Tuesday, December 20, 2016

SharePoint 2013: An unrecognized HTTP response was received when attempting to crawl this item

I got this error message:
The start address http://somesite cannot be crawled.
Context: Application 'Search_Service_Application', Catalog 'Portal_Content'
An unrecognized HTTP response was received when attempting to crawl this item. Verify whether the item can be accessed using your browser.   (0x80041204)
The start address https://somesite cannot be crawled.
Context: Application 'Search_Service_Application', Catalog 'Portal_Content'
Item not crawled due to one of the following reasons: Preventive crawl rule; Specified content source hops/depth exceeded; URL has query string parameter; Required protocol handler not found; Preventive robots directive. (0x80040d07)

After recreating the search and different changes to the content sources and the typical missing permissions, the customer basically got stuck with this broken search. After taking a look at the settings and the web.config I found this:
<add name="X-Content-Type-Options" value="nosniff" />
<add name="X-MS-InvokeApp" value="1; RequireReadOnly" />

What does this do?
1. <add name="X-Content-Type-Options" value="nosniff" />
Every file will bring a MIME type with it, which can differ from the specified MIME type. Internet Explorer can check the files, if the files should be handled different and choose a different application or handling of the file. But this will also lead to a security issue, for example: you upload a modified JPEG with a script included, this JPEG could possibly start to run the code if handled the wrong way. Basically the script will get detected and because the MIME type detected by IE is different from the specified MIME type, IE will start to run the script.

2. <add name="X-MS-InvokeApp" value="1; RequireReadOnly" />
With InvokeApp the Internet Explorer can start an application (like Office) and hand over the URL to the application. The file only open in a read only state with "RequireReadOnly" set in this line.

It is fine to remove those lines if you are not running an external website in your SharePoint environment. As soon as you allow anonymous access, you should put those lines back in. But those lines will also create some issues with the search. Removing them fixed my issues.

Saturday, October 22, 2016

Windows Container: Create local user on microsoft/nanoserver

Last time I showed you on how to download Windows Container images, this time we will work with one of the containers!
First of all download the microsoft/nanoserver image: docker pull microsoft/nanoserver
Now run the image: docker run -it microsoft/nanoserver cmd
The command "cmd" will open a cmd box on your container. To add users open Powershell by running powershell.exe in this container cmd windows.
And now we can add new users by using this command:
Finally add the user to the Administrators group:
For verification, run this script:

Friday, October 21, 2016

Windows Container: hard links not supported with legacy writer

I got this error
How to fix this?
1. Stop the Docker service with Stop-Service docker
2. Remove the local file of docker (f.ex. C:\Program Files\docker)
3. Download and unpack docker again:
Invoke-WebRequest "https://master.dockerproject.org/windows/amd64/docker-1.13.0-dev.zip" -OutFile "$env:TEMP\docker-1.13.0-dev.zip" -UseBasicParsing
4. Unpack the files again:
Expand-Archive -Path "$env:TEMP\docker-1.13.0-dev.zip" -DestinationPath $env:ProgramFiles
5. Start the docker service again with Start-Service docker

You should be able to download images again!

Wednesday, October 12, 2016

SharePoint: Move the Central Administration

This is an easy one:

Run the SP configuration wizard on the new server (DEV02W2K3) and recreate the Central Administration site.
1. Select "Do not disconnect from the configuration database"
2. Select "Advanced Settings"
3. Select "Use this machine to host the web site"
Finish the config wizard run and your are golden. Your CA should have been moved to a new server.

