SharePoint Configuration wizard failed at step 9

There are common issues appear when you run SharePoint Configuration wizard after updating or patching the servers and these issues always failed at step 9 and then failed with unclear error or reason.

To go around these issues try the following fixes:

  1. Try to restart the server and re-run SharePoint Configuration Wizard.
  2. Try to open the Diagnostics log and search for The object LDAP://CN=Microsoft SharePoint Products and if you found it then apply this fix
    https://blogs.msdn.microsoft.com/opal/2010/04/18/track-sharepoint-2010-installations-by-service-connection-point-ad-marker/
  3. Try to run Configuration Wizard from Powershell using this command
    Psconfig.exe -cmd upgrade -inplace b2b -wait -force
    because it will show the exception in obvious way
    For example
    3
    As you see , Exception “There was no endpoint …” then apply this fix
    http://sharepointviews.com/system-servicemodel-endpointnotfoundexception-psconfig-sharepoint-20102013/

 

Combining Client Scripts into a Composite Script could kill the website performance

It’s a good practice to reduce the number of files by combining them into one file using bundling to increase the website performance.

You can use <CompositeScript> which is a control in ASP.NET AJAX by placing all JavaScript files inside this tag as following:

03

But the issue with this way , that each time the page is loaded , bundling will occur at run time to combine these files into one file and this could affect the performance in case you have heavy load or visits in your websites.

I did a performance test against SharePoint website (10000 load test within 1 Min) using loader.io and the result was Scary.

Result #1: With using <CompositeScript>

It didn’t continuous because the Number of failed requests more than 50% of Success requests

01

Result #2:without using <CompositeScript>

The number of Success requests more than first test

02

Result #3: Bundling the files Manually into one file or using Web Essentials tool with Visual studio

The result , no comparison between this result and the previous results

03

So it’s good practice to bundle the files globally one time at the application start by code , manually or by using tools like Web Essentials

(This extension for Visual Studio 2012) https://visualstudiogallery.msdn.microsoft.com/07d54d12-7133-4e15-becb-6f451ea3bea6

(This extension for Visual Studio 2015)
https://visualstudiogallery.msdn.microsoft.com/ee6e6d8c-c837-41fb-886a-6b50ae2d06a2

 

Microsoft Advanced Threat Analytics

What is Microsoft Advanced Threat Analytics (ATA)?

ATA is an on-premises platform to identify advanced security attacks by automatically analyzing, learning, and identifying normal and abnormal entity behavior.

  • It is part of Microsoft Enterprise Mobility Suite
  • Help to detect attacks within a corporate network or especially for the compromised user credentials
  • Help to reduce the cost/damage of cybercrime
  • It’s extra layer of defense and you still need your other defenses like Firewall , IDS/IPS , Antivirus … etc
  • Help to find out the back-doors or botnet inside your network
  • Fast , Easy to install and No need to define rules with less false positives risks
  • Help to detect passive attacks before active attacks
  • ATA is based on UEBA
  • Does not affect existing network topology
  • It’s just listen and no extra traffic to introduce
  • Store data in MongoDB
  • Integrate with SIEM products seamlessly
  • Learn by behavoir and patterns and it doesn’t based on specific signature or common hacking tools

What is User and Entity Behavior (UEBA) ?

  • It’s a solution to monitor user behavior by using multiple data sources
  • Based on machine learning algorithms
  • Detect security breaches by evaluate the user activities

For example bank monitors your transactions behavior and if they see any suspicious transactions on your account then they will raise an alert , in the same way attacker can steal your account but it’s difficult to them to simulate your activities so ATA can address this situations.

UEBA has three components: data analytics , data integration and data presentation and result of these components to understand the normal/abnormal behavior and then identify the risks and take actions against them.

 

Good Resources for Microsoft Advanced Threat Analytics (ATA)

 

 

My experience with loader.io

https://loader.io  is a very simple and starter easy tool for stress testing which is cloud-based (Amazon’s US-east data center) by SendGrid Labs. You can use it for both performance or load test to measure how your application (or API) performs under pressure and to know if your application need scaling (up or out) servers or use caching …etc.

Some of features of this online tool:

  • Testing websites and API
  • Support automation
  • Has free plan for 10000 clients
  • Has add-on in Azure portal
  • Sharing result and statistics with others
  • Watch the test in the real time
  • Verification for legal use because there is other online services used for DDoS attacks

This tool support three types of testing:

  1. Clients per test

For example: 200 clients over 100 seconds will split up to 2 client connections per second (Ideal for performance test and here you will concern in the response time).

  1. Clients per second

For example: 20-second test with 1,000 clients per second is the same as a 20-second test at 20,000 clients per test (Ideal for performance test).

  1. Maintain client load

For example: If you specify 0 and 10,000, the test will start with 0 clients and increase up to 10,000 simultaneous clients by the end of the test (Ideal for load test).

Better to go with different test types to know how your website behave under different circumstances.

For more details, you can check this link http://support.loader.io/article/16-test-types

Also they have two plans:

01

Sign up for free plan but you need to verify your account (this is the first verification):

02Add your website host:

03

Again you need to verify if you own this host to prevent malicious attacks like DDoS:

04

Just download the file and copy it to the root of your website

For example http://%5BYour Domain]/loaderio-082ba4dd0e3b57dee160f21e7ecc6f63.txt

Then you can start new test…

Define the URLs to run test against them.

As the below image you can define GET/POST, define custom headers (mostly with API) and other parameters

05

Choose test types and defines the Number of users and duration:

06

And you can schedule it

07

Note

It’s only support Basic authentication which It is insecure authentication and mostly no one use it these days.

Run the test to see the test results:

Here we can see Number of (Successful responses) which return 200 HTTP Code and also Number of (Timeout) responses or Failed responses.

08

Here shows the average response times (blue) and the number of active clients (green)

11

The details graph shows details about:

  • Total requests made
  • Total responses received
  • Success responses (response codes under 400) – ideally all responses fall in this category
  • 400-level errors (response codes 400-499) – often these indicate authentication problems, something is missing, or a number of other problems.
  • 500-level errors (response codes 500-599) – generally application errors. Check your logs for error details
  • Timeouts – no data received for the timeout period (10 seconds by default)
  • Network errors – DNS resolution or TCP connection problems

10

Here you can see the size of Bandwidth sent/Received by loader.io

09

For more details about the Test Results http://support.loader.io/article/19-test-results