We recently ran into an issue when creating SPFX Azure Active Directory App registrations using an O-Auth Implicit flow that our SharePoint Admin Center API Access page then gave an error:
Could not retrieve Global Service Principal ID Error: Error: {}
Could not retrieve Global Service Principal ID Error: Error: {}
And when using O365 CLI, I was getting the same error trying to add a new serviceprincipal or list them:
o365$ spo serviceprincipal grant list Error: Another object with the same value for property identifierUris already exists.
Error: Another object with the same value for property identifierUris already exists.
So now I am completely locked out of interacting with SharePoint Online to Azure AD Applications until this is fixed.
I opened a case with SharePoint Online MS Support and they said its on the Azure side but they would look into it for me.
After a few days they got back to me and said it was due to a bad Azure AD App Registration tagged under SharePoint that is causing the error. GREAT! I now have a place to start.
Go into Azure Active Directory and go to App Registrations and search for “SharePoint”. Your “broken app” is somewhere in one of these two registrations.
App registrations for SharePoint
Big thanks to this article where it says how to find the bad one, https://github.com/SharePoint/sp-dev-docs/issues/3891#issuecomment-494868401
In the API Access admin page of SP admin https://yourcompany-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/webApiPermissionManagement, go to view source and search for spfx3rdPartyServicePrincipalId. You will find a GUID, THIS IS THE GOOD ONE. The other application is bad.
Good one (found in view source of Admin page- “spfx3rdPartyServicePrincipalId”:”ebxxxx-xxxxx-xxxxxxx899d1“
No go back into app registrations and map out what GUIDs belong where Good ID: “SharePoint Online Client Extensibility Web Application Principal”
That means the other one is bad! “SharePoint Online Client Extensibility Web Application PrincipalHelper”
According to the above article, deleting this one fixes it. AND IT DID!
Object ID 218 is the good one, and the top one 421 is BAD!
Sure enough, after removing the bad application I can now access the API Access page!
So after removing every single bad VM, app registration or enterprise app, it all comes down to removing the bad “SharePoint Online Client Extensibility Web Application Principal Helper” app registration above. Now everything works as expected and I can approve my app requests!
Big lesson learned!
Now I can do a Enable-SPOTenantServicePrincipal without errors:
Hope this helps and leave any comments below on your experience with this error.
This week at #MSIgnite, there has been a lot of talk about Home Sites. This was released a few months back as a PowerShell command to transform any modern communication site collection into the O365 SharePoint Online landing page for your organization.
More can be read here: https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/SharePoint-home-sites-a-landing-for-your-organization-on-the/ba-p/621933
SharePoint home sites are the landing sites for your organization that bring together news, events, content, conversations and video to deliver an engaging experience that reflects your voice, your priorities, and your brand. Home sites are built on top of familiar communication sites.
UPDATE- SPO Home Sites is not available to the public yet, even on first release tenants. I will update this post once its released. See error command at last step in this post.
1- Create the site
Create a Modern Communication Site Collection that will be your hubsite, if you do not have one already.
Give the new site a name, I choose topic and Home Site:
2- Share the site with users
I shared with everyone except external users
3- Set the new site collection as the home site
I am hoping this does a bunch of magic to make it look like the Look Book’s rollup.
Enter the URL of your newly created site collection in the URL below:
Set-SPOHomeSite : The requested operation is part of an experimental feature that is not supported in the current
environment.
Wow, that was unexpected.
I have not seen a release date yet, but wanted to post this in hopes it will save someone else the time of creating a site.
Update as of 7/3/2020-
Using 16.0.20212.12000 of SPO Management shell- slightly different error:
PS C:\WINDOWS\System32> Connect-SPOService
cmdlet Connect-SPOService at command pipeline position 1
Supply values for the following parameters:
Url: https://m365xIDHERE-admin.sharepoint.com/
PS C:\WINDOWS\System32> Set-SPOHubSite
cmdlet Set-SPOHubSite at command pipeline position 1 Supply values for the following parameters: Identity: https://m365xIDHERE.sharepoint.com/sites/Eric-PublicTeam Set-SPOHubSite : Cannot invoke method or retrieve property from null object. Object returned by the following call stack is null. “GetHubSitePropertiesByUrl “ At line:1 char:1 + Set-SPOHubSite + ~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Set-SPOHubSite], ServerException + FullyQualifiedErrorId : Microsoft.SharePoint.Client.ServerException,Microsoft.Online.SharePoint.PowerShell.SetSP OHubSite
The issue was a March 2018 security update patch that was applied to my CLIENT computer, so I cannot connect to the Azure SERVER Windows Server 2012 R2 Datacenter VM that has not had updates applied recently.
