Skip to content

Event ID 8313: A failure was reported when trying to invoke a service application

Recently I came across this issue and in SharePoint 2013 farm and find too many entries for Event ID 8313. When used process explorer I find out too many permission issues for the SP Service accounts on files and registry keys as well.

8313

Event Text

A failure was reported when trying to invoke a service application: EndpointFailure
Process Name: OWSTIMER
Process ID: 2604
AppDomain Name: DefaultDomain
AppDomain ID: 1
Service Application Uri: urn:schemas-microsoft-com:sharepoint:service:e83f1cd236394b70beb0998888addcbc#authority=urn:uuid:8bca10c5c19a429289a7eea7f5159e86&authority=https://ServerName:32844/Topology/topology.svc
Active Endpoints: 2
Failed Endpoints: 1
Affected Endpoint: http://Serevrname:32843/e83f1cd236fgfgfgfbeb0998888addcbc/Metadatawebservice.svc
Source SharePoint Foundation
Event ID 8313
Level Error
User : spfarm

Solution: When used process explorer I find out too many permission issues for the SP Service accounts on files and registry keys as well. Also notice that Managed Meta Data service was running on the server it’s not supposed to. I stopped the service as it is running on another app server and run the following command to resolve permissions issue.

PSCONFIG.exe –cmd Secureresources

 Another power shell command for the same purpose is

“Initialize-SPResourceSecurity “ to enforces security for all resources, including files, folders, and registry keys on Local Server.

Hope this will help some one out there !

Disable Throttling for a single list

In situation where you need to disable throttle limit but you don’t want to disable for the whole web application as it will certainly cause performance issues, you can use the commands mentioned below to disable throttling for one lists only. Limit mentioned in the Central Administration will be applicable for all the other lists.

Example Scenario: if you are using InfoPath form with 2 fields (controls) on it and want field B to auto populate based on the value in field A. value are coming from a list that has more than 5k items in it , you might run in to issues.

$Site  =  Get-SPWeb -Identity <SiteURL>
$List  =  $Site.Lists[“List Name”]
$List.EnableThrottling =  $false

$List.Update()

How to improve performance for SharePoint and Project Server Part 1

Slow performance of SharePoint & Project Server

If you are one of those facing slow performance of SharePoint sites, try one or all of the items mentioned below. Tuning your SQL server will definitely help you to improve site performance.

I try to put all items at one place here and I will also try to post supporting links where ever possible.

These steps can be used in SharePoint 2010/2013 with or w/o project server running on SQL server 2005/2008 or 2012.

 1-      Antivirus software makes SharePoint/Project Server performance slow. Folder mentioned musts  be excluded if file level antivirus software is being used on the servers. See list of folders at:  http://support.microsoft.com/kb/952167

2-      Wake up script can save user from facing site slowness when hitting the site for the first time after nightly application pool recycle (usually at 9am in the morning).

3-      Add SharePoint Cert in the Trusted Root certificate authority http://blogs.msdn.com/b/brismith/archive/2012/03/05/project-server-2010-slow-load-times-of-pwa-and-sharepoint-pages.aspx

If you are getting event ID 8421 in event viewer, this will also resolve that issue.

4-      I resolved a performance issues for one of my customer by setting  NIC Card configuration property named “Link Speed & Duplex”to 1000 Mbps, I don’t know why it was set to 100Mbps or how it got there but took me long to find this. You should check with your network admin also before making any changes to this property.

5-      Check with your network administrator for TCP Chimney Offload http://support.microsoft.com/kb/951037. By Default in Wind 2008 Servers, this setting is “Automatic”, we need to disable it if it’s not. “netsh int tcp set global chimney=disabled

( Why : http://blogs.msdn.com/b/psssql/archive/2008/10/01/windows-scalable-networking-pack-possible-performance-and-concurrency-impacts-to-sql-server-workloads.aspx)

6-      On your SQL server enable Common Language Runtime

sp_configure ‘clr enabled’, 1
Go
Reconfigure
Go

 7-      For the project data bases  set AUTO_CLOSE property  to False http://technet.microsoft.com/en-us/library/ee662107.aspx

8-      For project server databases set  AUTO_UPDATE_STATISTICS and AUTO_UPDATE_STATISTICS_ASYNCHRONOUSLY properties to True

9-      Discuss data base maintenance plans with your DB Admin. In short index rebuilding is helpful to improve performance. Check http://technet.microsoft.com/en-us/library/cc262731(v=office.14).aspx & http://technet.microsoft.com/en-us/library/cc973097.aspx

10-   SQL server MAX Degree of parallelism should be set to 1, talk to your DBA if not sure about this property.  http://technet.microsoft.com/en-us/library/cc298801.aspx#Section6_3

11-   Most of the time SharePoint server and SQL server are in the same subnet. But in case they are not, moving SharePoint server in the same subnet as DB server will improve performance as well.

12-   Check to see if you have enough RAM on server, check RAM, CPU usage on servers especially on SQL and all SharePoint servers.

