Tag Archives: admin

SharePoint Search Service – service implementation object was not initialized

As usually, the same opening statement.

“I recently bumped into this issue” where my Search Service Application services is throwing “service implementation object was not initialized” error when perform a regular, normal, nothing-special search from any sharepoint site collection.

Note that in my SharePoint Farm, I have two search server that are both hosting the 6 components

  • Admin Component
  • QueryProcessing Component
  • Index Component
  • Crawl Component
  • ContentProcessing Component
  • AnalysticProcessing Component

When accessing to Central Admin > Manage Service Application > Search Service Application page, I notice the “All Status” is “All Errors” and if it is hitting my another central admin server (i have 2, yea same server), it gives “Running”.

For this, I seem that there is some issue when server is trying to TALK to each other. Also, if  you browse into Search Schema (the old Managed Properties page), You do not see any managed properties to be configured.  Browsing to “Content Source” page will give you “Service Implementation object was not initialized” error

Flipping through my ULS logs for both server, you will see errors right below (putting the error here so it help Google Search for people hitting the same error and be able to find out my article that may be able to help them)

failed to get default collection for application Search Service Application: System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: The service implementation object was not initialized
SearchServiceApplicationProxy::GetQueryHealthMonitoringSettingsForComponents--Error occurred:System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: The service implementation object was not initialized
Exception when reading aggregator settings: ...

All over the logs file.

It took me 7 rounds of re-provisioning of Search Service Application… in order to get it tested and fixed. I hope you do not need to spend that much time !

Occasionally, you see Error reported in Event Viewer

A failure was reported when trying to invoke a service application: EndpointFailure
Process Name: OWSTIMER
...
Service Application Uri: urn:schemas-microsoft-com:sharepoint:service: ...
...
Affected Endpoint: http:// xxxx /SearchService.svc

Resolution

All these are signs of SSL validation error that causing SVC end point failure. I followed this article (thanks to the author!) and trying to remove and add SSLCert with certification revocation disable.

  1. RDP to Search Server with Local Administrator rights
  2. Fire up “CMD” command prompt
  3. Execute
    netsh http show sslcert
  4. Note down the detail for ip port : 0.0.0.0:32844 (especially the Hash number) cause this is what the cert binding for SharePoint Web Service
    SharePoint SSL Cert binding revocation disable
  5. Execute command below to Delete the SSL binding
    netsh http delete sslcert ipport=0.0.0.0:32844
  6. You should see a success message. Then execute the following to add the SSL Binding with verify client certificate revocation Disabled
    netsh http add sslcert ipport=0.0.0.0:32844 certhash=18e363549ba0c0445625cc47ecbfb5dbbd4ec517
    appid={4dc3e181-e14b-4a21-b022-59fc669b0914}
    certstorename=SharePoint verifyclientcertrevocation=disableNote that the certhash should follow your own Cert.
  7. Repeat the same steps to all your Search Server
  8. Once it is added, I did a re-provisioning of my Search Service Application… And Woala!

 

 

Exception calling “Update” with “0” argument(s): “Invalid look-up value

Had this error when trying to update SharePoint SPFieldLookupValueCollection using PowerShell.

Just to share a small part of my PowerShell that DID NOT Work

$valueCol = New-Object Microsoft.SharePoint.SPFieldLookupValueCollection;
 
 $groupValue.Split(",") | % {
 $lookupTitle = $_;
 $lookupItem = $lookupItems| ? {$_.Title -eq $lookupTitle};
 if($lookupItem -eq $null)
 {
 Write-Host -f Yellow "Unable to locate Lookup Item $lookupTitle."
 }
 else
 {
$val = New-Object Microsoft.SharePoint.SPFieldLookupValue($lookupItem.ID, $lookupTitle);
 Write-Host "`t`tLookup:" $val.LookupId " LookupValue:" $val.LookupValue
 $valueCol.Add($val);
 }
 }
 
 Write-Host "`tAdding Value" $valueCol;
 $existingItem["MultipleLookupColumnName"] = $valueCol;
 $existingItem.Update();

I thought it was easy. Turned out that this script WILL ONLY store the last value of the loop that you updated. That means, if you were to have Multiple Value of “A,B,C”, it stores only the C !

