SharePoint – Invalid Field Name

The Story

Today was an interesting day, I was getting my morning coffee with dock and video cables in hand as I was about to help a colleague with a video issue when my developer walked in.

I could tell something was up when he walked in as he had a bit of a “catch his breathe” feel in his persona as he went about asking me how my morning was going. Sensing the tension in the conversation I ask him what’s going on. Then he gets right to the point, and it’s SharePoint related. Having had my gooooood amount of SharePoint experience doing majority of the SharePoint site migrations to 2016, however this time the issue revolved around the old 2010 site and server that was setup and configured before my time there.

Long story short, I took the correlation ID and searched the good old UNLS logs (C:\Program Files\Common Files\Microsoft Shared\Web Server Extentsions\14\LOGS). Nothing really stood out, a couple access denied due to a secure store permission for a web part, which I knew about due to the account I was using to test, and saw this webpart error out before hitting the error page on a web part edit (a different webpart that was actually working fine and failing on edit). There are other blog posts on dealing with access denied on the secure store front so I’ll leave those out of this as they were not of value to me. Continuing through the log till the very last match on the correlation ID brought up a exception halt with the line reading “Invalid field name.” along with a bunch of inner system method calls down a usual stacktrace. The stack strace wasn’t really of much relevance so I did the best thing I could, google the UNLS issue about the invalid field name, and sure enough I stumble upon a technet blog post by a Brendan Griffen.

Now you can go ahead and read more on his issue and store there, and he seems to really be hooked about “FormURN” but my case didn’t really have anything to do with that, and he does cover more the details as to the fact that certain tables that are used for content types somehow missing certain fields (ahem columns), as we all know you don’t mess with the DB directly when dealing with SharePoint. Now I don’t even get into the nitty gritty of the commands he used to verify the missing fields (thinking about that now it could have made for a more interesting blog post….. oh well) since he covers the solution to recover the missing fields with two SharePoint powershell commands, and well running those two fields in my test environment (since I was quickly able to duplicate the issue in my test) it sure beat doing that then digging endlessly through DB’s for columns I’m not sure I’m even missing, and for logs this was the last line in it so it was this or nothing…

The solution

Command 1:

Disable-SPFeature –identity "Fields" -URL RootWebURL

You will be asked if you are sure, select yes.

Command 2:

Enable-SPFeature –identity "Fields" -URL RootWebURL

that was it, just like magic (didn’t require a reboot or even a iisreset) my dev was able to edit the web part, and I was on my way to help a user with their monitor.

I’m going to soon have some SharePoint posts about orphaned items stay tuned! As well as some awesome scripts to clean up old 3rd party plugins!

STS Security Token Service on SharePoint 2013

Today I was bringing my stepping server back up. In this case I use it to upgrade content databases from 2010 -> 2016.

Since you can’t directly upgrade, since the config data had been wiped, I was going through the config wizard to get it rebuilt. Now the wizard will complain if the old website still exists. So for some reason I decided to remove all the old sites and app pools. figured it would get rebuilt.

Now the wizard completed without a hitch, and I was off creating a web app and some content databases to delete as I’d test and mount the 2010 content databases for staging.

Oddly after I had mounted the database I had noticed the server was failing to successfully call “Get-SPSite”, saying that it was due to the security token store service. There’s lots of links out there with similiar issues… such as this, this, this, this and even this …. most of which are dead ends.

There’s MS support page on this as well, however I may have accidentally deleted that App Pool…

Then I stumbled across this, a MS blog post, which I find a lil more useful usually cause they are more hands on… in this case since I was already hooped I gave the command a try, and it ran just like his…

I wasn’t sure if this was enough, then I found this and ran these commands as well…

$sts = Get-SPServiceApplication | ?{$_ -match "Security"}

after a reboot, all of a sudden Get-SPSite was working again!

SharePoint User Full Control – Site has not been shared with you

I’ll keep this one short. After my recent SharePoint migration (ahem, 1 web app out of 6 I have yet to complete), I noticed my standard user account was not able to add pages to my new 2016 site. A little different then this Blog post about unable to edit, however the fix was exactly the same.

  1. First ensure you have site collection admin rights on the site collection in question.
  2. Load the site with this account (I noticed there’s only logout, and no longer sign in with another user under the user hamburger menu, so open a browser as the user with site collection admin rights).
  3. Go to Site Settings -> Master pages and page layouts
  4. In his case, as well as mine then library had unique permissions (not sure why I have yet to log into my old SharePoint page and see if it was like this from before the migration). Simple make it inherent permissions from the root site.

I was able to find this info from TechNet. I’m on there quite frequent, feel free to check out some of my posts. 😀 Maybe there’s a way I can add my TechNet profile to the word press social links. 😀 stay tuned.

SharePoint 2010 Managed Service Accounts

The reason for this blog post was due to a domain migration which involved a SharePoint 2010 server. These were the symptoms, and all the steps I took to resolve them.

