Cannot use SharePoint feature to deploy content types using content type hub functionality when using XML elements

*** Update 11/05/11 ***
Over the last few weeks I have been contacted regarding this post and had contradicting reports that you are in fact able to create a feature to deploy content types to a content hub without the need for the feature to be enabled on each subscribing site collection.
My original issue experienced was also replicated by others once I’d posted this issue so this seems a strange one as since both of us are unable to recreate the issue.
Upon retesting the issue I can confirm that you are able to deploy a feature to a content type hub without the need to enable the feature on subscribing site collections.
Thanks to Chakkaradeep Chandran for following up on this and feeding back his findings.
*** Original Post ***
I’ve recently stumbled across a restriction of using the content type hub in SharePoint 2010 and I am a little surprised by its behaviour. From a quick search around there was very little discussing this so thought I’d post a blog on my findings.
So the plan was to leverage the new content type publishing feature in SharePoint 2010 alongside programmatically deploying site columns and content types using a feature to simplify deployments. Admins and developers of MOSS 2007 will recall that to deploy content types to multiple site collections easily required a feature creating with the necessary customisations. A downside to this was that every time you needed to update the content type you had to redeploy the feature with the updates.
An assumption on my part with the new SharePoint 2010 hub was that when you create a feature to deploy content types all you needed to do was to enable that feature on the content type hub and publish this out to subscribing site collections. Unfortunately it doesn't seem to work this way as subscribing site collections do not receive the published content types and looking at the error log on the receiving site collection states that it it requires the custom content type feature to be enabled which defeats the object as we will be back to the MOSS 2007 scenario mentioned above.
So some thoughts around options available to use to deploy content types to the content hub for successful publishing:
  • Raise it with Microsoft
  • Create a PowerShell script that can receive a maintainable XML input file to update the content types on the hub.
  • Not sure if this is possible but if the feature could be enabled on the subscribing site collection and have a dependency on the ‘Content Type Hub’ feature before deploying the content types.
Thanks to Chris O’Brien for confirming this for me on Twitter. As always I welcome your comments / feedback / findings on this.
*** Update 30/11/2010 ***
After posting my blog entry a great SharePoint community member Nick Hadlee posted a comment with his initial thoughts / frustrations and kindly shared further finding’s based on a quick test he carried out.
So to explain further the way the feature I described above was deployed was using an XML file which requires no code.
Nick pointed out that if you created a code based deployment of the content types using a feature receiver this works. This is effectively the same as using the UI to enter content types / columns.
So to conclude there is a workaround to deploy content types using a feature however this requires coding rather than the XML format.
I did have a thought around enabling the feature on all site collections and then seeing if any updates from the Hub were published however I’m sure this will get messy in the long run as updates and changes are applied.
Credit to Nick Hadlee for his input and also my client who I’m currently working with who has helped in investigating this.
*** Update 10/01/2011 ***
Nick Hadlee has thankfully posted his workaround which can be found here. Again thanks Nick for following this up and hope its useful.

Video and Audio option not available on Ribbon for SharePoint 2010 site

If you’ve created a team site and want to add video’s to your site with Wiki page feature active as the homepage (add text directly to the page you are editing without the need for a web part). You will notice the Video option is not available on the Ribbon.


To enable adding video and audio on the page simply enable the publishing feature at site and site collection level and when you re-edit the page you will notice that the Video and Audio option is available. 


Hope that saves you some time.

[Updated] Side effects of attaching additional SharePoint 2010 servers to the farm using PowerShell

Over the last few weeks I have been implementing various SharePoint environments for clients such as PoC’s, Dev, Pilots to name a few. All these environments have been single server farm deployments which I have found the community autospinstaller PowerShell script useful in configuring the majority of the install.

Now the challenge comes when you want to add additional servers to the farm. Initially the version of the installer script used had an issue where the logic for joining the farm worked but for some reason did not enable relevant features / services (osearch), I later discovered this when trying to add the query role to the new addition to the farm only to find that I could not select the server from the drop down in the UI.

After resolving this issue the new server did appear in the drop down but this is where I hit another issue and this is where I am currently at but read on for my findings and workaround.

So at the stage when I’m trying to assign the query role to the additional server in the farm using PowerShell the script just hangs, likewise if I try to assign the role via Central Admin I experience the same behaviour.

After many a roll back of VM snapshots I found the unlikely issue to be related to joining the farm using PowerShell. All PowerShell commands have been executed as per the TechNet article: and THE SERVER WILL JOIN THE FARM SUCCESSFULLY! Yes that's correct the server will join the farm with no errors. This is why it took so long to diagnose the farm attach as the problem as it didn't fail!

So how did I find this out? I simply added the server using PSConfig (The grey wizard as its known) and assigned the query role via Central Admin and all worked fine.

