- Stop the User Profile Synchronization Service running on the Application Server
- Open Central Administration and navigate to Security > Configure Managed Accounts
- Click the Edit button in line with the Farm account
- Check the Change password now checkbox and enter a new password. Remember to make a note of this password and click ok.
If you receive an ‘Access is Denied’ error, log into the Active Directory Server, right click the Farm account username and bring up the properties. Click the Account tab and ensure that the ‘User Cannot Change Password’ checkbox is unchecked.
- Once this is done, you will need to update the password for the Forefront Identity Manager Service and Forefront Identity Manager Synchronization Service under Services on the Application Server.
- Make sure the Farm account is added to the Administrator’s group on the Application server and start the User Profile Synchronization Service under System Settings > Manager Services on Server.
- Once the service is running, reboot the Web Front End and Application Servers.
- Log into the APP server with farm service account, eg: svc-spfarm
- Add svc-spfarm account to Administrators group.
- If the ‘Forefront Identity Manager Synchronization Service’ is disabled, leave it like this, but make sure the ‘Forefront Identity Manager Service’ is running under the farm account.
- Go to Central Admin > Services on Server > App Server and click Start to start the User Profile Synchronization Service. This will ask for the farm username and password. Wait 10 mins, the service status should now say ‘Started’.
- Then go to Central Admin > Application Management > Manage Service Applications > User Profile Service Application and check the Connections to ensure there is a connection displayed.
- On the same page click the “Start Profile Synchronization” link to start an incremental sync.
In SharePoint 2010, you may notice some users exist in Active Directory but may not show in the SharePoint portal. The SharePoint log files indicates the following:
Medium Usage Logging Importer: Exception occured while retrieving profiling information for the user=DOMAIN\firstname.lastname: Microsoft.Office.Server.UserProfiles.UserNotFoundException: An error was encountered while retrieving the user profile.
You then go to Application Management > Manage Service Applications > User Profile Service Application > Manage User Profiles and search for the particular user. Unfortunately the user does not show up in the search results but you know the user exists in Active Directory.
If you go to the ‘Configure Synchronization Connections‘ page, you will notice there are no connections available.
To solve this, you will either need to create a new synchronization connection (when you do this you may receive ‘MOSS MA not found’ error) or if a connection did exist then make sure the ‘Forefront Identity Manager Service‘ is running under Administrative Tools > Services on the Application Server. Once this service starts running again, your synchronization connection will show up or if creating a new connection you will not see the ‘MOSS MA not found’ error. Then click ‘Configure Synchronization Timer Job‘ link and click the ‘Run Now‘ button to start an incremental synchronization of all your user accounts and groups in Active Directory.
In SharePoint 2010, when you try to set up the Secure Store Service Application, one of the first steps is to generate a key. You open up the page under Central Administration > Application Management > Manage Service Applications > Secure Store Service to add a passphrase but see the error message “An error occurred during the “Generate Key” process. Please try again or contact your administrator”.
Looking at the ULS logs you may see this:
“7557 Critical The Secure Store Service application Secure Store Service is not accessible. The full exception text is: User does not have permission to perform the operation.”
This could be due to the user account that is logged in to the Central Administration page not having enough permissions to generate the key.
Try using the Farm account.
Scenario: You’ve just changed the logo on your SharePoint 2010 Intranet site but you as an Administrator or Site Collection owner are the only one who can see it? You’re users see a red cross?
Reason: When you add any image or file to the Site Images document library, the item is saved as a Draft version. Your end users cannot see Draft versions unless you give them access.
Go to your Site Images (Publishing Images) folder under All Site Content and:
- Go to Library Settings > Versioning settings
- Under Content Approval, select ‘No’ for Require content approval for submitted items?
- Under Document Version History, select ‘No Versioning’
- Under Require Check out, select ‘No’ for ‘Require documents to be checked out before they can be edited?’
Scenario: The user has Full Control to a SharePoint Document Library, however when the user tries to create a list template they see an Access Denied error, similar to the one below.
This could be related to MOSS 2007 or SharePoint 2010 and maybe SharePoint 2013 too.
Solution: User needs Design rights on the List Template Gallery found under Site Settings > List Template Gallery.
- Create new Permission level with ‘Manage Lists’ and ‘View Items’ options checked under ‘List Permissions’. Also, check the ‘View Pages’ and ‘Open’ permissions under ‘Site Permissions’.
- Go back to Site Settings > Site Permissions and create a new custom group. Leave the group empty.
- Go back to the Site/List Template Gallery > library permissions and click ‘Grant Permissions’. Bring up the directory window and type the name of the custom group you created in the previous step.
- Select the ‘Grant users permissions directly’ radio button and check the new Permission level created above.
You log into Central Administration for SharePoint 2010 > System Settings > Services on Server and notice some of the services are stuck at ‘Starting’ or ‘Stopped’.
This could be due to the fact that SharePoint 2010 Administration Service (spadminv4) is not running on the Server. But when you try to start the service, it does not start in a timely fashion. To learn how to start the SPAdminV4 service follow this article: SharePoint 2010 Administration Service Not Starting
1. To solve the ‘Starting’ and ‘Stopping’, log into the server running Central Admin with the Farm account. Ensure the Farm account is a member of the Administrator’s group on the server you are logging in to;
2. Open a Powershell command window and Run as Administrator;
3. To get all the services running on a particular server, run the following command ‘Get-SPServiceInstance –Server ‘servername’. This will bring up a list of services running on the server like below.
4. To stop the service, enter the following command ‘Stop-SPServiceInstance’ and the GUID of the services from the screen above.
5. The status will now change from ‘Starting’ to ‘Stopping’. This will however not complete if the SharePoint 2010 Administration service is still not running. To stop it, run ‘Start-SPAdminJob’. Refer to this article for more info: http://technet.microsoft.com/en-us/library/ee513051%28v=office.14%29.aspx
6. Give it 10 seconds and the service should now be either ‘Stopped’.
7. The ‘Stop-SPServiceInstance’ command can be used to stop a Provisioned service too. A provisionsed service will have a status of ‘Starting’ or ‘Started’.
8. If the service status is ‘Unprovisionsed’, it means the service is ‘Stopped’ or ‘Stopping’.
9. To start a service, use ‘Start-SPServiceInstance’