SharePoint 2016 MinRoles – Behind the scenes and where the C2WTS should be provisioned

Have you ever wondered how SharePoint 2016 MinRoles are working under the hood? Everything is about the ShouldProvision method of the SPServiceInstance class.

Advertisements

Microsoft introduced with SharePoint 2016 a new feature called “MinRoles”. MinRoles offer a new way on how to create SharePoint topologies. The following MinRoles are available:

  • Front-End
    A role made for all loads in context of serving SharePoint
  • Application
    This role is optimized for all services that need to run in a SharePoint Farm – without the Search loads
  • Distributed Cache
    Hosting the Distributed cache service
  • Search
    All services associated to the search load of SharePoint
  • Custom
    This role is needed if you plan on using Business Intelligence loads, as they are not pat of the other MinRoles
  • Single-Server farm

In October 2016 Microsoft release Feature Pack 1 (FP1) for SharePoint 2016. The FP1 offers two new MinRoles (MinRolesV2):

  • Front-end with Distributed Cache
  • Application with Search

These two roles combine the prior roles, so that customers can create high available (HA) farms for SharePoint with less servers. Prior to FP1 you did need at least two servers of (each) role: 2 WFE, 2 App, 2 Search, 2 Distributed Cache. In total 8 servers. After you install FP1 you can switch to the combined min roles and will be able to create a SharePoint HA Farm with 4 servers instead. This offering focuses on SharePoint customers with HA requirements, but not enough workload for hosting 8 SharePoint servers.

With each MinRole a set of services can be run on a server. SharePoint 2016 enforces the state of these services. For a complete list of all services that belong to a role, visit the technet documentation.

Behind the scenes

New “Services in Farm” experience in Central Administration

The following screenshot shows the “Services in Farm” page of SharePoint 2016 Central Administration:

Services on Server on SharePoint 2016

A soon as any MinRole is defined the Services on Server page will show the selected servers role and for each service the status and its compliance state. SharePoint offers you some options:

  • you can stop a service
  • you can fix a non-compliant state of a service with one click

Where does this MinRole compliance information come from?

In a recent customer engagement I stumbled across something, that bothered me. The customers SharePoint Farm uses MinRolesV2 and I did check the Microsoft Documentation for wich services are allowed on the server. After a while I had a service in a not compliant state and did not know why. I reached out to the community, but did not end up, with a define answer:

Today I spend some time with the SharePoint source code and did find the answer:

SharePoint Service instances are represented by the SPServiceInstance class. Every SharePoint Service Instance (e.g. SPWindowsTokenServiceInstance) derives from this class and overrides the following method:

 // Microsoft.SharePoint.Administration.SPServiceInstance
 public virtual bool ShouldProvision(SPServerRole serverRole)
 {
 }

There is a additional internal method: ShouldProvisionInternal, which does some additional the tests for the following roles:

  • SPServerRole.WebFrontEndWithDistributedCache
  • SPServerRole.ApplicationWithSearch

When your server is of the roles above, the ShouldProvision method will be called with both single roles and the combined role. If any of these tests returns true, then this role is compliant.

Not knowing, whether the documentation  is wrong or the code, I did investigated the SPWindowsTokenServiceInstance code.

  // Microsoft.SharePoint.Administration.Claims.SPWindowsTokenServiceInstance
 public override bool ShouldProvision(SPServerRole serverRole)
 {
     return SPServerRole.SingleServerFarm == serverRole || SPServerRole.Application == serverRole || SPServerRole.WebFrontEnd == serverRole || (SPServerRole.DistributedCache == serverRole && !SPServerRoleManager.IsMinRoleV2Enabled()) || (SPServerRole.Search == serverRole && !SPServerRoleManager.IsMinRoleV2Enabled()) || SPServerRole.Custom == serverRole;
 }

The implementation above, does not include tests for the MinRolesV2 – but the non V2 roles are introduced through the ShouldProvisionInternal method anyway. Following this, there is no error in the code or the documentation. This applies for the Microsoft.SharePoint.dll in Version: 16.0.4561.1000

So what is wrong with my farm (Januar CU 2018):

 // Microsoft.SharePoint.Administration.Claims.SPWindowsTokenServiceInstance
 public override bool ShouldProvision(SPServerRole serverRole)
 {
     if (SPServerRole.SingleServerFarm != serverRole && SPServerRole.Application != serverRole && SPServerRole.WebFrontEnd != serverRole && (SPServerRole.DistributedCache != serverRole || SPServerRoleManager.IsMinRoleV2Enabled()) && (SPServerRole.Search != serverRole || SPServerRoleManager.IsMinRoleV2Enabled()))
     {
         return SPServerRole.Custom == serverRole;
     }
     return true;
 }

The code above is taken from a Microsoft.SharePoint.dll in File Version: 16.0.4639.1002

This means the current documentation does not reflect the code properly. In case, that I read the code properly, the the only allowed role to host C2WTS with the MinRoleV2 is the Custom role.

