Wednesday, December 12, 2012

SharePoint connection to SQL Server

This is a big <facepalm> since it should have been pretty obvious.

I was trying to install a new SharePoint 2013 farm connecting to a brand new SQL Server 2008 R2. In the SharePoint Products Configuration Wizard, it asks for the SQL connection and kept rejecting my credentials. Checking on the SQL server side, I could not see any connection attempts. I used the following to test with Powershell


$CommandText = "SELECT @@VERSION"
$SqlCommand=New-Object System.Data.SqlClient.SqlCommand($CommandText)
$ConnectionString='Data Source=SQL1;Initial Catalog=master;Integrated Security=SSPI'
$SqlCommand.Connection=New-Object System.Data.SqlClient.SqlConnection($ConnectionString)
$SqlAdapter=New-Object System.Data.SqlClient.SqlDataAdapter($SqlCommand)
$DataSet=New-Object System.Data.DataSet
$SqlAdapter.Fill($DataSet)


I kept getting all sorts of errors. It turns out the Windows Firewall on my SQL server was not allowing port 1433. Argh - wasted a couple of hours tracking this one down.


Wednesday, November 21, 2012

Accessing Windows Azure blob storage

I have some files transferred to a container in my storage account. Now on a new VM, I need to access these files, but do not have CloudXplorer since .NET has not yet been installed. So I turned to the StorageClient module and Powershell.

Import-Module Microsoft.WindowsAzure.StorageClient.dll
$storageAccountName = 'my storage account'
$accessKey = 'my access key'
$storageCredentials = New-Object Microsoft.WindowsAzure.StorageCredentialsAccountAndKey($storageAccountName, $accessKey)
$storageAccountEndpoint = "http://$storageAccountName.blob.core.windows.net/"
$blobClient = New-Object Microsoft.WindowsAzure.StorageClient.CloudBlobClient($storageAccountEndpoint, $storageCredentials)
$filename = "my file"
$blob = $blobClient.GetBlobReference($filename)
$localFilename = "local filename"
$blob.DownloadToFile($localFilename)

References:
CloudBlob.DownloadToFile
Microsoft.WindowsAzure.StorageClient


Edit 2013-04-05
This is based on the 1.0 Storage Client. Updated script can be found in an updated post on Windows Azure Storage through Powershell

Friday, November 16, 2012

User Profile Synchronization not synchronizing email address

I found this on my new SP 2013 installation. After a user profile synchronization, my email addresses were not coming over from AD. Doing some poking around, I found that the user profile property was not mapped to the correct attribute.
To correct:

  1. Go to Central Administration->Manage Service Applications.
  2. Go to your User Profile Service Application
  3. Go to Manage User Properties
  4. Scroll down to Work email (under the Contact Information Section)
  5. Edit Work email
  6. Remove the existing Property Mapping for Synchronization mappings. They were inexplicably set to proxyAddresses (aCSPolicyName).
  7. Add new mapping to the mail attribute
  8. Start a Profile Sync
  9. Save and OK

It looks like just a simple profile sync would not work. You actually have to update the email addresses of each user and then do a sync. Argh!



Thursday, November 15, 2012

UserProfileApplicationNotAvailableException System.TimeoutException

I have a service the frequently accesses the User Profile Service Application. Intermittently, I would get the following:
Error generating SyndicationItem for ActivityEvent 0B275DAC41FD141CB2382AAE5987540D  Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException: System.TimeoutException    
 at Microsoft.Office.Server.UserProfiles.ProfileDBCacheServiceClient.GetUserData(UserSearchCriteria searchCriteria)    
 at Microsoft.Office.Server.UserProfiles.UserProfileCache.GetUserData(UserProfileManager objManager, Nullable`1 recordId, Guid gAcct, String strAcct, Byte[] bSid, String strEmail, Boolean doNotResolveToMasterAccount)    
 at Microsoft.Office.Server.UserProfiles.UserProfile.RetrieveUser(String strAcct, Guid gAcct, Byte[] bSid, Nullable`1 recordId, Boolean doNotResolveToMasterAccount, Boolean loadFullProfile)    
 at Microsoft.Office.Server.UserProfiles.UserProfile..ctor(UserProfileManager objManager, Int64 recordId)    
 at Microsoft.Office.Server.UserProfiles.UserProfileManager.GetUserProfile(Int64 recordId)

I tried the following to confirm:
$app = Get-SPWebApplication
$site = Get-SPSite $app.Url
$context = Get-SPServiceContext $site
$upm = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($context)
$upm.UserExists('someuser')

... and it just hangs.

Since this is a demo machine, there could be many factors:
1. Not enough resources
2. Application pool crash
3. Database not responding
4. General UPA flakiness
5. All of the above (and possibly pointing to #1 as the root cause).

