Sunday, April 28, 2013

Applying udates to SharePoint

After running the exe to apply a cumulative update to your build, rather than using the gui based SharePoint Products and Technologies Wizard, use the SharePoint Management powershell console and call this command:

psconfig -cmd upgrade -inplace b2b -force

The upgrade process will go much faster.

PSConfig Technet reference, click or go here:

If you receive a failure message, navigate into your logs, located in:

C:\Program Files\Common Files\Microsoft Shared\Web Server Extentions\14\Logs

and search for ERR, make sure case sensitivity is in play by selecting the Match case box.

If the error mentions a specific timer ensure that that timer job is enabled in your farm.  If it is ambiguously referencing "a timer", make sure the SharePoint 2010 Timer service and 2010 Admin service are enabled and running in Windows, and then re-run the command

After you get a successfully applied message, navigate into the 14 hive (C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14) and open the ISAPI folder.

Find the Microsoft.SharePoint.dll and examine the Details tab.  The product version should display the updated build number for your update. 

The build number can be found by navigating to the HotFix or CU support page, under the summary section. 
Click here to go to the technet page that lists out all the SharePoint Updates:

If you're upgrade is failing, it could be due to some of your content databases.  Open a management console and get-spcontentdatabase.  Then run upgrade-spcontentdatabase "Name of Db" for each one.  Check out -SkipIntegrityChecks if you need too.

Sunday, April 21, 2013

Secure Store throwing error that can not contact...

If you are receiving an error that reads, an error has occurred, contact your admin, and if you’ve already contacted yourself,
then this is occurring when you’ve clicked Generate a key from Application Management > manage service applications > Secure Store Service Application > manage

Make sure that the account that the secure store service application is using- (Security > configure service applications) has db_owner on the secure store database in SQL and try again.

To check the db_owner login role:

1. Login to the SQL database server with an account that can access the SQL database
2. Expand the Security node and right click on the account that is running the service, per the configure service applications page from your central admin
3. Select User mapping, scroll down to the SecureStoreServiceApplication Database and make this account db_owner, if it isn't.

Sunday, April 14, 2013

Exporting and Importing between Farms

The management shell is the only way to import a site without, restoring from a backup, or recovering data from an unattached database.

Here’s what you do to copy sites around:

login into your source server with an account that has WSS_Admin_WPG (content db where site resides), SharePoint_Shell_Access (config db and Admin db), and SA (SQL Server role) on the Backend database.

Open the management shell as an admin

enter this command, where the URL is the URL to the site you wish to export, complete with all users, versions, and security settings:

Make sure the path is a shared location.

Export-SPweb URL -Path e:\thisIsWhere_Istore_my_contentMigrationpackage\filename_of_contentMigrationPackage.cmp -includeusersecurity -includeversions All -noFileCompression

copy the .cmp file (Note: I’m not sure if .cmp stands for content migration package; but that’s what it seems to do.)

over to the target server, and into a shared path, a path that is shared out to the account that you used to export the SharePoint web.

Create a blank site, based on the custom site template known as… wait for it… “Select Template Later”

That step is key, unless you know the exact template that the source site was built from, you should select the “< Select Template Later>” off the custom tab

Now on the target server, logged in with an account that is a member of the local group WSS_Admin_WPG and SA on the Backend database run this:

Import-SPweb URL -Path e:\PathToWhereICopiedTheCMP\NameOfCMP.cmp -force -includeUserSecurity - noFileCompression -updateVersions append

Sunday, April 7, 2013

Unextending a web application, why you cant choose intranet from the drop down

Once a web application has been extended into a zone, the option to choose that zone disappears from the drop down, off the extend web applications pop-up, and is no longer available or shown in the drop down.

In order to get the option back, the web application extension needs to be removed.  This needs to be performed via powershell.

To unextend a zone that has been extended, use this powershell command.
Get-SPWebApplication http://sitename piped into
Remove-SPWebApplication -identity http://sitename -Zone {Default | Intranet | Internet | Internet | Custom | Extranet} -Confirm

It would look like this if you were un-extending the intranet zone for http://sitename
Get-SpWebapplication http://sitename | Remove-SPWebApplication http://sitename -Zone “Intranet”

If you receive an error that the job already exists go to Central Admin, Monitoring, job definitions and look for a one time job named unprovision…the site name that you’re removing the zone from.

