Great opportunity for Office 365 folks:

office 365.png

Microsoft has  planned and set up 8 different Office 365 Labs webcasts that will be delivered during September and these are the topics that will be discussed in the webcast.

1. Office 365 Labs – Using PowerShell to automate tasks
2. Office 365 Labs – Mastering Azure AD Connect
3. Office 365 Labs – Mail flow
4. Office 365 Labs – Getting the best out of Outlook and Exchange Online
5. Office 365 Labs – OneDrive Synchronization 101
6. Office 365 Labs – Sharing and collaboration with internal and external users in SharePoint Online
7. Office 365 Labs – AD FS and multi-factor authentication explained
8. Office 365 Labs – Exchange Online compliance features (In-Place Archive, In-Place Hold, eDiscovery)

Please use this link below to enroll yourself for these sessions

Office 365 Labs webcasts coming in September

Clearing the myths between Request Management service in SharePoint 2013 and Network Load balancer:

Alright. So the heading of this article would have pretty much given a brief explanation about what this post would be about and hence I’m not going to write a brief introduction session here about this post. I’m pretty sure that a lot of SharePoint Geeks out there have written a lot about Request Management service in SharePoint 2013 and Load balancer configuration for a SharePoint 2013 farm, however there seems to be a lot of confusion among SharePoint practitioners in understanding the difference between these two .I didn’t mean to offend anybody here but the features and functionalities of these two are so similar so that anybody would possibly get confused. So in this post I’ll be explaining what these two mean in detail and how they differ from each other (meaning where the boundary for Request Management service stops when compared to a load balancer).

Now let’s get into the meats and potatoes ….

1. Request Management service in SharePoint 2013 :

For those who are new to SharePoint 2013 or if you’re hearing about “Request Management service”  for the first time , please go ahead and take a look at my blog post on Request Management service .  I’ve given a detailed explanation on what “Request Management service” is all about and how it works. However, to put it in simple words….Request Management service take care of managing  incoming requests by evaluating the logic rules set against them in order to determine which action to take, and which machine or machines in the farm (if any) should handle the incoming requests . Now there’s a lot of mechanism which happens in RM service, please take a look on Spencer Harber’s article on Request Management service to know about that in detail. As always Spencer has did a fabulous job in explaining it on detail.

In addition to this there are couple of other important points that one should be aware of as far as Request Management service is concerned.

  1. Request manager is the first code that runs in response to HTTP requests. It is implemented in SPRequestModule
  2. Request Manager requires the SharePoint foundation web application service to be started on the server.
  • Request manager service should only be started on a server that’s acting as a WFE, else it’s of no use.

1.png

2.Load balancer for SharePoint :

Now as you’re aware high availability in SharePoint is achieved in the web tier level by deploying multiple front end servers to serve web pages and host web parts. A load balancer directs traffic across these servers, monitors health and ensures that the best possible target is used for individual requests. The default SharePoint architecture works in such a manner that any server in the farm which has the “SharePoint foundation web application service “turned on will be acting as a Web Front end server. Hence you can go ahead and turn off this service on a server that is acting as an App server. However, if your servers have enough resources then there shouldn’t be any harm on leaving it on, as in case if you WFEs go down you can let APP server handle user web requests temporarily.

2.png

Now let’s discuss on how they differ from each other so that we don’t get confused by their similar functionalities:

The first thing which we need to understand is that the Request Management service becomes effective only when the user request gets passed the Network Load balancer which takes care of handling user traffic . As you’re aware the NLB is the one which takes care of handling user traffic and if a user’s request doesn’t even gets passed the load balancer then technically it means that the user’s request is not hitting the SharePoint farm where the Request management service is configured .To put it in simple words the user’s request need to pass the 1st gate which is the NLB and only upon the successful completion of that the user’s request will hit the appropriate Web front servers where the Request Management service will be configured . So once the user’s request hits the SharePoint farm then the RM service will validate the request and will then act accordingly. I believe the image below will give you a clear understanding of how this is configured for a SharePoint 2013 farm.

Dedicated mode:

3.jpgIntegrated Mode:

4.jpg

In both the modes you can notice that the user traffic first has to go through the HLB before it reaches the SharePoint 2013 farm where the Request Management service is configured. Now if you’re more curious in understanding the difference between the above said two modes ….In the first mode (i.e. Dedicated mode) you will have a SharePoint farm configured only for Request management service (meaning all the servers in that farm will have only the RM service turned on the WFE’s) .In this mode the SharePoint farm which has the RM service configured will be configured in such a way that it’s kept between the LB and the actual PROD server where the user’s content exist. The second one is called the (Integrated mode) where you will find the RM service being turned on all the WFE servers in the SharePoint farm. The first mode is pretty expensive bearing in mind the license costs and will be mostly used in very large SharePoint farm implementations .The second mode is pretty affordable because in this mode all the WFE servers which are part of the actual farm will have the RM service turned on in it.

To conclude RM service and NLB/HLB are two different things altogether and they don’t suffice the same purpose .The NLB/HLB takes care of sending the user request to the appropriate WFE’s whereas the Request management service takes care of how to handle that incoming request which is sent to the WFE server . Both these are optimal for any successful SharePoint implementation.

Thanks for reading this post …..Happy SharePointing!!!

 

Fix for follow web part broken issue in SharePoint My site:

Alright as mentioned in my previous blog post , we heard back from Microsoft about the fix for this issue and looks like Microsoft will be rolling out the fix for this in October 2016 CU for SharePoint server 2013. So if you’re facing this issue in your environment please wait for October 2016 CU as that should include the fix for this.