I tried stop/start on the UPS and UPSS, then an iisreset. This didn't fix the problem. However, a reboot did.

Further looking at the event logs, I do see the following events from MsiInstaller that might be suspicious:


Detection of product '{90140000-104C-0000-1000-0000000FF1CE}', feature 'PeopleILM', component '{1C12B6E6-898C-4D58-9774-AAAFBDFE273C}' failed.  The resource 'C:\Program Files\Microsoft Office Servers\14.0\Service\Microsoft.ResourceManagement.Service.exe' does not exist.
Detection of product '{90140000-104C-0000-1000-0000000FF1CE}', feature 'PeopleILM' failed during request for component '{9AE4D8E0-D3F6-47A8-8FAE-38496FE32FF5}'
Failed to connect to server. Error: 0x80070005
Detection of product '{90140000-104C-0000-1000-0000000FF1CE}', feature 'PeopleILM', component '{1C12B6E6-898C-4D58-9774-AAAFBDFE273C}' failed.  The resource 'C:\Program Files\Microsoft Office Servers\14.0\Service\Microsoft.ResourceManagement.Service.exe' does not exist.
Detection of product '{90140000-104C-0000-1000-0000000FF1CE}', feature 'PeopleILM' failed during request for component '{1681AE41-ADA8-4B70-BC11-98A5A4EDD046}'
Failed to connect to server. Error: 0x80070005

... followed by one from FIMSynchronizationService:

The management agent "MOSS-3692cc7e-f3bf-4090-ae09-a552d3c61b7e" completed run profile "MOSS_DELTAIMPORT_4adf3894-708b-4ae2-ab9f-60438a49cae1" with a delta import or delta synchronization step type. The rules configuration has changed since the last full import or full synchronization.
 
User Action
To ensure the updated rules are applied to all objects, a run with step type of full import and full synchronization should be completed.

It was patch Tuesday a couple of days ago, perhaps that had a factor since I have auto updates enabled (which curiously did not install).

Wednesday, October 31, 2012

Could not provision App Management Service

I ran the Farm Configuration Wizard (gasp, yes I did) and it was mostly successful, but returned one error:

The service application(s) for the service "App Management Service" could not be provisioned because of the following error: Cannot open database "AppMng_Service_DB_c394cb934e0e483e9fff60b31aeaeb35" requested by the login. The login failed. Login failed for user '[some user]'


ULS is showing the following:

Failed to provision service application App Management Service System.Data.SqlClient.SqlException (0x80131904): Cannot open database "AppMng_Service_DB_c394cb934e0e483e9fff60b31aeaeb35" requested by the login. The login failed.  Login failed for user '[some user]'.    
 at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection)    
 at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection)    
 at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection)    
 at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)    
 at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry)    
 at System.Data.SqlClient.SqlConnection.Open()    
 at Microsoft.SharePoint.Utilities.SqlSession.OpenConnection()    
 at Microsoft.SharePoint.Utilities.SqlSession.ExecuteReader(SqlCommand command, CommandBehavior behavior, SqlQueryData monitoringData, Boolean retryForDeadLock)    
 at Microsoft.SharePoint.Utilities.SqlSession.ExecuteReader(SqlCommand command, Boolean retryForDeadLock)    
 at Microsoft.SharePoint.Utilities.SqlSession.ExecuteReader(SqlCommand command)    
 at Microsoft.SharePoint.Upgrade.SPDatabaseSequence.GetVersion(SPDatabase database, Guid id, Version defaultVersion, SqlSession session, SPDatabaseSequence sequence)    
 at Microsoft.SharePoint.Upgrade.SPDatabaseSequence.GetVersion(Guid id, Version defaultVersion)    
 at Microsoft.SharePoint.Upgrade.SPDatabaseSequence.SetVersion(Guid id, Version version)    
 at Microsoft.SharePoint.Upgrade.SPDatabaseWssSequence.set_BuildVersion(Version value)    
 at Microsoft.SharePoint.Upgrade.SPSequence.set_NeedsUpgrade(Boolean value)    
 at Microsoft.SharePoint.Upgrade.SPUpgradeSession.NeedsUpgradeFalse(Object o)    
 at Microsoft.SharePoint.Administration.SPPersistedUpgradableObject.set_NeedsUpgrade(Boolean value)    
 at Microsoft.SharePoint.AppManagement.AppManagementServiceDatabase.Provision()    
 at Microsoft.SharePoint.AppManagement.AppManagementServiceApplication.Provision()    
 at Microsoft.SharePoint.Administration.SPAdminConfigServicesJob.Execute(Guid targetInstanceId)  ClientConnectionId:6b54fce5-06bc-4e2f-b6a9-c7d548253480 Source: .Net SqlClient Data Provider Server: AMAZONA-V5PUF8S LineNumber: 65536 StackTrace: 
 at onetnative.dll: (sig=6aba1f5f-ccc4-4590-af00-b8ffe7fe99a0|2|onetnative.pdb, offset=28BE6)
 at onetnative.dll: (offset=152A9)


However, SQL is not showing any connection attempts at that time, success or fail. I also verified that the account indeed has access to that database.

