May 2, 2017

Office Online Server on Windows Server 2016: 'InkandHandwritingServices' was not found

Problem

When installing Office Online Server on Windows Server 2016, and using the Add-WindowsFeature script provided on all of the installation instruction articles, such as this, you will get error

Add-WindowsFeature : ArgumentNotValid: The role, role service, or feature name is not valid: 'InkandHandwritingServices'. The name was not found.

Solution

Windows Server 2016 doesn’t contain Ink And Handwriting Services, so omit that from the Add-WindowsFeature command. So, working script for WS2016 is:

Add-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Static-Content,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,NET-Framework-Features,NET-Framework-Core,NET-HTTP-Activation,NET-Non-HTTP-Activ,NET-WCF-HTTP-Activation45

March 31, 2017

SharePoint: Workaround for Script Editor and Chrome ERR_BLOCKED_BY_XSS_AUDITOR

Problem

In recent Chrome browser, it has become little annoying to work with SharePoint tool due to Chrome throwing ERR_BLOCKED_BY_XSS_AUDITOR error when working with the Script Editor web part. This is due to XSS auditor on Chrome blocking JavaScript included in the Script Editor Web Part. Issue occurs on SharePoint Online and on-premises SharePoint 2016 and 2013 and occurs regardless if site is accessed via HTTP or HTTPS.

Steps to repro:
  1. On SharePoint publishing page, add Script Editor web part to content area or web part zone
  2. Add the following code to the web part (any JS will do the trick): 

    <script>
    console.log("asd")
    </script>

  3. Click Insert at the bottom of the Script Editor content dialog
    --> Chrome throws you to page saying


    This page isn’t working

    Chrome detected unusual code on this page and blocked it to protect your personal information (for example, passwords, phone numbers, and credit cards).
    • Try visiting the site's homepage.
    ERR_BLOCKED_BY_XSS_AUDITOR

Workaround

You can disable the XSS Auditor by appending the following value to web.config on your on-premises SharePoint 2013 or 2016 web site.

  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="X-XSS-Protection" value="0" />
      </customHeaders>

For SharePoint Online, there is no workaround at the moment.

March 21, 2017

SharePoint: Getting list items with SPFx and CamlQuery

Problem

When fetching SPList items using SPFx and REST combined with CAMLQuery, you need to use spHttpClient.post. However, the following code wasn’t working:

const options: ISPHttpClientOptions = {
	body: `{'query': {
		'__metadata': {'type': 'SP.CamlQuery'},
		'ViewXml': '<View><Query><OrderBy><FieldRef Name="ID"" /></OrderBy></Query></View>'
	}}`
};

return this.context.spHttpClient.post(window.location.protocol + '//' + window.location.hostname + (this.properties.webUrl +
	`/_api/web/lists/GetByTitle('Pages')/items?$select=Title`),
	SPHttpClient.configurations.v1,
	options)
	.then((response: SPHttpClientResponse) => {
		return response.json();
});

But instead it was throwing errors such as:

The property 'query' does not exist on type 'SP.Data.PagesItem'. Make sure to only use property names that are defined by the type.

or

An entry without a type name was found, but no expected type was specified. To allow entries without type information, the expected type must also be specified when the model is specified.

Solution

First of all make sure you use the “odata-version: 3.0”, but more importantly, as you’re using POST, change the REST URL from …/items to …/GetItems.

Final working code:

const options: ISPHttpClientOptions = {
	headers: {'odata-version':'3.0'},
	body: `{'query': {
		'__metadata': {'type': 'SP.CamlQuery'},
		'ViewXml': '<View><Query><OrderBy><FieldRef Name="ID"" /></OrderBy></Query></View>'
	}}`
};

return this.context.spHttpClient.post(window.location.protocol + '//' + window.location.hostname + (this.properties.webUrl +
	`/_api/web/lists/GetByTitle('Pages')/GetItems?$select=Title`),
	SPHttpClient.configurations.v1,
	options)
	.then((response: SPHttpClientResponse) => {
		return response.json();
});

Oh, and no need to use JSON.stringify() when building the ISPHttpClientOptions body query, just use ` around the code and it will already be a string.