Resolution

It turns out that you just need to include the Type of the object before intializing a PowerShell Variable and it works perfectly fine.

[Microsoft.SharePoint.SPFieldLookupValueCollection]$valueCol = New-Object Microsoft.SharePoint.SPFieldLookupValueCollection;

$groupValue.Split(",") | % {
$lookupTitle = $_;
$lookupItem = $lookupItems| ? {$_.Title -eq $lookupTitle};
if($lookupItem -eq $null)
{
Write-Host -f Yellow "Unable to locate Lookup Item $lookupTitle."
}
else
{
[Microsoft.SharePoint.SPFieldLookupValue]$val = New-Object Microsoft.SharePoint.SPFieldLookupValue($lookupItem.ID, $lookupTitle);
Write-Host "`t`tLookup:" $val.LookupId " LookupValue:" $val.LookupValue
$valueCol.Add($val);
}
}

Write-Host "`tAdding Value" $valueCol;
$existingItem["MultipleLookupColumnName"] = $valueCol;
$existingItem.Update();

So please dont forget to do that!

 

Create a Page in SharePoint sub site is not adding to the sub site but the Root site

I hope the post title did not confuse you. I hit this weird behaviour in SharePoint when I was in “www.sharepoint.com/subsite” trying to create a Page in “www.sharepoint.com/subsite/pages” library. The dialog shows URL of Root Site in “Find It at”

create a page not adding to correct site 1

If you proceed to create the page, it will be added into ROOT SITE! which is not what I wanted

Resolution

To avoid confusing and to make the “add a page” adds pages to the correct site. Please do the following:

  1. Go to your sub site setting page
  2. Go to “Navigation” under look and feel section
  3. Uncheck the field “
  4. Click “OK” an save

Once you have unchecked the field, your “add a page” is now adding to the correct subsite!

 

PowerShell script to disable Limited Access Lock Down mode for all Site Collections

I always like to make use of PowerShell to do stuff. When dealing with a lot of Site Collection, it is advisable to script your task than going through UI one by one to configure.

I have a requirement to take out the Limited Access Lock Down mode introduced in SharePoint 2013. A bit introduction for this feature, this feature actually BLOCK users from browsing a file (via Browser) or check-in/check-out a file (via Office Client such as Word).

limited access user permission lockdown mode

If you activate this lock down mode, SharePoint does not allow browsing of its parent and hence you will receive error when trying to edit a file via Office Client (even if you have contribute permission to the file itself!). If you are only allowing your users (usually external or someone who does not have permission to the entire web or document library) to read the file, you do not need to Deactivate this.

In my environment, its much more complicated where some users are only editable to file from other Sub Site or Site. And Content Owners always assign Individual file for other site’s user to edit. In this case, in order to allow seamless experience, I would need to make sure that this feature is Deactivated at all site collections.

I came out with this PowerShell, Short and Sweet one, to help me. Hope it helps!


Get-SPSite | % {
  Get-SPFeature -Site $_ | ? { $_.DisplayName -eq "ViewFormPagesLockDown"} | Disable-SPFeature -Url $_.Url -Confirm:$false
}

P.S. Run it via SharePoint Management PowerShell. Or else you need to add in “Add-PSSnapIn Microsoft.SharePoint.PowerShell” at the start of this script.

Changing Default HomePage for Document Center to a Document Library

As stated in the Title, it is easier said than done to change the default landing page of a Document Center. If you have done publishing sites often, you will usually go to “Welcome Page” in the site setting page to do it.

welcome page publishing

But in Document Center site, this feature is missing and what’s even worse, that there is no Pages or Site Pages library for you to set the homepage

[I’m referring to the set homepage feature below]

make home page

So how to change the default landing page for SharePoint Document Center?

