Anonymous Users are Prompted for Authentication – SharePoint Public|External Sites

SharePoint now becomes a global role player for Public Sites. Bunch of cooperate companies trusts SharePoint in Terms of Security and Privacy so this is the golden age of SharePoint.

I’m assisting on a Multitenancy Environment of SharePoint for Public Sites hosting for one of my client. Suddenly one Site got a issue that anonymous users are prompted for credentials after hosting and configuring everything.

If you have a public web site you might have the ViewFormPagesLockDown feature turned on. Functionality of this is to restrict anonymous users of accessing Pages inside Libraries "Forms" Folders. You can read more about Planning security for External anonymous access environments which elaborated in details here – http://technet.microsoft.com/en-us/library/cc263468.aspx

Below steps is just to make others aware on a workaround carried out to resolve. Just try it out.

1. Open up cmd and run below line from your SharePoint APP Server

2. Paste the Path to STSADM –

SharePoint 2013 – "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\BIN"

SharePoint 2010 – "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\14\BIN" and hit enter

3. Edit below line up on your environment and hit enter

stsadm -o deactivatefeature -url “<site URL>” -filename ViewFormPagesLockDown\feature.xml – This will Deactivate the Lock down feature

4. Now go ahead and toggle the anonymous permissions for your Site through "Site Action –> Site Settings –> Site Permission". Set it to "None" from "Entire Web Site". Hit Ok and edit it again, this time set it back to "Entire Web Site" from "None" (Vise versa)

5. We can now activate the feature. Run the below line to get it back.

stsadm -o activatefeature -url “<site URL>” -filename ViewFormPagesLockDown\feature.xml – This will Deactivate the Lock down feature

E.g. Figure

clip_image001

  1. That’s it and try to access now anonimously.
Advertisement

Grant Permissions for SharePoint User Profile Service Accounts – Replicate Directory Changes

If you have Installed SharePoint Server with Active Directory Authentication, one of the greatest benefit is that you will get a central place for all your objects management such as Users/Addresses/Records etc.. In SharePoint it’s cool feature that you can simply synchronize all AD Users in to SharePoint and manage them centrally from AD but can be also synchronized those changes in to SharePoint User Profile application where everything kept up to date. For this you have to get the User profile Service application created. This post I’m writing because it is not only to create the service application but you have to delegate some level of permission to User Profile Service application Account (Identity) in order to replicate all the changes from AD. SharePoint will have the service application but If you have not done this delegation, service application won’t be able to replicate objects/changes from AD.

So let’s start this and make our UPS guy functional. For the whole thing you will need to deal with AD only as nothing to be done from SharePoint if you have already created service application and created service connection to you AD.

    1. Launch the Active Directory Users and Computers. Right click on your domain and Click "Delegate Control"

    clip_image001

    1. It will open up below windows and simply hit Next to proceed.

    clip_image002

    1. Add Relevant Service Accounts

    clip_image003

    1. Choose "Create Custom Task to Delegate" at below window

    clip_image004

    1. Choose "This Folder, Existing objects in this folder, and creation of new objects in this folder" (option 1) in below window.

    clip_image005

    1. Under General Category Select "Replicate Directory Changes" and hit Next

    clip_image006

    1. Click "Finish" to complete

    clip_image007

    1. Now launch the ADSI in edit mode by typing "adsiedit.msc" at "Run" as shown below

    clip_image008

    1. It will open up below Interface and from there expand the Configuration and right click on Configuration container and go to properties as shown

    clip_image009

    1. Direct to Security Tab from there and add the service accounts with Replicate Directory Changes Permission Level

    clip_image010

    1. Click Ok to close the window and close the ADSI to complete.

SharePoint Farm Upgrade Fails – Configuration of SharePoint Products failed. Configuration must be performed before you use SharePoint Products

Had an issue In a Staging Environment at one of my client. I have installed August 2013 Cumulative package at SharePoint 2013 Staging Environment which is an basic single server setup. Tried several times through Configuration wizard and also PowerShell (PSConfig.exe –cmd upgrade –inplace b2b –wait –force) but no luck, continuously getting this error.

saying – " Configuration of SharePoint Products failed.  Configuration must be performed before you use SharePoint Products.  For further details, see the diagnostic log located at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS\PSCDiagnostics_3_9_2011_14_18_42_272_416955813.log and the application event log. " in Both Wizard and Powershell.

