I recently removed IE11 (using manage features) only to find hyperlinks no longer working in Outlook (Office365 Apps/2016). There are lots of posts out there suggesting a reset of IE or app associations, none of which did the trick. For me, the refresh firefox option in the add/remove programs uninstall dialogue worked first time and outlook message links opened in what I’d previously set as the default (new Edge). Winning.
Worth a post as this is a rare configuration scenario which resulted in free/busy to fail in a hybrid setup (2016).
I’d decided to move my Office365 test tenant from one to another. The AD Connect side of things was pretty straight forward but I was interested to see how the Hybrid Exchange would move over. Without going in to the A-Z of that, it seemed to all be working until it came to free/busy. I went through loads of troubleshooting, checking config either side etc but the root cause was the AuthServer AD object not being removed/refreshed, such that it was holding on to the old tenant ID.
Test-OAuthConnectivity was failing both ways, with an error of (401) Unauthorized and error_category=”invalid_issuer”.
Stepping through the guidence found here: Technet Oath Troubleshooting, the lightbulb moment was Get-AuthServer (run on-premises) which is supposed to have your tenant ID in it. The tenant ID belonged to my old Office365 tenant! The timestamps on the AD object show (to me) it hadn’t been updated when the hybrid config wizard was run again.
So following the steps in the link above, I removed the AuthServer and added it back in (with the name I had previously EvoSts rather than WindowsAzureACS).
With the IISreset done free/busy started working both ways. Win!
When using folder redirection against the documents folder, I noticed some customer environments nested this in the home drive as ‘Documents’ and some as the legacy type naming of ‘My Documents’. Google-fu didn’t quite yeild the answer I was looking for (how you end up with one or the other), so after messing about in the lab here’s how.
It’s down to the settings tab and the “Also apply redirection…” checkbox. If you configure a policy with that checked you’ll get “My Documents”. Unchecked it will create the path with “Documents”.
To flip between the two, you have to follow a few steps, it’s not just a case of checking/unchecking. This assumes you know enough to be in the right GPO 🙂
Open up the properties for the Documents setting within the GPO.
Starting with an unconfigured policy, the settings under the settings tab should be greyed out. Choosing “Basic…”, unlocks the settings. Note the “Also apply…” is unchecked by default.
Back on the Target tab, select “Create a folder for each user under the root path” and as you type your location, note it autocompletes as “Documents”.
To change the location so it completes with the legacy style “My Documents”, change the target folder to “Redirect to the user’s home directory” (this is temporary) then, check the “Also apply…” box in the settings tab and hit ok to save the policy (dialogue will close).
Open it again, this time when you select “Create a folder for each user under the root path”, note the autocomplete uses “My Documents” instead!
As there are no official SharePoint 2013 feature pack creation scripts from Microsoft, we have to make our own. Building on the Foundation feature pack script written by Spence Harbar this one also includes the features you will need for Standard and Enterprise (including SP1).
To generate the list, I built (SP1 integrated) Foundation, Standard and Enterprise VM’s (Enterprise being the Standard one ‘upgraded’). Once built, I ran the following on each to generate the full list of features available:
get-spfeature | format-table -autosize -property displayname,id,scope
Then I filtered out the noise in Excel to remove the WebApplication and Farm scoped features, compared my Foundation output to the original script’s content to make sure I had the right features, and finally chucked it in the script. As always, use at your own peril. I’ve tested to check the features appear in the Site Collection Settings page as the licence is switched. I take no responsibility for your car not starting in the morning (although I might help you fix that too :P)
Here’s the script (save as, rename from jpg) Create 2013 MT Feature Packs (If your not in the main post, click continue reading to see the script contents). If you find anything wrong, let me know 🙂
John
I was messing about with the LSA cache timeout setting in the registry…(http://support.microsoft.com/default.aspx?scid=kb%3bEN-US%3b946358) when my pre-production ADFS server decided to throw it’s toys out of the pram. A 500 client side specifically. This ADFS server provides federation from our AD to Google, 365 and a 3rd party app and they were all down, bad times!
Related to the registry tweak or not?!… unsure/don’t care… at any rate in the event log, a 364 was logged on access:
Filtering out the noise, the important bit (to me) was:
System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at net.tcp://localhost:1501/adfs/services/trusttcp/windows that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
Within the ADFS console, under endpoints is an entry relating to the above.
So I disabled it, restarted the ADFS service (still broke), enabled, restarted the service and badda boom badda bing, federation happy again. 🙂
I recently put together a branding sandbox solution for a customer, deployed to an on-premise site collection.. Responsible for activating the typical staple/staplee for master page switching, the solution activated fine in development, pre-production and even in a live test site.
