Archive for November, 2015

Configure SharePoint 2013 Hostname based User Profile Service Application

Friday, November 27th, 2015

Configure SharePoint 2013 Hostname based User Profile Service Application

Scenario: All Service Application configured except UPS.

  1. Have a cname record that redirect to existing My.svdomain.com Citrix LB VIP
  2. Create a new Web App with host header set to My.svdomain.com and using Farm admin account for App Pool
  3. Create a Quota Template with 5000 MB limit and 4000 MB warning
  4. Create a root site collection using ‘My Site Host’ template
  5. Go to CA > Manage Services on Server and start:
    1. User Profile Service on one app and two WFE servers
  6. Create User Profile Service Application
    1. SA Name: User Profile Service Application
    2. App Pool: SharePoint Web Services System
    3. Use PPMTest_ as prefix for databases name
    4. Profile Sync Instance: SPAppSrv01
    5. Mysite Host URL: http://My.svdomain.com
    6. MySite Managed Path: /personal
  7. Go to CA > Manage Services on server and turn on User Profile Synchronization Service on one App server. Enter the password for the service account there
    • That will enable two Forefront services in Windows Services console
      • Forefront Identity Manager Service
      • Forefront Identity Manager Synchronization Service
  8. Go back to Manage Service Application > User Profile SA Properties and make sure the Profile Sync instance has the correct server selected and click cancel.
  9. Make sure Service Account (Farm account) has permissions under User Profile SA > Administrators.
  10. Go to User Profile Service Application configure:
    1. Under My Site Settings > Setup My Sites: Under Email notifications, enter My_Sharepoint@svdomain.com as the sender email
    2. Under Configure Synchronization Connections, click ‘Create new connection’ to setup AD connection for profile sync.
      1. Connection Name: svdomain UserProfile ADSync Test
      2. Forest Name: svdomain.ds
      3. Account Name: svdomain\FarmAdmin
      4. Pass: Yourpass
      5. Populate Containers and select the AD OU levels to sync with.
        • svdomain.com
        • Main
          • Admin – checked
          • App – checked
          • Contacts – checked
          • Groups – checked
          • Journaling – checked
          • Users – [Check then uncheck these sub levels]
            • Migrated Users
          • Termed Accounts – checked
          • Users – checked
    3. Click on AD Connection Name and from dropdown choose ‘Edit Connection Filters’. Add user filter for userAccountControl Bit on equal 2. Click OK
  11. Review the Forefront Identity Manager client “C:\Program Files\Microsoft Office Servers\15.0\Synchronization Service\UIShell\miisclient.exe”
  12. Go to User Profile Service Application > Synchronization > Start Profile Synchronization. Perform a full sync. In case the profiles are not imported, review the FIM client for error.
  13. Assign AD Replicate Directory changes permissions to SharePoint account used in User Profile SA (Farm Admin)
  14. Reboot the servers if needed.

 

References:
  1.  https://technet.microsoft.com/en-us/library/hh296982.aspx
  2. User profile properties and profile synchronization planning worksheets for SharePoint Server 2013
  3. Plan user profiles in SharePoint Server 2013
  4. Planning worksheets for SharePoint 2013
  5. Grant Active Directory Domain Services permissions for profile synchronization in SharePoint Server 2013
  6. Administer the User Profile service in SharePoint Server 2013
  7. Plan profile synchronization for SharePoint Server 2013 – Active Directory Domain Services
  8. FIM 2010 Technical Overview
  9. Creating User Profile Synchronization Exclusion Filters using the userAccountControl attribute
  10. Connection filter data types and operators in SharePoint Server 2013
  11. SharePoint 2013: User Profile Syncronization – Direct Active Directory Import
  12. First Look: SharePoint Server 2013 Active Directory Import
  13. Required User Profile Synchronization Permissions in Active Directory for SharePoint 2010

SharePoint HTTP 400 Bad Request Error

Sunday, November 22nd, 2015

SharePoint and HTTP 400 Bad Request Error

V: 1.0

Scenario

Users go to SharePoint site and get HTTP 400 Error. They may be able to see partial page but in most cases will get the error on all the sites.

SP2010_HTTP400_BadRequest_Error

 

The error is consistent between Internet Explorer and Chrome browsers. Go to Internet Explorer Tool > Internet Options > Advanced tab and uncheck the option ‘Show friendly HTTP error messages‘. Click OK.

SP2010_HTTP400_BadRequest_Error_IEUncheckOption

Internet Explorer HTTP Error messages option

 

Then refresh the page and you will see the error details.

HTTP 400 – Bad Request (Request Header Too Long)

 

Cause

The issue can happen if a user is part of too many Active Directory groups. Too many groups can increase the Kerberos authentication token size.  The HTTP request sent to IIS web server will be rejected by IIS and users get this error.

SP2010_HTTP400_BadRequest_TooManyADGrps

Active Directory Users and Computer Management – User Account Properties

 

Note: Active Directory uses Kerberos protocol.

 

Resolution

There are two options. Either remove extra AD groups from the user’s AD account or configure the registry settings on IIS (Internet Information Server) web servers.

Registry loaction on IIS web servers:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters

Set values for MaxFieldLength and MaxRequestBytes registry keys.

Name Value Type Value Data
MaxFieldLength DWORD 65534
MaxRequestBytes DWORD 16777216

 

Registry file contents. Save below as .reg file and run on servers.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters]
“MaxFieldLength”=dword:00065534
“MaxRequestBytes”=dword:16777216

 

Click here to Download registry file

 

After theses settings, restart your servers. In case of SharePoint, I recommend to apply this setting on all WFE and App servers in the farm.

