DelegateControl: Exception thrown while adding control. The file name you specified could not be used. SharePoint 403 forbidden.

Came across a weird issue today some of the users were getting 403 forbidden when access SharePoint sites. Find out one of the WFEs was acting up and showing 403 all the times when user’s request hit that bad server.

Did IIS reset, reboot, added app pool account in “local security policies”  at “Impersonate a client after authentication” but none of them worked.

I find lots of access denied entries in ULS logs but no account was mentioned. Below are some entries from the ULS.

Failed to open the file ‘C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\Template\Features\Publishing\Pages\schema.xml’.
Getting Error Message for Exception Microsoft.SharePoint.SPException: Invalid file name.  The file name you specified could not be used.  It may be the name of an existing file or directory, or you may not have permission to access the file. —>
System.Runtime.InteropServices.COMException: Invalid file name.  The file name you specified could not be used.  It may be the name of an existing file or directory, or you may not have permission to access the file
An unexpected error has been encountered in this Web Part.  Type: Microsoft.SharePoint.WebPartPages.XsltListViewWebPart, Error: Invalid file name.  The file name you specified could not be used.  It may be the name of an existing file or directory, or you may not have permission to access the file.
Getting Error Message for Exception System.Web.HttpUnhandledException (0x80004005): Exception of type ‘System.Web.HttpUnhandledException’ was thrown. —> Microsoft.SharePoint.SPException: Invalid file name
DelegateControl: Exception thrown while adding control ‘ASP._controltemplates_15_metadatanavtree_ascx’: Microsoft.SharePoint.SPException: Invalid file name.  The file name you specified could not be used.  It may be the name of an existing file or directory, or you may not have permission to access the file.

Resolution:
After reviewing log files I started looking at the permissions at the folder level and notice that two accounts have no permissions at all on any folder in 15hive. “Network Service” & “ServerName\Users”
Added these 2 accounts at the 15hive folder, gave read and execute permissions and everything started working, no more forbidden 403.

Still not sure how those 2 accounts got removed but during my search for this issue I could find this solution anywhere. Hope this will help some running into the same issue.

 

Inventory : Get the size of each document in SharePoint.

The script below can be used to get the size of each document in a web application but in our case, we had thousands of site collections in a single web application so I wrote this script to read from a csv file to get the size of each document from a selected set of the site collection.

Script also provides some other useful information like created by and created date. You can also set the limit on size for the reporting purpose.

List document size per site collection from csv file.

  <# Function will read the sites from csv file and generate a list of the document larger then the size (MB) mentioned #>

   Add-PSSnapin Microsoft.SharePoint.Powershell
   Function Get-DocSize()
   {
   $URLs=Get-Content E:\scripts\GetAttachmentSize\Sites.csv #<-csv file path 
       foreach($URL in $URLs)
       {
          $site = New-Object Microsoft.SharePoint.SPSite $Url
              foreach($web in $site.AllWebs)
              {
                  foreach($list in $web.Lists) 
                  {
                      if($list.BaseType -eq "DocumentLibrary") 
                      {
                          foreach($item in $list.Items) 
                          {
                              if($item.file.Length/1MB -gt 72) #<-- Change size here 
                              {
                                  $data = @{
                                      "Web Application" = $site.WebApplication
                                      "Site" = $site.Url
                                      "Web" = $web.Url
                                      "list" = $list.Title
                                      "Item Title" = $item.Title
                                      "Item Name"  =$item.Name
                                      "File Size" = $item.File.Length/1MB
                                       }
                                New-Object PSObject -Property $data
                             }}
               }}  }
                    #$web.Dispose();
                   # $site.Dispose()
                }}
                Get-DocSize | Out-GridView 

List document size from all site collections in a web application.  

      Add-PSSnapin Microsoft.SharePoint.Powershell
      Function Get-DocSize($URL)
      {
          $Webapp=Get-SPWebApplication $URL
          foreach($Site in $Webapp.Sites)
          { 
             foreach($web in $site.AllWebs)
             {
                foreach($list in $web.Lists) 
                {
                     if($list.BaseType -eq "DocumentLibrary") 
                     {
                         foreach($item in $list.Items) 
                         {
                             if($item.file.Length/1MB -gt 20) #<-Set the size here
                             {
                                 $data = @{
                                     "Web Application" = $site.WebApplication
                                     "Site" = $site.Url
                                     "Web" = $web.Url
                                     "list" = $list.Title
                                     "Item Title" = $item.Title
                                     "Item Name"  =$item.Name
                                     "File Size" = $item.File.Length/1MB
                                     }
                             New-Object PSObject -Property $data
                            }}
                 }}  }
           $web.Dispose()
           $site.Dispose()
          }}
     Get-DocSize "http://sandbox" | Out-GridView 

Hope this will help someone looking for the same…

The workflow was canceled by System Account – Out of the box workflows stopped working in SharePoint.

The workflow was canceled by System Account – Out of the box workflows stopped working in SharePoint.

Issue description:
After installing September.Net Security patches, all workflows in SharePoint stopped working and when click on status of the workflow to see the details it shows

Workflow was canceled by System Account.

