Troubleshooting Tips

SharePoint Manager Plus is not starting

SharePoint Manager Plus uses Postgres database by default and the database connectivity needs 33315 port to work. Check if any other application runs in the same port. If so change the default port number in the database_params.conf in the conf folder of product location (url=jdbc:postgresql://localhost:[Your_Port_Number_here]/spmpdb?useUnicode=true&characterEncoding=UTF-8) or free the port 33315 (Recommended).

User account Privileges

User account used for configuring the On-Premise Farm server must have the below mentioned privileges

• User should be a member of built in administrator group of the remote machine
• User should be a member of Farm Administration Group Open up Central Web Administration and add the user to the Farm Administrator group if not added previously.
• User should have access to all SharePoint databases i.e. SQL Server SharePoint_Shell_Access database role to all SharePoint databases including Configuration database and all content databases. To assign this role to User through PowerShell Script, Open the PowerShell in Remote machine and run
  Add-PSSnapin Microsoft.SharePoint.PowerShell
  
  Get-SPDatabase | Add-SPShellAdmin DOMAIN\UserName [ Replace DOMAIN\UserName with actual User account]

  Or you can do it by opening SQL Server Management Studio, assign the User with DBCREATOR, SECURITYADMIN and SYSADMIN Server Roles. Also, ensure that user has DBOWNER privilege over all the SharePoint databases.

• User should have Full Control over all the web applications Open up Central Web Administration, under manage web applications section, select each web application and click the user policy option on the top ribbon and add the user with Full Control privilege.

Or, to assign it through PowerShell Script, run the below script in the Remote machine's PowerShell

Add-PSSnapin Microsoft.SharePoint.PowerShell
$user = "DOMAIN\UserName"
$displayName = "User Display Name"
Get-SPWebApplication | foreach { `
$policy = $_.Policies.Add($user,$displayName) `
$role = $_.PolicyRoles.GetSpecialRole([Microsoft.SharePoint.Administration.SPPolicyRoleType] ::FullControl) `
$policy.PolicyRoleBindings.Add($role) `
$_.Update() `
}

SharePoint Manager Plus Farm Configuration

• What should I do if "Access is denied" error message shown?
• "Cannot access the farm" error message displayed. What should I do?
• What should I do if "Remote/Local PowerShell Settings required in order to add farm" error message shown?
• "PowerShell Version is less than 2" error shown. What should I do?
• "Remote/Local Powershell settings required" error shown. What should I do?

What should I do if "Access is denied" error message shown?

Possible Reasons

• User name / Password is not valid.
• Remote Server machine's PowerShell Remoting might be disabled. So it doesn't allow the user to make use of Remote PowerShell feature.

Solutions

• Re-check your credentials and try again. [Also, ensure this user account have all necessary privileges mentioned in here ]
• In remote machine (SharePoint Server machine), open the PowerShell as administrator and run the below command (Check if any Public network connection is available in the machine. If so, change it to Domain or Private and Proceed)
  Enable-PSRemoting -Force

Note:

In case of your Remote machine (SharePoint Server machine) and Client machine (SharePoint Manager Plus installed machine) being in different domains, run the below commands in the client machine, opening the PowerShell as administrator, (Check if any Public network connection is available in the machine. If so, change it to Domain or Private and Proceed)

• Enable-PSRemoting -Force
• Set-Item WsMan:\localhost\client\trustedhosts -Value "server.domain.com" [FullyQualifiedDomainName of the remote machine] -Concatenate -Force
• Restart-Service WinRM

"Cannot access the farm" error message displayed. What should I do?

