Cumulative Update – Fixes June 2015 SharePoint 2010 (201506-SP2010)

Its hard to keep track of what bugs were fixed a cumulative update. I intend to share my reading and document the fixes that come out every month across SharePoint products. Some call it regurgitating what’s already out there… but good luck finding it in Google search! Some updates aren’t cumulative . Hope this blog posts help someone some day!

Disclaimer: Cumulative Updates are to be applied specifically when you have an issue fixed by it, I recommend you keep a close eye on the security fixes that come with Cumulative Updates and then decide accordingly. Don’t rush to apply a Cumulative Update just for the sake of it. Many Cumulative Updates have had serious issues in the past and there’s no easy rollback! http://www.jeremytaylor.net/2014/04/12/latest-cumulative-updates-service-packs-hotfixes-sharepoint-sql/

 

Name: June 2015 Cumulative Update for SharePoint 2010

Build: ​14.0.7151.5001 ​

For previous build numbers: http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=224

 

SharePoint Foundation 2010 fixes

This security update contains fixes for the following nonsecurity issues:

  • When you click a user name if multiple matches are found for a people field on a SharePoint Server 2013 site in Internet Explorer 11, the matches are not displayed.
  • You cannot scroll to see the resources on the right-side grid of the build team page if there are many resources.

Pasted from <https://support.microsoft.com/en-us/kb/3054847>

 

Security Updates in June 2015 for SharePoint Foundation 2010:

Microsoft Security Bulletin: MS15-046 (rereleased)

  1. Multiple Microsoft Office Memory Corruption Vulnerabilities – CVE-2015-1682

 Vulnerability information:

Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.

An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Source: https://technet.microsoft.com/library/security/MS15-046

 SharePoint Server 2010 fixes (includes the above fixes)

 

 

  • This update improves the English proofing tools.

 

Source: https://support.microsoft.com/en-us/kb/3054874

 

 

Security Updates in June 2015 for SharePoint Server 2010:

Microsoft Security Bulletin: MS15-046 (re-released!)

  • IMPORTANT UPDATE:

V3.0 (June 9, 2015): To address issues with the security updates for all affected Microsoft Office 2010 software, Microsoft re-released MS15-046 to comprehensively address CVE-2015-1682. Microsoft recommends that customers running affected Office 2010 software should install the security updates released with this bulletin revision to be fully protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3057181 for more information and download links.

 

 Vulnerability information:

See https://technet.microsoft.com/library/security/MS15-046

Project Server 2010 (includes the above fixes)

This update fixes the following issue:

  • When you try to edit a resource in Project Web App, you receive an unknown error that resembles the following in the ULS logs:

 

Exception occurred in method Microsoft.Office.Project.Server.BusinessLayer.Project.ProjectQueueUpdatePDPProjectCF System.Data.SqlClient.SqlException: The EXECUTE permission was denied on the object ‘MSP_ReadLocalAndEnterpriseLookupTableInfoByUIDs’, database ‘ProjectServer_Published_PWA’, schema ‘dbo’.

 

Source: https://support.microsoft.com/en-us/kb/3054887


Cumulative Update – Fixes May 2015 SharePoint 2010 (201505-SP2010)

Name: May 2015 Cumulative Update for SharePoint 2010

Build: ​14.0.7149.5000 ​

Its so hard to keep track of what bugs were fixed a cumulative update. I intend to share my reading and document the fixes that come out every month across SharePoint products. Who knows it may help someone some day!

Disclaimer: Cumulative Updates are to be applied specifically when you have an issue fixed by it, I recommend you keep a close eye on the security fixes that come with Cumulative Updates and then decide accordingly. Don’t rush to apply a Cumulative Update just for the sake of it. Many Cumulative Updates have had serious issues in the past and there’s no easy rollback! http://www.jeremytaylor.net/2014/04/12/latest-cumulative-updates-service-packs-hotfixes-sharepoint-sql

For previous build numbers: http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=224

 

SharePoint Foundation 2010 fixes

Improvements and fixes

This security update contains fixes for the following nonsecurity issues:

  • Incoming email messages are not processed if the Sandboxed Solutions Resource Quota value for the site collection is set to 0.
  • When you open a page that contains multiple value lookup fields, you receive the following error message:
    Sorry, something went wrong Attempted to use an object that has ceased to exist. (Exception from HRESULT: 0x80030102 (STG_E_REVERTED))
  • Assume that you use the IfHasRights function to customize a Data Form Web Part (DFWP). When you save the form and go to the form in browser, you receive the following error message:
    Unable to display this Web Part. To troubleshoot the problem, open this Web page in a Microsoft SharePoint Foundation-compatible HTML editor such as Microsoft SharePoint Designer. If the problem persists, contact your Web server administrator.