Regardless, it looks like the service application did get provisioned. Perhaps I will reprovision it.

More to come ...


Monday, October 29, 2012

Read-Host that is not assigned to a variable is added to return value

The best way I can illustrate this is as follows. Given this code for test.ps1:

Read-Host "Hit enter to continue"

try {
    throw system.exception
} catch {
    return $null
}

When I call test.ps1 I can expect a $null value, right? No. This is what happens:

> $a=.\test.ps1
Hit enter to continue:
> $a

> $a -eq $null
>
> $a.GetType()

IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     Object[]                                 System.Array


> $a.Count
2
> $a[0]

> $a[1]
> $a[1] -eq $null
True

One would expect $a -eq $null to be true. Instead, $a is an array where the first value is that of Read-Host and the second value is the expected $null. 

So, I changed my code to the following:

$HitEnter = Read-Host "Hit enter to continue"

try {
    throw system.exception
} catch {
    return $null
}

Now everything works as expected:

> $a=.\test.ps1
Hit enter to continue:
> $a -eq $null

[Update 2013-05-27] Aha - found the reason behind this. Uncaptured output is still returned as output. Reference: Function Output Consists of Everything That Isn’t Captured

Friday, October 19, 2012

SharePoint 2013 HTTP Error 500 and 503

At some point after a reboot / iisreset or something else, I found that I could no longer get to my SharePoint sites nor to Central Administration. Each page was returning HTTP Error 500 or 503.

Of course, any time this happens, you need to take a look at IIS Admin. So opening it up, I see that all my application pools were offline. That's strange, it was just working a moment ago. Opening up the Basic Settings, I see this:
For some reason the Start application pool immediately box was unchecked. I then proceeded to check all of them and restarted my application pools and everything now works fine.

Weird.

Thursday, September 6, 2012

Server and AD trust relationships

Recently one of my servers started having trust issues. I would RDP to the server and it would appear to accept my domain login credentials fine, but then kick me back to the Windows server login screen with the following error:
The username or password is incorrect

I logged in as a local administrator and saw the following in the Security log
Unknown user name or bad password
... with the following status codes: 0xc000006d 0xc000006a

I tried disconnecting from the domain and reconnecting, with the required reboots, and now I get this error:
The trust relationship between this workstation and the primary domain failed

I tried to disconnect, remove the computer account, reconnect, but this resulted in this error:
The security database on the server does not have a computer account for this workstation trust relationship

This is very frustrating so finally, I did the following:
Disconnect from the domain (with a reboot)
Remove the computer account from AD
Reboot both the primary and secondary DCs
Rejoin the domain (with a reboot)

That finally worked. So, when in doubt reboot possibly everything.





Tuesday, August 21, 2012

Enabling Powershell Remoting

I manage a bunch of SharePoint farms and have finally gotten around to setting up Powershell Remoting to streamline some of my maintenance tasks.

Following the post Enable and Use Remote Commands in Windows PowerShell, I run the following on my remote servers:
Enable-PSRemoting -force

From my client machine, I tried the following:
$computername="MyComputerName"
$credential="MyCredential"
Enter-PSSession -Computername $computername -Credential $credential

This resulted in the following error:

Enter-PSSession : Connecting to remote server failed with the following error message : WinRM cannot process the request. The following error occured while using Kerberos authentication: The network path was not found.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more information,
 see the about_Remote_Troubleshooting Help topic.

I verified that my firewall was allowing the WinRM ports.

I set my trusted hosts on my remote servers using:
winrm s winrm/config/client '@{TrustedHosts="MyComputerName"}'

I then came across this post on how to enable Remote PSSession over SSL. I have a wildcard certificate for my domain. Modifying the script ever so slightly, I ran the following to enable HTTPS and disable HTTP transport
winrm create winrm/config/listener?Address=*+Transport=HTTPS `@`{Hostname=`"MyCertificateIssuedTo`"`; CertificateThumbprint=`"MyCertificateThumbprint`"`}
netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" protocol=TCP dir=in localport=5986 action=allow
winrm set winrm/config/Listener?Address=*+Transport=HTTP `@`{Enabled=`"false`"`}
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=no

Now I get the following error:

Enter-PSSession : Connecting to remote server failed with the following error message : The server certificate on the destination computer (MyComputerName) has the following errors:
The SSL certificate contains a common name (CN) that does not match the hostname. For more information, see the about_Remote_Troubleshooting Help topic.