Happy SharePointing!!!

foloow 1

SharePoint 2013 –Followed count webpart stopped working in My site:

This post is related to a known issue which most SharePoint professionals might have experienced after patching your SharePoint 2013 farm with August 2015 CU . I hope everyone would agree that it was one of the most expected CU during the time of its release as this introduced the Hybrid search functionality in SharePoint 2013 ( meaning : If you want to deploy Hybrid search between SharePoint 2013 and Office 365 then your farm should be patched with August 2015 CU ) . In addition to that, it also broke some other functionalities and I’ve also blogged about that (please check this link for that) .Now in this blog post we will be discussing about a known issue which we recently happened to encounter in our SharePoint 2013 farm.

The issue which I’m talking about here is something which you might have experienced for yourself when you try to access your SharePoint My site and may be your end users might have reported about this behavior to you. When you try to open the SharePoint My site you would end up getting an error message as shown in the screenshot below.

foloow 1

Now inorder to temporarily get rid of this you can use SharePoint designer and close this webpart so that your end users won’t be seeing this annoying error message when they access their My site. As you already know the “followed count” web part in your SharePoint My site displays all the sites you follow. From here all the sites you follow in SharePoint are just a click away.

As the initial phase of troubleshooting this issue ,we turned on verbose logging and grabbed the logs to understand what was causing this and we found these entries in the logs.

System.NullReferenceException: Object reference not set to an instance of an object.  

 at Microsoft.SharePoint.Portal.WebControls.FollowedCountsWebPart.GetHybridSpoUrl(UserProfile profile)   

 at Microsoft.SharePoint.Portal.WebControls.FollowedCountsWebPart.RenderWebPart(HtmlTextWriter writer)   

 at Microsoft.SharePoint.WebPartPages.WebPart.Render(HtmlTextWriter writer)   

 at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)   

 at Microsoft.SharePoint.WebPartPages.SPChrome.RenderPartContents(HtmlTextWriter output, WebPart part

However, all the possible troubleshooting steps we tried was not getting us any closer to fix this issue. Of course we googled about this and found that this functionality was broken after the August 2015 CU for SharePoint 2013 is installed in your farm but we didn’t expect it to remain the same even after patching our farm with Jan 2016 CU . As we were helpless we decided to open a case with Microsoft premier support and that’s when things started getting interesting. Microsoft analyzed all the logs and informed us that the same behavior was identified for SharePoint online portals too and an internal fix was rolled out by Microsoft sometime around August 2015 and was later globally deployed on September 2015. So SharePoint online users will never see this issue.  But looks like this fix was not involved on any further CU‘s for SharePoint server 2013.  However, the same fix was also applied for SharePoint server 2016 in May 2016 CU for SharePoint server 2016 where the error was something like this ….

FollowedCountsWebPart.GetHybridSpoUrl (UserProfile profile)”

So now the only problem is with SharePoint server 2013 as the fix has not been developed for this yet.  If you take a look at the “Improvement and fixes section” for Feb 2016 CU for SharePoint server 2013 you will notice a fix for a “follow” issue but that doesn’t look similar to our scenario here. That speaks about the “follow” functionality getting broken on a multi-farm environment. Check the screenshot below ….

follow 2.png

But the support engineer said that the same fix should work for this scenario also, however he is yet to check with the PG team on that.  As per the latest update from the support engineer our case is being taken over by the PG team for their review.  I’ll write an update on my blog site once I hear back from Microsoft.

How badly can AV scanning impact your SharePoint farm’s performance?

In this post I’ll be talking about an issue which we recently encountered in one of our customer’s SharePoint 2010 environment. Let me talk about the issue first, then how we fixed it and later the lessons we learned from it.

Issue we faced:

Couple of days back we received huge number of support incidents from users across the globe stating that they were not able to access the SharePoint portal .For some reason the issue was intermittent , the site used to load fine at times and all of sudden it stopped loading . We decided to login to each WFE servers in the farm and identify which was throwing the bad request .Listed below are the steps which we did initially to identify the root cause ….

Troubleshooting steps done by us initially:

  1. Tried loading the problematic site from our end and checked whether we’re able to reproduce the issue from our end.
  2. Once we confirmed that we were able to reproduce the issue we changed the host file entry to point to all the WFE’s in the farm and tried to load the site .This was done to identify which WFE server threw the bad request.
  3. During this process we happened to notice some abnormal behavior in two servers (i.e. WFE1 & WFE 2) of the SharePoint farm .The CPU/RAM utilization in these two servers were continuously hitting 100% and because of that all the requests going to these servers were failing. The server was almost in an unresponsive state.
  4. We took a look at the event viewer and found many entries related to Mcaffee Anti-virus software update process getting failed. Then I opened the Mcaffee console to understand what’s happening and as expected I could find many update failures .I pulled the Mcaffee logs and found many entries related to that.
  5. In addition to that we also noticed entries in the ULS logs about the SharePoint farm trying to run a configuration change by itself and it was also invoking an upgrade process. The w3wp.exe SharePoint worker process was also consuming heavy RAM.
  6. Now given the fact that we noticed so many weird entries in the logs we planned to reboot the server and see if that helped. Any yes it helped and the issue was no more.
  7. However, the server reboot was just a week around and we wanted to identify what exactly triggered this as we noticed some weird entries in the SharePoint logs about automatic configuration change and upgrade process .Hence we decided to open a support case with Microsoft for a detailed RCA.

