SharePoint Foundation 2013 SP1 Bits..Diagnostic Data Provider Timer Jobs Enabled

I don’t know if this was a one-off thing, but I figured I’d share just in case. It’s even possible someone turned these jobs on without notifying anyone..though nobody has fessed up yet! If I run through another SPF13 install soon I’ll be sure to update the post.

I have confirmed that all copies of SharePoint Server 2013 do NOT enable the Data Diagnostic Timer Jobs by default. I have also confirmed that a RTM SharePoint Foundation 2013 install has the same behavior. Recently I ran through a SharePoint Foundation SP1 install (ISO pulled from VLSC)..and after a few weeks noticed the Usage Logging database was growing out of control! Looking over the timer jobs I saw that all diagnostic data provider timer jobs were turned on:


That explains it..These jobs are normally disabled as they aggregate a lot of different information/logs from SharePoint and puts it into one central location/database. We usually either turn these on for “health checks” or when troubleshooting issues and want a complete snapshot of the farm. Turned them off..Trimmed up the usage data using this method:

Note: The link above cleared up only about 10GB of data..leaving me still with a gigantic Usage Logging database. Apparently there isn’t any way I could find (without SQL queries) to clear the Diagnostic Data out of the DB. It did trim some items – Page Requests, Feature Usage, etc. You could either wait for the retention period to kick in..or if the data isn’t important you can create a new Usage database and delete the old one using the Set-SPUsageApplication PowerShell cmdlet explained here:

SharePoint 2013 – “2010 Mode” Site Collection Search Scopes

One migration tidbit to note when going from 2010 to 2013. Search scopes are contained in the Search Service database..NOT the content database. This means that if a site heavily relies on search scopes..and you are choosing to keep this site in “2010 Mode” (Not generally recommended, but sometimes makes sense) then you will need to upgrade the Search database as well. This is because sites running in “2010 Mode” will use existing scopes, but you cannot create new search scopes after the content database is upgraded to SharePoint 2013. Side Note – If this site collection is upgraded to SharePoint 2013 then you can use the fancy shmancy new result sources.

The search database can be upgraded using the following PowerShell cmdlet:


More about this cmdlet here:

This process is rock solid…kind of. It doesn’t give you GUIDs, but the search database names are in the following format:

  • <Search Service Application Name>_AnalyticsReportingDB
  • <Search Service Application Name>_CrawlDB

I had a DB naming format and this did NOT work for me. The search Admin DB (The one I restored) was renamed as I went through the SQL backup/restore process so it had the naming down. I used the process described here to get everything nice and clean:

Search database names were scopes were showing up. Life is good

SharePoint 2013 – Another FIPS 140-2 Adventure “The encryption type requested is not supported by the KDC”

Oh Federal Information Processing Standard (FIPS) 140-2 AKA FIPS 140-2…You got me again! See the original post here:

As stated in several Official Microsoft documents, SharePoint uses several Windows encryption algorithms for computing hash values that do not comply with FIPS 140-2..therefore you CANNOT enable the FIPSAlgorithmPolicy registry key. Here’s some info:

So in this situation we found that the group policy was applied so we retracted that and SharePoint was “back up.” At this time sites were loading, but I was seeing a bunch of errors related to search and distributed cache in the eventvwr/ULS Logs:

System.ServiceModel.Security.SecurityNegotiationException: A call to SSPI failed, see inner exception. —> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. —> System.ComponentModel.Win32Exception: The encryption type requested is not supported by the KDC

This led me to the following blog post:

In this scenario 3 things still needed to happen:

First, IIS Crypto was ran and set to FIPS 140-2 mode. This needed to be reverted as this blocks MD5 hashes.

Then, the AD attribute msDS-SupportedEncryptionTypes needed to be changed from 24 to 28 on all SharePoint 2013 servers. The value of 24 does NOT include MD5 hashes..which SharePoint desperately needs.


After this was set Local Security Policy needed some tweaking (“Network Security: Configure Encryption types allowed for Kerberos”)

This was set to the following (Blocking MD5):


Once checking ALL boxes containing MD5 we were back up and running..Search was working and distributed cache was happy..SharePoint was happy..we were all pretty happy in fact 🙂



SQL GDR Update Breaks SharePoint 2013/SQL 2014 SharePoint-Integrated SSRS

The other day the following patch was applied to a SharePoint server running SQL Server Reporting Services 2014:


Information about this GDR:

This was all fine and dandy until we tried to run a report and got the following error:

  • An unexpected error occurred in Report Processing. (rsInternalError)

· Could not load file or assembly ‘Microsoft.ReportingServices.ProcessingObjectModel, Version=, Culture=neutral, PublicKeyToken=89845dcd8080cc91’ or one of its dependencies. Access is denied.

After seeing an access denied error message my gut was to run the PowerShell command to re-secure resources: Initialize-SPResourceSecurity

This didn’t fix the issue..I ended up coming across the following forum post..Apparently this issue also happened in SQL 2012:

The fix was the following:

  1. Backup encryption keys for the SSRS Service Application
  2. Note any other customizations (SMTP Server, Execution Account, Administrators, etc.) and WRITE THESE DOWN..or take screenshots. Screenshots are good
  3. Delete the SSRS Service Application (Uncheck the box to delete data associated..)
  4. Create a new SSRS Service Application. I used the same name, same Report Server database, same application pool, etc.
  5. Restore the encryption key
  6. Make any changes noted in step 2


Everything should be back up and running

“The trial period for this product has expired”…But really it didn’t

The other day users were getting some strange errors on a page containing an InfoPath form. Users were seeing an error that read “The Trial Period For This Product Has Expired.” I knew this was not the case so I decided to looks at the ULS logs.

