If you've forgotten your secure store credentials, just use this powershell script to retrieve them. Thanks to Ajeet's blog
$serviceCntx = Get-SPServiceContext -Site http://<SharePoint host>
$sssProvider = New-Object Microsoft.Office.SecureStoreService.Server.SecureStoreProvider
$sssProvider.Context = $serviceCntx
$marshal = [System.Runtime.InteropServices.Marshal]
try
{
$applicationlications = $sssProvider.GetTargetApplications()
foreach ($application in $applicationlications)
{
Write-Output "`n$($application.Name)"
Write-Output "$('-'*100)"
try
{
$sssCreds = $sssProvider.GetCredentials($application.Name)
foreach ($sssCred in $sssCreds)
{
$ptr = $marshal::SecureStringToBSTR($sssCred.Credential)
$str = $marshal::PtrToStringBSTR($ptr)
Write-Output "$($sssCred.CredentialType): $($str)"
}
}
catch
{
Write-Output "(Something went wrong) - Error getting credentials!"
}
Write-Output "$('-'*100)"
}
}
catch
{
Write-Output "(Something went wrong) - Error getting Target Applications."
}
$marshal::ZeroFreeBSTR($ptr)
Thursday, September 11, 2014
Monday, June 23, 2014
How to sync internet time in Server 2008/ 2012
I found this nice blog on the interwebs which explains how to Configure Windows Server 2008/2012 To Sync With Internet Time Servers.
Basically just execute the following commands on the command line as an administrator
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:"time-a.nist.gov, time-b.nist.gov, time-c.nist.gov, time-d.nist.gov"
w32tm /config /reliable:yes
net start w32time
That will configure the time service to sync with the list of servers (time-*.nist.gov in the above example) and it also tells the server that it is a reliable time source that client machines on your domain can sync with (i.e., w32tm /config /reliable:yes).
If you need to view the NTP configuration, type the following command from a prompt:
w32tm /query /configuration
Basically just execute the following commands on the command line as an administrator
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:"time-a.nist.gov, time-b.nist.gov, time-c.nist.gov, time-d.nist.gov"
w32tm /config /reliable:yes
net start w32time
That will configure the time service to sync with the list of servers (time-*.nist.gov in the above example) and it also tells the server that it is a reliable time source that client machines on your domain can sync with (i.e., w32tm /config /reliable:yes).
If you need to view the NTP configuration, type the following command from a prompt:
w32tm /query /configuration
Wednesday, June 4, 2014
Svchost.exe high CPU usage and WBEM issues
Recently my windows 7 desktop at work felt painfully slow and any file access on my local drives would crawl, & explorer would constantly flash "Not Responding". Looking at task manager & resource monitor I saw a high cpu usage with svchost.exe and excessive disk usage with something similar to
C:\Windows\System32\wbem\Repository\MAPPING3
This basically means the WMI respository is hosed and causes major performance issues within windows, rendering the machine practically unusable. After googling the interwebs I came across this solution from Scott Hanselman.
Lately I've been seeing one particular svchost.exe sucking CPU. There always a number of in-proc running inside of each of the many svchost (Service Host) instances. Using ProcEx, I figured out the PID of the specific instance. Then, I right clicked within ProcEx, hit Properties, and under the Threads tab noticed that wbemcore.dll was working REALLY hard.
Crap, time to re-schmutz WMI's repository. So, I stop WMI from the command line with :
net stop winmgmt
Then I deleted the Repository directory in c:\windows\system32\wbem\ then started again with
net start winmgmt
Then I re-stored/compiled all the .mof (Managed Object Format) files with a batch file containing this one line:
for %%i in (*.mof,*.mfl) do Mofcomp.exe %%i
Now I'm back in business.
These steps fixed my performance issues and everything's back to normal.
C:\Windows\System32\wbem\Repository\MAPPING3
This basically means the WMI respository is hosed and causes major performance issues within windows, rendering the machine practically unusable. After googling the interwebs I came across this solution from Scott Hanselman.
Lately I've been seeing one particular svchost.exe sucking CPU. There always a number of in-proc running inside of each of the many svchost (Service Host) instances. Using ProcEx, I figured out the PID of the specific instance. Then, I right clicked within ProcEx, hit Properties, and under the Threads tab noticed that wbemcore.dll was working REALLY hard.
Crap, time to re-schmutz WMI's repository. So, I stop WMI from the command line with :
net stop winmgmt
Then I deleted the Repository directory in c:\windows\system32\wbem\ then started again with
net start winmgmt
Then I re-stored/compiled all the .mof (Managed Object Format) files with a batch file containing this one line:
for %%i in (*.mof,*.mfl) do Mofcomp.exe %%i
Now I'm back in business.