Conclusion: There is a drift in the documentation. When I’m not mistaken, I do not need the C2WTS in a non-BI enabled farm. The BI enabled farm does need a MinRole Server “Custom” to run reporting services and other roles. This answers why, the C2WTS is no longer allowed in any other role. Maybe someone should update the documentation…

Update 2018-03-23:

I did double check the code of the ShouldProvisionInternal and ShouldProvision methods and have a strong believe, that there is something wrong to determine the MinRole compliance. Find below a screenshot of what I think the returns should be, but somehow are not!

ShouldProvisionInternal
Expected return values for the ShouldProvisionInternal method

Following this code: The result should be that the MinRoleV2 ApplicationWithSearch should be able to run the Claims to Windows Token service.

I really hope, someone can me help me to figure this out. Is there any part, I do not read correctly?

SharePoint 2016 – Central Administration – ScriptResource.axd 404 error

Recently my colleague and I came across a SharePoint2016 Farm, that had some issues with the suitebar not loading. In the network trace we found a 404 error for the ScriptResource.axd request. Using the event viewer we came across the following error message:

Event code: 3012
Event message: An error occurred processing a web or script resource request. The requested resource 'ZSystem.Web.Extensions,4.0.0.0,,31bf3856ad364e35|MicrosoftAjax.js|' does not exist or there was a problem loading it. 
Event time: 21.03.2018 09:57:57
Event time (UTC): 21.03.2018 08:57:57
Event ID: 59637ef8b92b43b59cadfd4b3ce61619 Event sequence: 7 Event occurrence: 1 Event detail code: 0 
 
Application information: 
 Application domain: /LM/W3SVC/275657850/ROOT-1-131660962662183250 
 Trust level: Full 
 Application Virtual Path: / 
 Application Path: C:\inetpub\wwwroot\wss\VirtualDirectories\4432\ 
 Machine name: SERVERNAME 
 
Process information: 
 Process ID: 6916 
 Process name: w3wp.exe 
 Account name: ***\***** 
 
Exception information: 
 Exception type: ZLibException 
 Exception message: The underlying compression routine could not be loaded correctly.
 at System.IO.Compression.DeflaterZLib.DeflateInit(CompressionLevel compressionLevel, Int32 windowBits, Int32 memLevel, CompressionStrategy strategy)
 at System.IO.Compression.DeflaterZLib..ctor(CompressionLevel compressionLevel)
 at System.IO.Compression.DeflateStream.CreateDeflater(Nullable`1 compressionLevel)
 at System.IO.Compression.DeflateStream..ctor(Stream stream, CompressionMode mode, Boolean leaveOpen)
 at System.IO.Compression.GZipStream..ctor(Stream stream, CompressionMode mode)
 at System.Web.Handlers.ScriptResourceHandler.ProcessRequestInternal(HttpResponseBase response, String decryptedString, VirtualFileReader fileReader)
 at System.Web.Handlers.ScriptResourceHandler.ProcessRequest(HttpContextBase context, VirtualFileReader fileReader, Action`2 logAction, Boolean validatePath)

The type initializer for 'NativeZLibDLLStub' threw an exception.
 at System.IO.Compression.ZLibNative.ZLibStreamHandle.DeflateInit2_(CompressionLevel level, Int32 windowBits, Int32 memLevel, CompressionStrategy strategy)
 at System.IO.Compression.DeflaterZLib.DeflateInit(CompressionLevel compressionLevel, Int32 windowBits, Int32 memLevel, CompressionStrategy strategy)

Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
 at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
 at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode, IntPtr errorInfo)
 at System.IO.Compression.ZLibNative.ZLibStreamHandle.NativeZLibDLLStub.LoadZLibDLL()
 at System.IO.Compression.ZLibNative.ZLibStreamHandle.NativeZLibDLLStub..cctor()

Request information: 
 Request URL: http://SERVERNAME:10000/ScriptResource.axd?d=8QMyovunFMoY381OpYQyz9XcLkCjJ_XuifoGDX5Q8vatF2gNXkCNXfW0-6Dz_mvZVHapsY1FH-l9zy2l3q3V1Z5dqWndvspmAcN7L1hB-UomBeamTvhHGIe5ZcW_f-DqtS3ymyGl5Bk-ybE1j6mAb8ZMhM8n4e_WwQEe8IkCMRsq_DHxVXNP720ZZXWT1ATa0&t=ffffffffad4b7194 
 Request path: /ScriptResource.axd 
 User host address: ***SERVERNAME 
 User: 
 Is authenticated: False 
 Authentication Type: 
 Thread account name: NT AUTHORITY\IUSR 
 
