Category Archives: Windows Server

WAMP SERVER is in Amber Color and cannot be started

Happened to bump into this hiccup and I thought it would be helpful to document it down.

Someone of you may have faced this error where your newly installed WAMP  cannot be started and there is no MYSQL/PHP/APACHE error log generated.

One place that I always like to check if the Event Viewer (eventvwr.msc). If you navigate to your Application Logs and happen to see this error

The Apache service named reported the following error:
>>> (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : AH00072: make_sock: could not bind to address 0.0.0.0:80 .

The Apache service named reported the following error:
>>> AH00451: no listening sockets available, shutting down .

The Apache service named reported the following error:
>>> AH00015: Unable to open logs .

Congratz! I may have a solution for you!

The above error simply means that the port 80 of your current machine is in used by another Running program…  Wait a minute.. I did not run any Web Server in my local machine.. Why would it be in used??

Step below show you how to check which program/service is using your ports

  1. Open CMD (Command Prompt) with Administrator rights
  2. Run “netstat -anob | more“. Use ” | more” in case the output is long and you need to see them page by page (hit Space to see next page of output, just so you know)
  3. Look for Local Address that contains “:80” port 80. (which is what the WAMP stack requires)
  4. You should see the executable that is using the port now. (In my Case, it was SKYPE.EXE… OKAY!! thanks for not telling me during my installation!)

 

Side Note, You can still use Skype for Business while hosting your WAMP Server. Go to Skype Option > Advanced > Connection. Uncheck the use port 80 443 for additional incoming connection.

 

How to check my CPU Temperature using PowerShell Remotely

Thought it would be helpful to share how to remotely check your Computer temperature especially when you have a computer at home and you want to track if it is HOT. Just in case you don’t want to burn your computer etc etc, for whatsoever reason.

Well. Steps below show you how to do that! Make sure your client machine (the one that you are using) has PowerShell version 2.0 and above (well most of the Windows nowadays has it already). Just do a Search in your program menu and you should see it

  1. First of all, ensure your target computer (the one sitting at home that you want to check) has Firewall Turn off (not recommended). Alternatively, set Exception rules for WMI rules.
    Very briefly, go to “wf.msc” – Windows Firewall of the target computer and enable Inbound Rules for “Windows Management Instrumentation (WMI-In)” – Profile: Domain.
    remotely check cpu temperature - 1
    See detail steps here 
  2. Once firewall is cleared, make sure you have local administrator rights account that can query the CPU temperature in the target computer. (this one is simple) Fire “lusrmgr.msc” in the Run command.
    Check the “Administrators” group and make sure your account is the member.
  3. In order for you to be able to remotely check your computer temperature, you must have connectivity to your target computer. I believe there could have many way you can have connectivity to your target computer. Of what I know, the below three should be enough to fulfill the task
    1. One that I always like to use is Teamviewer. With this, you can easily establish VPN or remotely login to run the script mention in Step 4. (without specifying the -Computer and -Credential).
      Make sure when you install the Teamviewer, you have the VPN Driver installation option ticked.
    2. Allowing RDP to your target computer from public IP. In this option, you need to configure your Home Router to allow port 3389 to hit your target computer. Please go to your router admin page (usually ends of 192.168.0.1 or  192.168.1.1 depending on which is your subnet) and configure port forwarding to your private IP.
      In this way, you will be doing the same steps as option 1 where the only difference is you remotely accessing your home computer and run the script directly onto the target computer. Again, without specifying the -Computer and -Credential parameter in step 4)
    3. Option 3 is kinda most complete one and if you want to learn a little bit deeper for WMI. In this option, you will be granting DCOM port (135) and a fixed port (24158) port forwarding to your remote compute (which is accessible via public IP like what you’ve done in option 2). Refer here for how to fix WMI port.Screen shot example on how I configured the WMI to fixed port. (please pardon the typo)
      configure WMI to fixed port
      At the end of the day, your target computer but be accessible via DCOM port and WMI port from public IP.
  4. Open PowerShell via Administrator rights and run the following PS command

    Get-WmiObject MSAcpi_ThermalZoneTemperature -Namespace “root/wmi” -ComputerName “<IP of your target computer>” -Credential (Get-Credential)

    You will be prompted to specify the credential, use the account that you have administrator rights mentioned in step 2 above.
  5. You should be expecting response like screen below
    remotely check cpu temperature - 3
  6. Look for “CurrentTemperature” and the value is in Celsius

How to enable Remote Desktop for your Computer/Server

To most of the IT guys out there, I believe this is quite a common thing that you may have bumped into this and believe me, sometimes you thought you have done it right and still did not able to get it working.

Let me note that all the steps that you need to do in order to allow RDP to your Server (from some machine within the same Network).

Most people already know the step 1 and 2. What’s lacking here that you may not know is the step 3 (Fire Wall!)