Saturday, April 6, 2013

Configuring User Profile Synchronization Service Applications for SharePoint 2010 or SharePoint 2013

This post assumes you've already installed the SharePoint Binaries (Grey Wizard), and that you are not using the Farm Config Wizard (White Wizard) to set up the farm, and that you've read HarbarNet before reading this post.  It also assumes that you've patched the install to the most recent cu.

Note:  You don't have to install everything, you could just take the code in green below, for the managed metadata service, or you could manually do it.

User Profile Synchronization service application configuration doesn’t have to stress you anymore. And most of what you are about to read is adapted from HarbarNet, from the post that is\was located at this URL: and from TechNet

Here are the steps adapted from Spence Harbar’s blog and parts of TechNet:

1. Install SharePoint in a whatever farm topology, use a setup user account to run the install, this user is a local admin

2. When you get to the screen that asks for the account that will connect to the back end database, enter the name of the server, not the FQDN. Enter Myserver, not

3. Enter the account name for the Farm Account (DOMAIN\My_Farmer). Note: this is not the setup user account,

4. After the farm installs, patch it to the most current cumulative update (note: this was needed for SharePoint 2010 RTM, and is not the case with 2013):

5. After the farm is updated and you’re still logged in with the setup user account, save this text into a file with a .ps1 extension

Click here to watch a video of this script

This script replicates most of the functionality found in the SharePoint Products Configuration Wizard with the EXCEPTION of the USER PROFILE SERVICE

original content for what follows - located here:

Add-PSSnapin Microsoft.SharePoint.PowerShell -erroraction SilentlyContinue

## Settings you may want to change ##
$databaseServerName = “2010SQL”
$searchServerName = “2010WEB1” #Front end Server that will run central admin, the server you’re on right now
$saAppPoolName = “SharePoint Web Services Default”
$appPoolUserName = “DOMAIN\MyFarmer” #farm admin account for Timer and Central admin, check that both services are running under this account before
# running this script

## Service Application Service Names ##
$accesssSAName = “Access Services”
$bcsSAName = “Business Data Connectivity Service”
$excelSAName = “Excel Services Application”
$metadataSAName = “Managed Metadata Web Service”
$performancePointSAName = “PerformancePoint Service”
$searchSAName = “SharePoint Server Search”
$stateSAName = “State Service”
$secureStoreSAName = “Secure Store Service”
$usageSAName = “Usage and Health Data Collection Service”
$userProfileSAName = “User Profile Synchronization Service”
$visioSAName = “Visio Graphics Service”
$WebAnalyticsSAName = “Web Analytics Service”
$WordAutomationSAName = “Word Automation Services”

$saAppPool = Get-SPServiceApplicationPool -Identity $saAppPoolName -EA 0
if($saAppPool -eq $null)
Write-Host “Creating Service Application Pool…”

$appPoolAccount = Get-SPManagedAccount -Identity $appPoolUserName -EA 0
if($appPoolAccount -eq $null)
Write-Host “Please supply the password for the Service Account…”
$appPoolCred = Get-Credential $appPoolUserName
$appPoolAccount = New-SPManagedAccount -Credential $appPoolCred -EA 0

$appPoolAccount = Get-SPManagedAccount -Identity $appPoolUserName -EA 0

if($appPoolAccount -eq $null)
Write-Host “Cannot create or find the managed account $appPoolUserName, please ensure the account exists.”
Exit -1

New-SPServiceApplicationPool -Name $saAppPoolName -Account $appPoolAccount -EA 0 > $null


Write-Host “Creating Usage Service and Proxy…”
$serviceInstance = Get-SPUsageService
New-SPUsageApplication -Name $usageSAName -DatabaseServer $databaseServerName -DatabaseName “UsageDB” -UsageService $serviceInstance > $null

Write-Host “Creating Access Services and Proxy…”
New-SPAccessServiceApplication -Name $accesssSAName -ApplicationPool $saAppPoolName > $null
Get-SPServiceInstance | where-object {$_.TypeName -eq “Access Database Service”} | Start-SPServiceInstance > $null

Write-Host “Creating BCS Service and Proxy…”
New-SPBusinessDataCatalogServiceApplication -Name $bcsSAName -ApplicationPool $saAppPoolName -DatabaseServer $databaseServerName -DatabaseName “BusinessDataCatalogDB” > $null
Get-SPServiceInstance | where-object {$_.TypeName -eq “Business Data Connectivity Service”} | Start-SPServiceInstance > $null