Aha! Progress! Now looking at the Securing WinRM thread, I try the -SkipCACheck and -SkipCNCheck Session Options as described. Now I get the following error:

Enter-PSSession : Cannot bind parameter 'SessionOption'. Cannot convert the "Microsoft.WSMan.Management.SessionOption" value of type "Microsoft.WSMan.Management.SessionOption" to type "System.Management.Automation.Remoting.PSSessionOption".


It looks like some types have changed since that thread was posted. So, I used the following instead

Enter-PSSession -ComputerName $computername -Credential $credential -UseSSL -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck)


Success!

Monday, August 20, 2012

Locating unghosted pages

I recently came across a page that was giving me this error:
The control type '...' is not allowed on this page. The type is not registered as safe.

The obvious solution is to add a <SafeControl> tag to the web.config, but checking with my developer, he said it was not necessary and he does not have that declaration on his test server.

This led me to hypothesize that a custom branding we had was causing the problem to which my developer corroborated that unghosted master pages will cause problems.

So how to locate the unghosted pages? This led me to the following post: Ghosts in the Machine? However, this is for SharePoint 2007 so taking a leap of faith, I modified the SQL script provided and came up with this:

SELECT TOP 1000 
      [DirName]
      ,[LeafName]
      ,[SetupPath]
      ,[SetupPathUser]
  FROM [WSS_Content].[dbo].[AllDocs]
  where ([AllDocs].[Type] = 0)
  AND ([AllDocs].SetupPath IS NOT NULL)
  AND ([AllDocs].DocFlags & 64 = 64) 


Checking the reference for the AllDocs Table this query seemed to make sense.

Thursday, July 26, 2012

Creating Community subsites

I tried to create a community on my brand new SharePoint 2013 server.

First of all, the familiar Site Actions->New Site has been moved. You now have to open the gear menu, select View Site Content, then click new subsite. According to some blogs, there should be a Community template, but that does not appear on my list.

Recalling that a subweb can be converted to a community via activating the Community Site Feature, I just created a Blank Site and tried to activate the feature. This is when I ran into the following errors:

The Site scoped feature being activated has a dependency on hidden Site scoped feature 'FeatureDefinition/4326e7fc-f35a-4b0f-927c-36264b0a4cf0' (ID: '4326e7fc-f35a-4b0f-927c-36264b0a4cf0'). Hidden features cannot be auto-activated across scopes. There may be one or more visible Site scoped features that auto-activate the dependent hidden feature.
The Site scoped feature being activated has a dependency on hidden Site scoped feature 'FeatureDefinition/915c240e-a6cc-49b8-8b2c-0bff8b553ed3' (ID: '915c240e-a6cc-49b8-8b2c-0bff8b553ed3'). Hidden features cannot be auto-activated across scopes. There may be one or more visible Site scoped features that auto-activate the dependent hidden feature.
The Site scoped feature being activated has a dependency on hidden Site scoped feature 'FeatureDefinition/d32700c7-9ec5-45e6-9c89-ea703efca1df' (ID: 'd32700c7-9ec5-45e6-9c89-ea703efca1df'). Hidden features cannot be auto-activated across scopes. There may be one or more visible Site scoped features that auto-activate the dependent hidden feature.
The Site scoped feature being activated has a dependency on hidden Site scoped feature 'FeatureDefinition/947afd14-0ea1-46c6-be97-dea1bf6f5bae' (ID: '947afd14-0ea1-46c6-be97-dea1bf6f5bae'). Hidden features cannot be auto-activated across scopes. There may be one or more visible Site scoped features that auto-activate the dependent hidden feature.
The Site scoped feature being activated has a dependency on hidden Site scoped feature 'FeatureDefinition/c6a92dbf-6441-4b8b-882f-8d97cb12c83a' (ID: 'c6a92dbf-6441-4b8b-882f-8d97cb12c83a'). Hidden features cannot be auto-activated across scopes. There may be one or more visible Site scoped features that auto-activate the dependent hidden feature.

