SharePoint Experts, Information Architects, Expert Witness

SICG provides a broad array of business and technology consulting from architecture to design to deployment of global systems with a focus on surfacing data in the enterprise. We focus on the "How", not just the possible. Contact me direct: or call 704-873-8846 x704.

Search This Blog

Saturday, October 28, 2017

Event 6398 - The Execute method of job definition Microsoft.Office.Server.UserProfiles.UserProfileImportJob

Like many of you know, SharePoint 2013 and 2016 comes up with some recurring issues from time to time - one of these is Event ID 6398:

"The Execute method of job definition Microsoft.Office.Server.UserProfiles.UserProfileImportJob..."

Seen in the event log, it looks like this:

I myself forget about this occasionally (thus why I am posting here!).

Fortunately, this is not a big deal - this just means that the Forefront Identity Manager Service is not running. From Administrative Tools, open the Services (or use Start > Run and enter services.msc). Look for the two Forefront services - you will see the Manager service is stopped:

Right click on the service and select Start - problem solved!


Started getting various errors in a User Profile Service:

Detection of product '{90150000-104C-0000-1000-0000000FF1CE}', feature 'PeopleILM', component '{1C12B6E6-898C-4D58-9774-AAAFBDFE273C}' failed

Fix is easy - just add the NETWORK SERVICE account to the WSS_WPG Group: Technet Fix

Monday, October 23, 2017

Using LdapConnection and Checking account status in Active Directory

Dual purpose post here - I needed to set up a test to determine if users had an expired password the most efficient way. I found a number of ways but the best was using LdapConnection.

First issue was knowing what to use for the LDAP connection string - I usually use LDAP://<server>/OU=<ou>,DC=<domain>,DC=<extension> - for example:


and sometimes simply:


(Note the OU is optional)

However these didn't work for LdapConnection - examples I found showed "" - that didn't work either. The easiest was simply to use the LdapDirectoryIdentifier:

        //LdapConnection connection = new LdapConnection("");
        //LdapConnection connection = new LdapConnection("LDAP://myadcontroller/DC=testdom,DC=com");
// This works:
        LdapDirectoryIdentifier LDI = new LdapDirectoryIdentifier("myadcontroller");
        LdapConnection connection = new LdapConnection(LDI);
        NetworkCredential credential = new NetworkCredential("TheAccountWODomain", "ThePassword");
        connection.Credential = credential;

Sunday, August 6, 2017

Adding a Description to your Timer Jobs (SharePoint 2013/2016)

I know, been a while since I needed one but had to build a few timer jobs for an On Premise location. As in the past, there's a 'bug' in the Timer Job namespace where in you cannot add a 'description' (it's read only due to crappy development).

I had to do some research having not touched these for quite a while so posting here so I don't have to remember (again).

To add a description, you have to override the "Description" in the timer job and provide your own, then you have to add it to all three of the class definitions. In this case it was a timer job to purge documents after 72 hours.

The Override and new description property:

        /// <summary>
        /// Description - Override built-in Description property
        /// </summary>
        public override string Description
            { return CustomDescription; }
        /// <summary>
        /// CustomDescription - Used to provide "Set" to the Job Description
        /// </summary>
        private string CustomDescription

Adding to the the class def

             public PurgeAfter72HoursClass() : base()
            this.Title = JobName;
            this.CustomDescription = JobDescription;

        public PurgeAfter72HoursClass(string jobName, SPService service, SPServer server, SPJobLockType targetType)
            : base(jobName, service, server, targetType)
            this.Title = JobName;
            this.CustomDescription = JobDescription;

        public PurgeAfter72HoursClass(string jobName, SPWebApplication webApplication, string strUrl)
            : base(jobName, webApplication, null, SPJobLockType.ContentDatabase)
            this.Title = JobName;
            this.CustomDescription = JobDescription;

Have fun!

Tuesday, August 1, 2017

The Open Procedure for service "BITS" in DLL

As many will know, the following error shows up in the Event Log (Event ID 1008):

Log Name:Application 
Event ID:1008 
Description:The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. 

This problem occurs when BITS(Background Intelligent Transfer Service)has been never been started. The error is not recorded if BITS starts by manual operation or Windows Update starts.

