Unable to open documents using direct links from SharePoint 2019

23/08/2019

Update (30-09-2019): This issue will be fixed by Microsoft with November CU 2019 for SharePoint Server 2019.

The response from the server is missing the X-MS-InvokeApp: 1; RequireReadOnly header.

This issue happens when SharePoint configures new IIS Site, when we are creating a new web application or extending it. Where messed up one of the Response Header configuration which causes missing other required response headers like X-MS-InvokeApp: 1; RequireReadOnly

That causes Unable to open documents using direct links from SharePoint 2019.

ResponseHeaders

But it can be fix easy and manually.

Just go for your SharePoint IIS Site in IIS and open Response Headers and locate
-> “MicrosoftSharePointTeamServices: 16.0.0.10347” this is the issue
you need to move version to “Value”.

https://social.technet.microsoft.com/Forums/en-US/7f9d9994-e1a1-4e9d-aed3-8b28df848341/sharepoint-2019-response-headers-are-mixed-up?forum=SP2019

Our product group is aware this issue and working on this. (26/Agu/2019)

 

Filed under SharePoint 2019 Tagged with , , , ,

Unable to open BDC Service Application UI from Central Admin site

11/02/2017 Leave a comment

Here is the issue definition that If we go to Central Admin – Manage service Applications -> Businees Datas Conectivity Service Application we obtain an error:

“Something went wrong” and a Correlation ID
Error message seen:
Event ID 8085 Event Viewer The BDC Service application Business Data Connectivity Service is not accessible. The full exception text is: Access is denied.
At logs:
SPIisWebServiceAuthorizationManager: SPIisWebServiceApplication with name ‘Business Data Connectivity Service’ and type ‘Microsoft.SharePoint.BusinessData.SharedService.BdcServiceApplication’ received request with ServiceSecurityContext whose primary identity has no valid data to check against ACL.
An exception occurred while writing a service call usage entry. Exception details: System.ObjectDisposedException: Safe handle has been closed
at System.Runtime.InteropServices.SafeHandle.DangerousAddRef(Boolean& success)
at Microsoft.Win32.Win32Native.GetTokenInformation(SafeTokenHandle TokenHandle, UInt32 TokenInformationClass, SafeLocalAllocHandle TokenInformation, UInt32 TokenInformationLength, UInt32& ReturnLength)
at System.Security.Principal.WindowsIdentity.GetTokenInformation(SafeTokenHandle tokenHandle, TokenInformationClass tokenInformationClass)
at System.Security.Principal.WindowsIdentity.get_User()
at System.Security.Principal.WindowsIdentity.GetName()
at System.Security.Principal.WindowsIdentity.get_Name()
at Microsoft.SharePoint.Utilities.SPUtility.GetCurrentThreadUserLogin(Boolean fFallbackToEnv)
at Microsoft.SharePoint.Administration.SPUsageManager.LogUsage(SPUsageEntry usageEntry)

The BDC Service application Business Data Connectivity Service is not accessible. The full exception text is: Access is denied.

From Central Administration Site when we try to open BDC service we have making a WCF request to Business Connectivity Service

Name=Request (GET:http://contoso.com:3760/_admin/BDC/ViewBDCApplication.aspx?AppId=ec61c2eb-a874-4dfd-8245-0476da3d2731)
WcfSendRequest: RemoteAddress: ‘http://contoso.com:32843/b02ca86c7cb94143bb8277579dbc505c/BdcService.svc/http’ Channel: ‘Microsoft.SharePoint.BusinessData.SharedService.IBdcServiceApplication’ Action: ‘http://www.microsoft.com/Office/2009/BusinessDataCatalog/BusinessDataCatalogSharedService/MetadataObjectCreate’
WcfReceiveRequest: LocalAddress: ‘http://contoso.com:32843/b02ca86c7cb94143bb8277579dbc505c/bdcservice.svc/http’ Channel: ‘System.ServiceModel.Channels.ServiceChannel’ Action: ‘http://www.microsoft.com/Office/2009/BusinessDataCatalog/BusinessDataCatalogSharedService/MetadataObjectCreate’