Finally carried out below steps in order since it was suggested by someone on web.

  1. Run This on CMD – “ stsadm -o setproperty -pn command-line-upgrade-running -pv Yes “ (more here – http://technet.microsoft.com/en-us/library/cc288357(v=office.12).aspx)

clip_image001

  1. IIS Reset
  2. Then Run "PSConfig.exe –cmd upgrade –inplace b2b –wait –force"

Above steps has saved the day of lot of people out there but For me it was worst since still the same error come out. Now in to the Wizard again. This time wizard bought a trick saying that one of my Web Application has Web.Config missing in IIS root folder at inetpub. When I dig in discovered that one web application missing it’s web.config file inside. Without waiting anymore, just removed the web application from the farm as luckily it was just a testing web app (investigation to be continued on who banged of the web.config )

After Removal of the Damaged Web App (Database still remains as it is in DBS) ran the Wizard again just to check. And yes It’s gone smoothly this time.

imageclip_image002clip_image003

So if you face an similar kind of a scenario just check basic stuff first step by step if your Event viewer/SharePoint Log doesn’t contains much details on the occurrence.

  1. Detach Databases from Web Applications if you have any migrated Web applications/Site Collections from any previous version of SharePoint and then run the upgrade
  2. Custom Solutions also pops out these kind of issues. Even I have faced several times
  3. And there may be damaged Web Applications in farm such as my scenario here (mostly Event viewer and SP Logs really helps)
  4. Also sometimes after installation of CU/Service pack Wizard does not just become success in first run. If you prefer Wizard, just run it once again. I would recommend Shell Command (above) for this as it’s more reliable.

Failed to create a database. An exception of type System.Data.SqlClient.SqlException was thrown. Additional exception information: Could not find stored procedure ‘sp_dboption’. – Error Occurred when Installing SharePoint 2010 in SQL 2012.

got a new server for my Test environment and started creating a lab of SharePoint 2010 in it with SQL Server 2012 R2. everything went smoothly until I start Configuration Wizard. It came to the 3rd Level and Error Occurred suddenly saying – Failed to create a database. An exception of type System.Data.SqlClient.SqlException was thrown. Additional exception information: Could not find stored procedure ‘sp_dboption’.

image

After thinking a while realized that my setup was just SharePoint 2010 RTM which is None SP. since my lab is brand new thought of trying on installing SP1. just downloaded and installed the SP1 for SharePoint 2010 and started the wizard again.

Everything Gone perfect after SP1. further when reading understood that it’s must to have SP1/above for SharePoint to install in SQL 2012.

Download SharePoint SP1 here – http://support.microsoft.com/kb/2460045

All SharePoint Updates are here – http://technet.microsoft.com/en-us/sharepoint/ff800847.aspx

Integrate Search Server 2010 Express with SharePoint Foundation 2010 – Get the Maximum out of Foundation Functionalities

Empowering your SharePoint Foundation farm through an readily available Add-on which will make more worth of continuing is the prime goal of writing this article.

Note : This Testing has been carried out in SharePoint Foundation 2010 with SP2 and Search Server Express 2010 Full version which was functioning as expected. 

Advanced Search was one of the most utilized feature in SharePoint 2010 for me in last few years in my SharePoint Experiences. 70 % of our projects I have used Search Solutions for my clients. however though we have enterprise clients across the world, there are lot of medium and small level clients as well so having SharePoint Enterprise or standard may block their interest of SharePoint in Financial Perspective so still there are considerable number of organizations across the globe which are using SharePoint Foundation/WSS 3.0.

thought of writing this after one of my testing carried out to discover the power of Search Server Express 2010 which can be integrated with SharePoint foundation 2010. the objective is to discover the capabilities of Search Server Express with SharePoint Foundation 2010 which would be helpful for the foundation crowd out there.

as you already know, Foundation edition of SharePoint does not capable of providing customizable searching or it’s interface since there is no Search Application as it is embedded with an windows service so the whole thing is automated (Schedules/Content Sources/File Types etc..). no wonder that this is Foundation but you can keep faith on yet an extremely good news which is Search Server Express 2010.

Search Server Express is an Separate Setup that you can Download here. This is the Full Version. this addition will install not only the Search Services but also Secure Store Service and Web Analytics Services which are really useful and makes SharePoint foundation More shined. many techies still worries about not having these core features in foundation and thinks that they have to pay for Search Server also but not really, Search Server Express totally free with few limitation but yet really useful and almost covered as same as enterprise.

right after this deployment, you will be able to experience below capabilities on your foundation setup.