Curious about what these are? I ran the following Powershell
@("4326e7fc-f35a-4b0f-927c-36264b0a4cf0", "915c240e-a6cc-49b8-8b2c-0bff8b553ed3", "d32700c7-9ec5-45e6-9c89-ea703efca1df", "947afd14-0ea1-46c6-be97-dea1bf6f5bae", "c6a92dbf-6441-4b8b-882f-8d97cb12c83a") | ForEach-Object {Get-SPFeature $_}

and got the following:
DisplayName                    Id                                       CompatibilityLevel   Scope
-----------                    --                                       ------------------   -----
SocialSite                     4326e7fc-f35a-4b0f-927c-36264b0a4cf0     15                   Site
Ratings                        915c240e-a6cc-49b8-8b2c-0bff8b553ed3     15                   Site
CategoriesList                 d32700c7-9ec5-45e6-9c89-ea703efca1df     15                   Web
MembershipList                 947afd14-0ea1-46c6-be97-dea1bf6f5bae     15                   Web
AbuseReportsList               c6a92dbf-6441-4b8b-882f-8d97cb12c83a     15                   Web


Is there a feature that will activate all these as well? Searching around the internet, I did not find any so I figured why not try just activating the 2 site scoped ones using the following Powershell:

$site=Get-SPSite https://somesiteurl
$feature=Get-SPFeature "4326e7fc-f35a-4b0f-927c-36264b0a4cf0"
Enable-SPFeature -Identity $feature -Url $site.Url

$feature=Get-SPFeature " 915c240e-a6cc-49b8-8b2c-0bff8b553ed3 "

Enable-SPFeature -Identity $feature -Url $site.Url

I then went back to the Blank site and was able to activate the Community Site Feature.

I also tried new subsite and, lo and behold, the Community template is now there.

I am sure that someone will soon document how this should actually be done and that this will also be fixed in RTM, but until then, this works for me.



SharePoint Timer Service not starting up

I recently discovered that on one of my farms my SharePoint Timer Service would continuously start up and crash.
There are numerous entries like the following 2 in the System log:

The SharePoint 2010 Timer service terminated unexpectedly.  It has done this 2965 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

and

The timer service could not initialize its configuration, please check the configuration database.  Will retry later.


The following is found in ULS:

SPTimerStore.InitializeTimer: SPConfigurationDatabase.RefreshCache returned SPConstants.InvalidRowVersion
and
The timer service could not initialize its configuration, please check the configuration database.  Will retry later.


I verified that my service's user context had the correct username and password.

I also cleared the timer cache (and, yes, I emptied the GUID folder and instead of deleting it).

There were a couple of DCOM 10016 errors which seemed irrelevant to this issue, but I fixed those anyway (as per http://sajiviswam.wordpress.com/2011/04/15/the-machine-default-permission-settings-do-not-grant-local-activation-permission-for-the-com-server-application-with-clsid-000c101c-0000-0000-c000-000000000046-sharepoint-2010/)

I'm still getting the same problem.

I started looking at the Fusion log as described in http://soerennielsen.wordpress.com/2009/01/14/fixing-the-timer-service-when-everything-breaks-down/ but think I'm in too deep.

What's curious is that the Timer Service stopped functioning around the time the web application was extended in order to support HTTPS and there are some new files in C:\windows\assembly\GAC_MSIL. However, I am unable to make any connection. As far as I can tell, my assemblies in the GAC are not corrupted since all other functions appear to be working.


Tuesday, July 24, 2012

SP2013Beta: Adding site (SPWeb) users

I ran into a several relatively trivial issues with adding users to the Members and Owners groups in SharePoint 2013 Beta

My administrator user does not have a Site Settings option under the gear icon at the My Site. However, this was available under my Home site ("/"), so doing some URL mangling, I was able to get the My Site Permissions page by going to /my/_layouts/15/user.aspx

Note that "All Authenticated Users" is now called "Everyone"

The people picker doesn't look like it's working. I get a "Sorry, we're having trouble reaching the server". However, I am able to add users (ie: Share, in SP2013 speak) if I enter the complete name in the picker.

Finally, the "Send an email invitation" setting is checked by default and only accessible after you expand Show Options. That is annoying.


Monday, June 25, 2012

New-SPAlternateURL : You must specify the default zone URL for all Web applications ...

I was configuring AAM using Powershell. I wanted my current Default URL to be my new Intranet URL and to use a new URL as my Default. To add a setting for a new zone, I was using New-SPAlternateURL. 


$app = Get-SPWebApplication
New-SPAlternateURL -WebApplication $app -Zone "Intranet" -Url $app.Url

...

However, this is what I am getting:

New-SPAlternateURL : You must specify the default zone URL for all Web applications. To delete the Alternate URL Collection, remove the public URLs in all other zones, and then remove the default zone URL


It turns out this is the error message you get when you try to use the same URL for more than one zone. It would have been nice if the error message actually said that. So now my code is like this:


$app = Get-SPWebApplication
$intranetUrl = $app.Url
Set-SPAlternateURL -Identity $app.Url -Zone "Default" -Url $defaultUrl
New-SPAlternateURL -WebApplication $app -Zone "Intranet" -Url $intranetUrl


Thursday, June 21, 2012

Powershell style command line arguments in c# console application

I have jumped back into writing a c# console application which requires some command line argument. Since I love the way Powershell does it, I figured why not? Doing some searching around, I came across this blog post, "Powershell like command line arguments in a C# Console Application", which does it beautifully for me. Now to move onto actually writing my console application itself ...

