SharePoint Extranet configuration

We are in process of building out an Extranet for our Internal SharePoint environment primarily targeting External Partners (Non domain users) for now. We have few specific requirements for the scenario which includes setting 2-Factor authentication,
routing internal users to WFE's and external via a Reverse Proxy. We are considering to use ACS/WAAD to hold external user related credentials in cloud and use proxy and ADFS to relay information to ACS for authentication and utilize built-in 2-Factor authentication
offered by AAD-Premier option. My questions are more on the implementation here:-
1. What Reverse Proxy servers might work along with ACS (Azure Control Service) -UAG seems deprecated and i'm not too sure about F5 compatibility here
2. We plan to follow edge topology (keep all SP servers internal) and maintain a proxy server in DMZ to perform pre-auth and then relay information to WFE's after authentication. Do you see any challenges in this scenario?
3. I assume we need to open up TCP 443 only on my perimeter firewall and probably do SSL termination at Reverse Proxy and relay information via port 80 to internal servers. Do you see any issues in this scenario?
4. I'm wondering about setting trust in this scenario. Do we need to setup one-way trust between AAD on cloud and our Internal Corp ad. Please share you thoughts in regards to azure ad and internal SharePoint in terms of setting up trust
We don't want to consider split or perimeter topologies as this increases upkeep and also adds up the server as well.
Thanks in advance!

1. Windows Server 2012's Web Application Proxy role is the successor to the reverse proxy functionality of ISA/TMG/UAG. There are other third party applications and devices that can also be used. Some F5 devices do have this capability.
2. Usually organizations I work with have a security policy that says the external user's connection must terminate on a machine in the DMZ. In this case they would expect SharePoint WFE servers to exist in the DMZ while application servers and database
servers can exist on the LAN. Some organizations are challenged by the reverse proxy world view and don't consider this the end point. What you are asking will work if you're OK with this arrangement.
3. If you're terminating SSL at the reverse proxy then any traffic between it and your SharePoint servers will be unencrypted. Depending on the types of content you are storing in SharePoint this may not be acceptable to your organization. From a technical
perspecitve, if external users are using an https:// URL and internal users are using an http:// URL it could get confusing. You should redirect http to https on the reverse proxy and if possible either router internal users through it or have them use SSL
via some other method.
4. A typical resource domain that was built in your DMZ would trust your internal domain with a one-way trust. This would allow your internal users to authenticate on the servers in the resource domain and not vice versa. If you're building the SharePoint
farm internally and wanting to trust an external authentication provider, this can be a security risk. To be honest I'm not super familiar with the Azure AD options available to make any recommendation.
Jason Warren
@jaspnwarren
jasonwarren.ca
habaneroconsulting.com/Insights

Similar Messages

Sharepoint Extranet Configuration and ports

Hi.... I'm new to share point extranet design,we are creating extranet site and need to host on extranet DMZ.
so basic question is do we need to pull one web front from intranet environment and plug in extranet DMZ ?
If so how does webfront works there ? because it's running on intranet service accounts ? and extranet DMZ will not identify those service accounts ?
I also have list of ports to open to talk with CA. but not sure how and where to start.
Appreciate your help.
Thanks!
SPVIRU

Thank you Trevor :)
sorry for a late reply ..... I have some beginner questions,appreciate your help on answering these.
1)why do we need people picker ? and I can see number of ports on your link to make people picker work http://blogs.technet.com/b/wbaer/archive/2009/01/21/people-picker-port-protocol-requirements.aspx
2) do we need to open 1443/tcp ? not sure based on our security they will open tcp1443 for database they have another sql ends point can we open those ?
3)To enable full domain we need open many many ports ? what are those ports I have listed few below can you pls check those.
4)how does external users will be authenticated,we dont have UAG as of now ? is that compulsory , or can external users be authenticated on with intranet sql DB ?
can you please validate if this is required enough ?
Purpose
Ports Need to Open
INBOUND/OUTBOUND
Web browser request and response over SSL or TLS
SSL 443
Inbound
Web browser request and response
TCP 80
Inbound
TCP 443/80
Inbound
Search Crawling
TCP 443,
Outbound
Search Crawling
TCP 80
Outbound
Query Propagation
Direct Hosted SMB(TCP/UDP 445)--Recommended
OR
NetBIOS over TCP/IP (NetBT) (TCP/UDP 137, 138,139) (Not as secure) Disable if not used
Outbound
Ports required for communication between Web servers and service applications (the default is HTTP)
Http binding : port 32843
OR
Https binding : port 32844
OR
NET.TCP binding : 32845 (only if 3rd party has implemented third option for a service app
INBOUND
User profile sync
TCP/5725
TCP/UDP 389
            (LDAPservice)
TCP/UDP 53(DNS)
Inbound
SMTP(TCP 25)
Outbound / Inbound if applicable
Alerts or mail enabled lists
Recommendation: Block SQL Default Ports (TCP 1433, UDP 1434) and use a static custom port for Named SQL Instance.
SQL END Point
TCP Port 62015
HTTP   63030
HTTP raw         63041
Outbound
for sandbox solution
TCP/IP 32846
Outbound
SPVIRU

PowerPivot for SharePoint 2013 Configuration not starting

Dear,
I have
Windows 2008 R2 SP1 (up to date version)
SQL Server 2012 SP1 PowerPivot For SharePoint (11.1.3000.0 -> the number is from the control Panel)
But I try to run the command PowerPivot for SharePoint 2013 Configuration, the wizard is not starting : it closed with an error
If someone has idea, he is welcomed
Regards
Bohor

hi Muhammad,
thanks a lot for your help but what is "Powershare"?
About running Powerpivot configuration Tools with administrator rights , I have tried without success :-(
I have found the error log in the Windows event viewer, maybe it'll be helpful
Application : PowerPivotSPAddinConfiguration.exe
Version du Framework : v4.0.30319
Description : le processus a été arrêté en raison d'une exception non gérée.
Informations sur l'exception : System.TypeInitializationException
Pile :
à Microsoft.AnalysisServices.SPAddin.Configuration.Tool.App.Application_Startup(System.Object, System.Windows.StartupEventArgs)
à System.Windows.Application.<.ctor>b__1(System.Object)
à System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
à MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
à System.Windows.Threading.DispatcherOperation.InvokeImpl()
à System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
à System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
à System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
à System.Windows.Threading.DispatcherOperation.Invoke()
à System.Windows.Threading.Dispatcher.ProcessQueue()
à System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
à MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
à MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
à System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
à MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
à System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
à MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
à MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
à MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
à System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
à System.Windows.Application.RunDispatcher(System.Object)
à System.Windows.Application.RunInternal(System.Windows.Window)
à Microsoft.AnalysisServices.SPAddin.Configuration.Tool.App.Main()
and there is another message just after that said that the faulting module is
C:\Windows\system32\KERNELBASE.dll
regards
Bohor

