GPOs and SharePoint 2013: The dance of the 2 left footed partners.

I recently was installing SharePoint 2013 at a customers site. I thought all was going well till i started hitting a brick wall of errors while installing SharePoint, some that i had seen, others that i haven’t.

I started noticing some strange things as well, like the SharePoint Timer services mysteriously turning off and then giving me an error, telling me that the there was a logon failure.  I thought this was kinda weird, but i went in and updated the password and i got CLUE #1. The dialogue box was now telling me that my farm account now had rights to log on as a service.

That set me off an alarm in my head and decided to ask my customer if he had any custom GPOs. Turns out they did, but he didn’t quite know all the different ones they had.

Thus started a long winding road figuring out which GPOs did what.

The end result was this:

SharePoint 2013 service accounts need the following rights.

• Manage audit and security log
• Debug Programs
• Backup files and directories
• Log on as a service
• Log on as batch

All of these right can be found on the local security policy, but if you have GPOs in your AD these will be over written.

What you have to do is kindly/gently/forcefully ask you friendly neighborhood AD guru to create a GPO that allows these rights to your SP Service accounts.

Adding the ones above helped me.
Nando

 

SharePoint 2013 App Domains…like wrangling a 5 year old!

SharePoint 2013 has many awesome qualities which i will be discussing with you later, but there are some that give me that old UPS feeling of ineptitude. Yes folks, I am talking about deploying SharePoint Apps on a private hosted App Domain on SharePoint 2013.
This has to be the most problematic thing since the UPS Episode of ’10.
There are many nice MSDN articles on how to setup an app domain , but the most comprehensive one i have seen is this one:
http://msdn.microsoft.com/en-us/library/office/apps/fp179923%28v=office.15%29

Now. What they don’t tell you is that once you set it up all kinds of things will go wrong when they can go wrong. The most two frustrating ones for me where in Visual Studio: Unable to connect to SharePoint Dev site for debugging.
I fixed that one by adding a host entry.
The second one is the most vexing of all:
Error 1 Error occurred in deployment step ‘Install App for SharePoint’: Failed to install App for SharePoint.

I know it worked like 1 day ago. But it threw this at me like an un-catchable frisbee .
So i search the event log and say a bunch of these suckers:
The event viewer had an error occurring every minute – Event ID 6482 which states:
Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (21e4447f-bac6-4a29-82db-165e074ac5db).
Reason: An update conflict has occurred, and you must re-try this action. The object SearchDataAccessServiceInstance was updated by domain\user, in the OWSTIMER (5040) process, on machine (server name). View the tracing log for more information about the conflict.
Technical Support Details:
Microsoft.SharePoint.Administration.SPUpdatedConcurrencyException: An update conflict has occurred, and you must re-try this action. The object SearchDataAccessServiceInstance was updated by domain\user, in the OWSTIMER (5040) process, on machine (server name). View the tracing log for more information about the conflict.
at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)

Yeah, I know right!?
What the flagnog is that about?
So i did some googling and found the reason for this.
The file system cache on all FE’s on which the timer service is running needs to be cleared. Iam not sure why it needs to be cleared? But it does.
Below is the step by step provided by Microsoft:
Stop the Windows SharePoint Services Timer service (Found in Windows Services)
Navigate to the cache folder
In Windows Server 2008, the configuration cache is in the following location:
Drive:\ProgramData\Microsoft\SharePoint\Config
In Windows Server 2003, the configuration cache is in the following location:
Drive:\Documents and Settings\All Users\Application Data\Microsoft\SharePoint\Config
Locate the folder that has the file “Cache.ini”
(Note: The Application Data folder may be hidden. To view the hidden folder, change the folder options as required)
Back up the Cache.ini file.
Delete all the XML configuration files in the GUID folder. Do this so that you can verify that the GUID folder is replaced by new XML configuration files when the cache is rebuilt.
Note When you empty the configuration cache in the GUID folder, make sure that you do not delete the GUID folder and the Cache.ini file that is located in the GUID folder.
Double-click the Cache.ini file.
On the Edit menu, click Select All. On the Edit menu, click Delete. Type 1, and then click Save on the File menu. On the File menu, click Exit.
Start the Windows SharePoint Services Timer service
Note The file system cache is re-created after you perform this procedure. Make sure that you perform this procedure on all servers in the server farm.
Make sure that the Cache.ini file in the GUID folder now contains its previous value. For example, make sure that the value of the Cache.ini file is not 1.

Dont ask me why it works, because, well, i don’t work for microsoft. But it worked. After that i was able to deploy all my apps no problemo.

Enjoy My Fail.

Nando