Examples: 1. If the client is updated and you try to RDP to an Azure VM that was not updated, then it will be blocked and see the error message. 2. If the client is not patched while server is updated, RDP can still work. But the session will be exposed to the attack.
3. If both client & server are patched with default setting (Mitigated), RDP will work in a secure way.
I really could not find a solution anywhere that worked. Just a bunch of links to archaic Windows Updates websites from the early 2000’s (reminds me how far we came)
Solution
The solution is to Uninstall the KB on your CLIENT computer so you can install the KB on your SERVER VMs, then you can reinstall the KB on your CLIENT if you would like.
Detailed Steps
I UNINSTALLED the KB4103721 from my Windows 10 machine, so I could patch my VM’s and rebooted.
I RDP’ed from my CLIENT to each SERVER that was not patched, and installed the patch (note a different OS so a different KB patch)
That’s it! I could not find an easy explanation of what KB to uninstall and which one to install.
A side note, if I enabled automatic updates, I think this wouldn’t have happened. My SharePoint VMs are not patched automatically since they are Dev machines.
I recently ran into an issue trying to delete a list over 5,000 items from SharePoint. I tried using Metalogix Content Matrix to delete the list/site, but they all were bound by the threshold. I realized I had to use PowerShell, but research lead to even this having issues deleting the list. The solution was batches of 1,000 items. It takes a few hours to remove 25,000 items, but I was able to delete the list once the items were removed.
I received this error prior to deleting the items in the list using a script via modern UI Site Contents menu:
“My List- 24453 items- We’re sorry, we had some trouble removing this. You can try again from the settings page.”
Similar error on the list settings page:
“The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator.”
I had a good call with GoDaddy today to explain the process of what happens to a domain when it is deleted. I was interested in purchasing a domain that I know was deleted today. Of course, the easiest way is to have the account holder un-delete the domain and transfer it, but in this case the user who deleted it no longer wants to deal with the domain, or me asking to have it transferred (it’s a two-step process and takes time).
When a domain is deleted, the account holder has a few weeks to undo that action. After this time, the domain goes to an expired domains auction. If no one buys it, GoDaddy backorder customers ($25-$35 cost for a backorder, good for a 1-year registration) will purchase it. If you do not have a backorder, you cannot purchase the domain during this time since you are just a normal person. The domain then goes to a secondary auction. The secondary auction expires about 84 days from when the domain was first deleted by the user. That’s why the GoDaddy support team says “about 90 days the domain could be released back for normal purchase” if no one buys it at auction. GoDaddy monitoring on a domain just sends you an email of the status. I suppose you could order a backorder during the auction process if you see no one is purchasing it, then when it closes and goes to backorders you might be able to get it that way.
Here is the time-table for the scenario of what happens to a domain when a user deletes it:
Day
Status
0
User deletes domain
26
Expired Domain Auction starts
36
If someone bids, done, domain is sold.
If no one bids, it goes to the first person who Backordered the domain. You cannot simply buy the domain for $9.99, you need to purchase a backorder.
41
3-day floating period the domain is in limbo. Nothing happens here.
43
Secondary Domain Auction starts
84
The domain is released for normal purchase if it didn’t sell
So, if the domain you are looking for is any good, it might sell at auction. Otherwise, purchase a backorder for $25-$35 and hope you get it! If it sells in the auction, you are out the $ for the backorder, so it’s a gamble. In this case, I don’t want to pay (gamble) that no one bids and I will get the domain, since I am just interested in trying to list it for sale myself, so I am passing on purchasing a backorder and just letting it go. I might check back in 84 days but I have a felling it will be purchased.
A good rule of thumb I have noticed is if the domain is worth anything, some domain selling company will snatch it up and you will never see it again. Still waiting for ericschrader.com, I have been waiting for this to fall out of auctions and auction resellers for about 5 years now.
