September 25, 2020 - 10:30, by Steven Van de Craen -
In an hybrid search environment the Cloud Search Service Application indexes local file shares and ships the index to SharePoint Online for querying. If you are indexing a local file share then you’ll notice something funny with those search results in Modern Search in SharePoint Online.
As you see the Modern Search just renders the result as non-clickable. Now you could still use Classic Search, but then it would get blocked if you click on it in a modern browser (which you should) due to security concerns.
Not allowed to load local resource: file://myserver/testfileshare/test.txt
The first issue (the visualisation in Modern Search) could be handled by using your own Modern Search results, for example via the PnP Modern Search Solution or use classic search result pages, so I’m not digging into this. The second issue however is generic and requires some thought.
I have seen environments that link directly to file servers for content and ideally that content would be moved into the environment. But there are still valid reasons for file shares and organisations may want to expose them to users through search. So for those cases you would need to find a solution. Here’s what I came up with…
- Use Internet Explorer; ugh. I can’t recommend this anymore but since it technically solves the issue so I’m adding it to the list.
- Start the browser with a flag to allow loading local resources (eg Chrome used to have --allow-file-access-from-files but this no longer works); it cannot be enforced for external users (if applicable) and it doesn’t feel like the right approach.
- Use a browser extension; there are browser extensions that restore the functionality when clicking on a file:// link. The issue I have with extensions is are they safe and trustworthy?
- Use Microsoft Edge IE Mode; users still use a modern browser but specific sites will use the IEMode. It would be a shame to have your entire “modern” SharePoint Online environment to run in IE Mode, no? Also it cannot be enforced for external users (if applicable)
- Put a web server or application in front of the file share; it shows the directory and file structure of the file share with authentication to ensure results are properly shielded
- If you have any other suggestions or solutions feel free to let me know
So let’s go with number 5 on the list. Now I want to have my search results coming from the application.
- Either the application supports being crawled directly as a website by SharePoint Search, and you just configure the Content Sources as such
- Or it may be possible to configure Server Name Mappings to transform the original file share UNC path
Run crawl and voila the search results are transformed into a web url
In either case your search results would now be coming from a web application and you won’t have the issue anymore.
So, what’s your take on this?
April 9, 2020 - 14:20, by Steven Van de Craen -
Had the requirement to get the CheckedOutFile collection of a SharePoint List programmatically and it had to include the ItemID for the file (for use in further programmation).
Via PowerShell you can quite easily get the Path Identity information which contains the ItemID:
Notice that the number at the end is the ItemID.
However, via C# CSOM this is a lot harder as the ObjectPathIdentity class is “inaccessible due to its protection level”. You can’t directly get to this info so I created an extension method “GetPath” to get this info:
public static class ClientObjectExtensions
public static string GetPath(this ClientObject o)
string result = null;
if (o != null)
var q = o.GetType().InvokeMember("Path", BindingFlags.GetProperty | BindingFlags.Instance | BindingFlags.Public, null, o, null);
var r = q.GetType().InvokeMember("Identity", BindingFlags.GetProperty | BindingFlags.Instance | BindingFlags.Public, null, q, null);
result = r.ToString();
Which can be integrated into the C# CSOM logic
Now you can extract this value from the string and continue to work with it as needed.
March 23, 2020 - 11:34, by Steven Van de Craen -
Last week we ran into an issue where external (guest) users on SharePoint Online needed access to custom developed SharePoint Framework Web Parts deployed to the app catalog. By default don’t have access to this location so they receive an access denied on the web part assets.
We brainstormed about deploying to a public CDN but decided against this as it would open up the assets to potentially everyone rather than all our external users. Perhaps this is an unnecessary concern but we’re rolling with it.
