itramblings

Ramblings from an IT manager and long time developer.

By

AD Domain Join Ubuntu with DNS update

Here are a couple of useful articles to help with this task

Key Steps

 

By

Configure the NTP Server on Windows Server 2016

Copied from https://www.ceos3c.com/2017/07/06/configure-ntp-server-windows-server-2016/

We will use PowerShell to change the NTP Server and we will validate if it worked afterwards.

Configure the NTP Server on Windows Server 2016

On your Windows Server 2016 hit the Windows Button and type: PowerShell and right-click it and select Run as Administrator

Type the following commands

  • w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:MANUAL
  • Stop-Service w32time
  • Start-Service w32time

Of course, you can take any NTP Server that you want.

Now verify if the time-server was set correctly on your Server 2016 by typing:

  • w32tm /query /status

You should get a reply like this:

Now we will go ahead and verify if our clients sync properly.

 

Verifying if the Time Server was correctly set on our Clients

On a client computer open a PowerShell with right-click and Run as Administrator….

Type:

  • w32tm /query /status

Check the time-server and type:

  • w32tm /resync
  • w32tm /query /status

Then you are able to see that the time-server actually changed like in the example below.

And that’s it! Easy, right?

Always make sure that you use the same time-server in your network and that all your clients are syncing from it. If you have time differences inside of your Active Directory Domain you will run into major issues.

By

Troubleshooting 502 Errors in ARR

Taken from here: https://docs.microsoft.com/en-us/iis/extensions/troubleshooting-application-request-routing/troubleshooting-502-errors-in-arr

Troubleshooting 502 Errors in ARR

by Richard Marr

Tools Used in this Troubleshooter:

  • IIS Failed Request Tracing
  • Network Monitor
  • Winhttp Tracing

This material is provided for informational purposes only. Microsoft makes no warranties, express or implied.

HTTP 502 – Overview

When working with IIS Application Request Routing (ARR) deployments, one of the errors that you may see is “HTTP 502 – Bad Gateway”. The 502.3 error means that – while acting as a proxy – ARR was unable to complete the request to the upstream server and send a response back to the client. This can happen for multiple reasons – for example: failure to connect to the server, no response from the server, or the server took too long to respond (time out). If you are able to reproduce the error by browsing the web farm from the controller, and detailed errors are enabled on the server, you may see an error similar to the following:

Click to Expand

Figure 1 (Click image to expand)

The root cause of the error will determine the actions you should take to resolve the issue.

502.3 Timeout Errors

The error code in the screenshot above is significant because it contains the return code from WinHTTP, which is what ARR uses to proxy the request and identifies the reason for the failure.

You can decode the error code with a tool like err.exe. In this example, the error code maps to ERROR_WINHTTP_TIMEOUT. You can also find this information in the IIS logs for the associated website on the ARR controller. The following is an excerpt from the IIS log entry for the 502.3 error, with most of the fields trimmed for readability:

sc-status sc-substatus sc-win32-status time-taken
502 3 12002 29889

The win32 status 12002 maps to the same ERROR_WINHTTP_TIMEOUT error reported in the error page.

What exactly timed-out?

We investigate this a bit further by enabling Failed Request Tracing on the IIS server. The first thing we can see in the failed request trace log is where the request was sent to in the ARR_SERVER_ROUTED event. The second item I have highlighted is what you can use to track the request on the target server, the X-ARR-LOG-ID. This will help if you are tracing the target or destination of the HTTP request:

77. ARR_SERVER_ROUTED RoutingReason=”LoadBalancing”, Server=”192.168.0.216″, State=”Active”, TotalRequests=”3″, FailedRequests=”2″, CurrentRequests=”1″, BytesSent=”648″, BytesReceived=”0″, ResponseTime=”15225″ 16:50:21.033
78. GENERAL_SET_REQUEST_HEADER HeaderName=”Max-Forwards”, HeaderValue=”10″, Replace=”true” 16:50:21.033
79. GENERAL_SET_REQUEST_HEADER HeaderName=”X-Forwarded-For”, HeaderValue=”192.168.0.204:49247″, Replace=”true” 16:50:21.033
80. GENERAL_SET_REQUEST_HEADER HeaderName=”X-ARR-SSL”, HeaderValue=””, Replace=”true” 16:50:21.033
81. GENERAL_SET_REQUEST_HEADER HeaderName=”X-ARR-ClientCert”, HeaderValue=””, Replace=”true” 16:50:21.033
82. GENERAL_SET_REQUEST_HEADER HeaderName=”X-ARR-LOG-ID”, HeaderValue=”dbf06c50-adb0-4141-8c04-20bc2f193a61″, Replace=”true” 16:50:21.033
83. GENERAL_SET_REQUEST_HEADER HeaderName=”Connection”, HeaderValue=””, Replace=”true” 16:50:21.033

The following example shows how this might look on the target server\’s Failed Request Tracing logs; you can validate that you have found the correct request by matching up the “X-ARR-LOG_ID” values in both traces.

185. GENERAL_REQUEST_HEADERS Headers=”Connection: Keep-Alive Content-Length: 0 Accept: */* Accept-Encoding: gzip, deflate Accept-Language: en-US Host: test Max-Forwards: 10 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0) X-Original-URL: /time/ X-Forwarded-For: 192.168.0.204:49247 X-ARR-LOG-ID: dbf06c50-adb0-4141-8c04-20bc2f193a61
345. GENERAL_FLUSH_RESPONSE_END BytesSent=”0″, ErrorCode=”An operation was attempted on a nonexistent network connection. (0x800704cd)” 16:51:06.240

In the above example, we can see that the ARR server disconnected before the HTTP response was sent. The timestamp for GENERAL_FLUSH_RESPONSE_END can be used as a rough guide to find the corresponding entry in the IIS logs on the destination server.

date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username sc-status sc-substatus sc-win32-status time-taken
2011-07-18 16:51:06 92.168.0.216 GET /time/ - 80 - 200 0 64 45208

Note that IIS on the destination server logged an HTTP 200 status code, indicating that the request completed successfully. Also note that the win32 status has changed to 64, which maps to ERROR_NETNAME_DELETED. This generally indicates that the client (ARR being the \’client\’ in this case) had disconnected before the request completed.

What happened?

Only the ARR server is reporting a timeout, so that is where we should look first.

In the IIS log entry from the ARR server, we can see that the time-taken is very close to 30 seconds, but the member server log shows that it took 45 seconds (45208 ms) to send the response. This suggests that ARR is timing the request out, and if we check the proxy timeout in the server farm\’s proxy settings, we will see that it is set to 30 seconds by default.

So in this case we can clearly see that the ARR timeout was shorter than the execution of the request. Therefore, you would want to investigate whether this execution time was normal or whether you would need to look at why the request was taking longer than expected. If this execution time was expected and normal, increasing the ARR timeout should resolve the error.

Other possible reasons for ERROR_WINHTTP_TIMEOUT include:

  • ResolveTimeout: This occurs if name resolution takes longer than the specified timeout period.
  • ConnectTimeout: This occurs if it takes longer than the specified timeout period to connect to the server after the name resolved.
  • SendTimeout: If sending a request takes longer than this time-out value, the send operation is canceled.
  • ReceiveTimeout: If a response takes longer than this time-out value, the request is canceled.

Looking at the first two examples, ResolveTimeout and ConnectTimeout, the troubleshooting methodology outlined above would not work. This is because you would not see any traffic on the target server and therefore would not know the error code. Thus in this case of ResolveTimeout or ConnectTimeout you would want to capture a WinHTTP trace for additional insight. See the WinHTTP/WEBIO Tracing section of this troubleshooter as well as the following blogs for additional examples on troubleshooting and tracing:

502.3 Connection Termination Errors

502.3 errors are also returned when the connection between ARR and the member server is disconnected mid-stream. To test this type of problem, create a simple .aspx page that calls Response.Close(). In the following example there is a directory called “time” which is configured with a simple aspx page as the default document of that directory. When browsing to the directory, ARR will display this error:

Click to Expand

Figure 2 (Click image to expand)

The error 0x80072efe corresponds to ERROR_INTERNET_CONNECTION_ABORTED. The request can be traced to the server that actually processed it using the same steps used earlier in this troubleshooter, with one exception; while Failed Request Tracing on the destination server shows the request was processed on the server, the associated log entry does not appear in the IIS logs. Instead, this request is logged in the HTTPERR log as follows:

HTTP/1.1 GET /time/ - 1 Connection_Dropped DefaultAppPool

The built-in logs on the destination server do not provide any additional information about the problem, so the next step would be to gather a network trace from the ARR server. In the example above, the .aspx page called Response.Close() without returning any data. Viewing this in a network trace would show that a Connection: close HTTP header was coming from the destination server. With this information you could now start an investigation into why the Connection: close header was sent.

The error below is another example of an invalid response from the member server:

Click to Expand

Figure 3 (Click image to expand)

In this example, ARR started to receive data from the client but something went wrong while reading the request entity body. This results in the 0x80072f78 error code being returned. To investigate further, use Network Monitor on the member server to get a network trace of the problem. This particular error example was created by calling Response.Close() in the ASP.net page after sending part of the response and then calling Response.Flush(). If the traffic between the ARR server and the member servers is over SSL, then WinHTTP tracing on Windows Server 2008 or WebIO tracing on Windows Server 2008 R2 may provide additional information. WebIO tracing is described later in this troubleshooter.

502.4 No appropriate server could be found to route the request

The HTTP 502.4 error with an associated error code of 0x00000000 generally indicates that all the members of the farm are either offline, or otherwise unreachable.

Click to Expand

Figure 4 (Click image to expand)

The first step is to verify that the member servers are actually online. To check this, go to the “servers” node under the farm in the IIS Manager.

Click to Expand

Figure 5 (Click image to expand)

Servers that are offline can be brought back online by right-clicking on the server name and choosing “Add to Load Balancing”. If you cannot bring the servers back online, verify the member servers are reachable from the ARR server. The “trace Messages” pane on the “servers” page may also provide some clues about the problem. If you are using Web Farm Framework (WFF) 2.0, you may receive this error if the application pool restarts. You will need to restart the Web Farm Service to recover.

WinHTTP/WebIO Tracing

Usually, Network Monitor will provide you with the information you need to identify exactly what is timing out, however there are times (such as when the traffic is SSL encrypted) that you will need to try a different approach. On Windows 7 and Windows Server 2008R2 you can enable WinHTTP tracing using the netsh tool by running the following command from an administrative command prompt:

netsh trace start scenario=internetclient capture=yes persistent=no level=verbose tracefile=c:\temp\net.etl

Then, reproduce the problem. Once the problem is reproduced, stop the tracing by running the following command from the command prompt:

netsh trace stop

The stop command will take a few seconds to finish. When it is done, you will find a net.etl file and a net.cab file in C:\temp. The .cab file contains event logs and additional data that may prove helpful in analyzing the .etl file.

To analyze the log, open it in Netmon 3.4 or later. Make sure you have set up your parser profile as described here. Scroll through the trace until you find the w3wp.exe instance where ARR is running by correlating with the “UT process name” column. Right click on w3wp and choose “Add UT Process name to display filter”. This will set the display filter similar to:

 UTProcessName == "w3wp.exe (1432)

You can further filter the results by changing it to the following:

UTProcessName == "w3wp.exe ()" AND ProtocolName == "WINHTTP_MicrosoftWindowsWinHttp"
You will need to scroll through the output until you find the timeout error. In the example below, a request timed out because it took more than 30 seconds (ARR\'s default timeout) to run.
336 2:32:22 PM 7/22/2011 32.6380453 w3wp.exe (1432) WINHTTP_MicrosoftWindowsWinHttp WINHTTP_MicrosoftWindowsWinHttp:12:32:23.123 ::sys-recver starts in _INIT state
337 2:32:22 PM 7/22/2011 32.6380489 w3wp.exe (1432) WINHTTP_MicrosoftWindowsWinHttp WINHTTP_MicrosoftWindowsWinHttp:12:32:23.123 ::current thread is not impersonating
340 2:32:22 PM 7/22/2011 32.6380584 w3wp.exe (1432) WINHTTP_MicrosoftWindowsWinHttp WINHTTP_MicrosoftWindowsWinHttp:12:32:23.123 ::sys-recver processing WebReceiveHttpResponse completion (error-cdoe = ? (0x5b4), overlapped = 003728F0))
341 2:32:22 PM 7/22/2011 32.6380606 w3wp.exe (1432) WINHTTP_MicrosoftWindowsWinHttp WINHTTP_MicrosoftWindowsWinHttp:12:32:23.123 ::sys-recver failed to receive headers; error = ? (1460)
342 2:32:22 PM 7/22/2011 32.6380800 w3wp.exe (1432) WINHTTP_MicrosoftWindowsWinHttp WINHTTP_MicrosoftWindowsWinHttp:12:32:23.123 ::ERROR_WINHTTP_FROM_WIN32 mapped (?) 1460 to (ERROR_WINHTTP_TIMEOUT) 12002
343 2:32:22 PM 7/22/2011 32.6380829 w3wp.exe (1432) WINHTTP_MicrosoftWindowsWinHttp WINHTTP_MicrosoftWindowsWinHttp:12:32:23.123 ::sys-recver returning ERROR_WINHTTP_TIMEOUT (12002) from RecvResponse()
344 2:32:22 PM 7/22/2011 32.6380862 w3wp.exe (1432) WINHTTP_MicrosoftWindowsWinHttp WINHTTP_MicrosoftWindowsWinHttp:12:32:23.123 ::sys-req completes recv-headers inline (sync); error = ERROR_WINHTTP_TIMEOUT (12002)

In this next example, the content server was completely offline:

42 2:26:39 PM 7/22/2011 18.9279133 WINHTTP_MicrosoftWindowsWinHttp WINHTTP_MicrosoftWindowsWinHttp:12:26:39.704 ::WinHttpReceiveResponse(0x11d23d0, 0x0) {WINHTTP_MicrosoftWindowsWinHttp:4, NetEvent:3}
43 2:26:39 PM 7/22/2011 18.9279633 WINHTTP_MicrosoftWindowsWinHttp WINHTTP_MicrosoftWindowsWinHttp:12:26:39.704 ::sys-recver starts in _INIT state {WINHTTP_MicrosoftWindowsWinHttp:4, NetEvent:3}
44 2:26:39 PM 7/22/2011 18.9280469 WINHTTP_MicrosoftWindowsWinHttp WINHTTP_MicrosoftWindowsWinHttp:12:26:39.704 ::current thread is not impersonating {WINHTTP_MicrosoftWindowsWinHttp:4, NetEvent:3}
45 2:26:39 PM 7/22/2011 18.9280776 WINHTTP_MicrosoftWindowsWinHttp WINHTTP_MicrosoftWindowsWinHttp:12:26:39.704 ::sys-recver processing WebReceiveHttpResponse completion (error-cdoe = WSAETIMEDOUT (0x274c), overlapped = 003728F0)) {WINHTTP_MicrosoftWindowsWinHttp:4, NetEvent:3}
46 2:26:39 PM 7/22/2011 18.9280802 WINHTTP_MicrosoftWindowsWinHttp WINHTTP_MicrosoftWindowsWinHttp:12:26:39.704 ::sys-recver failed to receive headers; error = WSAETIMEDOUT (10060) {WINHTTP_MicrosoftWindowsWinHttp:4, NetEvent:3}
47 2:26:39 PM 7/22/2011 18.9280926 WINHTTP_MicrosoftWindowsWinHttp WINHTTP_MicrosoftWindowsWinHttp:12:26:39.704 ::ERROR_WINHTTP_FROM_WIN32 mapped (WSAETIMEDOUT) 10060 to (ERROR_WINHTTP_TIMEOUT) 12002 {WINHTTP_MicrosoftWindowsWinHttp:4, NetEvent:3}
48 2:26:39 PM 7/22/2011 18.9280955 WINHTTP_MicrosoftWindowsWinHttp WINHTTP_MicrosoftWindowsWinHttp:12:26:39.704 ::sys-recver returning ERROR_WINHTTP_TIMEOUT (12002) from RecvResponse() {WINHTTP_MicrosoftWindowsWinHttp:4, NetEvent:3}

