When trying to access SharePoint WSS 3.0 server using the web services API the software service we are developing will hang anywhere between 30-60 seconds when making any call (pick anyone of them, it doesn't matter) against the server for the first time. After this first call is made , each request thereafter is very quick.
This happens on both the local dev install of SharePoint, or against the production SharePoint environment, same results no matter what we try.
When accessing the SharePoint site (both local dev and production) via a web browser using the same log in credentials used with the WSS API there is zero lag time during the authentication process.
This is the code being used via C# to authenticate to SharePoint WSS:
_lists = new Lists
{
Credentials = new NetworkCredential(UserName, Password, Domain),
Url = string.Format("{0}/_vti_bin/Lists.asmx", BaseUrl),
UseDefaultCredentials = false
}; // Reference the list object.
Once the code hits the line below it hangs for 30-60 seconds.
the GetList(string listName)
_lists.GetList("TestList");
Any call thereafter is extremely fast.
One last note. When trying to access the service via Visual Studio, we receive the popup dialog to enter credentials, Discovery Credentials, and it will not authenticate, but we are able to retrieve the list of services. This occurs on both the production and test environments.
Please see images in order of events for adding a web service:
Add Web service:
Next we get three dialog for list, error and meta data and none of them validate.
Close Up for First screen:
We finally hit cancel.
And can see the calls we can make against the service:
Anyone have any ideas?
After about 4 days of searching I came across a clue.
The clue was to change the authentication in the Central Admin of SharePoint to allow anonymous in addition to the Windows authentication mode.
Once that change was made it seems that might have been the fix. The response time went from 30-60 seconds to 1-4. It isn't a 100%, but it allows us to keep developing at a quicker rate.
I hope this might help someone facing the same issues. It was a nightmare. I have no hair left.
Update: This is not a 100% fix.
Related
I am running two Windows server 2016s with IIS 10.0.14393. One server for staging purposes, and one for production.
The application has one "front-end app" and one "back-end REST api" running on the same IIS server. The front end communicates with the backend (suprise!). The difficulty I am facing is that the staging server works as expected, i.e no "Sign in" box appears when entering the front-end web page (React). However, on the production server this box pops-up.
When the page is loaded, there is javascript that fetches some information from the API, and it seems that this async fetch is causing the pop-up to occur (the request is in pending mode until login).
I have studied the configuration of IIS on the two servers but can't seem to find any obvious differences.
Both instances have both windows authentication and anonymous authentication turned on for both front-end and backe-end. I need this as the API has different types of authentication for the endpoints.
Anyone that has solved a similar issue?
Thanks
If someone experiences a similar issue the following link may help: https://support.microsoft.com/en-us/help/258063/internet-explorer-may-prompt-you-for-a-password
In my case I was sending the request to the api with the full domain url. The problem was fixed by just using the machine name (and port in my case) when sending the request. If the whole domain with punctuation is used, the system believes that the request is meant for the Internet and not the intranet, and will not include any credentials.
Another, and probably more robust solution, is to add the site in question to: Internet properties -> security -> Local intranet -> sites -> advanced.
I've been following Microsoft's Teams C# tutorials found here, and have been successful for the most part. However, I cannot seem to get my app to work when I host the messaging endpoint myself rather than via their Azure service, which is not an option for me ultimately as the pricing is outrageous for what we need it to do.
I'm hosting the endpoint myself by publishing the sample project and ensuring it's externally available via HTTPS. I can access a custom tab within Teams, so I know that it's online, it's just the messaging endpoint that seems to fail with an "unable to reach app" error when I try and use the messaging extension via a chat window.
When debugging using dev tools, I get 502 error: Bot returned unsuccessful status code Forbidden, error code 1008. Every potential solution I've seen for similar issues hasn't worked for me thus far, though I still feel like it's something incredibly obvious. Are there special steps that need taking when hosting the endpoint yourself? The docs do a very lousy job of explaining the process, probably because Microsoft want you to pay to host the app on Azure.
This is usually caused by the app id / app key not being registered or used correctly in your app, so it's not authenticating to the bot framework service properly. Where/how you do that depends a bit on what sample code / project template you started with, but it's usually somewhere in a .config file (or previously in a .bot file).
The information that you need will be in:
App Id: The Bot Settings page in Azure
App Key: from the Bot settings page, where you got the AppId above, it links to the App registration itself - within there you'll find the section on keys, and you can create a new key (if you've lost the original one)
I know it's generally an error when AppID validation fails. The bot app requests Azure AD to verify the identity.Could your web server access to Azure AD? If you deny to access to outbound with firewall, you should allow Azure IP range.
Turns out it was purely a network issue, that as of yet we still haven't actually figured out. But we tried hosting the app elsewhere and it was fine. That's my recommendation if anyone else has the same problem!
I have deployed Azure Service Fabric (6.1) in Azure Gov using custom ARM templates which utilize an Azure Active Directory Tenant for authenticating users performing management tasks such as accessing the Service Fabric Explorer and publishing applications to the fabric.
The templates seem to have worked beautifully, as I can point a browser to https://fqdn:19080/Explorer/index.html and immediately I'm prompted for the Azure AD credentials. Upon providing those credentials, the Service Fabric Explorer is presented as expected.