Write-Host “Creating Excel Service…”
New-SPExcelServiceApplication -name $excelSAName –ApplicationPool $saAppPoolName > $null
Set-SPExcelFileLocation -Identity “http://” -ExcelServiceApplication $excelSAName -ExternalDataAllowed 2 -WorkbookSizeMax 10 -WarnOnDataRefresh:$true
Get-SPServiceInstance | where-object {$_.TypeName -eq “Excel Calculation Services”} | Start-SPServiceInstance > $null

Write-Host “Creating Metadata Service and Proxy…”
New-SPMetadataServiceApplication -Name $metadataSAName -ApplicationPool $saAppPoolName -DatabaseServer $databaseServerName -DatabaseName “MetadataDB” > $null
New-SPMetadataServiceApplicationProxy -Name “$metadataSAName Proxy” -DefaultProxyGroup -ServiceApplication $metadataSAName > $null
Get-SPServiceInstance | where-object {$_.TypeName -eq “Managed Metadata Web Service”} | Start-SPServiceInstance > $null

Write-Host “Creating Performance Point Service and Proxy…”
New-SPPerformancePointServiceApplication -Name $performancePointSAName -ApplicationPool $saAppPoolName -DatabaseServer $databaseServerName -DatabaseName “PerformancePointDB” > $null
New-SPPerformancePointServiceApplicationProxy -Default -Name “$performancePointSAName Proxy” -ServiceApplication $performancePointSAName > $null
Get-SPServiceInstance | where-object {$_.TypeName -eq “PerformancePoint Service”} | Start-SPServiceInstance > $null


Write-Host “Creating Search Service and Proxy…”
Write-Host ” Starting Services…”
Start-SPEnterpriseSearchServiceInstance $searchServerName
Start-SPEnterpriseSearchQueryAndSiteSettingsServiceInstance $searchServerName

Write-Host ” Creating Search Application…”
$searchApp = New-SPEnterpriseSearchServiceApplication -Name $searchSAName -ApplicationPool $saAppPoolName -DatabaseServer $databaseServerName -DatabaseName “SearchDB”
$searchInstance = Get-SPEnterpriseSearchServiceInstance $searchServerName

Write-Host ” Creating Administration Component…”
$searchApp | Get-SPEnterpriseSearchAdministrationComponent | Set-SPEnterpriseSearchAdministrationComponent -SearchServiceInstance $searchInstance

Write-Host ” Creating Crawl Component…”
$InitialCrawlTopology = $searchApp | Get-SPEnterpriseSearchCrawlTopology -Active
$CrawlTopology = $searchApp | New-SPEnterpriseSearchCrawlTopology
$CrawlDatabase = ([array]($searchApp | Get-SPEnterpriseSearchCrawlDatabase))[0]
$CrawlComponent = New-SPEnterpriseSearchCrawlComponent -CrawlTopology $CrawlTopology -CrawlDatabase $CrawlDatabase -SearchServiceInstance $searchInstance
$CrawlTopology | Set-SPEnterpriseSearchCrawlTopology -Active

Write-Host -ForegroundColor white ” Waiting for the old crawl topology to become inactive” -NoNewline
do {write-host -NoNewline .;Start-Sleep 6;} while ($InitialCrawlTopology.State -ne “Inactive”)
$InitialCrawlTopology | Remove-SPEnterpriseSearchCrawlTopology -Confirm:$false

Write-Host ” Creating Query Component…”
$InitialQueryTopology = $searchApp | Get-SPEnterpriseSearchQueryTopology -Active
$QueryTopology = $searchApp | New-SPEnterpriseSearchQueryTopology -Partitions 1
$IndexPartition= (Get-SPEnterpriseSearchIndexPartition -QueryTopology $QueryTopology)
$QueryComponent = New-SPEnterpriseSearchQuerycomponent -QueryTopology $QueryTopology -IndexPartition $IndexPartition -SearchServiceInstance $searchInstance
$PropertyDatabase = ([array]($searchApp | Get-SPEnterpriseSearchPropertyDatabase))[0]
$IndexPartition | Set-SPEnterpriseSearchIndexPartition -PropertyDatabase $PropertyDatabase
$QueryTopology | Set-SPEnterpriseSearchQueryTopology -Active

Write-Host ” Creating Proxy…”
$searchAppProxy = New-SPEnterpriseSearchServiceApplicationProxy -Name “$searchSAName Proxy” -SearchApplication $searchSAName > $null


Write-Host “Creating State Service and Proxy…”
New-SPStateServiceDatabase -Name “StateServiceDB” -DatabaseServer $databaseServerName | New-SPStateServiceApplication -Name $stateSAName | New-SPStateServiceApplicationProxy -Name “$stateSAName Proxy” -DefaultProxyGroup > $null