Other Resources

By

Project 2013 and Project Server 2013 Training Links

Microsoft
Training Links

 

Project
2013 training for IT pros and developers

General Link: http://technet.microsoft.com/en-us/office/dn756399

Development Links

Administration Links:

 

Quick
Videos from Books 24×7

Books

Project Server Conference 2014

Channel 9 link: http://channel9.msdn.com/events/Project/2014

Interesting Development related
videos (I have not validated any of them yet)

White Papeters

General Information

 

By

Office 365 – Single Sign-On for SharePoint, Skydrive, CRM, etc. via Smart Links

Office 365 – Single Sign-On for SharePoint, Skydrive, CRM, etc. via Smart Links

 

Synopsis: One of the biggest problems I have seen
with Office 365 is ease in accessibility to all of the Office365
resources.  As pointed out on many of the Microsoft forums, SharePoint,
CRM, Skydrive, etc. do not automatically complete a single-sign on
request when browsing the website.

Problem: When a user
browses https://mydomain.sharepoint.com for example, the user is
prompted to enter in their email address.  What a user expects is that
they should automatically be logged in and see sharepoint when
navigating to https://mydomain.sharepoint.com  Additionally, for
whatever reason, users cannot remember the website address to
https://mydomain.sharepoint.com  Instead, they want to do something like
http://sharepoint.mydomain.com

Solution: Create name branded “fancy URLs” that will complete an idp claim to give the user a true SSO experience.

  • http://owa.mydomain.com
  • http://sharepoint.mydomain.com
  • http://skydrive.mydomain.com
  • http://crm.mydomain.com

Solution:

  1. Open up Internet Explorer
  2. Navigate to https://mydomain.sharepoint.com
    Sign into Office 365
  3. Press F12 to open up the developer tools console (I am running IE
    11, the console looks way different than previous versions of IE)
    Sign into Office 365 - Developer Console
  4. Scroll down and select the icon that looks like a little WiFi antenna
    Sign into Office 365 - Developer Console - Network
  5. Click the green play button
    Sign into Office 365 - Developer Console - Network - Start Capture
  6. Type in your email address as you would to login to sharepoint (myusername@mydomain.com)
  7. You should be redirected to your ADFS server and inside the network
    console, you should see a link like
    https://sts.mydomain.com/adfs/ls/?………………  Copy this link into notepad.
    Office 365 - Federated URL
  8. Remove the extra stuff from the debug console
    Before
    Office 365 - Federated URL - Notepad

    After
    Office 365 - Federated URL - Cleaned - Notepad
  9. Remove everything from cbcxt=….. to wa=wsignin1.0
    Office 365 - Federated URL - cbcxt removed
  10. Remove the ct%3D1386214464%26 and bk%3D1386214464%26 parameters
    Office 365 - Federated URL - ct and bk removed
  11. Next, open up another new notepad document named index.html and paste the following text into it
    1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>
      <title>CRM</title>
      <meta http-equiv=”refresh” content=”0; url=https://sts.mydomain.com link goes here” /></head>

      <body>

      </body>
      </html>
      Redirect to URL template

  12. Replace https://sts.mydomain.com link goes here with your new smart link and save the document.
    Redirect to federated URL
  13. Upload the index.html file to one of your your webservers
  14. Create a new A record called sharepoint.mydomain.com pointing to your webserver
  15. Now when a user browses http://sharepoint.mydomain.com, the user
    will automatically be redirected to your secure ADFS Proxy and
    authenticate automatically.

You will need to repeat the steps above for each of the Office 365
products your company uses.  The federated addresses do change, so you
will have to follow all of the steps over again for each Smart Link you
wish to create.

