Daniyar's Tech blog: July 2013

Tuesday, July 30, 2013

Powershell to monitor for SharePoint logs based on correlation ID

Apart from ULS, you can use powershell to search for a correlation and browse it in notepad, example:

SharePoint User Code Host starts then stops

SharePoint User Code Host starts then stops with ULS errors:

Performance Counter OS (pdh) call failed with error code PDH_CSTATUS_NO_MACHINE.
- Process perf counters are disabled. Sandboxed code monitoring cannot continue
from SPUCHostService.exe

EventViewer reports:

Log Name: System
Source: Service Control Manager
Date: 7/30/2013 12:00:10 PM
Event ID: 7034
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SP2013.contoso.com
Description:
The SharePoint User Code Host service terminated unexpectedly. It has done this 18 time(s).

The solution is described in http://support.microsoft.com/kb/983081:

add windows service account of SharePoint User Code Host to local server groups 'Performance Monitor Users' and 'Performance Log Users'

Monday, July 29, 2013

SharePoint 2013 search access denied to People data sps3:// (Event 1314)

The error:

Log Name: Application
Source: Microsoft-SharePoint Products-SharePoint Server Search
Date: 7/29/2013 10:53:09 PM
Event ID: 1314
Task Category: Crawler:Gatherer Plugin
Level: Warning
Keywords:
User: CONTOSO\sp_crawl
Computer: SP2013.contoso.com
Description:
The start address sps3://sp2013:81 cannot be crawled.

Context: Application 'Search_Service_Application', Catalog 'Portal_Content'

Details:
Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has "Full Read" permissions on the SharePoint Web Application being crawled. (0x80041205)

The suggestion above is great, but does not help as it has been a case already.

The solution is to add crawler account to User Profile Service Admins with right to get data from People Data:

Sunday, July 28, 2013

SharePoint 2013 organisation browser empty in non-mysites

To fix the issues please refer to http://spreza.blogspot.ch/2013/03/using-sharepoint-2013-organization.html
You need to place the script under Organisational browser webpart on the same page.

However, the script is better to be placed in embeded HTML, rather than in Content Webpart.

Saturday, July 27, 2013

SharePoint 2013 Add-SPProfileLeader cmdlet gives "ProfilePropertyCache does not have" error

if you have an error trying to specify your CEO in the User profiles -

"Add-SPProfileLeader : UserProfileApplicationNotAvailableException_Logging ::
UserProfileApplicationProxy.ApplicationProperties ProfilePropertyCache does
not have "

or if you use Update-SpProfilePhotoStore

Update-SPProfilePhotoStore -CreateThumbnailsForImportedPh
otos $true -MySiteHostLocation http://xxxxxxxxxx
Update-SPProfilePhotoStore :
UserProfileApplicationNotAvailableException_Logging ::
UserProfileApplicationProxy.ApplicationProperties ProfilePropertyCache does
not have ...

try to repeat this powershell command under farm account.

Or provide permission to your account in Central Admin - highlight User Profile Service Application and then click Permissions and add account that you use for PowerShell with Full permission

Sometime if it still does not work, check rather administrator. Note also Service Account running Distributed Cache - AppFabric Caching service ....

Microsoft supporting startups

http://www.microsoft.com/bizspark/About/Default.aspx

Friday, July 26, 2013

SharePoint 2013 Event ID:7362 portalsuperuseraccount

If you get this eventlog message in SharePoint 2013:

Log Name: Application
Source: Microsoft-SharePoint Products-Web Content Management
Date: 7/26/2013 3:05:44 PM
Event ID: 7362
Task Category: Publishing Cache
Level: Information
Keywords:
User:
Computer:
Description:
Object Cache: The super user account utilized by the cache is not configured. This can increase the number of cache misses, which causes the page requests to consume unneccesary system resources.
To configure the account use the following command 'stsadm -o setproperty -propertyname portalsuperuseraccount -propertyvalue account -url webappurl'. The account should be any account that has Full Control access to the SharePoint databases but is not an application pool account.
Additional Data:
Current default super user account: SHAREPOINT\system

make sure you read this articles http://sharepointchick.com/archive/2010/10/06/resolving-the-super-user-account-utilized-by-the-cache-is.aspx and http://technet.microsoft.com/en-us/library/ff758656.aspx

before you actually run stsadm, as you may break SP for all users.

