Following up on a change of default URL for a WebAppllication on SharePoint 2013, the site did not respond correctly.

Finding the a

Unexpected SPAudienceValidator Audience URI '[OLDURL]' is not valid for context

in the ULS led me to this blog post https://gavinmckay.wordpress.com/2014/11/28/fixing-sharepoint-2013-unexpected-spaudiencevalidator-audience-uri-is-not-valid-for-context/

Indeed a caching issue, in my case a flush of the DNS and a reset of the web server was sufficient.

  1. ipconfig -flushdns
  2. iisreset -noforce

 

 

 

Tags: , , , | Categories: SharePoint Configuration | SharePoint

When using the PowerShell command Mount-SPContentDatabase or adding content database through the Central Admin you will receive this error message:

The SELECT permission was denied on the object 'sysobjects', 
database 'mssqlsystemresource', schema 'sys'.

if the SharePoint Admin account has the deny permissions checked. The easy fix was to open SQL Server Management Studio and modify the roles of the admin account on the content database.

  • db_denydatareader
  • db_denydatawriter

Make sure that db_denydatareader and db_denydatawriter are unchecked on the user. 

Thank you Steve! http://stevemannspath.blogspot.dk/2013/03/sharepoint-permission-error-when.html 

 

Tags: , , , | Categories:

Got the error while scripting content type modifications with PowerShell and SharePoint 2010.

 

 

Error System.Management.Automation.MethodInvocationException: Exception calling 
"Update" with "1" argument(s): "The collection cannot be modified." ---> Microso
ft.SharePoint.SPException: The collection cannot be modified.
   at Microsoft.SharePoint.SPContentType.Update(Boolean updateChildren, Boolean
ignoreSealedOrReadOnly, Boolean throwOnSealedOrReadOnly, IList`1 exceptions)
   at Microsoft.SharePoint.SPContentType.Update(Boolean updateChildren)
   at Update(Object , Object[] )
   at System.Management.Automation.DotNetAdapter.AuxiliaryMethodInvoke(Object ta
rget, Object[] arguments, MethodInformation methodInformation, Object[] original
Arguments)

AvailableContentTypes

I was using the AvailableContentTypes[$contentTypeName] to get the content type I wanted to change. But content types retrieved from this collection (as oppose to SPWeb.ContentTypes) are read-only.

$field = $web.Fields[$fieldName]
$cType = $web.AvailableContentTypes[$contentTypeName]
$fLink = new-object Microsoft.SharePoint.SPFieldLink $field
$cType.FieldLinks.Add($fLink)
$cType.Update($true)

The correct way is using the SPWeb.ContentTypes collection as the following code:

$field = $web.Fields[$fieldName]
$cType = $web.ContentTypes[$contentTypeName]
$fLink = new-object Microsoft.SharePoint.SPFieldLink $field
$cType.FieldLinks.Add($fLink)
$cType.Update($true)

 

Tags: , | Categories: SharePoint Development

Here is how to set column validation formula for SharePoint field to contain only numbers and only two symbols (fixed length). You have to use a “single line of text” field because the number field won’t work this way.

Here is the formula:

=IF(LEN(CustomSortOrder)=2,ISNUMBER(CustomSortOrder+0),FALSE)

This works for both SharePoint 2010 and 2013 and can be set in the user interface.

If you are creating a WSP:

Here is the xml for the field called “CustomSortOrder” is a required field with the deafult value set to “00”:

<Elements xmlns="http://schemas.microsoft.com/sharepoint/">
  <Field
        ID="{[id]}"
        Name="CustomSortOrder"
        DisplayName="Sort Order"
        Type="Text"
        Required="TRUE"
        EnforceUniqueValues="FALSE"
        Indexed="FALSE"
        MaxLength="2"
        Group="CustomField">
    <Default>00</Default>
    <Validation Message="The value of this field must be between 01 and 99 and with 2 characters.">
=IF(LEN(CustomSortOrder)=2,ISNUMBER(CustomSortOrder+0),FALSE)
</Validation> </Field> </Elements>

 

In my search for this solution I found some other formulars at The Chris Kent blog:

 

Happy SharePointing.

 

Tags: , | Categories: SharePoint Development | SharePoint Configuration

Todd Klindt has made a very useful SumUp on how to create different SharePoint Admin Permissions.