Now let’s take a look on what Microsoft had to say to us about this issue ….

Troubleshooting steps done by Microsoft:

We captured the ULS logs on the exact time the issue was reported and shared the same to Microsoft (please note that this issue which we are currently talking about is a non-reproducible one, meaning: we were not able to reproduce the same behavior to Microsoft as this happened only once, after the server reboot everything looked normal). Microsoft analyzed the logs and this is what they found ….

A huge performance issue was identified as you can see in the logs image below:

1.png

AppDomain recycling was happening very frequently as you can see in the screenshot below:

2.png

3.png

The App domain recycling was happening on both the WFE’s as shown in the ULS logs screenshot below:

4.png

What we identified after analyzing the logs?

Now based on the above analysis we identified that the root cause of this issue was that the AppDomain recycle was happening very frequently. This is an isolation process within the W3WP process of the web application. This process went on recycling and that caused the performance issue of the environment.

The possible root cause for this App Domain recycle can be because of the below mentioned two reasons …

a) AV exclusions are not implemented in your SharePoint farm as per the article below. Certain folders may have to be excluded from antivirus scanning when you use file-level antivirus software in SharePoint

https://support.microsoft.com/en-us/kb/952167

b) The application restarts may occur in some situations if any processes accessing Web.config file in the root of the application, the Machine.config file, the Bin folder, or the Global. asax file.

In our case it’s the first one where we didn’t exclude the necessary files/folders from AV scanning and hence we decided to exclude the folders/files as mentioned in the aforementioned article. These are SharePoint system related files/folders and they have to excluded from AV scanning , else when a scheduled full scan kicks off in your SharePoint farm it will start scanning these files too and this will impact the performance of the SharePoint farm .

Lesson’s learned:

If you’re planning to install Antivirus software in your SharePoint farm, please make sure that all the folders mentioned in this article are excluded from getting scanned .These are SharePoint system related files & folders and every time the AV scan engine tries to scan these files it puts the farm on risk as the scanning process will interfere SharePoint’s operation .

Thanks for reading this post!!!   Happy SharePointing.

 

 

 

 

 

 

Part 2: Useful Office 365 cmdlets to generate SharePoint Online reports and also for SharePoint Online site administration:

Followed to my previous article about useful office 365 cmdlets in SharePoint Online, in this article I’ll be showing you some more useful PowerShell cmdlets to generate SharePoint Online reports /SharePoint Online site administration. I see a lot of misconception with my fellow SharePoint workers on understanding the difference between SharePoint on-premises cmdlets and Office 365(SharePoint Online) cmdlets, please note that they all don’t have the same functionality even though they almost look similar. There is a lot of difference in what they exactly do, so please pay close attention while utilizing them.

1

So let’s get into the real meats and potatoes now…

  1. To create a new SPO Site collection:

SyntaxNew-SPOSite -Url https://vigx.sharepoint.com/sites/Vignesh -Title “Vignesh” -Owner “vigganesan89@vigx.onmicrosoft.com” -Template “STS#0” -TimeZoneId 10 -StorageQuota 200

2

Note: In the above mentioned command you need to specify the URL of your new site collection, Title Name, Template ID, Time Zone and Storage quota size. Please check my previous article on SharePoint Online command to get to know about SharePoint Online Template ID’s

Running this command will create a new site collection in SPO and you can verify this in your SPO admin center as shown below.

3

2.To list the groups, and all the group memberships, for all of your SharePoint Online sites.

Syntax:

$x = Get-SPOSite

 

foreach ($y in $x)

    {

        Write-Host $y.Url -ForegroundColor “Yellow”

        $z = Get-SPOSiteGroup -Site $y.Url

        foreach ($a in $z)

            {

                 $b = Get-SPOSiteGroup -Site $y.Url -Group $a.Title

                 Write-Host $b.Title -ForegroundColor “Cyan”

                 $b | Select-Object -ExpandProperty Users

                 Write-Host

            }

    }

Running the above mentioned command will display the results as shown below,

4.png

3.To list the groups, and all the group memberships, for a single site collection:

Syntax:

First let me assign the $siteURL variable to the site collection in question.

$siteURL = “https://vigx.sharepoint.com/teams/test”–> Site in question.

$siteURL = “https://vigx.sharepoint.com/teams/test”

$x = Get-SPOSiteGroup -Site $siteURL

foreach ($y in $x)

    {

        Write-Host $y.Title -ForegroundColor “Yellow”

        Get-SPOSiteGroup -Site $siteURL -Group $y.Title | Select-Object -ExpandProperty Users

        Write-Host

    }

Running this command will display the results as shown below .

5

 4.To lock a SharePoint Online site:

SyntaxSet-SPOSite -Identity $site -Lockstate NoAccess

Specify the $site variable to the site which you want to lock.

6

Running this command will lock the site and when you try to access it you will get a 403 Forbidden error.

5.To unlock as SharePoint Online site:

Syntax:  Set-SPOSite -Identity $site -Lockstate Unlock

7.png

This will unlock the site that we just locked in the previous command.

6.To disable external sharing for a SharePoint Online site collection:

Syntax:

$siteURL = “https://vigx.sharepoint.com/teams/test”–> Site in question

Set-SPOSite -Identity $siteURL -SharingCapability Disabled

8.png

You can verify this in your SharePoint Online admin center as shown in the image below. The site in question will have external sharing disabled as shown below.