Fix: Simply start the dang service - no harm, no foul. Leaving it on automatic startup doesn't hurt either. Resetting the counters as many suggest doesn't work.

From the Administrative Tools, click on Services or click Start > Run then enter services.msc. Find the "Background Intelligent Transfer Service" and start it (and/or set it to start automatically):

While I found MANY references, this one gave the assurance on what the real problem is (and how to fix):

Sunday, July 16, 2017

SharePoint web application creation - '' is an unexpected token. Expecting white space. Line 1, position 15478f

So this was interesting - a "lesson learned":

Setup of a new farm, all going well - tried to create a web application. It was created but show the message 'MD2' is an unexpected token. Expecting white space. Line 1, position 15478 and there was no link to create a site.

In my case, the "MD2" was the start of the names of the databases that were being created for the services.

What I thought could this be? Turns out the PowerShell scripts I was using was putting a space in the database name - i.e. "MD2 SessionState" due to an edit error.

The workaround is let it create then assign a site - however, the PROPER fix is to rebuild all services and be sure that there is NO space in the name.

The trust relationship between this workstation and the primary domain failed

Everyone's had this problem - I just wasted a day yesterday trying to fix on a set of VM's. An update to VMWare Workstation caused a bunch of network issues - tracking many of them down was a real pain.

Additional note: this has become a common re-occurrence since updating VM Workstation 12 (specifically 12.5.7 build-5813279).

So Kudos to on how to fix this issue. I recommend using the netdom method - simply login to the box with problem as an administrator, open a command prompt (using Run as administrator) then enter:

netdom resetpwd /s:<domain server name> /ud:<user with permissions, domain\name> /pd:<user password>


netdom resetpwd /s:SysTestADMachine /ud:SysTest\ADManager /pd:ABC1234!

If not prompted, reboot anyway.

AS A SIDE EFFECT - your accounts might be a bit whacked, particularly if it is a server running application - be aware that you MAY have to reset the password for all system related accounts (application pools, etc.).

Some other issues that were encountered in my foray of fun yesterday:

Using NETDOM - the Target Name is Incorrect - the above corrects.

Using Remote Desktop - "The Local Security Authority Cannot Be Contacted" - simply reset the password of the account in Active Directory (Kudos:

NOTE: There seems another 'fix' per VMWare in which the Computer Password changes automatically which can get out of sync with clean systems. This is a Registry Fix (so if you don't know Regedit, don't try this):

  1. Open Regedit (using Run as administrator)
  2. Navigate to HKLM\System\CurrentControlSet\services\Netlogon\Parameters
  3. Change the DisablePasswordChange key from 0 to 1

A reboot may be required AND you might have to reset the computer password as above (using NetDom). Full explanation can be found here:

Friday, July 14, 2017

So this one is a question! User Profile Service Page is BLANK!

So here's a question for all - working a development system, I suddenly noticed that I was unable to access Site Settings in any collection despite having full access. 

Took a while looking around but then found this:

Notice? There are NO OPTIONS on the page!

I'd love to get an answer if anyone has it - in the meantime, I rebuilt the User Profile Service - same problem!

I will post an answer if I can find it!

Monday, June 19, 2017

SharePoint Event ID 5586 - Target Principal name is incorrect. Cannot generate SSPI context.

Deploying a solution to SharePoint, it seemed to hang for a really long time. I ended up stopping the deployment to see what was up. Immediately thereafter, I could no longer connect to SharePoint at all.

In the Windows Application Event Log, I found multiple Event ID 5586 entries - basically saying "The target principal name is incorrect".

After a few hours of searching, I found one solution here: *

* Note that he doesn't indicate that you have to adsiedit.msc to get to the entry (a little headscratching to figure that out).

Some say it worked for them, but it definitely did not work for me.

For one, there were no MSSQLSvc entries. For two, removing the RestrictedKrbHost entries condition went from bad to worse (new error: Unable to login to untrusted domain). I restored the RestrictedKrbHost entries just fine so I tried adding the MSSQLSvc entries and got "Name is not unique".

