Prettify Your SharePoint Access Denied Page!

In one of my recent engagements, I had to customize the default "Access Denied" page in SharePoint 2010. I tried to be creative - therefore, I created a brand new SharePoint 2010's "Access Denied" page that provides a "friendly" message with a "friendly" graphic to be user-friendly. Below is the screenshot of the "Access Denied" custom layouts page I created:

I kept all existing hyperlinks that exist in the default "Access Denied" page. In addition, I created a hyperlink that can allow users to click to automatically send an email to SharePoint support. My hyperlink will open an outlook with pre-populated subject and body with dynamically generated text values.

Try today!

If you have done similar or just have a better, creative idea, please share!

SharePoint 2013: My Tasks Not Updating

SharePoint 2013: My Tasks Not Updating

Seen the following error messages?

• Sorry, we’re having trouble refreshing your tasks
• Last updated at 1/1/1901 12:00 AM

If you are using a dedicated service account for your My Site hosting web application pool identity and Work Management Service, then you will need to do more than just creating a Work Management Service Application and starting the service.

Let's suppose that we have the following service accounts:

• Work Management Service (honggyem\spworkmgmt)
• User Profile Service (honggyem\spupssvc)
• Intranet (or primary) Web Application Pool Identity (honggyem\spwebapp1)
• My Site Host Web Application Pool Identity (honggyem\spwebapp2)

If you have created User Profile Service and My Site Web Application correctly, you should have correct permissions granted to the farm account, web application pool identity 1 and 2. Since your Work Management Service account is a separate service account, all you need to do is to add that account to the User Profile Service Application's Permissions list as shown below:


Once the above is configured as shown, your aggregated My Tasks in SharePoint 2013 will start functioning. Hope this helps and comment if you are struggling!

Post SharePoint 2013 Configuration PowerShell Script

Post SharePoint 2013 Configuration PowerShell Script

Whenever I deploy SharePoint 2013, I always use a dedicated service account for any service I configure or start. The idea is that you have each service account configured with minimum privileges granted for its purpose only and such setup will help you understand where your SharePoint environment fails in case of any error. I use the below PowerShell script more than anything every time I configure SharePoint 2013. This script will allow you to grant required database access to your web application content database(s). If you have more service applications or if you have more web applications, you will need to make slight modifications to the script. With no further introduction, I will share my script.


$urls = "http://intranet.honggyem.com","http://mysite.honggyem.com"
$superuser = "honggyem\spsuperuser"
$superreader = "honggyem\spsuperreader"
$intranetapppoolid = "honggyem\spwebapp1"
$mysiteapppoolid = "honggyem\spwebapp2"
$performancepointaccount = "honggyem\spppoint"
$accessserviceaccount = "honggyem\spaccess"
$excelserviceaccount = "honggyem\spexcel"
$visioserviceaccount = "honggyem\spvisio"
$bcsserviceaccount = "honggyem\spbcs"
$appmgmtserviceaccount = "honggyem\spappmgmt"
$workmgmtserviceaccount = "honggyem\spworkmgmt"
$count = 1
(Measure-Command {
 foreach ($url in $urls) {
  $w = Get-SPWebApplication -Identity $url
  $w.Properties["portalsuperuseraccount"] = $superuser
  $w.Properties["portalsuperreaderaccount"] = $superreader
  $w.Update()
  write-host $count "- SP Web Application Name:" $w.Name
  write-host "......Superuser account:" $w.Properties["portalsuperuseraccount"]
  write-host "......Superreader account:" $w.Properties["portalsuperreaderaccount"]

  $w.GrantAccessToProcessIdentity($intranetapppoolid)
  write-host "......Intranet Application Pool Identity account:" $intranetapppoolid

