Thursday, April 5, 2012

Opening .msg e-mails in Outlook from a SharePoint 2010 document library

Out of the box, if you attempt to open a .msg file from a document library you’ll notice that IE only offers the choice to save this file or cancel. This behaviour is caused by SharePoint 2010′s Browser File Handling and is set per Web Application. There are two options, Strict which specifies that MIME types not listed in “AllowedInlineDownloadedMimeTypes” are forced to be downloaded and Permissive which permits all MIME types to be opened in the browser.

There are two ways to permit SharePoint 2010 to serve .MSG files so they can be opened from the browser.

Option 1:

The first option is a rather brute force approach since it involves changing the default file handling from Strict to Permissive which effectively allows any file types for that on web application level to be opened in the browser and not just .MSG files. This is achieved by the following procedure:

  • Go to SharePoint 2010 Central Administration > Application Management > Manage Web Applications
  • Select the row of your web application
  • Click General Settings in the ribbon
  • Scroll down to Browser File Handling and select Permissive
  • Click OK

Recycle the Application Pool for the Web Application on each of your web front end servers and you will now be able to open .MSG or .PDFs or any other file type directly in the browsers from a SharePoint document library.

Option 2:

This is my preferred method, it’s more involved but means the Strict browser file handling remains in place. First of all you need to add the correct MIME type to IIS for .msg files on each of your front end servers as it’s not present out of the box.

  • Start Internet Information Manager
  • Select the server node in the left pane, however this can be done on a per web application basis if required.
  • Open in the MIME Types settings, click add.
  • Enter .msg for file name extension and application/


  • Repeat for all front end servers

Next you need to run the following Powershell in the SharePoint Management Shell on a single server in the farm. First replace YOUR WEB APPLICATION at the top of the script with the URL of your Web Application.


$webApp = Get-SPWebApplication http://YOUR WEB APPLICATION


If ($webApp.AllowedInlineDownloadedMimeTypes -notcontains "application/")








Write-Host "application/ added to AllowedInlineDownloadedMimeTypes"



You now need to run IISRESET on each web front-end server for these settings to be applied.

If you’re looking to do the same for PDFs then the MIME type already exists in IIS, so just amend the powershell script for the MIME Type: ’application/pdf’


$webApp = Get-SPWebApplication http://webapplicationname



How to map the Birthday SharePoint field to AD


Extending the schema

When the set of classes and attributes in the base Active Directory schema do not meet your needs, you can extend the schema by modifying or adding classes and attributes. You should only extend the schema when absolutely necessary. The easiest way to extend the schema is through the Schema Microsoft Management Console (MMC) snap-in. You should always develop and test your schema extensions in a test lab before moving them to your production network

To install the Active Directory Schema snap-in

Open an elevated command prompt. Click Start, type command prompt, and then right-click Command Prompt when it appears in the Start menu. Next, click Run as administrator. When the command prompt opens, type the following command, and then press ENTER

regsvr32 schmmgmt.dll


  1. Click Start, click Run, type mmc, and then click OK.
  2. On the File menu, click Add/Remove Snap-in.
  3. Under Available snap-ins, click Active Directory Schema, click Add, and then click OK.


  1. To save this console, on the File menu, click Save.
  2. In the Save As dialog box, do one of the following:
    • To place the snap-in in the Administrative Tools folder, in File name, type a name for the snap-in, and then click Save.
    • To save the snap-in to a location other than the Administrative Tools folder, in Save in, navigate to a location for the snap-in. In File name, type a name for the snap-in, and then click Save.


Modifying the schema is an advanced operation that is best performed by experienced programmers and system administrators. For detailed information about modifying the schema, see Active Directory Schema (

Additional considerations

  • To perform the Schmmgmt.dll registration portion of this procedure, you must be a member of the Domain Admins group in the domain or the Enterprise Admins group in the forest, or you must have been delegated the appropriate authority. Adding the Active Directory Schema snap-in to MMC requires only Domain Users group membership. However, making changes to the schema requires membership in the Schema Admins group.

Creating a New Attribute

When creating classes and attributes, note the following:

  • Do not include spaces when entering the attribute and class names. An LDAP display name with embedded spaces can cause problems.
  • Object identifiers (OIDs) are issued by International Standards Authorities such as the International Telecommunications Union (ITU) to prevent issuance of duplicates. If your organization expects to create new classes and attributes, you may want to first request OIDs from the relevant standards body in your country. The OIDs listed here have been issued by Microsoft and are guaranteed to be unique. Do not create your own OIDs.