I have raised this issue with Microsoft and after a week and a half they have managed to experience the same issue. I’m currently working on the issue with them however in the meantime I would suggest adding the additional servers to the farm using PSConfig and then running PowerShell scripts again.

Users of the script may have not come across this issue yet as SharePoint 2010 RTM is only just over six months old and most environments being deployed are in preparation for a production 2010 build and those who have SharePoint 2010 in production may have built the server via the UI. Development environments may also have relaxed security even if a multi-server farm has been installed where the install account may have been a domain admin which may bypass these issues (be happy to hear your experiences on this).

As well as failing to assign search roles to additional servers, another issue I have discovered is deploying solutions. Deploying solutions to the new servers hangs and fails to deploy successfully.

Background to my environment:

  • Windows 2008 R2, SQL 2008 R2.
  • A specific install account was used to create the farm (not the Farm account)
  • The install account is NOT a domain admin
  • The install account is only admin on the local SharePoint servers
  • The farm account is not local admin or domain admin on SharePoint / SQL / AD servers
  • AD is on a separate server
  • SQL service account is running under a separate account to any of the SharePoint services
  • The search account is a dedicated search account (and so is the service application pool account (separate to the service account))

I will update my blog with progress. Credit also goes to my colleague James Brennan for assisting with this issue.

*** Update 17/12/2010 ***

After weeks of emailing back and forth with Microsoft Support I have now had confirmation that a hotfix will be created to address the issue, no timescales for the fix have been provided at this stage.

*** Update 23/03/2011 - Workaround ***

Contrary to the update on 17/12/2010 I have now received confirmation of a workaround to the issue.

The resolution is really simple. Basically after following the steps to add an additional server to the farm from the TechNet website there is a step missing where the SharePoint 2010 Timer (Job) (and Possibly the Admin Job) windows services require starting manually.


Once you start the service and wait a short time you should then successfully be able to assign server roles to the new addition to the SharePoint farm.

Next steps are that I have requested that this additional step to start the SharePoint 2010 Timer service is added to the TechNet article (

More information

Another symptom experienced when attaching new SharePoint servers to the farm is that when you try and assign the query role via the user interface you receive the following error:

‘The path must point to a fixed, NTFS drive whose root directory exists’

I also stumbled across a blog by Abdul where he has a different solution to resolving this using Repair-SPManagedAccountDeployment.which I’m guessing also starts the Timer service along the way.

Adding search scopes to site collections in SharePoint 2010

In MOSS 2007 you were able to hover over the search drop down and take you to the option to add new SSP defined scopes to your site collection. In SharePoint 2010 they’ve removed the hyperlink from the group.


SharePoint 2010 search scopes are configured in pretty much the same way as in MOSS 2007, the only difference being the SSP has now become a Service Application although the Admin UI is the same.

Once you’ve created your scope in the Service Application as you did in MOSS 2007 navigate to the search scopes settings in the site collection and instead of clicking on the name of the group click on ‘Display Groups’ (circled in blue above) and this will then give you the link to the group to administer the scopes you want to add.

Not sure why this has changed as it simply adds more clicks to achieve the same result, perhaps this is an issue with the style that has not been picked up yet?

Published Content Types not replicated to subscribing SharePoint 2010 blank site template site collection

I discovered an issue which was documented in a blog by Wictor Wilen regarding using a blank site template and fell into this trap myself as there seems no point turning on lights on a site collection that will only be used as a content type hub (Turning on lights would allow anyone to think it was somewhere to put content right?).

As I’d already created the site collection with a blank site I wanted to understand what exact feature was missing.

So the problem is that if you create a subscribing site collection blank root site then published content types aren't replicated to the newly created blank site collection. I’d made sure all the timer jobs related to the content hub we’re run but no luck.

I stumbled across a post which didn't specifically relate to the issue to but I had a feeling I was in the right place.

The feature is called TaxonomyFieldAdded and by querying a blank site you will notice this is not enabled whereas on a Team Site it is.

So I enabled the feature by running the following command from PowerShell:

Enable-SPFeature -Url "<enter url here>" -Identity "73EF14B1-13A9-416b-A9B5-ECECA2B0604C"

Almost instantly the published content types appeared in the blank site collection.

Why after I enable the Document ID Service Feature do I not see Document ID's on my documents?

I got caught out when enabling the Document ID service for SharePoint 2010 trying to understand why instantly after enabling the feature my documents did not have unique ID's so I thought I'd write a quick blog on how to do this.

Navigate to the site collection that you require the Document ID Service to run on and activate the Site Collection Feature as shown below.


Again from Site Collection Administration navigate to Document ID settings as highlighted in red below:


From this section you can provide a predefined document ID naming prefix to suit.


If you have existing documents in the documents in the site collection there is also the option to reset all the document ID's with the new naming prefix.

