Archive for the ‘SharePoint 2010 Enterprise’ Category

Fixing User Cannot Be Found in SharePoint 2010 Workflow Settings

May 21, 2013

We started getting this error overnight on our SharePoint 2010 farm. Workflows stopped working, we couldn’t republish list workflows, and we couldn’t access the Workflow Settings page for any list or library on the entire site collection. The following error would appear:

User Cannot Be Found

Opening SharePoint Designer at the site collection level, we discovered that the Globally Reusable Workflows and Reusable Workflows were owned by user accounts that had been deleted. In order to fix this we used SharePoint Designer to open every workflow and clicked Publish with a static user account (i.e. the Farm service account or App pool service account). After republishing, all started working again.

 

HOWTO Manually Delete Activity Feeds from the SharePoint 2010 User Profile Database

June 26, 2012

WARNING: This process directly updates the SQL Server database used to host user profiles. It is not supported by Microsoft, and you may inadvertently damage your SharePoint environment following these steps. But if you absolutely have to…

We had a case where some data was inadvertently added to the User Profile activity feed on a users MyS ite and it contained potentially “your-eyes-only” information. It had to be removed ASAP, and OOTB there is no function with SharePoint that lets you directly individual items in the activity feed.

Normally, SharePoint 2010 uses two timer jobs to manage activity feed entries in the User Profile database:

<user profile service app> - Activity Feed Job  (used to push data into the activity feed)
<user profile service app> - Activity Feed Cleanup Job (used to delete activities once they are > 14 days old)

The second job looked promising originally as it is in the SharePoint 2010 CA, but it is not configurable and  hard-code to 14 days. However that job is attached to a stored procedure in the user profile database:

[activityFeed_DeleteActivityEventsPublished]

which deletes records from the table [ActivityEventsPublished]. I opened SQL management studio and viewed the entries for that table, and sure enough I found the ‘offending’ activity feed entry.

In this particular case I decided to delete the entry manually via SQL server using the T-SQL command:

delete from [ActivityEventsPublished]

where  ActivityEventId = <id>

This instantly removed the activity feed record and disappeared from the users activity feed straight away.

The only “supported” way I can think to do this would be:

  1. Wait the 14 days and let the activity feed be deleted via the timer job
  2. Restore a previous copy of the User Profile database

Neither way was good for the business users, so I chose the technically more perilous road instead…

Using the Synchronization Service in SharePoint 2010 – Forefront Identity Manager 2010

June 25, 2012

If you use the User Profile Synchronization Service in SharePoint 2010, you may not realise that you are also getting an identity management product included – Forefront Identity Manager 2010 (or FIM 2010). FIM 2010 is a full-featured identity management system, and included with SharePoint 2010 is the basic version that does not have a lot of the “extras” (like Certificate Management, the FIM portal, etc) but is used to import and export data between identity systems. Typically this is SharePoint 2010 User Profiles and Active Directory (other systems are also supported).

To view the FIM 2010 interface you can open the Synchronization Service Manager, which is by default located at:

C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe

Note that this is only installed when you configure the User profile Sychronization Service on SharePoint 2010, so if you have a multi-server deployment you need to be on the server that has the User Profile Synchronization Service running.

I’ve implemented a full FIM 2010 deployment previously so was quite interested to note that it is indeed the same product, with some reduced functionality. This has been helpful a couple of times when the synchronization has failed from SharePoint 2010 and I have needed to troubleshoot the issue by opening the Sync Service Manager.

Synchronization Service for SharePoint 2010

Synchronization Service Manager for SharePoint 2010

I was getting the following error in the Application event log after a Full Sync was being performed:

Event ID 6298 (Timer)
The Execute method of job definition Microsoft.Office.Server.UserProfiles.UserProfileImportJob (ID 719df063-5757-4542-8ed1-a2c1622f6603) threw an exception. More information is included below.
Generic failure

I also noted that the FIM Sync Service was stopping on the server, but the SharePoint 2010 Central Admin reported the service still running. 10-20 minutes later, the FIM Sync Service would start again.  I opened up the Sync Service Manager and checked the Management Agent Operations under the “Operations” tab. This tells you which Management Agents (responsible for synchronising data between systems) had been run recently and the result. My sync runs had not started at all.