The final one that worked for me was:

Step 1) Logged on the AD Server and opened adsiedit.msc (Run as administrator)
2) Right clicked on the SQL Server entry and clicked Refresh:

3) Opened AD Users & Computers, right clicked on the account running SQL Services and clicked Unlock Account:

Hat tip to David Murdoch's post *:

Note: his blog incorrectly says "Refresh" from Active Directory Users and Computers - you actually have to use adsiedit.msc.

Sunday, June 18, 2017

Event ID 6398 SharePoint User Profile Synchronization

Having seen this myself a number of times (and sick of having to look for the answer), there is an error that occurs in the User Profile Sync - Event ID 6398 - in the Event Viewer it looks like this:

Notice that the error is every minute! This will certainly fill up the logs!

The issue is quite simple - there are many fixes but turns out the problem in simply the Forefront Identity Manager Service is not running (or could be the Sync). Open Administration > Services (or use Run and type in services.msc) and locate the Forefront Identity Services:

Simply start the service(s) (right click and select Start). I am not sure what causes it to stop periodically but in this state, User Profile sync errors will continue frequently,.

Hat tip to this post:

Saturday, June 3, 2017

Central Admin - Something Went Wrong - Access Denied

Had a client that was very upset having problems accessing things in Central Administration (often complainer but that's for another post). Reported 'items missing' in CA menus and when trying to retract a solution, kept getting:

Note the key element here: Access denied.

The issue is quite simple - they were not using the "Run as administrator" option when starting CA. There is a way to fix this permanently too (from another one of my posts).

Click Start then right click on the Central Administration icon and select "Open file location":

Right click on the CA link and select Properties:

Click the Advanced... button - click the checkbox next to "Run as administrator" and click OK:

Note that this ONLY applies to the icon - if you add CA to your startup in IE/Chrome/etc., that will still open without the proper permissions.

Tuesday, May 30, 2017

ASP Event ID 1309 SharePoint On-Premise 2016 Error Creating Lookup Field

This event is pretty standard for any 'non-handled' SharePoint Error - this one happens to be related to the inability to create a Lookup field. I had been working with a few apps installing/uninstalling. Suddenly when trying to create a Lookup Field, I get the innocuous ASP Event ID 1309. Looking into the error (you have to read it carefully), I found:

Feature '6b744ecb-82fc-4896-a981-1ad8dc5c47c2' for list template '10000' is not installed in this farm.

I had to check and it only affected one site - not happy about the time I spent on it but it appears that one app had installed a new List using that ID. Deleted the list and emptied the recycle bin. Returned to the site and it Crashed! It actually took a reboot to fix.

You be careful out there!

Monday, May 22, 2017

Office 365/SharePoint Online Content Organizer

I noticed in early May 2017 that the SharePoint Online Content Organizer cannot reliably use "Send to" a different site.

Though the send to locations were correctly created in Admin > Records management and was heavily tested (and seemed to work), oddly the 'location' selection started to 'disappear' when attempting to create Content Rules.

This went from bad to worse when already established rules began failing - returning either 'an error has occurred' or worse, appearing to work but leaving the document(s) in the original Drop Off library.

I reported and demonstrated this multiple times to Microsoft - at this time, there is no fix available.

I will post if the issue is resolved or I get a definitive answer.

Office 365/SharePoint Online Information Management Policies

Be aware - as of early May 2017, the Information Management policies within SharePoint Online are NOT working. After multiple tests, a few things of note:

1) The job to process IM policies doesn't always run on a fixed schedule - I have seen posts where they believe it only runs once a week (!). However, in my testing, I found that to be off; in my tests it took over 2 weeks (approximately 15 days).

2) Issue has been reported to Microsoft.

3) Response from Microsoft - they broke it, not sure when it will be fixed and have disabled the functionality (however, it can still be set up in Online so they didn't disable the entire feature).

I'll post back if I ever hear back.

Saturday, April 15, 2017

Getting the Web ID for a site (SharePoint & Online)

There's often a need to find the Web ID of a SharePoint site - specifically when exporting web parts (as shown in this article

NOTE: I don't take credit for these, these are a summary of what's out there!

