SharePoint Server 2013, Active Directory Groups and the access denied problem caused by token lifetime.

A while ago we experienced some issues when using Active Directory groups and SharePoint Server 2013. We added users to Active Directory groups which were added to SharePoint groups, but the users who got access using this method, still got access denied. After some investigation we found the problem.

In SharePoint 2013 all authentication is being handled through claims which are managed by the Security Token Service (STS). The STS is responsible for issuing security tokens to users. A user which has logged on to SharePoint will be authenticated and granted a token with his group membership. These tokens have a certain lifetime and will not be updated until they expire. The property which controls this is the WindowsTokenLifetime property – according to the documentation is it normally set to 1380 minutes or 23 hours -  see Set-SPSecurityTokenServiceConfig for more details. (On one of my SharePoint 2013 it seemed to be 10 hours).

Therefore users who had already logged on to the SharePoint Server did not get the required tokens for their new AD group membership until the token expired. You can however change the token expiration in the following way:

$sts = Get-SPSecurityTokenServiceConfig
$sts.WindowsTokenLifetime = (New-TimeSpan -Minutes 15)
$sts.LogonTokenCacheExpirationWindow = (New-TimeSpan -Minutes 15)
$sts.Update()

Changing the WindowsTokenLifeTime will probably have a performance impact since there will be a lot more requests going from the STS to your Active Directory domain controllers. I haven’t found clear guidance or best practices about this, so feel free to leave a comment.

Technorati Tags: SharePoint2013,sp2013,SharePoint,administration,Active+Directory,claims+authentication

Community Day 2013: Building search-driven Windows 8 and Windows Phone 8 apps for SharePoint Server 2013

Building search-driven Windows 8 and Windows Phone 8 apps for SharePoint Server 2013 from Joris Poelmans

Technorati Tags: SharePoint,SP2013,WP8,Windows8,Search

Quick tip - copying files from your host to Hyper-V guest

I have been working with VMWare for quite a while but recently switched to Hyper-V on my Windows 8 portable. One thing I’m still struggling with is the ability to easily copy files from my host OS (Windows 8) to my guest OS which is running in Hyper-V. Currently I’m using Folder2Iso to quickly create ISO files which I then mount in my Hyper-V environment. If anyone knows of a better way of doing this – please leave a comment.

SharePoint Service Applications: SharePoint 2013 versus 2010

Service Applications	Description	SPS 2010 Std	SPS 2010 Ent	SPS 2013 Std	SPS 2013 Ent
Access Services	Let’s user view, edit and interact with Access 2010 databases which are published to SharePoint in a web browser		X		X
App Management service	Provides administrators the ability to manage new SharePoint apps. Apps can be purchased from an external vendor or developed internally. It checks user access permissions and licensing for app usage.			X	X
Application Discovery and Load Balancer service	A.k.a. Topology web service. SharePoint has a built in basic load balancer  that provides administrator with fault-tolerant out of the box SharePoint service applications. See SharePoint 2010 Service Application Load Balancer for more details.	X	X	X	X
Business Data Connectivity service	Gives access to line-of-business data systems – also check out the Business Connectivity Services code samples for SharePoint 2013	X	X	X	X
Excel Services Application	Let’s users view and interact with Excel files in a web browser		X		X
Machine Translation service	Provides automatic translation of sites and files (See Machine Translation Services in SharePoint 2013 for more details)			X	X
Managed Metadata service	Manages taxonomy hierarchies,keywords and social tagging infrastructure, and publish content types across site collections	X	X	X	X
Office Web Apps Service	Office Web Apps is now a separate product, rather than a SharePoint Service Application. See Use Office Web Apps with SharePoint Server 2013 for more details.
PerformancePoint Service Application	Let’s users create dashboards and balanced scorecards		X		X
PowerPoint Automation service	Performs automated bulk PowerPoint conversions to other formats (pptx,pdf,xps,jpg,png) (See PowerPoint Automation Services in SharePoint  2013 for more details)			X	X
Search service	Crawls content, produces index partitions and serves search queries	X	X	X	X
Secure Store service	Provides single sign on authentication to access multiple applications or services	X	X	X	X
State service	Provide temporary storage of user session data for SharePoint Server components	X	X	X	X
Usage and Health Data Collection service	Collects farm wide usage and health data and provides the ability to view various usage and health reports	X	X	X	X
User Profile service	Adds support for My Site sites, profile pages, social tagging and other social computing features	X	X	X	X
Visio Graphics service	Let’s users view and refresh published Visio diagrams in a web browser		X		X
Web Analytics service	Collect, reports, and analyzes the usage of SharePoint Server sites. The functionality of the Web Analytics service has been incorporated into the Search service	X	X
Work Management service	Enables users to synchronize and aggregate tasks between different Microsoft products such as Exchange, SharePoint and Project Server. See Configure Exchange task synchronization in SharePoint Server 2013 for practical details or the My Tasks aggregation in SharePoint Server and Exchange Task integration white paper			X	X
Word Automation service	Performs automated bulk document conversions.	X	X	X	X
Subscription Settings Service	Provides multi-tenant functionality for service applications. Tracks subscription IDs and settings for services that are deployed in partitioned mode. Deployed through Powershell only.	X	X	X	X

