Site Collection Administration permission lost – strange issue

Strange thing that happened to my account. I am Site Coll Admin on all web sites on an on prem server, but one day the “Site Collection Administrators” and “Site Collection Features” links were gone from two of the sites (in Swedish):

First thing I checked is in Central Administration and “Change Site Collection Administrators”
I was listed on all sites

Then I logged in as the farm administrator and could access the “Site Collection Administrator” link. One site was empty of accounts and the other had only one other account listed. Strange, since I have never changed these values.
I simply added back the accounts and on one of the sites it worked fine. But, on the other I got this message when I tried to add back my own account:

Parametern loginName får inte vara tom eller längre än 251 tecken
Translated:  The parameter loginName cannot be empty or bigger than 251 characters

Very strange, I have never seen this error before. But this made me remember that when I tried to add one of our AD groups, I got a message that the name was too long. So there is a limit on how long account or group names you can use in SharePoint. Somehow these entries must have been removed – in an update? Or when I ran the powershell command that clears the logon cache? I have no idea.

I tried a few times more, and then boom – the accounts just went through and now all three accounts were added.

I have no code running on the sites, the only customization is in my master page but no big at all. I have not made any changes in the web.config files on these two sites.

The only change I can think of is that the ASP.NET feature was installed by another administrator on the server, we will remove it again because it generates other errors in Event Viewer. Maybe something happened when that was installed.

Any ideas?

The Current server is running low on memory

There is an error reported in Health Analyzer on my SharePoint 2013 server regarding the Distributed Cache “current server is running low on memory”.
 
So, the Distributed cache uses 10% of the  total physical memory on the server. The Distributed Cache service uses half of that memory allocation for data storage (also known as cache size), and the other half of that memory allocation is used for memory management overhead. When the cached data grows, the Distributed Cache service uses the entire 10 percent of the allocated memory.  (Source: technet)
To check the existing memory allocation, run this command
Use-CacheCluster
Get-AFCacheHostConfiguration -ComputerName ComputerName -CachePort “22233”
 
There is 16 GB RAM on this server, so 819 MB is not enough. First stop the Distributed Cache Service in Services on server in CA
I first tried to update the size to what Technet recommended (7168 MB) but then I could not start the service again since I did not have enough free memory:
 
Instead, I updated the size to the double at 1600MB with this powershell cmd:
Update-SPDistributedCacheSize -CacheSizeInMB 1600
Then started the Distributed Cache service and the message in Health Analyzer disappeared.
 

My first SP2010 installation, critical issues

This week I have installed my first SharePoint 2010 server and it has been great fun and very interesting! It is a test environment so it’s a small server farm setup. After having a connection issue with the SQL server (everything is closed and denied) it was a fast and easy installation. Well that was the smallest part…

Fired up Central Administration, and went through it step by step. Trying to memorize where to find everything =) When you have worked for years in MOSS then it is a bit messy… When most settings were ready, the red ribbon turned up and warned about the farm having “Critical issues”. Clicked on the messages and there were some errors:

1) The server farm account should not be used for other services
Ah yes, of course, an old classic. Open “Manage service accounts” and change the account to the one you use for your services in general. Not the farm admin account or an account who is a member of the local admin group.

2) Accounts used by application pools or service identities are in the local machine Administrators group. ¨
Click on “Manage service accounts” and change all services that uses your farm account to a specific service account instead. That account should be a least privilege account. Like before..

3) The unattended service account application id is not specified or has an invalid value.
This means that you must generate a new key and configure the Secure Store Service.

4) Missing server side dependencies
Did not really understand WHAT was wrong… so what do you do? Google of course! And yes, I was not alone… Found this guy’s blog with a solution that I found was hilarious! I thought he had forgotten to write down a step in this solution, but no – follow these steps and the error message is gone! =)
Click General Application Settings
Under Search, click Farm-Wide Search Administration
Under Search Service Application click Search Service Application
Run iisreset -noforce (don’t forget to run cmd as Administrator or else you get Access denied)
Thanks to http://sharepointinsight.wordpress.com/

5) Verify that the Activity Feed Timer Job is enabled.
Well, just DO IT! Inside the timer job definitions, enable it.

6) Built in accounts are used as application pools or service identities
Again, change to correct account!

7) Validate the MySite host and individual MySites are on a dedicated web application and separate URL domain.
After a web application for MySite was setup, and some managed paths entered, this message disappeared.

SharePoint farm backup

I think I have blogged about this before, but I cannot enough emphasize the importance of running SharePoints own backup together with your SQL database backup. Of course, some third party backup products might be able to restore in the same way as you can restore a site collection backup inside Central Admin, but it IS really easy in CA to do this. It’s not that easy if you must restore a SQL database and add the content db to a new web application. What I want to restore is a single subsite inside of a sitecollection.
When using SharePoints restore option, you could easily restore a whole site collection to a new web app (either on a new server or the same) and access it by using http://server:portnumber, export the site (through stsadm or SPD) and then delete the restored web app again. Fast and easy.
But… I ran into a customer that was only using SQL db backup and some third party product, and they were only able to restore the SQL database so I had to create a new web application, detach the db that was installed default, and then add the restored db via STSADM and addcontentdb. I got a lot of errors, and it turned out that when I had attached the restored content db, and looked in “Content databases” it showed 0 sites! So, the db was attached but contained nothing. Will do a SQL hack to change the GUID to something else… and so on. A lot more work!!
So today I setup the farm backup with a .bat file and put it in Scheduled Tasks and made sure it ran correctly. Got this error:

“Object WSS_Content_MySite failed in event OnBackup. For more information, see the error log located in the backup directory. SqlException: Cannot open backup device ‘\serverxxx01backupspbr0000000001A.bak’. Operating system error 5(error not found). BACKUP DATABASE is terminating abnormally.”