9

7.To enable external user and guest sharing:

Syntax:

Set-SPOSite -Identity $siteURL -SharingCapability ExternalUserandGuestSharing

10.png

Running this command will enable external user and guest sharing in a SPO site collection and you can verify that in the screenshot below.

11.png

Note: By default, this feature will be disabled for SPO sites and this has to be enabled if required.

8.To enable only external user sharing:

Syntax:  Set-SPOSite -Identity $siteURL -SharingCapability ExternalUserSharingOnly

12.png

 Running this command will only enable external user sharing in a SPO site collection and you can verify that in the screenshot below.

15.png

9.To get the list of sites where sharing capability has been enabled:

Syntax:    Get-SPOSite | Where {$_.SharingCapability -ne “Disabled”}

13

  1. To get the list of sites where sharing capability is disabled:

Syntax:  Get-SPOSite | Where {$_. SharingCapability -eq “Disabled”}

14.png

 11.To change the owner of site:

Syntax:

First let me assign the $siteURL variable to the site collection in question.

$siteURL = “https://vigx.sharepoint.com/teams/test”–> Site in question

Set-SPOSite -Identity $siteURL -Owner “pritham@vigx.onmicrosoft.com”

16

12.To change the storage and resource quota of a site:

Syntax:

Set-SPOSite -Identity $siteURL -StorgaeQuota 1000 -ResourceQuota 500

13.To change the Title of the site:

Syntax:

Set-SPOSite $siteURL -Title “New Title”

17.png

This will change the title of the site in question. You can verify this below.

18.png

Thanks for reading this article. This is all I have for this post and I’ll be back with Part 3 of this article very soon.

Happy SharePointing !!!

Part 1: Useful Office 365 cmdlets to generate SharePoint Online reports and also for SharePoint Online site administration:

Presentation1.png

In this post I’ll be showing you how to use Office 365 PowerShell cmdlets to generate useful SharePoint Online reports from your SharePoint Online tenant and also I’ll be discussing on certain useful cmdlets that can be used for SharePoint Online site administration. Let’s get started.

Note: Before we get started, please ensure that you’ve configured your PC to run SharePoint Online (Office 365) cmdlets. If not, please take a look on this article which I’ve already written about how to configure that. Also make sure that you’re a member of the SharePoint Online administration role in Office 365.

  1. Get-SPOSite -Detailed

This command will give a detailed list of all the site collections in your SharePoint Online tenant as shown in the screenshot below.

1.png

2. To get a list of SharePoint groups in your tenant.

Syntax:   Get-SPOSite | ForEach-Object {Get-SPOSiteGroup -Site $_.Url} |Format-Table 

Running this command will generate the results as shown in the image below. Also please note that this command will display the default SharePoint groups as well as the custom SharePoint groups that was created manually.

2.png

3.png

3. Adding a user to the Site collection administrators group.

Before I go ahead and show the syntax for this, let me go ahead specify the variables here so that it will be easy for us to use that in the command.

$tenant =  “https://vigx-admin.sharepoint.com “–>This would be my tenant URL

$site = “https://vigx.sharepoint.com/teams/test” –>This will be the SharePoint site collection URL

$user =” kamaleshg@vigx.onmicrosoft.com” –> This will be the UPN for the user who will be added as the SCA.

Since we have already specified all the variables, let’s go ahead and run the syntax.

SyntaxSet-SPOUser -Site $site -LoginName kamaleshg@vigx.onmicrosoft.com -IsSiteCollectionAdmin $true

Check the screenshot below for reference:

4.png

5.png

So this will add the user to the SCA group of  a site collection.

4. To get the list of users in my SharePoint Online Tenant:

Syntax:  Get-SPOSite | ForEach-Object {Get-SPOUser -Site $_.Url} 

Running this command will display the results as shown in the screenshot below.

replace.PNG

 

 

5.To get a report of the user’s in a site, their display names, permission levels and other properties:

Before I go ahead and execute the command for this, let me specify the $site variable for the site in question.

$site = “https://vigx.sharepoint.com/teams/test” –>This will be the SharePoint site URL

Note: It’s not necessary that you need to keep specifying the variables every time in a command unless you’re planning to use a different value apart to the one specified for that variable. PowerShell will automatically store it for you till the session is live.

Syntax:  Get-SPOUser -Site $site | select * | Format-table -Wrap -AutoSize | Out-File G:\UsersReport.txt -Force -Width 360 -Append

8.png

Running this command will generate a report as shown in the screenshot below.

9.png6. To get a report of the all user’s in your SharePoint Online Tenant, their display names, permission levels and other properties

$tenant =  “https://vigx-admin.sharepoint.com “–> This would be my tenant URL

Syntax:

Get-SPOSite | ForEach-Object {Get-SPOUser -Site $_.Url} | Format-Table -Wrap -AutoSize | Out-File G:\UsersReport.txt -Force -Width 360 -Append

10.png

Note: PowerShell might throw you some errors while running this command but that can be safely ignored.

Running this command will generate a report as shown below.

11.png

If you want to export the result to a CSV file, try running the below mentioned command.

Command 1 : For setting the headers in the CSV file

“Display Name`tLoginName`tGroups” | Out-File C:\UsersReport.csv

 12.png

Command 2: Once you’re done executing the first line, run the below syntax to get the report in the form a CSV file.

