You have Active Directory groups being sync’d to Azure AD via Azure AD Connect. These sync’d groups are being used for assigning licenses in your tenant. If you delete one of these groups from your Active Directory, AD Connect throws an error and you get an error alert email.
The error says:
The cause of the error is not clear. This operation will be retried during the next synchronization. If the issue persists, contact Technical Support.
If you open the Azure AD Connect Synchronization Service, you can also see the error there:
AAD Connect Error
If you try to delete the same group via PowerShell, you get the following error:
Remove-AzureADGroup : Error occurred while executing RemoveGroup.
Message: Group deletion is not allowed.
Azure AD blocks group deletion when the group is being used to assign licenses. This is to help protect you from accidentally removing all of your users’ licenses with a single action.
Remove the license assignment from the group and run the sync again. You can kick off the sync from your AAD Connect Server by running:
Group Based Licensing: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-group-assignment-azure-portal
When creating Teams in Office 365, you may notice that the files and wiki features (items that depend on access to the back-end SharePoint site collection for the Office 365 group) do not work correctly.
Here is an example of the error In Teams UI
Hang tight, we’re busy making space for your Wiki. Wait a few minutes then try again.
Even after waiting 24 hours, the connection still does not work. Additionally, if you select the “Open in SharePoint” option from the channel menu:
You are given this error message:
We are setting up your file directory.
Lastly, and this is the cause of the issue, you see this error if you try to browse to the underlying SharePoint site collection from off-premises.
Due to organizational policies, you can’t access these resources from this network location.
Your organization has IP restrictions setup in the SharePoint Online tenant to restrict which source IP addresses are allowed to connect to your sites.
These restrictions can be configured in the SharePoint online Admin Portal:
- Open the Office 365 Admin Portal
- Browse to Admin Centers -> SharePoint
- Click on Device Access on the left navigation
- Check the Control access based on network location section for any IP restrictions. Your organization may have put their public IP ranges in this field to limit access to on-premises only.
Microsoft teams requires that it (the teams infrastructure) can access your SharePoint tenant. Check with your organization about removing the IP restrictions from SharePoint Online device access policy.
You may experience an error when connecting to SharePoint Online (or other Office 365 services) via PowerShell. All you get back is a generic:
Connect-SPOService : Unexpected response from the server. The content type of the response is “text/html;
charset=UTF8”. The status code is “OK”.
PS C:\Windows\system32] Connect-SPOService -Url https://tenant-admin.sharepoint.com
Connect-SPOService : Unexpected response from the server. The content type of the response is "text/html;
charset=UTF8". The status code is "OK".
At line:1 char:1
+ Connect-SPOService -Url https://tenant-admin.sharepoint.com
+ CategoryInfo : NotSpecified: (:) [Connect-SPOService], ClientRequestException
+ FullyQualifiedErrorId : Microsoft.SharePoint.Client.ClientRequestException,Microsoft.Online.SharePoint.PowerShel
This can happen when your corporate web filter blocks the traffic to your admin URL, such as https://tenant-admin.sharepoint.com. Check the logs on the web filter / proxy to ensure the traffic is being allowed.
Issue / Symptoms
Fuzzy / phonetic name searching is not working in people search in SharePoint 2013. For example, if you search for my name as “myree” (which is how it sounds), you would not get my profile as a result.