FIRE~~~~ Wall FIRE~~~~ Wall

Photo credits to www.clker.com

Step 1: Allow remote connections to this computer and grant login for RDP

  1. Open RUN and enter “sysdm.cpl” and click “Remote” tabs.
    Alternatively, go to Explorer (Windows + E), right click anywhere, select Properties and click “Remote Settings” on the left panel.
  2. You should see System properties panel as shown below.
    remote desktop allow remote connections
  3. Check “Allow remote connections to this computer“.  Refer to here for option “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)”
  4. Click “Select Users” and add in any users that you want to allow remote connection. If it is for your own usage, you may just leave this empty. In scenario where you need to allow multiple users to access your computer using different account, you need to create local user and add them here. In a even more common scenario where your computer/server is joined to a domain, you can add in the domain users account here for remote access.

Step 2: Security Policy

  1. At times, your server may need to join to a domain. Some domain policy may have configure the security policy to harden all domain servers. In this case, please check your local security policy and see if the Allow log on through Remote Desktop Services has included the login that you are gonna use. For simplicity, unless otherwise, use Administrator group of users which by default, granted permission to RDP.
  2. To check, open RUN and fire “secpol.msc
  3. Navigate the left panel to “Security Settings” > “Local Policies” > “User Rights Assignment”
  4. Look for “Allow log on through Remote Desktop Services” and see if your remote login is in this value. If not, “Please contact your server administrator” lol!

 

Step 3: Firewall!

  1. Open RUN and enter “wf.msc” (shortcut to Windows Firewall).
  2. Click “Inbound Rules” from the left panel
  3. Look for “Remote Desktop – User Mode (TCP-In)” and “Remote Desktop – User Mode (UDP-In)” and make sure they are both enabled. If not, please right click and hit “Enable Rule”

 

Once the steps above are done, open Remote Desktop Connection program (or “mstsc” in RUN), specify the computer/server IP and start RDP!

 

SMTP Relay email stuck at Queue folder

During my SMTP Relay setup, i noticed the Send email function is called successfully BUT no email is sent to my mailbox.

I check the following directory C:\inetpub\mailroot\Queue and noticed that there are a few EML file stuck in it.

After googling and troubleshooting, the problem is that in the IIS6 > SMTP’s Properties > Outbound Security, the Basic Authentication is specified with an invalid email address and password.

Update them and now my email will be sent out.

WebHost failed to process a request AND SQL database login for Config on instance SQL failed

After setting up my SharePoint 2013 for both Web Front End Server and Application Server. I encountered the following error in my WFE server

Source: System.ServiceModel 4.0.0.0

Task Category: WebHost

Event ID: 3


WebHost failed to process a request.
 Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/63835064
 Exception: System.ServiceModel.ServiceActivationException: The service '/SecurityTokenServiceApplication/securitytoken.svc' cannot be activated due to an exception during compilation. The exception message is: Exception has been thrown by the target of an invocation.. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: The farm is unavailable.
 at Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceManager.get_Local()
 at Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceConfiguration..ctor()
 --- End of inner exception stack trace ---
 at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
 at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
 at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
 at System.Activator.CreateInstance(Type type, Boolean nonPublic)
 at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark)
 at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
 at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture)
 at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceHostFactory.CreateSecurityTokenServiceConfiguration(String constructorString)
 at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses)
 at Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses)
 at System.ServiceModel.ServiceHostingEnvironment.HostingManager.CreateService(String normalizedVirtualPath, EventTraceActivity eventTraceActivity)
 at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(ServiceActivationInfo serviceActivationInfo, EventTraceActivity eventTraceActivity)
 at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity)
 --- End of inner exception stack trace ---
 at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity)
 at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath, EventTraceActivity eventTraceActivity)
 Process Name: w3wp
 Process ID: 4844

TOGETHER with

Source: SharePoint Foundation

Task Category: Database

Event ID: 3351


SQL database login for 'SHAREPOPINT CONFIG DB NAME' on instance 'SQL INSTANCE NAME' failed. Additional error information from SQL Server is included below.

Login failed for user 'Web Front End SERVERNAME$'.

The reason why i mentioned these two events are together is that the resolution below that i did is related to the two error events. If your event log does not contain these two errors, it is likely that the resolution below may not work for you.

Resolution

  1. Go to the server that contain these error message (Web Front Event server).
  2. Open IIS (Internet Information Services) Manager
  3. In the Connections panel, navigate to Application Pools
  4. (In my case, the “SecurityTokenServiceApplicationPool” Application Pool is running using “LocalSystem” account)
  5. Select the SecurityTokenServiceApplicationPool and click “Advanced Settings” from the action panel.
  6. Scroll to ProcessModel section and change the Identity to YOUR SharePoint Farm Account!
  7. Click Ok and Recycle the application pool and done!

SharePoint 2013 Pre-requisite Error – Application Server Role and Web Server (IIS) Role

Bumped into  this error when trying to manually setup SharePoint 2013 pre requisite installation.

The Configuration stopped at step Configuring Application Server Role and Web Server (IIS) Role.