So getting the ID can be done a number of ways - first, using the "API" (if using SharePoint Online, authenticate to the site first):


For Online:




Next using on premise PowerShell:

$site = Get-SPSite  http://<site & port>
$web = $site.AllWebs["<name of site>"]

In SharePoint Online using the SharePoint Online Management Shell:

Connect-SPOService -URL https://<org>

Enter your credentials, then enter:

Get-SPOSite -Identity https://<site>
Next connect to the site:

Connect-SPOSite -Url "https://<site>" -Credential "<>"

If you omit -Credential, you will be prompted (the credential is your EMAIL address <>, not the AD account domain\account) but better to use this:

$username = "<>"
$password = "<password>"
$cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $userName, $(ConvertTo-SecureString $password -AsPlainText -Force)
Connect-SPOSite -Url "https://<site>" -Credential $cred

Then finally for the top level web:

Get-SPOWeb -Identity "/"

For a subsite, use the name:

Get-SPOWeb -Identity "News"

Get-SPOWeb will list out details of the web - just look for the "Id" column.

Note - if using a Subsite under /Sites/, you have to connect to that site collection (instead of https://<site>, you use https://<site>".

Another way is through the URL. Open the site/web you want and open Site Settings. Click either the Site Content and Structure or Content and Structure Logs link. Click on the web in question and select the drop down then select General Settings - cut and paste the URL into notepad - you will find the ID in the query string after SPWeb (%3A = : - see here Here's snip of the URL where the SPWeb can be found:


Yet another is using jQuery - found on the MSDN site: 

<script language="javascript" src="" type="text/javascript"></script><script type="text/javascript">
function GetSPWebID()
        url = document.getElementById("field1").value;
        var webId;
 var soapEnv =
    "<?xml version='1.0' encoding='utf-8'?>\
  <soap:Envelope xmlns:xsi='' xmlns:xsd='' xmlns:soap=''>\
    <GetWeb xmlns=''>\
      url: url + "/_vti_bin/SiteData.asmx",
      beforeSend: function(xhr) {xhr.setRequestHeader("SOAPAction", "");},
      type: "POST",
      data: soapEnv,
      dataType: "xml",
      async: false,
      complete: function(xData, status) {webId = $(xData.responseXML).find('WebID').text();},
      contentType: "text/xml; charset='utf-8'"
}</script>Root Web URL: <input id="field1"/><br/>WebID: <input id="field2"/> <br/><br/><button onclick="GetSPWebID()">Get Web ID</button> 
//nonsense comment to keep IE7 from truncating MSDN code


SharePoint Online Workflows not working

Having had this problem and forgetting what I did to fix it, I did another search to find the answer so posting it here.

The issue is that though workflows publish correctly (i.e. no errors), they still do not fire (not sending email, not logging, etc.). In SharePoint Online, it turns out that a feature that SHOULD be enabled is not.

When this happens to you, navigate to the site where you are adding the workflow, click the Gear then select Site Settings. Find the Site Features (under Site Settings). Scroll to the bottom of the page and find the feature "Workflows can use app permissions" and activate it:


Wednesday, April 5, 2017

The sandboxed code execution request was refused because the Sandboxed Code Host Service was too busy to handle the request

While I know Sandbox Solutions are going bye-bye, there are many on premise solutions where they are handy. However as some of you may have encountered, there are times when the error:

The sandboxed code execution request was refused because the Sandboxed Code Host Service was too busy to handle the request

appears. There is a common post on this by Ricky Kirkham:

Having encountered this issue recently, I tried following his instructions to no avail. None of the solutions there worked. However I did come across another one that did:

This solution is shown as follows:

$uc = [Microsoft.SharePoint.Administration.SPUserCodeService]::Local
$uc.WorkerProcessExecutionTimeout = 5000
$tier = $uc.Tiers[""]   # default Tier has no Name
$tier.MaximumWorkerProcesses = 2    # number of CPU Cores + 1

By default, the Timeout is set to 30 and the Worker Processes set to 1. The above obviously changes 30 to 5000 (5000 seems a little excessive if you ask me) and the number of processes to be Cores + 1 (i.e. 4 Core Machine = 5).

This does indeed fix the problem! However, on my 8 Core machine, I thought that 9 was a bit much (might impact performance) so I set it at 2500/4 and it still worked.

