About global threat of WannaCrypt attacks

A significant number of customers have reported ransomware (Win32.WannaCrypt ) that was suspected to be introduced into their environment via email, this malware is using Social Engineering to target companies. Microsoft Anti-Malware products have been updated and detect the present version of this malware from definition version 1.243.290.0 onwards

Customer Guidance for WannaCrypt attacks

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Impacted customers who were unpatched and infected will work through disaster recovery plans to rebuild and/or patch their systems.

1. Install Security Update MS17-010, to PREVENT further spread of the malware
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
2. Create the registry key to disable SMBv1 (used only if Security Update MS17-010 cannot be applied)
3. Updated Antivirus definitions should be applied (Microsoft Anti-Malware products detect the present version of this malware from definition version 1.243.290.0 onwards

For More details pls follow Windows Security Blog
https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/

Unable to open BDC Service Application UI from Central Admin site

Here is the issue definition that If we go to Central Admin – Manage service Applications -> Businees Datas Conectivity Service Application we obtain an error:

“Something went wrong” and a Correlation ID
Error message seen:
Event ID 8085 Event Viewer The BDC Service application Business Data Connectivity Service is not accessible. The full exception text is: Access is denied.
At logs:
SPIisWebServiceAuthorizationManager: SPIisWebServiceApplication with name ‘Business Data Connectivity Service’ and type ‘Microsoft.SharePoint.BusinessData.SharedService.BdcServiceApplication’ received request with ServiceSecurityContext whose primary identity has no valid data to check against ACL.
An exception occurred while writing a service call usage entry. Exception details: System.ObjectDisposedException: Safe handle has been closed
at System.Runtime.InteropServices.SafeHandle.DangerousAddRef(Boolean& success)
at Microsoft.Win32.Win32Native.GetTokenInformation(SafeTokenHandle TokenHandle, UInt32 TokenInformationClass, SafeLocalAllocHandle TokenInformation, UInt32 TokenInformationLength, UInt32& ReturnLength)
at System.Security.Principal.WindowsIdentity.GetTokenInformation(SafeTokenHandle tokenHandle, TokenInformationClass tokenInformationClass)
at System.Security.Principal.WindowsIdentity.get_User()
at System.Security.Principal.WindowsIdentity.GetName()
at System.Security.Principal.WindowsIdentity.get_Name()
at Microsoft.SharePoint.Utilities.SPUtility.GetCurrentThreadUserLogin(Boolean fFallbackToEnv)
at Microsoft.SharePoint.Administration.SPUsageManager.LogUsage(SPUsageEntry usageEntry)

The BDC Service application Business Data Connectivity Service is not accessible. The full exception text is: Access is denied.

From Central Administration Site when we try to open BDC service we have making a WCF request to Business Connectivity Service

Name=Request (GET:http://contoso.com:3760/_admin/BDC/ViewBDCApplication.aspx?AppId=ec61c2eb-a874-4dfd-8245-0476da3d2731)
WcfSendRequest: RemoteAddress: ‘http://contoso.com:32843/b02ca86c7cb94143bb8277579dbc505c/BdcService.svc/http’ Channel: ‘Microsoft.SharePoint.BusinessData.SharedService.IBdcServiceApplication’ Action: ‘http://www.microsoft.com/Office/2009/BusinessDataCatalog/BusinessDataCatalogSharedService/MetadataObjectCreate’
WcfReceiveRequest: LocalAddress: ‘http://contoso.com:32843/b02ca86c7cb94143bb8277579dbc505c/bdcservice.svc/http’ Channel: ‘System.ServiceModel.Channels.ServiceChannel’ Action: ‘http://www.microsoft.com/Office/2009/BusinessDataCatalog/BusinessDataCatalogSharedService/MetadataObjectCreate’

We have facing an authentication problem on Claims authentication. Looks that “User is not authenticated”

So it bring us to “Security Token Service” Application before calling BDC request

Claims Authentication af3y2 VerboseEx STS Call Claims Windows: Adding claim with type ‘http://sharepoint.microsoft.com/claims/2009/08/isauthenticated’, value ‘False’, value type ‘http://www.w3.org/2001/XMLSchema#string’, issuer ‘SharePoint’ and original issuer ‘SecurityTokenService’.
Claims Authentication af3y1 VerboseEx We are copying claim with type ‘http://sharepoint.microsoft.com/claims/2009/08/isauthenticated’, value ‘False’, value type ‘http://www.w3.org/2001/XMLSchema#string’, issuer ‘SharePoint’ and original issuer ‘SecurityTokenService’.