Here is the error I was seeing in logs (Seems to be misleading since the error the user sees is “The trial has expired”)

Getting Error Message for Exception System.TypeInitializationException: The type initializer for ‘Microsoft.Office.InfoPath.Server.Util.UrlManager’ threw an exception. —> System.Security.SecurityException: Requested registry access is not allowed.     at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)     at Microsoft.Win32.Registry.GetValue(String keyName, String valueName, Object defaultValue)     at Microsoft.Office.InfoPath.Server.Util.UrlManager.<>c__DisplayClass1.<OpenFileNameMap>b__0()   

It looked to be an issue accessing the registry on the servers. I fired up perfmon and low and behold some access denied errors to SharePoint-related registry keys. Instead of changing these manually I ran the following command to reset the SharePoint security for the file system and registry:

Psconfig –cmd secureresources

Or you can use the PowerShell equivalent: Initialize-SPResourceSecurity 

After that I rebooted the servers for the changes to take into effect and that page started loading up.



SharePoint 2013 – Crawling a “2010 Mode” Site Collection

Working on an upgrade project we decided to keep a SharePoint site (highly customized) in 2010 mode for the time being. First, here is the list of items that will not function while the SharePoint site remains in “2010 compatibility mode.” This is because the features were deprecated/removed and replaced with new/different services and functionality.

Please see the entire list at this official Microsoft link:

Feature Replaced by in SharePoint 2013
Search Scopes Result Sources
SharePoint Web Analytics Reports Analytics now built into Search Service Application

*I remember reading about workflows experiencing intermittent issues in 2010 mode (As described here:, but there is no official documentation stating this fact and it all depends how customized the workflow is.

After getting the search scopes migrated and showing up in the search scope admin area of site settings I noticed no results were coming in. The SharePoint site was added to the default content source in search which is for crawling SharePoint sites I tried giving it its own content source with type SharePoint Site and still no-go. After changing the content source to type Web Site everything was rocking and rolling..


SharePoint 2013 – Missing Patches Error

While working on a SharePoint test environment the other day I tried to take a backup of a site collection and got an error. After digging further I noticed that all databases were in compatibility mode. This lead me to Windows Update and I noticed that SharePoint security patches had been pushed to all servers in the farm and the SharePoint Products Configuration Wizard had NOT been run. This is a big no-no…please, if you push patches to your servers monthly and they include SharePoint-related patches make sure to run the grey wizard after. After applying patches to the servers in the farm I tried to run the grey wizard and got the following error:

“Error: Some farm products and patches were not detected on this or other servers. If products or patches are missing locally, you must quit this program and install the required products and patches on this server before starting this wizard. If products or patches are missing on your servers, you must install the required products and patches on the specific servers, and you may then click the Refresh button to perform the status check again.”

After running the following command on each server everything started working:

Get-SPProduct –local

SharePoint Admin Tool Belt Addition – C2WTS Troubleshooting

I was troubleshooting an issue with the Claims to Windows Token Service the other day and found a great tool to assist. I was working in a SSRS integrated environment configured with Kerberos and was getting the error “Cannot convert claims to windows token” when configuring a data source to test against. The issue was that the C2WTS service account was not in the local admin group. I had requested this access, but in this environment the local admins were all in an Active Directory Group and I did not have permissions to confirm this and adding the account in local admin explicitly was whipped out with Group Policy. Anyways, enough about the issue..the awesome tool is at and is called c2WTS tester

Add it to your SP Admin tool belt!


Office Web Apps 2013 Moved to VLSC…Where are you?

Many of you have probably read that Office Web Apps Server 2013 has moved from the Download Center to the Volume Licensing Service Center(VLSC) from here (Evaluation availability is still available on MSDN for subscribers ):

Recently I went to the VLSC site ( and did a search for Office Web results. I did a search for Web results. After calling the VSLC phone number they indicated that the Office Web Apps Server 2013 install is located under the Office Professional Plus 2013 (and Office Professional Plus W/ SP1) download.

Just another day in the life..

Office Local Drafts Issue/ULS Logs…Can I see a Check-Out

Hey All – I ran across an interesting scenario with one of our clients last week that I thought would be useful to share. They were having issues with Office 2007 and SharePoint 2010. For some reason every now and then a highly edited document would revert back to a previous version. After this happened users continued to collaborate on that document until someone noticed that they’re changes weren’t saved from their last edits. After this happened I was brought in to take a look and see if I could find out what was going on here…

Some background – Office 2007 and Office 2010 have 2 different defaults (At least the base installs at this client did) for how to handle the check out of a file.

  • Office 2007: Defaults to “Use my local drafts folder”
  • Office 2010: Defaults to “The Office Document Cache”

We noticed this specific issue was happening because the users were using the local drafts folder and were not checking the file back in. With Office 2010 you get a nice little pop-up (With Office 2007 you do NOT):


The client went ahead and applied the group policy settings stated here (Thanks Joran!):

Now that we have the issue fixed the client wanted a little additional follow-up. They wanted to see what information the “logs” would provide us if this were to happen again. This client had all of the default ULS logging settings turned on. I was able to track down the last time this happened in the ULS logs and I could only see the user accessing the site, not much else. Once I turned on verbose logging I could see the following entry:

“Performing lock of checkout operation for documents/SPTestDoc.docx. Lock Flags = 5. Lock Id – . Lock timeout = 0.

The audit logs and IIS logs can show the user accessing the file, but we do not know if they checked it out, overrode a checkout, etc. I am not advising anyone to turn on verbose logging 24/7..This will most likely fill up your data drive (Hopefully you are putting logs on a secondary/Non-OS drive) and should only be used in troubleshooting. It is definitely good to know that the defaults do not “capture” a checkout and that verbose logging will need to be enabled for the entry above to show in logs.