To check your current settings, do the following in the Command Shell:

$uc = [Microsoft.SharePoint.Administration.SPUserCodeService]::Local
$tier = $uc.Tiers[""]   # default Tier has no Name
$timeOut = $uc.WorkerProcessExecutionTimeout 
$mWProc = $tier.MaximumWorkerProcesses

FYI: If you apply changes you MUST Stop and Restart the Sandbox service through Central Admin - a reboot will also fix if you are not in production.

Friday, March 17, 2017

Content Types and Hidden Columns not available in List/Library

Came across a reminder the other day about using Content Types with Hidden Columns. As you may know, Hidden Columns do not show up in forms allowing you to use them for values that might be generated by a Workflow or similar.

In my case, I created a workflow that needs to set a 'Document Number', something other than just using ID, this one uses a list to keep track of the latest number. As a good practice, the definitions were setup as Content Types (in my case, 3 - 1 core and 2 that inherit from the core).

The need here is that a) the Document Number needs to be assigned by the workflow, b) visible in the List/Library Views and c) it isn't supposed to show up when adding/editing an item (i.e. so user cannot change).

So, one might think to simply set the field/column to Hidden up front and here's where the problem comes in.

If you set a column as Hidden, it does indeed appear in the content type but when the content type is added to a list/library, surprise! The column is not added, thus not available in the views - defeating the entire purpose.

The solution is a sloppy workaround but does work (you just need to document this!).

BEFORE adding the content type to the list/library, leave the field as Optional - this includes any content types that inherit from it.

NEXT add the content type(s) to the list/library - the column will appear. Set any views that you want, particularly those that need to display the column.

AFTERWARDS, go back to the Content Type(s) and set the column as hidden.

Once this is done, you will be able to use the column as you would have expected in the first place.

This problem has be a long standing one (past 4 years or more).

An extensive post on this (from back in 2013!):

Monday, February 20, 2017

SharePoint Backup failure "A system assertion check has failed" - Health Message "Expired sessions are not being deleted from the ASP.NET Session State database"

SharePoint 2013/2016 On Premise:

A problem may occur when you run a backup - it fails and for each database, you see a message that looks like this:

Object SharePoint_Config failed in event OnBackup. For more information, see the spbackup.log or sprestore.log file located in the backup directory. 
SqlException: A system assertion check has failed. Check the SQL Server error log for details. Typically, an assertion failure is caused by a software bug or data corruption. To check for database corruption, consider running DBCC CHECKDB. If you agreed to send dumps to Microsoft during setup, a mini dump will be sent to Microsoft. An update might be available from Microsoft in the latest Service Pack or in a QFE from Technical Support. 
BACKUP DATABASE is terminating abnormally. 

Wow - pretty scary eh? Most likely if you check your Health monitor, you see another error:

Expired sessions are not being deleted from the ASP.NET Session State database.

DON'T PANIC - It turns out to be a simple problem! The SQL Server Agent Service is NOT running. Thus the backup cannot get proper control of the database and the timer job to clear session state won't be running.

Start the Agent on SQL Server first then for the Backup issue:

Delete whatever backup files were created (they are junk), start the backup again.

For the Health error:

Open the Health Monitor from Central Admin, click on the error (Expired sessions...) and click the Re-analyze button.


Turns out the above can also be caused by:

1) Lack of space for the backup (must be able to hold the entire 'estimated size')
2) Lack of permissions for the backup folder (must have the SharePoint Farm and Service Accounts added to read/write).

Friday, February 17, 2017

SharePoint Online workflow emails in Office 365

Another issue in SharePoint Online regarding workflows.

When you create a workflow, it obviously creates a task and sends an email to the participant(s) that they have a task.

However, minor issue - in Outlook 365, the email message states "Click the Open this task button" to open the task. In regular Outlook, this 'button' appears in the toolbar when you open the mail message. However, in Outlook 365, this button is nowhere to be found!

This means a training issue - when you are using workflows that send emails, the link to the task is missing so you must tell your users to navigate to the site itself, open the appropriate Task List and respond to the task.