I decided to run a full sync on all Management Agents in the following order:

1. On the Active Directory Domain Services management agent, I ran the profiles: DS_FULLIMPORT and DS_FULLSYNC

2. On the Extensible Connectivity type management agent (which is the customised SharePoint management agent), I ran the profiles: DS_FULLIMPORT, DS_FULLSYNC, DS_EXPORT, DS_DELTAIMPORT

(for FIM-people, this is the export and confirming import required to ensure data is full synchronised)

The imports completed successfully and further “normal” syncs via the SharePoint interface worked too.

FIM Sync Results

FIM Synchronization Results

It is possible to adjust the synchronization settings via the Sync Service Manager, but I wouldn’t recommend it – there is no documentation about the connection between SharePoint and the FIM Sync Engine, so it is possible you could break the interface by making changes.

Javascript error in SharePoint 2010 toolbar – ‘Pub’ is undefined

January 30, 2012

This error has cropped up a few times in different sites, and is generally related to enabling and disabling the Publishing feature in SharePoint 2010 Enterprise edition. This problem manifests itself in various ways:

  1. Clicking on the Edit mini-button in the toolbar does nothing, but clicking on the Settings menu and Edit page works
  2. Clicking on the Edit mini-button may throw a javascript error “‘Pub’ is undefined”
  3. Trying to save your changes results in a correlation error:

System.ArgumentException: Invalid SPListItem. The SPListItem provided is not compatible with a Publishing Page.    at Microsoft.SharePoint.Publishing.PublishingPage.GetPublishingPage(SPListItem sourceListItem)     at Microsoft.SharePoint.Publishing.Internal.WebControls.PublishingPageStateControl.RaisePostBackEventForPageRouting(String eventArgument, SPRibbonCommandHandler control, RaisePostBackEventDelegate raisePostBackEventDelegate)     at Microsoft.SharePoint.Publishing.Internal.WebControls.PublishingPageSaveAndStopEditHandler.RaisePostBackEvent(String eventArgument)     at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

You can reproduce this error as follows:

  1. Create a web page
  2. Enable SharePoint 2010 publishing feature
  3. Edit the page
  4. Turn off sharepoint 2010 publishing feature
  5. Try to again edit the page – errors generated

When you enable sharepoint publishing it creates several task and tracking lists to support publishing workflows and additional metadata for publishing pages. Once a page is edited it inherits this metadata and links to several lists. When you then disable Publishing, you experience the issues above because:

  1. It is expecting to find workflow-related lists for publishing
  2. It is expecting to find a tab control “Pub” that is used for workflow publishing. If it can’t find the tab, you get the javascript error “Pub” not found

To resolve this issue you need to either:

  1. Re-enable the publishing feature; OR
  2. Painfully recreate your pages

I chose the path of least resistance 🙂 As long as you don’t enable publishing workflows, enabling the the Publishing features shouldn’t affect your site. As a final cautionary note, you may need to enable the Publishing feature at the Site Collection Feature level as well as the Site/subsite level! It can be enabled at the site level, but disabled at the site collection level, which again breaks the publishing process.

SharePoint 2010 Content Deployment – System.NullReferenceException: Object reference not set to an instance of an object

November 8, 2011

Content deployment in SharePoint 2010 works fantastically well. Once it is working. Getting to the ‘working’ stage however is a path that can cause a lot of pain, not the least of which is getting a generic error!
My configuration for our SharePoint publishing farm is as follows:

  1. SharePoint central admin site (PUB01)
  2. 2 x SharePoint web front-ends serving content (WFE01 and WFE02)
  3. Radware load balance (LOAD01)

I’m mentioning these items because they impacted how my content deployment was not working, and also the resolution required.

