Updated – Maximizing SharePoint Security Whitepaper 2.0

I updated Maximizing SharePoint Security whitepaper with points and topics related to SharePoint 2016 as the following:

  • Added CIS SharePoint 2016 benchmark
  • Added New features of SharePoint 2016 which related to security like
    • Data Loss Prevention
    • Outgoing SMTP Encryption
    • TLS 1.2 support
    • Patching with Zero downtime
    • New changes for SharePoint 2016 service accounts

You can download the document from this URL https://gallery.technet.microsoft.com/Maximizing-SharePoint-cf7f7efc

Advertisements

SharePoint Search result Page throw Error for anonymous User

When anonymous user go to SharePoint search , he got an error with correlation id, when checked the logs I found the following error related to Security Token and SPContext:

Untitled2

To fix the issue, you have to change impersonate=”true” as it’s the default value in web.config:

</authentication>
<identity impersonate=”true” />

and to resolve custom code that need to use impersonate=”false”, run you code with evaluated privilege.

Install SharePoint 2016 Prerequisites Offline/Manually

Nothing new in installing SharePoint 2013/2016 prerequisites offline or manually and you can find many articles for how to do it like for example https://gallery.technet.microsoft.com/office/PreRequisites-for-7f719ff3  but here just some notes to be considered.

  1. You can install all SharePoint prerequisites manually except for Windows Server App Fabric, you need to install it using the following command:
    WindowsServerAppFabricSetup_x64.exe /i CacheClient,CachingService,CacheAdmin /gac
  2. Or by running the following command using  prerequisite installer
    prerequisiteinstaller.exe /AppFabric:path\appFabric1.1-RTM-KB2671763.exe
  3. To install .NET Framework manually, make sure to enable this policy Specify settings for optional component installation and component repair if you want to install it from the internet.
    Dism /online /enable-feature /featurename:NetFX3 /All
  4. Or to install it from the ISO windows server
    Dism /online /enable-feature /featurename:NetFX3 /All /Source:D:\sources\SxS /LimitAccess
  5. Install WcfDataServices by command:
    prerequisiteinstaller.exe /wcfdataservices56: WcfDataServices.exe location

Recommendations for Patching SharePoint 2016

According to Microsoft and other references, SharePoint patching has the following criteria:

  1.  SharePoint 2016 publish new Cumulative update for each month
  2. Always last cumulative update includes Feature 1 & Feature 2 of SharePoint 2016
  3. Start install update file start with “sts” which is the primary SharePoint update
  4. Then install the second file start with “wss” which is contains updates for all languages
  5. SharePoint does not require a specific order for servers to patch
  6. To patch SharePoint 2016 with zero downtime then you need to fulfill a specific condition, for more information
    https://technet.microsoft.com/en-us/library/mt743024(v=office.16).aspx
    https://blogs.technet.microsoft.com/stefan_gossner/2016/04/29/sharepoint-2016-zero-downtime-patching-demystified/
  7. SharePoint 2016 binaries, patches, and language packs include all the fixes are required for Project Server
  8. After applying the patching, run Configuration Wizard in each server or run this command
    psconfig -cmd upgrade -inplace b2b -wait -cmd applicationcontent -install -cmd installfeatures -cmd secureresources
  9. In case of issues, review the PSConfig and Upgrade log files
  10. To reduce the time of patching, make sure to stop these services: SharePoint Timer Service, SharePoint Search Service, SharePoint Search HostController Service and IIS
  11. SQL Server patching is separated from SharePoint patching
  12. Always check these sites for new updates and recommendations
    https://blogs.technet.microsoft.com/stefan_gossner/
    http://www.toddklindt.com/blog/Builds/SharePoint-2016-Builds.aspx
  13. Review Microsoft SharePoint update deployment cycle https://technet.microsoft.com/library/476d6a49-7263-4460-8e4c-28102fec1442(v=office.16).aspx#updateprocess

SharePoint 2016 Search Service in Arabic

This technical whitepaper describes how to configure search service for SharePoint Server in Arabic, in addition to what is the search components to be implemented.