So at this stage you would assume that the document ID's are there when you visit a document center after enabling the

settings above? Wrong! Although this feature has been activated the process of assigning the ID's to documents has not yet been run and this is carried out via a SharePoint Timer Job.

Navigate from Central Admin to monitoring then click Review Job Definitions.


From the list here make sure the correct web application is selected in the top right.


Then run the Document ID enable/disable job. This basically propagates changes to content types across all sites after the Document ID feature has been reconfigured.


Once this Timer Job has run (depending on how many content types you have created should not take long) you then need to run the Document ID assignment job which will assign document ID's to all items in that specific Site Collections.

SharePoint 2010, Administrator Pro 70-668 Exam Passed

I passed another SharePoint exam Monday and I’m now a MCITP – Microsoft Certified IT Professional.

Again I had a few people ask how did I study for this and the same material applied as to my 70-667 blog.

So my next steps are to take the SharePoint 2010 dev exams – yes you read right! I think PowerShell has refreshed my memory of my days of coding C for DOS (That sounds old!) and thought I’d delve into the dark side.

Good luck if you’re taking yours!

SharePoint and Exchange – better together?

I just wanted to share some thoughts I have had since attending TechEd back in 2009 and have been meaning to blog about this ever since.

Walking around the exhibition hall I stopped by the Exchange stand and had a quick demo of some of the new features of Exchange 2010 which had been released at TechEd during the Keynote. I was interested to see that the Exchange product had functionality for users to update their AD information which had been something that had been lacking from SharePoint functionality. I asked how this was achieved and it was by directly writing back to AD.

Roll on to the SharePoint 2010 release back in April this year and was pleased to find that SharePoint also has update AD functionality although this works in a different way as it replicates the AD information into a SQL DB then writes back the information from SQL to AD via FIM (Forefront Identity Manager).

It made me think ‘why don’t the Exchange team and SharePoint team work together to provide a consistent solution?’. Possibly due to internal competition who knows.

So why Exchange and SharePoint better together? Well as SharePoint now has service applications I see no reason why Exchange can’t be one. Previously there was talk of Exchange mailstore edb files becoming SQL DB’s but this never materialised, possibly due to performance of SQL compared to hosting on the file system. Well now SharePoint 2010 / SQL 2008 has RBS functionality along with service apps this should go some way to addressing the performance of using SQL whilst still keeping the mailstore files on a file system.

With email tightly integrated into SharePoint all the same rich functionality can be applied to email management whilst retaining a single centralised web based management tool.

So will it happen, we’ll have to wait and see…

SharePoint 2010 Configuring 70-667 Exam Passed!

This is the first blog I’ve wrote in a while and long overdue! I’ve been a little busy over the past couple of months. One of the reasons for being busy was studying for my SharePoint 2010 exam.
I sent out a tweet after passing my exam and was asked if I had any tips. Unfortunately due to my NDA I can only point you to the exam page where a full list of the skills measured can be seen.
How did I study I hear you ask?
Well firstly I installed SharePoint 2010 a few times and got to know the user profile service very well! Which led me into the new Service Apps layout and functionality nicely. This led to lots of playing with central admin and SharePoint generally.
Following on from this I ran through all the virtual labs some were very good, some were not so good. The labs can be found here
I also read a lot of articles on TechNet Now that SharePoint 2010 has been released a few months content is starting to become populated with the right level of detail.
I’ve now become addicted to podcasts as well. I drive to work or sit on the train and radio in the morning just irritates me (I wont get personal). I listen to a couple of excellent podcasts and would strongly recommend if you are a SharePoint enthusiast you do the same. The podcasts are:
Finally I purchased the book SharePoint 2010 Administrator's Companion from the Book Repository as Amazon kept delaying my order.
Taking the exam
Currently Prometric / Microsoft are running a free second shot offer if you buy a pack of 2 or more exams This offer runs until June 2011 so there's plenty of time. I’d highly recommend this as it gives you that extra security and takes the pressure off you to pass first time round without having to put your hand in your pocket again.
Additional resources
After running through all these virtual labs I found a heap of other resources which you may find useful:
SharePoint 2010 Advanced IT Admin Virtual Labs – (Videos can be downloaded to view offline here)
SharePoint 2010 Developer Virtual Labs
SharePoint 2010 Advanced Developer Labs and more
Also SharePoint user groups are a great way of people interested in SharePoint getting together and sharing experiences.
The UK SharePoint user group can be found here or search for ‘SharePoint User Group’ to find one in your country / area.
(Updated 19/05/11) Sample exam questions for the exam can be found here
Just to conclude exams do help in benchmarking skills against recognised accreditation, however the real skill with SharePoint is knowing when to use what you know and where. Unfortunately exams can only teach you so much the rest is down to real world experience.
With thanks to Marc Molenaar for sharing his thoughts and views on passing the exam.