SharePoint Products Configuration Wizard - Configuration Failed at step 10 of 10

A little background information. I am simply trying to create a SharePoint Server on my laptop. I utilized the Microsoft Hyper-V Manager
to create a Virtual Machine of which I have Windows Server 2012 R2 running. I have installed the SharePoint prerequisites via some power shell scripts that all seemed to have worked and I believe i even updated the server with all updates to date. <o:p></o:p>
<o:p> </o:p>
However, when I run the SharePoint Products Configuration i get a failure at step 10 of 10. I am a SharePoint developer and power user not an
administrator for Windows Server. Any assistance would be greatly appreciated. <o:p></o:p>
<o:p> </o:p>
<o:p> </o:p>
SharePoint Products Configuration Wizard<o:p></o:p>
Configuration Failed<o:p></o:p>
<o:p></o:p>
One or more configuration settings failed. Completed configuration settings will not be rolled back. Resolve the problem and run this configuration
wizard again. The following contatins detailed information about the failure:<o:p></o:p>
Failed to create sample data.<o:p></o:p>
<o:p> </o:p>
An exception of the type System.ServiceModel.ServerTooBusyException was thrown. Additional exception information: The HTTP service located
at<o:p></o:p>
http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc is
unavailable. This could be because the service is to busy or because no endpoint was found listening at the specified address. Please ensure that the address is correct and try accessing the service again later.<o:p></o:p>
<o:p> </o:p>
Click Finish to close this wizard.<o:p></o:p>
Larry Stupka

The First Thing Disable or Remove Antivirus / ForeFront, etc. and try if again it's failed then try clearing the cache.ini
you can find it in location
C:\ProgramData\Microsoft\SharePoint\Config\GUId
go inside the GUID and look for cache.ini
reset the value to 1
run the command stsadm -o execsvcadmjobs
try running the below command
psconfig.exe -cmd upgrade -inplace b2b -wait -force
Sajid H. A. Rashid Analyst Application Developer

SharePoint 2013 Configuration Wizard Missing Components after Install ServicePack 1

Hello,
today we have installed SharePoint Service Pack 1 for SharePoint Server 2013 inclusive Service Pack 1 for all language packs (we used the new released Service Packs).
Our SharePoint Environment has only one SharePoint Server.
Many
language packs
are
installed
on
this
server.
If we try to run the configuration wizard through the GUI, then we get the following error:
If we try to run "psconfig -cmd upgrade -inplace b2b -wait" then we get also an error:
SharePoint Products Configuration Wizard version 15.0.4569.1503. Copyright (C) Microsoft Corporation 2012. All rights reserved.
The upgrade command is invalid or a failure has been encountered.
The server farm will not work with missing installs. Add "-cmd installcheck -noinstallcheck" to the command-line to ignore this warning.
The following is missing on :
Service Pack 1 for Microsoft SharePoint Server 2013 Language Pack (KB2880554) 64-Bit Edition
Service Pack 1 for Microsoft SharePoint Server 2013 (KB2880552) 64-Bit Edition
Service Pack 1 for Microsoft SharePoint Server 2013 Language Pack (KB2880554) 64-Bit Edition
Service Pack 1 for Microsoft SharePoint Server 2013 (KB2880552) 64-Bit Edition
Service Pack 1 for Microsoft SharePoint Server 2013 (KB2880552) 64-Bit Edition
Service Pack 1 for Microsoft SharePoint Server 2013 (KB2880552) 64-Bit Edition
We checked the Installation in "Programm and Features", result see below:
Next step we run the PowerShell command: Get-SPProduct -local, result see below:
ProductName
Required Missing   Servers
Language Pack for SharePoint 2013 - Bulgarian/български                              True
{ServerName, }
Language Pack for SharePoint 2013 - Croatian/Hrvatski                                True
{ServerName, }
Language Pack for SharePoint 2013 - Romanian/Română
True               {ServerName, }
Language Pack for SharePoint 2013 - Thai/ไทย
         True               {ServerName, }
Language Pack for SharePoint and Project Server 2013 - Chinese (PRC)/中文(简体)    True               {ServerName, }
Language Pack for SharePoint and Project Server 2013 - Chinese (Taiwan)/中文 (繁體)   True               {ServerName, }
Language Pack for SharePoint and Project Server 2013 - Czech/čeština                 True
{ServerName, }
Language Pack for SharePoint and Project Server 2013 - Danish/dansk                  True
{ServerName, }
Language Pack for SharePoint and Project Server 2013 - Dutch/Nederlands              True               {ServerName,
Language Pack for SharePoint and Project Server 2013 - Finnish/suomi                 True
{ServerName, }
Language Pack for SharePoint and Project Server 2013 - French/Français               True               {ServerName,
Language Pack for SharePoint and Project Server 2013 - German/Deutsch                True
{ServerName, }
Language Pack for SharePoint and Project Server 2013 - Greek/Ελληνικά                True
{ServerName, }
Language Pack for SharePoint and Project Server 2013 - Hebrew עברית                  True
{ServerName, }
Language Pack for SharePoint and Project Server 2013 - Hungarian/magyar              True               {ServerName,
Language Pack for SharePoint and Project Server 2013 - Italian/Italiano              True               {ServerName,
Language Pack for SharePoint and Project Server 2013 - Japanese/日本語      True               {ServerName, }
Language Pack for SharePoint and Project Server 2013 - Korean/한국어                    True
{ServerName, }
Language Pack for SharePoint and Project Server 2013 - Norwegian/norsk               True               {ServerName,
Language Pack for SharePoint and Project Server 2013 - Polish/Polski                 True
{ServerName, }
Language Pack for SharePoint and Project Server 2013 - Portuguese/Português          True               {ServerName, }
Language Pack for SharePoint and Project Server 2013 - Portuguese/Português (Brasil) True               {ServerName, }
Language Pack for SharePoint and Project Server 2013 - Russian/русский               True               {ServerName,
Language Pack for SharePoint and Project Server 2013 - Slovak/Slovenčina             True               {ServerName,
Language Pack for SharePoint and Project Server 2013 - Spanish/Español               True               {ServerName,
Language Pack for SharePoint and Project Server 2013 - Swedish/svenska               True               {ServerName,
Language Pack for SharePoint and Project Server 2013 - Turkish/Türkçe                True
{ServerName, }
Language Pack for SharePoint and Project Server 2013 - Ukrainian/Українська          True               {ServerName, }
Microsoft SharePoint Server 2013
True               {ServerName, }
What's the mistake?
Why we can't run the configuration wizard?
Has anyone answers?
Thanks a lot.
Regards Mario

try to run the below command on all server in the farm and then run the config wizard
Get-SPProduct -Local
Above command basically update the product information into the configuration database. Read this blog from the Trevor.
http://thesharepointfarm.com/2013/12/the-magic-of-get-spproduct-local/
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

SharePoint 2013 Configuration Wizard failure while joining a WFE to the existing server farm.

