Over the last couple of days there were some tweets related to the beloved #SPFx keyword. Stefan Bauer shared something related to SharePoint Framework and got a new follower 😛
The first version of the filter is stored in this gist:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Today I was very happy to find a neat solution to handle configuration data for a DSC configuration. I was facing the following challenge:
In a SharePoint DSC Configuration I want to reuse several SQL Aliases that are created during run time of the DSC configuration based on the configuration data.
In recent DSC setups my configuration did look like this:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
and I created the SQL Alias with the following lines of code:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This far there was no struggle at all. Creating a SQL Alias with DSC is very straight forward, even if there is the need to create more than one.
The struggle got real the moment I had to reuse the Alias Name in SharePoint. How do I properly access the Alias? Do I iterate over all aliases again and filter or do I hard code the alias name or…? None of the before felt right.
My solutions is pretty simple: Why not change the array to another hash table – A hash table allows to access the data more easily. 🙂
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Final challenge: How can I iterate over a hash table? A hash table object has two properties: keys and values:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
So what changed in my SharePointDsc configuration part? Now I can address my SQL Alias properly without having any troubles:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This issue is still under investigation – current I think this issue occurs, when SharePoint is installed, followed by a Language Pack and then the creation of the farm. Checking the compliance status of the min role at this particular time will result in a not compliant state.
Microsoft introduced with SharePoint 2016 a new feature called “MinRoles”. MinRoles offer a new way on how to create SharePoint topologies. The following MinRoles are available:
Front-End
A role made for all loads in context of serving SharePoint
Application
This role is optimized for all services that need to run in a SharePoint Farm – without the Search loads
Distributed Cache
Hosting the Distributed cache service
Search All services associated to the search load of SharePoint
Custom
This role is needed if you plan on using Business Intelligence loads, as they are not pat of the other MinRoles
Single-Server farm
In October 2016 Microsoft release Feature Pack 1 (FP1) for SharePoint 2016. The FP1 offers two new MinRoles (MinRolesV2):
Front-end with Distributed Cache
Application with Search
These two roles combine the prior roles, so that customers can create high available (HA) farms for SharePoint with less servers. Prior to FP1 you did need at least two servers of (each) role: 2 WFE, 2 App, 2 Search, 2 Distributed Cache. In total 8 servers. After you install FP1 you can switch to the combined min roles and will be able to create a SharePoint HA Farm with 4 servers instead. This offering focuses on SharePoint customers with HA requirements, but not enough workload for hosting 8 SharePoint servers.
With each MinRole a set of services can be run on a server. SharePoint 2016 enforces the state of these services. For a complete list of all services that belong to a role, visit the technet documentation.
Behind the scenes
New “Services in Farm” experience in Central Administration
The following screenshot shows the “Services in Farm” page of SharePoint 2016 Central Administration:
Services on Server on SharePoint 2016
A soon as any MinRole is defined the Services on Server page will show the selected servers role and for each service the status and its compliance state. SharePoint offers you some options:
you can stop a service
you can fix a non-compliant state of a service with one click
Where does this MinRole compliance information come from?
In a recent customer engagement I stumbled across something, that bothered me. The customers SharePoint Farm uses MinRolesV2 and I did check the Microsoft Documentation for wich services are allowed on the server. After a while I had a service in a not compliant state and did not know why. I reached out to the community, but did not end up, with a define answer:
Today I spend some time with the SharePoint source code and did find the answer:
SharePoint Service instances are represented by the SPServiceInstance class. Every SharePoint Service Instance (e.g. SPWindowsTokenServiceInstance) derives from this class and overrides the following method:
// Microsoft.SharePoint.Administration.SPServiceInstance
public virtual bool ShouldProvision(SPServerRole serverRole)
{
}
There is a additional internal method: ShouldProvisionInternal, which does some additional the tests for the following roles:
SPServerRole.WebFrontEndWithDistributedCache
SPServerRole.ApplicationWithSearch
When your server is of the roles above, the ShouldProvision method will be called with both single roles and the combined role. If any of these tests returns true, then this role is compliant.
Not knowing, whether the documentation is wrong or the code, I did investigated the SPWindowsTokenServiceInstance code.
The implementation above, does not include tests for the MinRolesV2 – but the non V2 roles are introduced through the ShouldProvisionInternal method anyway. Following this, there is no error in the code or the documentation. This applies for the Microsoft.SharePoint.dll in Version: 16.0.4561.1000
The code above is taken from a Microsoft.SharePoint.dll in File Version: 16.0.4639.1002
This means the current documentation does not reflect the code properly. In case, that I read the code properly, the the only allowed role to host C2WTS with the MinRoleV2 is the Custom role.