Thursday, June 7, 2012

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

I just setup my SharePoint 2010 instance to run under SSL. I have a Powershell script that creates users and does a bunch of other setup things. One of the steps is to load some SharePoint pages which I do with something like this:


$Page = $WebClient.DownloadString($URL)


This was working fine when the default zone was HTTP but now that I am on HTTPS, I get the following error:

Exception calling "DownloadString" with "1" argument(s): "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
At line:1 char:34
+ $Page = $WebClient.DownloadString <<<< ($URL)
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException     + FullyQualifiedErrorId : DotNetMethodException

I am using a commercially signed certificate and triple checked that the CA root certificates are in the right places. 

Doing some research I came across this thread on SSL/TLS Trust Relationship. Simply overriding the server certificate validation callback to blindly accept everything did the trick:

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

Not feeling totally comfortable with that, I decided to do more research and found a post about Managing Trusted Root Authorities for Claims Authentication in SharePoint 2010 Central Admin. This led me to try the following:

  1. Central Administration->Manage Trust
  2. New (trust relationship)
I added my Root Authority Certificate and now I don't have any more trust issues. Well, my Powershell script doesn't - I still don't trust anybody :-) 

Wednesday, June 6, 2012

System.IO.FileLoadException thrown on managing service application from Central Administration

I had just extended my web application to allow for SSL access. In order to do some configuration, I needed to go into Central Administration->Manage Service Applications. I was unable to manage some applications because Central Administration was throwing the following exception:

System.IO.FileLoadException: The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)  

Not much more available in ULS.

It looks like just a simple iisreset did the trick. It probably has to do with the fact my demo server has Central Administration on the same server as the Service Application (just like the issue with the User Profile Application being on the same machine as Central Administration).



Tuesday, June 5, 2012

Set-ADAccountPassword : Access is denied

I was trying to reset  a bunch of passwords and was trying to do this in Powershell:

Set-ADAccountPassword -Identity myuser -Reset -NewPassword (ConvertTo-SecureString -AsPlainText 'newpassword' -Force)

However, it was coming back with the following despite running the Powershell console as Administrator:

Set-ADAccountPassword : Access is denied
At line:1 char:22
+ Set-ADAccountPassword <<<<  -Identity myuser -Reset -NewPassword (ConvertTo-SecureString -AsPlainText 'newpassword' -Force)
    + CategoryInfo          : PermissionDenied: (christys:ADAccount) [Set-ADAccountPassword], UnauthorizedAccessException
    + FullyQualifiedErrorId : Access is denied,Microsoft.ActiveDirectory.Management.Commands.SetADAccountPassword


I did a quick search and found this, which didn't help, but it did inspire me to try this:

$newpassword = ConvertTo-SecureString -AsPlainText 'newpassword' -Force
Set-ADAccountPassword -Identity myuser -Reset -NewPassword $newpassword



This worked well.

Monday, June 4, 2012

Creating default associated groups

While creating a new site through the UI (Site Actions->New Site) my browser crashed. This caused the default associated groups to not get created among other things. As a result, I had to do this manually.

Looking back at a previous post, Creating predefined groups in site collection created by Powershell, I ran the following Powershell:

$web.CreateDefaultAssociatedGroups($web.Site.Owner.UserLogin, $web.Site.SecondaryContact.UserLogin, $web.Title)


I went back into Site Permissions and still didn't see my groups. Reading the SPWeb.CreateDefaultAssociatedGroups Method document's Remarks, it mentions that the AssociatedVisitorGroup and the AssociatedOwnerGroup have to be null before invoking this method. Mine were set to point to the equivalent Home groups. So I ran the following:
$web.AssociatedOwnerGroup = $null
$web.AssociatedMemberGroup = $null
$web.AssociatedVisitorGroup = $null
$web.CreateDefaultAssociatedGroups($web.Site.Owner.UserLogin, $web.Site.SecondaryContact.UserLogin, $web.Title)

and all is fine.

Using iPad as an external monitor

Sometimes I'm on the road but still doing some heavy duty work and having a second monitor helps. Carrying a second monitor is out of the question. I have thought about bringing extra cables and using my hotel room TV. I have even thought about buying an external pico projector. However, since I have an iPad, I thought I might as well use that as a second display.