Dears,
I've been troubleshooting an issue while trying to join a new WFE server to an existing SharePoint 2013 farm.
Issue Description:
When we run the wizard it runs for almost 30 to 45 minutes on the step 3 itself and eventually fails at the end with an error message "Failed to connect to the configuration Database..... Value doesn't fall within the expected range"
First I thought this is a connectivity issue with the config DB and monitored the complete operation very closely after checking the permissions and SQL server connection and happened to see that the server was able to connect to the farm and all the web
applications and the related solutions were pushed to the server and apparently the failure of the Wizard at below point: Followed by the error, all web sites and solutions were retracted and a complete roll back happens.
Can someone pls help me here at the earliest as I'm stuck ???
0
02/19/2015 11:36:41.60 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology bmt5
High Creating new application pool 'SecurityTokenServiceApplicationPool'.
02/19/2015 11:36:41.60 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 96ft
Medium Adding Domain\Account to local group IIS_WPG.
02/19/2015 11:36:41.60 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 96ft
Medium Adding Domain\Account to local group WSS_WPG.
02/19/2015 11:36:41.60 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 96ft
Medium Adding Domain\Account to local group PerformanceMonitorUsers.
02/19/2015 11:36:41.60 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 9sis
Medium Attempting to give SE_ASSIGNPRIMARYTOKEN_NAME privilege to application pool user Domain\Account
02/19/2015 11:36:41.60 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 9sit
Medium Attempting to give SE_INCREASE_QUOTA_NAME privilege to application pool user Domain\Account
02/19/2015 11:36:41.62 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology fx74
High An exception occured while committing IIS configuration changes: Value does not fall within the expected range.
02/19/2015 11:36:43.35 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology bmt5
High Creating new application pool 'SecurityTokenServiceApplicationPool'.
02/19/2015 11:36:43.35 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 96ft
Medium Adding Domain\Account to local group IIS_WPG.
02/19/2015 11:36:43.35 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 96ft
Medium Adding Domain\Account to local group WSS_WPG.
02/19/2015 11:36:43.35 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 96ft
Medium Adding Domain\Account to local group PerformanceMonitorUsers.
02/19/2015 11:36:43.35 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 9sis
Medium Attempting to give SE_ASSIGNPRIMARYTOKEN_NAME privilege to application pool user Domain\Account
02/19/2015 11:36:43.35 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 9sit
Medium Attempting to give SE_INCREASE_QUOTA_NAME privilege to application pool user Domain\Account
02/19/2015 11:36:43.35 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology fx74
High An exception occured while committing IIS configuration changes: Value does not fall within the expected range.
02/19/2015 11:36:45.09 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology bmt5
High Creating new application pool 'SecurityTokenServiceApplicationPool'.
02/19/2015 11:36:45.09 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 96ft
Medium Adding Domain\Account to local group IIS_WPG.
02/19/2015 11:36:45.10 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 96ft
Medium Adding Domain\Account to local group WSS_WPG.
02/19/2015 11:36:45.10 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 96ft
Medium Adding Domain\Account to local group PerformanceMonitorUsers.
02/19/2015 11:36:45.10 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 9sis
Medium Attempting to give SE_ASSIGNPRIMARYTOKEN_NAME privilege to application pool user Domain\Account
02/19/2015 11:36:45.10 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 9sit
Medium Attempting to give SE_INCREASE_QUOTA_NAME privilege to application pool user Domain\Account
02/19/2015 11:36:45.10 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology fx74
High An exception occured while committing IIS configuration changes: Value does not fall within the expected range.
02/19/2015 11:36:46.82 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology bmt5
High Creating new application pool 'SecurityTokenServiceApplicationPool'.
02/19/2015 11:36:46.82 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 96ft
Medium Adding Domain\Account to local group IIS_WPG.
02/19/2015 11:36:46.82 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 96ft
Medium Adding Domain\Account to local group WSS_WPG.
02/19/2015 11:36:46.82 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 96ft
Medium Adding Domain\Account to local group PerformanceMonitorUsers.
02/19/2015 11:36:46.82 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 9sis
Medium Attempting to give SE_ASSIGNPRIMARYTOKEN_NAME privilege to application pool user Domain\Account
02/19/2015 11:36:46.82 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 9sit
Medium Attempting to give SE_INCREASE_QUOTA_NAME privilege to application pool user Domain\Account
02/19/2015 11:36:46.82 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology fx74
High An exception occured while committing IIS configuration changes: Value does not fall within the expected range.
02/19/2015 11:36:48.52 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology bmt5
High Creating new application pool 'SecurityTokenServiceApplicationPool'.
02/19/2015 11:36:48.52 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 96ft
Medium Adding Domain\Account to local group IIS_WPG.
02/19/2015 11:36:48.52 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 96ft
Medium Adding Domain\Account to local group WSS_WPG.
02/19/2015 11:36:48.52 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 96ft
Medium Adding Domain\Account to local group PerformanceMonitorUsers.
02/19/2015 11:36:48.54 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 9sis
Medium Attempting to give SE_ASSIGNPRIMARYTOKEN_NAME privilege to application pool user Domain\Account
02/19/2015 11:36:48.54 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 9sit
Medium Attempting to give SE_INCREASE_QUOTA_NAME privilege to application pool user Domain\Account
02/19/2015 11:36:48.54 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology fx74
High An exception occured while committing IIS configuration changes: Value does not fall within the expected range.
02/19/2015 11:36:48.54 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology fx75
Unexpected Reached the retry limit for committing IIS configuration changes, the operation must be rerun.
02/19/2015 11:36:48.65 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology eru1
Medium Released mutex 'Global\Microsoft.SharePoint.SPIisProvisioningLock'
02/19/2015 11:36:48.65 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology aj4j4
Unexpected Joining Farm failed. The exception is Value does not fall within the expected range. StackTrace is at Microsoft.Web.Administration.Interop.AppHostWritableAdminManager.CommitChanges()
at Microsoft.Web.Administration.Configuration.CommitChanges() at Microsoft.Web.Administration.ConfigurationManager.CommitChanges() at Microsoft.Web.Administration.ServerManager.CommitChanges() at Microsoft.SharePoint.Administration.SPIisServerManager.CommitChanges(ApplyChanges
applyChanges) at Microsoft.SharePoint.Administration.SPIisProvisioningAssistant.ProvisionApplicationPool(String name, SecurityIdentifier sid, String password, SPIisApplicationPoolSettings settings) at Microsoft.SharePoint.Administration.SPIisManager.ProvisionApplicationPool(String
name, SecurityIdentifier sid, SecureString password, SPIisApplicationPoolSettings settings) at Microsoft.SharePoint.Administration.SPIisWebServiceApplicationPool.ProvisionLocal(SPIisWebServiceApplicationPoolProvisioningOptions options)
at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.ProvisionApplicationInstance() at Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceApplication.ProvisionLocal(SPServiceInstance serviceInstance)
at Microsoft.SharePoint.Administration.SPIisWebServiceInstance.Provision() at Microsoft.SharePoint.Administration.SPFarm.Join(Boolean skipRegisterAsDistributedCacheHost)
02/19/2015 11:36:48.65 psconfigui.exe (0x0FA4)
0x2D28 SharePoint Foundation
Topology 88ah
High Unjoining the farm.
BR,
Mukesh