But hey, you might get lucky. I let SharePointEric.com expire a few years ago and it was bought at auction by a reseller, and now it’s back for normal purchase for $11.99 from GoDaddy:
GoDaddy has a cool apprasal tool to check the monetary value of a domain: https://www.godaddy.com/domain-value-appraisal/appraisal/?checkAvail=1&tmskey=&domainToCheck=sharepointeric.com
If you have any tips, post them below.
There is so much to purchasing domains now days, its not like the old days (back before emoji’s).
I had an issue where when I tried to share my SharePoint Online Communication Site with an external user, I received an error:
Your organization’s policies don’t allow you to share with these users. Go to External Sharing in the Office 365 admin center to enable it.
But when I went to my O365 tenant, sharing was enabled:
Allow users to invite and share with authenticated external users Allow sharing to authenticated external users and using anonymous access links
The issue is that sharing is disabled on the site, so we need to use PowerShell to fix this.
Solution
As a SPO tenant admin, open PowerShell and do Connect-SPOService, then enter your tenant-admin.sharepoint.com URL. Supply your global admin credentials.
Then run get-sposite with your site.sharepoint.com URL, but pipe (|) the results to format-list (fl) with the property attribute looking for shar (for sharing)
Refresh the page you want to share and now the external user invite is allowed.
Done! Now you are able to share a modern SharePoint Online site with guest users. A better approach I use is to create a group and share with external users, that way security and content are isolated from employee content.
After about a week of troubleshooting the classic SharePoint Online blog subsite template (BLOG#0), I was FINALLY able to figure out why I could not edit the homepage.
Solution:
There is a site feature called “Site Pages” that needs to be activated. Once activated, you can edit the blog homepage (assuming you have permissions).
Figure 1- Activate the Site Pages feature on your Blog Site in SharePoint Online. Now you can edit the blog homepage!
Figure 2- SharePoint Online Blog Site Edit button fixed
BAM!
Figure 3- The SharePoint Online Classic Blog template is now editable for the homepage. The About this blog image can be removed.
I was lucky to run across this when troubleshooting why a modern SPFx extension would not show on a classic homepage.
UPDATE 9/27/2019- Microsoft this month is releasing a way to “Swap” sites. So create a new modern site collection, then swap it with the root. Invoke-SPOSiteSwap https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/invoke-spositeswap?view=sharepoint-ps#description
If the target is the root site at https://tenant-name.sharepoint.com, then the following preparation activities should be performed prior to performing the swap:
Any Featured links defined in SharePoint Start Page at https://tenant-name.sharepoint.com/_layouts/15/sharepoint.aspx will not be displayed after performing the swap. If required, the Featured links should be documented so they can be manually recreated after the swap.
Functionality such as external sharing and application interfaces are dependent on the policies and permissions defined at the root site. Review the source site to ensure that it has the required policies and permissions as per the existing root site. This includes external sharing settings as well as site permissions.
UPDATE 1/30/2019- Still waiting for the below MS Ignite command. While we wait we can try Jeff Jone’s approach of forcing creation of a modern communication site using the classic site wizard with a client side developer trick: https://www.spjeff.com/2018/12/31/video-create-modern-communication-for-root-site-in-tenant/
UPDATE 9/27/2018- At #MsIgnite, Microsoft just announced a way to convert the root site into a modern communication site using PowerShell! https://twitter.com/jeffteper/status/1045159986291200000?s=20
I really enjoy the new Modern experience of SharePoint Online communication sites; however, this requires creating a new SharePoint Online site collection at /sites/new site for the path. The client requested to have the root site branded with the Modern experience. However, while I was able to get the page to appear as the modern experience, I could not match it to the new modern communication sites template 100%. Please post any comments if you have any suggestions to convert the root site to match the communication site look and feel.
SharePoint Online Admin center settings
In the SharePoint Online Admin Center, make sure these settings are all default:
SharePoint Lists and Libraries experience
New experience (auto detect)
SharePoint Online root site settings
Next, navigate to your root site, yourcompany.sharepoint.com.
Note how the Modern Experiences is only enabled on lists and libraries by default now days:
To create your first modern page, go to your Pages library. From here, you can create a new “Site Page” which contains all of the new modern page experiences:
Now you can add modern web parts, edit layouts, etc.:
Once finished, publish the page.