For more information, take a look at Todds post Demystifying SharePoint Admin Permissions at Todd Klindt's SharePoint Admin Blog

Web Application Policy

How Do You Give It?

In Central Admin > Manage Web Applications > Policy for Users

Farm Administrators in Central Admin

How do you give it?

In Central Admin > Security > Farm Administrators

SPShellAdmin

How do you give it?

From PowerShell with the Add-SPShellAdmin cmdlet.

Service App Administrator

How do you give it?

Central Admin > Service Application Management. Highlight the service application and click “Administrators" in the ribbon. Add the user to the Administrators list.

Tags: , , | Categories: Tips and tricks | SharePoint Configuration

Trying to filter a list on its workflow status is pretty non-intuitive. You need the special status codes. Theese will work with all workflows in ShaePoint even Nintex workflows.

Status Code

Status Description

0

Not Started

1

Failed on Start

2

In Progress

3

Error Occurred

4

Cancelled (i.e. Stopped by User)

5

Completed

6

Failed on Start (retrying)

7

Error Occurred (retrying)

8

(unknown)

9

(unknown)

10

(unknown)

11

(unknown)

12

(unknown)

13

(unknown)

14

(unknown)

15

Cancelled

16

Approved

17

Rejected

Theese status codes can be used in editing list view query in both the user interface and the CAML in the list schema.xml

image005

 

image006

Another little special SharePoint speciality is that the workflow status field is referenced as the 8 first letters in the workflow instance name and the value type as WorkflowStatus

References:

Tags: , , , , , | Categories: Tips and tricks | SharePoint Development | SharePoint Configuration
Invalid text value. A text field contains invalid data. 
Please check the value and try again.

Got this message in the ULS after starting a workflow. After some testing, re-deploys and cursing I found the answer: I was adding to much text to a single line text field!
It happens when the value you are adding for a text field is larger than 255 characters, so use lesser characters or change the type to a note field.

Well not much of a helpful error message but again, its SharePoint. Smile

Links
ULS

w3wp.exe (0x1898)

0x1980

SharePoint Foundation

Workflow Infrastructure

72er

Medium

Message:

Microsoft.SharePoint.SPException: Invalid text value. A text field contains invalid data. Please check the value and try again. ---> System.Runtime.InteropServices.COMException (0x81020018): Invalid text value. A text field contains invalid data. Please check the value and try again. at Microsoft.SharePoint.Library.SPRequestInternalClass.AddOrUpdateItem(String bstrUrl, String bstrListName, Boolean bAdd, Boolean bSystemUpdate, Boolean bPreserveItemVersion, Boolean bPreserveItemUIVersion, Boolean bUpdateNoVersion, Int32& plID, String& pbstrGuid, Guid pbstrNewDocId, Boolean bHasNewDocId, String bstrVersion, Object& pvarAttachmentNames, Object& pvarAttachmentContents, Object& pvarProperties, Boolean bCheckOut, Boolean bCheckin, Boolean bMigration, Boolean bPublish, String bstrFileName, ISP2DSafeArrayWriter pListDataValidationCallback, ISP2DSafeArrayWriter pRestrictInsertCallback, ISP2DSafeArrayWriter pUniqueFieldCallback) at Microsoft.SharePoint.Library.SPRequest.AddOrUpdateItem(String bstrUrl, String bstrListName, Boolean bAdd, Boolean bSystemUpdate, Boolean bPreserveItemVersion, Boolean bPreserveItemUIVersion, Boolean bUpdateNoVersion, Int32& plID, String& pbstrGuid, Guid pbstrNewDocId, Boolean bHasNewDocId, String bstrVersion, Object& pvarAttachmentNames, Object& pvarAttachmentContents, Object& pvarProperties, Boolean bCheckOut, Boolean bCheckin, Boolean bMigration, Boolean bPublish, String bstrFileName, ISP2DSafeArrayWriter pListDataValidationCallback, ISP2DSafeArrayWriter pRestrictInsertCallback, ISP2DSafeArrayWriter pUniqueFieldCallback) --- End of inner exception stack trace --- at Microsoft.SharePoint.SPGlobal.HandleComException(COMException comEx) at Microsoft.SharePoint.Library.SPRequest.AddOrUpdateItem(String bstrUrl, String bstrListName, Boolean bAdd, Boolean bSystemUpdate, Boolean bPreserveItemVersion, Boolean bPreserveItemUIVersion, Boolean bUpdateNoVersion, Int32& plID, String& pbstrGuid, Guid pbstrNewDocId, Boolean bHasNewDocId, String bstrVersion, Object& pvarAttachmentNames, Object& pvarAttachmentContents, Object& pvarProperties, Boolean bCheckOut, Boolean bCheckin, Boolean bMigration, Boolean bPublish, String bstrFileName, ISP2DSafeArrayWriter pListDataValidationCallback, ISP2DSafeArrayWriter pRestrictInsertCallback, ISP2DSafeArrayWriter pUniqueFieldCallback) at Microsoft.SharePoint.SPListItem.AddOrUpdateItem(Boolean bAdd, Boolean bSystem, Boolean bPreserveItemVersion, Boolean bNoVersion, Boolean bMigration, Boolean bPublish, Boolean bCheckOut, Boolean bCheckin, Guid newGuidOnAdd, Int32& ulID, Object& objAttachmentNames, Object& objAttachmentContents, Boolean suppressAfterEvents, String filename, Boolean bPreserveItemUIVersion) at Microsoft.SharePoint.SPListItem.UpdateInternal(Boolean bSystem, Boolean bPreserveItemVersion, Guid newGuidOnAdd, Boolean bMigration, Boolean bPublish, Boolean bNoVersion, Boolean bCheckOut, Boolean bCheckin, Boolean suppressAfterEvents, String filename, Boolean bPreserveItemUIVersion) at Microsoft.SharePoint.SPListItem.Update() at Microsoft.SharePoint.Workflow.SPWinOETaskService.CommitTask(Transaction txn, Object[] transData)

