Auditing solutions deployed to SharePoint environments

With increasing SharePoint 2013 customizations with new app model, there are incidents that these customizations are not working correctly in production while they are working on non-production environments. As SharePoint architect, I’m working with the team to come up an deployment auditing process to ensure what we deployed is what we should deployed. This auditing process will reports the details of the customization components especially the version labels that has been beneficial for deployment verification and debugging. Here are some the auditing reports that have helped to eliminated any customization environment discrepancies.

1. Audit app deployed to certain site collection and the app details including the versions. Here is the powershell commands.

param([string]$siteUrl)

$snapin = Get-PSSnapin | Where-Object {$_.Name -eq 'Microsoft.SharePoint.Powershell'}

    if ($snapin -eq $null) {

      Add-PsSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

}

############################################################################################################################################

function ListApps([string] $siteUrl, [string]$reportName)

{

        $appInstances = Get-SPappinstance -web $siteUrl

        if($appInstances -ne $null)

        { 

                foreach ($eachAppInstance in $appInstances)

                {        

                    $title = $eachAppInstance.Title

                    $version = $eachAppInstance.App.VersionString

                    $AppPrincipalId = $eachAppInstance.AppPrincipalId

                    $Id = $eachAppInstance.Id

                    Write-Output "$title; $version; $Id; $AppPrincipalId"| Out-File $reportName -append 

    

                }

        }

}

############################################################################################################################################

ListApps https://sharepoint.mycompany.com/sites/criticalsite E:\Applist.txt

The result is like below and you could comapre the result across different environments. There are references you could use for different app API.

2. Audit any customized dlls and the versions. Here are some powershell commands.

This one will list ALL dlls inside the current directory recursively.

Get-ChildItem -Filter *.dll -Recurse | Select-Object -ExpandProperty VersionInfo

This one will list only the named dll.

Get-ChildItem -Filter *.dll -Recurse | Where-Object {$_.name -Match "mycompany.com.sp.application1.common.dll"} | Select-Object -ExpandProperty VersionInfo 

3. Audit all farm solutions and their status. Here are the powershell commands.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

# Get all Solutions deployed

Get-spsolution | select * |out-file c:\solution.txt

# Connect to the Farm

$SPfarm = [Microsoft.SharePoint.Administration.SPFarm]::get_Local()

# What Solution are we looking for?

$solution = "mycompany.com.sp.apps.workflows.wsp";

# Get the solutions

$currentSolution = $SPfarm.get_Solutions() | Where-Object { $_.DisplayName -eq $solution; }

$currentSolution; 

We are adding other auditing such as features, permission, configurations at this time and will share those in the future.

How to generate pfx certificate using cer certificate?

When we request SharePoint server to server trust certificates from the company, we are receiving the following two files.

Mycert.cer

Mycert.key

However, we do not receive the pfx file that required for SharePoint servers. We has been using different ways to construct the pfx file and I would like to summarize here in order for me to refer in the future.

There are different situations that we need to generate pfx certificate. The way to generate it will depends and I’ll show two different ways.

The first situation is  you have a private key with a .p7b certificate file and need to create a .pfx file.
You could use IIS server MMC UI to create the pfx file as described here.

The second is you have received both cer and kay file, you have to generate the pfx file from scratch. You could use the following command to generate the pfx file. You MUST put the key file with same name as cer file in the same directory as described here.

certutil -MergePFX Mycert.cer Mycert.pfx

The third situation is you have pfx file already imported to IIS but accidentally deleted. Now you only have the cer file but NO key file. Here is the way to generate the pfx file.

Upload the cer file to IIS as described in Microsoft support blog. Run the following command to restore the pfx file.

certutil -repairstore my "SerialNumber"

SerialNumber is the serial number that you find for the cer file uploaded.

Now you have the cert file for SharePoint server to use.

How to resolve SharePoint list display issue after applying January 2016 Microsoft Critical Security Patch MS16-004?

After applying January 2016  Microsoft Critical  Security Patch MS16-004 on January 12, we have run into SharePoint issue that some lists could not be displayed. The error message is “Unable to get property ‘replace’. See the screenshots.

After working with Microsoft support, we have identified two solutions.

1. The initial solution is to install the full SharePoint Server 2013 Jan 2016 CU and running configuration wizard. This cause significant concern on the server down time and regression testing. Some company may not have this option since they are on older version or SharePoint that could not be upgraded to this CU directly.  Because we do not have time to install full SharePoint Server 2013 Jan 2016 CU, we continue worked with Microsoft on any fixes.

2. On January 15, Microsoft published the official SEE communication on this issue and the fix.  “If you are looking for a minimal change to resolve the issue it you can just install the following fix which contains the missing msp file containing the localized files:

KB 3114508 – Download location: https://www.microsoft.com/en-us/download/details.aspx?id=50667 “. We are able to apply the fix and fix the list display issue.

In the past three years, we run into issues almost every time we apply monthly security patch that contains SharePoint features. Sometimes even security patch without SharePoint patch may cause issues. The previous issues we run into were August s4ecurity patch for the following two issues.

• The  “Unable to ‘Follow’ content” error has been confirmed as a bug introduced by both August 2015 Security Update and Cumulative Update
• "File names can’t contain the following characters: & " ? < > # { } % ~ / \." when trying to attach documents to a list, even though the file name does not contain any of the characters when attaching  files to list like tasks list

We were able to apply a workaround for issue #2 but are waiting the fix for issue #1 in Oct. 2015 CU. However, August, Oct, Nov, Dec 2015 CUs breaks the hybrid search.

We will track the SharePoint issues caused by monthly security patch closely in the future.