Possible Reasons

• Check if any Public network connection is available in the machine. If so, change it to Domain or Private and Proceed.
• User account used might not have all the privileges needed for a farm administrator.
• Authentication currently used is not supported by Remote Machine. It does not delegate the user to another machine to access the database ( i.e. Database server mostly)

Solutions

• Click here to check all the needed privileges and configure them accordingly.
• Enabling the CredSSP Authentication in remote and client machine solves the issue.
  In Remote machine (SharePoint Server machine), open PowerShell as administrator and run the following commands,
  Enable-PSRemoting -Force
  Enable-WSManCredSSP -Role Server -Force
  In client machine ( SharePoint Manager Plus machine), open PowerShell as administrator and run the following command,
  Enable-PSRemoting -Force
  Enable-WSManCredSSP -Role Client -DelegateComputer "server.domain.com" [FullyQualifiedDomainName of the Remote machine] -Force
  Click here to check your Group policy settings.

Note:

In case of your Remote machine (SharePoint Server machine) and Client machine (SharePoint Manager Plus installed machine) being in different domains, run the below commands in the client machine, opening the PowerShell as administrator, (Ignore this if you had already done this step)

• Enable-PSRemoting -Force (ignore if already done this step)
• Set-Item WsMan:\localhost\client\trustedhosts -Value "server.domain.com" [FullyQualifiedDomainName of the remote machine] -Concatenate -Force
• Restart-Service WinRM

What should I do if "Remote/Local PowerShell Settings required in order to add farm" error message shown?

Possible Reasons

• Either Local or Remote PowerShell Configuration is not done properly. This also happens when your remote machine has no trust on the client machine.

Solutions

Run the below commands in Client machine's PowerShell as administrator,

• Enable-PSRemoting -Force
• Set-Item WsMan:\localhost\client\trustedhosts -Value "server.domain.com" [FullyQualifiedDomainName of the remote machine] -Concatenate -Force
• Restart-Service WinRM

Run the below command in Remote machine's PowerShell as administrator,

• Enable-PSRemoting -Force

"PowerShell Version is less than 2" error shown. What should I do?

SharePoint Manager Plus needs the PowerShell version 2 or above to work. Upgrade your PowerShell version.

"Remote/Local Powershell settings required" error shown. What should I do?

Solutions

Perform the below steps on the SharePoint Server Machine: Open the PowerShell as administrator

• Enable-PSRemoting -Force
• Enable-WSManCredSSP -Role Server -Force

Perform the below steps on the Local Machine (where SharePoint Manager Plus is installed): Open the PowerShell as administrator

• Enable-PSRemoting -Force
• Enable-WSManCredSSP -Role Client -DelegateComputer "server.domain.com" (Fully Qualified Domain Name of the Remote server)
• Click here to check your Group policy settings.

Commands to increase maximum memory allocated per shell, recommended size is 1024 MB.

• Get-Item wsman:\localhost\shell\MaxMemoryPerShellMB (To check the current powershell memory size)
• Set-Item wsman:\localhost\shell\MaxMemoryPerShellMB -Value 1024 -Force ( Run this only if memory is less than 1024 MB)
• Restart-Service WinRM

Commands to increase maximum concurrent shells allowed per user, recommended count is 30.

• Get-Item wsman:\localhost\shell\MaxShellsPerUser (To check the maximum concurrent shells allowed per user)
• Set-Item wsman:\localhost\shell\MaxShellsPerUser -Value 30 -Force ( Run this only if count is less than 30)
• Restart-Service WinRM

Note:

In case of remote server and local machine being in different domains, run the below commands in the local machine

• Enable-PSRemoting -Force
• Set-Item WSMan:\localhost\Client\TrustedHosts -Value "server.domain.com" (Fully Qualified Domain Name of the Remote server) -Concatenate -Force
• Restart-Service WinRM

Farm Configuration Failure / Synchronization Fail ( The request not supported error ):

SharePoint Manager Plus uses CredSSP authentication to connect to the remote server to fetch SharePoint data. Credential Security Support Provider protocol (CredSSP) is an authentication provider that processes authentication requests for other applications.

A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). To address this security vulnerability, Microsoft rolled out a security update ( CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability ) for the affected Operating Systems. Both the client and server need to be updated, or Windows and third-party CredSSP clients may not be able to connect to Windows or third-party hosts.