Setting modern page as homepage
Go to the pages library, then set the new modern page you published as the homepage by clicking “Make homepage”:
Removing left Quick Launch navigation, attempting to match a classic site to a modern communication site (fail)
The page is now modern, but the quick launch is showing. Modern communication sites do not have this.
This is not easy, unless you want to cheat with CSS. But my goal is to replicate the OOTB new Modern communication site experience on classic pages.
I compared the Site Features between a Classic site and a New Modern Communication Site:
The classic site has the following Site Features activated:
Classic Feature
Status
Getting Started
Active
Mobile Browser View
Active
SharePoint Server Enterprise Site features
Active
SharePoint Server Publishing
Active
SharePoint Server Standard Site features
Active
Site Feed
Active
Site Notebook
Active
Team Collaboration Lists
Active
Wiki Page Home Page
Active
Maybe some of these features are the culprit, but nothing stood out.
When I compared the navigation, I found that the Communication sites use Current navigation across the top.
I thought this can be set by swapping the masterpage from “Seattle” to “Oslo” on the Classic site, but it did not affect the modern page I created on the classic site. Crazy.
I also noticed there is no Full Width web part on the modern experience:
So as close as you can get it OOTB is:
Update- how to add a full width web part
If you want to add full width content, you can insert a full-width layout/section to your modern page:
Once you add the full width section, you can add a Hero or Image web part. I dont like these, so I created a custom SPFx jQuery Bootstrap carousel and found a hack to allow the custom web part to appear in this special full width region:
SPFx web part full width hack:
https://blog.velingeorgiev.com/how-add-spfx-webpart-full-width-column
Then, I can add custom HTML/CSS/jQuery to the full width region.
I sometimes copy the home.aspx over and over for subpages so I don’t get the big ugly image banner like I would get OOTB on subpages.
Here is an example of something our team has worked very hard on. I have 1 SPFx web part for the carousel (full width hack) and a SPFx extension for the footer. I sanitized it a lot and excluded a lot of the other web parts due to the data:
Closing thoughts
If anyone knows how to move the left Quick Launch to under the Site title to match the Communication site template, let me know. Also post any comments about other differences you find between the Modern page on a classic site vs the new Modern communication sites (aside from the O365 group).
Today, I was hit with a SharePoint error on a developers VM when I tried to create a new Site Collection in Central Admin:
Sorry, something went wrong
The trial period for this product has expired.
When I tried to view a teamsite homepage, I received this error:
Sorry, something went wrong
The “SiteFeedWebPart” Web Part appears to be causing a problem. Object reference not set to an instance of an object.
Web Parts Maintenance Page: If you have permission, you can use this page to temporarily close Web Parts or remove personal settings. For more information, contact your site administrator.
Obviously, things were not looking good for me.
I tried rebooting, IIS resets, PSConfig, dismounting my content DB and creating a new one, all with no luck.
I thought perhaps it was because I reset my service account passwords (back to the same password due to a time crunch recently) and maybe that was causing the service accounts to have issues, but I didn’t think that was the problem.
Credit to other bloggers
Luckily, I found a few blogs that reminded me I used a SharePoint Trial media to install these developer VMs. AAH HA! But, I cringed thinking I would have to dismount my farm db, reinstall my binaries, and face any challenges from that potential nightmare process. I WAS ABLE TO SOLVE IT!
First, this blog post showed me where to upgrade the SharePoint product key. I went on MSDN, got my key, and updated my version. They key I had previously was giving an error, so try a few different versions of your keys. https://blog.devoworx.net/2017/02/25/extend-sharepoint-trial-period/
First, go to Central Admin > Upgrade and Migration > Convert Farm license type.
Enter your SharePoint Server 2013 product key from MSDN. In my case, I used SharePoint Server 2013 with Service Pack 1- Enterprise key from MSDN.
Note: If you try downgrading Enterprise to Standard, you get this error, so use an Enterprise Key:
This product key cannot be used to convert SharePoint Server Trial with Enterprise Client Access License to SharePoint Server with Enterprise Client Access License.
Once it takes, you will get a success message:
Part 2-
Now that the key is set, you need to run PSConfig, but with a parameter.