Hi Pradeep, this wasn't due to any permission issue.. I was trying with the farm account which is a local admin group member as well as being a member of IIS_WPG.. on a continues investigation happened to find that the IIS config file was corrupted and which
encountered issues in the creation of app pool.. I had to tweak around some settings with the config file by considering the other WFE as a reference.. this actually fixed the issue..
BR,
Mukesh
Regards Mukesh

What is the best solution to create SharePoint Extranet Application for existing windows web application ?

Hello,
At present my SharePoint farm is having following domains:
1) Internal Domain - Domain1
2) External Trusted Domain - Domain2
And Following Intranet WebApplications having Windows Mode Authentication:
1) http://mywebapp1.Domain1.com - Single site collection
2) http://mywebapp2.Domain1.com - Multiple site collections
3) http://mywebapp3.Domain1.com - Multiple site collections
Both Domain1 and Domain2 users are able to access above web applications.
Now , we have requirement to add other trusted domains Domain3 , Domain4...etc. and create Extranet Application and I have following questions :
What kind of topology and Authentication is required ?
AD as User Identity storage location is better way for all other domains since there is trust ?
Do I need to just extend all the web applications in extra net zone and create site collection for different domains to isolate security and content as per the need ?
Is there any other best solution to implement extranet application under current environment ?
what kind of other factors are important to consider in order to create extranet application ?
Your help will be highly appreciated.
Thanks and Kind Regards,
Dipti Chhatrapati

Hi Tom,
I have following information till now:
External domain will be trusted with parent domain where SharePoint is installed.
Authentication of external domain will be Windows Authentication.
User Identity storage location will be Active Directory of external domain.
Site to be accessed by external domain will be http://mywebapp1.Domain1.com
Now question is :
Should I assign external AD group ( Domain2ADGroups ) to SP Web Application http://mywebapp1.Domain1.com
OR
Should I extend the application in extranet zone for external domain and then assign permission to extended
application ?
I guess , if authentication is same then no need to extend the application - correct ?
Thank you to look at this thread !
Dipti Chhatrapati

Sharepoint 2010 - configuration database size limit

Hi,
We have below scenario in our production farm. Ours is a SharePoint 2010 Enterprise Edition server.
Medium size farm (4 WFE, 4 App Servers, Content DBs in separate tier. No SharePoint search in this farm)
Configuration DB reached 250+ GB. Please clarify below queries.
1. What is the boundary limit for configuration database size?
2. How we can scale the configuration database?
3. Can we add multiple configuration database per farm?
4. What are the best practices and regular maintenance activities to be done to keep the configuration db size under control?
It would be really really great if someone gives some good knowledge in this area.

1) Not aware of one
2) You can add multiple files to the file group
3) No
Is the growth in the MDF or the LDF (log file)? If it is in the log file, are you using high availability (Clustering, Mirroring, Log Shipping, AlwaysOn)? If so, you need to run a BACKUP LOG periodically to maintain the LDF size, or allow you to truncate
the LDF.
Trevor Seward
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

SharePoint Adapter Configuration

Hi,
I'm trying to configure a SharePoint adapter in Biztalk 2010
I'm getting this error:
Unsupported machine configuration. WSS 4.0 is supported only if OS is 64 bit and IIS is running in native 64 bit mode. (CWssAdaCfg)
My Application Pool - Enable 32-bit Applications = False
My System is Windows Server 2008 R2 Enterprise 64-bit operating system
Any ideas why I'm getting this?
Thanks in advance

Hi,
Configuring SharePoint Adapter shouldn't be a problem on x64, see my
post and following instructions described in appropiate installation documentation.
HTH
Regards,
Steef-Jan Wiggers - MVP & MCTS BizTalk Server
blog: http://soa-thoughts.blogspot.com/
If this answers your question please mark it accordingly
BizTalk

SharePoint Product configuration wizard cannot Register "Document conversion Launcher Server"

Each time I run the SharePoint configuration wizard, it stop at the following step:-
It will mentioned that it install the document conversion service, but while registering it , the wizard will stop and it will raise a timeout exception.
Also when I tried to start the Document conversion related services from central administration, it showed that they are stopped and I cannot start them:-
Can anyone advice about this problem ?
Thanks

Hi john,
Please provide more detailed information about the error you met, and you can check the log file to find more information about this issue. The path of the log file is : C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\LOGS.
In addition, in Registry, Add a new key named "AcknowledgedRunningOnAppServer" of DWORD type at the below mentioned locations.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server\version\LauncherSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server\version\LoadBalancerSettings
Set the value to 1.
Restart the System.
More inforamtion, please refer to the link:
http://stackoverflow.com/questions/23184703/sharepoint-2013-sp1-install-error-during-product-configuration-step-5-failed-t
Best Regards,
Wendy
Wendy Li
TechNet Community Support

SharePoint 2013 Configuration Access denied

Hi While configuring the SharePoint 2013, getting the following error.
System.InvalidOperationException: An error occurred while getting information about the user sp_farm at server <ADserver>: Access is denied
at Microsoft.SharePoint.Win32.SPNetApi32.NetUserGetInfo1(String server, String name)
sp_farm is a Domain User, and local admin, for SQL server this account have sysadmin rights, still having the issue please help.

Basically SharePoint is trying to get information about this service account and access is denied. This is because you may be logged in on server and running Products and Configuration Wizard as a local user that does not have access to the AD OU to verify
the SP_Farm domain account.
Log out from sever and Log in again with "SP_Farm" user and re-launch the SharePoint Products and Configuration Wizard. Specify the SP_Farm account to connect to the SQL Database.Before you run the config wizard , please log in to SQL
Management Studio and remove the partially created farm database SharePoint_Config or use a different name the second time.
Thanks
Ganesh Jat [My Blog |
LinkedIn | Twitter ]
Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful.

