Archive for October, 2014

SharePoint Document Conversion Services

Wednesday, October 29th, 2014

SharePoint Document Conversion Services

Version: 1.0

Applies to:

  • SharePoint 2010
  • SharePoint 2013
  • SharePoint Office 365

Overview of Document Conversion Services

SharePoint has Document Conversion Service that allows to convert files like Microsoft Word .docx into SharePoint webpages.

Office Web Apps (web version of Office) that works in SharePoint and allows users to view Office files even if they don’t have MS Office installed on their PC. In the absence of Office Web Apps (OWA), SharePoint Document Conversion Service will be handy to view the MS Office files.

Document Conversion services are not enabled by default. There are two services for Document Conversion.

1. Document Conversion Launcher Service
2. Document Conversion Load Balancer Service

Configuring Document Conversion Services

To enable the document conversion, you have to first configure its Load Balancer Service and then the Launcher service.

a. Configure Document Conversion Load Balancer service on SharePoint Application Server (Central Admin > Services on Server: ApplicationServer)

b. Configure Document Conversion Launcher Service on SharePoint Application Server (Central Admin > Services on Server: ApplicationServer)

c. Configure the Document Conversions (Central Admin > General Application Settings > Configure Document Conversions)

Issues in Configuring Document Conversion Services

Some times you get into issue during initial configuration of Document Conversion service or even later during operations where these services fail to start.

Error Starting Document Conversion Services

You go to SharePoint Central Administration site > System Settings > Manage Servers in this Farm > Click on an application server name (not SharePoint Web Front End). That will bring you to the Services on Server: ServerName page. In one of my scenario, I tried to start the Document Conversion Load Balancer service and got Error Starting status. I tried different ways but couldn’t start the service.

SharePoint Document Conversion Launcher Service - Error Starting status
SharePoint Document Conversion Launcher Service – Error Starting status

I went into Event Viewer logs first on the SharePoint application server and found following errors.

Event Viewer Error 1

Log Name:      Application
Source:        Microsoft-SharePoint Products-SharePoint Foundation
Date:          10/28/2014 3:12:46 PM
Event ID:      7034
Task Category: Topology
Level:         Critical
Keywords:      
User:          softvativeSPFarmServiceAccount
Computer:      SharePointAppSrv.softvative.com
Description:
An attempt to start/stop instance  of service Document Conversions Load Balancer Service on server 

SharePointAppSrv did not succeed.  Re-run the action via UI or command line on the specified server. 

Additional information is below.

Operation is not valid due to the current state of the object.
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”>
  <System>
    <Provider Name=”Microsoft-SharePoint Products-SharePoint Foundation” Guid=”{6FB7E0CD-52E7-47DD-

997A-241563931FC2}” />
    <EventID>7034</EventID>
    <Version>14</Version>
    <Level>1</Level>
    <Task>13</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime=”2014-10-28T20:12:46.879677800Z” />
    <EventRecordID>858925</EventRecordID>
    <Correlation ActivityID=”{4A13B121-2470-406B-ADCB-2A97903E8D0D}” />
    <Execution ProcessID=”19412″ ThreadID=”788″ />
    <Channel>Application</Channel>
    <Computer>SharePointAppSrv.softvative.com</Computer>
    <Security UserID=”S-1-5-21-1627688274-1190192956-3999157559-1223″ />
  </System>
  <EventData>
    <Data Name=”string0″>
    </Data>
    <Data Name=”string1″>Document Conversions Load Balancer Service</Data>
    <Data Name=”string2″>SharePointAppSrv</Data>
    <Data Name=”string3″>Operation is not valid due to the current state of the object.</Data>
  </EventData>
</Event>

SharePoint Document Conversion Error - Event ID 7034
SharePoint Document Conversion Error – Event ID 7034

Event Viewer Error 2

Log Name:      Application
Source:        Microsoft-SharePoint Products-Document Management Server
Date:          10/28/2014 3:12:11 PM
Event ID:      7953
Task Category: Document Conversions
Level:         Critical
Keywords:      
User:          softvativeSPFarmServiceAccount
Computer:      SharePointAppSrv.softvative.com
Description:
The Office HTML Load Balancing Service experienced a problem.

