SharePoint 2016 Workflow Manager Registration error

I tried to register Workflow Manager with my SharePoint site collection on a new SharePoint 2016 farm. I followed this article and everything was fine until the last step in the process,  registering the Workflow Manager in SharePoint using this command:

Register-SPWorkflowService –SPSite “http://sharepoint” –WorkflowHostUri https://workflow:12291

Unfortunately I struck the following error:

Register-SPWorkflowService : Failed to query the OAuth S2S metadata endpoint at URI ‘http://sharepoint/_layouts/15/metadata/json/1;. Error details: ‘An error occurred while sending the request.’. HTTP headers received from the server….

Quite a few people reported this as being an issue with DNS registrations e.g. the SharePoint site URL not being accessible. I checked DNS name resolution and everything looked fine, so it must something else. If you are having name resolution issues try using a hosts file entry on the SharePoint server to resolve the issue.

The solution was to enable OAuth and Metadata over HTTP. To enable these settings use the following PowerShell on the SharePoint server:

$cfg = Get-SPSecurityTokenServiceConfig
$cfg.AllowOAuthOverHttp = $true
$cfg.AllowMetaDataOverHttp = $true
$cfg.Update()

Now rerun the Register-SPWorkflowService PowerShell command to complete the registration.

I hope this saves you a bit of time!

SharePoint Managed Account Login Failures KB3177108

SharePoint allows you to config “managed accounts” used to run service applications to automatically change passwords. I normally turn this on as it is a good way to help ensure those accounts are secure.

Today I worked on an issue where the accounts were failing to login. In IIS I could see various App Pools using the managed accounts were stopped. I restarted them but they stopped again immediately.

To make matters worse, I was unable to use Central Admin to reset the passwords.

Here’s what I did to solve the issue:

  • In IIS I noted the name of the Service Account assigned to the stopped App Pool
  • In Active Directory, I reset the password and set the account to never expire
  • On the SharePoint server, I used PowerShell to reset the Service Account password to a known password using this command:

Set-SPManagedAccount -identity Domain\User -ExistingPassword (Convertto-Securestring “P@ssword” -AsPlainText –Force)

  • Back to IIS again, restarted the App Pool
  • Repeat for all Managed Accounts with automatic password refresh

So what caused this?

A Windows update installed onto the Domain Controllers was the issue. KB3177108 has a known issues which prevents the Kerberos negotiate process from falling back to NTLM. The KB article goes into detail on this and some work arounds.

Phew! We’re back online again. Happy days!

Microsoft Teams

TwMicrosoft Teams is a new collaboration tool for Office 365 users. It is available now in “preview” to anyone with Office 365 Small Business, Enterprise and Education plans.

Firstly, what is Teams? If you believe the hype on social media then it is the death of Slack, but I think that is a pretty superficial view. I think it will be more interesting to see what Microsoft does with Yammer next and we let Slack worry about their business.

Teams brings chat based collaboration to Office 365. That’s the key point here, it makes it easy to converse, get links from recently worked on documents and create virtual teams with the people you work with.

Key features

A short (but not complete) list of features:

  • Ability to create teams from other users in Office 365
  • Instant messaging
  • Outlook integration for meetings
  • SharePoint Online and One Drive for Business integration for files
  • Integration with Trello, Github, Wunderlist and Twitter via connectors

Getting Started

Before you can start using Teams, it must be activated on your Office 365 Tenant. This is done via the Admin Portal using these instructions.

Once done, Teams can be accessed via the website https://teams.microsoft.com or using the Apps for Windows, iOS and Android. In the Apple App Store search for “Microsoft Teams”.

Expect updates

I’ve watched Microsoft develop Power BI over the last couple of years then I think we can probably expect a similar approach for Teams. Lots of regular updates bringing incremental improvements very rapidly.

The first update I would like to see is the ability to federate with other Office 365 tenants. The ability to collaborate better with other organisations must surely be high on the feature roadmap!

Recovering SharePoint

As a SharePoint Administrator, it is critically important that you understand the backup process. Don’t just take the word of the person whose job is to look after backups, then aren’t experts in SharePoint. You should also take time to understand the different recovery options available to you and practice restoring each scenario, so when disaster strikes the recovery process is understood and appropriate to the situation.

Over the past two or three months I’ve received a couple of calls from people with serious SharePoint issues wanting to know how to roll back to a previous backup. Before doing that it you really need to ask yourself do I really need to roll back and what is the impact?

 

On one occasion the issue was related to a failed installation of a SharePoint CU. The SharePoint farm was down and had a very large amount of content.

Key Point: The issue was a failed CU install.

In this case the Configuration Database was corrupt but the user content was OK. The solution was to restore the Configuration Database only (take a backup of the current one first, just in case). Once this was done the Cumulative Update was reapplied.

