The self-healing environment – PowerShell DSC for your SharePoint Ecosystem – Recap

During my preparations for Dublin I came across many topics in the Azure Automation world I wanted to automate as well. Currently the resources “on how to do this” are limited to the Microsoft Documentations available.

I planned to on-board a newly provisioned virutal machine in place and join this server into my automation account. A process I do on a day to day basis with development environments.

I tend to trash my virtual development machines on a regular basis. This process allows me to be assured that my systems are up to the customers requirement.
This means I upload the customer specific configuration and compile the DSC prior to joining the VM.
If you do already have a configuration in place and want to reuse this, you can go to step number 3.

What is the process of on-boarding a virtual machine to an Automation Account?

0. Login in to your Azure Account


1. Upload your latest DSC configuration to Azure Automation DSC

Uploading a configuration requires you to run the following PowerShell Script.

Import-AzureRmAutomationDscConfiguration -SourcePath "<Full Path to your Configuration>"`
-ResourceGroupName "<Your Resource Group Name>" `
-AutomationAccountName "<Your Automation Account Name>" `
-Published `
-Force `

2. Compile your configuration

After an successful upload you can start the compilation of your configuration. In case the configuration requires parameters, you can ass them into the cmdlet as hashtable:

$dscCompileParameters = @{ }

Start-AzureRmAutomationDscCompilationJob -AutomationAccountName "<Your Automation Account Name >"`
-ConfigurationName "<Name of your configuration>" `
-ResourceGroupName "< Your Resource Group Name>"`
-IncrementNodeConfigurationBuild `
-Parameters $dscCompileParameters `

3. Join a VM to your Azure Automation Account – using PowerShell

Register-AzureRmAutomationDscNode -AzureVMName "<Your VM Name>" `
-ResourceGroupName "< Your Resource Group Name>" `
-AutomationAccountName "<Your Automation Account Name >" `
-RebootNodeIfNeeded $true `
-NodeConfigurationName "<Your Node Configuration Name >" `
-ConfigurationMode "ApplyAndAutocorrect" `


With these few lines of PowerShell you will be able to onboard a VM to Azure Automation and configure this machine to use a specific configuration.


Microsoft Identity Manager and (several) SharePoint Management Agents

With Microsoft Identity Manager and SharePoint 2016 Microsoft changed the way on how to synchronize user profiles between Active Directory and SharePoint 2016. SharePoint 2010 and 2013 did integrate the Forefront Identity Manager (FIM).

In the past I had many problems with FIM. Sometimes the FIM Service did not start or was stuck starting. Some other times the sync did not synchronize….

I really like the idea of having an independent server that manages the sync of user profiles. I installed Microsoft Identity Manager (MIM) on an extra server.

Microsoft offers a toolset on GitHub to configure MIM with SharePoint 2016. Sadly, Microsoft does not process the pull requests…

A few weeks ago, I had the need to configure one MIM with several SharePoint Farms.
Trevor obviously had the same need:

Are there any prerequisites?


Microsoft released several MIM versions:

  • First Release – Version 4.3.2064
    • Service Pack 1  – Version 4.4.1237
  • MIM with Service Pack 1 – Version 4.4.1302

Before you go any further, make sure to have the latest MIM 2016 SP1 RTM installed. This will be the prerequisite for any further patching.

Also make sure to download MIM toolset from: MIM toolset and patch the PowerShell Module with Trevor’s or mine PRs or download my modified module (see further down). Otherwise you won’t be able to run the configuration with the latest version of MIM.

How to configure the toolset for MIM to create (several) SPMAs?

The toolset for MIM comes with a PowerShell Module “SharePointSync.psm1”. We will have to do some modifications to this file to configure (multiple) SharePoint Management Agents.

Continue reading “Microsoft Identity Manager and (several) SharePoint Management Agents”

How to change the Office Web Apps / Office Online Server Certificate

How to change the Office Online Server Certificate in a few easy steps.

Changing certificates is a simple task – not very demanding – but in case of Office Web Apps and Office Online Server there is more to do. I will use Office Online Server as a synonym for Office Web Apps in the article. There is no difference in the process.

Before you change the IIS certificate, hold in, and think about the Office Online Server Farm setup:

Remember this command?

