Calling all SharePoint Admins: Have you patched your servers?

On May 11, 2019May 12, 2019 By Manoj V KarunarathneIn SharePoint, SharePoint 2010, SharePoint 2013, SharePoint 2016, SharePoint ServerLeave a comment

A critical vulnerability of SharePoint Server has been identified which could lead to potential hacking.

Many enterprises use Microsoft SharePoint as the prime collaboration and content management platform and there are still a significant amount of SharePoint on-premise deployments across the world. This alert for the admins who manage on-premise deployments which you better take seriously and act fast.

A critical security vulnerability identified as CVE-2019-0604 | Microsoft SharePoint Remote Code Execution Vulnerability which behaves as explained by Microsoft below.

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected versions of SharePoint.
The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.

Critical: It is highly important that you follow the table below and update your servers accordingly. As of now, Microsoft have not identified any Mitigation facts or Workarounds for this issue, however, the list of security updates shall keep your server away from the vulnerability.

CVE-2019-0604 (Critical)

SharePoint Updates

And, following links shall help you on patching servers.

2016: https://docs.microsoft.com/en-us/SharePoint/upgrade-and-update/install-a-software-update
2013: https://docs.microsoft.com/en-us/SharePoint/upgrade-and-update/software-updates-overview-for-sharepoint-server-2013

A great bunch of new features coming soon for SharePoint Modern Experience !

On January 26, 2019January 26, 2019 By Manoj V KarunarathneIn Contribution for SharePoint Community, Free tool for SharePoint, SharePoint, SharePoint APPS, SharePoint Knowledge, SharePoint Online, SharePoint OOTB Features, SharePoint Search, SharePoint ServerLeave a comment

SharePoint product team just revealed news about a fantastic set of modernization features which are planned to release in the 1st quarter 2019. Microsoft been aggressively improving the user experience of SharePoint, OneDrive, in fact the whole Office 365 umbrella for the past few years.

Some of these features are brand new while some are updates for legacy SharePoint capabilities. Nevertheless, each of them looks cool and would definitely great to have. The best thing everyone love about Office 365 is, there is no additional cost for any of these updates. Let’s find out what we are going to get soon.

Bulk Check In/Check Out

Microsoft previously released bulk edit for list and libraries and now with this update you will have the ability to check in/out multiple records/documents at once. Have a look at the following screenshot comes from Chris MacNulty.

Document Sets

Document sets group related documents together with shared metadata, routing and visual experiences. They’ve been available in classic mode previously, and now you can work with them in the modern experience starting March 2019 onwards.

Signal Icons

Isn’t that cool when you have a nice visual cue right next to each file as the status? Here are the new list of status signals that you will soon be able to see in your tenant. There will be more signals and the best news is its not going to just limit to SharePoint but also will be available on OneDrive, Teams, and Office Clients too. Wait no longer than February !

Column Totals

Custom views allow you to add calculated fields, such as totals or averages, to the footer of a group or the entire list. Now, totals will display in the modern view without forcing users back to the classic interface. Totals will also show in the modern web parts for lists and libraries.

Sticky Headers

SharePoint is known to have large repositories. Large lists and libraries always takes a scroll vertically and horizontally. With Sticky headers, you will have the column headers pinned at the top of the scrolling window so it helps you identify list values as you move vertically and horizontally through the view. And ! column headers will also remain in place inside the list/library web parts across any page you have added them.

Add Columns In-between Column

Soon you will be able to add a column in between another columns which cuts off the time it takes to reach the end of the column headers. Again, this will help a lot in wider lists/library views where you have lots of columns added in to. Just hover you mouse on the edge between two columns and you will immediately notice the (+) icon.

Column Drag and Drop

Guess what! You don’t have to dig in and modify the views anymore. Moving a column within a list or a library, simply drag it and drop to where you want it to be. Easier right ?