For Resolution and TroubleShooting suggestions

-> Check BDC Service Application has only Anonymous Authentication has enabled and “windows authentication” has disabled.
-> Check The Security Token Service Authentications are “Anonymous” and “Windows Authentication” has enabled.
-> Check IIS > SharePoint Web Services > Only Windows Auth should be selected.
-> Check BDC Service Application Anonymous Authentication Identity has set for “IUSR”
-> Check Top Level IIS Anonymous Authentication Identity has set for “IUSR”

1. Open IIS manager
2. Highlighted server name
3. Select Authentication from center pane
4. Highlight “Anonymous Authentication” and be sure it is Enabled
5. Click on “Edit…”
6. Select the “Specific User” radio box and click “Set”
7. Enter IUSR in the “User name:” box on the Set Credentials window.
— Note you do not need to enter a password.
8. Click OK to apply, then OK to apply.

Delete inactive users in user profiles

For more detail there is a very good article about how mysite clean up job is working.
https://blogs.msdn.microsoft.com/kaevans/2012/06/25/inside-the-sharepoint-2010-my-site-cleanup-timer-job/

Well , if you have a scenario that you can not run somehow my site clean up job, or intentionally stopped for a reason and if you need to clean inactive user profiles following powershell script will help you to remove inactive (non-imported) profiles in User Profile Service in SharePoint.

#PowerShell Script – Delete Inactive User Profiles – SharePoint 2010/2013

#The scripts is distributet “as-is.” Use it on your own risk. The author give no warranties, guarantees or conditions.

if ((Get-PSSnapin “Microsoft.SharePoint.PowerShell” -ErrorAction SilentlyContinue) -eq $null) {
    Add-PSSnapin “Microsoft.SharePoint.PowerShell”
}

$site = Get-SPSite “<site url>
$ctx = Get-SPServiceContext $site
$pm = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($ctx)

$ProfileDB = Get-SPDatabase | ? { $_.Type -eq “Microsoft.Office.Server.Administration.ProfileDatabase”}

$SqlConnection = New-Object System.Data.SqlClient.SqlConnection
$SqlConnection.ConnectionString = $ProfileDB.DatabaseConnectionString
$SqlCmd = New-Object System.Data.SqlClient.SqlCommand
$SqlCmd.CommandText = “select NTName,RecordId from UserProfile_Full where bDeleted=1″
$SqlCmd.Connection = $SqlConnection
$SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter
$SqlAdapter.SelectCommand = $SqlCmd
$DataSet = New-Object System.Data.DataSet
$SqlAdapter.Fill($DataSet)
$SqlConnection.Close()

Write-host “Total Count: ” $DataSet.Tables[0].Rows.Count
Write-Host “Following Inactive Accounts will be deleted !”

foreach($user in $DataSet.Tables[0].Rows)
{
   write-host “Planning to delete :” $user[“NTName”] -ForegroundColor Green
   $profile = $pm.GetProfile($user[“RecordId“])
    #To enable delete operation remove comment out for below line
    #$pm.RemoveProfile($profile)
    #write-host $user[“NTName”] is deleted!!! -ForegroundColor Red
}
write-host “Operation Completed !”

 

Workflow Manager 1.0 CU3

Hello Folks,

I have noticed recently we have released Cumulative Update 3.0 for Workflow Manager 1.0 at 30/12/2015
https://support.microsoft.com/en-us/kb/3104066

Important :
– For a prerequisite Service Bus 1.1 for Windows Server must be installed on the computer.
-You may have to restart the computer after you apply this cumulative update.