Error message in ULS logs. 
10/05/2018 15:27:29.96 w3wp.exe (0x4E6C) 0x7C2C SharePoint Foundation Legacy Workflow Infrastructure 72fs Unexpected RunWorkflow: Microsoft.SharePoint.SPException: <Error><CompilerError Line=”-1″ Column=”-1″ Text=”Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file.” /><CompilerError Line=”-1″ Column=”-1″ Text=”Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file.” /><CompilerError Line=”0″ Column=”0″ Text=”Activity ‘ID5’ validation failed: Property &quot;Condition&quot; has invalid value. Condition expression is invalid. The condition expression can not be null.” /><CompilerError Line=”0″ Column=”0″ Text=”Activity ‘ID128’ validation failed: Property &quot;Condition&quot; has invalid value. Condition expression is invalid. The condition expression can not be null.” /></Error> at Microsoft.SharePoint.Workflow.SPNoCodeXomlCompiler.LoadXomlAssembly(SPWorkflowAssociation association, SPWeb web)

Resolution:
As mentioned in the error message “System.CodeDom.CodeBinaryOperatorExpression” is not marked as authorized in the application configuration file”, to resolve this issue we need to add those assemblies’ types as authorizedType in each web.config.

To resolve this issue, add the references below into web.config for each web application where workflows are broken just before the ending tag for “</targetFx>” in </authorizedTypes>.

 

For SharePoint 2013, 2016 & 2019:

<authorizedType Assembly=”System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeBinaryOperatorExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodePrimitiveExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeMethodInvokeExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeMethodReferenceExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeFieldReferenceExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeThisReferenceExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodePropertyReferenceExpression” Authorized=”True” />

For SharePoint 2010,

<authorizedType Assembly=”System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeBinaryOperatorExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodePrimitiveExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeMethodInvokeExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeMethodReferenceExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeFieldReferenceExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodeThisReferenceExpression” Authorized=”True” />

<authorizedType Assembly=”System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ NameSpace=”System.CodeDom” TypeName=”CodePropertyReferenceExpression” Authorized=”True” />

For more details: https://blogs.msdn.microsoft.com/rodneyviana/2018/09/13/after-installing-net-security-patches-to-address-cve-2018-8421-sharepoint-workflows-stop-working/

Windows could not start the IIS Admin Service on Local Computer ……… 2146893818 ……. SharePoint

Recently came across an issue with IIS Admin service status was stopped in one of the SharePoint servers. First thing, since we recently patched our servers came to mind was July 2018 .Net framework security updates, known for causing multiple issues as mentioned here, here and here.

After making sure all other services including WWW are in running state when tried to start IIS Admin service I got the error message shown below.

Found several logs in ULS complaining about access denied or corrupted machine keys. Below are some of the solutions from a google search but none of them worked for me in this case. The solution worked for me is posted at the end of this blog.

https://social.technet.microsoft.com/wiki/contents/articles/23797.windows-troubleshooting-could-not-start-the-iis-admin-service-error-code-2146893818.aspx

https://forums.iis.net/t/1182907.aspx

http://www.honk.com.au/index.php/2009/08/25/how-to-restore-a-corrupt-metabase-xml/

https://demantprasad.wordpress.com/2012/08/08/how-to-fix-corrupted-applicationhost-config-file-in-iis-7/

Error Message:

Windows could not start the IIS Admin Service on Local Computer……………………………………………………………………………. Service-specific error code – 2146893818

After lots of troubleshooting and playing with application host configuration file I decided to remove and re-add the role called “IIS 6 Metabase Compatibility”. This role adds IIS Admin Service in the list of services and will not remove or touch your sites or web apps in IIS but will generate/reset applicationhost.config file located at C:\Windows\System32\inetsrv\config. Take a backup of this folder just in case.

I will recommend to test it in a lower environment first, in case applicationhost.config is customized on the server for some reason.

So, remove the role, uncheck the option as shown in the screenshot, a reboot will be required, to re-add the same role check this option again after reboot. Once done start the IIS Admin service and it should start without any issues this time.


Hope this will help someone.

Get lists and libraries where throttling is disabled.

While troubleshooting a performance related issues I find a list with close to 60K+ items in it, not a big deal but I notice that on developers request throttling was disabled on this lists some time ago when it was only couple thousand items in it and no one noticed any issues.

There are many posts talking about how to disable throttling on single lists but if we don’t monitor this and keep disabling it can turn in to a nightmare for admins. When you disable throttling on a list basically you give it a pass to go and complete the operation no matter how long it takes. This is not a good idea especially when the number of items in the list/library is large. This will block other operations /queries from execution and can cause a huge increase in the page load or overall performance of Sharepoint farm.
Also, there is a reason why MS has implemented this feature at the web application level at Manage web applications > Select web application > General Settings > Resource Throttling.
So back to the issue, I wanted to find out if there are more than one lists/libraries with throttling disabled.

The script below can be handy when troubleshooting performance related issues. This will give you all the lists with throttling disabled in a web application. You can modify it based on need if want to use for a single site collection.

$WA=Get-SPWebApplication http://MRK
$SCs=Get-SPSite -WebApplication $WA
Foreach($SC in $SCs.url)
{
$Webs=Get-SPWeb -Site $SC 
foreach($web in $Webs)
    {
        $Lists=$web.Lists
    foreach ($list in $Lists)
        {
        if($list.EnableThrottling -eq $false)
           {
           Write-Host "Site Name = " $web.Title
           Write-Host "Site URL = " $web.Url
           Write-Host " Throttling is Disabled on " $list.Title 
           }
        }
    }
}

Hope this will help someone.

Get Site Collection Title / Name.

This one liner script will list title for all site collections in farm except my sites.

In this case site collection title/name was Application Name and was asked to provide names for all applications with URL running in 2016 and 2013 farm.

Get-SPWebApplication |?{$_.URL -notlike “*mysites*”} | Get-SPSite | 
ForEach-Object { Write-Host “Application Name=”$_.rootweb.title”———– URL=”$_.URL }

For site collections in a single web application.

Get-SPWebApplication http://portal | Get-SPSite | 
ForEach-Object { Write-Host “Application Name=”$_.rootweb.title”———– URL=”$_.URL }

Hope this will help someone looking for the same.