Error:  Not launching Document Conversions Laod Balancer because registry key acknowledging service 

running on app server (‘AcknowledgedRunningOnAppServer’) is not set.
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”>
  <System>
    <Provider Name=”Microsoft-SharePoint Products-Document Management Server” Guid=”{F78D66EC-09A9-

42A2-AC7A-5EE2062DE7E4}” />
    <EventID>7953</EventID>
    <Version>14</Version>
    <Level>1</Level>
    <Task>8</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime=”2014-10-28T20:12:11.098100000Z” />
    <EventRecordID>858923</EventRecordID>
    <Correlation />
    <Execution ProcessID=”10552″ ThreadID=”16556″ />
    <Channel>Application</Channel>
    <Computer>SharePointAppSrv.softvative.com</Computer>
    <Security UserID=”S-1-5-21-1627688274-1190192956-3999157559-1223″ />
  </System>
  <EventData>
    <Data Name=”string0″>Not launching Document Conversions Laod Balancer because registry key 

acknowledging service running on app server (‘AcknowledgedRunningOnAppServer’) is not set.</Data>
  </EventData>
</Event>

SharePoint Document Conversion Error - Event ID 7953
SharePoint Document Conversion Error – Event ID 7953

Event Viewer Error 3

Log Name:      Application
Source:        Microsoft-SharePoint Products-Document Management Server
Date:          10/28/2014 3:12:11 PM
Event ID:      7960
Task Category: Document Conversions
Level:         Critical
Keywords:      
User:          softvativeSPFarmServiceAccount
Computer:      SharePointAppSrv.softvative.com
Description:
The Office HTML Load Balancing Service could not be started.

Error:  Not launching Document Conversions Laod Balancer because registry key acknowledging service 

running on app server (‘AcknowledgedRunningOnAppServer’) is not set.
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”>
  <System>
    <Provider Name=”Microsoft-SharePoint Products-Document Management Server” Guid=”{F78D66EC-09A9-

42A2-AC7A-5EE2062DE7E4}” />
    <EventID>7960</EventID>
    <Version>14</Version>
    <Level>1</Level>
    <Task>8</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime=”2014-10-28T20:12:11.095099700Z” />
    <EventRecordID>858922</EventRecordID>
    <Correlation />
    <Execution ProcessID=”10552″ ThreadID=”16556″ />
    <Channel>Application</Channel>
    <Computer>SharePointAppSrv.softvative.com</Computer>
    <Security UserID=”S-1-5-21-1627688274-1190192956-3999157559-1223″ />
  </System>
  <EventData>
    <Data Name=”string0″>Not launching Document Conversions Laod Balancer because registry key 

acknowledging service running on app server (‘AcknowledgedRunningOnAppServer’) is not set.</Data>
  </EventData>
</Event>

SharePoint Document Conversion Error - Event ID 7960
SharePoint Document Conversion Error – Event ID 7960

Services in Console

In one of my scenario, I went into Windows Services console to review the Document Conversion services. Both the services were not running. Don’t try to start the services from Windows Service console.

SharePoint Document Conversion Services in Windows Services Console
SharePoint Document Conversion Services in Windows Services Console

Root Cause

It turns out there are registry keys that were needed to acknowledge that you configured the services to run on the application server.

Registry Location:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOffice ServerversionLauncherSettings
HKEY_LOCAL_MACHINESOFTWAREMicrosoftOffice ServerversionLoadBalancerSettings

Replace version based on SharePoint version:
SharePoint 2007 -> 12.0
SharePoint 2010 -> 14.0
SharePoint 2013 -> 15.0

You need to add the new key AcknowledgedRunningOnAppServer of type dword and set it to 1. That will let you start the Document Conversion services from Central Admin site.

SharePoint Document Conversion Launcher Settings - AcknowledgedRunningOnAppServer Key
SharePoint Document Conversion Launcher Settings – AcknowledgedRunningOnAppServer Key

SharePoint Document Conversion Load Balancer Settings - AcknowledgedRunningOnAppServer Key
SharePoint Document Conversion Load Balancer Settings – AcknowledgedRunningOnAppServer Key

My Registry Script

I created the AcknowledgedRunningOnAppServer registry entries as a registry file for easy import on new servers in future.

Download the Document Conversion Registry Fix files (.reg or .zip)

Download the .reg file or .zip file and extract the zip file contents to a folder. Locate the DocumentConversion_RegSettingKB2910363.reg file and double click on it. Click Yes to the message box.

Add the Document Conversion Registry Keys to SharePoint Application Server Registry
Add the Document Conversion Registry Keys to SharePoint Application Server Registry

Click OK to the successful message box.

Added Document Conversion Registry Keys to SharePoint Application Server Registry
Added Document Conversion Registry Keys to SharePoint Application Server Registry

After adding the registry entries, try to start the Document Conversion Load Balancer Service from the Central Admin site > Services on Server page. Click on Start under action column to start the Load Balancer service.