Log viewer for SharePoint 2013

For troubleshooting and for correlation of errors, you might still need good old ULS viewer from Microsoft PSS. It helps to highlight correlated entires if you enable Smart Highlight.

Thursday, July 25, 2013

SAML claims authentication in Sharepoint over AD FS

Following a lab on configuring SAML authentication in Sharepoint over AD FS
http://www.microsoft.com/en-us/download/details.aspx?id=30385
based on http://technet.microsoft.com/library/hh305235(office.15).aspx

I released that there are few typos in the scripts, also not clear the mapping of LDAP attributes to outgoing Claims, I had to modify to make it work from SAM-account-name to Email address from LDAP side

Free MS e-book - a guide to claims-based identity and access control

Although based on earlier versions of SharePoint and Windows, this book provides very detailed explanation on all concepts of Microsoft implementation of claims-based authentication and access controls.

http://msdn.microsoft.com/en-us/library/ff423674.aspx

A paper version is available on Amazon:

http://www.amazon.com/Guide-Claims-Based-Identity-Access-Control/dp/1621140024/

Wednesday, July 24, 2013

Bruce Schneier talks about power

Human society runs on trust. We all trust millions of people, organizations, and systems every day -- and we do it so easily that we barely notice. But in any system of trust, there is an alternative, parasitic, strategy that involves abusing that trust. Making sure those defectors don't destroy the cooperative systems they're abusing is an age-old problem, one that we've solved through morals and ethics, laws, and all sort of security technologies. Understanding how these all work -- and fail -- is essential to understanding the problems we face in today's increasingly technological and interconnected world.

http://youtu.be/m3NJ-Ow2Lvg

Tuesday, July 23, 2013

How to change Sharepoint 2013 top left SuitBar to a custom text or image using masterpage

The first thing any branding is looking at is this famous "SharePoint" word in the top left corner of OOB Sharepoint 2013. There are many methods to change it - by creating Visual Studio project or App, by twicking in powershell, etc. Here is very simple method using masterpages and javascript. In Sharepoint Designer 2013 locate a source masterpage, make a copy to your custom name. Then locate the place where you can modify an object called "ms-core-brandingText" - quote from source fully rendered client HTML

In case of seatle masterpage locate
and just above it add

This is an example, you can add a logo image or link instead. Check-in the new master page with major version and then set this master page for the site.

The result would be something like this:

Note that to modify My Sites master page you need to open My Sites in SharePoint Designer (in my case URL http://sp2013.contoso.com/my) and modify directly the masterpage called mysite15.master with the same method.

User Profile Synchronization is not running on SharePoint 2013

When you configure user profile synchronization settings in Central Administration of SharePoint 2013, you may receive the error message:

“Cannot navigate to the requested page because User Profile Synchronization service is not running. Please start User Profile Synchronization service”.

To start it you need to select “Manage services on server” and provide credentials:

If you do not have this menu on your screen, probably you are not running IE10 as administrator.

Monday, July 22, 2013

How to enable Design Manager in SharePoint 2013 site

Design Manager is new feature of SP2013, but it is not enabled by default. To enable it you would need Publishing feature.

Go to “Site Settings” of the collection root site and select “Site collection features”:

Then Activate Publishing infrastructure:

Then in the “Site Setting” of the root site or any target subsite select “Manage site features”:

And Activate “SharePoint Server Publishing”:

Now you should be able to see new menu in under Settings Icon called “Design Manager”:

SharePoint 2013 resource

Articles contain an overview of product features, product comparison information, system requirements, product evaluation kit, news and reviews, case studies, videos, virtual labs, and product roadmap.

http://technet.microsoft.com/en-us/library/cc261970.aspx

----------------------------
This Post contains a bunch of Free Step by Step SharePoint Server 2013 Lab Guides that Microsoft gives for free on its Download Center. Usually I post them together with the other free resources that Microsoft offers, however this is a Test Lab Guide (TLG) only post, and the rest of the resources will come later in the month.

http://absolute-sharepoint.com/2013/07/free-step-by-step-sharepoint-server-2013-lab-guides-by-microsoft.html

Sunday, July 21, 2013

SAML suppose to be secure!

using SAML standard does not mean that your SAML implementation is automatically secure. Here is attacks examples on XML signature (simple order change in XML might open a door)

http://youtu.be/RHIkb9yEV1k

Wednesday, July 17, 2013

Bruce Schneier Answers Your Questions Video

A lot of fun and serious thoughts
http://youtu.be/dJh0mIJn6kE

HP Storage vulnerability

HP security bulletin report an issue in HP Storage powered by LeftHand OS.