The trick is simple, all you need to do is to go to the Document Library that you want to make default home page.

Hit on the “Edit Page” menu under Site Action gear.

edit page in document library

Once the Document Library page is in Edit Mode, you shall see additional Ribbon Tabs appear and shown below, Go to “Pages” tabs and now you can set the HOME PAGE! (hidden gem)

document library make homepage

There are alternative ways of doing this such as running PowerShell etc. but I personally find this the quickest and easiest way to do it.

Hope it helps!

 

Do you know? CTRL + SHIFT powerful keys

Do you know that if you hold CTRL + SHIFT and Left click on any program such as “cmd.exe”. You are actually running the program as Administrator?

And instead of hitting “Enter” to open a program, you can do CTRL + SHIFT + Enter to run it as Administrator.

 

Do you know that if you hold CTRL + SHIFT and Right click on any program, you can then run the program as another user such as impersonating someone’s login to open IE browser etc etc.

 

Do you know that if you hit CTRL + SHIFT + ESC, you can easily fire up Task Manager

Be Pro!

SharePoint Search Content Source Crawl Log Access Denied

I have the following issue when setting up SharePoint 2013 Search Service Application.

Whenever I started full crawling my content sources, after certain time (usually the next day). Content Sources page and Crawl Log will give Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
search service application content source access denied

Checking Search Instance Server’s Application Log and you can see the following error

The Execute method of job definition Microsoft.Office.Server.Search.Administration.IndexingScheduleJobDefinition (ID e611e95c-dc0a-40ee-a3a3-c58f2099c2d1) threw an exception. More information is included below.

Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Event ID 6398

Subsequently go to Central Administration page > Timer Jobs to look for the respective Timer

Found “Indexing Schedule Manager on xxxServerNamexxx” failed miserably, for every 5 minutes.

It was then found that some user has this issue previously which has got something to do with TASKS folder in your C:\WINDOWS

sharepoint search windows task access denied issue

In case if you do not have the history of your Domain GPO, this particular folder was previously a target for Conficker Worm virus. Refer here. MS recommended to actually change the permission of this folder which then conflict the requirement for SharePoint Search Service.

If you are interest in checking your own GPO setting, you can simply run “rsop.msc” in your server’s RUN command. And you should be able to see the settings made as per below

sharepoint search windows task access denied issue conflicker

 

Workaround

In order to solve the issue, you have to get your AD GPO team to remove this setting from your sharepoint servers. Explicitly for this requirement or else your search cannot crawl.

For temp solution, you have to change the Owner of this TASKS folder and grant

WSS_WPG with minimum “Read” and “Write” access.

Finger Crossed

How to check my CPU Temperature using PowerShell Remotely

Thought it would be helpful to share how to remotely check your Computer temperature especially when you have a computer at home and you want to track if it is HOT. Just in case you don’t want to burn your computer etc etc, for whatsoever reason.

Well. Steps below show you how to do that! Make sure your client machine (the one that you are using) has PowerShell version 2.0 and above (well most of the Windows nowadays has it already). Just do a Search in your program menu and you should see it