How to detect broken links in SharePoint 2010

I’ve been doing some digging over the last week as to an easy / free way to detect broken links in SharePoint 2010. This approach uses Google Analytics for the SharePoint site whether external or internal facing. To setup Google Analytics for SharePoint  see my previous blog explaining how to implement this.

So the next step is to add the code supplied from Google here to the SharePoint 404 page. This will track how many times the page was hit and also the referring page (the Google article explains this in more detail). It is worth noting that for the code to run requires the client pc’s to have internet access, SharePoint servers do not.

The downside to this approach is that you have to wait for users to actually hit the page before knowing where the broken links are, therefore this scenario may not be ideal for every scenario as you may want to find broken links before your users do!

From a brief scan of the internet another tool worth looking at is the Search Engine Optimization (SEO) Toolkit which can be downloaded here and can be installed on client pc’s to avoid server installs. A blog by Tristan Watkins of using this with SharePoint can be seen here.

SharePoint 2010 user profile property fields disabled after full farm restore

I received this error on a SharePoint 2010 full farm restore when trying to access the Managed Metadata Service application. The farm was a single server with local SQL installed.

I originally received an error relating to  certain user profile properties stating:

There was a problem retrieving data for this field. Updating values in this field is disabled temporarily. You can still update values in other fields

I found a blog article by Wictor Wilén which pointed me in the right direction and when I clicked on the Managed Metadata Service I received the error:

The Service Application being requested does not have a Connection associated with the Central Administration web application. To access the term management tool use Site Settings from a site configured with the appropriate Connection


I discovered the reason for this error was due to the restored service applications not being associated to the default Application Proxy Group (as they were before the restore).

Navigating to Central Admin->Application Management->Configure service application associations and re-adding the service application back into the group will resolve the issue.

Synching custom Hotmail domains onto iPhone

Following on from a previous blog I talked about hosting email with hotmail but still keeping your custom domains for free.

If you try and sync your custom domain on the iPhone mail it will not recognise the settings and ask you to enter the pop / smtp settings which I couldn’t find documented anywhere.

So here’s what you need to do (assuming this is your first mail account).

  • Tap mail
  • Select other
  • Enter your name email address and a description. This will not detect your settings and on the next screen you will need to enter the information manually.
  • For incoming mail server enter:
    • Host Name:
    • User Name: ‘Your custom Hotmail address’
    • Password: ‘Your password
  • Outgoing mail server:
    • SMTP:

Thats it! Your custom hotmail is now synch’d.

My Site and My Profile links missing from SharePoint 2010

If like me you’re trying to find out why My Site and My Profile links are missing from the drop down.


A couple of things you need to check:

  • You have a valid My Site Host location setup to accommodate mysites.
  • Your search crawl account has access to the user profile service application (see George Khali’s blog) and has carried out a full crawl checking no errors are showing for access denied to the mysites web app / site collection.
  • Check that if you enter the web app url manually you are able to gain access to your mysite.

Once you’ve carried out a full crawl then run an iisreset the to links should appear (They did for me anyway!).

Editing out of the box approval workflow to allow single user in parallel to approve item in SharePoint 2010

I was recently asked if the out of the box approval process for SharePoint 2010 allowed for individuals to approve documents when an item was sent for approval to a group of people individually which they wanted the flexibility to change each time without relying on the server team to keep adding users to an AD group.

At this point it is worth noting you can achieve what I am about to describe a lot easier if you have all users in one AD group and do not assign a single task to each user. In my case this was not achievable as the client wanted flexibility to add and remove suggested approvers adhoc (assuming they have the approval rights!).

So something always to consider when setting up approval process (or any workflows for that matter) is planning for the ‘what if’s’ and what I mean by that is if you have a rigid approval process where one person is the designated approver – what happens when they go on holiday (or leave)? So my point here is if you leave a little flexibility in your workflow it will give you the room to achieve the end result without lots of pain or reverting to non SharePoint methods of achieving your goal.

So back to the point of my post to my surprise I couldn't find a way to achieve parallel 1 user approval (when multiple people selected to approve) using the SharePoint 2010 Approval workflow.

SharePoint Designer to the rescue, and before you panic there's no code just some tweaks required.

Firstly what you need to do is open SharePoint Designer 2010 (if you don't have this you can download this for free from Once opened navigate to the site you want to apply the workflow to and simply click on workflows on the left hand side as shown below.

image .

Right click on ‘Approval – SharePoint 2010’ workflow and select copy and modify. Rename the new workflow to something suitable which in my case I called 'Parallel 1 User Approval Workflow’.


Leave content type as all and click ok. Click save from the menu and you will now see your workflow appear in the left hand column (under reusable workflow..


Click on the newly created workflow from the menu.