Conclusion: There is a drift in the documentation. When I’m not mistaken, I do not need the C2WTS in a non-BI enabled farm. The BI enabled farm does need a MinRole Server “Custom” to run reporting services and other roles. This answers why, the C2WTS is no longer allowed in any other role. Maybe someone should update the documentation…
Update 2018-03-23:
I did double check the code of the ShouldProvisionInternal and ShouldProvision methods and have a strong believe, that there is something wrong to determine the MinRole compliance. Find below a screenshot of what I think the returns should be, but somehow are not!
Expected return values for the ShouldProvisionInternal method
Following this code: The result should be that the MinRoleV2 ApplicationWithSearch should be able to run the Claims to Windows Token service.
I really hope, someone can me help me to figure this out. Is there any part, I do not read correctly?
Recently my colleague and I came across a SharePoint2016 Farm, that had some issues with the suitebar not loading. In the network trace we found a 404 error for the ScriptResource.axd request. Using the event viewer we came across the following error message:
Event code: 3012
Event message: An error occurred processing a web or script resource request. The requested resource 'ZSystem.Web.Extensions,4.0.0.0,,31bf3856ad364e35|MicrosoftAjax.js|' does not exist or there was a problem loading it.
Event time: 21.03.2018 09:57:57
Event time (UTC): 21.03.2018 08:57:57
Event ID: 59637ef8b92b43b59cadfd4b3ce61619 Event sequence: 7 Event occurrence: 1 Event detail code: 0
Application information:
Application domain: /LM/W3SVC/275657850/ROOT-1-131660962662183250
Trust level: Full
Application Virtual Path: /
Application Path: C:\inetpub\wwwroot\wss\VirtualDirectories\4432\
Machine name: SERVERNAME
Process information:
Process ID: 6916
Process name: w3wp.exe
Account name: ***\*****
Exception information:
Exception type: ZLibException
Exception message: The underlying compression routine could not be loaded correctly.
at System.IO.Compression.DeflaterZLib.DeflateInit(CompressionLevel compressionLevel, Int32 windowBits, Int32 memLevel, CompressionStrategy strategy)
at System.IO.Compression.DeflaterZLib..ctor(CompressionLevel compressionLevel)
at System.IO.Compression.DeflateStream.CreateDeflater(Nullable`1 compressionLevel)
at System.IO.Compression.DeflateStream..ctor(Stream stream, CompressionMode mode, Boolean leaveOpen)
at System.IO.Compression.GZipStream..ctor(Stream stream, CompressionMode mode)
at System.Web.Handlers.ScriptResourceHandler.ProcessRequestInternal(HttpResponseBase response, String decryptedString, VirtualFileReader fileReader)
at System.Web.Handlers.ScriptResourceHandler.ProcessRequest(HttpContextBase context, VirtualFileReader fileReader, Action`2 logAction, Boolean validatePath)
The type initializer for 'NativeZLibDLLStub' threw an exception.
at System.IO.Compression.ZLibNative.ZLibStreamHandle.DeflateInit2_(CompressionLevel level, Int32 windowBits, Int32 memLevel, CompressionStrategy strategy)
at System.IO.Compression.DeflaterZLib.DeflateInit(CompressionLevel compressionLevel, Int32 windowBits, Int32 memLevel, CompressionStrategy strategy)
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode, IntPtr errorInfo)
at System.IO.Compression.ZLibNative.ZLibStreamHandle.NativeZLibDLLStub.LoadZLibDLL()
at System.IO.Compression.ZLibNative.ZLibStreamHandle.NativeZLibDLLStub..cctor()
Request information:
Request URL: http://SERVERNAME:10000/ScriptResource.axd?d=8QMyovunFMoY381OpYQyz9XcLkCjJ_XuifoGDX5Q8vatF2gNXkCNXfW0-6Dz_mvZVHapsY1FH-l9zy2l3q3V1Z5dqWndvspmAcN7L1hB-UomBeamTvhHGIe5ZcW_f-DqtS3ymyGl5Bk-ybE1j6mAb8ZMhM8n4e_WwQEe8IkCMRsq_DHxVXNP720ZZXWT1ATa0&t=ffffffffad4b7194
Request path: /ScriptResource.axd
User host address: ***SERVERNAME
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\IUSR
Thread information:
Thread ID: 20
Thread account name: NT AUTHORITY\IUSR
Is impersonating: False
Stack trace: at System.IO.Compression.DeflaterZLib.DeflateInit(CompressionLevel compressionLevel, Int32 windowBits, Int32 memLevel, CompressionStrategy strategy)
at System.IO.Compression.DeflaterZLib..ctor(CompressionLevel compressionLevel)
at System.IO.Compression.DeflateStream.CreateDeflater(Nullable`1 compressionLevel)
at System.IO.Compression.DeflateStream..ctor(Stream stream, CompressionMode mode, Boolean leaveOpen)
at System.IO.Compression.GZipStream..ctor(Stream stream, CompressionMode mode)
at System.Web.Handlers.ScriptResourceHandler.ProcessRequestInternal(HttpResponseBase response, String decryptedString, VirtualFileReader fileReader)
at System.Web.Handlers.ScriptResourceHandler.ProcessRequest(HttpContextBase context, VirtualFileReader fileReader, Action`2 logAction, Boolean validatePath)
After several hours of a nerve-wracking search for a solution, we came across this blog by Mike Lee . He saw the same issue and did find a solution. In the end we did change some additional GPO settings (Replace a process level token) for our application pool accounts.