When it came to deploying to the customers site collection, SharePoint decided it needed more time to think about it and barfed with…
“Timeout while waiting for request to complete within the sandboxed appdomain”
Knowing that the customers site had circa 400 sub sites, I figured the master page switching was taking a bit longer than the default 30 seconds allowed for… so using the below references;
http://stackoverflow.com/questions/5722320/sharepoint-2010-sandbox-solution-timeout
http://charulbhargava.blogspot.co.uk/2012/05/modify-sandbox-codesolution-execution.html
I put together a powershell script to update the values. In the script you just need to increase the top two values and run, a restart of the sandbox service is required on each server in the farm. As the first link provided says, make sure the CPU value is higher. Worth noting I’ve put more snazziness in there than is required to get the job done, but where’s the fun in scripting if you can’t be creative about it 🙂
# Update these with required values, CPU should always be higher. # Worker Process Timeout $wpe = "60" # CPU Timeout $cpu = "120" # Grab the User Code Service $uc=[Microsoft.SharePoint.Administration.SPUserCodeService]::Local # Output current values Write-Host "" Write-Host "Current worker process execution timeout is:" $uc.WorkerProcessExecutionTimeout "seconds" -foreground cyan Write-Host "Current CPU execution timeout is:" $uc.ResourceMeasures["CPUExecutionTime"].AbsoluteLimit "seconds" -foreground cyan Write-Host "" Write-Host " ***UPDATING***" Write-Host "" # Update worker process execution timeout $uc.WorkerProcessExecutionTimeout = $wpe # Update CPU execution time $uc.ResourceMeasures["CPUExecutionTime"].AbsoluteLimit = $cpu # Update User Code Service $uc.Update() # Output new values Write-Host "New worker process execution timeout is:" $uc.WorkerProcessExecutionTimeout "seconds" -foreground green Write-Host "New CPU execution timeout is:" $uc.ResourceMeasures["CPUExecutionTime"].AbsoluteLimit "seconds" -foreground green Write-Host ""
Which results in the following output and a happy sandbox solution 🙂
I was running through the process of provisioning a new 2010 farm, when I came across an error 1387 trying to extend a newly created web application to another zone (for anonymous access)
The issue was repeatable, so I fired up the trusty ULS viewer and noticed it was failing when trying to add one of the SharePoint service accounts to the local Performance Monitor Groups…
It was at this point I released what was going on. The service account it was trying to add, wasn’t the one I thought was assigned to the web application. About an hour prior I’d actually deleted the account as I thought it wasn’t needed!
So after removing the palm from my face, I set about switching the service account to the correct one. Using the Configure Service Accounts link from central admin failed because of the missing account, so given it was a new web app I just deleted it and started again 🙂
Not sure how much use this might be, but if it helps your train of thought then it’s all good!
One of our developers mailed me today, complaining about an issue on one of their SharePoint 2010 tenant site collections. The site has recently been re-provisioned using a console based scripting mechanism.
The /admin site loaded up fine, but the manage user profile link gave an access denied. Typically this says to me there’s a mis-match in site subscription ID’s, but they checked out fine (The profile DB .tenants table and a get-spsitesubscription against the root, /admin and /mysites is how I check).
Then I checked the ‘Managed Site Collections’ which barfed a “This page cannot render outside of a tenant administration site” error. It seemed to me that on re-provision, the site had lost it’s own sense of purpose…
Using the snazzy SharePoint Manager tool, I drilled down to the /admin site and confirmed the AdministrationSiteType was set to none.
Looks like the provisioning code was set to create a new admin site using the correct template, but wasn’t setting the AdministrationSiteType property.
So to fix the immediate issue, I just needed to remind the site how important it was. 🙂
Set-SPSiteAdministation -Identity https://sp.thepointyside.com/admin -AdministrationSiteType TenantAdministration
PeoplePicker, with it’s various guises and myriad of hidden settings is one of the more ‘challenging’ aspects of SharePoint administration when it comes to custom requirements.
One of the aforementioned ‘challenging’ issues I found today, involved the seemingly simple task of locking the thing down to a specific OU within a multi-tenant 2010 farm.
In this particular environment the SharePoint servers reside in a child domain ‘B’, the user accounts in another ‘C’ with a root domain at the top ‘A’. Before locking down, I was able to search a name and have it return results from all domains, all good.
So I ran the powershell command to lock it down to the tenants OU….
$sub = Get-SPSiteSubscription -Identity https://sp.thepointyside.com
Set-SPSiteSubscriptionConfig -Identity $sub -UserAccountDirectoryPath "OU=spusers,DC=domainc,DC=domaina,DC=local"
….which stopped all results (except those being pulled from the site user info list). Hmm bad PeoplePicker!
Wireshark was reporting the expected AD referral from the home domain, telling SharePoint to make it’s way to one of the DC’s in domainc, then closing the LDAP bind! In the ULS (using the snazzy ULS viewer of course), I noticed the ‘a referral was returned from the server’ error appear when searching.
It seemed to me SharePoint knew where it was supposed to look, but wouldn’t.
A few tactical Googles later and this nugget of super joy was found; http://support.microsoft.com/kb/967612
[Reflection.Assembly]::Loadwithpartialname("System.DirectoryServices")
$webapp=[Microsoft.SharePoint.Administration.SPWebApplication]::Lookup("https://tenants.thepointyside.com")
$webapp.PeoplePickerSettings.ReferralChasingOption = [System.DirectoryServices.ReferralChasingOption]::All;
$webapp.Update();
I put the above in to a .ps1 and ran against the tenants web application…. then result! literally… 😛
As Google searching has undoubtedly revealed to you the lack of easy switchback makes going back to classic a bit more long winded, but the process really isn’t that difficult.
Following the excellent advice posted by Wilson Leung here, a console app was put together in Studio 10 and the process I followed looked like this;
The console app then runs through all the users and groups it finds and switches them over. Snazzy!
Click continue reading below to see the full .cs code I used in the end. The project was based on the SharePoint console app template found within the CKS Dev Tools over here. If your feeling brave, I’ve put a copy of the compiled exe here (rename from jpg). Usual “don’t blame me if your cat sets on fire running this” applies. 😉
John
the pointy side < 