Thread information: 
 Thread ID: 20 
 Thread account name: NT AUTHORITY\IUSR 
 Is impersonating: False 
 Stack trace: at System.IO.Compression.DeflaterZLib.DeflateInit(CompressionLevel compressionLevel, Int32 windowBits, Int32 memLevel, CompressionStrategy strategy)
 at System.IO.Compression.DeflaterZLib..ctor(CompressionLevel compressionLevel)
 at System.IO.Compression.DeflateStream.CreateDeflater(Nullable`1 compressionLevel)
 at System.IO.Compression.DeflateStream..ctor(Stream stream, CompressionMode mode, Boolean leaveOpen)
 at System.IO.Compression.GZipStream..ctor(Stream stream, CompressionMode mode)
 at System.Web.Handlers.ScriptResourceHandler.ProcessRequestInternal(HttpResponseBase response, String decryptedString, VirtualFileReader fileReader)
 at System.Web.Handlers.ScriptResourceHandler.ProcessRequest(HttpContextBase context, VirtualFileReader fileReader, Action`2 logAction, Boolean validatePath)

After several hours of a nerve-wracking search for a solution, we came across this blog by Mike Lee . He saw the same issue and did find a solution. In the end we did change some additional GPO settings (Replace a process level token) for our application pool accounts.

In the first place we were in the search for FIPS settings, as there are many results in google pointing in that direction. We did:

  • Disable FIPS in the registry
  • Changed the GPO that got applied to this server
  • Tried the GZIP compression using a console application.

These settings did not help. Thanks to Mike Lee we were able to resolve this issue.

AutoSpInstaller XML to SharePointDsc Converter – Preview – Update 2018/04/19

Convert your existing AutoSPInstaller XML File to a SharePointDsc configuration

Today the first preview of a web based AutoSpInstaller to SharePoint DSC converter got released.

There are still some limitations, as the mapping of the xml file to SharePointDsc is not complete jet. This is a preview to demonstrate the capabilities.

The converter targets the following use case:

As a user with an AutoSpInstaller XML available I want want to switch to SharePointDsc.

Currently the converter is able to create a multi node SharePoint DSC configuration based on the input of the contents of the AutoSPInstaller XML file. The configuration will contain the following elements:

  • one node block for each server name. If you are using localhost mixed with real server names, there will be an additional node for localhost.
    • On each node the following configuration is placed:
      • SQLAliases
      • SharePoint Prerequistes
      • SharePoint Binary Installation
      • Farm create or join
  • The following components are currently extracted from the AutoSPInstaller xml file:
    • Basic Farm setup
    • Managed Accounts
    • Web Applications
    • Site Collections
    • Managed Paths
    • Diagnostics Logging Service
    • State Service Application
    • Sandboxed Code Service
    • Claims to Windows Token Service
    • Outgoing Mail
    • Distributed Cache
    • Workflow Timer Setting
  • Update 2018/04/19 – There are the following additions:
    • Creation of Application Pools for Web Applications, Search, Serivces
    • User Profile Service Application
    • Search Service Application
    • Managed Metadata Service Application

SharePoint 2016 base language and language packs

The basic stuff about SharePoint 2016 base language and language packs – Some thoughts about this topic

All over the world there are customers that want to install and use SharePoint in their preferred language (official language, e.g. in Germany it’s German). I can fully understand the backgrounds of this wish:

  • Not every employee speaks English
  • Not every administrator speaks English
  • Adopting a new System is easier, when it’s in the mother tongue.

The SharePoint 2016 sources are available in the following 24 languages. Additionally, there are the following 49 language packs:

Language Source Language Language Pack
Arabic x x
Azerbaijani x
Basque x
Bosnian x
Bulgarian x
Catalan x
Chinese – Simplified x x
Chinese – Traditional x x
Croatian x
Czech x x
Danish x x
Dari x
Dutch x x
English x x
Estonian x
Finnish x x
French x x
Galician x
German x x
Greek x x
Hebrew x x
Hindi x
Hungarian x x
Indonesian x
Irish x
Italian x x
Japanese x x
Kazakh x
Korean x x
Latvian x
Lithuanian x
Macedonian x
Malay x
Norwegian-Bokmal x x
Polish x x
Portuguese-Brazil x x
Portuguese-Portugal x x
Romanian x
Russian x x
Serbian x
Slovak x
Slovenian x
Spanish x x
Swedish x x
Thai x x
Turkish x x
Ukrainian x
Vietnamese x
Welsh x

There are many possible variations of base language and language packs.

I tend to install SharePoint with the Englisch Sources and prefer to install Language Packs afterwards!

The reason behind this philosophy: “Keep it simple!”