1. Search Service Application (Create Search Service Application and customize as you want which is same as Enterprise). Manage Content Sources, Define File Types, Search Web Parts Such as Advanced Search Box.

2. Web Analytics Services

3. Secure Store Service

So lets start with the deployment. I have an SharePoint foundation farm back ending SQL Express 2008 R2 which is in a Single Server. this post I will start with the Search Server Deployment.

Normally these are the only service applications you have in SharePoint Foundation 2010. additionally BDC is there which you can create via New –> Service Application

image

Starting with setup by just click on Install Search Server Express is the first step once you done with the prerequisites. make sure you have the internet on server during the prerequisites installation.

clip_image002

Accept the License Agreement as usual to proceed.

clip_image001 

Change the Program path if you need it to be installed in another location as the default goes to C: Drive and just hit Install to start.

clip_image003

Give it a moment. this wont take than 5 Minutes if you have proper resources on server.

clip_image004

Config Wizard will automatically pop-up right after the installation. leave the tick box selected to run the wizard (this will make your IIS reset for several time during the process)

clip_image005

Just Click Next

clip_image006

the summary will be here so again “Next” to go.

clip_image007

Leave it for few minutes. not more than 5-6 minutes again.

clip_image008

That’s all and we done the installation and Search Server Express is now integrated to your SharePoint farm.

clip_image009

Let’s check out whether we got it as expected. indeed, direct to Service Applications through Central Administration and you will realize that you have few more Service Applications available for creations. isn’t this the greatest news for foundation crowd ever heard of?

clip_image010

As next let’s go to ‘Services of Server’ through the CA and we are now about to start our New Services (SharePoint Server Search, Web Analytics Service etc.. which are newly embedded through Search Server Express deployment)

clip_image011

Let’s Start the Search Service as same as we do in SharePoint Enterprise. I’m filling Service Credentials, Names of DBs, Schedules of Crawling etc..

clip_image012

Now to Configure Search Service Application which is also identical as same as Enterprise. so far I’m so excited !!. hit OK to create the Search Service Application.

clip_image013

Give it a moment. indeed again this depends on your server’s performance. coming in to mind that you are on an enterprise environment, yes I am.

clip_image014

Alright we done with it as this resulting “Succeeded”

clip_image015

Get in to Service applications and you will see our newly created Search Application is started there.

clip_image016

click on it and get in to the configuration panel. you will see all the capabilities such as File Types, Content Sources, Crawl Log etc.. which are about to shine your Foundation Farm here after.

clip_image017

clip_image018

clip_image019

let me now check the Service Connection mapping of my web application though CA –> Service Connections for Web Application in order to try with searching.

clip_image020

Starting a Crawl for my default content source to check out on searching.

clip_image021

meanwhile I would Enable Site Collection Level Search Features. I’m activating Search Server Web Parts here. this is totally same. more Excited !

clip_image022

And Search Settings from CA –> Site Collection Administration

clip_image023

You would see the familiar Search Settings Page as same as enterprise.

clip_image025

alright, Now the interesting part where we are going to add an Search Web Part to a page. by just editing a newly created web part page –-> Insert –-> Web Part –-> Search Web Parts -–> Advanced Search Box. there will be lot more web parts which are were limited only up on SharePoint Standard such as Advanced Search Box, Refinement Panel, Search Box, Search Statistics, Search Core results, Federated Results etc..

clip_image024

done with adding Advanced Search Box to my web part page as you see below so what are we waiting for ? let me search something as I guess it has completed crawling which I already started in an earlier step.

clip_image026

it is it is … !!! we are now having Advanced search functionality in our Foundation setup.

clip_image027

hope this was a great news and tip for SharePointers out there and will come up with next post soon ..

Error ( file not found) When Trying to Activate SharePoint Server Publishing Feature

I needed to activate Publishing feature in a sub site which I got newly created but it occurred an error as below which I was not able to go ahead.

“Error ( file not found) when trying to activate office SharePoint server publishing feature”.

clip_image001

checked the Alternate Access mappings (AAM) as I was accessing this site externally. I have been forgot to include the URL Entry in External Zone. tried again to activate the feature after adding URL and the error disappeared.

clip_image002

Make sure you have configured AAM for your Site collections once you created them.