Launch command prompt (or PowerShell) as administrator, change your directory to where PSCONFIG.exe is located, mine is in “C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\BIN”
Run the following command:
.\psconfig -cmd secureresources
It takes about 10 minutes or so.
Finally, kick off an IISReset:
DONE! Now you can create a site collection in Central Admin:
A week ago, my wildcard SSL certificate expired on GoDaddy. It was automatically purchased, but I still had to validate my domain and download a new IIS CER certificate request file.
The only issue I have with this quick renewal is that I could not export the certs as a PFX, but I was able to get them installed on the server in IIS by completing a CSR
Here are the steps:
GoDaddy automatically renews SSL certificate
GoDaddy has renewed your SSL certificate, but you have to verify your domain using a TXT record they give you (@ is the host field).
Once you verify, you can download the certificate. Note, this is a CER which is a certificate request that has to be completed in IIS.
Download the certificate for IIS
Copy and extract the zip to the server
I chose to delete my old certificates from my computers Personal certificate store.
Once removed, I go into IIS and go to Server Certificated under the machine:
Once in Server Certificates in IIS, click on Complete Certificate Request:
Change the file type to *.* (All files) and find your CER file you copied over:
Enter your certificates friendly name (mine is a wildcard, so I use *.mydomain.com):
Next, go to your SharePoint IIS web apps that use this host header (could be more than one) and edit the bindings and select the new certificate. If you see multiple, this is why I deleted them in my step above. If you get an error saying change this will leave behind an old certificate of the same name, just double check the other web applications in IIS to make sure they are set correctly. Updating one should update them all, but I always check each site in IIS.
That’s it! The certificate is update.
The bad thing is I have to repeat the IIS complete CSR steps on each machine. I would rather export the first one and import PFX certificate files to my other machines, but hey, this is how I got it to work.
Big changes have been happening with External User sharing for SharePoint Online over the past few months now that Azure Active Directory Business to Business (Azure AD B2B) is now generally available. Azure AD B2B allows you to share Office 365 content and line of business applications to users outside your organization. If you are new to Azure AD B2B, watch this great intro on this page: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-what-is-azure-ad-b2b
The drawback however is the user onboarding process. Security groups, permissions, user onboarding, administration, the cumbersome 4-6 step user invite process to accept and signup/sign-in to your site, etc. make it difficult to see a good OOTB solution. However, after reading most of the Azure AD B2B articles and working with Microsoft support, I have found an improved (not perfect) process for inviting users and allowing them to sign up for a Microsoft account.
This script will:
Import your users from a CSV file
Add them to an Office 365 security group (that is permissioned to your app or SharePoint Online site)
Send them a custom email message with the invite link that fully supports HTML
The goal of this script is to make it easier on the user so they see a custom email and not a generic Office 365 Azure AD email (after all, the users have no clue what Azure AD is)
Administration- CSV import file
When inviting the users, create a CSV file in the following format:
Above, the first row is the CSV headers which we will reference in PowerShell during the import. The following rows are the actual users valid email where the invite will be sent (but we will intercept this email, so this will just be used as the users identity so we know how to email them in the future). Long story, but the invited email doesn’t have to match the Personal/Organizational account they sign in as, but for this blog post they will match so we don’t get confused with Authorization vs Authentication.
Administration- Create a Security group and set SharePoint Online permissions
The next step is so you don’t have to go into SharePoint Online sites and add each users’ permissions manually.
Similar to AD groups, create an Office 365 Security Group in the O365 Users > Groups admin center.
Add the AD group to SharePoint and set any read/write permissions this group will have (so maybe your group is called External Users and they are read only to the root site, then another called External Members with contribute permissions, etc.
Once we import the CSV of users, we will have to add the new users to the O365 groups accordingly.
Note that #2 and #2a can be combined to just prompt you once. I had to use two because I have two O365 tenants, one is a demo tenant that does not support email and the other is my personal O365 tenant I send the email from.
YOU WILL NEED TO REPLACE A LOT OF THE HARD-CODED VARIABLES ABOVE IN THE SCRIPT. LOOK CLOSELY.
