After installing .NET security patches to address CVE-2018-8421, SharePoint workflows stop working (KB 4457916/4457035 and others)

*** FINAL UPDATE V *** Adding link to video Important As some companies cannot make changes based on Blog posts, we worked on a public KB that can be found here: https://support.microsoft.com/en-us/help/4465015/sharepoint-workflows-stop-after-cve-2018-8421-security-update The KB has a watered down version of Joe’s script. If you have Nintex workflows, favor the scripts on this post. We put together…

351

The [unofficial] guide for SharePoint 2013 (and 2010) working with TLS 1.2 only

  There are several resources out there claiming SharePoint 2013 and 2010 are not compatible with TLS 1.2 but no official stance from Microsoft either way until now. This post is still not the official response, but it is the first step in this direction. Official documentation to follow. The official supportability is explained in…

34

Windows 10 Preview does not allow you to change a network from public to private

  *** UPDATE: This morning my Microsoft colleague Regan Murphy who is Technical Evangelist pointed me out that Windows 10 indeed can change from public to private via U (thank you Regan)I. I am posting his response below. I am keeping the original post as it may be useful for bulk changes and for System…

6

How to get a SAML Protocol Response from ADFS using C#

ADFS (Active Directory Federation Services) is a fancy name for Windows Identity Foundation Server. ADFS supports SAML protocol, however its client, Windows Identity Foundation (WIF), does not. As most of the problems of acquiring a token can be resolved with either WS-Federation and WS-Trust, you may use WIF for your federation needs since WIF supports…

30

Verifying whether the broken piece is c2WTS or Active Directory

  If you have tried my tool to troubleshoot c2WTS with SharePoint, c2WTSTester, verified that the service is running as expected, the account used by SharePoint is valid in c2WTS but you still failed to receive a valid token for some error that does not make much sense, fear no more. It may be that…

2

Troubleshooting Claims to Windows NT Token Service (c2WTS) in SharePoint 2010 may be difficult if you don’t know where to start

I have been writing some blogs entries (and even a Microsoft KB) about c2WTS, but the subject never exhausts. I was helping two different customers to troubleshoot issues with SharePoint Excel Services. In one of the cases the problem happened randomly and the error message was saying that the request to the external data (SQL)…

38

Step by step configuration of Excel Calculation Services (ECS) when using Kerberos

There is no better way of learning something than to observe someone doing it step-by-step. I gathered information from different sources during the beta phase of SharePoint. So my thanks go to Darin Roulston, Eric Adams, Tracy Paddock, Jon Waite and other brave people who created the eco-system for all of us. The topology is…

0

Application to check cascade access rights for a particular user or anonymous user in SharePoint

Don’t you hate when you have access denied and you don’t know where it is coming from? It is even worse when it is related to anonymous access where a single detail can prevent a page from being rendered (IIS authentication, broken inheritance, you name it). The application will show the detailed cascade rights for…

3

Creating a Web Application using Kerberos as authentication instead of NTLM in SharePoint 2010 programmatically via PowerShell

If you have ever tried to programmatically create a Web Application using Kerberos as authentication provider you noticed that the Authentication Provider resets to NTLM. The cmdlet to create a new Web Application is New-SPWebApplication (or New-SPWebApplicationExtension to extending an exixting one) which comes with the toggle parameter to disable Kerberos authentication (DisableKerberosAuthentication). It happens,…

4