Write-Host “Creating Secure Store Service and Proxy…”
New-SPSecureStoreServiceapplication -Name $secureStoreSAName -Sharing:$false -DatabaseServer $databaseServerName -DatabaseName “SecureStoreServiceAppDB” -ApplicationPool $saAppPoolName -auditingEnabled:$true -auditlogmaxsize 30 | New-SPSecureStoreServiceApplicationProxy -name “$secureStoreSAName Proxy” -DefaultProxygroup > $null
Get-SPServiceInstance | where-object {$_.TypeName -eq “Secure Store Service”} | Start-SPServiceInstance > $null

#Write-Host “Creating User Profile Service and Proxy…”
#$userProfileService = New-SPProfileServiceApplication -Name $userProfileSAName -ApplicationPool $saAppPoolName -ProfileDBServer $databaseServerName -#ProfileDBName “ProfileDB” -SocialDBServer $databaseServerName -SocialDBName “SocialDB” -ProfileSyncDBServer $databaseServerName -ProfileSyncDBName “SyncDB”
#New-SPProfileServiceApplicationProxy -Name “$userProfileSAName Proxy” -ServiceApplication $userProfileService -DefaultProxyGroup > $null
#Get-SPServiceInstance | where-object {$_.TypeName -eq “User Profile Service”} | Start-SPServiceInstance > $null

Write-Host “Creating Visio Graphics Service and Proxy…”
New-SPVisioServiceApplication -Name $visioSAName -ApplicationPool $saAppPoolName > $null
New-SPVisioServiceApplicationProxy -Name “$visioSAName Proxy” -ServiceApplication $visioSAName > $null
Get-SPServiceInstance | where-object {$_.TypeName -eq “Visio Graphics Service”} | Start-SPServiceInstance > $null

Write-Host “Creating Web Analytics Service and Proxy…”
$stagerSubscription = "<StagingDatabases><StagingDatabase ServerName='$databaseServerName' DatabaseName='StagerDB'/></StagingDatabases>"
$reportingSubscription = "<ReportingDatabases><ReportingDatabase ServerName='$databaseServerName' DatabaseName='WarehouseDB'/></ReportingDatabases>"
New-SPWebAnalyticsServiceApplication -Name $WebAnalyticsSAName -ApplicationPool $saAppPoolName -ReportingDataRetention 20 -SamplingRate 100 -ListOfReportingDatabases $reportingSubscription -ListOfStagingDatabases $stagerSubscription > $null
New-SPWebAnalyticsServiceApplicationProxy -Name “$WebAnalyticsSAName Proxy” -ServiceApplication $WebAnalyticsSAName > $null
Get-SPServiceInstance | where-object {$_.TypeName -eq “Web Analytics Web Service”} | Start-SPServiceInstance > $null
Get-SPServiceInstance | where-object {$_.TypeName -eq “Web Analytics Data Processing Service”} | Start-SPServiceInstance > $null

Write-Host “Creating Word Conversion Service and Proxy…”
New-SPWordConversionServiceApplication -Name $WordAutomationSAName -ApplicationPool $saAppPoolName -DatabaseServer $databaseServerName -DatabaseName “WordAutomationDB” -Default > $null
Get-SPServiceInstance | where-object {$_.TypeName -eq “Word Automation Services”} | Start-SPServiceInstance > $null

############################################## End Script

6. Create a two managed accounts, one named for content and used to run your web applications and one named for serviceApps and used to run new Service Applications (e.g. User Profile synch) , Security > configure managed accounts

7. See the surgeon generals WARNING below: and then navigate to C:\Program files\Microsoft Office Servers\14.0\Synchronization Service\MaData using the farm account and make sure the farm account has at least modify via it’s membership in wss_admin_wpg, on this entire path, and it should because it is a member of the wss_admin_wpg group. If that is not the case, open a management shell and type in add-spshelladmin -user domain\myfarmaccount where myfarmaccount Is the name of the farm account that was input during the install, the setup user account (mydomain\mysetupUseraccount) and farm account (mydomain\myFarmer) should already be members. 
WARNING: Don’t modify acl’s unless you’re sure you know it wont hurt sharepoint.

NOTE: The Manager Data folder, MaData, will be empty before you configure the service, and after you start the synch and iisreset (see steps below), you’ll be able to drive into it and see two folders and one file, it is at this time, when you see the folders and the file, that you know you are safe to open the UPS and configure it, continue to step 8. 