  $w.GrantAccessToProcessIdentity($mysiteapppoolid)
  write-host "......My Site Application Pool Identity account:" $mysiteapppoolid
  $w.GrantAccessToProcessIdentity($performancepointaccount)
  write-host "......PerformancePoint Service account:" $performancepointaccount
  $w.GrantAccessToProcessIdentity($accessserviceaccount)
  write-host "......Access Service account:" $accessserviceaccount
  $w.GrantAccessToProcessIdentity($excelserviceaccount)
  write-host "......Excel Service account:" $excelserviceaccount
  $w.GrantAccessToProcessIdentity($visioserviceaccount)
  write-host "......Visio Service account:" $visioserviceaccount
  $w.GrantAccessToProcessIdentity($bcsserviceaccount)
  write-host "......Business Connectivity Service account:" $bcsserviceaccount
  $w.GrantAccessToProcessIdentity($appmgmtserviceaccount)
  write-host "......App Management Service account:" $appmgmtserviceaccount
  $w.GrantAccessToProcessIdentity($workmgmtserviceaccount)
  write-host "......Work Management Service account:" $workmgmtserviceaccount
  $count++
  }
 }
)

Save the above as a .ps1 file such as GrantAccessToProcessIdentityForServiceAppsForSP2013.ps1 for your convenience. When you execute, make sure you are:

1. a farm administrator
2. a sysadmin in SharePoint DB server
3. logged into a SharePoint server and open the SharePoint PowerShell with "Run As Administrator"

Comment if you have any question or would like to know anything more in detail.

User Profile Service Application with Forefront Identity Manager Event ID 3 in SharePoint 2010

One of my SharePoint 2010 environment started to throwing a bunch of errors at one point regarding Forefront Identity Manager (Event ID 3). The error message is as followed:


Log Name:      Application
Source:        Forefront Identity Manager
Date:          9/29/2010 2:13:35 AM
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      [SP_server].[domain].com
Description:
Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.Workflow.Hosting.WorkflowManagerException: Forefront Identity Management Service does not support workflows of type 'Microsoft.ResourceManagement.Workflow.Activities.SequentialWorkflow, Microsoft.ResourceManagement, Version=4.0.2450.5, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.
   at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.ActivateHost(ResourceManagementWorkflowDefinition workflowDefinition)
   at Microsoft.ResourceManagement.Workflow.Hosting.WorkflowManager.StartWorkflowInstance(Guid workflowInstanceIdentifier, KeyValuePair`2[] additionalParameters)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Forefront Identity Manager" />
    <EventID Qualifiers="0">3</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-09-29T07:13:35.000000000Z" />
    <EventRecordID>69280</EventRecordID>
    <Channel>Application</Channel>
    <Computer>[SP_server].[domain].com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Microsoft.ResourceManagement.Service: Microsoft.ResourceManagement.Workflow.Hosting.WorkflowManagerException: Forefront Identity Management Service does not support workflows of type 'Microsoft.ResourceManagement.Workflow.Activities.SequentialWorkflow, Microsoft.ResourceManagement, Version=4.0.2450.5, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.
   at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.ActivateHost(ResourceManagementWorkflowDefinition workflowDefinition)
   at Microsoft.ResourceManagement.Workflow.Hosting.WorkflowManager.StartWorkflowInstance(Guid workflowInstanceIdentifier, KeyValuePair`2[] additionalParameters)</Data>
  </EventData>
</Event>


Locating the problem....Just like other people, I have searched everywhere to identify the real problem but most of the people were having a problem during trying to get the User Profile Service Sychronization job started. My issue was different from these because my environment was perfectly working fine without any issue. After I got this error, I went back and traced what was done to the SharePoint servers. I realized that I downloaded SharePoint 2010 Auguest 2010 Cumulative Update (CU) and ever since both CUs for Foundation and Server 2010 have been successfully installed, I started getting the error messges.


Solving the problem.....So, I created a farm backup and tried deleteing a SA for User Profile Service and re-created it. If you have My Sites created by your end-users, the My Sites will not be accessible until you re-create the SA (and don't worry, all contents in My Sites will still remain the same even though they look like they are gone). You should also expect that any profile edits made by individuals on their My Profile will be wiped out. After I re-created the SA for the User Profile Service, my error messages gone and my server shows no error. If you run into this similar problem and have a trouble getting the User Profile Service re-created or re-configured, please leave a comment! Good luck!