunately, a post on this shows the fix:

https://blogs.technet.microsoft.com/mckittrick/unable-to-rdp-to-virtual-machine-credssp-encryption-oracle-remediation/

Mitigation 1 was my choice - if you use this, after completing the change, open a command window as Administrator and run:

gpupdate /force

You need permissions to do this OR you have to talk to your system administrator(s) and get a global change.

Use Mitigation 2 ONLY if you have to!

UPDATE: Microsoft's May 2018 Security Update will fix this permanently however a reboot is required so plan accordingly - look for KB4103725 to download if it doesn't work with Windows Update (we had to try on a few servers several times - only accessible through the Hyper-V and VMWare consoles so were down for quite awhile; update would fail after 20 minutes or so).

Sunday, May 27, 2018

Start-SPAdminJob doesn't work

Old one but worth remembering - the Start-SPAdminJob doesn't work as you'd expect - entering the command by itself (and with -Verbose or any other options), you get an error (click the image to expand):


The fix is not really documented - you have to stop the SPAdmin (SharePoint Administration Services through Services.msc or PowerShell), run the cmdlet then start the service again. For 2013, it's:

Net Stop SPAdminV4
Start-SPAdminJob
Net Start SPAdminV4

Remember too that for now, stsadm -o execadmsvcjobs still works (use the Management Shell so you don't have to change directories).

ALWAYS USE Run as administrator when opening the Management Shell for best results!


Friday, March 23, 2018

Generate a detailed report about every document in your site collection SP13/16

Like many of you, I've searched for many a way to find out what's in the SharePoint site. I had a specific need to get a list of documents in the site collection and was not able to access my own so I came across a post that turned out to be 'almost' what I needed but was crude in what it did.

Thus this, the enhanced script to generate a detailed report about every document in your site collection. This is an excellent tool for integration with CRM or LOB systems!

NOTE: You have to modify the Reflection to update to 16. This one is for 13:

Download the Script here



Tuesday, February 27, 2018

Screen Timeout in Windows Server

If you are like me, doing development on servers can be a pain when the screen keeps locking. Having to login again and again gets to be a real pain. I did find the solution for this and while I'd like to send a kudos, I cannot find the original link so I am documenting it here.

The default setting for Windows is to timeout after 1 minute - this can be very agitating when working on something. The purpose of this change is to a) Remove the password requirement and b) Disable the timeout (or  you can set the timeout to something longer like 10 minutes).

To start off with, you MUST login using the Administrator account. While an Admin account can change the Registry, power settings can only be changed by the Administrator.

Step 1: Modify the Registry

By default, the option to change the timeout is not available (and in fact not shown). To get this to show, we have to modify the registry setting to enable it.

Open a command window (running As Administrator) and enter Regedit (or use the Run command). When the Registry opens, navigate to:

HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Power/PowerSettings

Locate the GUID 7516b95f-f776-4464-8c53-06167f40cc99 and expand it. Next locate the GUID 8EC4B3A5-6868-48c2-BE75-4F3044BE88A7 and click to open it. On the right hand side, you'll see "Attributes":


Double click on Attributes and change the value from 1 to 2:


Click OK to save the change and close Regedit.

Step 2: Open the Control Panel

When you open the control panel, use the Search box to search for the word "power" - this will bring up the Power Options. Click on Change power-saving settings:


If you are not the Administrator, you'll know because the options will be grayed out:
As Administrator, this option is enabled - click Change plan settings:
Next, click the Change advanced power settings link:

The first option you can change is the Password on Wakeup - set this to Yes or No:


Scroll down to the 'Display' section - this is where you can set the timeout - by default, this is One Minute:


To disable completely, set this value to 0 otherwise you can set the value to however many minutes you want:

Click the Apply button and close everything out.

That's it! No more timeout!