Click ‘Edit workflow’. You will be presented with Step 1 as shown below:


Click on ‘Approval Workflow Task (en-US) Copy’


I renamed the Task above to ‘Parallel Approval Workflow Task’. I appreciate the menu’s all look a bit the same but do bear with me. So the next step is to click on ‘Change the completion conditions for this task process’.

Now the next screen may look a little intimidating but it’s fairly simple to change!


The next step here is to remove a couple of lines and edit one of the conditions. Simply remove the first 2 conditions from the process by hovering over the drop down and selecting ‘Delete Condition’ as shown below.


Once you have removed the first two conditions you should have a process like below:


Notice that there is a ‘Insert a condition’ at the top. What need to do here is recreate the condition of the first If statement with a slight change, Before we do this we need to arrange the outcome conditions as shown below by moving them up and down until the are at the same level as shown below:


Click on ‘Insert a condition’  then from the menu on the ribbon select condition drop down and this is the important part select ‘If taks outcome equals value’ as shown below.


Next click on the field tab and select ‘Number of Approved’ and in the field value enter 1. So the statement should read:

If Tasks Process Results:Number of Approved equals 1.


So what I have basically changed is how many approvers it takes to meet the condition before setting the document to approved by basically setting the count to 1. Therefore as soon as one approver has approved the document this condition passes and the document gets approved! The great thing here is that all other tasks assigned to other approvers automatically cancel.

Once you have edited your workflow click save and don't forget to publish! If like me you’re running this off a VM on your laptop this may take sometime! If it fails on the first attempt try again.

You will be prompted with an error shown below regarding creating visuals just click ok.


Once you’ve published the workflow back in the browser from the list you want to apply approval, create a new workflow noticing the new workflow appears in the selection list.


Make sure at this stage that content approval is set to on for the list you are about to apply this workflow to. Select the new workflow saved in SharePoint Designer, select the options as shown above giving your workflow a name and click next.

The main point of this exercise is to create a parallel approval workflow so make sure this option is selected from the drop down and also add at least 2 people for the purpose of proving it works correctly.

On the second page make sure when creating the workflow on the list to check the box ‘Update the approval status….’ as shown below:


Next step is to apply the workflow to an item that is in a draft state. Click workflows from the list and select ‘Single Approver Parallel Workflow’.


Click start leaving the defaults.


So now back on the list (in my case a pages library) notice the workflow showing ‘In Progress’


Click on the ‘In Progress’ link and this will show you tasks assigned to Paul and John.


The quickest way to approve the item for test is to approve the document on behalf of the user for the purposes of this test. Click on one of the tasks assigned to the user and click approve. A popup should appear to allow you to approve the item, click ‘Approve’.


Once one of the users has approved the item you should see the workflow progress page as completed (you may need to refresh the page) and the task cancelled next to the approver who didn't get chance to approve the document - see below.


And that's it you’ve now got a parallel approval workflow where only one of the members needs to approve.

As you may know if you’ve reached my blog post there is little documentation on how the workflow works under the hood so I hope you’ve found my post useful.

SharePoint 2010 User Profile Service fails to start

So after many an hour of playing with this I wanted to share how I managed to resolve the issue of starting the User Profile service.

Couple of things to make you aware of early on:

  • This is not a conclusive guide on how to setup user profile service application
  • I used to the SharePoint Farm account to start the service (other accounts fail)
  • The User Profile Service Application was run under an application pool account under a separate AD account
  • SQL on the same server
  • Windows 2008 R2 with hot fix for WCF (KB976462)
  • I ran the wizard to install SharePoint 2010 (creating the user profile service application for me)

So following a series of excellent posts from Spencer Harbar on setting up and providing the correct permissions for the user profile implementation to succeed I hit an error where i couldn't start the user profile service, well I could but it wouldn't stay in a state of ‘started’ for long. Trawling the event viewer application logs 2 noticeable errors were showing each time I attempted to start the service these were:

Event ID 6306 - FIMSynchronizationService

The server encountered an unexpected error while performing an operation for the client.
"BAIL: MMS(7132): mastate.cpp(3117): 0x80230622 (A management agent with this name already exists.): MA directory cannot be created because it is already in use by an existing MA: C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\MaData\ILMMA
BAIL: MMS(7132): mastate.cpp(1637): 0x80230622 (A management agent with this name already exists.)
BAIL: MMS(7132): server.cpp(964): 0x80230622 (A management agent with this name already exists.)
Forefront Identity Manager 4.0.2450.5"


Event ID 3 – Forefront Identity Manager

Microsoft.ResourceManagement.ResourceManagementException: Exception from HRESULT: 0x80230622 ---> System.Runtime.InteropServices.COMException (0x80230622): Exception from HRESULT: 0x80230622
   at MIISRCW.IMMSServer.CreateMA(String pszMADataXML, String& ppszUpdatedXML)
   at Microsoft.ResourceManagement.SyncConfig.CreateMA(String maData, String& returnString)
   at Microsoft.ResourceManagement.ActionProcessor.SyncConfigActionProcessor.Create(String typeName, IList`1 createParameters, Guid creator, Guid cause)
   --- End of inner exception stack trace ---

After hours of changing security permissions and adding users to different groups to try and resolve this I finally made a breakthrough!

