Exchange 2013 – Content Indexing during Migration

After the correct updates have finally been released last week (Exchange 2010 SP3 and Exchange 2013 CU1) it was time to get some Guinea Pigs… sorry, “Test Users” migrated over to Exchange 2013.

Some of the very small mailboxes were fine, but when it came to a real users mailbox the progressed appeared awfully slow. After taking a look at the log, I found it was full of:

The job is currently stalled due to ‘Content Indexing’ lagging behind on resource ‘CiAgeOfLastNotification()’

The message is a little misleading as it appeared that the content indexing wasn’t lagging at all, it was plain not working and showing as failed for the mailbox database.

After many reboots and diagnostics I still couldn’t figure this out, so I turned to google and finally after digging quite a bit I found the answer.

Please be aware that you will find this issue is most commonly talked about in reference to DAG groups replicating, but its a similar issue with migrations.

The answer was thanks to Bright Murewanhema on the technet forums (link), who contacted Microsoft Support for the resolution.

It appears that there’s a bug in Exchange 2013 RTM (which isn’t fixed by CU1 it appears) which causes the Exchange 2013 to not setup all the groups needed in Active Directory. The one in particular is called “ContentSubmitters”. You need to:

  1. Create the group yourself manually in Active Directory (I created in the existing exchange groups OU)
  2. Change the security on the group (not the members!) to allow “Administrators” and “NetworkService” accounts “Full Control”.
  3. Restart “Microsoft Exchange Search” on your mailbox server(s)
  4. Restart “Microsoft Exchange Search Host Controller” on your mailbox server(s)

After you have completed the above you should notice the mailbox databases content index status change to “Healthy” instead of “Failed”, and your migrations will start to transfer at a much more bearable rate.

Advertisements

SharePoint 2010: Classic to Claims Migration Gotcha

I’ve been migrating classic mode SharePoint 2010 sites to claims sites for a while now, so much that I even have a script to do it for me. However, for some reason I have never come across the problem I encountered today.

The documentation on converting a classic mode web application to a claims based application I though was pretty solid on technet. Today I came across a strange issue where the site collection administrator was getting access denied in odd locations… or locations I thought were odd because SharePoint hadn’t security trimmed the links as I thought it would if access really was denied.

Turns out there is a small paragraph at the very bottom of the article which essentially points out “don’t forget to update your super user/reader properties!”… which I did! Not sure why I haven’t come across this until now but hope this helps others with the same issue.

The below PowerShell should help you out in fixing the issue:

$wa = Get-SPWebApplication -Identity <web app url>
$wa.Properties[" portalsuperuseraccount"] = "i:0#.w|<super user account in domainlogin format>" 
$wa.Properties["portalsuperreaderaccount"] = "i:0#.w|<super reader account in domainlogin format"
$wa.Update()

Office Web Apps 2013 and SharePoint Issue relating to SSL

Came across and issue during the deployment of Office Web Apps 2013 when hooking up with SharePoint which caused some confusion.

Issue:

Error messages from the web apps when activating through SharePoint documents:

Word Document : "Sorry, there was a problem and we can't open this document. If this happens again, try opening the document in Microsoft Word."
Excel Document: "We couldn't find the file you wanted. It's possible the file was renamed, moved or deleted"
PowerPoint: "Sorry, we ran into a problem. Please try again"
One Note:"Sorry, you don't have permission to edit this notebook."

Cause

It appears the issue was related to Office Web Apps having been deployed on HTTPS while SharePoint was on HTTP.

Resolution

This is mentioned in the tech net documentation but it wasn’t very clear as it appeared to be the opposite way around, but the resolution is to allow SharePoint to use OAuth authentication over http instead of https (thanks to Imp44 for the solution at TechNet Forums )

The solution is to run the following on a SharePoint 2013 Server:

$config = (Get-SPSecurityTokenServiceConfig)
$config.AllowOAuthOverHttp = $true
$config.Update()

SharePoint 2010 Development Machine with Office 2013

If your trying to setup or change the configuration of SharePoint on a development machines which has Office 2013 install you may encounter some strange errors relating to types such as:

Failed to call GetTypes on assembly Microsoft.Office.InfoPath.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c. Could not load file or assembly ‘Microsoft.Office.InfoPath, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c’ or one of its dependencies. The system cannot find the file specified.

