SharePoint 2010 returns a 503-Service Unavailable HTTP status message after a system reboot and successful installation

During this week I was installing a new SharePoint infrastructure for one of my customers. The installation procedure went as expected and we were able to configure the complete environment using the central administration. However, after a reboot of the web front-end machine, IIS 7 returned a 503-Service Unavailable HTTP status message. SharePoint was not functioning anymore…

That meant… troubleshooting. You might imagine what I was thinking at this moment. The SharePoint logs didn’t tell me anything. I only noticed that the application pools of the central admin were stopped after the first hit on the web application. In addition, the Windows logs returned a Windows Process Activation Service (WAS) error. I started looking in every possible layer of SharePoint and after two hours I finally found an interesting article an article that described a similar issue.

In short, it may be the case that a domain group policy overrides an essential permission of the application pool accounts called “Log on as a batch job”. Without this permission, the application pool account is not able to run the application pool.

I was checking the local group policies of the web front-end and I finally found the problem. The application pool account was indeed not listed under the “Log on as batch job” policy. In addition, the farm administration account and all other service accounts that are running the SharePoint services were not listed in the “Log on as a service” policy. These policies were overridden the first time after the server restart with more restrictive domain policies.

The solution of the problem was simple now. It was only necessary to add all application pool accounts to the “Log on as batch job” domain policy and the service accounts (such as the farm administrator) to the “Log on as service” domain policy. After these changes, it was only necessary to force the policy upgrade on the web front-end by using the “gpudate /force” command. We checked again the local group policies and finally these reflected the settings that we needed. After a reboot of the web front-end, SharePoint was finally working as expected.

 

Hope this helps,

Patrick

The SharePoint Client Object Model Redistributable Release officially announced

The SharePoint Documentation team announced on its blog post on November, 18th the SharePoint Foundation 2010 Client Object Model Redistributable. This software package includes all assemblies that are necessary to develop SharePoint solutions based on the new Client Object Model.

This package is useful for all SharePoint developers that do not develop directly on the SharePoint Server 2010 and are normally looking for these assemblies on the server.

 

Br,

Patrick

SharePoint 2010: exploring the managed metadata service application

I’m going to explore with you in a new post series the exciting managed metadata service application that was introduced with the new version of SharePoint 2010 Standard and Enterprise.

Metadata is used to describe the items (document, calendar event, announcement, etc.) you are adding into SharePoint. You can extend an items description with metadata by creating new list or document library columns (attributes). This system abstraction lets you create any type of information that you are interested in.

The managed metadata service application in SharePoint 2010 can be used to collect terms farm wide and share them with one or more web applications. These terms can be controlled centrally by a small number of persons (taxonomy) or opened to more users (folksonomy). These term definitions (taxonomy or folksonomy terms) are shared across your web applications that are consuming the managed metadata service application in form of managed metadata columns and the tags features provided by the user profile service application.

Finally, the managed metadata service application provides you a new feature that permits to define enterprise wide content types. In SharePoint 2007 content types were bound to site collections. Now, you can define farm wide content types that are shared across multiple site collections and web applications. This is accomplished with the content type hub features.

The next posts that I’m going to write for this post series are (the links to this posts will be updated in the next weeks):

• How do I create a new managed metadata service application?
• Setting up a managed metadata service application to server one or more web applications
• How is the managed metadata term store organized?
• Creating the term store example with the term store management tool
• How do I manage my taxonomy in the term store management tool?
• Assigning a managed term set to a custom column
• How do I work with the Content Type Hub feature of the managed metadata service application?

If you are interested in getting more information about managed metadata, just start on digging deeper into this TechNet link.

 

Hope this helps,

Patrick

Troubles in accessing list data from SharePoint 2010 web services over SSL with SharePoint Designer 2010

a new day and a new story to tell about the interaction between SharePoint Designer 2010 and SharePoint 2010. I am currently working for a customer on a small SharePoint 2010 project that requires some minor modifications with SharePoint Designer 2010. The web application of my customer runs on SSL.

My aim in the last days was simply to connect to a list of a different site and read the list items on a page. Not a big deal, you might think…

At the beginning if my journey, I was looking for the old and missed option “Connect to another library” that we are to find in SharePoint Designer 2007. This operation helped use time ago in simply connecting to another list and using this list as data source for our data views. After a desperate search in the SharePoint Designer 2010 UI, I recognized that this option vanished. I did some research on the net and found a really interesting article explaining this and other enhancements of the new UI of SharePoint Designer 2010. If you want to connect to a list in 2010 manner, you have to create a SOAP connection that consumes the “_vti_bin/Lists.asmx” web service of your site. The blog post of Cizi gave me the necessary hints on how to accomplish this task.

Thinking that I finally managed to configure correctly my data source, I started in creating my data view web part on the new page. Unfortunately, this was not exactly my day… SharePoint Designer 2010 returned following exception:

The server returned a non-specific error when trying to get data from the data source. Check the format and content of your query and try again. If the problem persists, contact the server administrator.

As you might imagine, this level of detail did not help me finding out immediately the solution to this problem. The SharePoint logs, however, were precise enough to start a new search in internet:

An operation failed because the following certificate has validation errors:\n\nSubject Name: …. …. …. …. …. Errors:\n\n The root of the certificate chain is not a trusted root authority.

Do you remember what I told you before? My customer’s web application run on SSL. The exception of the log and this fact led me to an interesting article explaining the solution of a similar problem and that SharePoint has its own list of trusted CA’s. And watch out… this list of trusted CA’s is not the same as the list of the operating system. The issues vanished as the correct CA was added in the SharePoint 2010 central administration.

After further research, I got a link that is describing exactly the same situation I had the last days. You can find a detailed explanation of everything on this blog post.

 

Hope this helps,

Patrick

Client object model: Loading all users from the User Information List

recently I’m playing around with the SharePoint 2010 client object model for a small project that I will share with you in the next couple of weeks. I’m fascinated from the power of this client API and what you can do. Lately, I tried to retrieve user information of my user SharePoint site’s user accounts from the “User Information List” of my test SharePoint site. A nice explanation what this user information list is can be found on Tobias Zimmergren’s blog post. This code snippet shows you how to load only the users from this user information list.

ClientContext context = new ClientContext("YourSiteUrl");

List userList = context.Web.SiteUserInfoList;
context.Load(userList);
CamlQuery query = new CamlQuery();
query.ViewXml = "<View><Query><Where><Eq><FieldRef Name='ContentType'/><Value Type='Text'>Person</Value></Eq></Where></Query></View>";
ListItemCollection collection = userList.GetItems(query);
context.Load(collection, pj => pj.Include(p => p["Name"], p=> p.ContentType));
context.ExecuteQuery();

foreach (ListItem item in collection)
{
  Console.WriteLine(item["Name"] + " " + item.ContentType.Name);
}

First, the code above prepares the “SiteUserInfoList” list on line 3-4. Then, a CAML query is created that is going to restrict the returned items to the user accounts, filtering out all groups stored in the list. In addition, line 8 restricts the returned fields of the result set by specifying only the name and content type. Finally, at line 9, the query is executed and the desired data is returned in the ListItemCollection.

Please note: you must be SharePoint site admin to access this list like that

Hope this helps,
Patrick