SharePoint Document Conversion Load Balancer Service Started
SharePoint Document Conversion Load Balancer Service Started

Now click on Start under action column for the Document Conversion Launcher Service. That will brig the Launcher Service Settings page. Select the same server from Load Balancer dropdown field and click OK.

SharePoint Document Conversion Launcher Service Settings
SharePoint Document Conversion Launcher Service Settings

You should now see the two Document Conversion services with the status of started.

SharePoint Document Conversion Services with Started Status
SharePoint Document Conversion Services with Started Status

Let take a peak at the Windows Service console for these services.

SharePoint Document Conversion Services -Started in Services Console
SharePoint Document Conversion Services -Started in Services Console

Configure Document Conversions

Once the Document Conversion services are running, its time to configure it. You go to Central Admin site > General Application Settings > Configure Document Conversions to configure the conversions.

SharePoint - Configure Document Conversions link
SharePoint – Configure Document Conversions link

On Configure Document Conversions page, you select the web application, enable document conversion, select a load balancer, schedule conversion and set converter settings. Click Apply. Once you are done with changes, then click OK.

SharePoint - Configure Document Conversions Settings
SharePoint – Configure Document Conversions Settings

Under Converter Settings, click on one of the link for the installed converters to review and adjust settings.

SharePoint Document Converter - From Word Document to Web Page Converter Settings
SharePoint Document Converter – From Word Document to Web Page Converter Settings

I’ll demonstrate more including some the limitations on Document Conversion in next version of the this article. Hop over to this page later to review the updated version.

References

  1. Configure Document Conversions Load Balancer and Launcher Services
  2. Document conversion load balancer unavailable
  3. Configure the Document Conversions Load Balancer Service
  4. Manage document conversions
  5. Some document-conversion services in SharePoint Server are not secure when they run in a particular environment

Recover Symantec Protection Engine Lost Password

Wednesday, October 15th, 2014

Recover Symantec Protection Engine Lost Password

Version: 1.2

Symantec Protection for SharePoint Servers (SPSS) is an antivirus solution for SharePoint. SPSS uses Symantec Protection Engine (SPE) as the underlining solution to provide the security framework to SPSS.

On each SharePoint Server running SPSS, usually you also have Symantec Protection Engine (SPE) there as well running under https://localhost:8004. SPE portal is usually password protected.

I came across a scenario where the password for the Symantec Protection Engine (SPE) portal was lost. We were using the right password but somehow SPE was not accepting it. On top of that the Symantec license was about to expire in few days. It was a race against the time!

Error Message

Login failed or Symantec Protection Engine server is not running.

SPE and SPSS services in Windows services console were running.

Symantec Protection Engine Portal Password Failure
Symantec Protection Engine Portal Password Failure

Method 1

I looked at the Symantec Protection for SharePoint Servers implementation guide and under chapter-7 found the section titled ‘Unable to remember the console password’. That is the one method to recover lost password for Symantec Protection Engine (SPE). It didn’t work in my case.

If you forget the console password, you can reset the password. The command line tool CmdSymScan lets you remove the password. It is located at the location
<installdir>:Program FilesSymantecSharePoint.

Type the following command in the command prompt:
cmdsymscan clearconsolepassword

You are not prompted for a password again.

Time was ticking….

Method 2

I went to the Symantec Scan Engine folder location and opened the configuration.xml file.
C:Program Files (x86)SymantecScan Engine

I then searched for the password parameter. Guess what, I found the encrypted password there. I cleared the value and saved the file. The password parameter should look like this.

<password value=””/>

After that I restarted the Symantec Protection Engine (SPE) services under Windows Services console.

Symantec Protection for SharePoint - Windows Services
Symantec Protection for SharePoint – Windows Services 

I closed and relaunched the Symantec Protection Engine (SPE) portal and I was able to successfully log in without the password. From there, I saved the new password, updated the license file and SPSS time clock stopped ticking.

Symantec Antivirus for SharePoint Blocked Linked Excel Files

Wednesday, October 8th, 2014

Symantec Protection for SharePoint Blocked Linked Excel Files

Issue Summary

Symantec Protection for SharePoint Servers (SPSS) 6.0 was deployed in the SharePoint farm. After deployment, certain files are getting blocked by it even though Symantec Antivirus on desktop had cleared those as clean files.

In one of my previous post Linked Excel Files and SharePoint, I covered the details on how linked files work in SharePoint.

Error:

2 – The file: FileNameByFM.xlsx -contains Unscannable Content. Reason: Container Size Violation | Container Size Violation -Status: Blocked

This file cannot be saved to the document library. If you want to save this file to the document library, clean the file using alternative virus scanning software and try saving it again.

