Critical error “Microsoft.SharePoint.Diagnostics.SPDatabaseServerDiagnosticsPerformanceCounterProvider“

Reason behind this error

We are using Alias name of SQL server and using SPDiag studio to analysis SharePoint.

Fix

Add SQL alias name with IP (is you are using cluster than cluster IP) in host file in every App server and Front end server.

Add farm administrator(User account that is responsible to run SPTimer service) in Performance Monitor Users group (Local VM/Server).

Note:-If you are using cluster based SQL server that you need to add this in every SQL node.

Now restart the SPTimer service.

:)

Upgrade farm :- SP2010Exception: Microsoft.SharePoint.Administration.SPUpdatedConcurrencyException

We have 2 app server and 3 frontend server with clustered SQl server (2 nodes). Now we are find that except App server our all front end server require upgrade , it seems some one install patches (e.g. service pack or cumulative update applied, or language packs installed) without running PSConfing or command line equal to PSConfing.

Now normal process to upgrade farm by PSconfig UI and it showing upgrade is required.but when we try to upgrade it by UI after 9 tasks it getting failed with SharePoint’s Admin content DB error.

Because our app server is saying that no update is required to so we plan to run up command on front end server. but we have not luck we got below is the error message

Exception: Microsoft.SharePoint.Administration.SPUpdatedConcurrencyException: An update conflict has occurred, and you must re-try this action. The object SPUpgradeSession Name=Upgrade-20121029-090244-405 was updated by DOMAINNAME\USERNAME, in the PSCONFIG (7112) process, on machine MACHINENAME.  View the tracing log for more information about the conflict.

 

So we did so Google/Bing but no one giving us assurence that this is the root cause but in this blog can help us.

first we ran

stsadm -o setproperty -pn command-line-upgrade-running -pv Yes

than we ran

psconfig.exe -cmd upgrade -inplace b2b –wait –force

after these command we successfully upgrade the first FE server

But when we tried on second server we get same error this approach not worked for us Also, the command-line-upgrade-running STSADM property was already set to “Yes.”  So we decided to fist set the property No and than again set the property Yes by above command and run upgrade command, this time we successfully upgrade.

Now all servers and DBs are upgrade properly.

Other post that help us to understand more http://technet.microsoft.com/en-us/library/ff806338.aspx

Regards

Could not get the current time from the SNTP (RFC1769) server <52.102.13.2>

Last day i got a call that user is not able to access Sandbox solution. So as an administrator i think this could be a reason that sandbox service stop working but it hard from me to accept that without any reason service stop working . That was Prod environment so things were more critical.

Here is the scenario we have 2 app serve ,3 WEF and cluster based SQL server with two nodes . from App server i am getting multiple “Cannot generate SSPI context” error messages. yes there could be several reasons behind this error one is described in Microsoft support site here.

But before this we also check SQL server and we find Could not get the current time from the SNTP (RFC1769) server <52.102.13.2>. warning message.

now we checked from SP app and We were able to access Central admin.

now where is issue With SP or SQL or Some service account is missing form local user group(like WSS_*) or some where else ?

Step to dig it more

1. Hit iisreset on app server . now try to access Central Admin . That will not come properly and will show service related error.

2. we hit command prompt and type Time and checked current time.

3. we went to SQL server node and follow above step 2

4. we compare time and find, time difference is more than hrs. so this could be reason because if time difference is more than the Maximum tolerance for computer clock synchronization there could be sysn problem between SQL and SP.

We adjusted time nearly same.

Now we hit the iisreset again and try to access central admin ohhhhh that come fine . Now we can start Sandbox service from windows service console from all three WFEs .

Now we tried to access site collection and they are working fine even sandbox solution.

So we find there could be several reason behind these issues but when above issue came together ,time difference between servers(VM) in farm  could be a reason and we need to check that also.

Now we are not getting and SSPI context error anymore.

Hope this help you.

Kindest Regards

:)

system account getting access denied error

last week in one of Developer VM, i was not able to access any site collection. System account was getting access denied error although i checked all permission for system account. i conformed my self that i gave full controls on web application from Policy. Remember i changed authentication type from classis authentication to claim based authentication. so i start looking the issue and encountered new things in SharePoint –> Object Cache user accounts.

This is quite interesting to know how actually user request flow in SharePoint 2010. Goal of these object cache are reduce load on SQL server hosted machine.In SharePoint 2010  request for items based on User account. Publishing features makes queries for which the results are cashed in object cache. Now user query fetch data using publishing control like it is from the cache not from the user.This query is not a single query. It contain two query, one as a Super user account(Include draft item) and second as a super reader account(Published item).result from the both query stored in object cache.Now object cache check what type of permission user have(access control list)and return the appropriate results.this increase the number of results that are returned for the query and decrease amount of memory that need to store the the cache.

More information visit TechNet.