Saturday, February 17, 2018

Status of DBCC Shrink or Shrink through the GUI SQL Server

A note so I don't forget - if while doing a Database Shrink, you may want to know the status - the TSQL command is this:

SELECT percent_complete, start_time, status, command, estimated_completion_time, cpu_time, total_elapsed_time
FROM sys.dm_exec_requests
WHERE command = 'DbccFilesCompact'

Here's the detail on the table:

https://docs.microsoft.com/en-us/sql/relational-databases/system-dynamic-management-views/sys-dm-exec-requests-transact-sql

The key field you may be interested in is estimated_completion_time - to get the hours/minutes, use this:

Select dateadd(s, convert(bigint, <value>) / 1000, convert(datetime, ''))

For example:

Select dateadd(s, convert(bigint, 162114) / 1000, convert(datetime, ''))

will return '1900-01-01 00:02:42.000', i.e. 2 minutes, 42 seconds.

Be aware that the estimated_completion_time is just that, estimated but it will give you a rough idea on if you should grab another cup of coffee or go out to lunch.


Sunday, February 11, 2018

The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator

You may catch this error when working with lists:

The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator

There are several fixes to this, most notably by updating the thresholds in the web application settings in Central Administration (on premise) but you can't do it on Online.

However, even working with both on-premise and online developing a 'recent file/folder/doc set' view tool, it became apparent that changing the view limits didn't make a difference anyway. 

For little queries (a single list with a few thousand items) you don't usually see this. However, if you are doing web wide, SiteColllection or Recursive queries, this becomes a real problem in a live site setup.

It turns out that it's all in the CAML query - yes, yet another anomaly we find that's never documented. So the issue that in the CAML query, we have to be careful what we use in terms of nesting - a query can be really long (for example, filtering out using <Neq> to eliminate specific file types - for example, xml, xsl, css using the DocIcon field) or short HOWEVER, if your CAML query includes both <And> and <Or> viola, you get the error.

My assumption here is that the OR query portion means there's too much hashing going on to properly calculate the number of rows it will return (FYI Row Limit doesn't fix this). 

The fix can be a pain but it works - make sure that you ONLY use <And>. This can complicate your queries but if you think them through, you can always work it out.

UPDATE: This MAY not fix it either. It turns out that if the database is exceedingly large (like over the limit), the error still occurs.

One other tidbit: 

If you are looking for recently created or modified files (and folders, etc.), be sure to only use the Modified date in the query (if you use Created then Or Modified, the query blows up as above). Remember that the Created/Modified dates are always filled when created so you do have add some logic to split them (i.e. If Created = Modified the status is "created" - if Modified greater than Created, status = modified).

Thursday, February 1, 2018

Add a page title to your master page (SharePoint & SharePoint Online)

Ever get a bit annoyed with the ribbon in SharePoint blocking the page/list/whatever title? Can't tell what folder (gasp you use folders?) you are in? It can be quite difficult for new users. So quick fix - simply edit your Master to add a little snip it as follows.

Edit your master using Designer. Make a copy of the master you are using now and create a new one. In the code, find the line below and paste in the code snippet - modify the style as you see fit:

RIGHT AFTER THIS LINE:
<SharePoint:AjaxDelta runat="server" id="DeltaSuiteLinks" BlockElement="true" CssClass="ms-core-deltaSuiteLinks">

PASTE THIS IN:
<span id="pageDisplayName" style='text-align:left;'></span>
<style type="text/css">
.TopPageLinkStyle { font-weight:bold; text-decoration:none; }
a.TopPageLinkStyle { color:#ffffff; }
a.TopPageLinkStyle:visited { color:#ffffff; } 
a.TopPageLinkStyle:hover { color:#00FFFF; } 
a.TopPageLinkStyle:active { color:#00FFFF; } 
</style>
<script type='text/javascript'>
var trimIt = document.title;
if (trimIt.length > 0)
{
var pgUrl = window.location.href;
var dispIt = trimIt;
document.getElementById("pageDisplayName").innerHTML = "Current Location: <a href='" + pgUrl + "' class='TopPageLinkStyle'>" + dispIt + "</a>" + "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";;
}
</script>

AND IT MUST BE BEFORE THIS LINE:
<div id="suiteLinksBox">

Save your new master and publish it. Navigate to your site and try it out on a sub site - the result should be something like this:


Notice that the name is a link - it allows one click away from going back instead of having to click the ribbon. Also, check it out in a List! Enables getting back to the main view quickly (and includes it in the title):