13-   If you have Project Server installed on top of your SharePoint and facing slowness talk to your DB team and get a report on slow running queries. Try to enhance these queries so you can get the same result in less time if possible.

14-   If you have project server installed on top of SharePoint make sure you don’t go beyond the recommended number of custom fields. Impact can be significant  if you are using more than recommended custom fields at  http://technet.microsoft.com/en-us/library/hh297440.aspx

15-   Now the last and my favorite, Add additional TempDB files. There is lots of information on it but only thing I will share from my experience is that you can create multiple files and this will definitely improve performance but don’t go crazy on creating additional TempDB files using some formula or with number of CPUs. Too many TempDB files can also be an impact on performance. Start with additional 2 or 3 files and test your application for any improvement first, you can add more TempDB based on Sever CPU and Drives availability.

Search for TempDB and read the section that has information about TempDB at http://technet.microsoft.com/en-us/library/gg263353(v=office.14).aspxn

Some more information: http://blogs.technet.com/b/sqlpfeil/archive/2012/07/14/four-tips-for-sql-tuning-for-sharepoint-part-3-tempdb.aspx

I will try to add more here on how you can tune your IIS but need to test few things before that.

Feel free to share more tricks, thoughts or any suggestions.

Hope this will help someone. Enjoy!

Please check out Part 2 for more information on improving performance.

Restart Microsoft SharePoint Foundation Web Application Service. Stuck at Stopping !

I wanted to share some information in case you are planning to restart “Microsoft SharePoint Foundation Web Application” service or any other service and got stuck with status showing “Stopping” you can use power shell command mentioned below

I had a situation when “Microsoft SharePoint Foundation Web Application” service was Showing “Stopping” status for more than 7 hours and even reboot and IIS reset did not do anything. I was able to restore service in normal condition using command mentioned below.

Note: In case you are planning to restart “Microsoft SharePoint Foundation Web Application” service better back up your IIS and Virtual directory folder to be on the safe side.

Credit goes to Trevor Seward from TechNet who shared this trick  and show easy way to restore/provision virtual directory folder.

If you have the same situation where some service is stuck use power shell to stop it

$svc = Get-SPServiceInstance | where {$_.TypeName -like "*Foundation Web*"}
$svc.Status = "Offline"
$svc.Update()

You can use PowerShell to start it again

$svc = Get-SPServiceInstance | where {$_.TypeName -like "*Foundation Web*"}
$svc.Status = "Online"
$svc.Update()

In order to get virtual directories back run this PowerShell command

$wa = Get-SPWebApplication http://webAppUrl
$wa.ProvisionGlobally()

Configure Forms Based Authentication for SharePoint 2013

Part 1

Note: In 2013 you have the option to extend the existing web application to use for external users or you can use the same web application configured with both authentication (NTLM and Forms Based) methods. Difference will be if you are not extending web app, you and external users will use same URL to access the site.

After you create web application confirm by selecting the web app and click on Authentication Provider. By default all web apps created in 2013 are created using Claim Based Authentication.

In case  web app has windows authentication

Change authentication to claims based authentication as mentioned below

$cba = Get-SPWebApplication http://EnterYourSiteURL&#8221;

$cba.UseClaimsAuthentication = 1;

$cba.Update()

Now when you click on default it will take you to the screen where you can enable FBA for our partners or external users.

Remember Membership name and Role manager name mentioned here, it will be used later on in the providers in web.config.

After you hit save, web.config file for this web app will be updated with entry that confirm that forms based authentication is enabled. You can check by browsing the site, you should see a sign in page  at this stage as shown below.

Part 2

Let’s create data base to store external user information and password for authentication. There are many way to do that I will use this.

Open command prompt as administrator and initiate ASP.Net SQL Server Setup Wizard as mentioned below and click on next

At the next screen enter server name where SQL is running and you want to create data base

Enter the name of the data base. This will be the repository for all external users as shown below.

Click next to confirm the server name and database name and finish the process as shown below

At this point you can log in to your SQL and see your data base has been created there – well.

Since you are in SQL lets go and set up some permissions for this data base.

We need to set permissions for two accounts on this data base

  1. App Pool Account for Security TokenServiceApplication.
  2. App pool account for content web application

I am sure you know how to find the application pool account for both apps but just in case here is a screen shot from IIS.

Once you confirm your app pool account for both lets add them to newly created data base i.e. Partners (in this case)

Click on + sign next to Partners Database. Expand security, right click on Users, Click on New User. In new user wizard fill out app pool account identified above as shown below in the screen shot

Click on Membership and check all Role that start with asp.net and end with Full Access as shown below

Once Done, Click OK.

In my case I am working on dev machine and using same account for admin on machine and this account is also dbo on the data bases so it give me this message. If you get the same that means account already has the permissions for it, repeat the above steps for both account and let’s move to the next step.

Part 3

This is the step I wanted to write this blog for. I find some information on how to configure FBA in 2013 but this part was very confusing and not in detail in many posts. I will try to go in to details in an organized way as much as I can and if you think anything that can make it better to understand feel free to comment.