Tags: , , | Categories: SharePoint Development

Automatic Windows Update caused my SP2012 Dev enviroment to break today!

The Security Update KB2756920 caused every SharePoint site to error out with “Object reference not set to an instance of an object.”  on Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_ApplicationProperties()

image

other symptom's where with the Security Token Service:

An exception occurred when trying to issue security token: The requested service, 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas' could not be activated. See the server's diagnostic trace logs for more information..

Trying to acces the service would give:

Method Not found: "System.String System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper(System.Object)"

image

Apparently it only happens to windows 2008 r2, with no SP1 installed.

Reference see TechNet: http://social.technet.microsoft.com/Forums/en-GB/sharepointadminprevious/thread/903d0e22-6419-48c5-8669-a1191c841b76

Tags: , , | Categories: SharePoint Configuration

When you throw claims authentication in the mix of AD users and SharePoint user profiles there is some things you should be aware of:

  • Use your Identity Provider to make the user profile sync connection to the domain
  • There's no built in mapping between the user profile identifier and claim (or forms) users identity provider; missing this will give you more than one user profile per user!

Setting up the sync connection with Identity Provider

Set up with claims user and Identity Provider can be setup in the Central Admin or through this PowerShell cmdlet

Add-SPProfileSyncConnection 

But beware, it is only intended for SharePoint Online environments, now you are warned!

I found it working on “on premise” fine, but there is no warranties!

Specific for the Claims scenario I will just point out the following parameters.
All the parameters are explained on this TechNet article:
http://technet.microsoft.com/en-us/library/jj219677.aspx

Parameter

Required

Type

Description

ConnectionClaimProviderIdValue

Optional

System.String

Specifies the Claims Provider ID or Name for an authentication type while a Web App is configured.

ConnectionClaimProviderTypeValue

Optional

System.String

Specifies the Authentication claim Provider that will be used to encode the User Profile accounts names. For example, Windows/Forms etc. This means if a user logs in using the given Authentication Type, then a profile can be found by looking up a claim encoded credentials.