What You Absolutely Need To Have

There is ample documentation on setting up Content Deployment, but from a high level you must have the following in place:

  1. Your source Central Admin website must be able to access the destination Central Admin website, including setting the destination CA to accept content deployment. This includes the IP address and port of course!
  2. The account you use to deploy content on the destination server must have the appropriate permissions
  3. Your source and destination farms must be the same SharePoint version (right down to the Cumulate Update if applicable!)
  4. The destination CA must have enough room to store the content in a temporary location (check hard drive space on the destination server that hosts the Central Admin site)
  5. The destination CA must have the Microsoft SharePoint Foundation Web Application service “Started” on the server (destination CA uses this to check IIS configuration – more on this later)

Content Deployment Process

Content deployment goes through several high-level stages when it deploys content:

  1. The Source CA packages up the content into one or more CAB files
  2. The Source CA pushes the CAB files to the Destination CA, which stores them in a temporary location
  3. The Destination CA validates the IIS site and destination site collection
  4. The Destination CA unpacks the cab files and individually pushes the content into the destination site collection

The import log file shows the results of the attempted import and will display any warnings or errors that occurred.

System.NullReferenceException: Object reference not set to an instance of an object

In my environment, this error occurs very quickly after the data has been transferred to the destination farm. I dialed up the ULS diagnostic monitoring by editing the Monitoring, “Configure diagnostic logging”, “Category – Web Content Management/Content Deployment” setting to Verbose. Your ULS log file will then show much more detail about the process, including whether the CAB content files are being copied up properly from the source to the destination CA. Look for entries such as:

Upload file 'C:\SPDeploy\1c8b92e5-975c-4d30-b38e-04c25975e2bb\ExportedFiles9.cab' succeeded

The “System.NullReferenceException” error occurs very soon after the final CAB file has been deployed.

The thing that tripped me up was the load-balanced url I had set up in the Radware load-balancer and DNS settings. My destination URL DNS entry was pointing to the load-balancer virtual IP address, which then load-balanced requests to my two web front-end servers. My suspicion is that the destination Central Admin content deployment process checks IIS to see if it is configured correctly, and because it is traveling via a virtual IP address it doesn’t resolve to a local IIS metabase entry. In the ULS logs I saw entries such as:

Saving CachingSettings for SiteUrl 'http://your.sharepoint.url/'

immediately followed by the dreaded:

Failed import operation for Content Deployment job 'Remote import job for job with sourceID = 409e7be7-7694-496d-8469-eb472e5070f6'. Exception was: 'System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.SharePoint.SPSite.PreinitializeServer(SPRequest request)
at Microsoft.SharePoint.SPWeb.InitializeSPRequest()
at Microsoft.SharePoint.SPWeb.get_AllProperties()
at Microsoft.SharePoint.Publishing.SiteCacheSettings..ctor(SPSite site)
at Microsoft.SharePoint.Publishing.SiteCacheSettingsWriter..ctor(SPSite site)
at Microsoft.SharePoint.Publishing.SiteCacheSettingsWriter.SaveCacheSettingsBeforeImport(String importSiteUrl)
at Microsoft.SharePoint.Publishing.Administration.ContentDeploymentJob.DoImport()'

I checked the “PreInitializeServer” code using ILSpy (an improved, and more importantly free, replacement for Reflector), which wasn’t doing anything particularly complex but does use the SPRequest object. My thinking at this point was that the CA was unable to connect to IIS – it possibly does an IIS metabase lookup to get configuration settings, and because it was being bounced to the load-balancer and then down to the web front-ends, this step was failing. This occurs immediately after the cab files have been uploaded to the destination server.

The fix I put in was to edit the “hosts.” file (C:\Windows\System32\Drivers\etc\hosts.) and add an entry for the CA destination server IP address against the URL I was publishing to. This forces the destination CA to use the local server instead of trying to go via the load-balancer. This won’t affect the content being served, the web front-ends are configured via the load-balancer, and the destination CA doesn’t actually participate in this process. If your destination CA is also a web front-end, this would also still work as the URL resolves properly anyway.