Add a new schema class or attribute definition

To add a new schema class or attribute definition

  1. Open the Active Directory Schema snap-in.
  2. In the console tree, click Active Directory Schema.
  3. Do one of the following:
    • To add a class definition, in the console tree, right-click Classes, click Create Class, and then follow the instructions.

To add an attribute definition, in the console tree, right-click Attributes, click Create Attribute





Voer waardes in bij Common Name and Description

Wijzig Syntax in Generalized Time


The Unique X500 Object ID MUST be filled in.

To get a unique X500 ID follow the instructions on

Copy the code into Notepad and save as .VBS

Open het VBS script



Root OID = 1.2.840.113556.1.8000.2554.26957.60255.54271.18045.36403.10579657.3450681


Our Rooyt OID = 1.2.840.113556.1.8000.2554.26957.60255.54271.18045.36403.10579657.3450681

Attribute will be: 1.2.840.113556.1.8000.2554.26957.60255.54271.18045.36403.10579657.3450681.2

First attribute OID: 1.2.840.113556.1.8000.2554.26957.60255.54271.18045.36403.10579657.3450681.2.1



Add New Active Directory Attributes to SharePoint User Profiles

Now you need to create a SharePoint user profile attribute and map it to the new Active Directory attribute. Before you can do that, you need to update the schema in the Forefront Identity Manager 2010 on the SharePoint server running the User Profile Service Application.

a) Navigate to the C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell folder

b) Double-click on the miisclient.exe application. This will open Forefront Identity Manager 2010. (ensure that the services are running and that you have permission to open!!)

c) Click the Management Agents button on the toolbar


d) Select your Active Directory management agent (it should say Active Directory Domain Services in the Type column)


e) In the Actions menu select Refresh Schema


f) Click OK in the confirmation dialog box

g) If prompted, specify credentials for the domain account used by the agent

h) A window will open showing the schema refresh progress

i) Once schema refresh is complete, click Close button to close the refresh window


j) Open Properties


k)Select Attributes – Show All and Add dateofbirth


Close Forefront Identity Manager 2010

SharePoint 2010 actions

Once the Forefront Identity Manager schema has been updated, you can create a new SharePoint user profile property and map it to the Active Directory attribute.

a) In Central Administration under Application Management select Manage service applications

b) Click on the User Profile Service Application

c) Under People click Manage User Properties

d) Edit Birthdayproperty

e) Scroll down to the Add New Mapping section

f) Select your Active Directory synchronization connection in the date no year field


g) Select your new Active Directory attribute in the Attribute field

h) Select Import in the Direction field

i) Click Add to add the new mapping

j) Click OK to save the new profile property



Open Active Directory

Choose View – Advanced Features

Choose the OU you want to sync SharePoint with

Select a user and open the properties


Choose Attribute Editor

Scroll down to dateofbirth and choose Edit

Enter a value



Open Central Administration

Application Management

Manage Service Applications

Open User Profile Service Application


Choose Start Profile Synchronization


Control this by opening Manage User Profiles



Enter a name to search for


Edit the profile and scroll down to Birthday

There it is!!!!


How to delete Application Pools in SharePoint 2010


When creating a new service application for Powerpivot an errormessage showed up;

Error: An object of the type Microsoft.SharePoint.Administration.SPIisWebServiceApplicationPool named “PowerPivot Services AppPool” already exists under the parent

Within IIS no such Application pool existed, what to do?


There were 5 powerpivot App pools created because of my 5 attempts to create the Service application

You can delete the application pool using PowerShell!

  • Open the SharePoint 2010 Management Shell with administrator privileges
    • Start ->All Programs -> Microsoft SharePoint 2010 Products -> Right click on SharePoint 2010 Management Shell ->Run as administrator
  • Run ‘Get-SPServiceApplicationPool’
  • Run ‘Get-SPServiceApplicationPool -Identity [Name of the application pool]‘
  • Run ‘Remove-SPServiceApplicationPool’
    • Enter the Identity => this is the name of the application pool
    • Enter ‘Y’ to delete the application pool

You can now recreate the service application using the same names you used before


EventID 7898 SharePoint 2010


InfoPath Forms Services not working due to invalid State Service configuration - Event 7898 (SharePoint Server 2010)

Alert Name: State Service not configured for InfoPath Forms Service

Event ID: 7898

Summary: InfoPath Forms Services is not functional because the Microsoft SharePoint Server State Service configuration is not valid.