Source: https://support.microsoft.com/en-au/kb/3017815

 

Security Updates in May 2015 for SharePoint Foundation 2010:

Microsoft Security Bulletin: MS15-047

  • Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution – Microsoft SharePoint Page Content Vulnerabilities – CVE-2015-1700

Microsoft SharePoint Server 2010 Service Pack 2 (2956192)

Vulnerability information:

Remote code execution vulnerabilities exist when SharePoint Server improperly sanitizes specially crafted page content. An authenticated attacker could attempt to exploit these vulnerabilities by sending specially crafted page content to a SharePoint server. The attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site. Systems that are running an affected version of SharePoint Server are primarily at risk.

Source: https://technet.microsoft.com/library/security/MS15-047

 

SharePoint Server 2010 fixes (includes the above fixes)

  • Translates some terms to multiple languages to make sure the accuracy of the meaning.

Source: https://support.microsoft.com/en-au/kb/2956199

 

  • Updates Yoruba proofing tools.

Source: https://support.microsoft.com/en-au/kb/2920814

 

Security Updates in May 2015 for SharePoint Server 2010:

Microsoft Security Bulletin: MS15-046

  • Vulnerabilities in Microsoft Office Could Allow Remote Code Execution – Memory Corruption Vulnerability CVE-2015-1682

Microsoft SharePoint Server 2010 Service Pack 2 – Word Automation Services (2965233)

Microsoft SharePoint Server 2010 Service Pack 2 – Excel Services (2956194)

 

Vulnerability information:

Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.

An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Project Server 2010 (includes the above fixes)

Fixes the following issues:

  • When you try to insert a task for a project in the Schedule Web Part in Project Web App, you receive the following error message:
    This edit is unsupported in Project Web App.
    This issue occurs if the project has a particular structure of outline levels or task indentations and if you are using Internet Explorer 11.
  • When you export or print a resource plan for a project in Project Web App, the work or full-time equivalent is incorrect. For example, suppose that you enter the values 1d, 2d, and 3d. The print may show the values as 0.63d, 1.75d, and 2.63d.
  • When you publish a project in Project Web App in which tasks contain formulas that use the ProjDateDiff function, incorrect calculations may be made. This issue occurs if your project calendar does not use the default calendar configuration (08:00-12:00 and 13:00-17:00).

Source: https://support.microsoft.com/en-au/kb/2965314


ULS log viewer for SharePoint 2013

Good news for all the on-premises SharePoint Infrastructure Admins and Developers. An improved ULS Log viewer for SharePoint 2013 has been released a few days ago. I was concerned for a couple of years that there wasn’t any movement on updating my number 1 favourite SharePoint tool. However, I did see a video where Bill Baer there was a hint of how bad the tool was and they’d do something about the tool.. so here it is – a new ULS Log Viewer……

Download it here:

http://www.microsoft.com/en-us/download/details.aspx?id=44020

Some new features:

1. Monitor multiple servers simultaneously

ULSLogViewer-SharePoint2013

2. Locate specific log entries via command line

3. Highlight and personalise the output if a filter match occurs

Some fixes I have noticed:

1. More stability when working with the filters

2. Multiple fixes such as filtering on pause state

Source: http://blogs.technet.com/b/wbaer/archive/2014/08/22/uls-viewing-like-a-boss-uls-viewer-is-now-available.aspx

Can we use it for SharePoint 2010?

Yes! It works well for SharePoint 2010. However, you would need to ensure that .NET 4.5.1 is installed on the server you run ULS Viewer on. With SharePoint 2010, .NET 3.5 is used and you might not find .NET 4.5.1 on your SharePoint 2010 servers.

Download Microsoft .NET Framework 4.5.1 (Offline Installer) here: http://www.microsoft.com/en-au/download/details.aspx?id=40779

I have tested it successfully on Windows Server 2012, Windows Server 2012 R2 and Windows Server 2008 R2.


IISRESET across SharePoint farm servers

Here is something I use when I want to perform an IISRESETacross an entire SharePoint farm. Its useful if you have a large SharePoint farm.
Oh – yea, this will take down your farm while the IISRESET is restarting the services, so its best to test this on a non production environment first. Ensure you have an outage/agreed maintenance window to perform this task on a production farm.