March 17, 2017

SharePoint: Make form Cancel button to not redirect to Source URL

Problem

On a feedback form implementation, you can make the SAVE button redirect to any page you wish using the Source Query String parameter. But how to make the CANCEL button to not redirect to this same Source page, which is commonly a “Thank you” page?

Solution

  1. Create new “New” form for the list.
  2. Find SharePoint:GoBackButton control
  3. Add new parameter RedirectUrl with the URL where Cancel button should redirect to.

In my case it is just redirecting to the front page of the site.

form1

March 9, 2017

Sonera IPTV on Ubiquiti EdgeRouter

Network details

eth0 = internet
eth1 = LAN
eth0.252 = IPTV VLAN
LAN subnet = 192.168.1.0/24

 

Steps

1. Add new VLAN interface

clip_image001

2. For interface MAC, set MAC of your Inteno router (not sure if this is needed)

clip_image002

3. For interface DHCP / route settings set the values

clip_image003

4. For firewall create address group IPTV for multicast traffic

address-group IPTV 
{
address 239.16.116.0/24
address 239.16.117.0/24
description ""
}

5. For firewall, create two rules: IPTV_IN and IPTV_LOCAL, assign to eth0.252/in and eth0.252/local

name IPTV_IN 
{ 
default-action drop 
description "" 

rule 10 
{ 
action accept 
description "Allow established/related" 
log disable 
protocol all 
state 
{ 
established enable 
invalid disable 
new disable 
related enable 
}
} 

rule 20 
{ 
action accept 
description "Allow multicast" 
destination { 
group { 
address-group IPTV 
} 
} 
log disable 
protocol udp
} 

rule 30 
{ 
action drop 
description "Drop invalid state" 
log disable 
protocol all 
state { 
established disable 
invalid enable 
new disable 
related disable 
}
} 
} 
name IPTV_LOCAL { 
default-action drop 
description "WAN to router" 

rule 10 
{ 
action accept 
description "Allow established/related" 
log disable 
protocol all 
state { 
established enable 
related enable 
}
} 

rule 20 
{ 
action accept 
description "Allow multicast" 
destination { 
group { 
address-group IPTV
} 
} 
log disable 
protocol udp 
source { 
} 
} 

rule 30 
{ 
action accept 
description "Allow IGMP" 
log disable 
protocol igmp
} 

rule 40 
{ 
action drop 
description "Drop invalid state" 
log disable 
protocol all 
state { 
invalid enable
} 
} 
} 

6. Done!

Keywords: Sonera Viihde, Fibre, Fiber, sonera viihde iptv omalla reitittimellä

SharePoint: Batch delete access requests

Problem

On on-premises SharePoint 2013 there was a web site where there were hundreds of pending access requests that needed to be removed. Approving or Declining requests was not desired, they just needed to be removed without any email being sent to the users.
There is no deletion option in browser UI, and after adding traditional AllItems.aspx view using SharePoint Designer, deleting requests one by one would’ve taken very long time, as while the All Items view allowed me to select multiple rows, there was no Delete button in any toolbar nor ribbon.

Solution

Simple PowerShell script did the trick.

NOTE! This also removes the history, so only run it if you do not wish to persist the access request history for the site.

$web = Get-SPWeb https://teamsites.company.com/teams/teamsiteA
$items = $web.Lists["Access Requests"].Items
while($items.Count -gt 0)
{
    Write-Host "Deleting: $($items[0].Title)"
    $items[0].Delete()
}

March 6, 2017

SharePoint: Web applications slow loading when using DigiCert certificates when no access to internet

Problem

On SharePoint farm with no access to internet, if you configure IIS sites to use DigiCert SSL certificates, page loading (especially the first) are slow. You’ve disabled CRL checking and configured SharePoint to trust it’s own Root Certificate. Still you see 10-15 sec think times when loading pages.

In Windows Event Log –> Applications and Service Logs –> Microsoft –> Windows –> CAPI2 –> Operational log you see Event ID 53 errors like this:

ocsp

Solution

This is due to Kerberos Client PCSP Stapling Requests that fail due to now having connection to http:/ocsp.digicert.com and can be disabled

On SharePoint servers, In registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ add RequestOCSP of type DWORD and set it to 0 after which the computer will not request a stapled response. Restart/reboot not required.