So Welcome on one of the many technical blogs out there on the web. So what is special about this blog? Well absolutely nothing :) ... This is the place where I store handy information I don't want to forget, while hoping that in the process I'm also helping some other poor soul on the web that is facing similar issues, or is interested in similar topics.
So who am I?
My name is Mark Priem, I was build in 1981 and live in the Netherlands together with my two sons, Roan and Levi, and my Wife Mylene (note the capital W... You know who's boss now), who I all love to death.
Aside from spending as much time as possible with my family I enjoy sports and socializing face to face and online. Your average Joe right? The little time that is left I spend on technology; My main focus currently is SharePoint and cloud solutions, which I work with on a daily basis as part of my Job, Consultant at Microsoft. As I'm a Microsoft Certified Master in SharePoint 2010 I think I can say I know a thing or two about SharePoint, which I hope has a positive effect on the quality of my posts.
If however you find any misinformation or plain wrong content, please let me know. We all make mistakes right? :)
Please enjoy your stay and let me know what you think by commenting to my posts.
Thanks!
Mark
Recently I worked on an interesting case during one that was blocking deployment of one of the SharePoint 2013 projects I was working for.Basically what happened was that although deployment of SharePoint went well, some of the Service Applications like Managed Metadata, User Profile Service, Business Connectivity Services, and Search did not work properly. The symptoms varies, but a common error message in the ULS logs stated:02/27/2013 09:58:52.07 w3wp.exe (0x1910) 0x2428 SharePoint Server Taxonomy ca42 Medium Exception returned from back end service. System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: AccessDeniedEx:The current user has insufficient permissions to perform this operation. (FaultDetail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is: System.UnauthorizedAccessException: AccessDenied Ex:The current user has insufficient permissions to perform this operation. at Microsoft.SharePoint.Taxonomy.MetadataWebServiceApplication.GetServiceSettings(GuidrawPartitionId) at SyncInvokeGetServiceSettings(Object , Object[] , Object[] ) at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.In... 5510ed21-c1ef- 4b6f-8305-33afc4200a76
Also after doing some WCF tracing I found that there was an interesting claim in the SAML token (as part of Service Application authentication; Remember... Everything in the Service app world is claims):<saml:Attribute AttributeName="isauthenticated" AttributeNamespace="http://sharepoint.microsoft.com/claims/2009/08" a:OriginalIssuer="SecurityTokenService" xmlns:a="http://schemas.xmlsoap.org/ws/2009/09/identity/claims"> <saml:AttributeValue>False</saml:AttributeValue>
Clearly there is something fishy going on here J.
After working on this for most part of a week, even with help of my colleagues at Premier Support, we were not able to nail this one down. Fortunately someone at the customer remembered running into similar issues with a SharePoint 2010 project they did years back.The solution for that problem was to set the advanced Anonymous Authentication settings of the IIS root node to IUSR:
http://technet.microsoft.com/en-us/library/cc770966(v=WS.10).aspx
Using a default Windows deployment will not require you to do this, but this customer in particular followed a "customize if possible" strategy for their Windows build images, and changing this setting (among many others) to a non-default setting of "Application Pool identity".
I have tried to find out why this breaks SharePoint functionality so severely, but was unable to. (If you know, please post to the comments!).
Fortunately we were able to move forward with the project. I hope I can help at least one of you peeps out there, by posting this!
SharePoint experts must love to hurt themselves. How else do we go through the pain of configuring Kerberos or getting User Profile Service to work. Oh yeah don't forget the endless variations in Service Application configuration. There is a different way of doing things for every freakin' one of them.
Off course every one of us has their own bag of tricks scripts to help out. And for the sorry souls out there that don't …. Well …At least now getting Kerberos to work can get a lot easier if you use the recently released Kerberos configuration tool for SQL Server.
It is a simple tool that connects to a server containing SQL compontents (for example: DB engine, analysis services, and reporting services), and checks AD if the appropriate SPNs are set.It also lets you generate the scripts to configure them if they are not. Pretty neat huh?
Obviously this is not the entire story when it comes to configuring Kerberos for various scenarios within SharePoint, but it does does hurt a whole lot less if you use tools like these.
For more information on the tool, go to http://blogs.msdn.com/b/analysisservices/archive/2013/05/23/released-kerberos-configuration-manager-for-sql-server.aspx
For more information on configuring Kerberos for SharePoint, go to http://technet.microsoft.com/en-us/library/ee806870.aspx
Last week I was tasked with creating some backup/restore scripts for SharePoint. The backup scripts kept erroring out with the following issue:
Backup for 'Search Service 1(099045f6-a648-48f1-9a05-a9371c5d9b88)' failed. System.ServiceModel.FaultException: Management called failed with System.InvalidOperationException: 'Job failed: Have tried to perform backup/restore operation twice on all in-sync members in cluster SP569693711984.1, but none succeeded. Last failure message: Microsoft.Ceres.SearchCore.Seeding.SnapshotTransferException: Could not send chunk ms\%default\gen.000000000000024c.state: Localpath: [0-338> to target BackupDirectoryTarget[directory=\\servername\Backup$\spbr000D\I.2.1,validateTransfers=False]
at Microsoft.Ceres.SearchCore.Seeding.SnapshotSender.SendChunks(ISnapshot snapshot, ISeedSource source, ISeedTarget target, SeedStatus status, Func`1 checkAborted, Int32 targetFragIndex)
at Microsoft.Ceres.SearchCore.Seeding.SnapshotSender.FirstPhaseTransfer(ISeedSource source, ISeedTarget target, Action`1 updateProgress, Func`1 shouldAbort)
at Microsoft.Ceres.SearchCore.Seeding.BackupWorker.BackupWork.DoFirstPhaseWork()'
at
at Microsoft.Ceres.SearchCore.IndexController.BackupService.ThrowOnFailure(JobStatus status)
at Microsoft.Ceres.SearchCore.IndexController.BackupService.ProgressSecondPhase(String handle)
at Microsoft.Ceres.SearchCore.IndexController.IndexControllerManagementAgent.WrapCall[T](Func`2 original) Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown
at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Ceres.SearchCore.Admin.IIndexControllerManagementAgent.ProgressSecondPhase(String handle)
at Microsoft.Office.Server.Search.Administration.BRIndexComponent.RetryWhileNoEndPoint[T](Func`2 action, SPBackupRestoreInformation args, Guid ssaId, TimeSpan retryTimeout)
at Microsoft.Office.Server.Search.Administration.BRIndexComponent.<>c__DisplayClass13`1.<RetryWhileNoEndPoint>b__12()
at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass5.<RunWithElevatedPrivileges>b__3()
at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)
at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)
at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode)
at Microsoft.Office.Server.Search.Administration.BRIndexComponent.RetryWhileNoEndPoint[T](Func`2 action, SPBackupRestoreInformation args, Guid ssaId)
at Microsoft.Office.Server.Search.Administration.BRIndexComponent.WaitPhaseComplete(SPBackupInformation args, Func`2 getProgress, Int32 sleepTime)
at Microsoft.Office.Server.Search.Administration.BRIndexComponent.WaitSecondPhaseBackupComplete(SPBackupInformation args)
at Microsoft.Office.Server.Search.Administration.TwoPhaseBackupHelper.WaitSecondPhaseBackupCompleteChildren(SPBackupInformation args)
at Microsoft.Office.Server.Search.Administration.SearchServiceApplication.OnBackup(SPBackupInformation args)
After trying dozens of things, in the end the solution to this issue is to run the script from a server that has a running Search service instance. The script will not work on servers that do not have search configured.
I'm running SharePoint 2013 RTM.