I researched the following options:
DisplayLink
ultraVNC / Mocha VNC Lite - as described here
Air Display - Shelve it for now as it costs $9.99
iDisplay - I stayed away from this one due to some bad reviews.
MaxiVista - I stayed away from this one due to some bad reviews.
OnLive Desktop also popped up in my searches, but from what I can tell it gives you a whole Windows environment and not simply a display

I ended up using DisplayLink as it seems like it was built specifically for my purpose.

The installation was smooth, but it appeared to have screwed up some Bluetooth driver as my Bluetooth mouse no longer worked. It could be coincidence, but I had to reinstall the driver after installing DisplayLink and everything worked again.

I wish there were one that would connect over Bluetooth instead of over wifi, but I will take it for now.

Now to buy a cover / stand.

[Update - 2012-06-07]
Got BSOD coming from dlkmd.sys twice yesterday before deciding to uninstall. I haven't even used it for a few days. In both cases, it may have happened when my machine locked itself for being idle.

Wednesday, May 30, 2012

Unable to find type [Parameter]: make sure that the assembly containing this type is loaded

Just learning about parameters in Powershell and came across this error:
Unable to find type [Parameter]: make sure that the assembly containing this type is loaded

Yes, I am running Powershell v2.0 and no I did not easily find any reference to this in my searches.

Through some trial and error, I figured out that in my Param() declaration, I had this:
Param(
...
,
[Parameter]
[String] $Description
,
...
)

The "[Parameter]" declaration was the culprit. My other ones had [Parameter(Mandatory=$true)]. So, I just removed the line and all works fine again.



Friday, May 25, 2012

Datasheet view is not supported on 64-bit versions of Office 2010

I just got a new laptop with a decent amount of memory. It also has a 64-bit version of Office 2010. I noticed that my SharePoint lists would no longer allow me to view in Datasheet view with the following error returned:
The list cannot be displayed in Datasheet view for one or more of the following reasons:
A datasheet component compatible with Microsoft SharePoint Foundation is not installed.
Your web browser does not support ActiveX controls.
A component is not properly configured for 32-bit or 64-bit support

Doing some further research I came across this:

You cannot view a list in Datasheet view after you install the 64-bit version of Office 2010
The best part is: If your business needs do not require you to use the 64-bit version of Office 2010, we recommend that you uninstall the 64-bit version of Office 2010 and install the 32-bit version of Office 2010. A 32-bit version of the Datasheet component is installed with the 32-bit version of Office 2010.

There is a workaround which is to install 2007 Office System Driver: Data Connectivity Components
However, that has implications such as needing to uninstall and reinstall this should you need to add more components to Office 2010. That sounds like a disaster waiting to happen.

Seriously!?

Wednesday, May 16, 2012

Remove site groups

I regularly create webs and subwebs with non-inherited permissions. This results in a bunch of permissions groups created for those webs. For some reason, deleting the web does not remove the corresponding groups. Since sometimes there are a lot, I decided to write a script to do this:

$web = Get-SPWeb <URL of root web>
$groupstodelete = $web.SiteGroups | Where-Object {$_.Name -eq "<whatever matching criteria>"}
$groupstodelete | ForEach-Object {$web.SiteGroups.Remove($_.Name)}

Simple and saves me a lot of clicking

Monday, May 14, 2012

Compiling all audiences

I have a Powershell script that adds users and wanted it to also compile audiences. I thought this would have been under on of the UserProfileManager or the UserProfileConfigManager classes. However, it appears that it is only available under the RunAudienceJob static member of the Microsoft.Office.Server.Audience class. Fortunately, it is fairly straightforward to execute:

$applicationId = (Get-SPServiceApplication -Name 'User Profile Service Application').Id
$AUDIENCEJOB_START = '1'  
$AUDIENCEJOB_INCREMENTAL = '0'  
[Microsoft.Office.Server.Audience.AudienceJob]::RunAudienceJob(@($applicationId, $AUDIENCEJOB_START, $AUDIENCEJOB_INCREMENTAL))

... with some inspiration from: SharePoint 2010 Compile All Audiences 

Thursday, May 10, 2012

Automatically creating My Site personal site

A user's My Site personal site is automatically created the first time they click on the My Content link. However, for other reasons, I need to have these personal sites already created before they log in. As a result I went looking for a script to do this.

Here is essentially what I tried:

$URL = "http://someurl"     
$accountName = "myuser"

$site = New-Object Microsoft.SharePoint.SPSite($URL) 
$context = [Microsoft.Office.Server.ServerContext]::GetContext($site) 
$upm = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($context) 

$userprofile = $upm.GetUserProfile($accountName)
$userprofile.CreatePersonalSite();

This was not successful in creating the personal site.

