SharePoint Pain

Applies to SharePoint 2016; not tested on other versions of SharePoint.   Symptoms   Central Admin’s Health Analyzer reports that the farm account or an unknown account (sometimes it doesn’t show the account name) is in the Local Administrators group on some servers:   However, you see that the reported warning is false:   Cause   The Timer Service failed to recycle on the associated servers. It is scheduled to recycle at 0600 on all servers and occasionally it fails on some servers due to an internal conflict: Direct links to the Job History page of Timer Service Recycle : https://caUrl/_admin/TimerJobHistory.aspx?View=4&JobId=<guid> Resolution   Method 1: Click any of the Timer Service Recycle links on the Job History page (direct URLs above), hit Run Now , and wait for about 10 minutes to let it finish (check the Timer Job Status page): 2. Go back to Health Analyzer and hit Reanalyze Now to verify. Method 2: Restart the SharePoint Tim...

Applies to SharePoint 2016; not tested on other versions of SharePoint.   Symptoms   Windows Application Event Viewer shows two certificate-related errors every minute as follows:   Event ID 8306   An exception occurred when trying to issue security token: ID3242: The security token could not be authenticated or authorized..   Event ID 8311   An operation failed because the following certificate has validation errors:   Subject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US Issuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US Thumbprint: 8C0669A6945F6A310538F1F8159D541CBDFE9427   Errors:   PartialChain: A certificate chain could not be built to a trusted root authority. RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate. OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline. ...

Applies to SharePoint 2016; not tested on other versions of SharePoint.   Symptoms   SharePoint Central Admin’s Health Analyzer shows "Drives used for SQL databases are running out of free space". For example:     Cause The value of Autogrowth for the database files are not set optimally for the free disk space that the Health Analyzer calculates. For example: Resolution   Set the Autogrowth to the correct value . Do not use a percentage or a non-binary unit as a fixed value. Inform the DBA. For example:       Note: - The Health Analyzer Rule Definition and the Error Status pages look very similar and share the same title, "Drives used for SQL  databases are running out of free".  Make sure you're looking at the right page by checking the URLs (../Lists/HeathRules/... vs. ../Lists/HealthReports/...) and the Ribbon: -   For getting into the depth of the error and calculating the correct value, you can refer to  https:/...

Symptoms When one tries to open an Office Online document, SharePoint gives the “ Sorry, something went wrong ” error message with a Correlation ID. All Office Online Server members in the farm work fine via https://<officeonlineUrl>/op/generate.aspx. However, the associated Correlation ID on the SharePoint ULS shows " System.TimoutException: The open operation did not complete within the allotted timeout of 00:01:00 ", and it stems from SPApplicationSecurityTokenServiceClient : Cause Malfuction of SecurityTokenServiceApplicationPool  Resolution Recycle the SecurityTokenServiceApplicationPool on the identified server in ULS (highlighte):

Applies to SharePoint 2016; not tested on other versions of SharePoint.   Symptoms   Central Admin's Health Analyzer shows:   -         Title: One or more services have started or stropped unexpectedly. -         Explanation: The following services are managed by SharePoint, but their running state does not match what SharePoint expects: c2wts -         Remedy: To stop or start a service managed by SharePoint, use the SharePoint service management interface in the SharePoint Central Administration Site. If a service has crashed, restart the service manually on the affected servers by running “net start [service name]” from a command prompt.   Service status shows c2wts (Claims to Windows Token Service) is not running even though it’s set to “Startup type: Automatic”. When you try to start the service, it gives:   Windows could not start the c2wts service...

Applies to SharePoint 2016; not tested on other versions of SharePoint.    Symptoms   After changing the farm account password in AD, SharePoint fails to update the password with the “Use existing password” option in Central Admin:   Error Message:   Error deploying administration application pool credentials. Another deployment may be active. An object of the type Microsoft.SharePoint.Administration.SPAdminAppPoolCredentialDeploymentJobDefinition named “job-admin-apppool-change” already exists under the parent Microsoft.SharePoint.Administration.SPTimerService named “SPTimerV4”. Rename your object or delete the existing object.   Screenshot:   Findings :   ·         Correlation ID in ULS shows misleading errors as none of reported services are configured for SharePoint: o    Error updating the account password for process identity Id c3c6d96f-3994-4630-8c03-f019b0f22757, please fix manually. An object ...

Symptoms   On Central Admin, Health Analyzer shows "The timer service failed to recycle" warning:   Cause The Timer Service Recycle job was blocked by other running Timer jobs, such as: The running jobs that block the Recycle job could be stuck in the running mode and need to be verified first. Resolution 1.       Make a note of the Failing Servers in the report and run the Timer Service Recycle Job from Central Admin > Monitoring > Job Definitions > Timer Service Recycle .  ( Direct URL:  https://<caDomainName>/_admin/JobEdit.aspx?JobId=<guid>) Click the "Run Now" button. This will kick off the Job across all servers in the farm.  2.       Go to the Running Jobs page (https://<caDomainName>/_admin/ServiceRunningJobs.aspx) and wait until the Job finishes. It will take several minutes. 3.       Check the Job History page (https://<caDomainName>/_admin/Tim...

Symptoms Office Online Server fails to open Office documents and leaves this error in the Office Web Apps event logs:   System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority '<servername>:809'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.     Cause IIS sites have the unsupported HSTS configuration: HSTS ==> “ Redirect Http to Https ” It needs to be enabled for the IIS security, but it breaks the Office Online functionality. Resolution Uncheck (disable) the “ Redirect Http to Https ” checkbox for both HTTP80 and HTTP809 sites: The “ Enable ” and “ IncludeSubDomains ” options do not cause the outage. Therefore, they can be left enabled.  No ...