To resolve this issue what I did was delete the User Profile Service Application from the Service Application page and recreated it. IMPORTANT recreating the user profile servie application  with exactly the same name will result in these errors reappearing so I advise that when recreating you give the service application a different name.

Reading between the lines it looks as if somewhere in the configuration it thinks that the user profile service application is either already started and therefore fails when attempting to start it with exactly the same name.

I really hope this helps you out as this one was really frustrating for me!

Related articles worth reading

System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated – Trying to access Configure Service Account in SharePoint 2010

***UPDATE 29/06/2011 ***
I’ve just noticed that Microsoft have resolved this issue in Service Pack 1 see item 284 in the following spread sheet provided by Microsoft Download the Microsoft SharePoint 2010 and Office servers Service Pack 1 Changes.xlsx.

Following on from a previous blog where I was testing the access a sandboxed service account needed to run the service I created a test account to figure this out. Following on from this I wanted to tidy up my install and delete any unused accounts.
From AD I deleted the account from the service accounts OU. Now afterwards this is easy to realise but what I should have done is delete the service account from the Configure Managed Accounts section first but I didn’t on the assumption I could do this afterwards (In honesty I forgot!).
So a couple of hours passed not thinking about this I tried to access Configure Service Accounts in central admin but was prompted with a nice error as shown below.
I spent about 1/2 day trying to figure out what was causing this asking myself what had been changed since this error appeared, its also worth noting that the error didn't start appearing straight away which leads me to think its a timer job that triggered the change. On a side note I also noticed that the Forefront Identity Manager Service and the Forefront Identity Manager Synchronization Service had both stopped.
I couldn’t find anything of any significance on the web regarding the error ‘Some or all identity references could not be translated’ most of the entries out there referred to either password changing or starting again.
Checking the logs (default location C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS) and noticed 2 lines related to my Correlation ID error.
06/11/2010 10:33:45.80     w3wp.exe (0x1434)                           0x01D4    SharePoint Foundation             Runtime                           tkau    Unexpected    System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.    at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)     at System.Security.Principal.NTAccount.Translate(Type targetType)     at Microsoft.SharePoint.Utilities.SPUserUtility.AccountNameToSid(String accName)     at Microsoft.SharePoint.Utilities.SPUserUtility.IsLocalAccount(String loginName)     at Microsoft.SharePoint.ApplicationPages.FarmCredentialManagementPage.HandleLocalAccounts()     at Microsoft.SharePoint.ApplicationPages.FarmCredentialManagementPage.OnLoad(EventArgs e)     at System.Web.UI.Control.LoadRecursive()     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPo...    1e9a974d-66a0-42ca-b2ac-28b864d42f0a
06/11/2010 10:33:45.80*    w3wp.exe (0x1434)                           0x01D4    SharePoint Foundation             Runtime                           tkau    Unexpected, Boolean includeStagesAfterAsyncPoint)    1e9a974d-66a0-42ca-b2ac-28b864d42f0a

There was also a warning in event viewer logged as Event ID 1309.
As I mentioned earlier I suspected a Timer Job was running that caused the delay in me receiving this error and as part of my testing I attempted to manually run the timer job ‘Password Management’ but this logged an error in the event logs as shown:
The Execute method of job definition Microsoft.SharePoint.Administration.SPPasswordManagementJobDefinition (ID cc5a6873-5ab6-4475-b0e8-b385c3b1618c) threw an exception. More information is included below.
Some or all identity references could not be translated.
Scratching my head I thought what if it is down to an account that I deleted from AD that isn’t running any services but is part of the Managed Accounts?
I tried to delete the account from the managed accounts page but received the same error prompt.
I recreated the account in AD (obviously appreciating that it would have a new SID) and cheekily tried (running an IISRESET first) to see if this would resolve the problem (knowing that it probably wouldn't) it didn't!
So my next thought was to try assign the newly recreated account and SID with the one referenced in SharePoint and ran the command:
stsadm –o migrateuser –oldlogin domain\serviceaccount –newlogin domain\serviceaccount -ignoresidhistory
**NOTE** Making sure that the oldlogin and the newlogin were exactly the same user and domain.
After running the stsadm command and re-running ‘Password Management’ timer job, followed by a user profile import (incidentally I had to restart the user profile import service on the server) I was finally able to access the Configure Service Accounts section with no error.
I appreciate this may not happen often in the field however I’m sure when the AD guys are looking to clear up unused service accounts this may have an impact.
I have managed to recreate the error and logged with Microsoft – will keep you posted.
*** UPDATE 07/09/2010 ***
After various discussions with Microsoft support they were unable to replicate the exact error. The error found in MS test environments was a little more user friendly but still it proves there is an issue.
The error received from Microsoft when performing the action is shown below:
“An error occurred while getting information about the user user1 at server The user name could not be found”
Ok so my thoughts were (and I shared this with Microsoft) is yes the error is a little more user friendly however you still receive an error when trying to access the managed service account page that will not allow SP admins to perform modifications to managed service accounts after an unused account is deleted.
The outcome was that as Microsoft were not able to replicate ‘the exact’ error message a formal bug is not going to be raised although the issue has been submitted to the Microsoft SharePoint product team.
I’ve since recreated this error to match the one Microsoft have experienced on their environment and I still suggest this is a bug with SharePoint 2010.
I haven't tested this with either June 2010 or August 2010 cumulative updates to see if this has been fixed under the radar – feel free to leave me a comment if you find anything further.

