Working with SharePoint ULS Logs

Microsoft SharePoint Unified Logging System (ULS) is great to help you troubleshoot issues in your SharePoint Farm.

The ULS logs are storing information about events (Errors, Warnings, Information) and activities that are running on your SharePoint Server.

By default, SharePoint log files are saved to the following location: C:\Program files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS.

Note: You should change the location of the log files to another drive.

In the Microsoft SharePoint Central Administration site, you can set Logging level for different categories and change the log file location.

Logging level can be set to:

• None
• Critical
• Error
• Warning
• Information
• Verbose

When setting the log level you can choose all categories or a specific category.

Set-Sploglevel

You can also use the Set-sploglevel PowerShell cmdlet to set the logging level.

Ex: Set-SPLogLevel -TraceSeverity verbose -EventSeverity verbose will set logging level to verbose for all categories.

Once you are done with your troubleshooting, you can use the Clear-Sploglevel cmdlet to reset all categories to the default value.

New-Splogfile

When configuring the log level to verbose, the log file can become very big. One way of working a smaller log file while troubleshooting is to use the New-Splogfile PowerShell cmdlet.

The New-Splogfile PowerShell cmdlet will create a new log file.

You can use the command before trying to reproduce your problem, and run it again when you are done. Then you will have a log file for only the time that you worked on your issue.

Note: If you have multiple servers in your farm, you will need to run this on every servers.

Merge-Splogfile

You can also use the Merge-Splogfile PowerShell cmdlet to create a smaller log file.

Using the following command will create a log file with the information from 11:00 to 11:30 on October 27^th 2016, and will merge the information from all the servers in your farm into a single log file.

Merge-SPLogFile -Path “D:\Temp\MergedLog-20161027-1100-1130.log” -StartTime “27/10/2016 11:00:00” -EndTime “27/10/2016 11:30:00”

If you know the Correlation Id you can use the following command to create a log file with only the information about the correlation id.

Merge-SPLogFile -Path “D:\Temp\MergedLog.log –Correlation YourCorrelationID

See more examples of Merge-Splogfile
https://technet.microsoft.com/en-us/library/ff607721.aspx

ULS Log viewer

There are ULS log viewers that will help you reading the log files instead of trying to use Notepad or Notepad ++. These tool are pretty handy, you will be able to filter logs and it will be much easier to read than trying to read from Notepad.

https://www.microsoft.com/en-us/download/details.aspx?id=44020

https://sharepointlogviewer.codeplex.com/

Happy troubleshooting!

Error accessing Managed account in SharePoint Central Administration

If you are trying to access you managed accounts in SharePoint Central administration site

And you receive this error:

It’s probably because you have created a new managed account with “Enable automatic password change”.  This issue should not happen if you have the latest SharePoint build number.

In order to fix the problem you need to use PowerShell to find the account that is set to “Automatic password change”

Get-SPManagedAccount | ? {$_.AutomaticChange -eq $true} | SELECT UserName

Once you have found the account, use PowerShell to remove the “Automatic password change” for the problem account.

$SPMA = Get-SPManagedAccount “<DOMAIN>\<UserName>” $SPMA.AutomaticChange = $false $SPMA.Update()

Then you will be able to access “Configure Managed account” in the SharePoint Central Administration site.

Microsoft SharePoint Server 2016 feature pack 1

Microsoft SharePoint Server 2016 is great, but Microsoft wants to make it better. They are constantly adding new features in Office 365 and SharePoint Online. Microsoft has learnt of lot from running SharePoint farms with millions of users, they want you to be able to benefit from their knowledge when you are using Microsoft SharePoint Server on premises.

During the week of the Microsoft Ignite conference in Atlanta, Microsoft announced the launch of Microsoft SharePoint Server 2016 feature pack 1.

Feature Pack 1 will be included in the SharePoint Server 2016 November Public Update. It was also announced that a Feature Pack 2 is planned for the 2^nd half of 2017.

Here is a recap of the announcements about Feature Pack 1 (plus my comments) from this presentation at Microsoft Ignite conference.

Last May Microsoft talked about the concept of Feature pack. We knew it was coming, we just did not know when. According to Bill Baer the SharePoint 2016 Server Feature Pack 1 was released 6 months ahead of time.

Before the Feature Pack Microsoft had a long release cycle for new features. SharePoint major release were every 2-3 years, services packs every year, monthly CUs. But CUs and Service Packs did not bring any new features.