One of the Harbar net pages gives a good example of using ULS viewer to track the user profile install, you really should check that out, if you haven't.

8. Add Allow local login to the Farm Account via secpol.msc > Local Policies > User Rights Assignment > Allow Logon Locally,

9. Add the Farm Account to the Local Admins, too (compmgmt.msc > configuration > Local users and groups > administrators)

10. Log the setup user off, log the farm account on and then off, log back on with the setup user account.

11. right click on your domain in Active directory users and computers > click delegate control > next > add your account that will be used to configure the actual user profile service, later (e.g SP_UserProfiles_FarmName) > Create a custom task to delegate > This folder, existing objects in the folder, and creation of new objects… > next > scroll down, check Replicating Directory Changes (don’t check any other boxes, i.e. don’t check property specific, etc.) > next > finish

There is good info on TechNet about step 11 located here: 

12. Create a Web Application, call it SharePoint - 80, on port 80,use the content account, and when prompted to create a site collection, you can if you want to, but it’s not needed for this exercise, and wont impact whether your ups will work.

13. Now let’s create, a Metadata UPS Mysite Hub web application.  Create another web application, call it SharePoint metadata hub - 9094, or pick a better more professional name, say UPS AD DS Sync, but put it on port xxxx (where xxxx is a number greater than 1024), not on port 80. And run it with the content account, not the farm account.
Note: Metadata UPS Mysite Hub, is not the technical term for it, and some people might laugh at you if you call it that. This Hub, so to speak, is where I roll up the UPS and Metadata site collections. They don’t have to be together, but you do need the metadata site collection and the ups/enterprise mySite site collections up, before you can get UPS to synch up nicely. 

 PLEASE NOTE:  some sites have you create just one site collection, you will eventually split them out as they grow.

14. Once the Web application, is created, create an enterprise mySite Host Site collection in the root, name it after the UPS service Synch (or choose your own nameology).
steps to create the site collection for UPS: Application Management > Site Collections > Create Site Collections > choose the Metadata UPS hub web app that runs on port xxxx > name it, give it an account for the site collection admin, use the same content account that you used when you created the web app, if you want.

15. Create another site collection in the Metadata hub web app, locate this one under a managed path, that you created or under /sites/Meta. Note: You could name the url portion of the site anything you want. Use the Publishing portal site template for this site collection.

16. Open this newly created site, and navigate into site collections features and the site features
( and insure that content organizer and Metadata navigation and filtering features are activated, copy the url to your metadata hub site. (e.g.

17. Navigate to Central Admin > Application Management > Service Applications > Manage service applications and click to the right of the Metadata Web Service so that you get an illuminated properties icon in the ribbon, scroll down to the content type hub box and paste in the url to your metadata hub site.

Ok, back to Central Admin, Application Management > Service Applications > manage Services on server > Start the User Profile Service and ask yourself this question “Have I patched this farm to the most current CU if it is SharePoint 2010 RTM?”

18. While still on the manage service applications page, click new > user profile service application > name it > Run it in a new application pool, name the new app pool > it runs under the farm account > the default databases are ok > Paste in the url to your MySite Host site collection, since you created it in the root, this url looks just like the url to the web application, just the protocol, servername and the port (e.g. http://2010SP:9094), click OK.
Note: I’ve had better success if I make sure to leave the / behind the my site host url, and remove it from the My Site managed path, so say no to (/Personal) and say yes to (Personal)
Click Ok,

19. Make sure those permissions for allow local login, local admins, and the path to the Manager Data are correct. Which brings up one more thing about permissions, the account that you’ll use to configure user profile synch after you get through setting it up, the userProfile account need replicate directory changes.

20.  Moved in front of step 18

21. Start the User Profile synchronization service, while it is still saying its starting, or after 10 minutes, run IISRESET

22. Navigate to C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\MaData Refresh this folder, wait, grab a copy of War and Peace, or Slaughterhouse 5, start reading, have a smoke if you smoke, or just go to bed. Either way wait until you see, a folder named ILMMA, MOSS- and a file named UpdateFile 

23. Navigate to Manage Service Applications and click on User Profile Service Application.

24. Configure the synchronization connection using the account you gave the replicate directory changes permission. click create new connection and just fill in the form. use the sp_userprofile account, you’re logged into the server at this time with the setup user account because you’re still setting it up.

25. click on configure synch settings choose users only for the first synch, then after you synch just users go back and synch users and groups.

Popular Posts