Tuesday, October 4, 2016

SharePoint 2013: Search Usage Analytics threw an exception

A customer showed me a couple of errors from his ULS log:
UsageAnalyticsTimerJob-12417730-3f25-49fb-846b-e40d49878aad : Usage Analytics has not completed successfully the last 1497 hours.
UsageAnalyticsTimerJob-12417730-3f25-49fb-846b-e40d49878aad : Previous execution of the analysis failed (consecutive failed runs: 6).
UsageAnalyticsTimerJob-12417730-3f25-49fb-846b-e40d49878aad : Search Analytics has not completed for 63 days. Last completed at: 08/02/2016 00:10:04.
UsageAnalyticsTimerJob-12417730-3f25-49fb-846b-e40d49878aad : Failed to start Usage Analysis.
The Execute method of job definition Microsoft.Office.Server.Search.Analytics.UsageAnalyticsJobDefinition (ID 1a74d33a-370e-4dae-a19c-d798e435495b) threw an exception. More information is included below. An update conflict has occurred, and you must re-try this action. The object UsageAnalyticsJobDefinition Name=Usage Analytics Timer Job for Search Application GUID was updated by Domain\User, in the OWSTIMER (xxxx) process, on machine SERVERNAME. View the tracing log for more information about the conflict.
Update conlfict? That's an easy one, right? Just run the Config Wizard. Right?
No. I tried running the Wizard and ran into this error:
Failed to provision the SharePoint Central Administration Web Application. An exception of type Microsoft.SharePoint.Administration.SPUpdatedConcurrencyException was thrown. Additional exception information: An update conflict has occurred, and you must re-try this action. The object SPWebConfigFileChanges Name=WebConfigChanges - GUID was updated by Domain\User, in the powershell (xxxx) process, on machine SERVERNAME. View the tracing log for more information about the conflict. Microsoft.SharePoint.Administration.SPUpdatedConcurrencyException: An update conflict has occurred, and you must re-try this action. The object SPWebConfigFileChanges Name=WebConfigChanges - GUID was updated by Domain\User, in the powershell (xxxx) process, on machine SERVERNAME. View the tracing log for more information about the conflict.
Than maybe I could simply start the service manually and check on the Config Wizard later? Well, that didn't work either, same issues as before. So what was wrong? I was able to crawl and I was able to search for items, but analytics kept on bugging me.
Good ol' Windows was the cause of all this commotion. Something went wrong with the file system cache! I cleared the cache and the system started to work again, without those annoying errors.

1. Stop the SharePoint Timer Job on all the SharePoint Servers.
2. Go to this directory: %ALLUSERSPROFILE%\Microsoft\SharePoint\Config\
There can be multiple folders here, you will need the one with the Cache.ini file in it
3. Backup the Cache.ini
4. Remove all files except the Cache.ini
5. Open the Cache.ini and remove the content of that file
6. Start the SharePoint Timer Job again.

Please keep in mind, that you will have to do this on all SharePoint Servers. Ideally repeat those steps on every server while the Timer Job is deactivated.

Sunday, September 4, 2016

Windows Container

I wanted to try Windows Container for the second time now that it is out on Windows 10 (Anniversary Update). Great thing for me, I might be able to use it on my Surface Book on the go. Again, I went back to https://msdn.microsoft.com/en-us/virtualization/windowscontainers/about/about_overview, which is a good source to get things started. This time I was able to get docker up and running in no time, without any issues! This is a fantastic improvement over my last try on a Windows Server 2016 TP5. But still, the technical preview of the containers got it's issues, we will get to those in time.
First of all: Get docker running and download an images, I choose the nanoserver image:

And here you can see the installed images:

Finally I tried to run it and got this message:

My guess is: The images is broken, I tried the same thing with other images, like the windowsservercore image. And ran into the same issue.
So I still run into many issues, which is fine, in a way i guess, because it's a technical preview. But it is in a consumer end-product now and should work better than this. I will try to work with it again after the next Windows Updates, maybe it's a problem with my system.

Friday, September 2, 2016

SharePoint 2013: Content Type "Document Collection Folder" is sealed.

I created a new library to upload videos and encountered this error:

If you want to fix this issues, just activated the feature "Video and Rich Media":

Thursday, August 25, 2016

Re-certify MCSE: SharePoint

I had to get re-certified for SharePoint until December 2016, but decided to push through it now. There are two ways to do this:
- Take exam 383
- Re-certify through MVA
MVA is the Microsoft Virtual Academy, if you've never been there: Go check it out. It has a lot of videos that might help you while studying for different topics. Of course not every video is gold, so some have a very poor quality, but still deliver basic information and hints where to find more and deeper knowledge. And it's free.
Basically you can choose between paying 165 bucks (plus tax, plus going to one of those nice test centers) or sit at home and watch some videos for free. Guess what I did.

How do the two paths work?
Take exam 383
I didn't go through that process, but it is the same as always. Study for a test, got to a test center, pass or fail. How you study is up to you, where you study is up to you, but you will have to pay the exam costs.
Re-certify through MVA
That's the path I took and it is pretty straight forward. You go to https://www.microsoft.com/en-us/learning/recertification-virtual-academy.aspx and select the MCSE you want to re-certify, so you can see a list like this:
August 2016
The links will take you to collections of videos on https://mva.microsoft.com/. You will need to have a check mark behind every video or assessment or further information to pass. If you added the collections to a learning plan you can see your current status in your dashboard. But(!) you have to create a learning plan first (got to the MVA dashboard at the end you will find a button "Add learning plan"). So after a couple of videos and assessments, your dashboard might look like this:
You can send an email to the mail address (found here), currently you have to send your MCID, Microsoft Academy User Name and a copy of your transcript. Assuming everything is correct, it took a day until my re-certification was online. The re-certifications starts on the date you are sending the e-Mail, in my case I have to get re-certified by August 2019, maybe I should have waited until December.