Example, when trying to connect using Remote Desktop Connection, you may receive the below shown error.

When trying to establish a Remote Powershell connection you may receive the below shown error.

The list of other possible errors :

• An authentication error has occurred.
• The function requested is not supported.
• The token supplied to the function is invalid.

Click here to know more about the issue.

You can fix this issue by installing the Microsoft security update  in both the client and remote server.

You can download the security update for a particular Operating System from here.

Syncing

• There is problem with my automated scheduled sync. It doesn't happen.
• 'Sync Now' is not working

There is problem with my automated scheduled sync. It doesn't happen.

• Farm server credential might have changed and the same might not have been updated in SharePoint Manager Plus. In this case, update your farm server password in the SharePoint Manager Plus and try.
• Or there might already be a scheduled sync running.

Sync Now is not working

• Farm server credential might have changed and the same might not have been updated in SharePoint Manager Plus. In this case, update your farm server password in the SharePoint Manager Plus and try.
• Or there might already be a scheduled sync running.

Required Local Group Policy Settings

This group policy settings needs to be done in machine where SharePoint Manager Plus application is installed.

To enable client-side CredSSP to allow user credential delegation for winrm for your target machine in the domain, set the following policy values:

• Computer Policy → Administrative Templates → System → Credentials Delegation → Allow Delegating Fresh Credentials → Set to enabled and add WSMAN/* to list of servers(For eg: WSMAN/mysharepointserver.domain.com), check the box for Concatenate OS defaults with input above
• Computer Policy → Administrative Templates → System → Credentials Delegation → Allow Delegating Fresh Credentials with NTLM-only server authentication → Set to enabled and add WSMAN/* to list of servers(For eg: WSMAN/mysharepointserver.domain.com), check the box for Concatenate OS defaults with input above
• Computer Policy → Administrative Templates → Windows Components → Windows Remote Management (WinRM) → WinRM Client → Allow CredSSP authentication → Set to enabled

Creating custom PowerShell session configuration

Perform the below steps on the SharePoint Server Machine: Open the PowerShell as administrator,

• Register-PSSessionConfiguration -PSVersion 2.0 -Name ps2

Now, open the SharePoint Manager Plus installation location and go to ManageEngine\SharePoint Manager Plus\bin folder,

• Open command prompt as administrator at this location and run connectDb.bat
• Run the query in the command prompt window, Update ParamValueRelation set VALUE='ps2' where PARAM='PS_CONFIG_DEFAULT';

Windows Azure AD v2 (AzureAD) module must be installed to sync Azure AD Users.

Windows Azure AD v2 (AzureAD) module must be installed to sync Azure AD users. Please follow the below mentioned steps with administrative rights:

1. If you had already installed PowerShellGet and nuget package provider, proceed to step (2).
• Install PowerShellGet using this link
• Install nuget package provider in PowerShell with the following command Install-PackageProvider -Name Nuget -MinimumVersion 2.8.5.201 -Force;
2. Now, use the below command to install Azure AD v2 (AzureAD) module Install-Module -Name AzureAD -Force
3. If the problem still persists, your firewall might be blocking it. Please contact support@sharepointmanagerplus.com.

Azure AD module is incompatible with 32-bit version of the product.

You must be using 32 bit version of Sharepoint Manager Plus. Windows Azure Active Directory Module v2 (AzureAD) must be installed to get users from Azure Active Directory, which is not available in 32 bit version.

Hence follow the below mentioned steps, 

1. Download and install Sharepoint Manager Plus (64-bit)
2. To install Azure Active Directory Module v2 (Azure AD):
• Install PowerShellGet using this link
• Install nuget package provide in PowerShell with the following command Install-PackageProvider -Name Nuget -MinimumVersion 2.8.5.201 -Force;
• Now, use the below command to install Azure AD v2 (AzureAD) module Install-Module -Name AzureAD -Force
• If the problem still persists, your firewall might be blocking it. Please contact support@sharepointmanagerplus.com.