For more information about the SharePoint 2013 service applications check out the Services in SharePoint Server 2013 Visio diagram on Technical diagrams for SharePoint 2013 (Technet)

Technorati Tags: SharePoint+2013,SharePoint+2010,SharePoint,administration,Microsoft,SP2013,SP2010

How to use FM Radio API in Windows Phone

In this post I am going to show you how to use FM Radio API in Windows Phone.

The Microsoft.Devices.Radio namespace contains the FMRadio API

Step-1
Add the following name space in your .CS file.
using Microsoft.Devices.Radio;
 
Step-2

  1: // create an instance of the FMRadio class.
  2: FMRadio oRadio = FMRadio.Instance;
  3: // Turn the radio on.
  4: oRadio.PowerMode = RadioPowerMode.On;
  5: // set the region. 
  6: oRadio.CurrentRegion = RadioRegion.UnitedStates;
  7: // set the frequency.
  8: oRadio.Frequency = 94.9;

Download Source code here

 

Happy Coding

Resolving XMind can’t open after updating to JRE7

 

I recently noticed that XMind stopped working after updating to Java Runtime Environment (JRE). It gave an error stating

A Java Runtime Environment (JRE) or Java Development Kit (JDK) must be available in order to run XMind. No Java virtual machine was found after searching the following locations: C:\Program Files (x86)\Java\jre6\bin\javaw.exe

I solved it by simply making a copy of the JRE7 folder (default installed underneath C:\Program Files (x86)\Java ) and renaming that copy to JRE6.  Worked like a charm.

 

Technorati Tags: XMind,JRE,Java

Some quotes from actual performance appraisals

"Since my last report, this employee has reached rock bottom and has started to dig."
"His men would follow him anywhere, but only out of morbid curiosity"
"I would not allow this employee to breed"
"This employee is really not so much of a has-been, but more of a definite won't be"
"Works well when under constant supervision and cornered like a rat in a trap"
"When she opens her mouth, it seems that it is only to change feet"
"He would be out of his depth in a parking lot puddle"
"This employee is depriving a village somewhere of an idiot"
"This employee should go far, and the sooner the better"
"Got a full 6-pack, but lacks the plastic thing to hold it all together"
"A gross ignoramus - 144 times worse than an ordinary ignoramus"
"He certainly takes a long time to make his pointless"
"He doesn't have ulcers, but he's a carrier"
"I would like to go hunting with him sometime"
"He's been working with glue too much"
"He would argue with a signpost"
"He has a knack for making strangers immediately"
"He brings a lot of joy whenever he leaves the room"
"When his IQ reaches 50, he should sell"
"If you see 2 people talking and one looks bored, he's the other one"
"A photographic memory but with the lens over the cap"
"A prime candidate for natural deselection"
"Donated his brain to science before he was done using it"
"Gates are down, the lights are flashing, but the train isn't coming"
"Has 2 brains, one is lost, the other is out looking for it"
"If he were any more stupid, he'd have to be watered twice a week"
"If you give him a penny for his thoughts, you'd get change"
"If you stand close enough to him, you can hear the ocean"
"It's hard to believe that he beat out 1,000 other sperm"
"One neuron short of a synapse"
"Some drink from the fountain of knowledge, he only gargled"
"Takes him 1 1/2 hours to watch 60 Minutes"
"The wheel is turning, but the hamster is dead"

Technorati Tags: Fun,HR,Employee+reviews