In a quick note: Microsoft always commits to deliver efficiency, reliability and usability across all products. Feel free to raise you voice if you have any idea you think worth actioning here – https://sharepoint.uservoice.com/forums/329214-sites-and-collaboration

Images: Microsoft (original post is here)

Keep it simple: Adding bulk set of users to a SharePoint Group using REST API

On September 5, 2018February 4, 2019 By Manoj V KarunarathneIn SharePoint, SharePoint 2013, SharePoint Knowledge, SharePoint OOTB Features, SharePoint Server, SharePoint Server 2019Leave a comment

Large enterprises always require bulk operations to make things faster and easier. Recently I faced a situation where hundreds of users needed to be added to SharePoint Groups. This is a time consuming task in large SharePoint setups when you have to manually add users one by one. No ! Manual approach isn’t going to work for such things.

REST API in SharePoint can be used in this scenario to cut down the efforts and time from hours or even days to few seconds. with this post I will discuss the way I achieved this goal so that you can follow me if you are in such a situation.

Background: I have an excel sheet filled with all required users with the UserName column. This excel spreadsheet is uplaoded to the SiteAssets library. This code will be looking at this library and read the excel sheet to pick the users from it. Simple as that !

Change the site URL attribute’s value to reflect yours and you are good to go



var i;
var l;
var a1;
var user;
var spGroup;
function AddUserFromExcel()
{
l=1;
var Excel;
Excel = new ActiveXObject(“Excel.Application”);
Excel.Visible = false;
for(l=1;l<3;l++)
{
a1=Excel.Workbooks.Open(“http://mantososp/SiteAssets/Users.xlsx?Web=1”).ActiveSheet.Cells(l,1).Value;
var a4=”Domain\\”+a1;
var clientContext = new SP.ClientContext.get_current();
var web=clientContext.get_web();
var siteGroups = clientContext.get_web().get_siteGroups();
spGroup=siteGroups.getById(4990);
user=web.ensureUser(a4);
var userCollection=spGroup.get_users();
userCollection.addUser(user);
clientContext.load(user);
clientContext.load(spGroup);
clientContext.executeQueryAsync(onQuerySucceeded, onQueryFailed);


function onQuerySucceeded()
{
alert(‘success’);
}
function onQueryFailed()
{
alert(‘Request failed.’);
}
}
}



var i;
var l;
var a1;
var user;
var spGroup;
function AddUserFromExcel()
{
l=1;
var Excel;
Excel = new ActiveXObject(“Excel.Application”);
Excel.Visible = false;
for(l=1;l<3;l++)
{
a1=Excel.Workbooks.Open(“http://mantososp/SiteAssets/Users.xlsx?Web=1”).ActiveSheet.Cells(l,1).Value;
var a4=”Domain\\”+a1;
var clientContext = new SP.ClientContext.get_current();
var web=clientContext.get_web();
var siteGroups = clientContext.get_web().get_siteGroups();
spGroup=siteGroups.getById(4990);
user=web.ensureUser(a4);
var userCollection=spGroup.get_users();
userCollection.addUser(user);
clientContext.load(user);
clientContext.load(spGroup);
clientContext.executeQueryAsync(onQuerySucceeded, onQueryFailed);


function onQuerySucceeded()
{
alert(‘success’);
}
function onQueryFailed()
{
alert(‘Request failed.’);
}
}
}

Fix: SharePoint blank site template gone missing

On July 1, 2018February 4, 2019 By Manoj V KarunarathneIn SharePoint, SharePoint 2013, SharePoint 2016, SharePoint Knowledge, SharePoint OOTB Features, SharePoint Server, SharePoint Server 2019Leave a comment

We used blank templates back in SharePoint 2010 days for various reasons but it isn’t there anymore as being hidden from 2013 onwards. As in this screenshot, when you open up Central Administration and try to create a Site Collection, “Blank Site” Template will not be visible in SharePoint 2013 or later versions.

Nevertheless, worry no further as this article will demonstrate the way to get it back just in case you badly need it. Just follow the steps (recommended to try in a test setup before you have it in production environment).

There are two ways to enable it again.