  1. First of all, ensure your target computer (the one sitting at home that you want to check) has Firewall Turn off (not recommended). Alternatively, set Exception rules for WMI rules.
    Very briefly, go to “wf.msc” – Windows Firewall of the target computer and enable Inbound Rules for “Windows Management Instrumentation (WMI-In)” – Profile: Domain.
    remotely check cpu temperature - 1
    See detail steps here 
  2. Once firewall is cleared, make sure you have local administrator rights account that can query the CPU temperature in the target computer. (this one is simple) Fire “lusrmgr.msc” in the Run command.
    Check the “Administrators” group and make sure your account is the member.
  3. In order for you to be able to remotely check your computer temperature, you must have connectivity to your target computer. I believe there could have many way you can have connectivity to your target computer. Of what I know, the below three should be enough to fulfill the task
    1. One that I always like to use is Teamviewer. With this, you can easily establish VPN or remotely login to run the script mention in Step 4. (without specifying the -Computer and -Credential).
      Make sure when you install the Teamviewer, you have the VPN Driver installation option ticked.
    2. Allowing RDP to your target computer from public IP. In this option, you need to configure your Home Router to allow port 3389 to hit your target computer. Please go to your router admin page (usually ends of 192.168.0.1 or  192.168.1.1 depending on which is your subnet) and configure port forwarding to your private IP.
      In this way, you will be doing the same steps as option 1 where the only difference is you remotely accessing your home computer and run the script directly onto the target computer. Again, without specifying the -Computer and -Credential parameter in step 4)
    3. Option 3 is kinda most complete one and if you want to learn a little bit deeper for WMI. In this option, you will be granting DCOM port (135) and a fixed port (24158) port forwarding to your remote compute (which is accessible via public IP like what you’ve done in option 2). Refer here for how to fix WMI port.Screen shot example on how I configured the WMI to fixed port. (please pardon the typo)
      configure WMI to fixed port
      At the end of the day, your target computer but be accessible via DCOM port and WMI port from public IP.
  4. Open PowerShell via Administrator rights and run the following PS command

    Get-WmiObject MSAcpi_ThermalZoneTemperature -Namespace “root/wmi” -ComputerName “<IP of your target computer>” -Credential (Get-Credential)

    You will be prompted to specify the credential, use the account that you have administrator rights mentioned in step 2 above.
  5. You should be expecting response like screen below
    remotely check cpu temperature - 3
  6. Look for “CurrentTemperature” and the value is in Celsius

SharePoint Permission Back Up and Restore in PowerShell

Hi SharePoint Admins! I’ve recently worked on a module to enhance SharePoint Backup experience. If you haven’t known SharePoint Native Backup enough, please read this.  SharePoint Native backup supports Backup-SPFarm, Backup-SPSite, Backup-SPFarm, Export-SPWeb.

All these approaches backup the actual content of the file and at times requires the entire Site or List to be restored entirely. If you are using Version History feature, recovering file can be made easier by restoring only the mis-updated files. In additional, the introduction of Recycle Bin since SharePoint 2010 has helped many SharePoint Admins (at least for myself) to recover accidentally deleted files without burning much of your time.

However, there is no Version History for Permission. Whatever permission changes that you have made onto a document, library or site do not keep a backup copy for you to restore in the later time. You can tap on third party product to help you on this, downside is, you have to pay for the service. Some 3rd party products that you can find in the markets are like Lightning Tools and AvePoint . (Personally never tried that but I’m more of a Self Fulfilling kind, where everything can be done by my left hand and my right hand. But please don’t get me wrong, paying more for premier service sometimes can be good as it comes with support and service level assurance)

So much for the introduction, now let’s go into the script!

I uploaded my script to CodePlex – PowerShell to backup/restore SharePoint Webs, Libraries, Folders and Files and inside the source code, you can find two powershell script, namely BackupPermission.ps1 and RestorePermission.ps1.

You would first run the BackupPermission.ps1. This backuppermission.ps1 generates a Permission.xml file that you gonna need it for the RestorePermission.ps1 later.

What this Backuppermission.ps1 does is to loop through your entire SharePoint Farm for Site Collections. Subsequently, for each of the site collection, it back up its Root Web permissions and Sub Web permissions. After backing up the web level permission, it goes to back up all document libraries permission, folder permission within each library and optionally (turn on by default) files permission.