Syntax:

Get-SPOSite | ForEach-Object {Get-SPOUser -Site $_.Url -ErrorAction SilentlyContinue | %{ $_.DisplayName + “`t” + $_.LoginName

 + “`t” + $_.Groups | Out-File c:\UsersReport.csv -Force -Append}}

13

This will generate a CSV file as shown in the image below,

14.png

 7. To create a new SharePoint Group in a site collection.

Before I mention the syntax, let’s specify the necessary variables.

$tenant = “https://vigx-admin.sharepoint.com” –>Tenant URL

$site = “https://vigx.sharepoint.com/teams/test “–> Site collection URL

$group = “Test Site Owners2” –>SharePoint Group Name

$level = “Full Control” –> Permission level

Syntax:

New-SPOSiteGroup -Group $group -PermissionLevels $level -Site $site

15.png

Running the above command will create a new SharePoint Group in the targeted site collection and will give the results as shown below.

16.png

8. To create an inventory of all the SharePoint site collections in your Tenant which has the information of the Site Name, URL, Quota, compatibility level and other information etc.… and to export the results to a CSV file:

Syntax:

Get-SPOSite -Detailed | Export-CSV -LiteralPath G:\SiteInventory.csv -NoTypeInformation

17.png

Running this command will generate a CSV file in specified path as shown in the image below.

18.png

 9. To get your SharePoint Online Tenant information

Syntax: Get-SPOTenant

This will give the complete tenant information as shown in the image below.

19.png

  1. To get the list of site templates in your SharePoint Online tenant

Syntax: Get-SPOWebTemplate

Running this command will give the list of site templates in SharePoint Online as shown below

20.png

This concludes part 1 of this article, I’ll be creating part 2 of this article where I’ll be taking you through few more SharePoint Online PowerShell cmdlets that can help us to generate useful reports and also for site administration.

Thanks for reading this post.

Happy SharePointing!!!  

Microsoft Life cycle Support for SharePoint Server 2007 , 2010 & 2013:

SharePoint Version Lifecycle Start Date Mainstream Support end date Extended Support End Date Service Pack Support End Date Points to Note
SharePoint Server 2007 1/27/2007  10/9/2012 10/10/2017 1/13/2009  
Microsoft SharePoint Server 2010 7/15/2010 10/13/2015 10/13/2020 7/10/2012  
Microsoft SharePoint Server 2010 Service Pack 1 6/28/2011 Not Applicable Not Applicable 10/14/2014  
Microsoft SharePoint Server 2010 Service Pack 2 7/23/2013 Review Note Review Note   Support ends 12 months after the next service pack releases or at the end of the product’s support lifecycle, whichever comes first. For more information, please see the service pack policy atgp_lifecycle_servicepacksupport.
Microsoft SharePoint Server 2013 1/9/2013 4/10/2018 4/11/2023 4/14/2015  
Microsoft SharePoint Server 2013 Service Pack 1 2/25/2014 Review Note Review Note   Support ends 12 months after the next service pack releases or at the end of the product’s support lifecycle, whichever comes first. For more information, please see the service pack policy atgp_lifecycle_servicepacksupport.

 

 

 

Difference between SharePoint health analyzer & SCOM Alerts for SharePoint:

I often used to have a hard time trying to understand the difference between the SharePoint Central Administration Health Analyzer alerts and the SCOM alerts for SharePoint and after doing quite a bit of research on the internet I got to know what these two mean in detail and how they differ from each other.

So in this post we will be discussing about what is a SCOM alert and a SharePoint Health analyzer alert and what’s the difference between them and why/when we need to relay upon them. So let’s get started.

SCOM.png HEALTH ANALYZER.jpg

What’s a SCOM alert?

SCOM (System Center Operations Manager) is an enterprise monitoring tool which is capable enough of monitoring Windows Server/Server products like (SharePoint, Exchange, Lync server & SQL Server etc.) and Unix based hosts. How SCOM works is, with every product that Microsoft releases such as Exchange /SharePoint the product team also releases an appropriate SCOM management pack which will take care of monitoring. Listed below are the steps that need to be done to configure SCOM monitoring for application servers.

  1. Install/Configure SCOM on a Windows server.
  2. Once done , please install the appropriate management packs on the SCOM server ( Ex : Exchange management pack, SharePoint server management pack )
  3. In the respective application servers install the SCOM agent ( Ex : SCOM agent for Exchange on exchange server and SCOM agent for SharePoint on SharePoint server )
  4. The agent installed on all server is used to gather performance information and logs.
  5. Whenever the agent become unreachable by the SCOM server an appropriate alert will be triggered on the SCOM console.
  6. These alerts can also be sent as emails to a DL or a person.

What’s a SharePoint Health Analyzer alert? 

SharePoint Health Analyzer is a feature in Microsoft SharePoint that enables SharePoint farm administrators to schedule regular, automatic checks for potential configuration, performance, and usage problems in the server farm. It monitors the farm by applying a set of health rules. The complete list of health rules can be found later in this article.

These Health rules are executable code. Each rule is a concrete subclass that inherits from either one of two abstract classes:

SPHealthAnalysisRule

SPRepairableHealthAnalysisRule.

In both cases, the code that detects and reports a potential problem is in the Check method. Repairable health rules also have a Repair () method that fixes a problem found by the Check method.

