Troubleshooting issues usually encountered with SharePoint

By CIOReview | Wednesday, July 27, 2016

SharePoint is considered as a robust platform for collaboration where users can conduct various diverse operations and further store them in one single location. But, the intricate complexity of the system proves to be frustrating for even the most experienced users. SharePoint bases itself upon six essential features - business intelligence, business processes, enterprise content management, search, portals, and collaboration. Moreover, most of these features are inter-related with each other, thus making it a difficult task to identify and segregate the issue for users, developers, and administrators. Troubleshooting problems in such a complex and intertwined environment demands the administrator to be proficient and experienced in isolating SharePoint errors, which can be gained from practice and patience. Let us browse through some of the usual challenges encountered by users collaborating through SharePoint and devise methodologies so as to troubleshoot those.

Integration of SharePoint RSS feeds within SharePoint

Microsoft integrates an out-of-the-box RSS Reader Web part within SharePoint, allowing users to include external RSS feeds. For instance, the feature enables users to embed Google News in their SharePoint site. But, the compatibility issue which arises between out-of the-box RSS Web part and SharePoint RSS feeds poses to be a major consternation. This problem arises as SharePoint sites require proper authentication.

The problem can be usually approached in two systematic ways. First, anonymous access can be created for the lists which are supposed to be distributed through RSS. This approach can be considered as a viable option for the non-secure content that lies within the intranet. Moreover, this will allow out-of-the-box Web part to consume and present the feeds. An alternate approach can be considered incase users don’t prefer enabling anonymous access. In such a scenario, users can consider utilizing few open-source or free Web parts, viz. SharePoint Solution Data Zoom Web Part, RSS Web Part Reader on CodePlex, and Webcoda SharePoint RSS Rotator Web Part.

Double authentication prompts within SharePoint can be infuriating

When trying to download or update a document within SharePoint, administrators have to usually authenticate their credentials once within the security context of the single browser application, followed by mandatory re-authentication upon clicking the document. This is because another security context is created with that click. The same trouble is encountered when Word tries to open a document over WebDav, prompting users to give their credentials again. Microsoft considers this authentication glitch typically as a “problem” reflected “by design.”

The problem of double authentication can be resolved by ensuring few elementary acts. Primarily, users can initiate by implementing Kerberos in their environment. Kerberos is a computer network authentication protocol allowing nodes communicating over a non-secure network to prove their identity to one another in a secure way. Troubleshooting this issue also requires all PCs partaking in a SharePoint site to stay on the same domain, and users must be present in the same Active Directory domain as SharePoint. The final step requires ensuring that there aren’t any network devices, such as firewalls or proxy servers. This step helps to check stripping away of authentication information from the network communications between your PC and the SharePoint server.

Equipping Forms-based and Windows authentication for the same site

This particular problem arises when two separate communities of users are to be granted access to SharePoint. The issue surfaces as not all the users have identities registered in the Active Directory. This problem can be tackled by employing an approach which separates both sets of users by utilizing forms-based authentication for external users and Windows authentication for the internal users. Administers can resolve this issue by incorporating few steps into their SharePoint management strategy.

Administrators can begin by designing a primary SharePoint application in Central Administration by utilizing the Create option for applications, while ensuring that the application is differentiated by a unique host header. The root site collection must be created within the newly generated SharePoint application. Users have to subsequently develop a new SharePoint application using the EXTEND option. The application developed previously is used for the new application, but it must contain a unique host header. This step is followed by opening windows explorer and navigating to the directory for the new application. Users have to edit the web.config and additionally add updates from the Microsoft SharePoint Team Blog to the <system.web> section. Following this, users click on Authentication Providers in Application Management section of Central Administration, and select the primary SharePoint application created originally. Administrators have to click on the secondary application from the file of applications, select forms authentication, provide the names of the Membership provider and Role provider configured earlier, and eventually navigate to Alternate Access Mappings in the Operations tab of Central Administration in the consecutive steps. The last step involves ensuring whether there are two entries for the new applications created, one for the Default Zone and the other for the Extranet Zone.

Segments of central administration requires special access

Administrators handling SharePoint usually rant about inability in accessing certain segments of the site, while navigating through SharePoint’s Central Administration site. This complication arises because SharePoint doesn’t automatically grant global Central Administration rights to their administrators or the end-users.  

To answer the question of access denial, users must obtain permissions to the application. Central Administration, along with Shared Services acts as disparate site collections, segregating all other applications from the main applications. Additionally, it requires the user to play the role of a Site Collection Administrator to ensure that all collections can access the functionality. Moreover, having access to Shared Services isn’t enough as portions of it still demands additional permissions. This difficulty can be addressed by clicking on the Services Permissions option in the User Profiles and Properties section. This helps in ensuring if the user ID has all permissions listed. Furthermore, users can also amend the permissions in Central Administration through the Application Management tab (SharePoint Site Management).

Authorizing SSL certificate for SharePoint

SharePoint administrators usually struggle with obtaining SSL certificate. Users can authorize SSL from any other ordinary website on IIS so as to enable SSL certificate on SharePoint. This is not such a perplexing task, as few simple steps can take care of this issue.

Users can initiate this process by generating the certificate request using the preferred certificate authority (CA) and following the CA’s instructions for downloading the new certificate. This is followed by conclusion of the certificate installation process on your IIS server for the website where the certificate is desired to be applied. Meanwhile, it’s absolutely important to verify if the site is setup such that it can accept traffic over the 443 port. This step can be accomplished by tweaking the website settings through the IIS MMC. The users have to subsequently navigate to SharePoint farm’s Central Administration and choose the Operations Tab. Arriving at this step, users have to click on Alternate Access Mappings from the array of options in the Global Configuration section, which is followed by clicking EDIT PUBLIC URLs option. Finally, to wrap the entire process, users have to just type in the fully qualified URL to the site, ensuring that ‘HTTPS://’ is specified before the address in the CUSTOM zone text box. Desired SSL Certificate will be enabled as soon as “OK” is clicked.