Watch out for the fancy quotes
Here is an example email I sent myself to test (I put the access ID for my demo tenant and accepted it, so don’t bother typing it out haha)
One common request when working with SharePoint sites is having a consistent navigation across multiple site collections. If you are using a Publishing Portal site template, you can use the Managed Navigation for your Global Navigation (or top navigation). This also supports drop downs. I did a quick test and it appears to support highlighting of the current element, which is nice considering the URLs are hard coded rather than dynamically added.
As for security, MS indicates the term store navigation supports security trimming as follows: “Note that if users don’t have access to the physical .aspx page (read permissions at least), the link won’t appear in menus even if these options are checked. By this way you can also control links displayed to users according to permissions. It follows the same behavior as the default SharePoint navigation menus.”
The drawback: You have to create a term set in each site collections Managed Navigation, pin EACH of your parent term navigation items (but it includes child terms at least). Its a lot of work, but the only way without custom code. Other options I have seen discussed are using Search web parts or CSOM, etc. Possibly 3rd party solutions. This does not work on new modern team sites (at least at the time of writing this), I get “access denied” when trying to enable Managed Navigation, even after turning on Publishing for the site/web.
Managed Navigation:
Under the target site collection(s), configure your navigation from Site Settings
Ensure Managed Navigation is checked under Global Navigation:
Uncheck:
Next, rather than creating a new term set from the site collection, do it in SharePoint Admin Center.
Go to the Admin tile:
Go to SharePoint under Admin Centers:
Select Term Store on left navigation:
Add your organizational tenant email to Term Store Administrators, save and reload the page.
Then, select the root term store for your O365 tenant, and select New Group:
Type in the orange input box, call it Navigation or something unique:
Select your new term group, and add yourself as a Group Manager and Contributor:
Create new Term Set under the group:
I just called mine Sites, but this is the actual element you will be selecting for your navigation. All child terms will appear in the actual navigation menu.
Then, select the sites element and add yourself as Owner, Contact and Stakeholder and SAVE:
Go to the Intended Use tab at the top, and enable “Use this Term Set for Site Navigation”:
Note: I also see faceted navigation, which IF the product catalog is now possible in SharePoint Online I will do another post soon, as I have been waiting years for this. I remember the roadblock was something with search managed properties…
Then under your term set, add your terms by selecting Create Term:
Go to Navigation tab and add your custom link:
You can create sub terms under terms as well to enable a drop-down navigation.
You can re-order terms in a group by selecting the group and going to Custom Sort:
Now just repeat the first step of selecting Managed Navigation and the Term Group on each of your site collections you want to inherit this navigation.
Update: Selecting this term set is limited to 1 per site collection. So the workaround acording to MS is to “Pin” each of your primary terms (with children) to the new site collections term set. https://support.microsoft.com/en-us/help/3144166/implement-global-navigation-across-multiple-site-collections-through-managed-navigation-in-sharepoint-server-2013 see steps 5-7 One note, it doesn’t seem to preserve custom sorting from the parent term set.
Uncheck:
Done!
Note: if you see any errors (such as Error loading navigation: The Managed Navigation term set is improperly attached to the site), switch the navigation to Structural on BOTH Global and Current, SAVE the changes, then change it back to Managed (and uncheck Add new pages to navigation automatically and Create friendly URLs for new pages automatically) and the error should go away.
My farm content deployment jobs had been working, but all of a sudden stopped one day. The end fix was to edit a Central Admin web.config file upload size on the target WFE servers.
Issue
I was seeing the following errors in my ULS logs after 23 minutes of packing up just under 1gb of content from QA to PRD:
ContentDeploymentJob.ExecuteJob(): Failed ExecuteJob() with JobInfo: Name: ‘QA to Prod Job’, Id:’5db43c5d-1c3b-41cd-ac0a-495a48acb175′, JobType:’ServerToServer’, Description:”. Exception: ‘System.Net.WebException: The remote server returned an error: (404) Not Found.
Failed to transfer files to destination server for Content Deployment job ‘QA to Prod Job’. Exception was: ‘System.Net.WebException: The remote server returned an error: (404) Not Found.
In central admin, I was receiving this error after 23 minutes of running the job:
Content deployment job ‘QA to Prod Job’ failed.The remote upload Web request failed.
