The [unofficial] guide for SharePoint 2013 (and 2010) working with TLS 1.2 only

  There are several resources out there claiming SharePoint 2013 and 2010 are not compatible with TLS 1.2 but no official stance from Microsoft either way until now. This post is still not the official response, but it is the first step in this direction. Official documentation to follow. The official supportability is explained in…

34

Windows 10 Preview does not allow you to change a network from public to private

  *** UPDATE: This morning my Microsoft colleague Regan Murphy who is Technical Evangelist pointed me out that Windows 10 indeed can change from public to private via U (thank you Regan)I. I am posting his response below. I am keeping the original post as it may be useful for bulk changes and for System…

6

How to get a SAML Protocol Response from ADFS using C#

ADFS (Active Directory Federation Services) is a fancy name for Windows Identity Foundation Server. ADFS supports SAML protocol, however its client, Windows Identity Foundation (WIF), does not. As most of the problems of acquiring a token can be resolved with either WS-Federation and WS-Trust, you may use WIF for your federation needs since WIF supports…

25

Verifying whether the broken piece is c2WTS or Active Directory

  If you have tried my tool to troubleshoot c2WTS with SharePoint, c2WTSTester, verified that the service is running as expected, the account used by SharePoint is valid in c2WTS but you still failed to receive a valid token for some error that does not make much sense, fear no more. It may be that…

2

Troubleshooting Claims to Windows NT Token Service (c2WTS) in SharePoint 2010 may be difficult if you don’t know where to start

I have been writing some blogs entries (and even a Microsoft KB) about c2WTS, but the subject never exhausts. I was helping two different customers to troubleshoot issues with SharePoint Excel Services. In one of the cases the problem happened randomly and the error message was saying that the request to the external data (SQL)…

38

Step by step configuration of Excel Calculation Services (ECS) when using Kerberos

There is no better way of learning something than to observe someone doing it step-by-step. I gathered information from different sources during the beta phase of SharePoint. So my thanks go to Darin Roulston, Eric Adams, Tracy Paddock, Jon Waite and other brave people who created the eco-system for all of us. The topology is…

0

Application to check cascade access rights for a particular user or anonymous user in SharePoint

Don’t you hate when you have access denied and you don’t know where it is coming from? It is even worse when it is related to anonymous access where a single detail can prevent a page from being rendered (IIS authentication, broken inheritance, you name it). The application will show the detailed cascade rights for…

3

Creating a Web Application using Kerberos as authentication instead of NTLM in SharePoint 2010 programmatically via PowerShell

If you have ever tried to programmatically create a Web Application using Kerberos as authentication provider you noticed that the Authentication Provider resets to NTLM. The cmdlet to create a new Web Application is New-SPWebApplication (or New-SPWebApplicationExtension to extending an exixting one) which comes with the toggle parameter to disable Kerberos authentication (DisableKerberosAuthentication). It happens,…

4

Some thoughts on Impersonation

I normally talk about SharePoint topics but this post is also important for non-SharePoint people. First let me explain what is the relationship between impersonation and SharePoint, or better, the relationship between SharePoint and the thread [security] token. SPRequest is the unmanaged low level class in SharePoint that works as HtppHandler for SharePoint requests. In…

0