Symptoms: One or more of the following symptoms appears:

  • InfoPath forms cannot be opened in a Web browser.
  • Workflow forms cannot be opened in a Web browser.
  • An error message appears when a form is loaded that states that the form cannot be rendered.
  • This event appears in the event log: Event ID: 7898 Description: Microsoft SharePoint State Service is not configured correctly and cannot respond to requests. InfoPath Forms Services relies on Microsoft SharePoint State Service to function correctly. Check the SharePoint Maintenance Engine rules in SharePoint Central Administration for issues with Microsoft SharePoint State Service configuration.

Cause: The State Service, an InfoPath Forms Services dependency, is not configured correctly or is not associated with the Web application that hosts InfoPath forms.

Resolution: Create a State Service application by using Windows PowerShell

  1. Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
  2. On the Start menu, click All Programs.
  3. Click Microsoft SharePoint 2010 Products.
  4. Click SharePoint 2010 Management Shell.
  5. At the Windows PowerShell command prompt (PS C:\>), type the following command, and then press ENTER:

$serviceApp = New-SPStateServiceApplication -Name "State Service"

To create a State Service database and associate it with the service application, type the following command, and then press ENTER:

New-SPStateServiceDatabase -Name "StateServiceDatabase" -ServiceApplication $serviceApp

To create a State Service application proxy in the farm's default proxy group, and associate it with the service application, type the following command, and then press ENTER:

New-SPStateServiceApplicationProxy -Name "State Service" -ServiceApplication $serviceApp -DefaultProxyGroup

For more information, see New-SPStateServiceApplication, New-SPStateServiceDatabase and New-SPStateServiceApplicationProxy.

Resolution: Associate a State Service proxy with the Web application

  1. Verify that the user account that is performing this procedure is a member of the Farm Administrators group.
  2. On the Central Administration Home page, click Application Management.
  3. On the Application Management page, in the Service Applications section, click Manage Web Applications.
  4. On the Manage Web Applications page, click the name of the Web application, and then click Service Connections.
  5. Select the State Service Proxy check box.

If a State Service Proxy is not listed, create a State Service application, a State Service database, and a State Service proxy.

Resolution: Create a State Service application by using the Farm Configuration Wizard

  1. Verify that the user account that is performing this procedure is a member of the Farm Administrators group.
  2. On the Central Administration Home page, click Configuration Wizards.
  3. On the Configuration Wizards page, click Launch the Farm Configuration Wizard.
  4. Ensure that State Service check box is selected, and then finish the Farm Configuration Wizard

URL Rewrite for SSL redirection


Automatically Redirect HTTP requests to HTTPS on IIS 7 using URL Rewrite 2.0

If you want users to be automatically redirected to an HTTPS site;

· Install Microsoft URL Rewrite Module, downloadable from:

· Be sure a SSL certificaat is installed and bind it too your web site

· Disable : Require SSL clip_image001

· Copy and paste the following code: between <rules> and </rules> tags in the web.config file in the website root directory.


Edit the web.config file

<rule name="Force HTTPS" enabled="true">
        <match url="(.*)" ignoreCase="false" />
            <add input="{HTTPS}" pattern="off" />
        <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />

Wanneer je dit hebt gedaan, zorg er dan voor dat je de website ook gebind hebt op poort 80:


When opening the http site now, you will be automatically redirected to the HTTPS site:



<rule name="Force HTTPS" enabled="true">

<match url="(.*)" ignoreCase="false" />


<add input="{HTTPS}" pattern="off" />


<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />




UserName showing up as DomainName\UserName instead of Full Name in SharePoint 2010

I have seen a lot of people facing a problem in SharePoint 2010, where the UserName is displayed as DomainName\UserName instead of its Full Name. As a solution a lot of people are suggesting to setup the User Profile Synchronization service, but there are organizations who would not like to use it just to fix this issue.


The above image shows that my UserName which was supposed to be displayed as Mukesh Parmar is shown as SharkHeads\Mukesh. This is not right & I would like it to be displayed correctly and without installing and configuring User Profile Synchronization Service.

Let’s Start

The fact is you really do not need to setup User Profile Synchronization service, just to show the user’s display name right. We can utilize the existing SharePoint 2010 CMDLet Set-SPUser to set the User Properties in SharePoint or force a Manual User Profile Update from AD [Active Directory].

To change the Display Name we will be using the Set-SPUser CMDLet with the following switches.


Set-SPUser -Identity ‘SharkHeads\Mukesh’ -DisplayName ‘Mukesh Parmar’ –Web http://SharePointServer

Or [To force a manual sync for the user properties from AD]

Set-SPUser -Identity ‘SharkHeads\Mukesh’ –Web http://SharePointServer –SyncFromAD .