Are there issues with the MVA system?
Of course, but it's free, so I'm more forgiving. You can take an assessment multiple times and fail until you have to go back to watch the videos. You will also not see what you did wrong, you will only see that you made a mistake in a certain question, which is more than you have in a test center! And that is the best part about the MVA system: You can actually see where you failed and take a deeper look into that.
But on the other hand there are still a lot of strange question where I was able to find the answer in the slide presentation, but it still showed up as failed. And I don't know why, because the system doesn't tell you which of the answers would be right or which of the answers (in multiple choice) are wrong. It makes it harder to study for, when you only know that something is wrong. It reminds me of my old math teachers, because they rarely explained what I did wrong, simply stated that I'm wrong. Maybe that's why I hate math till today... Still a better system than the test procedures you have to endure in test centers.

Use MVA again?
Yes. It's free, it works and it's better than the tests I took or the test centers I've been. Also there is a ton of information that you should check out.

Wednesday, July 27, 2016

SharePoint 2016: Remove Hybrid Connection to O365

This caused me some trouble! After configuring the hybrid connection in O365 by clicking "Hybrid configuration" (SharePoint Administration Center) the farm basically stopped working. Why? Because I was sitting behind some fire walls and TMGs and wasn't able / allowed to reconfigure everything. But how do I remove a hybrid connection? It took me a while, mostly because there is a lot of documentation still missing on this topic.
Under Application Management -> manage service applications you will find two new applications, which were added by the hybrid configuration wizard. One is called "ACS" and the other one is "SPO App Management Proxy". Simply remove both of them and you automatically remove the hybrid connection.

Monday, June 20, 2016

Windows Server 2016 Containers: Dockerd can't create a network

What are Containers?
Containers are pretty cool things, basically a virtual machine, but smaller and also faster deploy-able. You can run an application in your container, f.ex. a web application. If this application is buggy, unstable or has any other issue at all, only this container would be affected, not your host system und not other system. Kinda like a virtual machine, but munch smaller. Virtual Machines are normally used to host powerful web servers with multiple applications on it. Containers on the other hand are used for only one application at a time.
You can find more information over here: About Windows Containers
Also here's a link to a way longer explanation: Containers: Docker, Windows and Trends

Get Started!
To get started I followed the QuickStart Instructions (2 - Windows Server Quick Start) and everything went well until I was trying to register dockerd as a service (dockerd --register-service). It failed and I was not able to get why, because I followed the instructions, which are really easy. So instead of running it as a service, I thought that I could simply run dockerd when ever I need it. You know, just as a work-around. Well, that didn't work either, because I ran into a new error (Docker wasn't able to create a network). After a while I decided that I don't care about the network, I only wanted to try containers, so instead of running the dockerd as a service I ran this command.
In my Azure environment I had to run this script as an admin, but to keep it shorter and because I'm lazy this script will start a new PowerShell Window as an admin and will run the command 'dockerd -b "none"'. This will start the Docker Daemon without any network shenanigans. In some versions of Docker might happen that this command creates a bridge called "none".
The Docker Daemon will start, you will have to keep the PowerShell Windows running this command open. If you close it, you will not be able to use commands such as "docker images" or "docker search".
Aside from that issue, containers looks pretty cool. Hopefully I can get it for my Windows 10 very soon. Currently it's only available as an Windows 10 Insider Build (14352 and up) and in Windows Server 2016 Technical Preview 5.

Wednesday, June 15, 2016

Hyper-V: No Internet access in a virtual machine

I was trying to install a small development environment on my Surface Book and of course I wanted to use Hyper-V for that. I got Windows Server 2012 and a SQL Server 2014 setup in no time and was actually surprised how well the virtual machine was running... Until I wanted to install the SharePoint PreReqs and realized I had no Internet access. I hope someday, virtualization software will come with one simple button: "Share Internet from Host? Yes/No". But until then, we will always have to work around some restrictions. Those restrictions make sense in a business / company sense, but not for small development environments on notebooks.