SharePoint Library templates in SharePoint Online drop content

Having used Office 365 for quite a while, there's been some oddities as of late. One I have encountered was creating a List/Library template and including the content. This is a common feature I use when doing On Premise so I would assume that it would be the same, but Au Contraire!

In Office 365/SharePoint Online I created a simple document library with a few additional fields - in this case, year and month - so I could quickly duplicate a library format. A quick view of this looks like this:

In the SAME SITE, I created a new library using the template where I included the content - surprise, the some of the data was lost:

Looks like they need to tighten up a few things eh?

Solution? Use a template if you need to but remember you'll have to check all of the data!

Thursday, February 2, 2017

Wiki Page Library - Updated Pages - An error has occurred on the server - SharePoint Online/2013/2016

When working with Wiki Page Libraries, you may encounter an error when opening the library (in fact, I've had this be the norm in Office 365/SharePoint Online).

When you open the Home Page (or view the Pages library), you'll see an error on the left under "Updated Pages" showing "An error has occurred on the server":

Turns out this is not just a little problem - looks like QA missed a few things. The error is caused because there is NO INDEX on the list, therefore it fails as above.

To fix this, you need to open the Library Settings (click the PAGE tab, then Library Settings in the ribbon):

On the Settings page, scroll down to the Columns section and click on Indexed Columns:

On the Indexed Columns page, click Create a new index:

Use the drop down to select the Modified column (and WAIT for the page to refresh) then click the Create button:

There will be a 'working on it' page for a few seconds (depending!) but when it comes back you will see the new index:

Click the Settings breadcrumb then the Library name - this returns you to the pages view of the library. You'll notice that it is fixed!

Simply click on the name of the Home page to open the library in Wiki view.

Wednesday, February 1, 2017

SharePoint 2013 Prerequisites - unable to install Application Server Role, Web Server (IIS) Role

While I've posted before on this, the other solutions I've used didn't work. I resorted to my own version of the installation process when you get this error.

Open up PowerShell (using 'Run as administrator') and enter the following as 'groups' (run one command at a time):

Set-ExecutionPolicy Unrestricted

Enter Y when prompted, next:

Import-Module ServerManager


Add-WindowsFeature NET-Framework-45-Core,NET-Framework-45-ASPNET,Web-Net-Ext45,Web-Asp-Net45,Web-Includes,NET-WCF-HTTP-Activation45,NET-WCF-TCP-Activation45,NET-WCF-Pipe-Activation45

This should indicate success - next:

Add-WindowsFeature Net-Framework-Features,Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-App-Dev,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-Http-Tracing,Web-Security,Web-Basic-Auth,Web-Windows-Auth,Web-Filtering,Web-Digest-Auth,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Tools,Web-Mgmt-Console,Web-Mgmt-Compat,Web-Metabase,Application-Server,AS-Web-Support,AS-TCP-Port-Sharing,AS-WAS-Support, AS-HTTP-Activation,AS-TCP-Activation,AS-Named-Pipes,AS-Net-Framework,WAS,WAS-Process-Model,WAS-NET-Environment,WAS-Config-APIs,Web-Lgcy-Scripting,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer

This should also indicate success (it may also indicate No Changes Needed).

For best results, run the Prerequisites UI again just to make sure.

FOLLOW UP: I had one server that just would not get corrected; it still indicated that the Web Server role had a configuration error.

In this case, I decided to try loading up a W2012 server and not apply the Windows Update but install SharePoint first - SAME PROBLEM.

Fix: I tried loading the installation that has SP1 already - running the Prerequisites alone (from the install disk using 'Run as administrator') it worked!

Friday, January 6, 2017

Restoring SharePoint site default groups

Occasionally, a default group for a SharePoint site collection can get deleted. When it does, it means that non-owners cannot invite others to the site and you might receive an error in places:

 “The groups required to manage users for your site are missing

You'll most likely see this under Access request settings (Site Settings > Site Permissions > Access request settings in the ribbon).

Getting the default groups back is not very obvious but as it turns out, it is quite simple. Simply open the site in question and change the URL to:

<site url>/_layouts/permsetup.aspx

This will open up the People and Groups page with the default groups:

Click the OK Button and the groups will be restored!