Monthly Archives: October 2017

What’s in that patch? Oct 2017

NOTE – PDF format updated to include both SharePoint 2013 and 2016 notes.

Ever wondered what fixes are inside of a given CU?   Please see attached PDF with full detail. I wanted a new format for easy reading.   Show management and make the business case for why downtime should be taken to apply CUs.  Also posted at http://sharepointupdates.com/

If you found this helpful, please leave a comment.    shades_smile_thumb_thumb_thumb_thumb[2]

Download

What’s in that patch – Oct 2017.PDF

FIXED – Search Host Controller won’t start 1067 / 6482 HTTP endpoint

There are many common causes for Search Host Controller stuck on starting (won’t start).   I have a new cause to add to the community body of knowledge.  TCP port 808 being used by another process can cause SharePoint 2016 Search Host Controller Windows Service to fail to start.  Strange cause, I know.  Maybe this post helps another SP admin avoid hours of endless troubleshooting.

Cheers!  shades_smile

Symptom

  • Search Application Topology > Unable to retrieve topology component health states. This may be because the admin component is not up and running.
  • Windows Services > Error 1067: The process terminated unexpectedly.
  • EventLog > You have tried to create a channel to a service that does not support .Net Framing. It is possible that you are encountering an HTTP endpoint.
  • ULS > Unexpected
  • WcfService: Got CommunicationException out when trying to open the HostController servicehost. Shutting down process.  – threadId: 14 – exception: System.ServiceModel.AddressAlreadyInUseException:
    The TransportManager failed to listen on the supplied URI using the NetTcpPortSharing service: the service failed to listen.   

Cause

  • IIS Website is actively listening on TCP port 808
  • Search Host Controller requires this port and cannot start.

Resolution

  • Modify IIS Website to listen on a different port number.
  • Search Host Controller service will now start.

Screenshots

image

image

image

image

image

image

image

image

Error

Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (435e7b39-2949-4f35-ab03-2ad382f84d4f).

Reason: You have tried to create a channel to a service that does not support .Net Framing. It is possible that you are encountering an HTTP endpoint.

Technical Support Details:
System.ServiceModel.ProtocolException: You have tried to create a channel to a service that does not support .Net Framing. It is possible that you are encountering an HTTP endpoint. —> System.IO.InvalidDataException: Expected record type ‘PreambleAck’, found ’72’.
    — End of inner exception stack trace —

Server stack trace:
    at System.ServiceModel.Channels.FramingDecoder.ValidatePreambleAck(FramingRecordType foundType)
    at System.ServiceModel.Channels.ClientDuplexDecoder.Decode(Byte[] bytes, Int32 offset, Int32 size)
    at System.ServiceModel.Channels.ConnectionUpgradeHelper.ValidateUpgradeResponse(Byte[] buffer, Int32 count, ClientFramingDecoder decoder)
    at System.ServiceModel.Channels.ConnectionUpgradeHelper.InitiateUpgrade(StreamUpgradeInitiator upgradeInitiator, IConnection& connection, ClientFramingDecoder decoder, IDefaultCommunicationTimeouts defaultTimeouts, TimeoutHelper& timeoutHelper)
    at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.SendPreamble(IConnection connection, ArraySegment`1 preamble, TimeoutHelper& timeoutHelper)
    at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.DuplexConnectionPoolHelper.AcceptPooledConnection(IConnection connection, TimeoutHelper& timeoutHelper)
    at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
    at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
    at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
    at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
    at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
    at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
    at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
    at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)

WcfService: Got CommunicationException out when trying to open the HostController servicehost. Shutting down process.  – threadId: 14 – exception: System.ServiceModel.AddressAlreadyInUseException:
The TransportManager failed to listen on the supplied URI using the NetTcpPortSharing service: the service failed to listen.   

at System.ServiceModel.Channels.SharedConnectionListener.SharedListenerProxy.Register()   
  at System.ServiceModel.Channels.SharedConnectionListener.SharedListenerProxy.Open(Boolean isReconnecting)   
  at System.ServiceModel.Channels.SharedConnectionListener.StartListen(Boolean isReconnecting)   
  at System.ServiceModel.Channels.SharedTcpTransportManager.OnOpenInternal(Int32 queueId, Guid token)   
  at System.ServiceModel.Channels.SharedTcpTransportManager.OnOpen()   
  at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)   
  at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)   
  at System.ServiceModel.Channels.TransportChannelListener.OnOpen(TimeSpan timeout)   
  at System.ServiceModel.Channels.ConnectionOrientedTransportChannelListener.OnOpen(TimeSpan timeout)   
  at System.ServiceModel.Channels.TcpChannelListener`2.OnOpen(TimeSpan timeout)   
  at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)   
  at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)   
  at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)   
  at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)   
  at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)   
  at Microsoft.Ceres.HostController.WcfServer.WcfService.StartServiceEndpoint()

References

Office 365 missing Datasheet – Use Access ACCDB

For bulk editing of SharePoint list data, we used to have Datasheet (ActiveX control) in the old MOSS 2007 / SP2010 days.   SP2013 gave us Quick Edit (JavaScript based) with compatibility across multiple browsers and works well for simple edits.