Method A:

This is a permanent change which allows you to use this template anytime. However, you can revert it back if not necessary. Find this folder in your SharePoint Server/s – C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\TEMPLATE\1033\XML

Then from there, open up WEBTEMP.xml file from the notepad and search for this tag line.

You can clearly see the Hidden attribute has been set to TRUE here on the 1st line. Make it back to “FALSE” and the tag should now look like below.

Save the changes and close the file then do a IIS reset on the target server/s.

Method B:

You can use PowerShell to create a site using Blank Site template as well. This is a temporary method where you just use the hidden template by calling it without seeing it in the “Create new site” choice list, and, you have to use PowerShell to provision the site.

Add-PSSnapin “Microsoft.SharePoint.PowerShell”

Get-SPWebTemplate

$template = Get-SPWebTemplate “STS#1”

Then run this: It will simply create a brand new site collection using the “Blank Site” template for you. There is no need of changing the backend if you choose this way, however, there’s no UI to get this done.

New-SPSite -Url “http://mantosospfarm/sites/NewSiteName” -OwnerAlias “Mantoso\SP_Admin” -Template $template

Azure AD App Only Authentication

On June 1, 2018January 28, 2019 By Manoj V KarunarathneIn Azure, Azure AD, Micrsoft Azure, Office 365, SharePoint APPS, SharePoint Online, SharePoint Shell, SharePoint UpdatesLeave a comment

In a simple way, App Only authentication is the ideal method if you want to execute a task by daemon. This allows you to execute some code without the permissions of a user or without an auth token of a user.

As part of a series of articles, idea of this 1st post is to give you an basic fundamental understanding on creating an Azure AD App and grant permissions for this App to communicate with SPO.

let’s get this started. Simply head on to your Office365 home page and switch to Admin Centers. From the left pane, click on “Azure Active Directory”. From Azure AD, search for “App Registrations” and click “Add new application registration” link.

A new application interface will pop-up for you. Enter a name, Application type and Sign-on URL and click “Create”. Sign-in URL can be any and it also can be amended later to reflect a different one. A future post will discuss this again on what sort of URLs are used here.

Once the app creation done, you will be given with the app ID and other details related to it.

Next- Select Settings –> Required permissions and Add

In this case the API going to be SPO. You can choose the right API based on the requirement.

Next, hit “Grant Permission” button on the required permissions tab to provide none-tenant admin user access the application.

A self-signed or public (commercial) certificate must be provided now and then update the Azure AD manifest accordingly.

Following PS can be used to provision the certificate but ensure you have installed OfficeDev PnP PowerShell.

$certroot = 'C:\Site Creator'
$certname = "IntelAi-Cert-1"
$password = ConvertTo-SecureString "P@$$w0rd" -AsPlainText -Force
$startdate = Get-Date
$enddate = $startdate.AddYears(4)
makecert.exe -r -pe -n "CN=$certname" -b ($startdate.ToString("MM/dd/yyyy")) -e ($enddate.ToString("MM/dd/yyyy")) -ss my -len 2048
$cert = Get-ChildItem Cert:\CurrentUser\My | ? {$_.Subject -eq "CN=$certname"}
Export-Certificate -Type CERT -FilePath "$certroot\$certname.cer" -Cert $cert -Force
Export-PfxCertificate -FilePath "$certroot\$certname.pfx" -Cert $cert -Password $password -Force

Following line will copy a string to your clipboard

Get-PnPAzureADManifestKeyCredentials -CertPath 'C:\Site Creator\IntelAi-Cert-1.cer' | clip

Following is how the copied string would look like. It has to be added to the manifest file of the Azure AD application.

"keyCredentials": [
 {
  "customKeyIdentifier": "5lca+kziogw7T6MB4kUrxseK5m8=",
  "keyId": "84153f1a-90b7-4802-b99a-bb75d4f9a35b",
  "type": "AsymmetricX509Cert",
  "usage": "Verify",
  "value": "MIIDAjCCAe6gAwIBAgIQkawCJU0cWYxH8RamKNuqqTAJBgUrDgMCHQUAMBkx
 }
],

Select your application under app registrations in Azure AD. Replace the “KeyCredentials”:[], section, as shown below.