This is what finally worked for me, On the target WFE(s) modified web.config same as above:
On target WFE(s), Edit the web.config file located in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\ADMIN\Content Deployment
I have been searching for a way to rapidly create standalone Developer SharePoint 2013 standalone VM’s joined to a central domain for our in-house developers. Our team has created 60+ SharePoint VMs on Azure and continue to create about 10 per month. We are beginning to treat our VMs needing hours of repair like cattle, and no longer like the family dog if they have issues or “get terminally ill”, VM’s are replaced with a brand new shiny cow within 4 hoursJ
The process of manually creating VMs was not fun, taking over a day per VM in the beginning on average. I did not want to use Sysprep, since I would have to maintain multiple VM Images at a single point in time. For some, this might be the best way to go.
My solution was to create a lightweight PowerShell set of scripts that create the VM in Azure, install the applications, and keep everything consistent. I can create 4+ VMs at one time, all under ~4 hours total. This is a process that scales somewhat, to meet our needs. Perfect.
Alternatives to this manual PowerShell process I went through:
Sysprep would save a ton of steps, but is not as easy to update OS patches, etc. as newer software comes out
AzureRM– Azure Resource Manager is a lot easier. However, these topologies seem somewhat isolated and all of our existing VMs and didn’t work well with what we had in place for our network/VPN, etc.
Azure SharePoint QuickStart templates/images- These were preconfigured and had various OS settings changed. Similar to the above Azure RM solution issues we ran into.
Assumptions:
You have an Azure subscription all set up, with a virtual network/DNS/Subnet (we have a site-to-site VPN)
SharePoint 2013 June 2015 CU (note, if you download this from the internet, uncheck the security property so you don’t get prompted during the AutoSPInstaller process for UAC- right click all 3 CU files and go to Security and unblock, you only have to do this one time on the fileshare.)
Silent install for software (one-time prep, then save the folder on the Fileshare VM)
Configure PowerShell variables for the new standalone developer SharePoint VM
#VM Name will be ASP13D08
#IP will be 192.168.1.87
#Cloud service Company-Redondo-D08 (each developer has their own cloud service so they can power on VMs without having to wait for the other developers to start at the same time)
#service accounts
#Single SharePoint 2013 developer VM
[code language=”powershell”]$varVMLocation = "A"
$varVMServerType = "SP"
$varVMSPVersion = "13"
$varVMType = "D"
$varVMIntanceNum = "08"
$varVMReduxSuffix = "" # I sometimes append a version letter to the end of the developers VM, if they are getting an additional VM of the same role.
$spsetupname = "svc_spsetup"
$spsetuppasstext = "passw0rdspsetup"
$users = @("svc_spsetup", "svc_spfarm", "eric.schrader", "dev1", "etc");
$varVMStaticIP = "192.168.1.87"
$varStorageAccount = "Company" + $varVMLocation + $varVMType + $varVMIntanceNum #unique
$varStorageAccount = $varStorageAccount.ToLower()
$service = "Company-Redondo-" + $varVMType + $varVMIntanceNum
$instancesize = "Basic_A4"
$subscriptionid = "12345678-12345-123456"
$subscriptionName = "Microsoft Azure Enterprise"
$imageFamily = "Windows Server 2012 R2 Datacenter" #Azure VM Image name, the latest will be used below.
$localadminname = "company.admin" #cant be "administrator", etc.
$localadminPassword = "passw0rdlocaladmin"
$joindomain = "Domain.local"
$domainname = "Domain"
$machineOU = "OU=Azure,OU=Development,OU=Servers,OU=Seattle,DC=Company,DC=local"
$timezone = "Pacific Standard Time"
$domainusername = "svc_spsetup"
$domainpassword = "passw0rdspsetup"
$datadiskGB = 127
$datadiskLUN = 0
$datadiskCACHE = "None"
$vmsubnet = "Subnet-1"
$vmaffinitygroup = "VPN-Linked"[/code]
Create the Azure storage account if it doesn’t exist, the set it as the default for PowerShell
Now that the VM is ready for software installs, lets copy the software over. Due to the Windows “triple hop” issue of credentials, I cannot remote into the VM then copy from a 3rd remote location to the vm. I will have to RDP manually
RDP to fileshare computer as svc_SPSetup
Run variables on fileshare computers PowerShell
#Run variables Again!!!
