The Best Available!

We provide consulting in a broad array of business and technology from architecture to design to deployment of global systems. We cover all technologies with a specialty in Microsoft Technologies (including SharePoint). We also provide legal expert services in eDiscovery, code discovery, patent infrigement, piracy and more! Contact me direct: david_sterling@sterling-consulting.com or call 704-873-8846.

Search This Blog

Loading...

Wednesday, June 11, 2014

SharePoint 2013 Site Fails to render on create, you receive 500 Internal Error or you see Event ID 8305

So you create a brand new Web Application then create a Site Collection (template unimportant). Instead of the site rendering, you get a blank page. Or if lucky, you see a 500 Internal Error message.

As usual, this is a security issue with SharePoint and since environments vary quite a bit, it can be a tough one to track down. Generally this is a problem with the Application Pool Identity (the account used for the application pool for the web application). On each of the servers, follow these steps:

  1. Verify the account has local permissions (on the server(s), open Administrative Tools > Local Security Policy then expand Local Policies then click on User Rights Assignment) - this account REQUIRES "Log on as a service" and "Impersonate a client after authentication"
  2. Verify the account is a member of the WSS_WPG group
  3. Verify on the local server(s) that the Application Pool has access to SQL Server



Friday, May 2, 2014

SharePoint 2013 Claims to Windows Token Service not starting after reboot

CLAIMS TO WINDOWS TOKEN SERVICE NOT STARTING AFTER REBOOT

The Claims to Windows Token Service should be running all all servers in the farm. If on a restart of a server, the service won’t start or is stuck on starting, the issue may be with the Cryptographic Services Service. This is a timing issue in which that service hasn’t started before the claims service has. The solution is to add a dependency to the service definition so that the CS service will start before claims:

1) Open a Command Prompt (or PowerShell) using Run as administrator
2) Type in the command:

sc config c2wts depend=CryptSvc

3) Hit Enter then close the command prompt
4) Open the Services console (Start > Run > services.msc or Start > Administrative Tools > Services)
5) Find the Claims to Windows Token Service in the list then right click on it and select Properties.
6) On the Properties pop-up, click the Dependencies tab and verify that the Cryptographic Services is listed and click OK to close

SharePoint 2013 - Event ID 6398

Event ID 6398

Error on Search Servers indicating:

The Execute method of job definition Microsoft.SharePoint.Diagnostics.S PDiagnosticsMetricsProvider threw an exception


This means that the permissions are inadequate on the location of the SharePoint Logs – verify that the WSS_WPG and WSS_ADMIN_WPG local groups have full permissions to the drive/folders in use. 

SP13: Security Token Service is not available

As may be reported by the Health Analyzer or as a message in the System Event Application Log:

The SharePoint Health Analyzer detected a condition requiring your attention.  The Security Token Service is not available.
The Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state.
Administrator should try to restart the Security Token Service on the boxes where it is not issuing tokens. If problem persists, further troubleshooting may be available in the KB article. For more information about this rule, see "http://go.microsoft.com/fwlink/?LinkID=160531".

This indicates that the SharePoint Web Services Root application pool is stopped. Open Internet Information Services (IIS) Manager, expand server then click on Application Pools – right click on the SharePoint Web Services Root and select Start:



Other possible causes:
The Security Token Service hasn’t been provisioned
1.       Login to a SharePoint server as the Farm Account
2.       Open the SharePoint 2013 Management shell using Run as administrator
3.       Enter in the following commands:
$sts = Get-SPServiceApplication | ?{$_ -match "Security"}
$sts.Status
$sts.Provision()

Incorrect Authentication Settings in IIS
1.       Open Internet Information Services (IIS) Manager
2.       Expand the Sites folder
3.       Expand the SharePoint Web Services folder
4.       Click on the SecurityTokenServiceApplication to select it
5.       In the Features pane in the IIS section, double click on Authentication
6.       Right click on Forms Authentication and select Disable (for SharePoint,only Windows and Anonymous access should be enabled for tokens and the claims service to work correctly)

Bad data in the Web.config File
Check the web.config file in the site for errors (use Windiff to compare to a working web.config) and/or remove any manual changes that may have been made.

Saturday, February 22, 2014

Installing Disk Cleanup without the Desktop Experience

Like many folks have found, the Windows Disk Cleanup utility is very handy indeed - particularly for those that have upgraded an OS. There are a lot of files left over that it can be difficult to remove. While a great utility, Microsoft has opted to install it as part of the Desktop Experience feature. This means that a whole boatload of stuff is installed that isn't needed on a server (handwriting, media tools, etc.). 