The PowerShell could look something like this:

#provision connection with Claim Provider Add-SPProfileSyncConnection
-ProfileServiceApplication 888ds256-9ad9-53a9-f135-99eecd245670b `
-ConnectionClaimProviderIdValue "ClaimProviderName" `
-ConnectionClaimProviderTypeValue "Trusted" `
-ConnectionForestName "fabrikam.com"-ConnectionDomain "Fabrikam" `
-ConnectionUserName "Testupa" `
-ConnectionPassword convertto-securestring "Password1" `
-ConnectionSynchronizationOU "OU=SharePoint Users,DC=fabrikam,DC=com"

 

Limitations:

  • Only in SharePoint 2010 Service Pack 1 !
  • The account running the PowerShell window must be added as an administrator for the UPA.
  • Remove-SPProfileSyncConnection does not delete sync connections!
  • … see below

Others explaining the use of this cmdlet

 

Mapping between AD user and Claim user

When setting up a SharePoint 2010 application with claims authentication, there's no built in mapping between the AD user profile's and claim (or forms) user. (see my former post User profile property mappings in SharePoint and Active Directory and the TechNet article http://technet.microsoft.com/en-us/library/gg750254.aspx#section2

In claims-based Web applications, SharePoint Server uses the Claim User Identifier property (SPS-ClaimID) to match an authenticated user to the correct user profile. If the SPS-ClaimID is not mapped to the directory service attribute that you want to use as the user identifier, when a user is authenticated, he or she is not matched to the correct user profile and will not see the imported user profile data.

Worst case this will give you more than one user profile per user.

The mapping between the claim user and the AD user is done by setting the SPS-ClaimID (Claim User Identifier) to sAMAccountName (UserName)through the User Profile Service Application.

Claim User Identifier

This property mapping must be manually inserted if using Forms or Trusted Identity providers.

claim user props mapping

Or you can use PowerShell to set this mapping. The AddNewMapping cmdlet can do just that.

$synchConnection.PropertyMapping.AddNewMapping([Microsoft.Office.Server.UserProfiles.ProfileType]::User, $spsPropertyName, $userPropertyName)

Remember to do a full sync after setting this property mapping!

Ressources

This CodePlex project contains a PowerShell script to help you automate the creation of SharePoint 2010 User Profile Synchronization connections, User Profile Properties and User Profile Property mappings.

Create/Manage SPS2010 User Profile Properties or Sync Connection from Powershell

Other use full links:

Tags: , | Categories: SharePoint Configuration

The User profile synchronization with AD comes with a build in property mapping. The following page from The TechNet Library describes the profile properties and link to their corresponding directory service attributes:

Default user profile property mappings (SharePoint Server 2010)

User profile property AD DS attribute

SPS-DistinguishedName

dn

SID

objectSid

Manager

manager

PreferredName

displayName

FirstName

givenName

LastName

sn

SPS-PhoneticDisplayName

msDS-PhoneticDisplayName

SPS-PhoneticFirstName

msDS-PhoneticFirstName

SPS-PhoneticLastName

msDS-PhoneticLastName

WorkPhone

telephoneNumber

WorkEmail

mail

Office

physicalDeliveryOfficeName

SPS-JobTitle

title

Department

department

UserName

sAMAccountName

PublicSiteRedirect

wWWHomePage

SPS-ProxyAddresses

proxyAddresses

SPS-SourceObjectDN

msDS-SourceObjectDN

SPS-ClaimID

<specific to connection>

SPS-ClaimProviderID

<specific to connection>

SPS-ClaimProviderType

<specific to connection>


All user profile properties

The following link lists all the user profile properties with internal name, display name and data type that SharePoint Server 2010 provides by default:

Default user profile properties (SharePoint Server 2010)

SP2010 default user profile properties

Full table at: http://technet.microsoft.com/en-us/library/hh147513.aspx

Verify user data

The Active Directory Users and Computers snap-in

The Active Directory Users and Computers snap-in is often the interface to the user attributes.

Go her to see the mapping of UI labels and AD attribute in the property pages that are displayed by the Active Directory Users and Computers snap-in:

User Object User Interface Mapping

AD User General Property Page

more at: http://msdn.microsoft.com/en-us/library/windows/desktop/ms677980%28v=vs.85%29.aspx

LDAP Browser

When it comes to navigation through the LDAP directory data there is several tools to choose from. My favorite is the LDAP directory browser from Softerra; http://www.ldapbrowser.com/download.htm

It comes free of charge if you only need read-only operations.

LDAP browser

Tags: , | Categories: SharePoint Configuration