Creating an Enterprise Search Center on a SharePoint 2010 Team Collaboration site

Whilst recently creating a site collection with a team site template I attempted to create an Enterprise Search Center only to be presented with an unexpected error as shown below.


The reason for this is you need to activate the SharePoint Server Publishing Infrastructure feature on the site collection.


You then shouldn’t be presented with this error!

Starting The SharePoint 2010 Sandboxed Code Service

Following best practice of least privilege I was in the process of starting up all the services on my new SharePoint 2010 Farm under separate accounts.

From Central Admin->Security-> Configure Service Account I selected the Windows Service - Microsoft SharePoint Foundation Sandboxed Code option from the drop down and added my newly registered account (Lets say SP2010_Sandbox).


You must change the service account assigned to the service before starting the Sandboxed Code Service (This makes life a lot easier!)


After configuring the service account for Sandbox I navigated to Central Admin->Application Management->Manage Services on Server and started the service. From here everything looks fine and the service indicates started.


However navigating to services mmc and looking for the service SharePoint 2010 User Code Host had stopped.


To resolve this I had to add the sandbox service account to the local admin group on the server, then stop the service from Manage Services on Server then click start and the service started fine. I'm sure somewhere there is more detail on the exact security permissions as having this service account in the local admin group is not ideal.

At the time of writing the only documentation I could find to support this

I’m Married - My Wedding Story

Key West Sunset Taken by me I don’t normally write about myself on my blog or talk about myself publicly, however reading  other peoples blogs / tweets I don’t think it’s a bad thing to know a little outside of the reason people follow me on twitter and read my blog.

I’m really writing this blog so in years to come I can look back and reflect on what a fantastic time I had.

After a year of deliberating on where to get married we finally decided on Orlando, Florida – USA, more specifically the Hyatt Regency Grand Cypress.

We invited 35 family and friends from the UK to join us on our special day and to our amazement every single person who we invited came.

As we had so may people out with us at various times during our three weeks out in Florida we created an itinerary of where we would be and when (thank God we did!).

We achieved (and I have no idea how) 6 theme parks in 6 days leading up to the wedding leaving us only the day before the wedding to relax which never happened.

We did the following theme parks during our stay:image

  • Day 1 – Seaworld
  • Day 2 – Hollywood Studios
  • Day 3 – Epcot
  • Day 4 – Aquatica
  • Day 5 – Busch Gardens
  • Day 6 – Universal Studios
  • Day 12 – Magic Kingdom

The wedding day was a fantastic success and we had a great time at the Hyatt. For our honeymoon we headed down to Key West, a nice 400 mile / 8 hour journey but definitely worth the journey for the views.

Following our three weeks out in the States we also had a party back in the UK for all our family and friends back home all in all making our wedding last exactly a month.

Looking back on our fantastic experience our perfect time was only possible with some really great family and friends who without would not of made our time as special a big thank you to them all.

Connections disappear in Synchronization Connections in SharePoint 2010 User Profile Import

*** UPDATE 05/07/11 ***
I noticed that this blog entry seems very popular from the stats I receive and wanted to provide an updated stance on the original blog I posted almost a year ago regarding this issue.

Basically at the time of writing this post there was limited experience and documention out there regarding this and for me the below seemed to work. HOWEVER since then naturally my experience of diagnosing the User Profile service and issues surrounding it and would suggest that if you have the symptoms I experienced below there is something fundementally wrong and the resolution I provided may only be a temporary fix ad the issue may re-appear.

So my advice is to make sure you have fully read and configured your environment in preparation for the User Profile service and if you have this issue still revisit the pre-requisites and make sure you have done EVERYTHING suggested in the link here and troubleshooting here

Finally you need patience! without this you are more than likely going to make a mistake!