Full Control/Design Permitted Users Unable to edit Web Parts (Web Part Contents)

Another issue I just faced on a Migrated SharePoint Environment at one of my client today. they were in SP 2007 and recently gone in to 2010.

Problem Statement : the issue is, Designers in various divisions unable to edit web parts on their pages. going in to edit mode through Edit page is possible and whatever the features in ribbon such as web part options/permission also exists and functioning properly but once web part selected it doesn’t allow to edit, can be just highlighted (basically read mode). these designers has been granted with Design permission and previously in SharePoint 2007 this issue wasn’t exist.

Thanking to SharePoint Warriors, finally got a point of solving somehow so stating here it for you who needs it out there.

Cause of the problem is a new setting in SharePoint 2010 that allows us administrators to restrict contributors/designers from editing web parts. So you can do one of two things to fix this problem.

Option 01 – Disabling Security Feature from Web Application level at Central Admin

Note: this setting can only be enabled at web application level. it applies to whole web application.

Direct to Central Administration –> select your web application that you want to make this change on –> select ‘Web Part Security’ —> scroll down to ‘Scriptable Web Parts’ and –> select ‘Allows contributors to add or edit scriptable Web Parts’ –> click OK

Option 02 – else if you need to keep above security enabled further, just try on giving Approve, Manage, Design permissions instead Full Permission.

SharePoint 2010 Compatibility with Windows Server 2012

This is a bad? news for SharePointers out there which still has a good news inside as well ;). who’s going to deploy SharePoint 2010 on Windows Server 2012? Keep a note below.

The Bad News Is – As per Microsoft SharePoint Server 2010 does not compatible with Server 2012 platform and we have to wait till the SharePoint 2010 SP 2 released which will contain the patches and updates accordingly.

And here’s The Good News -Yes We have an workaround for this.

Though MS says that we have to wait till the SP 2 released, I cannot because somebody is waiting for the solution out there and there’s no excuse for it, couldn’t revert back my Server in to 2008 R2 as well. So started dig down in to a workaround and got finally SP 2010 on Server 2012 installed and configured nicely, Tons of thanks for the web community who Shares their experiences all over the world for others (I’m community a Lover…)

So, From the point of prerequisites preparation you will get below issues.

1. Prerequisites installer gives an incompatibility pop up (still you can go ahead by saying ‘Run Program without Help’)

clip_image001

2. Even Though you have got all prerequisites Installed either manually or through a script, SharePoint Server Installer still says ‘Windows Server Roles or Features required by this product are not Enabled’.

clip_image002

3. Let’s say you have passed all above barriers somehow. Still you get some other issues after installing and provisioning the farm.

3.1 Farm Configuration Wizard Fails

clip_image003

3.2 Local Farm Not Accessible via PowerShell. Again the compatibility issue.( "The local farm is not accessible. Cmdlets with FeatureDependencyId are not registered")

clip_image004clip_image005

Let’s see how we can get this done and here are the workarounds you have.

Note : None of these workarounds are officially supported by Microsoft and still the best solution for now is to have SharePoint 2010 on Windows Server 2008 R2.

If you are Installing SharePoint server 2010 on SQL Server 2012, make sure you have the media which has SharePoint 2010 SP1 included. None SharePoint SP 1 doesn’t support SQL 2012.

Workaround 01 – Automated PowerShell installer Script (This will save hours for you)

Craig Luccier has done a great job here – http://gallery.technet.microsoft.com/sharepoint/SharePoint-2010-and-dee17600. This single PowerShell monster resolves all above issues. Basically –

  1. installs all of the Windows Server 8 beta Roles/Features necessary to run SharePoint 2010
  2. Change the default IIS 8 App Pool .NET Framework to v2.0
  3. Downloads and install the SharePoint 2010 Prerequisites
  4. The SP 2010 installer doesn’t work issues

Running this script before you Install SharePoint will do everything above so nothing to be done manually. Just go ahead and install SharePoint right after this.

Workaround 02 – Get everything manually prepared your self (Time consuming but interesting !)

I didn’t go through the above PowerShell script as I needed to know each and every points basically what we fix and where. So here are steps with detailed descriptions on the manual workaround which worked for me.