To start ensure you have set a new farm admin account.

E.G. stsadm -o updatefarmcredentials -userlogin domain\farmadmin -password PASSWORD
This is of course under the sharepoint bin directory and wont be part of the servers default path.
All Tasks moving forward will be done with this account (in my case the account has local admin rights as well as being the sharepoint farm admin permissions)

You might have come across an error such as this when working with SharePoint. Might have been from an admin removing a service account in AD, or in my case a whole domain change.

Image result for Error-Removing Managed Account

If you’re new to SharePoint you might simply panic before thinking and simply google and you might come across this.
Which sadly leads to a dead end. The reason his leads to a dead end while others have answers I’ll get to soon.
Next the simple thing you’d figure is to do as it says, reconfigure the service to run under a different account. To your dismay you discover the Central Admin page to make this change gives you this!

You might be thinking you’re in a catch 22 here. But fret not, when in doubt PowerShell. I love PowerShell and it only keeps getting better, in this case it’s our savour.
Remember when I stated that SharePoint link was a dead end. It was a dead cause there are different component types, 4 to be exact and I’m gonna tell you how to fix them all! With Sources!
First up the 4 different types!

1) Service Instance:

	Cmdlet:		Get-SPServiceInstance

	Use the comdlet to list all SharePoint Service instances, mark the ID. Place the service instance into a variable.

	E.G.		$WindowsTokenService=Get-SPServiceInstance -Identity ServiceGUID

	Once you have the variable, it should have a bunch of subclasses. In this case .service.ProcessIdentity. You can see it attributes by typing.

	E.G.		$WindowsTokenService.service.ProcessIdentity

	It should display the service account used to run the service. Simply change it via

	E.G		$WindowsTokenService.service.ProcessIdentity.Username="Domain\NewServiceAccount"

	*NOTE* This accuont needs to already be registered as a serivce account in SharePoint, either via the Central Admin page or Powershell.
	Then call the object'ssubclass update and deploy methods.

	E.G.		$WindowsTokenService.service.ProcessIdentity.Update()
	E.G.		$WindowsTokenService.service.ProcessIdentity.Deploy()

	That's it for basic SharePoint Service Instances.

2) Service Applications:
	Cmdlet:		Set-SPServiceApplicationPool

	The funny part about SharePoint Service instances is theres no Set type powershell comdlete for it. Thus the cmdlet used was a Get cmdlet.
	The funnt part about Service Applications is not to use the ServiceApplication cmdlet, but rather the ServiceApplicationPool cmdlets.

	E.G		Get-SPServiceApplicationPool -Identity SercurityTokenServiceApplicationPool | Set-ServiceApplicationPool -Account "Domain\NewServiceAccount"

	Don't forget to do an IIS reset. Then running the Get-SPServiceApplicationPool cmdlet the service application should have a set PrcoessAccountName.

3) Content Applications:

	Cmdlet:		[Microsoft.SharePoint.Administration.SPWebService]::ContentService.ApplicationPools | ft Name

	Yeah you read that right, there's no direct PowerShell cmdlet for this one. You got to go deep... real deep. Anyway run the cmdlet to list all Content Applications.
	Once you have determined the one you need to change the service account for place it in a variable.

	E.G. 		$SPAppPool=[Microsoft.SharePoint.Administration.SPWebService]::ContentService.ApplicationPools | where {$_.Name -like "My Content App Pool Name"}

	Calling this variable will result in an output very similar to a Service Instance's Service.ProcessIdentity subclass. So you guessed it.

	E.G.		$SPAppPool.Username="Domain\NewServiceAccount"
	E.G.		$SPAppPool.Update()
	E.G.		$SPAppPool.Deploy()

4) Search Service:

	Cmdlet:		Get-SPEnterpriseSearchService

	Yup believe it another Get cmdlet to make a change, where are these Set counterparts you may ask, well that's a good fucking question. We should ask Microsoft.
	Anyway, if this hasn't annoyed you enough already chances are you haven't been a SharePoint admin for long, cause it's a rabbit hole. So to finish up here.

	E.G.		$SSS=(Get-SPEnterpriseSearchService).get_ProcessIdentity()
	E.G.		$SSS.Username="Domain\NewServiceAccount"
	E.G.		$SSS.Update()
	E.G.		$SSS.Deploy()

General SharePoint 2010 Managed Service Accounts
Service Instances Source
Service Application Source
Content Application Source
Search Service Source

Once the Get-SPServiceAccounts shows all good on password expiry and no bad accounts exist, there should be no issues opening the Configure Managed Service Accounts section in Central Administration page of SharePoint 2010.
Happy Configuring. 🙂

To Paraphrase:

0) There is no way to paraphrase this.
1) Don’t break SharePoint.
2) Don’t break SharePoint.