In the first place we were in the search for FIPS settings, as there are many results in google pointing in that direction. We did:
Disable FIPS in the registry
Changed the GPO that got applied to this server
Tried the GZIP compression using a console application.
These settings did not help. Thanks to Mike Lee we were able to resolve this issue.
There are still some limitations, as the mapping of the xml file to SharePointDsc is not complete jet. This is a preview to demonstrate the capabilities.
The converter targets the following use case:
As a user with an AutoSpInstaller XML available I want want to switch to SharePointDsc.
Currently the converter is able to create a multi node SharePoint DSC configuration based on the input of the contents of the AutoSPInstaller XML file. The configuration will contain the following elements:
one node block for each server name. If you are using localhost mixed with real server names, there will be an additional node for localhost.
On each node the following configuration is placed:
SQLAliases
SharePoint Prerequistes
SharePoint Binary Installation
Farm create or join
The following components are currently extracted from the AutoSPInstaller xml file:
Basic Farm setup
Managed Accounts
Web Applications
Site Collections
Managed Paths
Diagnostics Logging Service
State Service Application
Sandboxed Code Service
Claims to Windows Token Service
Outgoing Mail
Distributed Cache
Workflow Timer Setting
Update 2018/04/19 – There are the following additions:
Creation of Application Pools for Web Applications, Search, Serivces
All over the world there are customers that want to install and use SharePoint in their preferred language (official language, e.g. in Germany it’s German). I can fully understand the backgrounds of this wish:
Not every employee speaks English
Not every administrator speaks English
Adopting a new System is easier, when it’s in the mother tongue.
The SharePoint 2016 sources are available in the following 24 languages. Additionally, there are the following 49 language packs:
Language
Source Language
Language Pack
Arabic
x
x
Azerbaijani
x
Basque
x
Bosnian
x
Bulgarian
x
Catalan
x
Chinese – Simplified
x
x
Chinese – Traditional
x
x
Croatian
x
Czech
x
x
Danish
x
x
Dari
x
Dutch
x
x
English
x
x
Estonian
x
Finnish
x
x
French
x
x
Galician
x
German
x
x
Greek
x
x
Hebrew
x
x
Hindi
x
Hungarian
x
x
Indonesian
x
Irish
x
Italian
x
x
Japanese
x
x
Kazakh
x
Korean
x
x
Latvian
x
Lithuanian
x
Macedonian
x
Malay
x
Norwegian-Bokmal
x
x
Polish
x
x
Portuguese-Brazil
x
x
Portuguese-Portugal
x
x
Romanian
x
Russian
x
x
Serbian
x
Slovak
x
Slovenian
x
Spanish
x
x
Swedish
x
x
Thai
x
x
Turkish
x
x
Ukrainian
x
Vietnamese
x
Welsh
x
There are many possible variations of base language and language packs.
I tend to install SharePoint with the Englisch Sources and prefer to install Language Packs afterwards!
The reason behind this philosophy: “Keep it simple!”
Working every day with different SharePoint farms can be challenging if the language of the SharePoint logs vary or the PowerShell commands do need to be modified to match the installed SharePoint language.
The tools available focus on English SharePoint sources:
Possible answers for error messages (not english) are very hard to find with google
…and I prefer Central Administration to be in English. The german translation does not feelt right 😉
What’s the best way to figure out the base language and the installed Language Packs?
