So today we had a nice issue to look into. After doing some patching of SharePoint (installing CU’s and SP1) we noticed that a certain site collection gave some issues with the CSWP.
Now we tested everything:
- checking if query was actually giving results, it was the case , we would see results in the tests pane of the build query page
- same query on a different site collection = works.
- Ok, checking if all the site collection (site) features were activated, was (almost) the case
- still nothing , very very strange
I forgot the cardinal rule, check ULS … after doing this we noticed 2 lines with a high level
Enable-SPFeature –ID 592ccb4a-9304-49ab-aab1-66638198bb58 –Url (URL of the Site coll giving the issue)
Et voila it was working all ok Hope it helps
Strange part was that the CSWP was selectable to add to the page and all… No clue why it was depending on this feature to display the results.
Well since SharePoint is such a big platform it’s only natural that we display some curiosity to the other. Going from development to infra seems a big step and most people are reluctant to even look at the infra side of SharePoint. Most developers I know say that they don’t want and need to look at this side of SharePoint. Well here I believe they are wrong, as a developer it is more and more important that we know about the infra side of things. Not that we need to fully understand this side, but at least we have to know the basics. With the app model it’s becoming more clear that only coding isn’t sufficient to understand the platform.
Since I’m doing more and more infra here a few things I’ve seen a lot and almost nobody that fixes them, while it is such an easy solution.
First Issue: Central admin is only accessible from the APP server and not from the WFE.
I see at many clients the same issue coming back every time. The administrator can access the central admin from the app server, but not from any other server. A credentials window comes up 3 times and doesn’t show anything.
But before I just tell you the solution.. Let’s do some investigation first..
Fiddler is your best friend in this.. I needed to know what happened with those authentication windows and why no page was shown.
So fired up my servers and using fiddler and IE to navigate to my CA address and see what’s happening.
At this point it was clear that this wouldn’t work what so ever, going to test with another browser (Firefox in this case). And surprise , Firefox came with a credential question, filled in all the data and CA was loaded. Strange
As you can see, the authorization headers and authentication headers are different with IE and Firefox. The first one goes for “Negotiated” and Firefox uses “NTML”.
Ok going to check the authentication provider on the CA web application…
And just as I expected it was set to negotiate. Changed this to NTML and low and behold I could log in via the Web front end server to the CA.
Hope it helps for someone and that they don’t keep going to the App server just to be able to log on to the CA.
Some time ago a buddy of mine (Koen Vosters, MSC) read this blog and noted a small issue with it.
1. The strange part is that it supposed to be negotiated, so meaning if Kerberos is not working, IE should fall back to the NTML way.
2. I should have defined SPN if I’m using Kerberos.