Some info on how to install the hotfix:
1. Install workflowmanagerclient_x64.msi first
2. Then install workflowmanager-kb3104066-x64.exe

After installing the fixes, open the workflow manager powershell and run these commands.
1. stop-sbfarm on any one server
2. start-sbfarm on any one server
3. stop-wfhost on each server
4. start-wfhost on each server

Issues that are fixed in this cumulative update

Issue 1:
The workflow manager back-end service crashes intermittently, and you may experience the following exception:

System.AggregateException: One or more errors occurred. —&gt; System.Net.ProtocolViolationException: Cannot send a content-body with this verb-type.
at Microsoft.Workflow.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
at Microsoft.Activities.Hosting.HostedHttpExtension.HttpRequestWorkItem.HttpRequestWorkItemAsyncResult.End(IAsyncResult result, Int32&amp; responseCode)
at Microsoft.Activities.Hosting.HostedHttpExtension.HttpRequestWorkItem.OnEndComplete(ScheduledWorkItemContext context, IAsyncResult result)
at Microsoft.Activities.Hosting.ScheduledWorkItem.EndComplete(ScheduledWorkItemContext context, IAsyncResult result)
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.SingleNonTransactionalWorkItemComplete(IAsyncResult result)
—End of inner exception stack trace —
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.UpdateNonTransactionalWork()
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.Isolate(AsyncCompletion callback, IAsyncResult result)
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.SingleNonTransactionalWorkItemComplete(IAsyncResult result)
— End of inner exception stack trace —
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.UpdateNonTransactionalWork()
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.Isolate(AsyncCompletion callback, IAsyncResult result)
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.SingleNonTransactionalWorkItemComplete(IAsyncResult result)

Issue 2:
The workflow manager back-end service crashes intermittently with the following exception:

System.ArgumentException: An item with the same key has already been added.
at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
at System.Collections.Generic.Dictionary`2.Add(TKey key, TValue value)
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.ProcessWaiter()
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.ProcessMatch(Boolean consumeInput)
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.StartEpisode()
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.ReceiveNextMessage()
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.UpdateNonTransactionalWork()
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.ProcessNonTransactionalWork()
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.ProcessWaiter()
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.ProcessMatch(Boolean consumeInput)
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.StartEpisode()
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.ReceiveNextMessage()
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.UpdateNonTransactionalWork()
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.Isolate(AsyncCompletion callback, IAsyncResult result)   at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.ExceptionHandlingFrame(IAsyncResult result)

Issue 3:
The workflow manager back-end service crashes intermittently with the following exception:

System.ArgumentNullException: Value cannot be null.
Parameter name: key
at System.Collections.Generic.Dictionary`2.FindEntry(TKey key)
at System.Collections.Generic.Dictionary`2.TryGetValue(TKey key, TValue& value)
at Microsoft.Activities.Hosting.InputWaiterTable.InternalMatch(EventTraceActivity traceActivity, DateTime now, MessageDispatchProperties input, Guid currentInstanceId, Boolean removeWaiter, Guid currentSuspensionId, Boolean& consumeInput)
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.StartEpisode()   at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.ReceiveNextMessage()

Issue 4:
The workflow manager back-end service crashes intermittently with the following exception:

System.ArgumentException: An item with the same key has already been added.
at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
at System.Collections.Generic.Dictionary`2.Add(TKey key, TValue value)
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.ProcessWaiter()
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.Isolate(AsyncCompletion callback, IAsyncResult result)
at Microsoft.Activities.Dispatcher.DispatchLoopInstanceAsyncResult.ExceptionHandlingFrame(IAsyncResult result)

Issue 5:
The restore scope operation fails, and you experience a unique key violation error as follows:

Restore-WFScope : Cannot insert duplicate key row in object ‘dbo.Activities’
with unique index ‘IX_Activities_Name_Version’. The duplicate key value is
(fef3537a-eefe-1340-5d86-335e62409f9c, IsEqualUser, 1).
The statement has been terminated.At C:\restoreScope.ps1:12 char:1

Issue 6:
Workflow manager front end can’t report notification errors if a workflow notification message contains properties differ only in case. Instead, it emits the following exception in the event log:

System.ArgumentException: An item with the same key has already been added.
at Microsoft.Workflow.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
at Microsoft.Workflow.Gateway.HttpAsyncResult.End[TAsyncResult](IAsyncResult result)
at Microsoft.Workflow.Gateway.PublishWorkflowEventAsyncResult.End(IAsyncResult result)
at Microsoft.Workflow.Gateway.WorkflowServiceGateway.ExceptionFilter[T](Func`1 body)   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)

Issue 7:
Instance is suspended instead of terminated if a non-transaction (Http) work item throws an exception.

Issue 8:
Enables WFM client to let you control retry behavior on http requests. You can add retry logic in the error handler on publish notification failures in WFM client.