So as par my experience i fount that although super user and super reader have all the required permission in web application still system account getting access denied error.

Steps to check Super user and Super reader.

Required:-You must have farm administrator rights

1. Open Central Administrator.click on web application application.

2. select web application and from ribbon select policy tab.

3. Click add user form Zone select all zone and click next.

4. Here you can see super user and super admin . because this is claim based authentication so account look like below .

5. if users are not added than you need to add user with full control for super user and full read for super reader.(As par above image)

To add user enter name in user box and select permission by selecting right check box and click ok button.

6. After work with above accounts we need to run power sell script. You must have shell admin permission.

Get-SPShellAdmin.(Check sp shell admin account)

Add-SPshellAdmin(Add sp shell admin)

$wa = Get-SPWebApplication -Identity "<WebApplication>"

$wa.Properties["portalsuperuseraccount"] = "<SuperUser>"

$wa.Properties["portalsuperreaderaccount"] = "<SuperReader>"

$wa.Update()

Replace web application by your web application name. and SuperUser and SuperReader by your account name.

After successful run

7. Reset iis

Type iisreset in run and hit enter.

Check your site collection on particular web application access denied issue is resolved :).

Change Authentication classic-mode to claims-based authentication

In our environment we are using Claim base authenticating. We have one script that is provided by our Vendor to setup VM for our developers . When we run this script it create out all we application with site collection on desired port. but issue is that they all based on classic authentication and i need to change their authentication type.

To check authentication type

Open Central administrator go to application management and select manage web application.now you need to select web application which one you want to check and from ribbon select Authentication Provider and will prompt a window as below

So you can see this is Windows authenticate.

Now i want to change authentication  so our best friend power shell can help us :)

Perform the steps in the following procedure to convert existing Web applications to claims-based authentication

Open SharePoint management shell(powershell ) as administrator

copy below script and hit enter

$WebAppName = http://XYZ.com here you need to update with url which you want to cahnge
$wa = get-SPWebApplication $WebAppName
$wa.UseClaimsAuthentication = $true
$wa.Update()

Now 

$account = "yourDomain\yourUser" here you need to change from your service account with domain 
$account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
$wa = get-SPWebApplication $WebAppName
$zp = $wa.ZonePolicies("Default")
$p = $zp.Add($account,"PSPolicy")
$fc=$wa.PolicyRoles.GetSpecialRole("FullControl")
$p.PolicyRoleBindings.Add($fc)
$wa.Update()

now migrate user

$wa.MigrateUsers($true)

now perform provision

$wa.ProvisionGlobally()

after this when you check authentication as we check above

Congregate you change the authentication  

Add user as FAST search Administrator

Fortunately my current company giving me so much work in every area for example support to user for their newly created SharePoint (Cloud and On Premise) environment, Leading a Performance Test project or Work as Administrator in their huge environment (right because there are more than 80 VMs including Development, QA, Staging and Production environment) .Although I am developer but I am glad and enjoying this work.

Last week i got work to add user user as FAST search admin and After some goggling I got some knowledge, what is necessary to give user specific permission .

Steps that I followed

Add user in VM administrator group :- log in VM click right click on compute name and select Manage . Here you will find user and Group. Now find user name by Domain name/User ID (because we have multiple trusted ADs) and add it.

Now Open SharePoint Power shell script: Log in front end server and run power shell script now first I want to make sure that user is able to access power shell or not so I hit my first cmdlet

Get-SPShellAdmin

This cmdlet let me know about all users who can access Power shell script

Add-SPShellAdmin [-UserName]

This cmdlet help me to add user in power shell admin group make sure format of user name is

Domain name/user id or name here I am adding yf5764s

Now again user Get –SPShellAdmin and make sure it is added.

Now user can access Power shell script so we come half way but if this time user wants to perform some action from power shell script he will get error

Form this error you come to know now you need to give permission on FAST Search related database. To complete this task log in SQL server VM and first add user with sufficient Privileged on database, now I suggest you please try to achieve this by creating some AD group for easier but for this article I am giving direct access to user.

Login in SQL Server VM

Open SQL Management Studio

Connect with Server now and expand security from left pane.

Add New Login Now search user by Login Name Test box. After success find user click on User Mapping and select data base related to FAST Search and make him dbowner don’t forget to check box to mark,

Two most important services that use by fast search are FAST content SSA and FAST Query SSA

FAST Content SSA – this service is responsible to communicate from SharePoint central administrator to Fast Search Farm

FAST Query SSA – This service is responsible to take back result from FAST Farm to SharePoint Farm so results could be serve to end user.

If you visit to SharePoint configuration db you will find many databases like FASTContentSSA_crawlerStore************ and FASTQuerySSA_*************

so we need to keep in mind that that user must have owner rights on these database .

Click ok and ask user to make sure he can perform his action.