Working every day with different SharePoint farms can be challenging if the language of the SharePoint logs vary or the PowerShell commands do need to be modified to match the installed SharePoint language.

The tools available focus on English SharePoint sources:

…and I prefer Central Administration to be in English. The german translation does not feelt right 😉

What’s the best way to figure out the base language and the installed Language Packs?

I use the following PowerShell Script to figre out the base language and the installed Language Packs:

 

 

Matomo (Piwik) and SharePoint – Tracking on Sites with Minimal Download Strategy or Search

Using Matomo ‏(Piwik) with SharePoint is easy. Tracking the search can be challenging. In this post I describe a way on how to track your SharePoint search properly.

Using Matomo (Piwik) with SharePoint can be very straight forward. There is no need to install any extension for SharePoint or any .wsp solution. All you need is Piwik installation and some lines of JavaScript in a file and a bit of PnP PowerShell.

Piwik offers you a default JavaScript snippet that allows you to track a user on your web site. The default code will somehow look like this:


var _paq = _paq || [];
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(['enableLinkTracking']);
_paq.push(['trackPageView']);
(function () {
	var u = "//piwikserver.domain.de/";
	_paq.push(['setTrackerUrl', u + 'piwik.php']);
	_paq.push(['setSiteId', '1']);
	var d = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0];
	g.type = 'text/javascript';
	g.async = true;
	g.defer = true;
	g.src = u + 'piwik.js';
	s.parentNode.insertBefore(g, s);
})();<span id="mce_SELREST_start" style="overflow:hidden;line-height:0;">&#65279;</span>

As soon as you save this JavaScript code in file, you can get started with SharePoint tracking with the following steps:

  1. Upload this file to your SharePoint Root Site Collection and place it in the Style Library (Why? Regularly I use this lib as a on-premises CDN)
  2. Make sure the file is accessible
  3. Create a Script Link in the Site Collection you want to track.

For step 3 You can use the following PowerShell code to add a script link to your site collection:


Connect-PnPOnline -CurrentCredentials -Url https://mywebapp.domain.de
Add-PnPJavaScriptLink -Name SpPiwik -Url "/Style Library/SpPiwik.js" -Sequence 900 -Scope Site

With this setting you can track a user and gain basic insights about his flow through your website. The data you are gaining by now is very basic and there are some SharePoint only specialties:

Continue reading “Matomo (Piwik) and SharePoint – Tracking on Sites with Minimal Download Strategy or Search”

Configuration of PHP and MySQL on Windows Server with IIS

Recently I challenged myself to see how far we can go with PowerShell DSC and non Microsoft Products. My goal in this challenge was to install and configure PHP and MySQL on a blank Windows Server 2012 R2 offline server.

Why would someone do this?

Because I wanted gain a better understanding on how far PowerShell DSC configurations are useful in challenging tasks with non Windows or Microsoft Products. Another outcome should be a fully functional PHP server to host PIWIK for a SharePoint Farm.

Continue reading “Configuration of PHP and MySQL on Windows Server with IIS”

Angular Elements – the future of ngOfficeUiFabric

Vesa Juvonen gave a great keynote at the European SharePoint Conference in Dublin on Thursday last week . It was filled with many announcements supported by a fantastic speaker line up. The biggest news were about SPFx and ALM in SharePoint Online.

image
Keynote by Vesa Juvonen and Rob Wormald about Angular Elements in SPFx WebParts

The moment Rob Wormald from the Angular Team joined Vesa – very unexpected for a conference focused on Microsoft technology – great developments were inntroduced: Angular Elements.

Angular – A google project – is widely used in modern web development and currently there are no best practices available for using Angular in SPFx webparts. Currently the best option is: avoid using Angular in SPFx right now.

What are Angular Elements?

It’s Angular Components as web components. Web components can be used in SharePoint Modern Sites and any other JavaScript apps. The new elements will blend in every other framework.

This makes Angular Elements way more versatile in usage and handling in combination with other Frameworks like e.g. React.

The dependency on the virtual DOM and the way SPFx webparts go through a process of packaging, made the usage of Angular in SPFx webparts not attractive. If you were still going with Angular, there are very likely chances you will run into troubles or performance issues, when you try to insert more than one of your Angular SPFx webparts.

The biggest step with Angular Elements comes with: “How can it be used in a page?” The dependency on a root element becomes obsolete! This means Angular Elements is just plain JavaScript without any further dependencies after the step of compilation. This makes Angular Elements a valuable option in SPFx.

Whats the effect of this new Angular Elements for ngOfficeUiFabric?

In case you haven’t seen Andrew’s post: HERE! I think Andrew is one of the few people who can explain this difficult topic in an understandable easy way!
There are plans to start of with Angular Elements for ngOfficeUiFabric. I hope this ngOfficeUiFabric@Next project will start to fly soon.