As I said earlier new features in Office 365 and SharePoint Online are introduced very rapidly. With the old release pattern SharePoint Server 2016 users would have had to wait 2-3 years to get new features. This would have been way to long. This is way Microsoft came out with the idea of Feature packs.

For feature pack 1, Microsoft focused on three main groups IW, IT and Developers.

For the IT they are bringing new MinRoles, Hybrid Auditing, hybrid Taxonomy and Administrative action logging (see below for more information) For the developers they are bringing the OneDrive API 2.0

Information Worker

For Information Workers they wanted to bring the OneDrive for business user experience which is fast and responsive allowing to easily add, copy, move, rename and share documents.

They also added the possibility to add custom tiles to the App Launcher.

To add a custom tile, it’s as easy as adding an item to a list.

Min Roles

When Microsoft SharePoint Server 2016 came out, they introduced the concept of Min Roles. It’s a set of predefined roles that you can set when adding a server to a Microsoft SharePoint Server 2016 farm.

In the Min Role mode, SharePoint will automatically configure the services based on the selected server’s role to make sure that performance is optimized for the role.

When SharePoint Server 2016 came out there were 6 Min Roles: Front-end, Application, Distributed cache, Search, Custom and Stand-Alone.

Building a SharePoint Farm in Min Role mode required at least 4 SharePoint servers. This was not suitable for many small organizations.

With the Feature Pack 1, the SharePoint team added 2 more roles: Front-end with Distributed cache and Application with Search.

Thanks to Feature Pack 1 smaller organization will be able to deploy a SharePoint Server 2016 farm in the Min Role mode with only 2 SharePoint servers instead of 4.

More information on Min Roles: https://technet.microsoft.com/en-us/library/mt346114(v=office.16).aspx

Hybrid Auditing (preview state)

Microsoft has made a big investment in auditing in Office 365 with the Security and Compliance center. You can search and report about user’s file access, administrative actions and much more.

With the Feature Pack 1 you will be able to use the Office 365 Audit Log Search to also view activities that happened against sites and contents in your Microsoft SharePoint Server Farm.

See below a few of the activity reports that are available in the Security and Compliance Center:

File and folder activities

Sharing and Access request

Site administration

To access the Security and Compliance center reports in the App Launcher click on Security and Compliance
When in the Security and Compliance center, click on Search and Investigation, then on Audit log Search

Click on the following link to find out more about Hybrid Auditing

Hybrid Taxonomy (Preview state)

With the SharePoint Server 2016 Feature Pack 1, you will be able to use the new Hybrid Taxonomy to share your taxonomy between Office 365 and a Microsoft SharePoint Server 2016 farm. It’s important to know that synchronization will be only one way, from Office 365 to SharePoint 2016 Managed Metadata.

From this site: https://support.office.com/en-us/article/SharePoint-hybrid-taxonomy-Preview-71ae4d00-da98-407b-bee2-8d9972e1875c

“A new hybrid feature that is currently in progress for SharePoint Server is SharePoint hybrid taxonomy. SharePoint hybrid taxonomy allows SharePoint administrators to create shared taxonomies (managed metadata) between their on-premises SharePoint Server and SharePoint Online. With SharePoint hybrid taxonomy, changes and updates to your SharePoint Online taxonomy are replicated to your SharePoint Online sites as well as your SharePoint Server sites. Configuration is simple and you can use the included tools to migrate your existing on-premise taxonomy to SharePoint Online and create a shared taxonomy from existing taxonomies.”

Note: Hybrid Taxonomy will also be available to SharePoint Server 2013 farms as part of the September 2016 Cummulative Update.

Administrative action logging

With Feature Pack 1, it is now possible to add logging for Administrative actions in the Usage and Health data collection.

As an example, you can find out when password reset settings for service accounts has been changed or when someone has added or removed users from the SharePoint Farm administrator group.

In order to query the logs you can use the following PowerShell command : Get-spusagedefinition –identity “Administration actions” | Merge-SPUsagelog -StartTime “08/11/2016 3:50 AM” | Select User, ActionName, Timestamp | Sort Timestamp

See image below to view the results.

You can also query the UsageDb with Transact SQL. It’s one of the few dbs that Microsoft allows to use Transact SQL to query.

Conclusion

Having these new features in SharePoint Server 2016 is a great news and brings more compelling reasons to migrate your environment to SharePoint Server 2016 and run it in Hybrid mode. Don’t wait anymore!