NOTES:
Here is an official article on creating smart links: http://community.office365.com/en-us/wikis/sso/using-smart-links-or-idp-initiated-authentication-with-office-365.aspx

By

ColdFusion Manual Configuration & Issues with TCP ports 51011, 51010 and 51800 on IIS and Apache

Great post on configuring ColdFusion 7 on Server 2008 R2 here

By

Cisco AnyConnect

Cisco AnyConnect is an SSL VPN client that provides reliable and easy-to-deploy encrypted (SSL) network connectivity for Windows.

Typically, the Cisco AnyConnect client would be downloaded from the VPN site, but the version currently available from that location is not compatible with current versions of Windows 7 and Windows 8 and will not function properly due to Microsoft Windows security updates.

Note: Remember to verify you are running the most recent version of java (java.com)

Download Link

AnyConnect-3.1.02026

By

ULS Logs and the ULSViewer

u might have stumbled across this blog entry when looking for information on the ULS. If that is the case, while I will not
go into great detail on the ULS I can at least tell you that it stands for stands for Unified Logging Service and is a corner
stone of SharePoint troubleshooting and it is the first place I recommend looking at to start tracking down the details of any
errors you might be encountering. If you are looking for a decent article on the ULS I’d recommend checking out the general
MSDN article that gives a general
overview.

Now, assuming that you have at least a basic understanding of the ULS and where the files can be found (default is the
“SharePoint HIVE”Logs folder). If you open one of the files up, I am willing to bet that you would find yourself wondering
how on earth you can make heads or tails of the information stored in the file and if you have a large farm, how you can pull
it all together so you can track down any issues quickly and more efficiently. Well you are in luck as one of the better tools
out there is free, full of features, and rather easy to use. This tool is called the ULSViewer and can be downloaded from
here or
here.

ULSViewer can be used in different modes. The log can be read from log files, real time ULS log, from multiple servers, or
even from the clipboard. Here’s some examples:

On a machine running SharePoint 2010, run ULS Viewer. Click File, Open From, then choose ULS (This could also be done by
simply press Ctrl+U).


clip_image001

Immediately the logs will be shown in real-time. From here you can do things like filter by message level by click the icons
in the of the tool bar


clip_image002

You can ask set filters based on what you are looking for (error message, correlation id, etc). You can do this by clicking
on the “filter” icon in the tool bar and then defining 1 or more filters.


clip_image003


clip_image004

Note: One of the great things you can also do is save filters and reuse them. I find that I have a number of filters that I
use over and over and this helps save a lot of time!

Another feature that I find really handy is the “Toggle Correlation Tree” button.


clip_image005


clip_image006
When you click on this it opens up a side panel that can show you a list of all of the correlation ids and when you click
on one of those nodes you immediately see the main area filters to show only the log entries related to that single correlation
id.

The reason why this is so useful is because in SharePoint we use correlation ids to trace a series of events that occurred
at once (like a transaction).

For example if you look at the screenshot below you’ll see that I selected the correlation id
‘ce44ed9c-e3b3-c0ad-3409-5e8c8d8d317f’ and this one appears to be related to a UserProfileImport Sync job.


clip_image007

If you’re running this on a development machine or are trying to track down an error that doesn’t happen regularly
another good feature is the notifications. You can enable notification by level in side of ULS Viewer (by default it will pop
up notification for Critical message). For example in this screenshot, when Health Analyzer checked my machine for a security
rule, it wrote a critical message into the log. With ULS Viewer, you can quickly identify the location of the message. If
there’s an exception, you can also check the detail of that.


clip_image008

Another great feature is the ability to open up multiple ULS logs from different servers. So if you have a 4 or 5 server
farm, you could either review each log individually or you could open them up as a “FARM” and let ULSView take over the
complicated work of combining the log files into a single view. You can do this either from the tool bar by clicking on the
“farm” icon or by going to File -> Open From -> Farm (Ctrl+ R)

Farm Icon


clip_image009

File -> Open From


clip_image010

Which then opens this dialog


clip_image011

From here you can add all of your servers (NetBios, FQDN, or IP addresses work just fine) and then specify a share that is
available on ALL of the servers list.

