Restoring SharePoint WebApp

I have seen all kinds of issues while moving sites, webapps  from one environment to other. If your restoring a webapp on the same farm then you might get away with minimum trouble shooting but if its a different farm then you are at the mercy of google.

You can start with below trouble shooting steps.  I am assuming that you are restoring a webapp from Farm A to Farm B running with different service accounts.

  1. Backup the DB on Farm A and Restore it to SQL server of Farm B.
  2. Add all the service accounts from Farm A to Farm B and assign these accounts same permissions like that of Farm A, including local server admin permissions. DO NOT CHANGE ANY EXISTING SERVICE ACCOUNTS ON FARM B.
  3. Create a new webapp
  4. Dismount the DB on of this new webapp using Powershell  Dismount-SPContentDatabase. 
  5. Mount the restored DB using powershell  Mount-SPContentDatabase “MyDatabase” -DatabaseServer “MyServer” -WebApplication http://sitename

Now You should be able to open the webapp on FarmB.

You can also create the new webapp on Farm B using the restored DB instead of new DB but I have seen issues some times with this process. So I would like to create new site and then mount the existing DB.

Permissions of service accounts is the KEY here. As the DB was built on a different farm with a different account it will still look for that account during the initialization. One way to move all the service accounts which are on the sql server is below

On SSMS click View->object explorer details.  Now click on security->logins which will display all the logins on object explorer details window. Select all the logins here->right click and script to new query window. You can run this query on Farm B SQL server to duplicate the accounts. Again do not forget to verify any local admin permissions if has on Farm A and replicate it on Farm B.

Cannot Delete SP WebApp

Getting right the first time is the Key for successful SharePoint implementation. Now when I say first time I am talking about production environment implementation. You practice on a sandbox, make all mistakes you can, get the steps right eventually and then implement on production. If not, then sometimes simple things like adding a webapp or deleting a  webapp can cause issues. For instance, orphaned webapp issue which might occur while you are deleting a webapp using

Remove-SPWebApplication -Identity http://webapp -Confirm

Below is the error

Remove-SPWebApplication : An object in the SharePoint administrative framework, “SPWebApplication Name=WebappTest”, could not be deleted because other objects depend on it. Update all of these dependants to point to null or different objects and
retry this operation. The dependant objects are as follows:
At line:1 char:1
+ Remove-SPWebApplication -Identity https://portalsb -Confirm
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (Microsoft.Share…PWebApplication:SPCmdletRemoveSPWebApplication) [Remove-SPWebApplication], InvalidOperationException
+ FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletRemoveSPWebApplication

Error is self explanatory but you would think ,,yes of course there are objects associated with this webapp because they are part of the webapp itself and are created during the creation of webapp or adding stuff to the webapp and Remove-SPWebApplication should identify all the ties to the webapp and delete it. The answer is yes ideally Remove-SPWebApplication should take care it but situation here is that of orphaned objects or orphaned web app. Adding and deleting content DB’s or  removing webapp doesn’t go right first time or for some other reason  you are here  facing this error then below steps might help you.

  1. Identify webAPP ID by  select * from Objects (nolock) where Name like ‘%Webappname%’ . Run this against config DB
  2. Use this WebAppID you got from step #1 and run select * from SiteMap (nolock) where ApplicationId = ‘WebAPPID’ . Run this against config DB
  3. Delete Content Database ID from Configuration database, using following command STSADM -O deleteconfigurationobject -id <DatabaseID from previous query> . You can use powershell to run this.
  4. Now delete the application using Remove-SPWebApplication -Identity http://webapp -Confirm

WARNING: Messing with SharePoint databases is not supported by Microsoft and might negatively effect warranties and stuff . Its a BIG no no from Microsoft support. So do not use this method on production environment but contact Microsoft support

 

“Cannot generate SSPI context” error message

If you deal with MS SQL Server should have seen this error message. I faced this issue few times under different scenarios. When I fixed this recently I thought I should write it down  so it could help someone.

One classic scenario  you get this error is if you change the SQL server service account and suddenly you cannot connect to the server from a different machine using SSMS. Meaning using TCP over the network. Mind you, service account needs to be a domain account. The issue here is that there is no valid SPN and server is not able to authenticate the user.

The authentication from a different computer is delegated by using one of the following

  • NTLM over Named Pipes (not using Security Support Provider Interface [SSPI])
  • NTLM over TCP/IP sockets with SSPI
  • Kerberos authentication over TCP/IP sockets with SSPI

“Cannot generate SSPI context” error is generated when SSPI uses Kerberos authentication to delegate over TCP/IP and Kerberos authentication cannot complete the necessary operations to successfully delegate the user security token to the destination computer that is running SQL Server” The newly added service account is not able to create SPN’s which is required for kerberos authentication.

You can assign proper permissions to the service account on the active directory directory service so it can generate SPN’s dynamically by following below steps

To grant the appropriate permissions and user rights to the SQL Server startup account, you must be logged on as a domain administrator, or you must ask your domain administrator to do this task.

To configure the SQL Server service to create SPNs dynamically, follow these steps:

  1. Click Start, click Run, type Adsiedit.msc, and then click OK.
  2. In the ADSI Edit snap-in, expand Domain [DomainName], expand DC= RootDomainName, expand CN=Users, right-click CN=AccountName, and then click Properties.

    Notes

    • DomainName is a placeholder for the name of the domain.
    • RootDomainName is a placeholder for the name of the root domain.
    • AccountName is a placeholder for the account that you specify to start the SQL Server service.
    • If you specify the Local System account to start the SQL Server service, AccountName is a placeholder for the account that you use to log on to Microsoft Windows.
    • If you specify a domain user account to start the SQL Server service, AccountName is a placeholder for the domain user account.
  3. In the CN= AccountName Properties dialog box, click the Security tab.
  4. On the Security tab, click Advanced.
  5. In the Advanced Security Settings dialog box, make sure that SELF is listed under Permission entries.

    If SELF is not listed, click Add, and then add SELF.

  6. Under Permission entries, click SELF, and then click Edit.
  7. In the Permission Entry dialog box, click the Properties tab.
  8. On the Properties tab, click This object only in the Apply onto list, and then make sure that the check boxes for the following permissions are selected under Permissions:
    • Read servicePrincipalName
    • Write servicePrincipalName
  9. Click OK three times, and then exit the ADSI Edit snap-in.

 If the above steps does not fix the issue

  1. Verify if the service account under which SQL service was running before has any SPN’s by using setspn -L serviceaccountname.
  2. Delete the SPN using setspn -d MSSQLSvc/server name:port

An SPN for SQL Server is composed of the following elements:

  • ServiceClass: This identifies the general class of service. This is always MSSQLSvc for SQL Server.
  • Host: This is the fully qualified domain name DNS of the computer that is running SQL Server.
  • Port: This is the port number that the service is listening on.

For example, a typical SPN for a computer that is running SQL Server is as follows: MSSQLSvc/SQLSERVER1.northamerica.corp.mycompany.com:1433

3. Add new SPN for the new service account using setspn -s MSSQLSvc/SQLSERVER1.northamerica.corp.mycompany.com:1433 serviceaccountname . This is SPN is with fully qualified domain . You also need to add one for netbios name MSSQLSvc/SQLSERVERNAME  ServiceAccountName.

Now you should be able to connect to SQL server from a different machine. Meaning using TCP over the network.