The complete list of SharePoint Health analyzer rules can be found in the link mentioned below: _ https://technet.microsoft.com/en-us/library/ff686816.aspx

Difference between SCOM alerts for SharePoint and SharePoint health analyzer alerts:

The SCOM Management packs are more complex than what is offered by the Health Analyzer. The Health Analyzer has a simple set of application rules. Please note that these rules are limited only limited to the  current farm and can only notify administrators provided that outgoing email is enabled (and working) in the SharePoint farm. By default they are not set to email out and only display to users within Central Administration. If the server has crashed, the Heath Analyzer will not alert anyone.

SCOM monitors certain things that the Health Analyzer doesn’t. Remember, it’s not only monitoring the SharePoint MP. There are the Windows MPs and if you have other applications on the server other than SharePoint (let’s say SQL Server), it can monitor them as well (provided that the MP’s for SQL is also installed). The Heath Analyzer won’t scan the event logs for errors and email the team. The Health Analyzer cannot send an alert if one of the hard disks fails. The Health Analyzer won’t tell you how many times an issue has happened in the past, packaged in a nice report with a graph.

On the other hand SCOM integrates closely with SharePoint and provides the most comprehensive and flexible solution for monitoring the health of SharePoint farms. With SCOM, the level of reporting and alerting is more granular and easily managed than SharePoint’s standard health monitoring.

  • SharePoint 2010/2013  ships a management pack for System Center Ops Manager
  • The management packs are of two different types 1. MP for SharePoint Server 2. MP for SharePoint Foundation.
  • Improved Knowledge Articles
  • More relevant events and monitors
  • Surfaces SharePoint Health Analyzer (SPHA) rules
  • Integrated with Unified Logging System (ULS)

SCOM management pack for SharePoint server: https://www.microsoft.com/en-in/download/details.aspx?id=35590

SCOM management pack for SharePoint foundation: _ https://www.microsoft.com/en-in/download/details.aspx?id=35591

So the conclusion here is, both SCOM MP for SharePoint server and SharePoint health analyzer are capable enough of monitoring the health of the SharePoint farm. However SCOM MP’s are more granular and can monitor certain things that can’t be monitored by SharePoint health analyzer. Moreover, the alerts that you get on SharePoint health analyzer are mostly bogus information (meaning, you don’t need to pay much attention to those alerts as they aren’t really scary for the most part and can be safely ignored ) .Please read my previous article about this

Thanks for reading this post .Happy SharePointing!!!

 

 

 

Configuring Windows PowerShell to support SPO management shell, Exchange Online Management Shell, Skype for Business Online Management Shell and Office 365 Compliance center:

office3652.jpg

Good evening  to all the Office 365 nerds out there, this article would be on how to configure Windows PowerShell in your client operating system to support Office 365 (i.e. SharePoint Online Management shell, Exchange Online Management Shell, Skype for Business Online Management Shell and Office 365 Security & Compliance center). Well it’s a known fact that Microsoft has released the PowerShell module for all these products (SharePoint Online, Exchange Online, Skype for Business Online and Office 365 Security & Compliance center) separately and you can use that to manage these products separately .Listed below are the links to download those modules .

SharePoint Online Management shell: _ https://www.microsoft.com/en-us/download/details.aspx?id=35588

Skype for Business Online module: _ https://www.microsoft.com/en-us/download/details.aspx?id=39366

Exchange Online module: _ https://technet.microsoft.com/en-us/library/jj984289(v=exchg.160).aspx

Office 365 Security & Compliance center: _ https://technet.microsoft.com/en-us/library/mt587091(v=exchg.160).aspx

Azure AD Module (this can be used for user and domain management tasks in Office 365): _ https://msdn.microsoft.com/en-us/library/jj151815.aspx .

So if you’re the guy who plays the IT administrator role in your company and if you’re the one who has Office 365 global admin role assigned to you and takes care of managing Office 365 then chances are that your desktop could look very messy as shown in the image below while you’re using the management shell and you’re definitely going to have hard time managing them .

29.png

So the idea here is to show guys how to configure PowerShell to support all these modules and be successful in managing Office 365 from a single PowerShell window.

Let’s get into the detailed steps now:

Note: Please bear in mind that you need to have Office 365 global admin access to perform these steps.

  1. Please install the Microsoft .NET Framework 4.5.x and then either the Windows Management Framework 3.0 or the Windows Management Framework 4.0. in your PC.

Windows Management Framework 3.0:_ https://www.microsoft.com/en-us/download/details.aspx?id=34595

Windows Management Framework 4.0:_ https://www.microsoft.com/en-us/download/details.aspx?id=40855

  1. For Skype for business online module to function, you need a 64-bit operating system and hence please make sure you’re running a 64 bit version of Windows. Else you will end up getting an error  message as shown in the image below.

31.png

3.  Listed below are the 64-bit version of Windows that you can use

                                Windows 8.1 or Windows 8

                                Windows Server 2012 R2 or Windows Server 2012

                                Windows 7 Service Pack 1 (SP1)*

                                Windows Server 2008 R2 SP1*

  1. Once that’s done you need to install the modules that are required for Office 365, SharePoint Online, and Skype for Business Online. Listed below are the links to download those modules.

Microsoft Online Service Sign-in Assistant for IT Professionals RTW

Windows Azure Active Directory Module for Windows PowerShell (64-bit version)

SharePoint Online Management Shell

Skype for Business Online, Windows PowerShell Module

5. Once you’re done installing all the modules you need to configure Windows PowerShell to run signed scripts for Skype for Business Online, Exchange Online, and the Security & Compliance Center. To do this, run the following command in an elevated Windows PowerShell session

Set-ExecutionPolicy RemoteSigned

1

6. Now inorder to identify whether you’re running Windows PowerShell using elevated permissions or normal mode, please check the prompt on your PowerShell screen.