I use the following PowerShell Script to figre out the base language and the installed Language Packs:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Using Matomo (Piwik) with SharePoint can be very straight forward. There is no need to install any extension for SharePoint or any .wsp solution. All you need is Piwik installation and some lines of JavaScript in a file and a bit of PnP PowerShell.
Piwik offers you a default JavaScript snippet that allows you to track a user on your web site. The default code will somehow look like this:
var _paq = _paq || [];
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(['enableLinkTracking']);
_paq.push(['trackPageView']);
(function () {
var u = "//piwikserver.domain.de/";
_paq.push(['setTrackerUrl', u + 'piwik.php']);
_paq.push(['setSiteId', '1']);
var d = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0];
g.type = 'text/javascript';
g.async = true;
g.defer = true;
g.src = u + 'piwik.js';
s.parentNode.insertBefore(g, s);
})();<span id="mce_SELREST_start" style="overflow:hidden;line-height:0;"></span>
As soon as you save this JavaScript code in file, you can get started with SharePoint tracking with the following steps:
Upload this file to your SharePoint Root Site Collection and place it in the Style Library (Why? Regularly I use this lib as a on-premises CDN)
Make sure the file is accessible
Create a Script Link in the Site Collection you want to track.
For step 3 You can use the following PowerShell code to add a script link to your site collection:
With this setting you can track a user and gain basic insights about his flow through your website. The data you are gaining by now is very basic and there are some SharePoint only specialties:
This year’s hackathon was a blast. Stephan and I partnered with Thomas and Saulius to defend last year’s victory (See Vesa’s blog post).
The hackathon started off with Mike’s introduction and a quick review on the last year’s results. Mike loves to hack and you can feel his passion for programming, when he introduces the concept of hackathon: “There is no good hackathon without pizza and beer!” 🙂
The hackathon rules and experts to support the teams can be found here: ESPC Hacakthon
This year our new formed team came up with an idea to do something with bots and Office 365. In the end we tried to revolutionize support activities focused on Office 365: “SharePoint Assistant” was born.
SharePoint Assistent is a predictive QnABot that guesses what the user needs – based on prior usage of the bot or the current user context. The bot can be embedded in an SPFx Extension Webpart in any SharePoint Online site collection. Other options would be to integrate this bot in Teams, Skype and many more.
You can find the whole team and the result presentation in this devpost submission: SharePoint Assistant
The competitors had really great ideas and I was totally impressed by the winning teams solution – Our team was the follow up though.
The winning team used the SharePoint audit logs to create Yammer communities based on analysis. The solution was that impressive because they used fairly simple tools to automate the whole process. Flow, Excel, Data pools were the names of the most used tools.
Another team automated their process of coffee delivery to their offices. They integrated a small circuit board through an email flow into Office 365.
There were further more two solutions shown on how to create PDF documents form Excel or Word directly in an SPO library.
Hacking during the European SharePoint Conference is fun. It allows to break out of the day to day life, get to know new technologies and shows what’s possible with Office 365, Azure and the developers tool belt.
Thank you, Mike and VESA for making this possible!
With Microsoft Identity Manager and SharePoint 2016 Microsoft changed the way on how to synchronize user profiles between Active Directory and SharePoint 2016. SharePoint 2010 and 2013 did integrate the Forefront Identity Manager (FIM).
In the past I had many problems with FIM. Sometimes the FIM Service did not start or was stuck starting. Some other times the sync did not synchronize….
I really like the idea of having an independent server that manages the sync of user profiles. I installed Microsoft Identity Manager (MIM) on an extra server.
Microsoft offers a toolset on GitHub to configure MIM with SharePoint 2016. Sadly, Microsoft does not process the pull requests…
A few weeks ago, I had the need to configure one MIM with several SharePoint Farms.
Trevor obviously had the same need:
@vesajuvonen is there support for multi SPMAs per MIM instance? Secondary SPMAs appear to just fail (compl-no-objs) with appropriate config.
Also make sure to download MIM toolset from: MIM toolset and patch the PowerShell Module with Trevor’s or mine PRs or download my modified module (see further down). Otherwise you won’t be able to run the configuration with the latest version of MIM.
How to configure the toolset for MIM to create (several) SPMAs?
The toolset for MIM comes with a PowerShell Module “SharePointSync.psm1”. We will have to do some modifications to this file to configure (multiple) SharePoint Management Agents.
The distributed cache is one of the service applications you should not configure via the central administration. So, start your PowerShell as administrator! 😉
I will update this post regular, as there is always something “new”.
SharePoint and Microsoft 365 