SharePoint Experts, Information Architects, Expert Witness

We provide consulting in a broad array of business and technology from architecture to design to deployment of global systems with a focus on surfacing data in the enterprise. Specialists in Microsoft, we are a premier provider of SharePoint Expertise (including 2016 and Office 365). We also provide Expert Witness/Legal Expert in eDiscovery, source discovery, patent infringement, piracy and more! We also have established SICG DLDS s.a. - our counterpart in Costa Rica that specializes in water systems (http://www.crwatersolutions.com) - Contact me direct: david_sterling@sterling-consulting.com or call 704-873-8846 x704.

Search This Blog

Monday, June 19, 2017

SharePoint Event ID 5586 - Target Principal name is incorrect. Cannot generate SSPI context.

Deploying a solution to SharePoint, it seemed to hang for a really long time. I ended up stopping the deployment to see what was up. Immediately thereafter, I could no longer connect to SharePoint at all.

In the Windows Application Event Log, I found multiple Event ID 5586 entries - basically saying "The target principal name is incorrect".

After a few hours of searching, I found one solution here:

http://www.jrjlee.com/2013/01/the-target-principal-name-is-incorrect.html *

* Note that he doesn't indicate that you have to adsiedit.msc to get to the entry (a little headscratching to figure that out).

Some say it worked for them, but it definitely did not work for me.

For one, there were no MSSQLSvc entries. For two, removing the RestrictedKrbHost entries condition went from bad to worse (new error: Unable to login to untrusted domain). I restored the RestrictedKrbHost entries just fine so I tried adding the MSSQLSvc entries and got "Name is not unique".

The final one that worked for me was:
1) Opened adsiedit.msc (Run as administrator)
2) Right clicked on the server entry and clicked Refresh
3) Opened AD Users & Computers, right clicked on the account running SQL Services and clicked Unlock Account.

Hat tip to David Murdoch's post *:

http://www.davidmurdoch.com/2014/10/06/the-target-principal-name-is-incorrect-cannot-generate-sspi-context/

Note: his blog incorrectly says "Refresh" from Active Directory Users and Computers - you actually have to use adsiedit.msc.

Sunday, June 18, 2017

Event ID 6398 SharePoint User Profile Synchronization


Having seen this myself a number of times (and sick of having to look for the answer), there is an error that occurs in the User Profile Sync - Event ID 6398 - in the Event Viewer it looks like this:


Notice that the error is every minute! This will certainly fill up the logs!

The issue is quite simple - there are many fixes but turns out the problem in simply the Forefront Identity Manager Service is not running (or could be the Sync). Open Administration > Services (or use Run and type in services.msc) and locate the Forefront Identity Services:


Simply start the service(s) (right click and select Start). I am not sure what causes it to stop periodically but in this state, User Profile sync errors will continue frequently,.

Hat tip to this post:
https://social.technet.microsoft.com/wiki/contents/articles/24496.sharepoint-2013-event-6398-the-execute-method-of-job-definition-microsoft-office-server-userprofiles-userprofileimportjob-threw-an-exception.aspx

Saturday, June 3, 2017

Central Admin - Something Went Wrong - Access Denied

Had a client that was very upset having problems accessing things in Central Administration (often complainer but that's for another post). Reported 'items missing' in CA menus and when trying to retract a solution, kept getting:

Note the key element here: Access denied.

The issue is quite simple - they were not using the "Run as administrator" option when starting CA. There is a way to fix this permanently too (from another one of my posts).

Click Start then right click on the Central Administration icon and select "Open file location":

Right click on the CA link and select Properties:


Click the Advanced... button - click the checkbox next to "Run as administrator" and click OK:


Note that this ONLY applies to the icon - if you add CA to your startup in IE/Chrome/etc., that will still open without the proper permissions.