Why do I need to care about backing up the permission? Well, there may have many reasons for that but below are just some for myself…

  1. You screw up the permission and can’t afford to restore the SharePoint Site Collection (cause only Backup-SPFarm was running DAILY)
  2. You do not want to inform the user for backup recovery cause the user will scream at you if the data that you going to restore has been modified by the user.
  3. You do have full confidence to run SharePoint Native Restore-SPSite as you all know, some times it doesn’t Work. Some how.. (MS, no offense on this, well, it does work most of the time but reason 1 superseded this)
  4. You accidentally RESET or Hit the “Delete Unique Permission” button when trying to change a WEB permission. Refer to my previous post on why this will kill your document permission.

 

Here I’m gonna talk about the Permissions.xml that is generated by my BackupPermission.ps1. You can always change the XML to suit your backup needs. Things like Restoring only partial of your Site Collection, restoring only a document library and even up to only a folder or file. By default, if a entity does not contains <RoleAssignments> node, the RestorePermission.ps1 script will bypass updating the permission and it will remains as its current stage (could be Inherting its parent permission or already broken permission. no changes will be done).


<?xml version="1.0" encoding="UTF-8"?>
<SharePoint>
 <Sites>
  <Site>
   <Url>https://mysharepoint.com</Url>
   <RootWeb>
    <Title>SharePoint Portal</Title>
    <Url>https://mysharepoint.com</Url>
    <RoleAssignments>
     <RoleAssignment User="i:0#.w|contoso\appadmin">
      <RoleDefinitionBindings>
       <RoleDefinition Name="Full Control"/>
      </RoleDefinitionBindings>
     </RoleAssignment>
     <RoleAssignment Group="SharePoint Portal Owners">
      <RoleDefinitionBindings>
       <RoleDefinition Name="Full Control"/>
      </RoleDefinitionBindings>
     </RoleAssignment>
     <RoleAssignment Group="SharePoint Portal Visitors">
      <RoleDefinitionBindings>
       <RoleDefinition Name="Read"/>
      </RoleDefinitionBindings>
     </RoleAssignment>
    </RoleAssignments>
    <Lists>
     <List>
      <Title>Documents</Title>
      <RootFolder>
       <Name>Documents</Name>
       <Url>Documents</Url>
       <SubFolders>
        <Folder>
         <Name>Folder A</Name>
         <Url>Documents/Folder A</Url>
         <RoleAssignments>
          <RoleAssignment Group="SharePoint Portal Owners">
           <RoleDefinitionBindings>
            <RoleDefinition Name="Full Control"/>
           </RoleDefinitionBindings>
          </RoleAssignment>
          <RoleAssignment Group="SharePoint Portal Visitors">
           <RoleDefinitionBindings>
            <RoleDefinition Name="Read"/>
           </RoleDefinitionBindings>
          </RoleAssignment>
          <RoleAssignment Group="SharePoint Portal Members">
           <RoleDefinitionBindings>
            <RoleDefinition Name="Contribute"/>
           </RoleDefinitionBindings>
          </RoleAssignment>
         </RoleAssignments>
        </Folder>
        <Folder>
         <Name>Folder B</Name>
         <Url>Documents/Folder A - Copy (8)</Url>
        </Folder>
       </SubFolders>
       <Files>
       </Files>
      </RootFolder>
     </List>
    </Lists>
    <Webs>
    </Webs>
   </RootWeb>
  </Site>
 </Sites>
</SharePoint>

What you are seeing above basically showing a backup xml that if you restore using this, only 1 site “https://mysharepoint.com” will be processed.  The permission of this site will have the following permission

  • appadmin (SPUser) – Full Control
  • SharePoint Portal Owners (SPGroup) – Full Control
  • SharePoint Portal Visitors (SPGroup) – Read

Subsequently, the script will continue to loop and restore List (in my backup script, this node stores only document libraries.) with Title “Documents” which is inheriting parent permission.

Folder “Folder A” within this document library will have unique permission while “Folder B” will inherit library permission which follows the Web permissions.

 

Well if you don’t really care at all, simply running BackupPermission.ps1 and RestorePermission.ps1 should be able to help you recovering you web permission.

To complete the entire process, set a Task Scheduler job to backup your farm permission regularly!