In the past, I like many of you have just accepted this - taking the bloatware for the good of the utility.

But no more!!

It turns out that the Disk Cleanup feature can be installed manually without the need for the Desktop Experience. To do this however requires that it be installed on a server to retrieve the necessary files. 

First, it is necessary to install the Desktop Experience on a server with the same OS as the target. Once installed, there are two files that must be retrieved (location depends on the OS) as follows:

Get the EXE file from here:
  • Windows Server 2008 R2 - 64-bit:
    • C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe
  • Windows 2012 64-bit:
    • C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.2.9200.16384_none_c60dddc5e750072a\cleanmgr.exe



Get the MUI from here:
  • Windows Server 2008 R2 - 64-bit:
    • C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\cleanmgr.exe.mui
  • Windows 2012 64-bit:
    • C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.2.9200.16384_en-us_b6a01752226afbb3\cleanmgr.exe.mui



Copy these files to a server to the following locations:
  • Cleanmgr.exe should go in %systemroot%\System32
  • Cleanmgr.exe.mui should go in %systemroot%\System32\en-US


Where %systemroot% is typically c:\windows.


If desired, create a shortcut to %windir%\System32\Cleanmgr.exe and name it Disk Cleanup.

Problem Solved!!!

If you want to trust a download, here it is:


Tuesday, January 14, 2014

Slipstreaming SharePoint 2013 and SharePoint Cumulative Updates

As was true with SharePoint 2010, Microsoft is releasing Cumulative Updates (CU's) for 2013. A new CU is generally released about every 3 months. As has been confirmed, ONLY the latest CU needs to be applied EXCEPT for 2013. For 2013, there is a mandatory update for March 2013 (which includes February 13's updates). The latest CU cannot be installed without the March 2013 applied first.

As for the CU's themselves, be sure to check for any issues folks have encountered and follow a normal process of testing on a non-production farm first. As an example, the latest CU (December 2013) has a known side effect in that it breaks the Performance Point dashboard designer - so if you are using Performance Point, don't install that CU (install October instead).

The entire list can be found here: http://technet.microsoft.com/en-us/sharepoint/jj891062.aspx

At any rate, it's not a lot of fun to have to incorporate the CU's on multiple systems - particularly when there are more than one. As well, Microsoft is not very clear about what to apply when - as in do you do Foundation, then Server or just Server and do you run SharePoint Configuration update after or not?

To clear the air on at least 2013, it now appears that CU's should only be applied based on the product you are running. That is, if you are running Server, ONLY apply the Server update - if running Foundation, ONLY Foundation. This can save you some time as like many of  you, I have in the past implemented both just to be sure (and Microsoft is very vague on this).

As for running PSCONFIG or SharePoint Configuration after each, the answer is YES - do it every time.

If you choose to run each of the updates separately, be aware that the updates DO NOT ALWAYS upgrade everything. Case in point: When applying the March 2013 update, it does not update the Business Connectivity Server (BCS) - after the update is done, a message will appear in the Health Analyzer that the BCS/BDC Database is running in compatibility mode. To correct this, use the SharePoint 2013 Management Shell (i.e. PowerShell) and provision the database as follows:

(Get-SPDatabase | ?{$_.type -eq "Microsoft.SharePoint.BusinessData.SharedService.BdcServiceDatabase"}).Provision()

As for "Slipstreaming", the process works the same way as it did in 2010.

NOTE: At the time of this writing, I have confirmed that the March 2013 CU is the only update that can be used in the slipstream process - the December 2013 CU must be applied manually after.

There are a few steps involved to do this.

1) Download all of the cumulative updates from the site for your product but be SURE to keep them in separate folders. When 'extracted', Microsoft uses cute names (ubersts for example) that are either because the update is coming from Germany or someone bought a VW and likes the term and includes the KB numbers so it's impossible to know which comes from which date.

2) For each the CU's, extract them to a folder - so for example, create a folder called March13CU. Copy the update (an .EXE file) to that folder - if the update (like August) comes in the form of a self-extracting zip, use that to extract the EXE (and in some cases, .CAB files) into that folder.

3) Use PowerShell or the command prompt, set default to the folder (i.e. March13CU) then breakout the CU EXE into individual files using the extract method - to extract them to the same folder, the command would be:

<CU EXE Name> /extract:<folder to extract to>

So if the downloaded CU was called March13ServerCU.exe (or you wisely renamed it as so) and wanted to extract it to the folder March13CU (the same folder where the EXE is), the command would be:

March13ServerCU.exe /extract:.\

Alternately, to create a sub-folder, the command would be:

March13ServerCU.exe /extract:.\Mar13SrvCU

If you wanted to use a different drive/folder, it would be:

March13ServerCU.exe /extract:D:\Mar13SrvCU

4) Copy the SharePoint installation into a folder on the server.