Sharepoint 2010 Configuration failed

Hi,
Anyone please help. I'm new to sharepoint
After installing the sharepoint in my machine(OS Windows7 ) It showing the Configuration failed in the Share point Product Configuration Wizard.
Throws the below log message:
Begin trace logging for SharePoint 2010 Products Configuration Wizard. Version 14.0.6009.1000
03/11/2015 19:12:30 1 INF Entering function PsconfigUserInterfaceMain.Main
03/11/2015 19:12:30 1 INF Entering function Common.SetCurrentThreadCultureToInstalledCulture
03/11/2015 19:12:30 1 INF Entering function Common.SetThreadCultureToInstalledCulture
03/11/2015 19:12:30 1 INF Current thread culture is English (United States), current thread ui culture is English (United States), installed culture is English (United States)
03/11/2015 19:12:30 1 INF Leaving function Common.SetThreadCultureToInstalledCulture
03/11/2015 19:12:30 1 INF The current ui culture English (United States) is NOT right to left
03/11/2015 19:12:30 1 INF Leaving function Common.SetCurrentThreadCultureToInstalledCulture
03/11/2015 19:12:30 1 INF Creating the psconfig application context
03/11/2015 19:12:30 1 INF Entering function PsconfigApplicationContext.PsconfigApplicationContext
03/11/2015 19:12:30 1 INF Entering function UserInterface.UserInterface
03/11/2015 19:12:30 1 INF Leaving function UserInterface.UserInterface
03/11/2015 19:12:30 1 INF Entering function TaskDriver.TaskDriver
03/11/2015 19:12:30 1 INF Entering function TaskDriver.BuildCommandCollection
03/11/2015 19:12:30 1 INF Entering function CommandCollectionBase.CommandCollectionBase
03/11/2015 19:12:30 1 INF Leaving function CommandCollectionBase.CommandCollectionBase
03/11/2015 19:12:30 1 INF Entering function CommandCollection.CommandCollection
03/11/2015 19:12:30 1 INF Leaving function CommandCollection.CommandCollection
03/11/2015 19:12:30 1 INF Entering function CommandCollectionBase.CommandCollectionBase
03/11/2015 19:12:30 1 INF Leaving function CommandCollectionBase.CommandCollectionBase
03/11/2015 19:12:30 1 INF Entering function Command.Command
and etc. repeats the above message.
Please help me to solve this issue.
Best regards,
Renuka.V

For installing SharePoint 2010 at Windows 7 , You should change SP installer config file to allow client install -
<Setting Id="AllowWindowsClientInstall" Value="True"/>
Please follow steps described in these urls,
http://www.codeproject.com/Tips/373724/SharePoint-Installation-on-Windows
http://www.codeproject.com/Articles/44210/Installing-SharePoint-Server-on-Windows-x
Thanks
Ganesh Jat [My Blog |
LinkedIn | Twitter ]
Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful.

SharePoint Foundation 2013 - Search Configuration Issue - 2 App Servers and 2 Front-End Servers

Hi,
We have a SharePoint Foundation 2013 with SP1 Environment.
In that, we have 2 Front-End Servers and 2 App Servers. In the Front-End Servers, the Search Service is stopped and is in Disabled state and in the 2 App Servers in One App Server, Search is Online and in another Search is Starting but goes to Stopped sooon
after.
Originally, we had only 1 App Server and we were running our Search Service and Search Service Application in that. Now since the index location became full and we were unable to increase the drive there, we added one more App Server and now the issue is
Search is not properly getting configured in either of these App servers. What we want to do is run Search only in the new App Server, because we have a lot of storage space for Index locations here, but in the older App Server, not run Search at all. We
tried keeping the Search Service disabled and ran the below PowerShell Scripts, but none of the ones are working. These scripts are creating the Search Service Application, but the error of "Admin Component is not Online", "Could not connect
to the machine hosting SharePoint 2013 admin component" is coming up.
http://www.funwithsharepoint.com/provision-search-for-sharepoint-foundation-2013-using-powershell-with-clean-db-names/
http://blog.falchionconsulting.com/index.php/2013/02/provisioning-search-on-sharepoint-2013-foundation-using-powershell/
http://blog.ciaops.com/2012/12/search-service-on-foundation-2013.html
Can I get some help please?
Karthick S

Hi Karthick,
For your issue, could you provide the
detail error message of ULS log to determine the exact cause of the error?
For SharePoint 2013, by default, ULS log is at
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS
For troubleshooting your issue, you can try to run the SharePoint Products Configuration Wizard on your WFE servers and run the script for configuring the search service on SharePoint
Foundation:
[string]$farmAcct = "DOMAIN\service_Account"
[string]$serviceAppName = "Search Service Application"
Function WriteLine
Write-Host -ForegroundColor White "--------------------------------------------------------------"
Function ActivateAndConfigureSearchService
Try
# Based on this script : http://blog.falchionconsulting.com/index.php/2013/02/provisioning-search-on-sharepoint-2013-foundation-using-powershell/
Write-Host -ForegroundColor White " --> Configure the SharePoint Foundation Search Service -", $env:computername
Start-SPEnterpriseSearchServiceInstance $env:computername
Start-SPEnterpriseSearchQueryAndSiteSettingsServiceInstance $env:computername
$appPool = Get-SPManagedAccount -Identity $farmAcct
New-SPServiceApplicationPool -Name SeachApplication_AppPool -Account $appPool -Verbose
$saAppPool = Get-SPServiceApplicationPool -Identity SeachApplication_AppPool
$svcPool = $saAppPool
$adminPool = $saAppPool
$searchServiceInstance = Get-SPEnterpriseSearchServiceInstance $env:computername
$searchService = $searchServiceInstance.Service
$bindings = @("InvokeMethod", "NonPublic", "Instance")
$types = @([string],
[Type],
[Microsoft.SharePoint.Administration.SPIisWebServiceApplicationPool],
[Microsoft.SharePoint.Administration.SPIisWebServiceApplicationPool])
$values = @($serviceAppName,
[Microsoft.Office.Server.Search.Administration.SearchServiceApplication],
[Microsoft.SharePoint.Administration.SPIisWebServiceApplicationPool]$svcPool,
[Microsoft.SharePoint.Administration.SPIisWebServiceApplicationPool]$adminPool)
$methodInfo = $searchService.GetType().GetMethod("CreateApplicationWithDefaultTopology", $bindings, $null, $types, $null)
$searchServiceApp = $methodInfo.Invoke($searchService, $values)
$searchProxy = New-SPEnterpriseSearchServiceApplicationProxy -Name "$serviceAppName - Proxy" -SearchApplication $searchServiceApp
$searchServiceApp.Provision()
catch [system.exception]
Write-Host -ForegroundColor Yellow " ->> Activate And Configure Search Service caught a system exception"
Write-Host -ForegroundColor Red "Exception Message:", $_.Exception.ToString()
finally
WriteLine
ActivateAndConfigureSearchService
Reference:
https://sharepointpsscripts.codeplex.com/releases/view/112556
Thanks,
Eric
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected].
Eric Tao
TechNet Community Support