All you got to do is spin up PowerShell on any SharePoint server in the farm and run this:

Write-Host -ForegroundColor Blue “IIS will  be reset across the entire farm”
Add-PSSnapin Microsoft.SharePoint.PowerShell -erroraction SilentlyContinue
[array]$servers= Get-SPServer | ? {$_.Role -eq “Application”}
$farm = Get-SPFarm
foreach ($server in $servers)
{
     Write-Host -ForegroundColor Yellow “Attempting to reset IIS for $server”
        iisreset $server /noforce “\\”$_.Address
        iisreset $server /status “\\”$_.Address
        Write-Host
        Write-Host -ForegroundColor Green “IIS has been reset for $server”
        Write-Host
}
Write-Host -ForegroundColor Green “IIS has been reset across the SharePoint Farm”
Start-Sleep -Seconds 5
Write-host

 

Reference: http://wellytonian.com/2012/04/iis-reset-your-whole-sharepoint-farm/


Retrieve / Decrypt lost password from Application Pools in IIS SharePoint

If you don’t have access to your organisations password safe or if you or your team mate has forgotten to add a password to a certain service account used in SharePoint, it is possible to retrieve the password from IIS!

There is a way to find out the application pool identity password via command line thanks to the inetsrv appcmd! :)

Open IIS and take note of the application pool name that runs the application pool identity with the password you want to retrieve.
In my example it is “SharePoint – intranet80”, so please replace this as appropriate to your environment.
Keep in mind – this works for any IIS application pool – SharePoint web app, SharePoint service applications or non SharePoint IIS / .NET sites application pools!

Open a command prompt and run this:

&$env:windir\system32\inetsrv\appcmd.exe list apppool "SharePoint - intranet80" /text:ProcessModel.Password

 
Thanks:
http://joelblogs.co.uk/2012/09/22/recovering-passwords-for-sharepoint-2010-farm-web-application-and-service-application-accounts/


Clear SharePoint cache

It may be necessary to clear the SharePoint cache, depending on the circumstance and symptoms such as unexpected results with timer jobs may occur.

Clearing the SharePoint cache can be summaried by the following 4 steps:

1. Stop the Timer service on all servers in the farm

2. Backup the Cache.ini file on all servers in the farm

3. Delete XML files on all servers in the farm

4. Start the Timer service on all servers in the farm

Continue reading


Configure IP forwarding for NLB PowerShell

There are advantages of having two Network Interface Cards – NICs on webservers – specially with SharePoint, since I work with SharePoint most of the time (some other open source products too!).

When configuring ‘Unicast’ NLB mode, Unicast takes over the NIC, thats why we used to create two NICs and set up IP forwarding so that requests that arrive on one NIC (Public) are sent to the other NIC (Private) connected to the other servers in the domain.

Here are the steps I follow to configure NLB and IP forwarding between the two NICs (multi-homed computer for the experienced). 😉

1. I usually rename the first NIC as “Private”.

2. Add a new NIC and call it “Public”.
Configure an IP address and Subnet mask. Do not configure a default gateway on the Public NIC.

3. Configure the Windows NLB cluster.
In Windows Server 2012, to add the NLB feature:
Add-WindowsFeature -Name NLB
Add-WindowsFeature -Name RSAT-NLB
Configure the Windows NLB cluster (google up for more info)

4. Configure IPv4 forwarding via PowerShell:
Set-NetIPInterface -InterfaceAlias Public -AddressFamily IPv4 -Forwarding Enabled

5. Point your DNS A record to the IP of the ‘Public’ NIC.


Have you tried the Merge-SPLogFile command when troubleshooting?

When troubleshooting SharePoint issues, the best way to filter out all the noise from your log files and sort it for easier troubleshooting is to use the ULS Log viewer tool.

Refer to my blog post on the ULS Log viewer comparison and verdict to get a feel for the other options and see how I got to my conclusion there. http://www.jeremytaylor.net/2012/07/14/sharepoint-uls-log-viewer-tool-comparison-and-verdict/

However, this ULS Log viewer tool does not display logs from other servers in the SharePoint farm, unless obviously its a single server farm.

The way to help you with a multiserver farm is to run the Merge-SPLogFile command in the SharePoint management shell. This command “merges” all logs from other servers in the farm and combines them into one ULS log file on the local server. That file can then be opened in your favourite ULS log viewer for troubleshooting.