Tip: The SAME share must be available on all servers for this to work. I normally create a standard share on all of my
SharePoint servers called “UlsLogs” and grant read only access to the development and operations teams.

Also another useful feature is that once you have configure ULSView for your environment (include what servers/files are
being monitored), you can save everything to a “workspace”. This workspace can be shared with others and opened at any
time. This provides a very quick way to start viewing a farm.


clip_image012

Tip: I usually create one workspace per environment and share what with the development and operations team.

By

Project Server and Synchronizing Users to Project Sites

Original post found here

This blog post looks at some slight behavior differences between Project Server 2010 and Project Server 2013 regarding user synchronization to project sites.  One key part of this change should be taken into account when migrating – as there is one 2010 setting that no longer has UI to change it – and if it is disabled before migration it cannot be turned on again in 2013.  I’ll get into details of that setting and a workaround later, but first I will set the scene for how the settings and behavior have evolved. 

In Project Server 2010 we had a checkbox in Server Settings, Project Site Provisioning Settings for Project Site Permissions – labeled “Check to automatically synchronize Project Web App users with Project Sites when they are created, when project managers publish projects, and when user permissions change in Project Server. When the check box is cleared, Project Server users are never synchronized with Project Sites.”:

image

In my example it is unchecked – this is reflected in the published database in the MSP_WEB_ADMIN table in the WADMIN_AUTO_ADD_USER_TO_SUBWEB column – which has 0 when unchecked and 1 when checked.

image

If I create a new project and add some resources and then publish – I see just the following jobs in the queue and I don’t see any permissions set for the resources in my plan.

Project Save from Project Professional  
Start Workflow Success
Project Publish Notifications
Project Publish Success
Reporting (Project Publish)
Project Site Create
Reporting (Project Sync)
Reporting (Enterprise Project Type and Workflow Information Sync)

If I go to Server Settings, Project Sites and select the project, then click Synchronize in the header:

image

then I see a couple of queue jobs executed:

Project Site Membership Synchronization
Reporting (Project Sync)

However, I still do not see my expected users added to my site.  Only when I check the checkbox in the first screenshot, and then click Synchronize on the Project Sites page do I see my users get added.  So this checkbox controls the addition of users to my subweb.

There are some other settings in 2010 that had no UI, but could be set programmatically (or by editing the database and were documented in the article http://technet.microsoft.com/en-us/library/hh670402(v=office.14).aspx and the table was the same MSP_WEB_ADMIN, but this time the column is WADMIN_USER_SYNC_SETTING:

image

As you can see, mine is set to 0, which means all synchronizations are enabled.  If I change this to 2, this still has no effect on the site synchronization as long as the checkbox is checked.  Sync happens both on site creation and also using the Synchronize button.

Now lets jump forward to 2013.  The dialog in my first screenshot has no equivalent in 2013, and in a new installation the database setting for WADMIN_AUTO_ADD_USER_TO_SUBWEB  is defaulted to 1.  The WADMIN_USER_SYNC_SETTING now has some UI – under Server Settings, Project Permission Sync Settings.  I should add that this only appears when you are using Project Server Permissions mode.  The dialog looks like this:  , and if you are interested in the behind the scenes activity in the pub.MSP_WEB_ADMIN table the values for :

image

If you are interested in the behind the scenes activity in the pub.MSP_WEB_ADMIN table the values for WADMIN_USER_SYNC_SETTING follow the numbers documented at http://msdn.microsoft.com/en-us/windows/microsoft.office.project.server.library.admin.usersyncsettings_di_pj14mref(v=office.15) like so:

Enabled                            Value=0.       Enable all synchronizations.

DisablePWA                     Value=1.       Disable synchronization with Project Web App.

DisablePWS                     Value=2.       Disable synchronization with project sites.

DisableEmailSync             Value=3.       Disable email synchronization.

DisableAll                         Value=4.       Disable all synchronizations.