After I set up my hosts file and re-ran the content deployment, it all worked perfectly! At least, on this occasion 🙂

A second “fix” I have had to use is to create another host-header site collection on my destination CA. I didn’t need to use this new site collection – I just created a blank one (see powershell script below). I’m not sure what happens in the background, but when I next tried my content deployment, it immediately changed from FAILED to SUCCESS. It’s possible that the act of creating another site collection resets Something(tm) so that content deployment can connect correctly.

Additional Content Deployment Troubleshooting Tips

While trying to diagnose the problem I also came up against the following issues (in no particular order):

  1. When creating a destination site collection, do not add a template to the site. In essence, you are creating an empty site collection, not a site collection with the blank or blank internet template. This breaks content deployment. I use the following Powershell script to auto-create a host-header (multi-tenancy) site collection:
    $contentDbName = “Your.Database.Name”
    $webName = “Your web app name”
    $url = “http://your.url”
    # Get the web application
    $webApp = Get-SPWebApplication –Identity $webName
    # Create content database
    New-SPContentDatabase –Name $contentDbName -WebApplication $webApp
    # Create the site
    $contentDb = Get-SPContentDatabase –Identity $contentDbName
    New-SPSite –Url $url –OwnerAlias “DOMAIN\gavin.mckay” –OwnerEmail “gavin.mckay@domain.local” –ContentDatabase $contentDb –HostHeaderWebApplication $webApp

    The important point here is not to use the “-Template <template name>” parameter in New-SPSite. This will break content deployment and you will get a stack of errors about being unable to overwrite content. Deployment failure!

  2. If you recreate your site collection, you will need to delete your content deployment job and path from the source CA server. The destination site collection id is stored as part of the job/path, and if you recreate your destination site collection it will have a new id. Deployment failure!
  3. If you delete your content database and recreate it, you will have to do an IISRESET on your CA and web front-ends to get them to resolve properly. You will recognise this by trying to connect to the destination URL and getting the following in your browser:
    “HTTP/1.1 200 OK Server: Microsoft-IIS/7.5 Date: Tue, 08 Nov 2011 02:41:04 GMT Connection: close”
    SharePoint is confused. Deployment failure!
  4. If you have Office Web Apps enabled on your source site collection, but not on the destination site collection, you will get:’Microsoft.SharePoint.SPException’ : ‘Could not find Feature MobilePowerPointViewer.’
    Deployment failure! Use Site settings, Site collection features, to disable Office Web Apps in the source site collection, then start your deployment job again.
  5. “The exception thrown was ‘Microsoft.SharePoint.SPException’ : ‘Unable to import the folder _catalogs/fpdatasources. There is already an object with the Id <Guid> in the database from another site collection.'”
    Deployment failure! This seems to occur if you have previously had a failed content deployment for a new site collection/content database.
    Using your destination CA remove the content database then re-add it again. This will restore the previous empty site collection ready for content deployment.
  6. Warning “A minor version has been exported with no corresponding major version. It is possible that this item was unpublished then published again. If this item is meant to be published, publish a new version and export/import it again”
    This is reasonably straight-forward. Either indivudally (or via a batch job) publish a major version, or turn off major/minor version control for the list/library.
  7. Warning “Cannot revert to the site definition version of this file”
    Currently unknown how to fix this…
  8. Error “A file with the name [filename] already exists”
    Currently unknown how to fix this…

More Detail – What Happens in the Database

The Content Deployment jobs are stored in the source farm SharePoint_Config database. You can view the details in a SQL query via:

Select top 100

id

,classid

,parentid

,name

,status

,version

,properties

FROM [dbo].[Objects]

WHERE Properties like ‘%ContentDeploymentJobDefinition%’

The Properties field is an XML data string that defines the job information.

More Detail – What Happens in ULS

You can view more detail via ULS logging if you enable Verbose logging for the category “Web Content Management” / “Content Deploymet”. Using the ULS Log Viewer will then enable you to see more detail on the process.