Issue 9:
Fixes the Set-WFCertificate command to enable users to update outgoing signing certificate thumbprint in WFM farm configuration.

Issue 10:
Fixes transaction leaks that are caused by stored procedure execution failures on workflow manager front end when you publish a workflow.

SharePoint 2016 Preview Hardware and Software Requirements

Operating System Requirements

SharePoint Server 2016 Preview is supported on Windows Server 2012 R2 and the Windows Server Technical Preview “Threshold”.

Windows Server 2012 R2
http://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012-r2

Windows Server Technical Preview
http://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview

SharePoint Database Server Requirements

SharePoint Server 2016 Preview is supported SQL Server 2014 and SQL Server 2016. You can download evaluation copies of both database servers from the TechNet Evaluation Center.

SQL Server from the TechNet Evaluation Center at http://www. microsoft.com/en-us/evalcenter/evaluate-sql-server-2014.

.NET Framework requirement

The required version of .NET Framework is different for Windows Server 2012 R2 and Windows Server Technical Preview “Threshold”.

Windows Server 2012 R2: SharePoint 16 requires .NET Framework 4.5.2
Windows Server Technical Preview “Threshold”: SharePoint 16 requires .NET Framework 4.6 Preview, which comes with Windows Server Technical Preview “Threshold”.

Starting January 13, 2016, .NET Framework 4.5.2 will be the minimum version of .NET Framework 4.x supported by Microsoft.
See the Microsoft .NET Framework Support Lifecycle Policy FAQ at http://support.microsoft.com/gp/Framework_FAQ for more information.

Which URLs must be configured on a firewall/ proxy in order to run a diagnostic package?

https://support.microsoft.com/en-us/kb/2598970

The following URLs are accessed when you run a diagnostic package:

SharePoint 2013 Workflows – High Availability (MSMQ)

Workflow Manager only supports a farm with 1 computer or a farm with 3 computers.
http://msdn.microsoft.com/en-us/library/jj193434(v=azure.10).aspx

There is a very good article by harbar.net  that you can read details .
“However this isn’t high availability, its horizontal scalability. It’s pretty sweet. The trouble is the perception that “Service Bus takes care of everything”. Which is not the Case…

When we create a connection to a Workflow Manager farm from a SharePoint farm with the Register-SPWorkflowService cmdlet we pass in a WorkflowHostUri parameter. This typically is the host name of a Workflow Manager host. If we have three Workflow Manager hosts, which host name should we use? Well we can use anyone we like, as long as it’s valid. This will work. But it’s not highly available. If that particular host is down for whatever reason, our Workflow Connection – which is a Service Application Proxy – will be broken and we cannot configure or execute any SharePoint 2013 workflows.”

http://www.harbar.net/articles/wfm1.aspx

The servers should be configured with a software or hardware load balancer for proper load balancing, or can be accessed directly”
Load Balancing is a solution for this issue but it is not enough .
As again

“A load balancer generally does load balancing. Whether it’s NLB or ARR or an “intelligent”, “hardware” device from the usual suspects, it doesn’t make any difference. They all require configuration and scripting to truly function for HA. If all you need is a solution for when you reboot a host due to Windows Updates or similar scenarios you are good. But for everything else you need to tell the load balancer how to be “intelligent”, it will not happen out of the box.”
http://www.harbar.net/articles/wfm1.aspx

there is also one more resolution for high availability : MSMQ.
MSMQ is a Windows Server feature that you can enable on your SharePoint Server computer to allow asynchronous event messaging in SharePoint workflows. To support asynchronous event messaging, you must enable MSMQ on your SharePoint Server computer.
http://msdn.microsoft.com/en-us/library/office/dn467936(v=office.15).aspx

After MSMQ installed it can be easily activate by powershell:

$proxy = Get-SPWorkflowServiceApplicationProxy
$proxy.AllowQueue = $true;
$proxy.Update();

MSMQ provides Queue functionality  for SharePoint side , like Service Bus does  for Workflow Manager side. If we summarize
For High Availability:

1) Scale up your Workflow Manager Farm by 3 server.
2) Configure Workflow Manager host uri for your LB and DNS as correctly
3) And Use MSMQ !!! which is not OOB enabled for SharePoint 2013 servers.