So here's how you will get Internet access!
1. Open your Hyper-V Manager
2. Go to the Actions pane and select Virtual Switch Manager
3. Select an existing switch or create a new virtual switch
4. I you created a new switch, choose a name. In any case you will have to select External network under Connection type. Save your changes!
5. Go back to your Hyper-V Manager and select your VM. Change the Network Adapter to your newly created switch and your done!

Friday, April 29, 2016

SharePoint 2013: Change the People Picker to allow multiple domains

This is an easy script to change the people picker if your organisation has multiple domains.
For example, if you have one forest (sprocks.io) and a domain (sprocks.us) in your organisation, the script would look like this:

Add-PSSnapin Microsoft.SharePoint.Powershell -EA 0

stsadm -o setapppassword -password FARMACCOUNTPW
stsadm -o setproperty -url http://centraladminurl -pn "peoplepicker-searchadforests" -pv "forest:sprocks.io;domain:sprocks.us,USERNAME,PASSWORD"

It is important to note that USERNAME and PASSWORD belong to a user that has access to both domains and is allowed to search them.
Also you will have to run "Add-PSSnapin Microsoft.SharePoint.Powershell -EA 0" to use stsadm commands in PowerShell.

Monday, March 14, 2016

SharePoint: Install Language Packs with AutoSPInstaller

AutoSPInstaller will unfortunately not allow you to use the *.exe files you can download from Microsoft. Instead you will have to extract the files with the following command and copy the files to "\SP\20xx\LanguagePacks\xx-xx".

Friday, February 26, 2016

SharePoint: Get Quotas via PowerShell

I wrote a little script to get Quotas of specific Site Collections.
First of you will need this file:
This will simple accept an array of Site Collections. Simply add the Site Collection to the array like this:
$siteCollections = ("http://sprocks.io/sites/TeamSite", "http://sprocks.io/sites/ProjectSite")

This file will call a function in the module: It is important to not that you should not edit the existing code, because otherwise it might not work. It is also designed in a way, that you can call this module / the function included in any other .ps1 as long as you provide the parameters needed. In this case it is simply a list of Site Collections.
I think is pretty self explaining, but just a few word:
- If the Quota is 0, then there is no Quota and you will get the message "no Limit"
- If you storage is 0, no files or data is stored
- If the Quota is greater than 0 and the storage is greater than 0 you will a usage in percentage

At the end you will get a .csv called "SCQuota.csv".

Monday, February 8, 2016

Kerberos Configuration with PowerShell

I had to configure Kerberos, SPNs, Delegations and what not for a SharePoint BI Installation without being able to connect to the AD or being able to give more complex instructions. In short: I had to give a script to the AD admins. Mind you: This is still a work in progress, so changes might come (or not).

I wrote a function to set SPNs, delegation and allow unconstrained Kerberos delegation:
I put my code in this extra file to keep it safe in a way. An admin won't need to take a look at the file to change it, because all changes are made in this file:
You only need to change the values after "set-kerbuser", remove or add new users and servers. Here are some examples to help you fill out the code:
Example for Domain: "SP"
Example for HTTP/DNS-Value: "HTTP/sprocks.io"
Example for SP/ACCOUNT: "SP/spfarm"
Example for SERVERNAMEFQDN: servername.domain.com
Clarification: Account names for Instances in this case are named after the Instance, but they don't have to be

You have to add the trust delegation to the accounts, f.ex. Excel is supposed to trust the relational instance, so the code would look like this:

All you need is the identity / account name and the servers you want to delegate trust with. In this case tried to keep it as simple as possible, that's why I'm using an unconstrained delegation.
You can find both scripts in my GitHub -> https://github.com/pkothree/KerberosForSharePointBI.git

Sunday, February 7, 2016

SharePoint 2013: Content Plugin can not be initialized

I found this error in my Event Logs:
And no, that was not all. The error was suppressed a couple of hundred times. Every 5 minutes I got an error like this:

How did I solve that? Well, not that easy, but I will give you a couple of possible solutions!

1. Check your .Net Versions
You can the script I found here.

2. Check the folder permissions
You will have to check the permissions of the folder where your search is supposed to be working. Use this script if you don't know where to look: The local groups WSS_WPG and WSS_Admin_WPG need Full Control for that directory.

3. Search might be broken
Yeah, the Search is a little troublemaker sometimes. Just create a new search and be done with it.