SP2013 Error - Pre-requisite App Server and Web Server

Resolution

  1. Go to Server Manager > Add Roles and Features
  2. Select Your server in the Server Pool under Server Selection page
  3. Select Web Server (IIS) Role
  4. Click Next until the wizard finishes
  5. Rerun the Pre-requisite setup and the error is gone.

SharePoint 2013 – Newsfeed not showing anything.

After successfully setup my User Profile Services + User Profile Synchronisation Services. I then setup “My Site” in which you need to manually create a Managed Path in the Web Application which hosts your My Site.

After setting them up, you shall see “News Feed’, “SkyDrive” and “Sites” appear on the Ribbon Bar. Yes! at least something is showing. I then happily click on the News Feed. The SharePoint is showing a message, We Are working on it. While waiting for the setup, you may edit your profile, contact bla bla bla.. ok. Maybe I should just wait for a while. The next day i came back to the same URL, this message is still showing!

Then i noticed this error in ULS LOG

Unexpected error occurred in method 'GetObject' , usage 'FeedCache' - Exception 'Microsoft.ApplicationServer.Caching.DataCacheException: ErrorCode<ERRCA0018>:SubStatus<ES0001>:The request timed out.. Additional Information : The client was trying to communicate with the server : net.tcp://<<MY-SHAREPOINT-URL>>:22233

Apparently there is something wrong with the Distributed Cache Service.

Resolution

To solve this problem, first thing you have to ensure that the Distributed Cache Service in “Manage Services on Server” is not Stopped. If not Started, please kindly follow this to Add your SharePoint server to existing cache cluster. (You may need to check if you have already setup cache cluster.

To add a server to cache cluster, Do this

Add-SPDistributedCacheServiceInstance

At times, the Distributed Cache service maybe corrupted (for whatever reason), you may Remove the server from cluster and add them back again.

Simply

Remove-SPDistributedCacheServiceInstance

Then

Add-SPDistributedCacheServiceInstance

If this still doesn’t work, please ensure your Windows Firewall is open to ICMPV4 and ICMPV6 Inbound Rules. (Check Here)


					

Unable to connect the Search Services

I’ve already setup the environment correctly base on the Technet guide.

The farm topology is 1 WFE, 1APP (which runs the Search Service Instance), 1 SQL and 1 Fast Search server.

This error happen after few months of system commission.

Whenever hitting a keyword via the Search Box, this error “Unable to connect the search services” kept throwing.

Resolution

After checking the server system time, i noticed that there is 5++ mins difference between APP Server and Fast Search Server. This time difference will cause the web service call to fail!!

Hence, please ensure that your Search Service Instance server and the FAST Search are in synch with the time. I’ve heard that there is this NTP for servers to synch up the time. You may explore it in detail yourself =)

 

How to grant Local Administrator rights

The following steps show you how to grant a domain user or local user with Local Administrator rights.
  1. Logon to the machine/server that you want to grant Local Administrator right to.
  2. Open “Run” from the Start Menu. Or alternatively hit [Windows + R] key
  3. enter “dsa.msc” (if you are in a Domain Controller machine) or “lusrmgr.msc” (for any other machine)
  4. Navigate to your domain (if DC) and then to “Built in”
  5. Double click on the Administrator group.
  6. Go to “Members” tab and click “Add” button
  7. Assign the account that you want to grant access with.
  8. Click Ok to complete

How to Assign Local Administrator Right

User Profile Synchronisation Started

Holy cow. Finally got my User Profile Synchronisation Service started successfully!! I’ve been cracking my head for these few days, tried reading and reading again the MSDN UPS Configuration guides. It’s just not an easy task to get it setup properly. Apart from that, would like to thank Harbar for the great work to note down all the necessary requirement for UPS

Evidence

Just to summarize all the requirement in case i may forget.

  1. The Service Account running the “Windows Service – User Profile Synchronization Service” MUST BE to be your SharePoint Farm Account (Check here on how to find your SharePoint Farm Account)
  2. The Service Account (Which is also the Farm Account) has to be granted with Local Administrator rights in machine which runs the User Profile Synchronisation Service Instance. At least when provisioning the service. (in layman’s term, when clicking the “Start” action link from “Manage Services on Server” in Central Admin). Check here on how to grant Administrator right. Why? Reason being that the provisioning requires modification on Server’s Registry which required administrator right to do so. Starting the UPS without Admin rights will cause Unauthorized Access. You may try and check SharePoint Log Files =).
  3. The Service Account (Which is also the Farm Account) has to be granted with Allow Log on Locally right. You can do this via group policy editor (GPEdit) in your Domain Controller machine. Check here on how to assign permission. Granting the access in step 2 is sufficient to get the service started. However, it is always not recommended to grant Farm Account with Administrators right. By revoking the Administrator right after provision, the Allow Log on Locally right will be gone too! Hence, it is advisable to grant explicitly the permission via GPEdit.

Note. Those are the requirement to get the User Profile Synchronisation Services STARTED. There needs additional set to setup the synchronisation connection.