We have facing an authentication problem on Claims authentication. Looks that “User is not authenticated”

So it bring us to “Security Token Service” Application before calling BDC request

Claims Authentication af3y2 VerboseEx STS Call Claims Windows: Adding claim with type ‘http://sharepoint.microsoft.com/claims/2009/08/isauthenticated’, value ‘False’, value type ‘http://www.w3.org/2001/XMLSchema#string’, issuer ‘SharePoint’ and original issuer ‘SecurityTokenService’.
Claims Authentication af3y1 VerboseEx We are copying claim with type ‘http://sharepoint.microsoft.com/claims/2009/08/isauthenticated’, value ‘False’, value type ‘http://www.w3.org/2001/XMLSchema#string’, issuer ‘SharePoint’ and original issuer ‘SecurityTokenService’.

For Resolution and TroubleShooting suggestions

-> Check BDC Service Application has only Anonymous Authentication has enabled and “windows authentication” has disabled.
-> Check The Security Token Service Authentications are “Anonymous” and “Windows Authentication” has enabled.
-> Check IIS > SharePoint Web Services > Only Windows Auth should be selected.
-> Check BDC Service Application Anonymous Authentication Identity has set for “IUSR”
-> Check Top Level IIS Anonymous Authentication Identity has set for “IUSR”

1. Open IIS manager
2. Highlighted server name
3. Select Authentication from center pane
4. Highlight “Anonymous Authentication” and be sure it is Enabled
5. Click on “Edit…”
6. Select the “Specific User” radio box and click “Set”
7. Enter IUSR in the “User name:” box on the Set Credentials window.
— Note you do not need to enter a password.
8. Click OK to apply, then OK to apply.

Filed under SharePoint 2013, SharePoint 2016, Uncategorized Tagged with , , , , , ,

Unable to create DataSource with using Excel Service in DashBoard Designer

01/08/2012 Leave a comment

The symptoms are when you lunch PerformancePoint DashBoard Designer and try to create a new Data Connection like
Right Click Data Connections and select “New DataSource” -> Excel Services and Click Ok. you should have get an error like
“An unexpected system error has occured.Additional details have been logged for your administrator.”

In ULS Logs you can see the fallowing error:

An unexpected error occurred.  Error 8205.  Exception details: System.Web.Services.Protocols.SoapException: You do not have permissions to open this file.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.PerformancePoint.Scorecards.Client.ExcelService.OpenWorkbook(String workbookPath, String uiCultureName, String dataCultureName, Status[]& status)
at Microsoft.PerformancePoint.Scorecards.DataSourceProviders.ExcelServicesDataSourceProvider.GetCubeMetaData(Boolean extendedMetadata)
at Microsoft.PerformancePoint.Scorecards.Server.PmServer.GetCubeMetaDataForDataSourceHelper(DataSource dataSource, Boolean extendedMetadata)
at Microsoft.PerformancePoint.Scorecards.Server.PmServer.GetCubeMetaDataForDataSource(DataSource dataSource)

The cause is Anonymous Authentication is not supported if you need to connect Excel Services by DashBoard Designer.

“You cannot connect to an Excel Services data source when the site or library containing the workbook you are trying to connect to is set to Anonymous Access.” http://technet.microsoft.com/en-us/library/ff191193.aspx

For solution
1) Disable “Anonymous Authentication” from IIS Management Console -> Authentication -> Anonymous Authentication

2) If you still need anonymous authentication than extend the site without Anonymous Authentication.