DisableVisbilityProjects    Value=8.       Disable Visibility projects synchronization only.

DisableEverything            Value = 255. Disable everything.

Unchecking Enable Project Site Sync will give me a value of 10 in the database – as it disables project site sync and sync with SharePoint Task List Project (or visibility projects as they are sometimes called).

With these settings, which are equivalent to the ones described in the final 2010 test above  (DB value was 2 rather than 10 as visibility projects didn’t exist),  if I create a new project and publish, and/or if I click Synchronize on the Connected SharePoint Sites page I DO NOT see any synchronize queue jobs and NO users are added to my site.  In 2013 there is no longer a single click option to synchronize sites if I have used the new UI in front of the WADMIN_USER_SYNC_SETTING values to turn off site sync.

The other gotcha, and the piece that got me looking deeper into this topic in the first place is the issue I alluded to in the intro.  What if I am using 2010 and have that box unchecked – then migrate to 2013?  In this case it can leave you confused as to why your users aren’t able to access their sites after you create a project.  The behavior you will see is that on initial publish of a project, assuming you create a site, then even if you have ‘Enable Project Site Sync’ enabled you will still not see your users added – and neither will you see the expected additional ‘Project Web App Synchronized’ groups – you will just see the default members, Owners and Visitors if you go to Site Settings, Site Permissions:

image

If you click on the Synchronize option you will see things put right – and the new groups will get added and your users added.  So we still take notice of the old DB setting which carried over from migration – but only on the project publish.

image

This last piece is certainly a bug – not sure at this point how it will be addressed, but we will be updating our upgrade documents to suggest checking that box before migration.  If you have migrated from 2010 (or earlier!) and are not seeing permissions on sites set as expected when you publish a plan then take a look at the database (change ProjectWebApp to the name of your database),

SELECT [WADMIN_AUTO_ADD_USER_TO_SUBWEB] FROM [ProjectWebApp].[pub].[MSP_WEB_ADMIN]

should return a 1.  If it shows a zero then you could run

Update [ProjectWebApp_PPM].[pub].[MSP_WEB_ADMIN]
Set [WADMIN_AUTO_ADD_USER_TO_SUBWEB] = 1
where [WADMIN_AUTO_ADD_USER_TO_SUBWEB] = 0

This will show (1 rows(s) affected) as it resets the value.

We are reviewing this behavior change – so I will update if we do make any changes here.

For Project Online this last piece can never be an issue – as it will always be a 1 – and Project Online now has new defaults for the other Project Permissions Sync Settings – so by default we don’t sync anything.  And like 2013, if you have this sync turned off then Synchronize in Connected SharePoint Sites does nothing.

By

Remove and Re-add product key for Office 2013 and Office 365

Having been on Microsoft Office 365 for a few months now, we started to notice that when users who had activated software on a PC were removed from Office 365, the software would go into “grace period” and would continually notify the new user of the PC that there was a problem. The trouble was I could not figure out how to reassign the software license to the new user. Finally I have found steps that will accomplish this without having to repair/reinstall office.

Open Command Prompt on PC
Open a Command Prompt window, and then take one of the following actions:

  • If you installed the 64-bit version of Office 2013, move to the following folder: C:Program FilesMicrosoft OfficeOffice15
  • If you installed the 32-bit version of Office 2013, move to the following folder: C:Program Files (x86)Microsoft OfficeOffice15

Display the Current License(s)
Type the following command to display the license status. Note the last five characters of any and all license keys that display in the output:

cscript ospp.vbs /dstatus

Remove the License(s)
Now run the following command as many times as needed to remove all of the license keys you noted from the previous step.

cscript ospp.vbs /unpkey:[LAST 5 numbers of existing product key]

Restart the Computer

Once the remove commands are successfull, close the command prompt and restart the PC.

Reactivate MS Office 2013 with New Account

Launch one of the MS Office 2013 applications (I like to use Word). The application should prompt you to reactivate the by providing your sign-on ID. Enter in the new user’s credentials and the software will now be licensed under their ID.