Impact of Active Directory Migration or domain change on SharePoint, domain migrate SharePoint servers – Part 2

This is part 2 of part 1 written earlier https://synkventures.com/2017/07/25/impact-of-active-directory-migration-or-domain-change-on-sharepoint-part-1/

If your organization has decided to split your company or rename or for any other reason domain needs to be changed then SharePoint will be impacted. In the first part I had explained how to do user migration from SharePoint point of view.

Next step is to do Server Migration of SharePoints in new domain.

What is the recommended way to do this?

Note that Microsoft does not support chaning domain in same existing servers. It means you have to create a new farm in new domain with new service accounts and then do a data migration.

Broadly these are the steps to do it

  1. Create a new farm same as previous one or an upgraded one(scale) if needed.
  2. Create new service accounts in new domain to be used in new farm. Use these accounts to create and configure new farm.
  3. Migrate all Service Applications like Managed metadata service, Search service, User profile service, Workflow manager etc
  4. Create web applications same as previous farm
  5. Deloy any custom code WSP from the previous farm to new one
  6. Use database attach upgrade process to migrate content databases and attach to newly created web applications.
  7. Configure any SharePoint hosted app or provider hosted app
  8. Test and verify that all data has been migrated and also custom code as working as expected

Above are very broad steps, if you have done any upgrade such as SharePoint 2010 to 2013 or SharePoint 2013 to 2016 then you will find the steps familiar.

Although you always expect these steps to be done smoothly you know it will never be like this.

Below are some things you might experience or not experience but I am listing then down from our experience

  1. Issues with custom code where html files has been used for JavaScript based programming : Somehow the reference to js code was lost and it was not pointing to correct relative urls in the site. This was fixed manually in multiple places
  2. Workflow issues: Some of the workflows were republished and started working. Workflow 2013 had couple if isssues as well, you may refer to this article for more details https://synkventures.com/2019/05/18/sharepoint-workflow-2013-not-working-after-migration-workflow-issues/
  3. Provider hosted and SharePoint hosted app: All the apps had lost their settings and needed a deploy on all sites. This can be done via script.

You can always find new issues so it’s very important to testing and verification for all functtionalties.

If you have any more detail questions please contact us via Contact page.

if you have any questions or remarks please contact us via our Contact Us page or via our Facebook page or via Twitter

SharePoint Workflow 2013 not working after migration #workflow #issues

Context

We were doing a SharePoint 2013 Server domain migration in which we had to migrate Workflow Manager as well.

After migration, Workflow Manager 2013 did not work fine in new environment so we had to attached old environment server to new farm with the old domain account. You can call this as a temporary work around.

Issue

All SharePoint Workflow 2013 stopped working and were getting “cancelled” whenever they were running.

Mainly two issues:

  1. Wokflow App Permissions were not correct, if you are not sure what I am talking about please refer to this link https://docs.microsoft.com/en-us/sharepoint/dev/general-development/create-a-workflow-with-elevated-permissions-by-using-the-sharepoint-workflo
  2. Tasks were not getting created by Workflow 2013 in Task list and workflow failed or canceled.

Resolution

  1. First issue was resolved by using the same link posted earlier and I will say half of the workflows worked fine
  2. Second issue was complex and I was not able to find a resolution but one of my colleague found resolution, I was able to only collect error messages which was also important as we were not able to pin point root cause

You may see following error messages in the SharePoint ULS logs, the key issue for us was the ones highlighted in bold

Trusted provider is missing. Provider: ‘00000003-0000-0ff1-ce00-000000000000’

Request does not have SPBasePermissions.UseRemoteAPIs permission. Need to check it when each API is accessed

SocialRESTExceptionProcessingHandler.DoServerExceptionProcessing – SharePoint Server Exception [System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.    
 at Microsoft.SharePoint.Client.ServerStub.CheckRequiredResourceRight(ProxyContext proxyContext, String memberName, ResourceRight right)    
 at Microsoft.SharePoint.Client.ServerStub.CheckBlockedGetProperty(String propName, ProxyContext proxyContext)    
 at Microsoft.SharePoint.ServerStub.SPContextServerStub.GetStaticProperty(String propName, ProxyContext proxyContext)    
 at Microsoft.SharePoint.Client.ServerStub.GetStaticPropertyWithMonitoredScope(String propertyName, ProxyContext proxyContext)]

Throw UnauthorizedAccessException instead of SPUtilityInternal.Send401 for client.svc request.

So what does this mean? It means that API calls are failing and not reachable when workflows are running. In our set up due to domain migration we had two https url and one of them was default. We observed that the API calls via default urls were always failing so we decided to dig deeper.

We found out that in web application web.config file if you have below attributes and have urls under it then API calls are working only for those urls so first we thought we can add all the urls but it seems you cannot add two https url and it is not supported, bascially we are talking about host headers we had three host headers in IIS but only two here.