However, sometimes we want a more robust bulk edit.  Sort, filter, keyboard navigation, copy/paste, and more full features.   MS Access can help with the “External Data” feature.

Now we can make changes to SPList with MS Access for a faster advanced user experience than Quick Edit in the browser.

Cheers!  shades_smile

Steps

  1. Open MS Access
  2. Create new database
  3. Click “External Data”
  4. More: SharePoint List
  5. Type in your site URL:  https://tenant.sharepoint.com/sites/team
  6. Link to the Data Source
  7. Next
  8. Select the list
  9. OK

Screenshots

clip_image001

image

image

image

References

VIDEO – HTTP Header Client Secret protected Web API

Watch the video below to see a demo of protecting WebAPI with HTTP header and a Client Secret.    By default, new Web API projects lack any security mechanism and are open to any anonymous user.    Protecting Dot Net methods with an IF() statement condition provides a simple security mechanism to ensure only users who know the Client Secret are able to run the API and execute the method.

NOTE – Check out https://www.spjeff.com/2017/10/05/video-azure-ad-protected-web-api-in-an-angularjs-spa/ for more complete WebAPI security with Azure AD.

Cheers! shades_smile

Video

Screenshots

image

Code

public bool keyMatch()
{
	// security HTTP header
	string key = "12345678901234567890123456789012345678901234567890";
	IEnumerable headerValues;
	var keyFilter = string.Empty;
	if (Request.Headers.TryGetValues("key", out headerValues))
	{
		// ALLOW - match key
		keyFilter = headerValues.FirstOrDefault();
	}
	if (keyFilter == key)
	{
		return true;
	}
	else
	{
		return false;
	}
}

References

VIDEO – Azure AD protected Web API in an AngularJS SPA

Recently I walked through an Azure AD Web API sample project on GitHub at https://github.com/Azure-Samples/active-directory-angularjs-singlepageapp-dotnet-webapi and recorded a brief 14 minute video of the install and deployment steps.   Watch below and enjoy.  Cheers!  shades_smile

Video

Screenshots

image

image

image

image

Error Message

Could not load type ‘System.IdentityModel.Tokens.TokenValidationParameters’ from assembly ‘System.IdentityModel.Tokens.Jwt, Version=5.0.0.127, Culture=neutral, PublicKeyToken=31bf3856ad364e35’.
( others at IdentityServer3#3017 saw the same with JWT breaking change)

Extra NuGet Package Step

Update-Package
Install-Package Microsoft.AspNet.WebApi.Cors
Install-Package System.IdentityModel.Tokens.Jwt -Version 4.0.2.206221351

References

FIXED – Workflow 2013 Suspended (Event ID 563) – No valid outbound signing keys were found

Recently I came across a condition where Workflow 2013 instance were not running.   Root cause was a missing outbound certificate.   Below are screenshots and PowerShell steps to resolve.  No Windows service restart, reboot, or IISRESET was needed.   Just apply config and test again.  Cheers!

shades_smile

Resolution Steps

1) Verify outbound certificate missing.  Expect $oc to be null.

Import-Module WorkflowManager
$wf = Get-WFFarm
$oc = Get-WFOutboundCertificate $wf.Endpoints[0]
$oc
# Expect to be NULL (MISSING)

2) Locate thumbprint of certificate with most forward expiration

gci Cert:\Local Machines\My | sort subject | select thumbprint,subject,notafter | ft

3) Apply thumbprint and certificate

Set-WFNextOutboundCertificateReference -ServiceUri $wf.Endpoints -Thumbprint [ADD REAL CERT THUMBPRINT HERE]
Set-WFNextOutboundCertificateAsCurrent
$oc = Get-WFOutboundCertificate $wf.Endpoints[0]
$oc
# Expect to be NOT NULL (SHOW THUMBPRINT)

4) Test by running Workflow 2013.  Open web browser and click WF2013 test to run again.   Verify completed without errors.  Bonus points if the workflow has an email step and you receive the email OK.

Errors

  • EventID 563: Private key certificate with thumbprint ‘F4545D83AE81EBA21996B139BB44E614145F9057’ could not be found in the local machine certificate store. This may cause failures for running workflows which depend on this certificate.
  • Details: An unhandled exception occurred during the execution of the workflow instance.  Exception details: System.InvalidOperationexception: No valid outbound signing keys were found. at Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context) at System.Activities.CodeActivity.InternalExecute (ActivityInstance instance, ActivityExecutor executor, BookmarkManager bookmarkManager) at System.Activities.Runtime.ActivityExecutor.Execute.ActivityWorkItem.ExecuteBody (ActivityExecutor exectore, BookmarkManager bookManager, Location resultLocation)

Screenshots

clip_image001

clip_image001[6]

image

clip_image001[8]

image

image

References

Return to Top ▲Return to Top ▲