Note: this works in both SharePoint 2013 and SharePoint 2010.

So how do we use it?

Here is an example of how I use it to grab all logs between say 10AM and 10:30AM on the 23rd July 2013:

Merge-SPLogFile -Path "D:\Temp\MergedLog-20130723-1000-1030.log" -StartTime "23/07/2013 10:00:00" -EndTime "23/07/2013 10:30:00"

If I know the correlation ID, then I would recommend you run the following command after updating it to your correlation ID:

Merge-SPLogFile -Path D:\Temp\MergedLog-419ac99c-81b2-0077-378d-3c23767d2955.log -Correlation 419ac99c-81b2-0077-378d-3c23767d2955

 

 

2014-11-07_10-39-43

Merge-SPLogFile looks across all the servers in the farm, aggregates the logs with the correlation ID and creates the aggregated .log file.

The merged log file containing only the  information you specified and require. In this case, a certain correlation ID.

The merged log file containing only the information you specified and require. In this case, a certain correlation ID.

 

Open the log file up in ULSViewer!

Open the log file up in ULSViewer!

 

There are a lot more examples of what you can do with Merge-SPLogFile you can get by typing this in the SharePoint management shell:

Get-help Merge-SPLogFile -examples Continue reading 

SharePoint Backup and Restore best practices

Some time ago, I was collecting some Backup & Restore best practices for SharePoint and I came across this post.

It talks about various aspects of backup and restore for a SharePoint farm. Its based on SharePoint 2010 but can be applied to SharePoint 2013.

  • IIS Configurations required in a Disaster Recovery
  • Backup Scenarios
  • Restore Scenarios
  • SQL Backup maintenance plans
  • Overview of monitoring with SCOM (System Center Operations Manager)
  • DPM (System Center Data Protection Manager)

Worth a look: http://blogs.technet.com/b/surama/archive/2012/05/29/sharepoint-2010-backup-and-restore-best-practices.aspx


Host Named Site Collections SharePoint 2013

Here is a summary of the steps to create a new Host Named Site Collection (HNSC)

  • Create a new Web Application – default Web App on port 80 or use an existing Web Application.  I chose http://HNSCWebApp as my Web Application – the default Web App listening on port 80 on all my Web servers in the farm.
  • Note – HNSC can be created on a non default Web Application but you’ll need to add bindings in IIS for your HNSC as the Web Application isn’t listening to all port 80 requests and would need to know about the HNSC it hosts. Thats why a lot of blogs usually specify HNSCs on default web apps, because adding IIS bindings can get messy. But its worth a note in this post.
  • Decide what your new Site Collection unique URL should be. I chose http://test and http://teamsite to run off a Team Site template.
  • Run the following in the SharePoint Management Shell:
$w = Get-SPWebApplication http://hnscwebapp
New-SPSite http://test -OwnerAlias "testdomain\testowner" -HostHeaderWebApplication $w -Name "test" -Template "STS#0"
New-SPSite http://teamsite -OwnerAlias "testdomain\testowner" -HostHeaderWebApplication $w -Name "teamsite" -Template "STS#0"
  • Ensure that you create a dummy ‘root’ site collection with a site template http://hnscwebapp. Its required for Search & Send to Other location.
  • Configure kerberos for your Host Name site collection.
  • Create a Managed Path if required (New-SPManagedPath)
  • You can create new zones for HNSC so that it can be accessible via a different name.

 

My recommended links for you to read:

Wicto Wilen – Clearing up the confusion with Host Named site collections and Path Based site collections
http://www.wictorwilen.se/clearing-up-the-confusion-with-host-named-site-collections-and-path-based-site-collections

Marko Rosberg – For more information on creating Host Named Site Collections  and App host configuration:
http://www.sharepointblues.com/2012/11/22/configurin-sharepoint-2013-host-named-site-collections-and-apps-host

Kirk Evans – Host Named Sited Collection in SharePoint 2010 (applies to SharePoint 2013):
http://blogs.msdn.com/b/kaevans/archive/2012/03/27/what-every-sharepoint-admin-needs-to-know-about-host-named-site-collections.aspx

Technet – Host-named site collection architecture and deployment (SharePoint 2013):
http://technet.microsoft.com/en-us/library/cc424952.aspx

Brian Farnhill – Multiple zones for host named site collections in SP2013
http://blogs.msdn.com/b/brian_farnhill/archive/2014/07/08/multiple-zones-for-host-named-site-collections-in-sp2013.aspx