<serviceHostingEnvironment aspNetCompatibilityEnabled=”true”>        <baseAddressPrefixFilters> 

<add prefix=”https url” /> 

<add prefix=”http url” />       

</baseAddressPrefixFilters>    </serviceHostingEnvironment>

To fix this and allow all the traffic what you can do is to have only one https url or host header which I will say is ideal way of running SharePoint 2013. Note that SharePoint 2016 or 2019 are not expected to have these issues

Other way is to change config like below and allow all urls

<serviceHostingEnvironment aspNetCompatibilityEnabled=”true”>    </serviceHostingEnvironment>

I hope this helps someone as it took lot of time for us to find this.

if you have any questions or remarks please contact us via our Contact Us page or via our Facebook page or via Twitter

Like us on Facebook and follow us on Twitter

SharePoint Crawler error – Warning in Index component, Cannot plan query for index system. Index fragment ‘0’ has no available cells #sharepoint #crawler #searchservice

Search can return this error due to various reasons “Search has encountered a problem that prevents results from being returned. If the issue persists, please contact your administrator” but this will be certainly come if there is an error in one of the search components.

If you check in ULS log you will see this error ” Cannot plan query for index system. Index fragment ‘0’ has no available cells.”

This error indicates that there is an error in index partition and you should see a yellow warning exclamation in Central Admin as shown below

SearchError

If your error meets all these criteria then you have the same issue. If you look at other articles regarding then 90% of articles will mention to do an index reset and do a full crawl which will definitely fix the issue but this should be your last option and not the first one in a production environment.

To fix the issue we should look at clearing configuration cache on the server where index partition is being stored.

The steps to clear configuration cache is very well documented and can be found below

Steps to clear configuration cache

But doing these steps might not fix the issue so follow below instructions

  1. Try first clearing configuration cache and check if error gets fixed
  2. If not then again do the same steps but this time also restart SharePoint Search Service before you restart the SharePoint Timer Service
  3. If this also does not work then try to restart the server after step 1, restarting server in Production environment is not advisable during office hours so do it in planned manner
  4. If this also does not work then we are left with no other option but do an index reset and do a full crawl, use steps documented on Microsoft site Perform index reset

Also note that during these operations if any incremental or full crawl was going on you need to let it finish to make a call if above has fixed the issue. We observed that issue goes away only when crawl has finished.

Above strategy should work in most cases if not then reach out to us and we can help.

Please contact us via our Contact Us page or via our Facebook page or via Twitter

Like us on Facebook and follow us on Twitter

 

 

Impact of Active Directory Migration or domain change on SharePoint – Part 1

Now a part 2 of this is available you can read here https://synkventures.com/2019/06/09/impact-of-active-directory-migration-or-domain-change-on-sharepoint-domain-migrate-sharepoint-servers-part-2/

There can be situations when your organizations decides to change name due to mergers, acquisitions or splits. In this case quite often users are migrated from one active directory to other. This will definetely have impact on SharePoint users, servers and configurations.

Generally active directory migrations are done in two steps

  1. Migrate users and computers
  2. Migrate servers and service accounts

This post will cover the first point, second one will be covered in second post.

Generally when users are migrated in active directory you would expect that Microsoft products will be handled automatically but strangely that is not the case with SharePoint due to the reason User Profile service works in SharePoint. Reason is that User Profile Service does not work with Secuirty Identifier (SID history).

Before you migrate the users another thing which needs to be taken care is that all the Web Applications needs to allow new domain to do that please refer to below TechNet article

https://technet.microsoft.com/en-us/library/gg602075.aspx

When users are migrated in Active Directory, SharePoint has provided a command to migrate the users in SharePoint as well.

To migrate user in the whole farm use below command

$farm = Get-SPFarm

$farm.MigrateUserAccount( $_.oldlogin, $_.newlogin, $false )

Note that old login  and login should be read like below

olddoamain\user1

newdomain\user1

Reference article

https://blogs.msdn.microsoft.com/sowmyancs/2012/01/06/migrate-users-groups-powershell-script/

In case you need more help on this or other SharePoint issues please contact us via our Contact Us page or via our Facebook page or via Twitter

Like us on Facebook and follow us on Twitter

SharePoint issue resolution – PortalSiteMapProvider was unable to fetch children for node or Unexpected System.Web.HttpException: Request timed out #SharePoint

Request time out is a very generic issue and can happen due to numerous reasons but error PortalSiteMapProvider was unable to fetch children for node can occur only if site navigation nodes cannot be fetched that is Top Navigation or Left Navigation.