In another case the issue was a user had deleted a site containing several document libraries. The site collection recycle bin had been emptied, so items couldn’t be recovered from here. The site collection contained many other sites and restore from backup would have resulted in a day’s worth of changes being lost.

Key Point: The issue was with one content database

SharePoint allows ‘Unattached Content Database recovery’ via Central Admin. To get the site back, we restored the Content Database from the most recent backup to a different name and then used Central Admin to extract the missing site from the restored the missing site.

In both cases above the recovery was quick because SQL dumps were being used to backup the SQL server hosting SharePoint’s databases. Some backup solutions allow item, library and site level restore and this could have also helped.

One thing to bear in mind when thinking about backup software is that some solutions need sufficient disk space to restore the database before extracting the items you want to recover. I’ve heard of more than one person struggling to recovery because they don’t have space available.

Remember that SharePoint has recycle bins at both the user and site collection level. This should always be the first place you look.

My advice to SharePoint Administrators is to make backup and recovery a priority. Own it because if disaster strikes, you are the person people will turn to.

SharePoint Online Provisioning PnP

At this weeks New Zealand Digital Workplace Conference I attended a session introducing the Provisioning PnP (Patterns and Practice) resources. This is a fantastic resource for SharePoint Online administrators and consultants.

It provides a set of PowerShell commands that allow administrators to build a template of a SharePoint Online site (or features within a site e.g just a library or list) and then redeploy the template to another site.

Three big features:

  • It isn’t tenant specific, so you can make a template from one tenant and deploy to another. Great for Dev to UAT to Production.
  • The templates can be updated and redeployed to update existing sites built from the template!
  • The templates are XML files that can be manually updated.

The Provisioning PnP also includes commands that can help audit sites, lists and libraries for specific settings. For example, you can find a list of sites with a specific feature enabled or web-part installed.

The Provisioning PnP is free and is part of a larger PnP resource which is receiving monthly updates.

Resources:

This is a fantastic addition to the tool kit but wait there’s more. The PnP website is full of useful resources, created by experts for the community.

Thank you to Paul Culmsee for sharing his experiences with us at #DWCNZ.

Nintex Web Part Maintenance Page error

When applying a custom master page to our SharePoint site, we struck an issue with opening Nintex forms.

Sorry, something went wrong

An unexpected error has occurred.

Web Parts Maintenance Page: If you have permission, you can use this page to temporarily close Web Parts or remove personal settings. For more information, contact your site administrator.

 

After a bit of digging around with ULSviewer, we found this error in the SharePoint Log

Application error when access /site/Lists/ourlist/DispForm.aspx, Error=The control collection cannot be modified during DataBind, Init, Load, PreRender or Unload phases.

at System.Web.UI.ControlCollection.Add(Control child) 

at Nintex.Workflow.Forms.ControlTemplates.ListForm.OnInit(EventArgs e) 

at System.Web.UI.Control.InitRecursive(Control namingContainer) 

at System.Web.UI.Control.InitRecursive(Control namingContainer) 

at System.Web.UI.Control.AddedControl(Control control, Int32 index) 

at Microsoft.SharePoint.WebPartPages.ListFormWebPart.CreateChildControls() 

at System.Web.UI.Control.EnsureChildControls() 

at Microsoft.SharePoint.WebPartPages.WebPart.get_WebPartMenu() 

at Microsoft.SharePoint.WebPartPages.ListFormWebPart.CreateWebPartMenu() 

at Microsoft.SharePoint.WebPartPages.ListFormWebPart.OnLoad(EventArgs e) 

at System.Web.UI.Control.LoadRecursive() 

at System.Web.UI.Control.LoadRecursive() 

at System.Web.UI.Control.LoadRecursive() 

at System.Web.UI.Control.LoadRecursive() 

at System.Web.UI.Control.LoadRecursive() 

at System.Web.UI.Control.LoadRecursive() 

at System.Web.UI.Control.LoadRecursive() 

at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

The problem was definitely master page related, because it didn’t occur when we switched back to the default SharePoint master page.

The solution:

In the custom master page, look for the following code.

Move this code block from the Header in to the Body of the master page

<!–MS:<SharePoint:AjaxDelta id=”DeltaSPWebPartManager” runat=”server”>–>
<!–MS:<WebPartPages:SPWebPartManager runat=”server”>–>
<!–ME:</WebPartPages:SPWebPartManager>–>
<!–ME:</SharePoint:AjaxDelta>–>

Try opening the Nintex form again and with any luck your error will go away.

I believe this issue happens because Nintex forms ignore the header part of the master page. Someone with more developer knowledge than me might be able to explain further.

[Updated]

The HTML master page SPWebPartManager position can also be part of the problem. Make sure this is positioned in the <body> section too. I noticed that if this was in the wrong place, it could cause the error above for all users except Site Collection Admins.

See the reference section of this MSDN article for an example of correctly format HTML

How to: Convert an HTML file into a master page in SharePoint 2013