Thursday, February 26, 2015

xls tries to open with excel services when searching

Scenario:
I had an issue with excel documents trying to open with Excel Service when using search. Although Excel Services wasn’t even configured on the Sharepoint Server.
When looking at the Site level, feature for always open with clientprogram was activated. Same thing at the list-level, Server default was activated.
Workaround Solution:
When searching, check for preferences at the bottom
image
image
Activate Open in the browser. This will probably only solve for the current user, but if in a tight spot.

Retrieve latest timerjobs


To get a quick overview over latest timerruns and get rid of scrolling endlessly in Central Admin
-----getTimerJobHistories.ps1--------
Add-PSSnapin microsoft.sharepoint.powershell
$number= 10 #total results
$timername = "User Profile Service Application_LMTRepopulationJob"
$timerjob = Get-SPTimerJob $timername
$timerjob.HistoryEntries | select jobdefinitiontitle,starttime,endtime,status,errormessage -first $number|format-table
#$timerjob.HistoryEntries
------------eof---------------------

Thursday, February 19, 2015

Overall steps to move from Active Directory to ADFS authentication in Sharepoint 2013

This is for birds-eye perspective. I found it difficult to find resources that outlined the procedure. This omits everything that happens on the ADFS-server and focuses on sharepoint-parts.

1. Backup all contentdatabases, take snapshots of servers
2. Add relying party identifiers on ADFS-server. Add endpoints with ws_federation for all web applications that are going to use ADFS.
3. Add identity provider on sharepointserver (PS1.ConfigSPIdentifier)
4. Activate wsreply on sharepointserver
5. Add Identity provider to relevant web applications
Authentication Provider > Claims Authentication Types > Trusted Identity Provider
6. Configure new User Profiler Synchronization, use Authentication Provider type = Trusted Claims > your adfs
Configure User properties >
email = mail
Claim User Identifier = mail
Run full sync
7. Convert all users on webapplications. Don’t convert searchaccounts, don’t convert authenticated users. Change it to for example domain users
Use move-spuser
8. Change SuperUser and Super Reader accounts to adfs
Run change cachereaders on each webbapp and change accounts on User Policy on webapps.
9. Change loginpage for ADFS (optional, but enables automatic signin for directory users) (also enabled crawl to run as AD-user)
Copy autologin.aspx to common files\template….
Change in autologin.aspx to use current ADFS-provider
Change CentralAdministration> authpolicy > default signin page = autologin.aspx
10. Check search engine so everything works.
11. Install LDAPCP to solve peoplepicker issues.
12. Hide AD from selectionlist
13. Done.

image

Issues that occurred:
Couldn’t view any others mysites – solution add / permissions for all users.

Otherwise it worked quite nicely. 6000+ plus users migrated. This solution used email as primary claim. This then required the email field in AD to be populated with unique value.

Do I need to say that I take no responsbility for when this goes sideways? I don’t. But it worked for me.

PS1.ConfigSPIdentifier

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\xss\ADFS-Token-Signing.cer")

New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert

$map = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "upn" -SameAsIncoming

$map2 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName "Role" -SameAsIncoming

$map3 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming

$realm = "urn:test-intranet:sharepoint"

$ap = New-SPTrustedIdentityTokenIssuer -Name "TEST_ADFS@contoso.com" -Description "STS-IP id1.contoso.com" -realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map,$map2,$map3 -SignInUrl "https://id1.contoso.com/adfs/ls" -IdentifierClaim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

PS2.Activatewsreply

$tit = Get-SPTrustedIdentityTokenIssuer fs.contoso.com
$tit.UseWReplyParameter = $true
$tit.Update()

PS6.HideADfromLookup
$cpm = Get-SPClaimProviderManager
$ad = get-spclaimprovider -identity "AD"
$ad.IsVisible = $false
$cpm.Update()

References:
http://blogs.msdn.com/b/scicoria/archive/2011/06/10/sharepoint-2010-fba-and-sliding-sessions.aspx - Explains sliding sessions
http://msdn.microsoft.com/en-us/library/hh446526.aspx - explains adfs token
http://msdn.microsoft.com/en-us/library/office/hh147183%28v=office.14%29.aspx
http://blog.robgarrett.com/2013/05/06/sharepoint-authentication-and-session-management/ – good information on authentication process
http://www.wictorwilen.se/sharepoint-2013-with-saml-claims-and-sharepoint-hosted-apps – wsreply
http://weblogs.asp.net/wesleybakker/adfs-sharepoint-2013-single-sign-on-skip-authentication-provider-selection-page - ADFS Sharepoint 2013 Skip authentication Provider Page – autologin.aspx

Wednesday, February 11, 2015

Workflow Manager installation

Scenario:
Sharepoint 2013 farm needs Sharepoint 2013 workflow support.

 

  1. Install webplattforminstaller on computer with internetacess. Go to c:\program files\microsoft\web plattform installer\ with cmd
  2. Run webpicmd.exe (for scenarios when internetaccess is unavailable)
    1. WebpiCMd.exe /Offline /Products:WorkflowManagerRefresh /Path:c:\xss\workflowmanagerrefresh
    2. Webpicmd /install /products:workmanagerrefresh /xml:c:\xss\workflowmanagerrefresh\feeds\latest\webproductlist.xml
    3. On members on the farm (not hosting workflow manager)webpicmd /install /products:workflowclient /xml:c:\xss\workflowmanagerrefresh\feeds\latest\webproductlist.xml
  3. Run Workflowmanager config
  4. Register-workflow från sharepoint shell (ps)
    1. Register-SPWorkflowService -SPSite http://sharepoint.mycompany.com –WorkflowHostUri http://wf.myscompany.com:12291 –AllowOAuthHttp –Force -ScopeName SharePoint
  5. Verify installation with Sharepoint designer, Workflow 2013 available.

References:
https://technet.microsoft.com/en-us/library/jj658588.aspx
http://blog.lekman.com/2015/02/troubleshoot-workflow-manager-errors-in.html
http://www.harbar.net/articles/wfm2.aspx
http://blog.lekman.com/2015/02/troubleshoot-workflow-manager-errors-in.html
https://olafd.wordpress.com/2013/10/04/install-workflow-manager-in-sharepoint-development-environment/