Now this can be tested whether the application has required permissions to connect to the SharePoint Online site. For the ClientID, you need to provide application ID of the app you have created.

$password = ConvertTo-SecureString "P@$$w0rd" -AsPlainText -Force
Connect-PnPOnline -Url https://site.sharepoint.com/ -ClientId 0c01f61e-ba27-4ae7-ab19-174884a949fc -CertificatePath 'C:\Site Creator\Site-Cert-1.pfx' -CertificatePassword $password -Tenant intelai.onmicrosoft.com
$myWeb = Get-PnPWeb
$myWeb.Title

DISCLAIMER NOTE: This is an enthusiast post and is not sponsored by Microsoft or any other vendor.

SharePoint Designer Error: InfoPath Cannot Save the following form, document library was either renamed or deleted.

On May 19, 2018February 5, 2019 By Manoj V KarunarathneIn SharePoint 2013, SharePoint Designer, SharePoint Designer 2013, SharePoint2016Leave a comment

You might think how this could happen when you can simply access the library and open items inside it but just unable to publish the form via InfoPath designer. This isn’t related to library or SharePoint configurations at all.

If you are running SPD on a Server operating system, one single feature called “Desktop Experience” could be missing there and installing that will solve this for you.

Resolution: Install Desktop Experience if you are opening SPD on a Windows Server

Open up Server manager and proceed to “Add Roles and Features” wizard. Under the User Interfaces and Infrastructure category, select Desktop Experience component and proceed to install it.

Close SharePoint Designer and Open again. You should be able to publish the form without any issue now.

SharePoint Multitenancy – BCS and Secure Store Service applications are not appeared in the tenant admin portal

On July 25, 2017July 25, 2017 By Manoj V KarunarathneIn SharePoint, SharePoint 2013Leave a comment

When your developers asking for BCS to be configured and If you do not see any links for BCS and Secure Store Service applications under your tenant admin portals, it’s quite normal. That not necessarily mean the Multitenant concept is not supporting BCS or SSS in partitioned mode. When the initial scripts are executed to perform service application creation, these two applications are also provisioned. However the linking is not done.

As per Microsoft:

Business Data Connectivity service

Once configured in partition mode, all configuration of the Business Data Connectivity service moves to tenant administration. However the Tenant Administration site template does not include the link to this page, which can be added using the customization technique in the Extending the Tenant Administration site template section

Secure Store service

Once configured in partition mode, the generation of encryption keys remains a farm level configuration performed either via Central Administration or Windows PowerShell. The remainder of the Secure Store service configuration moves to tenant administration. However the Tenant Administration site template does not include the link to this page, which can be added using the customization technique in the Extending the Tenant Administration site template section.

Spencer did a wonderful job with his detailed explanation to Multitenancy http://www.harbar.net/articles/sp2013mt.aspx. Thanks to this great series of article, I was able to setup a comprehensive farm for one of the government agency in Asia which has over 30 tenants. Nevertheless, it doesn’t seems to cover this particular problem.

There is a solution in CodePlex for this, but I didn’t attempt to try as it involves a deployment in the servers- https://fixmultitenantissues.codeplex.com/

Let’s find a way out of this.

It’s possible to extend the tenant admin portal template to perform certain things such as adding a new link, removing a link etc.. But where are these links? If we have them, we can at least try to configure BCS and see if that functions well under partitioned mode, right?

Well, they are there!

You can find the SSS and BDC Application pages in the resource folders under the following path. These folders contain the pages used in these two applications. Finding these allows us to test the Business Data Connectivity Service functionality and embed the URLs to the tenant admin portals by extending the site template.

SSSvc folder contains the following items inside. Just copy the path and the page name at the end. The path would be “http://tenant.domain.net/admin/_layouts/15/sssvc/TA_ManageSSSvcApplication.aspx”

Then BCS. Go to BDC folder and check if it has the following set of files. Path for that would be “http://tenant.domain.net/admin/_layouts/15/bdc/TA_ViewBDCApplication.aspx”

Copy both these URLs to a notepad.