This is related to the way in which SharePoint is loading certain assemblies and struggles with the new assembly for InfoPath. Thanks to Hermanote for the workaround which is to remove the InfoPath feature from office only, and the error goes away.

SharePoint 2010 State Service Database

I recently found a small bug in the SharePoint 2010 PowerShell comlets for creating the state service database using “New-SPStateServiceDatabase”.

You will receive the rather unhelpful error message “Operation is not valid due to the current state of the object”. I believe this is a generic WCF error as that’s all I was able to find when researching what may cause the problem. However, it later transpired that this was because I was trying to use a database alias (or potentially database server) which SharePoint isn’t currently aware of, as using the alias (or database server) that was used for the initial farm setup didn’t result in the same issue.

Its taken me a while to find this one as the state service isn’t usually one of the first service applications I configure, so it appears most of the other service application creation cmdlets don’t mind registering a new database host, but for some reason this one does!

If you use sql alias (as a best practice you should) and have a different alias for service applications, I would advise creating another service application before creating the state service database in order to make sure SharePoint is aware of the alias/dbserver.

Lync 2013 – Front End Server ‘Starting’

Upgrading Lync to 2013 recently I came across a problem where the front end service simply wouldn’t start but would get stuck in “Starting” mode.

I spent quite a bit of time trying to figure out what the problem was and got caught up in some false information on the technet forums that it was related to Server 2012. In fact the problem was fairly simple if you know whats going on under the hood.

When the server firsts starts it synchronises user information from active directory, but here’s the kicker, if you have multiple domains in your active directory forest regardless of where the server lies, it will try to get user information from the other domains, if it can’t it won’t start, and in most cases you have probably like me only run the domain preparation step on the domain you want to use with Lync.

There’s two ways to resolve this depending on your requirements,

  1. Run the domain preparation step on all domains in your active directory forest.
  2. (My Preferred) Limit the user replication to the domain you want to use with Lync with the following powershell:
    Set-CsUserReplicatorConfiguration -Identity global -ADDomainNamingContextList @{Add="dc=fabrikam,dc=com"}

The PowerShell included above will limit the replication to the “fabrikam.com” domain only, misleading as the command may be (‘Add=’) as default the value is null (you can check with “Get-CSUserReplicatorConfiguration”) which essentially means all domains.

I didn’t find this issue to be that well documented or resolution 1, so hopefully this will help anyone else out there who has the same problem (and maybe remind myself if I ever want to include additional domains and can’t figure out why I can’t enable the users for Lync).

Big thanks to “JMTTech” on the technet forums for this one http://social.technet.microsoft.com/Forums/nb-NO/lyncserverpreview/thread/07ec9d8c-b83e-4795-91b6-0d3344cd49e5

SharePoint 2013 Pre-Requisites Configuration Error on Server 2012

As I started to configure our new SharePoint 2013 farm today I came across a problem when running the pre-requisites tool when it was attempting to install “Application Server and IIS Web Server roles” which resulted in very little in terms of error messages apart form “configuration error”.

After much searching and reading on Technet I wasn’t able to find out exactly what roles and features needed to be install so I could do this step manually. I resorted to simply adding most of the features I assumed would be needed based on what I remembered from a preview version install and discovered that it was due to .Net 3 not being present on the default install of Windows Server 2012. In order to install .Net 3 you have to have the original disk (or network location) where the files are stored in “:SourcesSxS”.

After I managed to install .Net 3 manually, the pre-requisites tool then progressed as expected.

UPDATE: This was incorrect, see below instead
If you are looking to install SharePoint 2013 on Windows Server 2012 I would recommend leaving the Windows Server 2012 disc in the drive or mounted, and using the new “mount iso” capability in 2012 to mount the SharePoint 2013 media so that the default sources location is available. If however, you end up in a similar situation, simply install .Net 3 manually using the “Add Roles or Features” as normal and this will prompt you to specify a location where the Side By Side files can be found.

I will hence forth refer to this as “SharePoint 2013 Gotcha #1” (Although technically its Windows Server 2012 being difficult)

Update: I had an opportunity to check this again and found that having the disc in the drive simply isn’t enough. Manually install the following using “Add Roles and Features” and specify the SxS (Drive:SourcesSxS of install media) location when the notification appears in the roles and features wizard:

  • .Net Framework 3.5 Feature
    • .Net Framework 3.5
  • Web Server (IIS)
    • Web Server
      • Application Development
        • ASP.NET 3.5
        • .NET Extensibility 3.5