A few years ago Microsoft made a change in how guest users receive access to SharePoint by deprecating/disabling the use of “Everyone” or “All Authenticated Users” for external users. See: https://docs.microsoft.com/en-us/office365/troubleshoot/access-management/grant-everyone-claim-to-external-users
While possible to restore this functionality it is better to introduce a dynamic group in Azure Active Directory to identify guest users. Note that this functionality requires Azure AD Premium P1 or higher.
Specify the membership type during group creation:
Next use the rule builder to select all guest users (or other requirements you might have). My query is (user.userType -eq "Guest")
It may take a few minutes before the group membership reflects the rule(s).
Finally, when the group is fully propagated it can be added to the SPO App Catalog with read rights. Note that it might take up to 24 hours (not official) for the group to show up in the People Picker.
Hope this helps.
March 12, 2020 - 16:10, by Steven Van de Craen -
At one of my customers we recently switched to using Microsoft Planner for basic task management and follow up of our team.
When I tried to update several tasks assigned to me I noticed an issue with posting comments:
You no longer have access to "a2e47746-ab52-4774-bba0-905b138c5c7f". Technical details
Correlation Id: 72bb4c8e-f5bb-4f8d-8e3c-03630559263e
Time Stamp: Thu, 12 Mar 2020 11:08:52 GMT
I could change other properties of the task without issues.
FIX: The issue was that my account didn’t have a subscription, more importantly I needed an Exchange Online mailbox. Once that was provisioned the issue was resolved!
March 4, 2020 - 11:00, by Steven Van de Craen -
I was seeing this issue in a SharePoint 2016 environment (Event Log ID 8144 and ULS logs):
Failed to queue mysite for provisioning for user:[domain\user-DELETED-12066432-19B1-4F17-82C9-CF3FC9385325] with correlationid:[12066432-19b1-4f17-82c9-cf3fc9385325] on queue type:[Interactive]. Error:[Microsoft.SharePoint.SPException: The specified user domain\user-DELETED-12066432-19B1-4F17-82C9-CF3FC9385325 could not be found.
at Microsoft.SharePoint.SPWeb.EnsureUser(String logonName)
at Microsoft.Office.Server.UserProfiles.MySiteInstantiationManager.EnsureUserAndFixQuota(String owner, SPSite rootSite)
at Microsoft.Office.Server.UserProfiles.SiteInstantiationWorkItemJobDefinition.<>c__DisplayClass19.<AddWorkItemElev>b__18(SPWeb web)]
This error repeats every 5 minutes as the timer job tries to provision a MySite for this user, however it no longer exists (can happen in some edge case scenario’s mostly related to Active Directory).
Navigate to the User Profile overview, find the user profile and delete it to fix the issue.
February 26, 2020 - 15:17, by Steven Van de Craen -
I’ve been using the new Microsoft Edge (Chromium based, Insider, Chredge, …) ever since the beginning and have loved it from the start. But a recent change (version 79 ?) has an issue with Windows Credentials, something I run into for SharePoint environments with Windows Authentication (NTLM, Kerberos).
Before the update it would prompt with a prefilled credential prompt:
I could just press “Sign in” to continue.
But after the update it would prompt a different style prompt without prefilled credentials or option to save the credentials, forcing me to enter the full username and password every time.
It seems this will be fixed properly in a future update, but for now it is possible to revert to the original credential prompt and functionality via the following workaround:
- Browse to edge://flags/#edge-windows-credentials-for-http-auth
- Change this setting to Disabled (and restart the browser)
Credits & Info: https://techcommunity.microsoft.com/t5/discussions/windows-integrated-authentication-not-working-canary-amp-dev/m-p/934866/highlight/true#M14559
February 6, 2019 - 12:40, by Van de Craen Steven -
"Hey I have a link to a Word document in a SharePoint document library and I have this link on a page to it that I want to open directly in the browser [Word Online]."
"Sure no problem, just append ?web=1 to the link"
"Wow, cool! Can you do the same for opening directly in Word?"