Sharepoint server 2013 configuration issue - failed to create configuration database

Hi All,
I have installed the SharePoint server 2013. After installing the SharePoint products, the configuration stops at failure of creating configuration database.
Some system configuration & info:
- 1 Domain controller server run Active Directory services on Windows server 2008 R2 SP1 (PC1 with name DC.Brainfiniti.com)
- 1 Server which is used for installing Sharepoint server 2013 and MS SQL server 2008 R2 SP1 (PC2 with name App.Brainfiniti.com)
- All of PCs were satisfied the requirement of Sharepoint server 2013
- Firewall turned off & No antivirus tool was installed.
- During installing of Sharepoint, choose "Complete" option: Farm mode and use SQL Server instead of SQL Express.
- During configuration, created a new farm with a domain user account.
- Use domain account to log on and install, configure in Sharepoint & SQL server (PC2)
ATTEMPTS:
1. Tried install and set up all of steps with just 1 account - domain administrator.
2. Tried with separate domain account:
- SQL Service account use for:
+ Install SQL server 2008
+ Connect all SQL services
+ Admin for SQL server
- Setup account use for:
+ Member of local administrator group in PC2
+ Install Sharepoint
+ Run Configuration wizard
+ Was granted permission in SQL database: dbcreator, securityadmin, sysadmin and deselect serveradmin role.
+ Was choose for the database account in configuration database step
Also tried with SQL service account in this step.
3. Tried with Standalone mode for Sharepoint installing
4. Trie with domain name: Brainfiniti.local
5. Tried with some another solution from topic relate to database configuration in our community but not successful.
But all attempts are failed at this configuration database step :'(
Please correct me if I am going wrong by missing something or do I need to start/install some services.
Screenshot Attached
Sorry! Cannot add screenshot because my account is still not verified. Will add later.
LOG ENTRY:
01/23/2013 06:58:28 1 INF        Entering function CreateCentralAdministrationSiteForm.CreateCentralAdministrationSiteFormInitializeBeforeShow
01/23/2013 06:58:28 1 INF          Found a task by the name of adminvs in the task collection
01/23/2013 06:58:28 1 INF          Entering function TaskCommon.GenerateRandomUnUsedPort
01/23/2013 06:58:28 1 INF            Entering function TaskCommon.EnsureIIs
01/23/2013 06:58:28 1 INF              Entering function PreRequisiteChecks.IsIisInstalled
01/23/2013 06:58:28 1 INF                Entering function PreRequisiteChecks.IsRightVersionOfIis
01/23/2013 06:58:28 1 INF                  Version of IIS is 7
01/23/2013 06:58:28 1 INF                Leaving function PreRequisiteChecks.IsRightVersionOfIis
01/23/2013 06:58:28 1 INF              Leaving function PreRequisiteChecks.IsIisInstalled
01/23/2013 06:58:28 1 INF              Entering function PreRequisiteChecks.IsRightVersionOfIis
01/23/2013 06:58:28 1 INF                Version of IIS is 7
01/23/2013 06:58:28 1 INF              Leaving function PreRequisiteChecks.IsRightVersionOfIis
01/23/2013 06:58:28 1 INF              Entering function ServiceHelper.Start
01/23/2013 06:58:28 1 INF                Trying to start service W3SVC and waiting 180 sec to do so
01/23/2013 06:58:28 1 INF                service W3SVC is Running, nothing to do
01/23/2013 06:58:28 1 INF                starting service W3SVC (it may already be started)
01/23/2013 06:58:28 1 INF              Leaving function ServiceHelper.Start
01/23/2013 06:58:28 1 INF            Leaving function TaskCommon.EnsureIIs
01/23/2013 06:58:28 1 INF            Trying to see if port 40993 is free on machine APP. Min port we will try is 1024, Max port we will try is 49151
01/23/2013 06:58:30 1 INF            A SocketException was thrown with
SocketError ConnectionRefused
01/23/2013 06:58:30 1 INF            Connect has been refused for port 40993, so we will consider this a free port
01/23/2013 06:58:30 1 INF            Have not found a free port yet. Number of tries is 1. Min port we will try is 1024, Max port we will try is 49151
01/23/2013 06:58:30 1 INF            Adding port 40993 to the exclusion list so it is not chosen again during this run
01/23/2013 06:58:30 1 INF          Leaving function TaskCommon.GenerateRandomUnUsedPort
01/23/2013 06:58:30 1 INF        Leaving function CreateCentralAdministrationSiteForm.CreateCentralAdministrationSiteFormInitializeBeforeShow
I just post a part of its logs which contain "error" string because it's too long.
According this log, there is a error in port connection but i've turned firewall off ???
Please help me with this mix up :'(
p/s: sorry for my English!
Thanks,
Hien Hoang