If you get this error when trying to run backup in SharePoint Central Administration (or using the STSADM command for full backup) then you must do the following:

1) Logon to the SQL server and determine which account that runs the MSSQLSERVICE and add that account to your backup device (that is, the SHARE where you put your backup files) and give it “Edit” permissions.

Use a domain account on MSSQLSERVER

We had some trouble running the full backup (both from CA and stsadm), we got error messages in CA that said “Error: Object SharePoint_Config failed in event OnBackup. For more information, see the error log located in the backup directory. SqlException: Cannot open backup device…” and in EventViewer it complained that we used a Bad username or password. Started to investigate that the app pools ran with the right userid = ok, services on the sharepoint server = ok, user account that initiated the backup = ok, network share had correct permissions and that it actually was a share = ok, the app pool account/service accounts/backup account had right permissions on the SQL server = ok, and then I thought everything was checked. But not. Turns out that the MSSQLSERVER service on the SQL server was running on a local account and that account tries to access the file share where you want your backup files and that share is of course not on the same machine so – access denied for that local account! It’s all so clear when you find the error, isn’t it? 🙂 So, we changed the MSSQLSERVER to a domain account which has all rights to the network share and the databases, and now our backup is up and running!

Character settings in mail from InfoPath

I don’t really know how to explain this error correctly but what happens is that when you receive a mail via InfoPath Forms Services it is not presented with any swedish characters “ÅÄÖ” but instead it uses like wing dings or something. It looked like this:

But after changing the setting “Web application outgoing email settings” in Central Administration (on “Application management”) it displays correctly. Every web app was set to Unicode so I change it to 1252 Western European Windows, and voila – you can now read the mail without having to change the coding:

Thank you Scott Heim at Microsoft!

Victory over SBS, YES!

Yes, today I have been fighting with a customers small business server – but I won!! What I did? The most dreaded – uninstalled WSS 2 on a SBS server and installed a fresh WSS 3 version. Everything went perfect until I wanted to give the new portal a hostname. Did not work. Every hostname or IP just redirected to the ugly Companyweb (even if I updated AAM in CA). Crazy. I ended up adding a new IP-address to the server and dedicate the new portal to that address instead. Removed all “old” shit in the IIS like old application STS-pools and stuff. In this order: added a new IP, added a new record in DNS pointing to that IP, changed the IIS web site to the new IP, added a new AAM-record in Central Administration. IISreset. Worked like a charm 🙂 You just have to do things in the correct order, or everything will freak out. Now I just need a SSL cert and all is done. And me too…

No defined path – MySite

If you get an error message saying that MySite cannot be created due to a missing tag in the URL or error in the defined managed path, then you have to do this:

Open Central Administration
Application Management
Define managed paths
Add the path, like “personnel”

Create a new search scope

This is very useful. Say you have several web sites and you don’t want to display the same search results on every web site – only the results relevant to the current site! Do this:

Open Central Administration
Open your SSP
Click on “Search settings” and then “Content sources”.
There is a list of current content sources, there might just be only one:

Anyway, click “New content source”
Fill in the following fields like this
“Name of the Content Source” = your web site name
“Content Source Type”
“Start Addresses or Applications” (if you choose the Business Data option)
” Crawl Settings and Schedules”
I always enter the name of my content source to the name of the site, it makes it easy to know where it is applied 🙂
The start address is the URL of my site, for example http://mysite.se/

If the content source is a public site then you may not have to index the site so often. I usually run the Incremental Crawl each hour or so instead.
Now save your settings and perform a Full Crawl on your new Content Source.
When that is done, go back to “Search Settings” and select “View Scopes”:

This page shows what scopes this SSP handles. Add a new scope and call it the same name as your content source, ie “mysite”. Now, you have to add some rules to your scope:

Click on “Add rules” and add the following:

I checked the “Content Source” so that I could select my content source “mysite”. Then I checked “Include” because I want all info on this site to be returned in the search results. Now you have to update your new scope.

Click on “Start update now” from the Search settings page.
When the update is ready, you have to associate the scope to your site. Go to Site Settings on your site, click on “Search Scopes” under “Site Collection Administration”. Click on the “Search Dropdown” link:

Now all available scopes are shown including our new scope:

Select your new scope – wow! Uncheck the other scopes, we do not want them on this site.
Your list should now look like this:

Now try your site search. When I did this, other search results STILL showed up. To change this, click on “Edit page” and select “Modify shared webpart” on your search result page. There is a field called “Scope” and even if there is no list to select your scope from, you can simply write in the name of your scope, like “mysite”.

Now when you perform a new search, only results from your site will be displayed!

Install IFilter on MOSS

How to install the PDF iFilter so that pdf files are searchable (and given an icon too)

Download the latest Adobe PDF IFilter from http://www.adobe.com/support/downloads/detail.jsp?ftpID=2611
Stop the IIS service
Run the Adobe PDF IFilter Setup on your MOSS server
Copy the ICPDF.GIF file (search your server) to “C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions12TemplateImages”
Open “C:Program FilesCommon FilesMicrosoft SharedWeb server extensions12TemplateXmlDOCICON.XML”
Add the following to the .pdf type:
Run iisreset
Add the .pdf file type in the following list:
Open Central Administration, Shared Services Administration (SSP), Search Settings and select File Type
Add the new filetype pdf
Perform a fullcrawl of your content source