Exclude Users From Delve and SharePoint Online People Search
In support, we receive requests from time to time for information on how-to configure SharePoint People search and Delve results so that specific users do not appear in search results. Many admins want to be able to do this without having to delete or move users to a non-synced OU.Introduction to SharePoint Online Search
Microsoft SharePoint Online Search is an integral part of SharePoint Online and it is the backbone of many features across Office 365. Below is a list of a few features that are driven by search and used daily: Enterprise Search center Site Search List and library search Search Web Parts “Shared with me” view in OneDrive for business Usage and popularity trends DLP, eDiscovery Searches, and Retention"Sorry, this document can't be opened for editing" error creating a document in Office Web Apps
Problem: You receive a "Sorry, this document can't be opened for editing" error when you try to create or edit an Office document in Office Web Apps. Applies to: SharePoint Server 2013, SharePoint Foundation 2013, Office Web Apps This article describes some settings which may cause this error in SharePoint Server 2013 when creating or editing documents using Office Web Apps.SharePoint - SSL Offloading
What is SSL Offloading? Configuring SSL Offloading with SharePoint Web Applications Host Names Site Collections SharePoint Apps (App Domain Common Issues URLs returned to users are incorrect List or library Dropdown menu not loading After configuring SSL offloading for a web application users receive a 404 or 503 Additional Information Creating IIS bindings for SharePoint Web Applications through PowerShell
Effect on SharePoint sites that use ADFS/SAML and Forms Based Authentication in Chrome version 80+
Issue : You are using Google Chrome 80, and when you have ADFS/SAML or FBA configured site, you notice that intermittently, users logging in fails and goes into a login loop. The following error is received on ADFS : "An error occured. Contact your administrator for more information" FBA does not sign you out either. Cause : This behavior is because of Chrome’s new security feature : A cookie associated with a cross-site resource at <URL> was set with the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies. Ref: https://blog.chromium.org/2020/02/samesite-cookie-changes-in-february.html Testing/Troubleshooting to understand the behavior : First test by passing any load balancer and check if you have the issue We need to collect a fiddler trace, and look for the frame in fiddler which is a GET request to the site, and in request header you will see that the ‘Fedauth’ cookie still exists. This is the response from the server, a "Set-Cookie" Header, that sets the FedAuth to blank, this is because the user is browsing the site with an expired FedAuth cookie : Even after setting it to blank by SharePoint Server, Chrome does not deliver the blank Fedauth cookie(due to the same changes in it's cookie handling behavior), and in the next POST to the site it sends the same old expired cookie, you can see it in the request header in next request : When we use "Set-Cookie" to set the Fedauth to blank, we also see the ‘SameSite=None’ attribute, but Chrome will deliver the cookie ONLY if it HAS ‘SameSite=None’ alongwith ‘Secure’ attribute Resolution : Step 1 -- Recommendations by Microsoft Reference : https://docs.microsoft.com/en-us/office365/troubleshoot/miscellaneous/chrome-behavior-affects-applications Step 2 -- If you still see issue continues after March 2020 CU update for SharePoint If you still see issues with Load Balancer in place, you will have to contact your load balancer vendor for having an iRule created to add the SameSite=None and Secure parameter in the "Set-Cookie" header. Step 3 -- If you do not have a load balancer that distributes load between servers in SharePoint Note : Make sure to take a backup of the web.config file from all SharePoint servers before making the below changes This is only if you are using a SSL web application If you do not have a load balancer, you will have to use the URL Rewrite module on all SharePoint servers. Install the URL Rewrite Module : https://www.iis.net/downloads/microsoft/url-rewrite The Rewrite we will be using is an Outbound Rule, follow below steps -Start by selecting the IIS site pertaining to the ADFS/SAML web app -Enter into the URL Rewrite module -Select Add Rule and then Select the "Blank Rule" under "Outbound Rules", and configure below options Matching Scope : Server Variable Variable Name : RESPONSE_Set_Cookie Pattern : (FedAuth=;)(.*)(SameSite=None) Action type : Rewrite Value : {R:1}{R:2}{R:3};Secure Test your web application for the same issues now in newer version of ChromeCookie Persistence in SharePoint Online
Note: This is an earlier blog article that was previously hosted on the SharePoint Online Support blog on MSDN. It, and other articles, are being moved over to this site as part of an ongoing Global Blog effort by the SharePoint Online Support Organization. Certain legacy features in SharePoint Online — Explorer view, for example — leverage legacy technologies like Windows WebDAV. WebDAV makes use of the browser's authentication cookie. Because of security concerns, WebDAV cannot access session cookies; only cookies that are written to disk are accessible by WebDAV. This means that in order for WebDAV to access the authentication cookie, the cookie needs to be persistent (persistent cookies are written to disk)*.Test email from SharePoint using PowerShell
Summary: The following PowerShell script was written for my post on configuring TLS between SharePoint and Exchange. However, since it was buried in process, I wanted to create a separate post just sharing the script, because it will be easier to maintain and use separately when needed. Why use a script anyway? I find this script very useful when testing mail flow from Sharepoint since it uses the "SPUtility::SendEmail" API , sends mail, captures the correct logs and presents them by launching notepad, all from a single server. The Script: # check to ensure Microsoft.SharePoint.PowerShell is loaded $snapin = Get-PSSnapin | Where-Object {$_.Name -eq 'Microsoft.SharePoint.Powershell'} if ($snapin -eq $null) { Write-Host "Loading SharePoint Powershell Snapin" Add-PSSnapin Microsoft.SharePoint.Powershell } #Parameters While ($web -eq $null){ $web = Get-SPWeb (Read-Host "Input SPWeb URL using http://") } $email = (Read-Host "Input E-mail recipient") $subject = (Read-Host "Input E-mail Subject") $body = (Read-Host "Input E-mail Body") #specify start time of action $StartTime = (Get-Date).AddMinutes(-1).ToString() # Try sending e-mail via SharePoint. $send = [Microsoft.SharePoint.Utilities.SPUtility]::SendEmail($web,0,0,$email,$subject,$body) #what to do if it fails if ($send -eq $false -and $web -ne $null){ write-host "It didn't work, checking ULS for errors. Please stand by..." -foregroundcolor Red -backgroundcolor Yellow #specify end time of action $EndTime = (Get-Date).AddMinutes(+1).ToString() #make dir if it does not exist $TARGETDIR = "c:\logs" if(!(Test-Path -Path c:\logs)){ New-Item -ItemType directory -Path $TARGETDIR } #finding error and creating log start-sleep 5 Get-SPLogEvent -StartTime $StartTime -EndTime $EndTime | Where-Object {$_.Category -eq "E-Mail"} | Export-Csv -LiteralPath "$TARGETDIR\log.csv" #starting notepad to open log start notepad.exe "$TARGETDIR\log.csv" } #what to do if it works else{ if ($send -eq $true -and $web -ne $null){ write-host "It Worked..Congrats!" -foregroundcolor DarkGreen -backgroundcolor White } } $web.Dispose() Example: As you can see below the script will ask for input and you will specify the SPWeb url, E-Mail recipient, E-Mail Subject and E-Mail Body. If you enter the SP Web url incorrectly, it will keep asking. Also, if the e-mail is not sent, you will be notified on screen and NOTEPAD will pop-up with the associated ULS logs.