Issue Symptoms: SharePoint sites does not load at all and give error after more than a minute. If you look for error message via correlation ID you will see Request time out message and below error messages

  • PortalSiteMapProvider was unable to fetch children for node
  • Caught a thread abort exception in TemplateRedirectionPage.ProcessRequest, the exception may be expected
  • Unexpected System.Web.HttpException: Request timed out

Issue Analysis: The first error is the key here as it mentions that it has experienced issue while fetching Navigation from site. This issue can be triggered if you duplicate nodes in site collection or between multiple site collections in the same content database. It’s important to understand that this can happen in the same content database site collections. You can consider this is as a kind of bug in SharePoint because this scenario is valid to have duplicate nodes. To identify and confirm that you have this issue you need to fire below SQL query on the content database you have the issue. I know I know we should fire any queries in SharePoint database but in this case you have to and got in confirmed from Microsoft, also they mention that it is prohibited to update data.

SELECT TOP(20) Count(nav.Eid) AS ‘DuplicateCount’, nav.DocId, ad.Dirname, ad.Leafname FROM NavNodes AS nav with(nolock) INNER JOIN AllDocs AS ad with(nolock) ON nav.Docid = ad.Id WHERE (nav.EidParent = 1025 OR nav.Eidparent = 1002) AND DocID IS NOT NULL GROUP BY nav.DocId, ad.DirName, ad.LeafName ORDER BY ‘DuplicateCount’ DESC

If it has data then it means you have duplicate nodes issue. A lot of users in some other articles have mentioned that they somehow were able to find numerous nodes and they fixed it by deleting the nodes which were basically junk nodes not added by them. But in our case we did not have any junk nodes but it occurred due to real nodes.

Once above is confirmed we need to find out which stored procedure failed as that it will re-confirm above and also what fix we need to do. To do that we need to change verbose level of logging and capture more detailed log. To change verbose use below commands to start and stop it. Between them you need to perform the issue that is load the page

set-sploglevel -traceseverity verboseex

Clear-SPLogLevel

Based on correlation ID you should see that this stored procedure “sp_recompile proc_getwebnavstruct” is the culprit. If this is also confirmed then we can go for the fix

Issue fix: To fix the issue you will have to do things, first is it to update statistics table and second free cache of stored procedure. Note that statistics update is only needed if it has not been updated to check that fire below query on content database

USE WSS_Content_name

GO

SELECT name AS index_name,

STATS_DATE(OBJECT_ID, index_id) AS StatsUpdated FROM sys.indexes order by’index_name’ ASC

GO

If the row Nav_Nodes does not have dates same as today then please update it using below command

EXEC sp_MSforeachtable ‘UPDATE STATISTICS ? WITH FULLSCAN’

Once done we should also run below command to update query plan cache

DBCC FREEPROCCACHE

Once done site should load normally now as it use to do before.

Note that the fix is all about running SQL queries on SharePoint content database, it has to be done carefully and also only if needed.

Refer to below support link for details

https://support.microsoft.com/en-us/help/3103194/outdated-database-statistics-decrease-sharepoint-server-performance,-cause-time-outs,-and-generate-run-time-errors

In case you need more help on this or other SharePoint issues please contact us via our Contact Us page or via our Facebook page or via Twitter

Like us on Facebook and follow us on Twitter

 

 

 

 

Redirect SharePoint site from HTTP to HTTPS- Issues and Resolutions #SharePoint #SharePoint2013

When we start with SharePoint infrastructure lot of time SSL is not taken into consideration but at later point of time and surely in Production you should have SSL for encryption.

Since your users are used to HTTP URL you cannot ask every one of them to go to HTTPS from now on. The best is to redirect users automatically from HTTP to HTTPS. This article is not about how do this automatic redirection you can get to know the steps from here

Redirect HTTP to HTTPS

We also did steps same as above but we faced some issues after which you might also get which depends on how your infrastructure has been set up

  1. Issues with OneNote : If your end users have stored OneNote in document library all of them will have HTTP URL as their source so after redirecting to HTTPS you cannot save it to HTTP anymore. If one of users save it with new URL then it will be saved as new OneNote file. This is a tricky situation as you cannot get the old file and all will have local copies. Best strategy is to have the latest OneNote saved before you do redirection and upload it as new one after redirection.
  2. Issues with embedded links in files : If you have embedded links of MS Office documents in other documents then you will still be able to open documents but all of them will open in read only mode but usually you will have option to edit directly from them. Solution to this to update the links after redirection, there is no alternative to this. Good part is still you can open the file.
  3. Search issues : If you have HTTP URL as default URL in AAM or have used HTTP URL in search configuration then your search might break, you will not see any results but no error as well. To fix this you just use HTTPS URL at all places.

So these are things you need to consider if you plan for HTTP to HTTPS redirection.

Some other reference

http://support.microsoft.com/kb/2818415

In case you need more help on this or other SharePoint issues please contact us via our Contact Us page or via our Facebook page or via Twitter

Like us on Facebook and follow us on Twitter