These steps fixed my performance issues and everything's back to normal.
Tuesday, August 6, 2013
Access denied on accessing SharePoint site through Alternate Access Mapping (AAM) URL
Last month I ran into an authentication issue after upgrading to SharePoint 2013 (See last post). I was glad to have solved that, but now I have an "Access denied" error when using Alternate Access Mapping (AAM) Urls.
The Problem
Error 401.1 when using Integrated Authentication
The Problem
I've created a SharePoint site that has been configured with an alternate access URL.
I can access the SharePoint site using localhost (on the SharePoint server) but when I access it using the alternate URL, I get this page with access denied message.
Surprisingly, when I access the page remotely using same AD credentials, can access the site without any problem.
The access denied page that comes up does not have a SharePoint background, its a white page with access denied message.
I added myself as administrator with full control to the Sharepoint site.
Why does this happen?
When accessing locally, you may be running afoul of the security loopback feature. This prevents malware on the local server from bypassing web security by coming back to the same machine using an alias. There are several ways to do this, as detailed in this KB article - http://support.microsoft.com/kb/896861/en-us
The Fix
The basic way to shutoff loopback checking (not ideal security, by the way).
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Right-click Lsa, point to New, and then click DWORD Value.
- Type DisableLoopbackCheck, and then press ENTER.
- Right-click DisableLoopbackCheck, and then click Modify.
- In the Value data box, type 1, and then click OK.
- Quit Registry Editor, and then restart your computer.
References:
Access denied on accessing sharepoint site through alternate access mapping URLError 401.1 when using Integrated Authentication
Wednesday, July 24, 2013
Authentication issues after upgrading to Sharepoint 2013 - "Sorry, this site hasn't been shared with you"
Recently I ran into this problem after restoring a site collection backup in Sharepoint 2013.
The roles and permissions were all there but all users still got this message
"Sorry, this site hasn't been shared with you."
Very annoying. What could be causing this?
After some googling I came across this on technet
Migrate from classic-mode to claims-based authentication in SharePoint 2013
The source site collection for the backup was originally upgraded from Sharepoint 2010 to 2013, and claims authentication was not enabled.
I ran the following powershell commands to switch from classic to claims based authentication
Users were able to successfully authenticate after running the above commands. Problem Solved.
The roles and permissions were all there but all users still got this message
"Sorry, this site hasn't been shared with you."
Very annoying. What could be causing this?
After some googling I came across this on technet
Migrate from classic-mode to claims-based authentication in SharePoint 2013
The source site collection for the backup was originally upgraded from Sharepoint 2010 to 2013, and claims authentication was not enabled.
I ran the following powershell commands to switch from classic to claims based authentication
$WebAppName = "<Web App Url>"
$wa =
get-SPWebApplication $WebAppName
$wa.UseClaimsAuthentication
= $true
$wa.Update()
$wa.MigrateUsers($true)
$wa.ProvisionGlobally()
Users were able to successfully authenticate after running the above commands. Problem Solved.
Friday, May 24, 2013
Sharepoint 2010 Tags & Notes Permissions
In a SharePoint 2010 site, that was not created using the team site template, users can't see each other's notes.
To fix this
- Login to the Central Administration .
- Click on Manage Service Applications -> User Profile Service Application ->
- Click "Setup My Sites" under "My Site Settings"
- Scroll down to the "Security Trimming Options" section.
- Click "Show all links regardless of permission". This allows everyone to see each other's notes on all sites in the farm.
- You can also specify the site Url(s), for more control over who sees notes, tags, feeds & ratings .
- After clicking "Ok" I can see other people's notes.
Tuesday, October 30, 2012
Tips to Rename a SharePoint 2010 Server
I recently ran into an issue renaming my SharePoint 2010 VM's hostname. Since it was a development VM running SharePoint 2010 & SQL Server 2008, the SQL Server was unavailable.
- Use the Rename-SPServer powershell command. View Technet Link .
- E.g. Rename-SPServer -Identity <OldName> -Name <NewName>
- If the SQL DB is on the same server, when accessing the central admin you may run into "Cannot connect to the configuration Database", after renaming the host. To fix this add an alias for the SQL Server using the CliConfg.exe . More info here
- Update the alternate access mapping URLs under the central admin
- Update any entries under C:\Windows\System32\drivers\etc\hosts .
- iisreset
And everything is good as new!
Subscribe to:
Posts (Atom)