Just linking to the document would offer it as download
I considered a complex hyperlink with an onclick handler that would then open it in Word etcetera etcetera, very convoluted and a thing from the past really.
Then I found out about the Office URI Schemes:
- ms-word:ofe|u| https://mysharepoint/mylibrary/mydocument.docx
ofv = open for view, ofe = open for edit
You can read up on them here: https://docs.microsoft.com/en-us/office/client-developer/office-uri-schemes
Even works in emails if you can construct the hyperlink href yourself. In a simple text mail it will not detect as a hyperlink and just render plain text.
Must admit that was a TIL.
February 5, 2019 - 15:18, by Van de Craen Steven -
November 23, 2018 - 16:30, by Steven Van de Craen -
A client who was using TIF files in SharePoint 2016 reported that the search results didn’t link to the file directly, but rather to the List Item Display Form (DispForm.aspx?ID=x) for these files and wanted that changed.
Most info on the web on how to configure for TIF file indexing is rather outdated and incomplete so here’s an update for SharePoint 2016 and 2019.
1. Enable the TIFF iFilter on all servers configured for “Content Processing” in the Search Topology
Install-WindowsFeature -Name "Windows-TIFF-IFilter"
2. [Windows Server 2012 (R2) only] Enable the Windows Search Service Feature on all servers configured for “Content Processing” in the Search Topology
Install-WindowsFeature -Name "Search-Service"
3. Add both tif and tiff to the list of Crawled File Types for the Search Service Application
4. Add both tif and tiff as a file format to the Search Service Application
$ssa = Get-SPEnterpriseSearchServiceApplication
New-SPEnterpriseSearchFileFormat -SearchApplication $ssa tif "TIFF Image File" "image/tiff"
New-SPEnterpriseSearchFileFormat -SearchApplication $ssa tiff "TIFF Image File" "image/tiff"
5. Restart the SharePoint Search Host Controller on all servers configured for “Content Processing” in the Search Topology
6. Run a Full Crawl
You should now have proper indexing of TIF files.
November 20, 2018 - 14:34, by Steven Van de Craen -
I’ve been running various tests and scenario’s with the new SharePoint 2019 that released about a month ago and ran into an issue with the new OneDrive Sync Client (aka NGSC or Next Generation Sync Client).
Sorry, we couldn’t sync this folder. Contact your IT administrator to configure OneDrive to sync SharePoint on-premise folders
Aside from the obvious grammar error (on-premise vs on-premises) I didn’t expect this issue as I had Windows 10, the latest OneDrive client and SharePoint 2019 as outlined here: https://docs.microsoft.com/en-us/sharepoint/install/new-onedrive-sync-client. Except I ignored the part where it says you need to configure Group Policy objects for it to work.
To set up OneDrive with SharePoint Server 2019, configure the following Group Policy objects:
- SharePoint on-premises server URL and tenant folder name The URL will help the sync client locate the SharePoint Server and allows the sync client to authenticate and set up sync. The tenant folder name lets you specify the name of the root folder that will be created in File Explorer. If you don’t supply a tenant name, the sync client will use the first segment of the URL as the name. For example, office.sharepoint.com would become “Office.”
- SharePoint prioritization setting for hybrid customers that use SharePoint Online (SPO) and SharePoint on-premises server This setting lets you specify if the sync client should authenticate against SharePoint Online or the SharePoint on-premises server if the identity exists in both identity providers. Learn how to manage OneDrive using Group Policy
Now a quick way to configure these values is using the registry editor.
- Name: SharePointOnPremFrontDoorUrl
- Type: REG_SZ
- Value: MYSITEHOSTURL
- Name: SharePointOnPremPrioritization
- Type: REG_DWORD
- 0: prioritizes for SharePoint Online (“PrioritizeSPO”)
- 1: prioritizes for SharePoint 2019 (“PrioritizeSharePointOnPrem”)
Once you configure these values you can sync a SharePoint 2019 library with the new sync client.