لا يخفى على كثير من الناس أهمية المعلومات وكثرة مصادرها في حياتنا اليومية , بل إنك سوف تلاحظ أن جزء كبير من العمل اليومي الذي نقوم به الهدف منه هو البحث عن المعلومات سواء كانت هذه المعلومات داخل مستندات أو قواعد بيانات أو غير ذلك من المصادر , لذلك من المهم البحث عن المعلومات بشكل صحيح لأنه سيؤدي إلى حفظ  كثير من الوقت في إيجاد المعلومة بشكل سريع وفعال وأيضا الحصول على أفضل النتائج.

شركة مايكروسوفت كغيرها من الشركات التي أهتمت بمحركات البحث من حيث تطويرها وإدراجها داخل منتجاتها ومن ذلك بيئة الشيربوينت SharePoint حيث تم إدراج محرك البحث منذ أول إصدار للشيربوينت SharePoint عام 2001 حتى إصدارها الأخير للشيربوينت SharePoint 2016

You can download it from TechNet:

https://gallery.technet.microsoft.com/SharePoint-2016-Search-072fac65

SharePoint 2016 Multi-Lingual Sites in Arabic

This technical whitepaper describes how to configure variation for SharePoint Server 2016, in addition to what is the best practices to have mulit-lingual sites to be implemented.

تيح لك الشيربوينت إنشاء موقع متعدد اللغات بإستخدام عدة طرق سوف نشرحها في هذه الأوراق مع إنشاء بعض الأمثلة التي  تساعدنا على فهم هذه الطرق والتعرف على بعض الميزات وأيضا معرفة بعض القيود أو الأسباب التي تساعدنا على تحديد أي من الطرق المتاحة في الشيربوينت ستكون هي الأنسب أو الأفضل على حسب المتطلبات أو المعطيات التي تواجهنا عند إنشاء موقع متعدد اللغات.

You can download it from TechNet:

https://gallery.technet.microsoft.com/SharePoint-2016-Multi-293a59b4

 

SharePoint Server Troubleshooting

Before I point out list of points that help you in troubleshooting SharePoint Farm, consider Proactive actions which is acting before a situation becomes a source of confrontation or crisis.

  • Make sure to document SharePoint farm and know each server roles and their components
  • Always patching SharePoint farm to avoid any issues with planned downtime or Zero downtime
  • Build Testing farm to test the customization, changes and patching
  • Check monthly updates and security fixes for SharePoint https://blogs.technet.microsoft.com/stefan_gossner/
  • Monitor SharePoint Health Analyzer
  • Link SharePoint farm with Microsoft System Center Operations Manager SCOM

Untitled

  • Check and Review SharePoint ULS logs and trace errors and exceptions
  • Don’t forget Event Viewer Application and Operational Logs

Untitled

  • SQL Server and IIS also have logs and errors
  • Developer Dashboard good starter for performance issues