Here is a good reference on finding if your farm is having this issue (however the fix suggested is no longer the recommended solution): https://blogs.msdn.microsoft.com/ronalg/2015/02/25/sharepoint-2013-fuzzy-and-phonetic-people-search-dont-appear-to-be-working/
How to Reproduce the Issue
- Turn up logging level by running the following command (do this on non-prod or off hours)
- Open ULS log viewer and create a filter on “EN_EN.mdl” OR “fuzzy”
- Browse to the people search page and enter a name
- You will see entries similar to the following if your farm has this problem
On Query Server:
10/25/2016 13:07:45.13 NodeRunnerQuery2-936ea3ce-afa6- (0x0C0C) 0x270C Search Fuzzy Name Search ajyfa Unexpected CCANameProjector : Exception:Exception : Access to the path ‘E:\Program Files\Microsoft Office Servers\15.0\Data\Office Server\CanonicalResources\ProjectionModels\EN_EN.mdl’ is denied. encountered while attempting to load the Projection Model Catalog E:\Program Files\Microsoft Office Servers\15.0\Data\Office Server\CanonicalResources\ProjectionModels\EN_EN.mdl for Language : en encountered while attempting to load the projection model. 3af3b09d-aa93-906f-2913-467b8e5e0f93
On Crawl Server:
CCANameProjector : Exception:Exception : Access to the path ‘E:\Program Files\Microsoft Office Servers\15.0\Data\Office Server\CanonicalResources\ProjectionModels\EN_EN.mdl’ is denied. encountered while attempting to load the Projection Model Catalog E:\Program Files\Microsoft Office Servers\15.0\Data\Office Server\CanonicalResources\ProjectionModels\EN_EN.mdl for Language : en encountered while attempting to load the projection model.
CCAMetadataProducer : Fuzzy metadata generation failed to load resource for language: en.
CCAMetadataProducer : Fuzzy metadata generation failed for the current record. Check logs for more details.
- Remember to turn log levels back down!
If you watch the search index directory using procmon while running searches or profile crawls, you will see the access denied messages.
This is a known bug in SharePoint 2013. It has been there since RTM. The good news is that it is finally fixed in the July 2016 CU for SharePoint 2013. This happens in scenarios when you run in the recommended way of having a separate service account (domain account) for the service service. Under this condition, the service account does not have the permissions that the code requires. The fix in the July CU changes the code so that read only access is all that is required on the search index directory.
Upgrade your farm to at least the July 2016 CU. Once this fix has been applied, you will likely need to wait 1 day for all of the indexing / processing to take place before fuzzy / phonetic searches start working.
After waiting a day, test this out using the SharePoint Search Query Tool. Make sure you have nicknames and Phonetic enabled as shown below:
If you can’t upgrade your farm for whatever reason, a temporary workaround would be to add your search service account to WSS_ADMIN_WPG local security group. This change would require a reboot (or a service restart).
After running a web test, you see an error such as this:
Could not read result repository: Unknown transaction id in results: XX.
Will display the runtime result instead of the repository result.
You also get a similar error when you try to load historical results from the “Open and Managed Load Test Results” screen. In my case, I am running Visual Studio 2015 with Update 3. The controller and agents are 2013 with update 5.
Solution / Workaround
In this case, the workaround is to update your load test “Run Settings” to include a “Cool-down Duration”. This can set by:
- Open the load test file
- Click on the run settings section (the active one)
- In the properties window, set the “Cool-down Duration” to at least 1 minute:
We have some really long running queries in our SSRS SharePoint integrated mode environment. After a few minutes of processing, we would see the following error:
Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The status code returned from the server was: 12019
Interestingly, this issue only occurs when using IE. In Chrome, the report keeps running and works fine.
In our environment, we have an F5 BigIP as the load balancer in front of SharePoint. All we needed to do was set the Idle Timeout to 3600 (default was 300) on the TCP profile for the virtual server.
In other load balancing solutions, there are likely similar settings.
A bug in the .net framework causes SQL Server Reporting Services (SSRS) reports to “lose” their parameter values when paging through the report when to stay on a page for longer than 1 minute.
When you click the next page button, you will be presented with the parameter prompt again:
- You have a multi-page report in SSRS in SharePoint that includes required parameters
- If you sit on a page of the report for more than 1 minute, you are re-prompted for parameter values and must re-run the report
This is a known problem in the .NET framework. Please reference the following KB: https://support.microsoft.com/en-us/kb/2996566
MSFT does not have the download link published, so you will need to contact support to be sent the hotfix. As of this writing, this hotfix has not been included in any public patches or updates.