The issue I am having is with Visual Studio Community 2017 (15.5.6). When attempting to publish an application to the Service Fabric, in my case the GettingStartedApplication from Github, the Azure AD authentication window is presented, and then unexpectedly vanishes a few short seconds later. This happens on the 'Publish Service Fabric Application' window within VS. Within this window, there is also a drop-down for 'Connection Endpoint', which is where you enter fqdn:19000. If VS is able to contact the Service Fabric, you'll see a green check appear. In my case, when it contacts that FQDN, that is when I'm initially prompted to log in.
In each case when I have attempted to publish this application, the Azure AD authentication window displays and then vanishes, as noted above. I can click 'Publish' anyway and it begins to build the deployment. Oddly, after a few seconds, the Azure AD authentication window displays again--and once again, after a very brief moment (around 3 seconds), it unexpectedly closes. In some cases, I have been able to enter my username and password quickly enough that it then goes on to the next step--entering a pin number for 2-factor authentication. I'll even actually receive the text message with my pin, but by the time I go to enter it, the Azure AD authentication window has suddenly closed again.
On a side note, 2-factor authentication is not an issue for accessing the Service Fabric Explorer; again, that part is working great.
There was one instance where I was able to enter everything quickly enough, including the pin, without losing the authentication window. The application actually published successfully. Bear in mind, this is out of say a dozen or so attempts.
Any idea what might be happening here?
This was apparently being caused by a timer setting within the project itself to cap out at 10 seconds.
I did some experimenting with Connect-ServiceFabricCluster via Powershell and when I forced -TimeoutSec to 10, I found that the authentication window behaved almost identically to what I was experiencing within VS as originally described.
I then added a TimeoutSec option to in Cloud.xml for the VS project and set it to 120 seconds--vanishing authentication window issue resolved.
I reckon 10 seconds is not enough time for the initial authentication request to pop, allow the user to enter the creds, wait, receive a text for 2-factor, and then finally authenticate with the second authenticator. 30 seconds is probably fairly reasonable.
I have a WebApi project that wraps the Dynamics CRM Online web service and provides a REST api. I have a simple controller that gets some contacts from CRM and returns them to the caller.
Everything works fine when I run it in the local emulator. However, when I deploy the project to Azure, I can reach the home page, but the controllers all return http 500 errors. Why would this happen? And how can I troubleshoot to get more details?
UPDATE
The issue is with the absence of Microsoft.IdentityModel.dll on the Server 2012 instance running the web role in Azure. I found this by opening web role instance in RDP, installing Fiddler, and making the request from Fiddler to the local IIS server. It responded with the detailed error.
Now my issue is figuring out how to enable IdentityModel on a Windows Azure Web Role. You're supposed to be able to add it via the Server 2012 Add Roles and Features wizard, but it's totally locked down on the Web Role. You can't check any boxes that aren't already checked. Is this even possible?
The issue is giving the Web Role access to Windows Identity Foundation when it's inherently not there. Marc Schweigert provides clear steps to do this here:
http://blogs.msdn.com/b/devkeydet/archive/2013/01/27/crm-online-amp-windows-azure-configuring-single-sign-on-sso.aspx
Go to the 23:00 mark of the video and you'll see the 4 necessary steps:
Reference Microsoft.IdentityModel.dll (need WIF SDK installed)
a. Set copy local = true
Create RegisterWIFGAC.cmd in your web role project
Create Startup Task in ServiceDefinition.csdef that invokes RegisterWIFGAC.cmd
Add GacUtil to the project (used in the startup task) to put Microsoft.IdentityModel.dll in the GAC every time the web role starts).
I've been happily using Team Foundation Server with Visual Studio 2010 for the last couple of months at my current place of work when it has suddenly stopped working. I get the following errors:
If I browse to the wiki (Sharepoint) on the TFS server it works fine in Firefox but in Internet Explorer it fails with:
No authority could be contacted for authentication.
I'm not aware of any changes to the server or my machine that would cause the errors and other users of TFS are not affected.
The TFS server is on a different domain to my machine, but usually I get prompted to login and using a domain prefixed username works. At the moment, I don't even get a login prompt anymore.
How do I fix this?
I have recently started to experience a similar issue. We also host TFS on a different domain. Twice in the last week TFS has stopped authenticating users, and I have received messages similar to above. I have no idea what is causing this, but on each occasion SQL Server Agent service was stopped. A reboot of the server and a manual restart of SQL Server agent seems to fix the problem temporarily. I'm not sure if this information is helpful, but I would also really appreciate any help in getting to the bottom of this.
We used a workaround to get past this problem. We configured an entry in the Windows Stored User Names and Passwords tool for the domain of the TFS server. It got around the problem of TFS not prompting for credentials by explicitly supplying them via this tool.
When you change your password for that domain account, you must also change the password here otherwise your account can be locked after failing authentication too many times.
I had the same problem, sorted it by upgrading to tfs2012
In my case, I changed the default port 8080 to port 80 and everything worked fine. but the message could also happen due to wrong saved credentials. you can go to the control panel of the windows and search for credentials manager and then remove your TFS credentials.