Change the above user details as per your environment. Once the command is successfully executed, the changes should now reflect on the site as seen below.


You might be thinking, by using the above CMDLet, I can only change one user DisplayName at a time, I have around 100′s of users having the Displayname in the following format DomainName\UserName. How do I fix those?

No need to panic you can use the following to do the same.

Get-SPUser –Web http://SharePointServer | Set-SPUser –SyncFromAD

The above will fix all users display name in that particular Web Application.


Below are few point to consider:-

· When using –SyncFromAD switch, make sure that the Display Name field is set correctly in User Properties of Active Directory.

· This is not an ideal solution if you are frequently adding new users and changing the user properties in AD. Tho you can schedule the above in Task Scheduler as per your requirement.

· The above will not fix the Display Name for all Web Application in your farm, you will need to run the above command separately for all sites or create a script for the same or you can setup the User Profile Synchronization Service.

· For a full list of switches for the Set-SPUser CMDLet you can check the following link.

Wednesday, April 4, 2012

Event ID 4625: Error logging on SharePoint





This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

According to this c0000413 means STATUS_AUTHENTICATION_FIREWALL_FAILED - "Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine" - this link seems to have some causes for this error

Windows Authentication and Multiple Domains

Here is some additional info:

    • I've add DOMAIN A\Domain Users to the Permissions on the website and gave it Full Control -- just to see if I could get around this but it doesn't work.
    • Whenever there is a login failure from a user in Domain A, I notice that Event Log logs a Error Event ID 4625 giving the details of the account, domainA, Status: 0xc0000413
    • App Pool - Process Model is set to NetworkService

To resolve the issue, I had to open up AD Users and Computers --> enable Advanced Features --> Select the Computer Object --> Properties --> Security --> Add the Group I want to allow access to the computer (in this case, DomainA\Domain users) and allow "Allowed to Authenticate


Make sure the user is a member of this group

Error 404 Page Not Found within SharePoint


Problem; when logged in as an administrator, we were able to see a Web Page. When logging in as a normal user, an error message showed up Page Not Found (Error 404)

This happens when there’s publishing active on the site and the page has a minor versions (is not published to a major version)

Open All Site Content – Pages and Publish the Page.

People Picker in SharePoint 2010


The people-picker is a SharePoint interface responsible for querying repositories for identities or groups in order to grant them permission in the SharePoint application. Site administrators and other users use the People Picker Web control to select people and groups when assigning permissions. There are two possible ways to add users, via the checkname or via the browse feature.

The checkname is the icon with a messenger guy and a checkmark :clip_image001

The browse feature is the book icon: clip_image002


How to configure SP2010 to resolve accountnames from other domain(s)

If there’s a full 2-way Trust between the domains account name resolving should be ok by default.

If there’s a one-way trust (or a two-way trust with selective authentication; you need to configure additional stuff

First, we set an encryption key (execute this on each server in the farm):

stsadm -o setapppassword -password ******

Second, we register all the domains that need to be searched for account names (this is done per Web Application, not per server)

stsadm -o setproperty -pn peoplepicker-searchadforests -pv “domain:domainB.local;domain:domainA.local,domainA\account,password” -url http://webapplication

The account which is used from the domain doesn’t matter as long as it exists

To check which value has been set for the PeoplePicker-searchadforests

stsadm -o getproperty -pn peoplepicker-searchadforests -url http://webapplication

Output moet dan zijn:

<Property Exist="Yes" Value="domain:msfthosting.local;,

e-office\!saTrust,*****" />PS C:\Users\admjgr>

If you want to remove the value which is defined for the peoplepicker-searchadforests

Stsadm –o setproperty –pn peoplepicker-searchadforests –pv “” -url “name of the URL”

Example: stsadm –o setproperty –pn peoplepicker-searchadforests –pv “” -url https://webapplication

Microsoft Office Web App crashes



When opening a Word document in the browser, an error message shows up.

What to do?

Check the service account which is used for Office Web Apps and control the defined permissions on the SQL content database(s)

Open SQL server (Management Studio)

Look for the Office Web App service account:


Open Properties and choose User Mapping


Choose the content database(s) and give db_owner rights for the Office Web Apps Service account


Office Web Apps Unexpected Error



After looking into IIS one of the Application Pools was not started (stopped). Manually started this Application Pool and once again tried to open a Word document

After some time the same error message showed up..

When checking IIS 7.5 the application pool was stopped again.

The application service account which was used : msfthosting\svcSP2010app03.

After adding this account to the local group : WSS_ADMIN_WPG


I started the application pool again and this time it kept running.