After the SharePoint source server packages the deployment files into multiple .cab files, they are individually pushed across to the destination farm. Yo should see ULS entries similar to:

Name=Request (POST:http://destination.sharepoint.local:8080/_admin/Content%20Deployment/DeploymentUpload.aspx?filename=%22ExportedFiles1.cab%22&remoteJobId=%2240ae2be7-f6ee-44c5-a2f0-f456d272a731%22)

 

After all the CAB files have been pushed across, the source server creates a deployment job on the destination server

SharePoint 2010 Web Services 401 Unauthorised Error from InfoPath Forms Services

March 29, 2011

This is an intermittent error that kept appearing when we deployed an InfoPath form that used the GetUserProfileByName method in order to retrieve default profile information of the current user. It’s an amazingly useful function that instantly personalises the form itself and means users don’t have to retype information into a form that SharePoint should just “know”.

The error viewed in the SharePoint logs was:
Data adapter failed during OnLoad: The remote server returned an error: (401) Unauthorized.

and:
The following query failed: GetUserProfileByName (User: , Form Name: , … Type: DataAdapterException, Exception Message: The remote server returned an error: (401) Unauthorized. The remote server returned an error: (401) Unauthorized.)

Our setup is a two-node web-front-end SharePoint environment and we are using DNS round-robin load-balancing (I know it’s not “real” load-balancing but our hardware load balancers aren’t installed yet!). The point being that we have two web servers.

This issue occurs because of double-hop authentication. If you have two servers in your load-balancer and requests are not homed to the same server (i.e. instead of server1 requesting a web service from itself, it contacts server2 instead) then it is unable to pass your user credentials on to the other server. If you force the server to talk to “itself”, then it is able to use your credentials successfully and return the results from the web service.

The obvious solution is to fix load-balancing, but a workaround is to use the hosts file located at (NOTE no file extension on this file!):

c:\windows\system32\drivers\etc\hosts.

and add an entry on each server pointing to itself. For example, if you have two web servers, Server1 on 192.168.0.10 and Server2 on 192.168.0.11 your host file entry on Server1 would be:

192.168.0.10 your.sharepoint.address

and on Server2:

192.168.0.11 your.sharepoint.address

When each server makes a request to your.sharepoint.address, it will use the hosts file entry *first*, and always visit the correct IP address.

WARNING: Using the hosts. file in this way is supported by Microsoft, but can create issues for maintenance. Consider the case where you need to change the IP address for your server(s). You would need to ensure that the hosts file is also update to reflect the changes.

HOWTO Start the SharePoint 2010 Central Administration Service with PowerShell

February 2, 2011

I have two web front-ends in my SharePoint 2010 farm with Central Administration running on one of the front-ends. I was having some serious performance problems on the Central Admin-enabled server and wanted to start Central Admin on my other server. The Central Admin service is installed on all web front-ends by default, but is only enabled and started on machines you select.

The following PowerShell command will provide a list of all servers that have the Central Administration service installed, their status, and the Id (GUIDs have been changed ;):

Get-SPServiceInstance | Where-Object {$_.TypeName -eq 'Central Administration'}

TypeName Status Id
——– —— —
Central Administration Disabled 5E1FEB60-87FB-4CDB-9E2E-B8607F003C90
Central Administration Online 390085E6-009F-44E5-B6F7-8FD46CCB103F

I can now focus on just the web front-end with the Disabled Central Administration service by using the Id with the following:

Get-SPServiceInstance | Where-Object {$_.Id -eq '5E1FEB60-87FB-4CDB-9E2E-B8607F003C90'}

The service instance can be started using the following PowerShell command, again restricted to the Id of the service instance I want:

Get-SPServiceInstance | Where-Object {$_.Id -eq '5E1FEB60-87FB-4CDB-9E2E-B8607F003C90'} | Start-SPServiceInstance

This will start provisioning the service instance (note the Status below says “Provi…”), which usually means creating the Central Administration website on the web front-end and starting the central admin service instance:

TypeName Status Id
——– —— —
Central Administration Provi… 5E1FEB60-87FB-4CDB-9E2E-B8607F003C90

You can check the progress by continually entering the previous powershell command:

Get-SPServiceInstance | Where-Object {$_.Id -eq '5E1FEB60-87FB-4CDB-9E2E-B8607F003C90'}

until you hopefully get the status as Online:

TypeName Status Id
——– —— —
Central Administration Online 5E1FEB60-87FB-4CDB-9E2E-B8607F003C90

Microsoft FAST Search Administration – Unexpected error occurred while communicating with Administration Service

September 13, 2010

UPDATE: 6-Oct-2011 Added info on installing FAST certificate on SharePoint 2010 servers

I have a SharePoint 2010 Enterprise installation that is using Microsoft FAST for SharePoint 2010 to index Intranet content. The search content is working successfully and content is being returned, but trying to administer any of the managed properties or crawled properties always displays an error. The errors occur when I visit the Search Administration area for FAST property management:

  1. Open the Central Admin website
  2. in Application Management, Service Applications, select “Manage service applications”
  3. Locate your FAST Query search service application and click the manage link (i.e. click on “FAST Query SSA”)
  4. In the left-hand menu, under Administration, click FAST Search Administration
  5. Clicking any of the links on this page may show the error “Unexpected error occurred while communicating with Administration Service”

Further investigation does not provide much additional support beyond this error. The areas that I got errors for were:

Property Management
Managed properties
Crawled property categories

Property Extraction
Manage property extraction

Spell Checking
Spell checking management

Additionally, under the SharePoint site, Site Settings, Site Collection Administration, the following also gave the same error:

FAST Search keywords
FAST Search site promotion and demotion

There are a couple of areas to check.

SharePoint Application Pool Account Permissions on FAST Admin Servers

The Central Admin site application pool account requires permission to connect to the FAST admin web service on your FAST admin server. To resolve this:

  1. On your FAST admin server, check that you have a local security group “FASTSearchAdministrators”
  2. Add the active directory account for your central admin app pool to the local security group on your FAST admin server “FASTSearchAdministrators”

FAST Service Account Permissions on FAST Service Applications in SharePoint

The Central Admin service applications may require permissions to be allocated to the app pool accounts.

  1. Open Central Admin website
  2. In Application Management, Service Applications, select Manage Service Applications
  3. Hilight your FAST Search Connector service application and click the “Permissions” button
  4. Check that the FAST service account has “Full Control” permissions assigned
  5. Click “OK”

SharePoint Certificate Installed on FAST

Follow the instructions in Enable queries from Microsoft SharePoint Server (FAST Search Server 2010 for SharePoint) to ensure the SharePoint certificate used to communicate is trusted by the FAST admin web service. Note that it states “Configure claims authentication”, but I have had to do this on claims-based sharepoint sites as well as “classic” windows authenticated sites. Thus I believe this is a necessary step to remove this error.

FAST Certificate Installed on SharePoint

On installation, FAST creates a PFX certificate that is used to secure communication between the SharePoint server and the FAST Admin server. To install this certificate on your SharePoint server(s):

  1. Copy the script securefastsearchconnector.ps1 from the FAST Search Server 2010 for SharePoint server to the SharePoint 2010 Server. The securefastsearchconnector.ps1 script is in the installation folder, under installer\scripts\
  2. Copy the certificate file FASTSearchCert.pfx from the FAST Search Server 2010 for SharePoint admin server to the SharePoint 2010 Server. The certificate file is in the installation folder, under data\data_security\cert\
  3. Open a Microsoft SharePoint 2010 Administration Shell with the Run as administrator option on the SharePoint 2010 Server. Navigate to the directory where you copied the securefastsearchconnector.ps1 script and run it, replacing the necessary parameters with the values for your environment. The domain and username should reflect the details of the user running the SharePoint Server Search 14 (OSearch14) service.
    .\SecureFASTSearchConnector.ps1 -certPath "path of the certificate\certificatename.pfx" -ssaName "name of your content SSA" -username "domain\username"

When prompted to enter the certificate password, enter the certificate password that you supplied when you ran the post-setup configuration of FAST Search Server 2010 for SharePoint.