It would be interesting to know if earlier products close to EOL such as EVA 4400 have the same vulnerability. HP has the similar support access method to earlier versions of enterprise storage, but it is not powered by LeftHand OS.

Tuesday, July 16, 2013

CentOS cluster

Detailed video walkthrough of creation of a cluster on CentOS (RedHat) nodes

http://youtu.be/FP2_MxXGibY

note that you can not use cluster fencing on hyper-v guests, so for your lab use KVM or VMWare or Xen - read more at https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/High_Availability_Add-On_Overview/s1-virt-guestcluster.html.

The Four Pillars of Identity

Four pillars:

Administration (provisioning, change control, automation)
Authentication (is user really who he claims to be)
Authorization (role, risk, policy, claims based)
Audit (alerts, reporting, governance)

http://social.technet.microsoft.com/wiki/contents/articles/15530.the-four-pillars-of-identity-identity-management-in-the-age-of-hybrid-it.aspx

Monday, July 15, 2013

20 Critical security controls (SANS ver. 4.1)

Must read information for IT security professionals:

http://www.sans.org/critical-security-controls/guidelines.php

or PDF version

http://www.sans.org/critical-security-controls/cag4-1.pdf

Saturday, July 13, 2013

DVD drive is not recognized in Windows 8

Suddenly I realised that my CDROM/DVDROM is missing in Windows 8. BIOS does detect it as usual.

The issues is inside Windows. The registry trick helped to solve it:

reg.exe add "HKLM\System\CurrentControlSet\Services\atapi\Controller0" /f /v EnumDevice1 /t REG_DWORD /d 0x00000001

reboot.

Little bit annoying, I do not understand why I should use registry for a very standard feature on my PC.

Thursday, July 11, 2013

MCSE Private Cloud 2012

passed the last exam today!

Microsoft Thursday - this time is a tough one - all platforms affected, including Windows Kernel, etc.

Code for exploits probability is high, patch ASAP:

1- Exploit code likely

http://technet.microsoft.com/en-us/security/bulletin/ms13-jul

CentOS switching to Oracle Linux

According to Oracle by switching from CentOS to Oracle Linux you shorten delays on RHEL sources recompilation which sometimes can be vital in critical enterprise environments. Oracle Linux claims 100% compatibility with CentOS. Another advantage is that Enterprise customers can optionally buy a support from Oracle. Otherwise it is as free as CentOS.

to switch use command:

curl -O https://linux.oracle.com/switch/centos2ol.sh
sh centos2ol.sh

Tuesday, July 9, 2013

Microsoft equivalent of SAP Earlywatch for private cloud

System Center Advisor - public cloud based best practices analyser for MS private cloud. Can also work as OpsMgr conector with no extra overhead:

https://systemcenteradvisor.com/

http://channel9.msdn.com/Shows/Edge/Edge-Show-61--System-Center-Advisor-with-System-Center-2012-Operations-Manager

Enable Lync notifications in SCOM 2012

http://www.effectualit.com/2012/09/enable-the-instant-messaging-notification-in-system-center-2012-operations-manager/

Monday, July 8, 2013

Create System Center Service Manager Service Offering based on new SCVMM service with runbook automation

Assuming you have created a working runbook that creates automatically a service instance in SCVMM (refer to runbook example http://daniyar-tech.blogspot.ch/2013/07/system-center-2012-sp1-orchestrator.html) then you can proceed and use this runnbook in in Service manager –

Create template with class set to “Runbook Automation Activity”

In the template form select a runbook and fill the initial data

Create template with class set to “Service Request”, it is required to appear later in the droplist

In the template forms activities tab click plus icon

And the select the activity you want to add to the request workflow

Define at what stage of workflow this activity will execute.