In order to configure forms based authentication with SQL database or ADAM / LDAP we need these 3 things. (this blog covers with SQL only)

  1. Connection String
  2. ASP.NET Membership Provider
  3. ASP.NET Role manager

Connection String:

Defines the connection properties and path to connect to database created above (Partners) for example data base server name, data base name. You can use this connection string and modify the server name and DB name highlighted in red as per your environment.

In add name tag you can give this connection string any name in this case I am using SqlConn. You can have more than one connection string in one environment so we use names to identify this.

<connectionStrings>
<add name=”SqlConn
connectionString=”server=ServerName;database=Partners; Integrated Security=true”/>
</connectionStrings>

Membership Provider:

Membership provider and Role provider define configuration for web app to connect to the asp.net data base. A connection string is defined to connect to the data base and based on member ship and role users get authentication for that web app.

Member ship also define policies and properties for passwords e.g. in the below member ship provider we have declare “minRequiredNonalphanumericCharacters=”1″” this mean you must have to have one non alpha numerical character in the password i.e. ! @, # etc. if you don’t want this password policy remove this line from the code.

For a full list of properties click here. Member ship provider is always declared with in <membership><providers> Tags.

You can use the mentioned below membership provider. Make sure name in red match with the names in your environment.

              <membership>

<providers>

<add name=”LDAPMembership

type=”System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a”

connectionStringName=”SqlConn

enablePasswordRetrieval=”false”

enablePasswordReset=”true”

requiresQuestionAndAnswer=”false”

applicationName=”/”

requiresUniqueEmail=”true”

passwordFormat=”Hashed”

maxInvalidPasswordAttempts=”5″

minRequiredPasswordLength=”7″

minRequiredNonalphanumericCharacters=”1″

passwordAttemptWindow=”10″

passwordStrengthRegularExpression=”” />

</providers>

</membership>

Role Provider:

You can use role provider mentioned below. Just make sure names highlighted in red match your environment.

             <roleManager>

<providers>

<add name=”LDAPRole

connectionStringName=”SqlConn

applicationName=”/”

type=”System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />

</providers>

</roleManager>


Now that you have all the pieces you need, let’s put them all in machine.config file. Why? In older version we use to edit web.config for central administration, SSP and content web app but you have to edit each web.config on each WFE to achieve this.

If you edit one file on each WFE i.e. machine .config it will take care of all web.config files mentioned above.

One more thing you will have to do is, edit web.config for Security Token service   Application and place this info in the web.config I will go in details of this also.

Let’s do it one by one.

For Machine.config file :

On WFE go to C:\Windows\Microsoft.Net\Framework64\v4.0.30319\Config

Take a backup of this file before you edit. Open machine.config file. You need to enter 3 things here

  1. Connection strings
  2. Membership provider
  3. Role manager

Below is screen shot of 2 sections from my Machine.config file before any changes

1-

2-

Easy way to do this is open machine.config file and search for Connection string and membership provider one by one and add your membership provider details as described earlier. After making changes your machine.config file will look as shown below

1

2-

Once done, save machine.config.

For Security TokenServiceApplication :

Open web.config for Security Token Service Application. Location for web.config can be find from IIS .

In IIS expand Sites, Expand SharePoint Web Services, Right click on Security Token Service Application and click on Explore. This will take you to folder where web.config file is. Take a backup of this file before you make any changes to it.

You need to enter 2 things here

  1. Membership provider
  2. Role Manager Provider

Below is screen shot of web.config before making any changes. Notice I scroll all the way down to get this screen shot.

If you don’t have System.web tag in this file you will have to create after </system.net>  as shown in the screen shot after modification below.

Once done save the file.

Configuration is complete now.

We have FBA set up but there are no users in the data base to test this work. Again there are many ways to do this e.g. using Visual studio but I will use SharePoint 2013 FBA Pack  available at CodePlex. Download the package from here and add, deploy solution in to your SharePoint farm. Once done you can find all the options in site settings page and step by step direction are also available here

Let me know how it goes.

RAM usage on Sharepoint 2013 VM

If you have a SharePoint 2013 VM for your testing purpose and you don’t have more than 4GB of RAM here are few things you can do

Distributed Cache Service

Stop distributed Cache service that and you will be able to free up some for other services/actions.

You should not stop DC service if you are using any one of these services or testing new functionality that is based on:

Feed Cache
One Note throttling
Access Cache
Search Query web part
View State Cache
Search Service Usage

You can change the memory allocation if you plan to use DC as mentioned here

Search Service Usage

By default performance level for search service is set to max and thus use max RAM. You can increase the performance of your machine  if you are not using search functionality on your development machine which most of the time we are not using all the time except testing some thing related to Search.

Get-SPEnterpriseSearchService

A

To reduce the performance level use: Set-SPEnterpriseSearchService –PerformanceLevel Reduced

You can also set the value to PartlyReduced or Maximum

B

Note: – Changing this value will impact crawler performance only, so overall it will not be a huge impact but in my case I was able to free up some resources to use for other things.