5) Run the Prerequisite installer either using the Splash screen running Setup.cmd or using the prerequisiteinsaller.exe - either way be SURE TO right click and choose Run as administrator (do this for EVERYTHING relating to SP13).

6) After the Prerequisites are installed, there are additional patches that must be run:

    *   KB2554876 - The SharePoint parsing process crashes in Windows Server 2008 R2.  (http://support.microsoft.com/kb/2554876)
    *   KB2708075 - IIS 7.5 configurations are not updated when you use the ServerManager class to commit configuration changes.  (http://support.microsoft.com/kb/2708075)
    *   KB2472264 - You can't customize some TCP configurations by using the netsh command in Windows Server 2008 R2.  (http://support.microsoft.com/kb/2472264)
    *   KB2567680 - Vulnerability in Windows Client/Server Run-time subsystem could allow elevation of privilege.  (http://download.microsoft.com/download/C/D/A/CDAF5DD8-3B9A-4F8D-A48F-BEFE53C5B249/Windows6.1-KB2567680-x64.msu)
    *   KB2759112 - Hotfix for the .NET Framework 4.5 that resolves an ASP.NET race condition issue in Windows Server 2008 R2. (http://support.microsoft.com/kb/2759112) (download:  http://go.microsoft.com/fwlink/p/?LinkId=267536)

    *   KB2765317 - Hotfix for the .NET Framework 4.5 that resolves an ASP.NET race condition issue in Windows Server 2012. (http://support.microsoft.com/kb/2765317) (download:  http://go.microsoft.com/fwlink/p/?LinkID=268725)

While running these updates, if you receive an error or message saying "Update not applicable", that's fine. The key one here is KB2759112 - you CANNOT run a slipstream installation unless this has been applied.

7) If you are running a VM, snapshot it at this time (this gives you a fallback if the installation doesn't work).

8) Prepare the slipstream installation by copying the extracted CU files into the installation folder called 'updates'. Be sure to copy them in order by date released, March, August, etc.

9) Run the SharePoint setup (on ONE SERVER ONLY) - the first step of this only installs the binaries. At the end, if it says "Compete" the update took - if it shows "Some updates were not applied" you are hosed and you need to start over or install the CU's manually. When complete, you can verify the version installed by going to the hive, c:\Program files\common files\microsoft shared\web server extensions\15\isapi then right clicking on Microsoft.SharePoint.dll and selecting properties then clicking the Details tab. You can validate the number either from the Microsoft site or Steve Chen's blog post:
http://blogs.technet.com/b/steve_chen/archive/2013/03/26/3561010.aspx

If the first server went OK, copy the same installation folder to other servers to install there.

10) As a first time installation, running the SharePoint 2013 Configuration Wizard will apply the updates so PSConfig (or PSConfigUI) not needed.



Friday, January 3, 2014

Creating an SQL Server Database alias (For SharePoint and other applications)

Setting Up a SQL Alias

Setting up a SQL Alias enables the ‘masking’ of a SQL Server instance name (default or named) and port in use so an alternate name can be used for the connection to SQL by another server. Using an alias is much more convenient for any application since an alias can be easier to remember than a complex instance name (for example, MyAlias vs. W3A842SQL\ProductionInstance). It is also better for security (such as hiding the port in use) and for moving between environments like QA to Production – if the alias is consistent between environments (though the underlying name will be different), it enables development and workflows to be created against the alias meaning code and workflows don’t have to be altered.

noteNote:
Before setting up an SQL Alias, it is important that the account in use has permissions to connect to the SQL Server. If using this alias for SharePoint, this should be the SharePoint Farm Account – this account should have already been added to SQL Server and have rights to login to the server.

In terms of SharePoint, setting up an alias is VERY important since several services in SharePoint cannot handle the use of an instance name (including the ‘famed’ User Profile Service). While SharePoint does not prevent the use of a full instance name, the problems with the services will appear later and cannot be corrected after the fact.

Setting up an alias is done on each server that will access SQL Server (in many cases, it is useful to setup the Alias on the SQL Server itself) and is done using SQL Server Client Network Utility also known as the “cliconfg” command. This can found simply by searching for it or simply opening up a Command Prompt (using ‘Run as administrator’) and entering the command: cliconfg.exe.  The SQL Server Client Network Utility enables setup of the alias and specifics such as a non-standard port.