The account under which I run this has administrator rights on the User Profile Service Application, and is in the Farm Administrators Group. In the ULS there was an entry for "Access Denied". I also do have Self Service Site Creation enabled.

Seeing as this was an "Access Denied" I then tried to run the script as the SharePoint Farm Account. This was successful. Unfortunately, I do not want to run this script as the Farm Account.

Next step was to try running this with elevated privileges which involved putting my code within this:

[Microsoft.SharePoint.SPSecurity]::RunWithElevatedPrivileges()
Still no luck

Next was to try using a different user token like this:
$site = New-Object Microsoft.SharePoint.SPSite("myurl", [Microsoft.SharePoint.SPUserToken]::SystemAccount)
or even with the user account for which I am creating the personal site.
Still no luck.

At this point, I gave up and put my script into the Task Scheduler to be executed as the Farm Account.

It would be nice to know exactly what permission is missing.







Friday, April 20, 2012

Amazon EC2 Powershell

I keep forgetting where to find the latest and somehow never use the right search terms. So, here is the location of the Amazon EC2 API Tools which include the Powershell cmdlets
http://aws.amazon.com/developertools/351

And for completeness, the AWS toolkit is here: http://aws.amazon.com/sdkfornet/

And now for Windows is here: http://aws.amazon.com/powershell/

Friday, March 2, 2012

My Site creation failure ... System.ArgumentException: Another site already exists ...

My users were going to their My Content area for the first time (ie: creating their personal site) and got the following error:
There has been an error creating the personal site. Contact your site administrator for more information
Checking the ULS, I see the following:

My Site creation failure for user '[some-user]' for site url '[some-site]'. The exception was: Microsoft.Office.Server.UserProfiles.PersonalSiteCreateException: A failure was encountered while attempting to create the site. ---> System.ArgumentException: Another site already exists at [some-site]. Delete this site before attempting to create a new site with the same URL, choose a new URL, or create a new inclusion at the path you originally specified.    


It turned out that my Personal Site Location had been changed from "my/personal" to just "my" so it was not pointing at a wildcard inclusion managed path.

Wednesday, February 1, 2012

SPListItem provided is not compatible with a Publishing Page

I have been hitting my head against a wall lately with a custom master page and some custom sites. There appears to be an incompatibility between the 2. Since they come from separate sources, finding out where to point the finger is a little tricky. My custom master page makes use of Publishing, Feature Stapling, among other things.

The behaviour is that when I edit a community page and then click publish, it would throw an exception

System.ArgumentException: Invalid SPListItem. The SPListItem provided is not compatible with a Publishing Page.   
 at Microsoft.SharePoint.Publishing.PublishingPage.GetPublishingPage(SPListItem sourceListItem)    
 at Microsoft.SharePoint.Publishing.Internal.WebControls.PublishingPagePublishHandler.RaisePostBackEvent(String eventArgument)    
 at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)    
 at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

I have yet to figure out what is going on here. However here are some other observations

$web = Get-SPWeb <SPWeb URL>
[Microsoft.SharePoint.Publishing.PublishingWeb]::IsPublishingWeb($web)

This returns false despite the Publishing tab being there and the SharePoint Server Publishing site feature is activated.


So, ignoring the False, I continue with this:
$publishingweb = [Microsoft.SharePoint.Publishing.PublishingWeb]::GetPublishingWeb($web)
$publishingpages = $publishingweb.GetPublishingPages()

This throws an exception:

Exception calling "GetPublishingPages" with "0" argument(s): "The site is not valid. The 'Pages' document library is missing."
At line:1 char:53
+ $publishingpages = $publishingweb.GetPublishingPages <<<< ()
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

... but the Pages document library does indeed exist and I do have administrative rights on it.


I also try the following:

$pages = $web.Lists | Where-Object {$_.Title -eq "Pages"}
$page = $pages.Items | Where-Object {$_.Name -eq "default.aspx"}
[Microsoft.SharePoint.Publishing.PublishingPage]::IsPublishingPage($page)

... and get False which I would expect given the results from above. What doesn’t make sense is that this default.aspx page does have a Publish tab on it.

I then decided to try the IsPublishingWeb again, but without the custom master page. This is still giving me False. So, I guess I will start pointing the finger towards my custom site ...




Tuesday, January 3, 2012

Blog spammers, get lost

I got a few spam comments lately that appear to be either attempts to link to questionable sites or attempts to do some SEO on their own site.

The latest is crafted to semi legitimate
Thanks for sharing your info. I really appreciate your efforts and I will be waiting for your further write ups thanks once again

In general, I prefer openness, but will not tolerate this kind of activity. As a result, I have changed my comment settings. Hopefully, these buggers will go away.