Below is the logs entry with "ERR" marked line:
01/23/2013 07:03:17 9 INF                    Now joining to farm at server app.brainfiniti.com database SharePoint_Config
01/23/2013 07:04:12 9 ERR                    Task configdb has failed with an unknown exception
01/23/2013 07:04:12 9 ERR                    Exception: System.Security.Principal.IdentityNotMappedException: Some or all identity references could not
be translated.
   at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.NTAccount.Translate(Type targetType)
   at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
   at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)
   at Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceCertificate.ProvisionLocal()
   at Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceApplication.ProvisionLocal(SPServiceInstance serviceInstance)
   at Microsoft.SharePoint.Administration.SPIisWebServiceInstance.Provision()
   at Microsoft.SharePoint.Administration.SPFarm.Join(Boolean skipRegisterAsDistributedCacheHost)
   at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()
   at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()
   at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()
01/23/2013 07:04:12 9 INF                    Entering function Common.BuildExceptionMessage
01/23/2013 07:04:12 9 INF                      Entering function StringResourceManager.GetResourceString
01/23/2013 07:04:12 9 INF                        Resource id to be retrieved is ExceptionInfo for language English (United States)
01/23/2013 07:04:12 9 INF                        Resource retrieved id ExceptionInfo is An exception of type {0} was thrown.
Additional exception information: {1}
01/23/2013 07:04:12 9 INF                      Leaving function StringResourceManager.GetResourceString
01/23/2013 07:04:12 9 INF                    Leaving function Common.BuildExceptionMessage
01/23/2013 07:04:12 9 INF                    Entering function Common.BuildExceptionInformation
01/23/2013 07:04:12 9 INF                      Entering function Common.BuildExceptionMessage
01/23/2013 07:04:12 9 INF                        Entering function StringResourceManager.GetResourceString
01/23/2013 07:04:12 9 INF                          Resource id to be retrieved is ExceptionInfo for language English (United
States)
01/23/2013 07:04:12 9 INF                          Resource retrieved id ExceptionInfo is An exception of type {0} was thrown.
Additional exception information: {1}
01/23/2013 07:04:12 9 INF                        Leaving function StringResourceManager.GetResourceString
01/23/2013 07:04:12 9 INF                      Leaving function Common.BuildExceptionMessage
01/23/2013 07:04:12 9 INF                    Leaving function Common.BuildExceptionInformation
01/23/2013 07:04:12 9 ERR                    An exception of type System.Security.Principal.IdentityNotMappedException was thrown. Additional exception
information: Some or all identity references could not be translated.
System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
   at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.NTAccount.Translate(Type targetType)
   at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
   at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)
   at Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceCertificate.ProvisionLocal()
   at Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceApplication.ProvisionLocal(SPServiceInstance serviceInstance)
   at Microsoft.SharePoint.Administration.SPIisWebServiceInstance.Provision()
   at Microsoft.SharePoint.Administration.SPFarm.Join(Boolean skipRegisterAsDistributedCacheHost)
   at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()
   at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()
   at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()
01/23/2013 07:04:12 9 INF                    Entering function Common.BuildExceptionInformation
01/23/2013 07:04:12 9 INF                    Entering function TaskBase.OnTaskStop
01/23/2013 07:04:12 9 INF                      Creating the OnTaskStop event for task configdb
01/23/2013 07:04:12 9 ERR                      Task configdb has failed
01/23/2013 07:04:12 9 INF                      friendlyMessage for task configdb is An exception of type System.Security.Principal.IdentityNotMappedException
was thrown. Additional exception information: Some or all identity references could not be translated.
01/23/2013 07:04:12 9 INF                      debugMessage for task configdb is An exception of type System.Security.Principal.IdentityNotMappedException
was thrown. Additional exception information: Some or all identity references could not be translated.
System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
   at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.NTAccount.Translate(Type targetType)
   at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
   at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)
   at Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceCertificate.ProvisionLocal()
   at Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceApplication.ProvisionLocal(SPServiceInstance serviceInstance)
   at Microsoft.SharePoint.Administration.SPIisWebServiceInstance.Provision()
   at Microsoft.SharePoint.Administration.SPFarm.Join(Boolean skipRegisterAsDistributedCacheHost)
   at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()
   at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()
   at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()
01/23/2013 07:04:12 9 INF                      Entering function TaskBase.FireTaskStateChanged
01/23/2013 07:04:12 9 INF                        Firing the OnTaskStateChanged event for task configdb
01/23/2013 07:04:12 9 INF                        Entering function TaskDriver.TaskStateEventHandler
01/23/2013 07:04:12 9 INF                          Entering function StringResourceManager.GetResourceString
01/23/2013 07:04:12 9 INF                            Resource id to be retrieved is ConfigurationDatabaseTaskDisplayName
for language English (United States)
01/23/2013 07:04:12 9 INF                            Resource retrieved id ConfigurationDatabaseTaskDisplayName
is configuration database
01/23/2013 07:04:12 9 INF                          Leaving function StringResourceManager.GetResourceString
01/23/2013 07:04:12 9 INF                          Received an TaskStateEventHandler event. task:configdb TaskBase.State:stopped
01/23/2013 07:04:12 9 INF                          Entering function TasksQueue.IncrementTaskFailed
01/23/2013 07:04:12 9 INF                            Incremented the number of tasks failed to 1
01/23/2013 07:04:12 9 INF                          Leaving function TasksQueue.IncrementTaskFailed
01/23/2013 07:04:12 9 INF                          Task configdb has stopped and failed. Total failed is now 1
01/23/2013 07:04:12 9 INF                        Leaving function TaskDriver.TaskStateEventHandler
01/23/2013 07:04:12 9 INF                        Entering function PsconfigBaseForm.TaskStateEventHandler
01/23/2013 07:04:12 9 INF                          Invoking the UI thread with the task state chagne event
01/23/2013 07:04:12 1 INF                          Entering function ConfigurationProgressForm.InvokeTaskStateEventHandler
01/23/2013 07:04:12 1 INF                            Received an TaskStateEventHandler event. task:configdb
TaskBase.State:stopped TaskBase.TaskResultconfigdb
01/23/2013 07:04:12 1 INF                            Acquiring the reader lock to retrieve the state
01/23/2013 07:04:12 1 INF                            Releasing the reader lock to retrieve the state
01/23/2013 07:04:12 1 INF                            Acquiring the reader lock to retrieve the state
01/23/2013 07:04:12 1 INF                            Releasing the reader lock to retrieve the state
01/23/2013 07:04:12 1 ERR                            Task configdb has stopped and failed. Total failed
is now 1
01/23/2013 07:04:12 1 INF                            Entering function Command.this[string key]
01/23/2013 07:04:12 1 INF                              Entering function CommandCollectionBase.Get
01/23/2013 07:04:12 1 INF                                Found value in collection for key
disconnect
01/23/2013 07:04:12 1 INF                              Leaving function CommandCollectionBase.Get
01/23/2013 07:04:12 1 INF                              Found parameter disconnect in collection
01/23/2013 07:04:12 1 INF                            Leaving function Command.this[string key]
01/23/2013 07:04:12 1 INF                            Entering function Command.this[string key]
01/23/2013 07:04:12 1 INF                              Entering function CommandCollectionBase.Get
01/23/2013 07:04:12 1 INF                                Found value in collection for key
connect
01/23/2013 07:04:12 1 INF                              Leaving function CommandCollectionBase.Get
01/23/2013 07:04:12 1 INF                              Found parameter connect in collection
01/23/2013 07:04:12 1 INF                            Leaving function Command.this[string key]
01/23/2013 07:04:12 1 INF                            Entering function Command.this[string key]
01/23/2013 07:04:12 1 INF                              Entering function CommandCollectionBase.Get
01/23/2013 07:04:12 1 INF                                Found value in collection for key
create
01/23/2013 07:04:12 1 INF                              Leaving function CommandCollectionBase.Get
01/23/2013 07:04:12 1 INF                              Found parameter create in collection
01/23/2013 07:04:12 1 INF                            Leaving function Command.this[string key]
01/23/2013 07:04:12 1 INF                            Entering function StringResourceManager.GetResourceString
01/23/2013 07:04:12 1 INF                              Resource id to be retrieved is ConfigurationDatabaseTaskCreateFailConfigDisplayLabel
for language English (United States)
01/23/2013 07:04:12 1 INF                              Resource retrieved id ConfigurationDatabaseTaskCreateFailConfigDisplayLabel
is Failed to create the configuration database.
01/23/2013 07:04:12 1 INF                            Leaving function StringResourceManager.GetResourceString
01/23/2013 07:04:12 1 INF                            Updating the task label below the progress bar Failed to
create the configuration database.
01/23/2013 07:04:12 1 INF                            Entering function FormParameterCollection.Add
01/23/2013 07:04:12 1 INF                            Leaving function FormParameterCollection.Add
01/23/2013 07:04:12 1 INF                            Last message from task configdb is An exception of type System.Security.Principal.IdentityNotMappedException
was thrown. Additional exception information: Some or all identity references could not be translated.
01/23/2013 07:04:12 1 INF                            Not running in high contrast, so we will paint the background
with our trademarked image
01/23/2013 07:04:12 1 INF                            Not running in high contrast, so we will paint the background
with our trademarked image
01/23/2013 07:04:12 1 INF                            Not running in high contrast, so we will paint the background
with our trademarked image
01/23/2013 07:04:12 1 INF                            Not running in high contrast, so we will paint the background
with our trademarked image
01/23/2013 07:04:12 1 INF                            Not running in high contrast, so we will paint the background
with our trademarked image
01/23/2013 07:04:12 1 INF                            Updating the task additional notification information below
the progress bar An exception of type System.Security.Principal.IdentityNotMappedException was thrown. Additional exception information: Some or all identity references could not be translated.
01/23/2013 07:04:12 1 INF                          Leaving function ConfigurationProgressForm.InvokeTaskStateEventHandler
01/23/2013 07:04:12 9 INF                          Sleeping an extra 1 ms so things don't go too fast for the user for this
task
01/23/2013 07:04:12 1 INF                          Not running in high contrast, so we will paint the background with our
trademarked image
01/23/2013 07:04:12 9 INF                        Leaving function PsconfigBaseForm.TaskStateEventHandler
01/23/2013 07:04:12 9 INF                      Leaving function TaskBase.FireTaskStateChanged
01/23/2013 07:04:12 9 INF                    Leaving function TaskBase.OnTaskStop
01/23/2013 07:04:12 9 INF                  Leaving function TaskThread.ExecuteTask
01/23/2013 07:04:12 4 INF                  Entering function StringResourceManager.GetResourceString
01/23/2013 07:04:12 4 INF                    Resource id to be retrieved is ConfigurationDatabaseTaskDisplayName for language English (United States)
01/23/2013 07:04:12 4 INF                    Resource retrieved id ConfigurationDatabaseTaskDisplayName is configuration database
01/23/2013 07:04:12 4 INF                  Leaving function StringResourceManager.GetResourceString
01/23/2013 07:04:12 4 ERR                  Task configuration database failed, so stopping execution of the engine
01/23/2013 07:04:12 4 INF                  Entering function Command.this[string key]
01/23/2013 07:04:12 4 INF                    Entering function CommandCollectionBase.Get
01/23/2013 07:04:12 4 INF                      Found value in collection for key disconnect
01/23/2013 07:04:12 4 INF                    Leaving function CommandCollectionBase.Get
01/23/2013 07:04:12 4 INF                    Found parameter disconnect in collection
01/23/2013 07:04:12 4 INF                  Leaving function Command.this[string key]
01/23/2013 07:04:12 4 INF                  Entering function Command.this[string key]
01/23/2013 07:04:12 4 INF                    Entering function CommandCollectionBase.Get
01/23/2013 07:04:12 4 INF                      Found value in collection for key connect
01/23/2013 07:04:12 4 INF                    Leaving function CommandCollectionBase.Get
01/23/2013 07:04:12 4 INF                    Found parameter connect in collection
01/23/2013 07:04:12 4 INF                  Leaving function Command.this[string key]
01/23/2013 07:04:12 4 INF                  Entering function Command.this[string key]
01/23/2013 07:04:12 4 INF                    Entering function CommandCollectionBase.Get
01/23/2013 07:04:12 4 INF                      Found value in collection for key create
01/23/2013 07:04:12 4 INF                    Leaving function CommandCollectionBase.Get
01/23/2013 07:04:12 4 INF                    Found parameter create in collection
01/23/2013 07:04:12 4 INF                  Leaving function Command.this[string key]
01/23/2013 07:04:12 4 INF                  Entering function StringResourceManager.GetResourceString
01/23/2013 07:04:12 4 INF                    Resource id to be retrieved is ConfigurationDatabaseTaskCreateFailConfigDisplayLabel for language English
(United States)
01/23/2013 07:04:12 4 INF                    Resource retrieved id ConfigurationDatabaseTaskCreateFailConfigDisplayLabel is Failed to create the configuration
database.
01/23/2013 07:04:12 4 INF                  Leaving function StringResourceManager.GetResourceString
01/23/2013 07:04:12 4 ERR                  Failed to create the configuration database.
An exception of type System.Security.Principal.IdentityNotMappedException was thrown. Additional exception information: Some or all identity references could not be translated.
System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
   at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.NTAccount.Translate(Type targetType)
   at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
   at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)
   at Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceCertificate.ProvisionLocal()
   at Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceApplication.ProvisionLocal(SPServiceInstance serviceInstance)
   at Microsoft.SharePoint.Administration.SPIisWebServiceInstance.Provision()
   at Microsoft.SharePoint.Administration.SPFarm.Join(Boolean skipRegisterAsDistributedCacheHost)
   at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()
   at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()
   at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()
01/23/2013 07:04:12 4 INF                  Entering function TaskDriver.NotifyTaskSummary