PS C:\Windows\System32> –>Elevated permissions

 PS C:\Users\UserName>–>Normal mode

7. Now run the next below mentioned command to pass your Office 365 user name and password to Windows PowerShell in an encrypted way. Once that’s done you will get a windows dialog box prompting for your credentials as shown in the image below.

$credential = Get-Credential

2

8. Now key-in your Office 365 credentials and click on OK as shown below.

3

9. In-order to identify whether your credential object has been created successfully, please run the below mentioned command as shown in the image below and it should return the value.

Note: Windows PowerShell will never tell you anything when things go fine, it will silently pass on to the next line .It only yells at you when something went wrong. That’s the funny thing about Windows PowerShell.

$credential

30

10.  Now we are all good to and hence we can start connecting to Office 365, for that please run the below mentioned command.

Import-Module MsOnline

4

11. Once that’s done in-order to verify whether the module was imported successfully you need to run the below mentioned command. This should return the value as shown in the image below.                                Get-Module

12. Somewhere in the list of modules that are returned by this command you should see something that looks like this:  

  Manifest 1.0 MS Online {Add-MsolForeignGroupToRole, Add-MsolG…}.

If you see MSOnline listed, that means that everything went according to plan.

13. Since we have verified that the credential object has been created and also the MSOnline module has been loaded successfully the next step would be to connect to Office 365 using the Connect-MsolService cmdlet. For that run the below mentioned command as shown in the image below.

                                Connect-MsolService -Credential $credential

5

14. In-order to verify whether you have successfully logged into your Office tenant, please run the below mentioned command and verify your domain information as shown in the image below. In my case my domain name for Office 365 is “vigx” and you can see that in the image below.

                                                 Get-MsolDomain

32.png

15. After performing all the above mentioned we have successfully verified that we are able to establish a connection to the Office 365 tenant using our user name and password which has Global admin access in Office 365 . Now the next steps would be to create a connection to each modules separately (i.e. SharePoint Online, Exchange Online , Skype for Business Online & Security and Compliance center for Office 365 )

16 .Initially let’s get started with SharePoint Online by running the following command.   Import-Module Microsoft.Online.SharePoint.PowerShell –DisableNameChecking

Here the “DisableNameChecking” switch suppresses the below mentioned warning.

Warning: The names of some imported commands from the module ‘Microsoft.Online.SharePoint.PowerShell’ include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.

17. In order to connect to SharePoint Online, you need to supply two pieces of information: your credentials and the URL of your SharePoint Online admin site. This is how the format is going to look like.

Note: You can get your SharePoint Online tenant URL by opening the tenant admin page. Check the screenshot below.

33

This is how the format will look like,

Admin URL: – https://vigx-admin.sharepoint.com   Connect-SPOService -Url https://vigx-admin.sharepoint.com -credential $credential

18. Once that’s done, please go ahead and run “Get-SPOSite” command as shown below and see the results .This should list all the SharePoint Online sites.

34.png

19. If you successfully get the list of all SharePoint Online sites then your command ran successfully.You can verify that by visiting the SharePoint Online admin center as shown below.

6.PNG

20. Also try running Get-MsolUser and see the result , this will return the list of all the users in Office 365 .This means you can now manage both SharePoint Online and Office 365 from the same Windows PowerShell window .

35.png

 

21. Now, let’s take a look on how to connect to Skype for Business Online (formerly as Lync Online)

Note:  Connecting to Skype for Business Online (and to Exchange Online or the Security & Compliance Center) is different than connecting to Office 365 or to SharePoint Online. That’s because the Skype for Business Online and Exchange Online cmdlets don’t get installed on your computer like the Office 365 and the SharePoint Online cmdlets do. Instead, each time you sign in, the appropriate cmdlets are temporarily copied to your computer. When you sign off, those cmdlets are then removed from your computer.

22. In order to connect to Skype for Business Online, please run the below mentioned command to import the Skype for Business Online module. For that run the below mentioned command.

                         Import-Module SkypeOnlineConnector

36.png

Note: The first time you might see some warning message which can be safely ignored.

23. Once the module has been imported, run the below mentioned command to initiate a new Sfbo session by running the below command.

$sfboSession = New-CsOnlineSession -Credential $credential

Note: By running the above command we have successfully created a remote PowerShell session. The above command is used to connect to an instance of Windows PowerShell running on one of the Office 365 servers.

37.png

24. Once that’s done you need to run the below mentioned command to download the “Skye for Business Online scripts /cmdlets” and other items. As already mentioned before Skype for Business Online commands are not similar to SPO cmdlets, Sfbo cmdlets need to be loaded every time you plan to use PowerShell to manage Sfbo. So now let’s load sfbo cmdlets to PowerShell by running the below mentioned command(you can notice the progress bar in the image below loading the cmdlets to Windows PowerShell)

Import-PSSession $sfboSession

10.png

25. Once Windows PowerShell is done loading the sfbo cmdlets you should notice something like this as shown in the image below. If you notice this in your screen then you have successfully made a connection to Skype for Business Online.

11

26. You can verify your connection to Skype for Business Online by running the below mentioned command.

Get-CsOnlineUser -Identity vigganesan89@vigx.onmicrosoft.com 

Note: This command will give the information for the user who has his UPN/SIP ID as vigganesan89@vigx.onmicrosoft.com

16

27.  Alright, till now we have seen how to configure Windows PowerShell to support SharePoint Online and Skype for business online, now let’s take a look on how to configure Windows PowerShell to support Exchange Online.