# IMPORTANT, COPY AND PASTE THE ABOVE VARIABLES SECTION IN AGAIN. This is a new VM session.
[code language=”powershell”]$varVMLocation = "A"
$varVMServerType = "SP"
$varVMSPVersion = "13"
$varVMType = "D"
$varVMIntanceNum = "08"
$varVMReduxSuffix = "" # I sometimes append a version letter to the end of the developers VM, if they are getting an additional VM of the same role.
RDP to Developer VM using svc_SPSetup and install SQL by PowerSHell. #via SPSetup , possibly have to sign into RDP instead of remote PS. Takes 20 minutes
From local computer, Connect via remote powershell as spsetup. There is code in here to install SQL remotely, but it too has a triple hop credential issue since I use service accounts. I just RDP to the VM and install SQL via PowerShell there. #uses variables from when the VM was created above
Set SQL max memory to 10GB, set Max Degree of parallelism to 1 (this is a huge script, maybe you can shorten it)
#Set Max degree of parallelism to 1
[code language=”powershell”]## Sets the ‘max degree of parallelism’ value to 1 for the specified SQL server instance
## Port 1433 is used if not specified
## 2012-10-08
## <a href="http://www.pointbeyond.com">www.pointbeyond.com</a>
## NOTE: This function requires at least serveradmin level permissions within SQL server
function SetMaxDegreeOfParallelism()
Displays information relating to SQL Server Max Memory configuration settings. Works on SQL Server 2000-2014.
.DESCRIPTION
Inspired by Jonathan Kehayias’s post about SQL Server Max memory (<a href="http://bit.ly/sqlmemcalc">http://bit.ly/sqlmemcalc</a>), this script displays a SQL Server’s:
total memory, currently configured SQL max memory, and the calculated recommendation.
Jonathan notes that the formula used provides a *general recommendation* that doesn’t account for everything that may be going on in your specific environment.
.PARAMETER Servers
Allows you to specify a comma separated list of servers to query.
.PARAMETER ServersFromFile
Allows you to specify a list that’s been populated by a list of servers to query. The format is as follows
server1
server2
server3
.PARAMETER SqlCms
Reports on a list of servers populated by the specified SQL Server Central Management Server.
.PARAMETER SqlCmsGroups
This is a parameter that appears when SqlCms has been specified. It is populated by Server Groups within the given Central Management Server.
.NOTES
Author : Chrissy LeMaire
Requires: PowerShell Version 3.0, SQL Server SMO, sysadmin access on SQL Servers
Sets SQL Server max memory then displays information relating to SQL Server Max Memory configuration settings. Works on SQL Server 2000-2014.
.PARAMETER Servers
Allows you to specify a comma separated list of servers to query.
.PARAMETER ServersFromFile
Allows you to specify a list that’s been populated by a list of servers to query. The format is as follows
server1
server2
server3
.PARAMETER SqlCms
Reports on a list of servers populated by the specified SQL Server Central Management Server.
.PARAMETER SqlCmsGroups
This is a parameter that appears when SqlCms has been specified. It is populated by Server Groups within the given Central Management Server.
.PARAMETER MaxMB
Specifies the max megabytes
.PARAMETER UseRecommended
Inspired by Jonathan Kehayias’s post about SQL Server Max memory (<a href="http://bit.ly/sqlmemcalc">http://bit.ly/sqlmemcalc</a>), this uses a formula to determine the default optimum RAM to use, then sets the SQL max value to that number.
Jonathan notes that the formula used provides a *general recommendation* that doesn’t account for everything that may be going on in your specific environment.
.NOTES
Author : Chrissy LeMaire
Requires: PowerShell Version 3.0, SQL Server SMO, sysadmin access on SQL Servers
#Automation Fix- CU prompts for internet trusted file. 30 minutes (or right click all 3 CU files and go to Security and unblock, already done for June 2015 CU on AzureShare.).
#UPS Sync- we have to do this manually per install guide
#Add developer as full control of web applications
SharePoint- Configure User Profile AD Sync by hand
AD Connection:
Active Directory Company
Company.local
Company\svc_spups
passw0rd
(Sync All OUs)
Enable timerjob 1am daily:
Start full sync:
Manually add developer as full control of web applications.