Filed under Sharepoint 2010 Tagged with , , , , , , , , , , ,

When try to change application pool identity for a sharepoint iis site getting “keyset does not exists” error

05/05/2012 Leave a comment

One day you noticed that your application pools getting stopped and when try to run again it is stopping again and after a while you suspected that the problem may be caused by identity account corruption and decided that change application pool identity or reset current identity’s password but then upps your getting fallowing error.
“Keyset does not exists (Exception from HRESULT: 0x80090016)

If you get this error first you have to check your MACHINE Keys.By the way i have to say the machine key not only used by IIS or your web sites. So many process can use machine keys to encrypt or decrypt secures like strings,passwords,connection strings etc. As you noticed if some how your machine keys are changed or deleted you may have a big problem if you dont have any proper backup.

but how could that happens ? There is so many possibility here , Malwares,Group Policies,Permission issues, User mistakes , Cleanup programs, misconfigrurations.
So you may first check the fallowing
http://support.microsoft.com/kb/977754

The LOCAL SERVICE account is the service account of the IIS Web Management Service (also known as WMSvc).  This problem occurs because the LOCAL SERVICE account does not have Read access on the iisWasKey key that is located in the following folder: %ALLUSERSPROFILE%\Microsoft\Crypto\RSA\MachineKeys
The following is the file name of the iisWasKey key: 76944fb33636aeddb9590521c2e8815a_GUID
To resolve this problem, follow these steps:

  1. Locate the following folder:
    %ALLUSERSPROFILE%\Microsoft\Crypto\RSA\MachineKeys
  2. Right-click the following file, and then click Properties:
    76944fb33636aeddb9590521c2e8815a_GUID
  3. Click the Security tab, and then click Edit. If you are asked whether you want to continue the operation, click Continue. Then, the list of group names and user names that have access to this key file appears in the Permissions dialog box.
  4. Click Add. Then, the Select Users, Computers, Service Accounts, or Groups dialog box appears.
  5. Type  LOCAL SERVICE, and then click Check Names.
  6. Click OK.
  7. In the Group or user names list, click LOCAL SERVICE. Make sure that the Read check box is checked in the Permissions for LOCAL SERVICE list.
  8. Click OK.

Compare HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid for records in
%ALLUSERSPROFILE%\Microsoft\Crypto\RSA\MachineKeys folder .

So what if you have missing keys:
There is two option.
1) Restore missing keys from newest good backup.
2) I am sorry to say that but second option is Total recovery:
You need to reinstall  SharePoint or IIS even may need all machine. And after do that you must reset all your sharepoint managed accounts’s password.

Machine Keys are important for security and always consider to save them.If you are suspecting that your machine keys stolen you may need to reset your all passwords not for sharepoint all accounts for that machine in use and dont forget machine keys not use only by IIS.

if you think that the issue related a permission issue you may use “Process Monitor” to find out which process can not reach your data.
http://technet.microsoft.com/en-us/sysinternals/bb896645

 

Filed under Sharepoint 2010 Tagged with , , , , ,

How to collect IIS Logs for a SharePoint Web Application

12/04/2012 1 Comment

Hello All,

When working with Microsoft Support for some cases the support engineers ( like me ) may request IIS Logs for investigation.
So in this article i am going to tell how you can collect IIS Logs correctly.

1) You have to detect your IIS Web site on IIS Console because your site url and your web application name can be different.
First connect your Central Administration and click “Managed Web Application”‘s link .

but my Web Application Name is SharePoint – 8080

2) Open your IIS Manager and find and click your webapplication name

3) Click the “Advanced Settings” in Action pane.

4) Please not your IISsite ID for this example is 1442344892

5) Click “Logging” icon

6) Detect where the IIS logs are kept in which folder

7) Open this folder in Windows Explorer and find your related folder in it according your IISSite ID. In this scenario the folder is W3SVC1442344892
You can open windows explorer by “Start” -> “Run” and copy paste highlighted path on above screenshot and press enter.

8) Open that folder and order by “Modified Date” as descending order

9) Collect your files according to occurrance time of your problem or issue. If you have a workspace opened by Microsoft and your file size are big , you can compress the files with a compression program.

Notes: IIS buffers the logs in memory for a while before write to the log file (until log buffer chuck size has reached its max size). If you want to catch latest records you may need to do an iisreset or open a command prompt and type  “netsh http flush logbuffer” (this command will provide http.sys to flush logs.)
to force iis write cached log chunk to log file. If you are searching for old records that “Modifed Date” earlier than last log date you dont need this operation.

Have a nice log hunting 🙂

Filed under Sharepoint 2010 Tagged with , , , , , , , ,

Older posts