Now you can define a request offering (Library - Service Catalog – Request offering - Create) by selecting a template we just created above

We may want to ask user to provide new VM ServiceName

And map it to runbook initial data variable ServiceName

Set publish status to Published.

Now you can create Service Offering and link it to this request offering

Set status of service offering to published and you now can start requesting it from Self-service portal or directly in the SM console.

Service request is in progress:

Service Manager -

Orchestrator -

Virtual Machine Manager -

Sunday, July 7, 2013

Audit Collection Services in System Center Operations Manager

http://youtu.be/AQkdZKoflBc

How to create service automation in System Center

a lab scenario from MS virtual lab, provides a scenario on how to create templates, requests, automation tasks, runbooks.

http://downloads.vlabcenter.com/virtualwidemanuals/CMG/SystemCenter2012SP1Services&Automation.pdf

System Center 2012 SP1 Orchestrator runbook to deploy a SCVMM service from a template

Here is an example of System Center 2012 SP1 Orchestrator’s runbook to deploy a SCVMM service from a defined template.

Service Template Name equals {TemplateName from “Initialize Data”}

Service Template Release equals {TemplateRelease from “Initialize Data”}

Service Template Name {Service Template Name from “Get Service Template”}

Note that deployment did not work from the beginning with error:

“The following errors occurred when invoking PowerShell script:Could not find service template Exception: InvalidOperationException Target site: PSRunspaceInvoker.HandleInvokeErrors Stack trace: at Microsoft.SystemCenter.Orchestrator.Integration.PowerShellConnector.PSRunspaceInvoker.HandleInvokeErrors(IList invokeErrors) at Microsoft.SystemCenter.Orchestrator.Integration.PowerShellConnector.PSRunspaceInvoker.Invoke(RunspaceInvoke runspace, String script, ILogger logger) at Microsoft.SystemCenter.Orchestrator.Integration.PowerShellConnector.PSScriptRunner.Execute(String script) at Microsoft.SystemCenter.Orchestrator.Integration.VMM2012QIK.ActivityBase.DoWork(IActivityRequest request, IActivityResponse response) at Microsoft.SystemCenter.Orchestrator.Integration.VMM2012QIK.VMMBase.Execute(IActivityRequest request, IActivityResponse response)”

The solution was to add optional parameter Cloud Name as shown in the screen above.

Service Configuration Name {Service Configuration Name from “Configure Service Deployment”}

Saturday, July 6, 2013

Windows Server 2012 Task Manager does not show disk

You probably noticed that by default Windows 2012 server does not show disk performance in Task Manager. Microsoft argues that it has high overhead and was disabled in Server. In Windows 8 it is enabled by default. Microsoft suggests to use Resource Monitor instead. Anyway to enable it disk in Task Manager run:

diskperf -y

and try to open Task manager again.

To disable:

diskperf -n

Friday, July 5, 2013

Smart and dumb objectives

For those who like abbreviations like:

objectives must be S.M.A.R.T - Specific, Measurable, Actionable, Realistic, Time based.

Here is one more:

Objectives must be D.U.M.B. :) - Doable, Understandable, Measurable, Beneficial.

Thursday, July 4, 2013

One more to MCSE

Exam 70-247 - passed! The next is 70-246 the last between me and MCSE Private cloud.

Tuesday, July 2, 2013

How to fetch VM IP address from SCVMM using powershell

$VM = Get-SCVirtualMachine -Name "VMname"

$ValuesMap = @{}

$ValuesMap.Add("NetworkAddressIPv4", $null)

$map=Read-SCGuestInfo -VM $VM -KvpMap $ValuesMap

$map.KvpMap.NetworkAddressIPv4

UPD: another cmdlet that give IP specific info is Get-SCIPAddress, but KVP is more flexible if you also need other VM information from Integration services channel.

Monday, July 1, 2013

MS private cloud blog

http://www.thomasmaurer.ch

and by the way there is an event (German-English) being scheduled for September 16-17 in Bern:

http://www.thomasmaurer.ch/2013/05/system-center-universe-2013-europedach-registration-is-now-open/

Search This Blog