Troubleshoot issues with Microsoft SharePoint Foundation.

File can not be uploaded to SharePoint dueto Symantec Antivirus for SharePoint SPSS
File can not be uploaded to SharePoint dueto Symantec Antivirus for SharePoint SPSS

If you are trying to upload a new file, the file is not uploaded. If you are trying to save after edit / checking out, file, it doesn’t work either.

Cause:

The issue is due to the linked MS Excel files that were on user desktop. Only container file was uploaded to the SharePoint. The file was 25 MB in size.

How to find linked files in MS Excel

Follow the steps listed below to find the linked files:
1. Open the Microsoft Excel file from SharePoint
2. Go to Data ribbon tab and then click Edit Links under Connections group
3. Review the linked file(s) for Location. Update / remove as it applies to your container file
4. Save and close the file

Microsoft Excel - Edit Linked Files
Microsoft Excel – Edit Linked Files

You might have to do these step by downloading a copy of that file on your desktop and then make above changes.

Microsoft Excel - Edit Linked Files - Review Location
Microsoft Excel – Edit Linked Files – Review Location

Resolution:

Even removing the linked file didn’t help in this case. The linked file was unnecessary in this scenario. Symantec Protection for SharePoint was still treating that file as a container file. Make sure you review the data in container Excel file that might be coming from the linked file.

I found that Symantec Protection Engine portal on the SharePoint server (http://localhost:8004) has a default filter policy for container handling. Symantec Protection Engine is a separate component of Symantec Protection for SharePoint Servers.

Container File Processing Limits:
Following filter policies were defined by default.

Stop processing a container file when any of the following limits is met or exceeded.
a. Time to extract file meets or exceeds: 180 seconds
b. Maximum extract size of the file meets or exceeds: 100 MB
c. Maximum extract depth of the file meets or exceeds: 10 levels

When processor limit is met or exceeded: Deny access to the file and generate a log entry.

Symantec Protection for SharePoint Servers - Filtering Policies on Container Handling
Symantec Protection for SharePoint Servers – Filtering Policies on Container Handling

I changed the container file  policy to: Allow access to the file and generate a log entry.

That seemed to resolve the issue.

Risk Assessment:

In this scenario, due to internal only SharePoint, the decision was made to allow access to files in case of container file processing limits are reached or exceeded. The decision was in favor of application availability rather strict security.

Keywords:

  • Symantec Antivirus for SharePoint
  • Symantec Protection for SharePoint
  • Symantec Protection for SharePoint blocks file
  • Symantec Protection for SharePoint does not allow file upload
  • Symantec Protection blocks file upload in SharePoint
  • File upload blocked by Symantec antivirus
  • File upload blocked in SharePoint
  • Unscannable Contents in SharePoint
  • Container Size violation in SharePoint
  • SharePoint File upload blocked by antivirus

Using Cisco Wifi Controller for Employee and Guest Wifi

Wednesday, October 1st, 2014

Using Cisco Wifi Controller for Employee and Guest Wifi

V: 1.0

Case Study:

  1. The client was using two different ISPs one each for employee and guest wifi. 
  2. Employees were sharing the guest wifi to bypass the firewall, web filters and security policies on the main network.
  3. Client was paying enormous amount of $$$$ to ISP. Operational and IT management costs were too high.
  4. Multiple wifi access points (APs) were in place. Changes were done on each APs when needed.
  5. APs were poorly places in the building and causing wifi performance issues

Solution:

I did the project research and came with following proposal based on the requirements:

  1. Cisco Wifi Controller with new Access Points
  2. Barracuda Web Filter 410
  3. VLAN network from APs, controller and ll the way to the Web filter to not allow guests traffic into internal network
  4. Sungard High Availability Services
  5. Use of Layer 3 wifi security for the employee network
  6. Using Layer 2 and 3 security for the guest network
  7. Using Cisco Wifi Controller’s security policies
See my planning diagram for the project.
Using Cisco Wifi Access Points /  Controller and VLAN for Employee and Guest Wifi Network
Using Cisco Wifi Access Points /  Controller and VLAN for Employee and Guest Wifi Network
The solution helped the customer streamline their IT processes.
  1. Client saves a lot of dollar amount they were paying to the additional ISP
  2. Isolation of the guest and employee wifi was achieved using the same network hardware but using VLAN. 
  3. Use of Cisco Wifi Controller helped IT department save lots of time in operational and maintenance costs and hence the hidden costs
  4. With the combination of Layer 2 and 3 wifi security, employees could not use the guest network easily