SP 2010 upgrade fails Error C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\config\WEBCONFIG.ACCSRV.XML, does not have element "configuration/configSections/sectionGroup[@name='SharePoint']"

I was upgrading my SP 2010 server to SP1 but at step 8 i get this error. I cleared configuration cache, moved the file out of the folder, got the same file from other farm where upgrade went smooth, but no success yet. I am at loss.
So i have another farm in SP1. As a fall back option i was thinking to move content database on that server and start hosting site there but now i find out pre sp1 content databse cannot be moved to sp1 farm just through content database migration.
Do only choice i have is to build dummy sp 2010 environment, move content database there and do upgrade there and move it to final production environment?
Is there anything else i can do for either upgradeing the current sp 2010 or moving it to new 2010 already on SP1?
Can pre sp1 2010 content db be moved to sp2013 sp1 directly?
Adit

Hi ,
How many SharePoint servers do you have? If you have more than one SharePoint server, you need to install SP1 on all servers in the farm.
Make sure you run SharePoint 2010 configuration wizard using “Run As administrator”.
Please check the log to find more information about this issue.
In addition, here is a similar post, please take a look at:
http://sharepointnomad.wordpress.com/2014/02/23/fixing-sharepoint-2010-configuration-wizard-error-webconfig-accsrv-xml-does-not-have-element-configurationconfigsectionssectiongroupnamesharepoint-or-it-is-invalid/
Best Regards,
Wendy
Wendy Li
TechNet Community Support

SharePoint Extranet configuration

Similar Messages

Maybe you are looking for