Tools to make SharePoint Admin life easier

These are common tools help SharePoint admin to manage and audit SharePoint farm easily.
1-AutoSPInstaller
Automated SharePoint 2010/2013/2016 PowerShell-based installation script.
https://github.com/brianlala/AutoSPInstaller
https://autospinstaller.com/
2-SharePoint Load Generation Tool
Load Generation Tool Visual Studio Template can be installed for Visual Studio 2013 Ultimate and Visual Studio 2015 Enterprise editions. The tool can be used to test load for SharePoint Server 2013 and SharePoint Server 2016 farms.
https://www.visualstudiogallery.msdn.microsoft.com/04d66805-034f-4f6b-9915-403009033263
https://marketplace.visualstudio.com/items?itemName=SharePointTemplates.SharePointLoadGenerationTool
3-SharePoint Feature Administration and Clean Up Tool
FeatureAdmin is a tool for SharePoint administrators and developers to manage SP features. It finds and cleans faulty FeatureDefinitions and orphaned reminders.
https://github.com/SharePointPog/FeatureAdmin
4-Windows PowerShell for SharePoint Command Builder Guide
Explore a free online tool that enables IT professionals and power users to visually assemble commands related to SharePoint 2010 / 2013 and Office 365
https://social.technet.microsoft.com/wiki/contents/articles/37770.windows-powershell-for-sharepoint-command-builder-guide.aspx
https://www.microsoft.com/resources/TechNet/en-us/Office/media/WindowsPowerShell/WindowsPowerShellCommandBuilder.html
5-ULS Viewer
ULS Viewer is a Windows application that provides a simplified view of ULS log files in SharePoint 2013
https://www.microsoft.com/en-us/download/details.aspx?id=44020
6-SPSFarmReport
SPSFarmReport is a scripted-tool that can be used to gather topology-related details from SharePoint farms.
https://github.com/jvijayw/SPSFarmReport
7-SPDocKit
Generate SharePoint Documentation, Manage Permissions & Compare Farms
https://www.spdockit.com/
8-SharePoint Manager
The SharePoint Manager 2013 is a SharePoint object model explorer. It enables you to browse every site on the local farm and view every property.
https://spm.codeplex.com/
9-Search Health Reports (SRx)
PowerShell-driven tool for surfacing complex diagnostics for SharePoint Search through new multifaceted reports. The SRx includes a battery of tests that leverage a customized SSA object extended with contextual data from many disparate sources.
https://blogs.msdn.microsoft.com/sharepoint_strategery/2016/02/01/announcing-the-search-health-reports-srx-for-sharepoint-search-diagnostics/

Points to consider when upgrading to SharePoint 2016

Before upgrading to SharePoint 2016, the below points will guide you to get efficient solution and to minimize the project risks.

Untitled

  • There is difference between upgrade and migrate where upgrade will take the whole database content but migrate will move the content only to the new farm
  • In general, if you have well-structured site, content and customization then go with upgrade else it’s better to migrate the content and start with fresh content database
  • You can only upgrade from SharePoint 2013 to SharePoint 2016 and if you have older version than SharePoint 2013 then you need to upgrade it to SharePoint 2013 before SharePoint 2016 or you can use third party tools
  • Build sold plan and strategy before upgrading by determines the current configuration, customization, dependencies and removed or deprecated services
  • List all SharePoint application services that could be upgraded or not
  • Test the content database and don’t ignore the issues
  • Testing is an iteration process and may repeated many times until you get stable status
  • Document every step and fix that will be found
  • Resolve content, missing web parts , orphans … in SharePoint 2013 and then upgrade it to SharePoint 2016
  • Make sure there is no 14 Mode sites before upgrade to SharePoint 2016
  • No Service pack or cumulative update required to upgrade from SharePoint 2013 to SharePoint 2016 but it’s recommended to have the last update
  • It is recommended to always migrate your Service Applications before you migrate your Web Applications and SharePoint sites
  • Make sure to have claim authentication before upgrade to SharePoint 2016 and avoid to use classic authentication
  • Delete and remove unused contents, services and customization before upgrade to SharePoint 2016

 

More References:

Error while running SharePoint Configuration Wizard 2013 – The process does not possess the ‘SeSecurityPrivilege’ privilege

While running SharePoint Configuration Wizard for SharePoint 2013, got the below error:

Untitled

Even if the SharePoint user used for installation (spAdmin) belong to local administrators group of SharePoint Servers, but because there is security group policy could cause this issue , you need to add this user to Manage auditing and security log policy (Browse to GPEDIT.msc Computer Config\Windows Settings\Security Settings\Local Polices\User Rights Assignement).

Note: Don’t forget to logout and login after applying the new policy.