Good luck

*** Original Post ***
On a recent SharePoint 2010 install I came up against a strange scenario where a newly created profile connection disappeared from the page as shown below.
I found that this was due to ‘Forefront Identity Manager Service’ had not automatically restarted upon reboot of the server.
Open services.msc snap in locate the ‘Forefront Identity Manager Service’ service and start the service.
Simply refreshing the Synchronization Connections page made the connection reappear.
Sorry - this wont solve all your profile import issues but hopefully helps.

Exporting documents from SharePoint using RoboCopy / RichCopy utility

I was recently asked if there was a way to batch copy files out of SharePoint and be able to log success / failure. There are many tools that import files into SharePoint but not much that does the opposite. So after some thought I looked into using RoboCopy and found a great GUI version called RichCopy which can be downloaded from here

To use this utility with SharePoint you will need to map the document libraries individually to a network drive, for example:

NET USE X: http://sharepoint/documents

Once the individual document library has been mapped you are then able to specify the X drive you have mapped in RichCopy and specify a local directory to copy/move the files to.


Click on options and select the various options that apply for you.


You will notice that when you do export the documents it also exports the forms folder containing allitems.aspx etc. You can filter this folder so this does not copy across to the destination folder by enabling advanced options which also includes logging configuration.

Please note that this solution does not map SharePoint metadata. If this is a requirement then it is advised you look at the 3rd party offerings available to achieve this.

Blocking Access to SharePoint Web Services in an Extranet / External Publishing Scenario

This article discusses a method of blocking access to SharePoint web services from external connections.

To do this you will need a publishing server such as Microsoft ISA Server / Forefront TMG or 3rd party application, I would also strongly advise that if you haven’t planned for such a server then revise your design to include one (preferably 2 for clustering, HA etc..).

So assumptions at this stage are that SharePoint is installed and ready to be published. A further assumption is that you have already created a publishing rule on ISA for the SharePoint Web application you want to publish and it is correctly configured and publishing SharePoint successfully.

The next step is to create a new standard web publishing rule (not a SharePoint rule) and place this ABOVE the SharePoint publishing rule for the main site – remember in ISA the rules are based on ordering.

So basically at this point what we want to do it block access to the SharePoint /_layouts/_vti_bin folder.

Call the Publishing Rule some thing like ‘Extranet Web Service Block Rule’ use the same web listener as that you have published SharePoint with.


Select the Paths tab and remove any entries. Then add a new path as follows:


What this will do is redirect anyone trying to access the _vti_bin folder to the accessdenied.aspx page blocking anyone from connecting to the webservice asmx files.

It is more than likely that the rule will need tweaking for authentication to work correctly so be prepared to spend sometime testing this to get it right.

An excellent post I would recommended around SharePoint Extranet best practices and lockdown is Joel Oleson’s post here.

The purpose of this post is by no way as a step-by-step guide to publishing SharePoint via TMG / ISA but simply a guide to blocking web service access.

The consequences of blocking the web services will certainly impact on functionality of SharePoint externally and it usage and it is advised that such a change should be fully tested to make sure loss of functionality is not experienced by end users. Further tweaking to specific web services can be achieved using path mapping.

Auto Approving Documents in SharePoint Document Library

Ok so this sounds kinda strange right? You ask the question why would you want to auto-approve documents in a library where there is approval set on the document library.

Well my scenario is this, I have project documents some which need approving and then some that don’t. I hear you say why not just have 2 document libraries for this, well I could but I setup some views to group the documents by content types / columns and to avoid customising SharePoint by creating a content query web part with custom XSLT I looked into using a SharePoint Designer workflow to accomplish this.

The other thing to remember here is that I have setup the document library to only show readers major versions of documents to readers of the document library. I also have the require checkout before editing the document enabled. See the screenshot below for advanced settings for the library:


So I have indentified specific content types that do not require approving and need to auto approve these documents. My challenge here is that once the workflow tries to change the document to ‘Approved’ it may see that the document has been modified and then change it back to ‘draft’, the document also needs to be checked out to make this change so this could cause a problem.

So below shows the step I created to attempt to update the approval status.


So here was the first attempt at running the workflow which failed due to the document not being checked out


So adding check out and check in around the update of the approval status is the next logical step.


And this was the error I got – unknown error – very helpful!


So I concluded that the only way to do this was to set ‘Require Check Out’ to ‘No’ under version settings for the document library.


And…. It worked - success!

So to conclude you can’t auto approve certain content types in a document library with ‘Require Check Out’ enabled for the document library. From a business impact disabling this option could result in multiple people editing the same document so this would need to be considered vs. the inconvenience of documents remaining in draft when they don’t need approval.