 

References:

  1. “HTTP 400 – Bad Request (Request Header too long)” error in Internet Information Services (IIS)
  2. Problems with Kerberos authentication when a user belongs to many groups

Keywords:

  • HTTP 400 error in SharePoint
  • HTTP 400 on sharepoint page and site
  • SharePoint Bad Request error

 

Setup Workflow Manager on SharePoint 2013

Tuesday, November 10th, 2015

V: 1.0

Full video on Workflow Manager 1.0 deployment for SharePoint 2013 or Project Server 2013 is at the bottom of this article.

 

  1. Download Workflow Manager 1.0 and run WorkflowManager.exe (94 KB)
  2. Click Option and uncheck Customer Experience setting
  3. On the Workflow Manager Configuration Wizard page, click Advanced button.
    1. Enter SQL Server name. A highly available SQL Server setup will help the Workflow Manager database availability as well. Use SQL Server Availability Group during Workflow Manager config. Like SQLAG\MSSQLServer,1464
    2. Configure database names for (default name listed below):
      1. Farm Management DB: WFManagementDB
      2. Instance Management DB: WFInstanceManagementDB
      3. Resource Management DB: WFResourceManagementDB
    3. Configure Service Account. Use SP Farm Account
    4. Leave Configure Certificates to Auto-Generate
      1. Use SP2013 as the ‘Certificate Generate Key’ [use a secure key instead of words ‘SP2013’ in production]
    5. Configure Ports
      1. Workflow Manager Management Port: 12290
      2. HTTP Port: 12291
    6. Check the box “Allow Workflow management over HTTP on this computer”
    7. Configure Admin Group (gets access to all DBs): Leave BUILTIN\Administrators
  4. Service Bus Configuration
    1. Farm Management DB: SbManagementDB
    2. Gateway DB: SbGatewayDatabase
    3. Message Container DFB: SBMessageContainer01
    4. Check the box under ‘Configure Service account’ to use same account as used in Workflow Manager config.
    5. Under ‘Configure Certificate’ section use Auto-Generate and check the box to use same certificate generation key as was used for Workflow Manager.
    6. Under Configure Ports use:
      1. HTTPS Port: 9355
      2. TCP Port: 9354
      3. Message Broker: 9356
      4. Internal Communication Port Range: 9000
    7. Configure Admin Group (gets access to all DBs): Leave BUILTIN\Administrators
  5. Review Summary page of the wizard, save the summary using copy and PowerShell options and then click Apply check mark icon on bottom right. That will start the configurations.
  6. At the end of Configuration, click on View Log link to review and save the log. then click on check mark at the bottom to close the wizard.
  7. Exit the Web platform Installer.
  8. Review the database server. You should see 6 new databases.
  9. Review IIS for Workflow Manager Site. Make sure you can get to http://servername:12291 site address for non-SSL: https://servername:12290 for SSL enabled site. You may need to have a DNS address / Load balancer configuration for Workflow URL, if you plan on using multiple servers in the same farm with Workflow Manager.
  10. Review SharePoint Central Admin > Manage Service Applications page to review ‘Workflow Service Application’.
  11. Open SharePoint Management PowerShell with run As admin. Enter following command to connect SP and Workflow Manager.
    • Single Server with HTTP
      Register-SPWorkflowService -SPSite “http://Sharepoint.SVdomain.com” -WorkflowHostUri “http://SPWFE1:12291” -AllowOAuthHttp
    • With DNS FQDN through Citrix Netscaler / Load Balancer
      Register-SPWorkflowService -SPSite “http://Sharepoint.SVdomain.com” -WorkflowHostUri “http://Sharepoint.SVdomain.com:12291” –
      AllowOAuthHttp -forceNote:
      -force parameter will override the previous setting.MSP2013_WorkflowManager_with_FQDN_via_LB_WO_Persistence
  12. Go back to SharePoint Central Admin site > Manage Service Applications > Workflow Service Application. You should see
    ‘Workflow is Connected’ message confirming the workflow manager is connected to SharePoint.
  13. Go to SharePoint Designer, connect to a site and try to create new site workflow. Review the dropdown option for SharePoint 2013 workflow option.

 

To verify the Workflow Manager Deployment

Go to SharePoint Central Administration > Manage Service Applications > Click on Workflow Service Application. If you see the following message, then Workflow Manager is not registered with the SharePoint. You will see Workflow is connected message if the workflow manager is setup correctly with SharePoint.

MSP2013_WorkflowManager_Installed_SP_Serviceapp_NotConnected

 

b. Go to the Workflow Manager URL from one of the SharePoint server. If you get the response, then it is working.

MSP2013_WorkflowManager_with_FQDN_via_LB_WO_Persistence_IE

 

Review the Workflow Changes in SharePoint Designer

In SharePoint 2013 (or Project Server 2013) launch SharePoint Designer, connect to a site and create a new workflow and you will notice that only SharePoint 2010 workflow type is an option. That is due ti missing Workflow Manager setup in the farm.

PPM2013_Dev_SPD_2013WorkflowsNotAvailable

 

Setup Workflow Manager, register it in the SharePoint 2013 farm and then review the SharePoint Designer 2013 Platform Type option. You will notice SharePoint 2013 Workflow as an option. If you will be connected to Project Server 2013 PPM site, you will notice Project Server 2013 as additional option.

PPM2013_Dev_SPD_Showing_Workflows_for_3_Platforms

 

Softvative Video – Workflow Manager 1.0 for SharePoint 2013 / Project Server 2013

 

Softvative Logo

References:

  1. Install and configure workflow for SharePoint Server 2013
  2. Download Workflow Manager 1.0
  3. Video series: Install and configure Workflow in SharePoint Server 2013
  4. Installing and Configuring Workflow Manager 1.0
  5. Configure workflow in SharePoint Server 2013
  6. Service Bus 1.0 for Windows Server – Architecture Overview