Set-OfficeWebappsFarm -CertificateName "YourShinyNewCertificateFriendlyName"

You will need to run this command to set the new certificate for your Office Online Server farm. But, before you start right way, please make sure these conditions apply:

  • Be sure, that the certificate is installed on every server in your Office Online Server Farm
  • Be sure, that the friendly name of the certificate is set to the same value on each server


SharePoint Distributed Cache 101

In the last time I have seen many SharePoint Farms (2013 and 2016) on which the distributed cache was not in a healthy state or not available at all.

Before you start with any configuration make yourself familiar with distributed cache:



Distributed Cache – Cheat Sheet

The distributed cache is one of the service applications you should not configure via the central administration. So, start your PowerShell as administrator! 😉

I will update this post regular, as there is always something “new”.


Get (all) Distributed Cache Service instances

Get-SPServiceInstance | ? {$_.TypeName -eq "Distributed Cache"}

To get the service instance on a specific server (In this case: the current one). Run this command.

Continue reading “SharePoint Distributed Cache 101”

Visio Web Access Part not working

From a user’s point of view: I really like the Visio Services in SharePoint 2016
From an administrator’s view: finding the source of an error in Visio Services can be a real pain!

Failed to get raster diagram for Visio file: Default Page ID Exception

The error for the user is not very helpful:

Visio Services was unable to display the requested page because it does not exist within this Web Drawing. To resolve this issue, make sure to request a page that exists within this Web Drawing.

The error message in the ULS log – nah:

Failed to get raster diagram for visio file https:///.vsdx page default page ID Exception : System.ServiceModel.FaultException`1[Microsoft.Office.Visio.Server.GraphicsServer.VisioGraphicsServiceFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Microsoft.Office.Visio.Server.GraphicsServer.VisioGraphicsServiceFault).

I was able to open the document in Visio 2016 and everything looked fine. I compared this file to another, which rendered fine. The difference was very hard to spot: The heading of the tab displayed was italic and not regular as in the good file.

An italic tab name indicates, that this is a background page and not a regular page. After changing the page type, everything worked as expected.

SQL Server 2016 Power Pivot for SharePoint 2016 Health Rules – is not installed

In a SharePoint 2016 Farm with Power pivot health rules will fail with the following error:

Power Pivot: ADOMD.NET is not installed on a standalone WFE that is configured 
for central admin

Trevor Seward  wrote a great article on this topic focusing on SQL 2012. To verify that his article is still valid for SQL Server 2016 and SharePoint 2016 with Power Pivot, I followed his article:

I installed the latest SQL_AS_ADOMD.msi, which can be downloaded here. But nothing changed.

Here is the content of the Microsoft.AnalysisServices.AdomdClient.dll ( found under C:\windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\v4.0_13.0.0.0. ….

[SharePointPermission(System.Security.Permissions.SecurityAction.LinkDemand, ObjectModel = true)]
public override SPHealthCheckStatus Check()
SPHealthCheckStatus result;
if (!HealthUtil.isCentralAdminConfiged())
result = SPHealthCheckStatus.Passed;
if (HealthUtil.IsADOMDInstalled(""))
result = SPHealthCheckStatus.Passed;
result = SPHealthCheckStatus.Failed;

A quick check via Power Shell reveals the following

$connnection = new-object Microsoft.AnalysisServices.AdomdClient.AdomdConnection

The client version is: “13.0.1601.5 ((SQL16_RTM).160429-2226)” and that is why the rule fails.

Either you disable the rule or ignore it, if Adomd is installed properly.

OneNote & SharePoint 2016 – Mouse is not working

Today I faced a problem with OneNote 2016 and OneNote notebooks stored in SharePoint 2016 on premises.

Opening the Notebook the first time – everything was fine. The mouse worked as expected. As soon as I wanted to synchronize my notebook, a authentication prompt was shown. After entering my credentials OneNote started to sync.

BUT: I was no longer able to move the cursor with the mouse.

How to solve this issue?

First: a quick search on google.
There are plenty of results and discussions on this topic.

Here are the steps to solve this issue:

  1. Internet Explorer – Security Settings
    1. Options > Security > Trusted Sites
    2. Add your SharePoint and MySite URLs
  2. Windows Credential Store – Store your Credentials
    1. New windows credentials
      1. Enter the URL of your SharePoint server
      2. Enter your login-Information
    2. Repeat 1 for all other SharePoint web applications