28. In order to proceed further, please run the below mentioned command which creates a remote Windows PowerShell session with Exchange Online.

$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri “https://outlook.office365.com/powershell-liveid/” -Credential $credential -Authentication “Basic” -AllowRedirection

Note: Why is the command for connecting to Exchange Online more complicated than the command to connect to Skype for Business Online? Technically, it’s not: both commands do the exact same thing. However, the Skype for Business Online team created its own cmdlet—New-CsOnlineSession—that hides some of the parameters (like Authentication and AllowRedirection) that are used when connecting to Exchange Online. Instead of requiring you to type that information yourself, the Authentication and AllowRedirection parameters are effectively built in to the New-CsOnlineSession cmdlet. You have to type those parameters when connecting to Exchange Online because Exchange Online uses the standard New-PSSession cmdlet to connect to Office 365. The disadvantage is that you have a little more typing to do. The advantage is that you don’t have to download and install an Exchange Online module. This will start loading the modules as shown in the screenshot below.

13.png

29. Once you’re done running the above command, please run the below command to import the Exchange Online remote session, just as we did for Skype for Business Online. Please check the screenshot below.

        Import-PSSession $exchangeSession –DisableNameChecking

38

30. Once you’re done running the above command you would get the results as shown in the image above.

31. After you get the desired results in the screen, try running the below mentioned command , you should see information about your Office 365 domains that are configured for email addresses in Exchange Online.

Get-AcceptedDomain

39

32. This confirms that you have successfully connected to Exchange Online, you can also verify that by running the “Get-Mailbox” command as shown in the email below. This should return the Mailbox information of the users who are in Office 365.

40

33. So till now we have seen how to manage the user administration/license management for Office 365 , SharePoint Online , Exchange Online & Skype for Business Online using Windows PowerShell .Now let’s see how to manage the Security and Compliance center in Office 365 using Windows PowerShell .

34. The connection instructions for the Security & Compliance Center are very similar to those for Exchange Online, but with a slight difference .Let’s take a look at it. To get started with, please run the below mentioned command which creates a remote PowerShell session with the Security & Compliance Center

$ccSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $credential -Authentication Basic –AllowRedirection

35. This will start loading the modules as shown in the image below.

20.PNG

36. Now in order to import the cmdlets for “Security and Compliance center” run the below mentioned command .This should look similar to the Exchange Online cmdlet. The DisableNameCheckingswitch isn’t required here as there are no unapproved verbs in the Security & Compliance Center. But the additional -Prefix ccparameter and value is something different here. The Exchange Online and the Security & Compliance Center share some cmdlets that have exactly the same names and provide the same functionality. Get-RoleGroup is an example.                                                                                             Import-PSSession $ccSession -Prefix cc

21.PNG

37. Now you can verify the result of the above command in the screenshot above.

38. In order to verify whether you have been successfully connected to “Security and Compliance center” in Office 365, please visit the below mentioned link and try executing the cmdlets there and see the results.

https://technet.microsoft.com/en-us/library/mt587093(v=exchg.160).aspx

39. So finally we have connected to all the instances of Office 365 (Office 365 user/license management, SharePoint Online, Exchange Online, Skype for Business Online & Security and Compliance center in Office 365) using Windows PowerShell and we also saw how to execute the appropriate cmdlets to manage them.

40. Now, run the below mentioned command to get the active sessions that are running .For that run the Get-PSSession

The Get-PSSession cmdlet should show you that you have at least three remote sessions open, one for Skype for Business Online, one for Exchange Online and one for the Security & Compliance Center (it’s possible you could have more than three remote sessions running, depending on whether you’ve used this instance of Windows PowerShell to connect to something else besides the Office 365 services). You should see something similar to the following.

41.png

41. Since we have verified the active sessions that are running, now run the below command one at a time to close the session. If you just close the Windows PowerShell window, your Skype for Business Online remote connection will remain active for the next 15 minutes or so. Because Skype for Business Online limits the number of simultaneous connections that any one person or any one domain can have open, that could be a problem. With Skype for Business Online, an individual administrator can have, at most, three open connections at one time, and a domain can have a maximum of nine open connections. If you sign in to Skype for Business Online and then exit without properly closing the session, that session remains open for the next 15 minutes or so. As a result, that’s one fewer connection available to you or to other administrators in your domain. So run the below mentioned command to close the remote sessions for Skype for Business Online, Exchange Online, and the Security & Compliance Center gracefully.

 

Remove-PSSession $sfboSession

                                Remove-PSSession $exchangeSession

                                Remove-PSSession $ccSession

 42. If you prefer to close all the sessions at the same time without doing it one at a time, please run the below mentioned command.

 

Get-PSSession | Remove-PSSession

 43. The above mentioned commands will stop the PowerShell sessions for Skype for Business Online, Exchange Online, and the Security & Compliance Center gracefully but not SharePoint Online and hence to stop the session for SharePoint Online , run the below mentioned command .

Disconnect-SPOService

43.png

44. Now inorder to verify whether we have successfully disconnected from SharePoint Online service run the below mentioned command and it should throw you an error.

44.png

45. This confirms that you have successfully disconnected from SharePoint Online management shell.

So finally we have seen how to configure Windows PowerShell to support SharePoint Online Management shell, Exchange Online Management Shell, Skype for Business Online Management Shell and Office 365 Compliance center.