Now let’s add these links in to Tenant admin portal. For now we are adding these in to the left navigation so that if everything works well we can extend the template and add the links globally and permanently.

Open up the tenant admin portal and simply go to Site Settings –> Quick Launch, under the Look and feel section

Add new headings respectively

They should appear in the left panel right away.

Click on each, and you should be able to open up the applications now.

If everything goes well, you can go ahead and extend the layout templates. The following feature definition shows how to add a new group, several links, and remove the link to the Manage Site Collections page. Doing this allows us to globally enable the links across all tenant admin sites at once.

Full details of extending the template is described in this TechNet article https://technet.microsoft.com/en-us/library/dn659286.aspx?f=255&MSPPError=-2147217396

Sorry Something Went Wrong: SharePoint 2016 Farm Configuration Wizard Failed with timeout during services provisioning

On January 18, 2017 By Manoj V KarunarathneIn SharePoint 2010, SharePoint 2013, SharePoint Server, SharePoint2016Leave a comment

The Error says it all, SharePoint could not provision the farm configurations within the given timeframe and it pops up the timeout. End result is, no services or applications provisioned. Below is a result from the very first application server was trying to provision my SP2016 farm on production.

You may have successfully installed prerequisites and product but this error could occur during your next step which is product configuration and service app (farm configuration) provisioning if you have a weak bandwidth for inter server communication. No matter how robust your servers are, the network could screw it all with a low bandwidth.

Try to ping across the servers and ensure you have a steady line from WFE to Intranet and Database Servers. Below sample is from one of my deployment which was failed with above error due to lack of bandwidth from APP server to Database just because the customer was having legacy network equipment and cabling (It was lower than 50 mbps given for SharePoint VLAN).

This is also can affect during Product configuration. That means the connection between your Database server to Application Server is worst, not only for SharePoint but anything rely on network connectivity will surely not perform well.

Or even hangs on 3rd stage unusually (normally this stage takes 10 min max, at my case it was more than 30 which is hilariously abnormal)

Its mandatory to have a good (at least 1gbps, 10gbps is ideal) network connectivity across all SharePoint, OWA and Workflow Manager Servers.

Hardware requirements for SharePoint 2016 – https://technet.microsoft.com/en-us/library/cc262485(v=office.16).aspx

Some List Fields Invisible in Edit/View Forms after Migrating to Office 365 SharePoint Online

On May 10, 2016June 2, 2016 By Manoj V KarunarathneIn Office 365, SharePoint, SharePoint 2013, SharePoint OnlineLeave a comment

We did a Portal Migration from On-Premise SharePoint to Office 365 SharePoint online. and all went well except few issues raised by end users as they supposed use this portal for many workflows and other automations.

First issue is that some of the fields are invisible in Edit/New Forms when editing or creating records in most of the lists. All these were well functioning in On-premise SharePoint 2010.

These fields were seen in any views (Custom/All Items) too but not in Edit/View Forms.

Enabling “Content Types” from List Settings –> Advanced Settings and then Looking at the Content Types under the List Settings, there were only one Content Type which is Default “Document” Content type and clicking on it showed only two fields added to it. So this is the Point !

Document Content Type is the default Content Type here and the custom fields were not added to it. This is the cause of the issue.

Simply Adding the necessary Fields in to this Content Type would save our day.

And Yes, the Forms then appeared to contain all the fields it supposed to have.

Unable to Delete a SharePoint 2013 Web Application

On April 4, 2016May 20, 2016 By Manoj V KarunarathneIn SharePoint, SharePoint 2013, SharePoint Foundation 2013Leave a comment

An object of the type Microsoft.SharePoint.Administration.SPIisWebsiteUnprovisioningJobDefinition named “Unprovisioning TEST-PROD“already exists under the parent Microsoft.SharePoint.Administration.SPWebService named “”. Rename your object or delete the existing object.

A Long text error when you simply trying to delete a web application is something you won’t expect.