SharePoint: Users forced to re-authenticate unexpectedly
This post covers the scenario where users log in via Trusted Provider / SAML-claims, (like ADFS, Ping, Okta, Site Minder, etc) and intermittently, they are redirected back to the login page to re-authenticate. There are a few pieces of information you need for a scenario like this (beyond normal scoping): 1. Output of Get-SPSecurityTokenServiceConfig from one
SharePoint 2016: Active Directory Import timer job does not run – AllowServiceJobs
This is an interesting “gotcha” that came up recently: Problem: The Active Directory Import (UserProfileADImportJob) timer job does not run. It’s enabled and scheduled to run (default every 5 minutes), but never runs.The result is that the user profiles never get imported. Cause: All the servers in the farm that are running the User Profile
SharePoint 2016: Some Profile Pictures are not imported from MIM 2016
Problem: Consider the following scenario: You have SharePoint 2016 set up to import user profiles from Microsoft Identity Manager (MIM) 2016. You have configured User Profile Pictures (PictureURL property) to import from Active Directory Attribute ThumbnailPhoto. See my related blog post here. You run the Sync, and everything is successful including the Export sync step.
SharePoint 2013: User Profile Incremental Synchronization timer job fails with Access Denied
Problem: Consider the following scenario:The User Profile Service (the web service, not the Sync service) is running on two servers in the farm: App1, App2.In that case, the <UPA name>- User Profile Incremental Synchronization timer job (internal name: ProfileImportJob) can run on either server. The User Profile Synchronization Service is running on App2.When the User
SharePoint: Facts and Troubleshooting the Claims To Windows Token Service (C2WTS)
Update: 3/18/24 — Added fact: the C2WTS is deprecated in SharePoint Server Subscription Edition. Update: 3/31/22 — Added a reference to a related post from my colleague Mike: Unable to start the C2WTS Facts: 1. In SharePoint Server Subscription Edition (SPSE), the C2WTS has been deprecated. The service still shows up in Central Administration, but the
SharePoint: Users randomly lose permission – are deleted from site
Update 11/16/22: I’ve just tested this in the latest (November 2022) builds of both SharePoint 2019 (16.0.10392.20000) and SharePoint Server Subscription Edition (16.0.15601.20226). The problem still occurs in those builds. This is a good one. It appears to be both random and intermittent (it’s actually neither), and is extremely hard to track down. It’s known
SharePoint 2013 & 2016 – Manager and Assistant values swapped in User Profiles
Here’s one that was a problem in SharePoint 2013, was fixed, but never ported to SharePoint 2016, so we had to fix it again. Consider the following scenario: You are importing user profiles from Active Directory (AD). This can happen using any of the profile import methods for either SharePoint 2013 or 2016. 2013: SharePoint