Once the utility is opened, the first thing to do is to enable Named Pipes and TCP/IP protocols. While some applications may not require both (i.e. Named Pipes), SharePoint does. Under Disabled protocols:, click to select each in the left window and click the Enable >> button – this moves them over to the right window (Enabled protocols by order:):

In the Enabled protocols by order: window, click on TCP/IP then click the green arrow to move it to the top spot as shown (this makes TCP/IP the preferred connection):

Next click the Alias tab and click the Add… button:

Next add the connection using the steps shown below:

Note that the Alias name used can be any name however SPSQL is quick to remember. Click OK to save the changes and the entry will be shown:

Note that the connection parameters can be seen – the above indicating an instance name of SICGT1SQL using port 1433. Click Apply then OK to close.

Testing the Alias

Validate the SQL connection works by opening Start > Administrative Tools then clicking on ODBC Data Sources (64-bit). Click the System DSN tab then click the Add button:

On the Create New Data Source page, click the SQL Server default (see the version number as shown) – be aware that others may appear here:

On the Create a New Data Source to SQL Server page, enter the name (this can be anything) and specify the server as the alias name or the instance name (though alias should be used with SharePoint – per this example, shown as SPSQL):

On the next page, it will prompt for the security and client settings. By default ‘With Windows NT authentication using the network login ID.’ is selected – for most installations this will be correct.

Clicking the Client Configuration button will display the settings to be used – this should match what was entered using the cliconfg tool:

Be sure that ‘Dynamically determine port’ is NOT checked, click OK then click Next – this should bring up the next page indicating a successful connection:

If this does not show immediately, the connection will likely fail. Some troubleshooting tips here:
  1. Double check SQL Server accounts and be sure that the account in use (for SharePoint, the Farm Account) has been added with either DBO or DBCreator/Security Admin rights
  2. Verify that the account in use has a User Mapping to the Master database
  3. Verify that the firewalll has been disabled or the proper ports have been opened
  4. Ping the server to ensure that the IP Address is corect
  5. Double check spelling
  6. Double check SQL Confirmation for the IP and Port Number


If the connection works, click Next then on the next page, click Finish:

This displays the setup summary:

Click Test Data Source… and the Test Results page should appear:

This process should be repeated on each server.

Copying cliconfg Settings

As an alternate to the manual process of setting up the SQL Server alias on every server, it can be faster (and more accurate) to utilize the Registry key. Using ‘regedit’, the Registry key can be saved to a file and simply copied to then clicked on to apply it to each system.
NOTE: Do not do this unless all client connections will be the same across all servers. If there are additional aliases on the server, these will be included in the registry export.
To do this, open the registry editor (RegEdit.exe). Once opened, simply search for the SQL Alias name or navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Client. Right click on the Client folder and select Export:

This pops up a window enabling the saving of the registry file:

To add this to another server, simply copy the file to a server, double click on the file and when prompted, click Yes to add it to the registry.

After adding the entry via the registry, it is necessary to verify the connection using the ODBC data connection (see Testing the Alias above).

Creating an Alias using SharePoint PowerShell

For SharePoint it is also possible to establish the SQL Alias using the Microsoft SharePoint (2010/2013) Management Shell. To use this, the account in use should have Administrator permissions to run PowerShell – right click on the SharePoint 2013 Management Shell (or 2010) and select Run as administrator.
If the standard SQL Port (1433) is used, the command format is simply:

Add-SQLAlias –AliasName <name to use> -SQLInstance <instance name>

If using a non-standard port, it is necessary to include it as so:

Add-SQLAlias –AliasName <name to use> -SQLInstance <instance name> -Port <port number>

Where: 
  •  <name to use> is the name for the alias, for example SPSQL
  • <instance name> is the name of the SQL Instance, either the Server name or the instance name (Server\Name)
  •  <port number> is the port number assigned via the SQL Server Configuration Manager


As a few examples (assume the SQL Server name is “MySQLServer”):

·         Adding the default instance using Port 1433:
Add-SQLAlias –AliasName SPSQL –SQLInstance MySQLServer

·         Adding a named instance using Port 1433:
Add-SQLAlias –AliasName SPSQL –SQLInstance MySQLServer\MyInstanceName

·         Adding a named instance using Port 4900:
Add-SQLAlias –AliasName SPSQL –SQLInstance MySQLServer\MyInstanceName –Port 4900


After adding the entry via the Management Shell, it is necessary to verify the connection using the ODBC data connection (see Testing the Alias above).