1.Installing Prerequisites

Download and install these packages

Microsoft Chart Controls for Microsoft .NET Framework 3.5

Microsoft Filter Pack 2.0 (Available in PrerequisiteInstallerFilesFilterPack as well)

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 R2 ADOMD.NET

Microsoft Sync Framework 1.0

Enable Windows features and roles via Server manager. To do this, Direct to Server manager –> Manage –> Add roles and features and Select below roles.

clip_image006

Go Forward and select Windows identity Foundation 3.5 for .Net framework 3.5 under features. It’s good so you don’t have to download It anymore as Serer 2012 contains the feature out of the box.

clip_image007

Below List of services need to be selected under IIS Role.

clip_image008clip_image009clip_image010

clip_image011clip_image012

Go ahead and install them and that’s all from the Prerequisites side.

2. Installing SharePoint

Go and run the Setup.exe and you will get the issue no 2 I have mentioned above ‘Windows Server Roles or Features required by this product are not Enabled’. Don’t worry, one guy out there has done a great job. It’s all about just Downloading Hand.ServerManagerCmdEmul – Binaries from here and copy ServerManagerCmd file in to – C:\Windows\system32 in your SharePoint Server. Additionally from there you can get the Hand.ServerManagerCmdEmul – Sources project file as well.

Boom ! You wont see that error now. So Go ahead and get the product installed.

clip_image013

Once you complete the installation you will notified for product configuration wizard. Go ahead and get your farm configured. End of the wizard, again the next issue will pop up. Yes the issue number 3.1 which I have mentioned above, ‘Configuration failed’. This is because SharePoint 2010 needs .Net farmework 2.0 in IIS App Pools.

At this stage, all the app pools and sites has been created under IIS. Let’s go there and have a look. Yes they are !

But all are having .Net v4.0 and this has to be changed in to 2.0

clip_image014

Right click on each pool –> advanced settings –> and set the .Net version to 2.0 (ignore the .Net v4.5 and .Net v4.5 Classic) it should look like this once you done.

clip_image015

Now Run the Product Configuration Wizard again and it should complete successfully.

Here we go.. ! Your Central Admin loaded.

clip_image016

3. Fixing SharePoint Management Shell Issue

In order to make use of the powershell commands with sharePoint 2010 on Server 2010, we need to switch the powershell version back to version 2.

Note: This will not uninstall version 3, it will simply launch a new powershell instance that uses version 2.

Right click on SharePoint Management Shell –> Go to File Location –> Get the properties of the Shell Shortcut –>

replace the Existing Target value in to – C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe -version 2.0 -NoExit " & ‘ C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\CONFIG\POWERSHELL\Registration\\sharepoint.ps1 ‘ "

clip_image017

Let’s go and try now. Yeah Now the Shell back to Rock !!

clip_image018

Everything on it now.. Enjoy,

image

HTTP : 500 Service Unavailable in a just installed Brand new SharePoint 2010 BOX

Installed an brand new SharePoint 2010 Application server (SPS-APP01.mydomain.int) with Service pack 1 and August 2012 cumulative update. All prerequisites and installation went perfectly but once the product wizard completed I’m getting “HTTP : 500 Service Unavailable” error while loading Central administration also the Central administration app pool get stopped.

Wasted probably two hours by looking all around to find out the point of this occurrence.

  1. Installed SharePoint and ran product config wizard through Farm account and Farm account also has full control to Database server so no point of checking more on database level permissions.
  2. Checked the IIS app pool account of Central Admin and all required IIS security groups and all are there as needed.
  3. Farm account also a member of local admin group.
  4. Demoted whole farm and again provisioned but the result was same.

So what else I have to huh ? None isn’t it ? But actually yes one more thing.

Suddenly popped out that one key permission which was missing while I’m checking – "Log on locally as batch job" on local security policy of SP Server.

Administrative tools –> local security policy –> User rights assignment –> right click and edit "Log on as a batch job"

clip_image001

clip_image002

My farm account (Central Admin App pool account) should be here but it wasn’t. tried to add but couldn’t can you see the add users button has been grayed out so realized that Infra admin has defined this particular group policy through AD.

Asked Admin to Edit the default domain policy –> User rights assignment –> right click ad edit "Log on as a batch job"

clip_image003

Added Farm (Central admin App pool account) account in to the group since this policy has been defined (enabled).

clip_image004

After applying just ran a GP Update/force from SP Server and checked whether this user has been added,

clip_image005

yes it was as above and then tried to open up the central admin.

Capture

Bingo !!! It opens now.