SharePoint 2013 Workflow suspended for certain user - Send Email

My scenario was when a user adds an item to the list, 2013 workflow runs on that item and sends out an email to a SharePoint group.


This was functioning for most of the users who had contribute permissions to that list. However there were certain users who also had contribute permissions to the list but the workflow would go to suspended state when those user adds an item. Important thing to notice was that workflow did kick off successfully and did other steps but it went into suspended state when the action to execute in the workflow was to send an email to the SharePoint group.


After narrowing down the issue to only certain users, the next step was to see the difference between users who have contribute access that are able to send an email to the SharePoint group to the users who couldn't.


ULS logs had the following message:


HTTP Unauthorized to /_vti_bin/client.svc/sp.utilities.utility.SendEmail
RequestorId: c4f61784-766a-e0af-0000-000000000000. Details: RequestorId: c4f61784-766a-e0af-0000-000000000000. Details: An unhandled exception occurred during the execution of the workflow instance. Exception details: System.ApplicationException: HTTP 401 {"Transfer-Encoding":["chunked"],"X-SharePointHealthScore":["0"],"SPClientServiceRequestDuration":["96"],"SPRequestGuid":["c4f61784-766a-e0af-bd84-218299c77930"],"request-id":["c4f61784-766a-e0af-bd84-218299c77930"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"MicrosoftSharePointTeamServices":["15.0.0.4454"],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1; RequireReadOnly"],"Cache-Control":["max-age=0, private"],"Date":["Thu, 21 Feb 2013 14:15:02 GMT"],"P3P":["CP=\"ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI\""],"Server":["Microsoft-IIS\/7.5"],"WWW-Authenticate":["NTLM"],"X-AspNet-Version":["4.0.30319"],"X-Powered-By":["ASP.NET"]} at Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context) in d:\bt\98787\private\source\WF\Microsoft.Activities.Hosting\Microsoft\Activities\Hosting\Runtime\Subroutine.cs:line 282 at System.Activities.CodeActivity.InternalExecute(ActivityInstance instance, ActivityExecutor executor, BookmarkManager bookmarkManager) at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor executor, BookmarkManager bookmarkManager, Location resultLocation)


The final resolution which worked for me is from this Microsoft article.

https://support.microsoft.com/en-us/help/2839070/http-unauthorized-to-vti-bin-client-svc-sp-utilities-utility-sendemail

There are a few solutions to this problem.

1. Allow everybody to see the members of the SharePoint group.
2. Remove the SharePoint group from the To or CC line of the email.
3. Explicitly add the users to the To or CC line if the membership visibility cannot be changed for the SharePoint group.

2 & 3 was not meeting our requirements.


Following are the changes I made it to work.


1. Change the group setting on the SharePoint group to which the email was sent to "Allow everyone to see the membership of the group".


2. Also added the user to that SharePoint group. (All the users who had contribute access to the list and was able to run the workflow successfully was part of the SharePoint

SharePoint PowerShell Get-SPWeb Access Denied

I joined a company where they have a strict policy for not using service accounts for any administrative tasks. I was given an admin account for which DBA's provided access in the database. I thought I was set to use PowerShell when some commands(Get-SPsite, Merge-splog etc) worked. However I received the error below when I try to see the sub sites structure in a site collection.



To resolve, follow the steps below.


1. Go to Central Administration -> Manage Web Applications
2. Select the web application on which you are trying to run the powershell. This highlights the options like User policy, permissions policy etc
3. Select the User policy, provide your account details and select the "Full Control".


This gives your account the full control to all the content in that web application.

Folders vs Metadata

Recently I worked with a company in which users heavily used folder structures in SharePoint libraries. They had no idea of Metadata concepts and its uses in SharePoint. They used the folder structure so religiously that many users had forgotten to create new document libraries itself. As a result all they had was one library with many many many folders. On the top of all this they had many folders where permissions inheritance was broken 😟.

I had to train those users about the SharePoint library best practices, uses of metadata in a document library etc by highlighting the difference between folders & using metadata in libraries

Category	Folders	Metadata
Familiarity	Folders are very familiar to the users and easy to create & relate it to windows explorer, network drive.	When the file is uploaded to a library with metadata columns, the user needs to tag or provide value for those columns which might need a little training. However, some columns can be defaulted if we plan the information architecture properly. For example, all the document libraries created in Sales site can have a metadata column "Department" defaulted to "Sales". Or the metadata column called "Document Type" in a "Training Documents" library could be defaulted to "Job Aids" etc.
Navigation	Drill down & up to find the files. Very inconvenient.	You can group the files based on a column value. Less clicks & easy to find files.
Search	Folder names will come up in the search, however there is no way you can refine/filter the results. For example, a folder named as 2017 comes up in the search but if the files inside it doesnt have the year 2017, it doesn't comes up in the search. Also, searching for a report that belongs to the current year "2017 financial statements", the file name should have all those words.	If the SharePoint libraries are created using proper metadata columns and all the files inside it are tagged with the values, we will be able to refine the search results based the metadata column values. For example, when you search for a word "report", if you get 10000 results, you can refine the results by filtering on the department name, year, document type etc. given those are the metadata columns and added as refiners.
Forced Grouping	You will be forced to stick with the folder structure someone else has created. Some likes to create the folders in the following structure. Region->Year->Project Phase->Document Category. Others might like: Year->Document Category->Region->Project Phase structure	No grouping. All those folders names can be metadata in a document library. Every document that gets uploaded will have metadata tag for region, year, project phase & Document category. Users will be able to filter based on the column values. The metadata columns can be created in a taxonomy term store to reused in content types across site collections or web applications.
URL Length	Since the folder name is part of the URL, deep folder structure is an issue as the URL character limit is 260. Although this has increased to 400 characters in recent version but the deep folder structure is still an issue	Metadata columns are not part of the URL. So no issues in using as many columns as we want.
Name Change	Folder name is a part of the URL. Changing the folder name changes the URL. Redistribute the link if you ever change the folder name.*	Metadata is not a part of the URL. Nothing breaks if you tag the file as job aid instead of support document
Naming Convention	Folder names depend on the person who created it. Changing them later will have the risk of breaking the link to the file or folder.	You can control the taxonomy terms or metadata column values globally
* SharePoint 2016 version now has feature called "Durable Links" which doesn’t involve folder or file name in the URL. No broken links if you change the folder or file name

Modifying the Access Denied Page in SharePoint 2010

In my company, all the requests for SharePoint has to come through the Help Desk. We had disabled the "Request Access" link by going to "Site Permissions" and selecting "Manage Access Request" and unchecking the "Allow access request".


This was solution to just hide the "Request Access" link on access denied page. But my requirement was to add the help desk information with Phone number and email address for which I had to create a new "Access Denied" page.


Following are the steps to do the same.

• Login to your WFE server, go to C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\LAYOUTS
• Create a folder called "CustomPages". [Note this is important because modifying the 14/15/16 hive is not recommended as the changes will be overridden when there is patching from Microsoft]
• Copy the AccessDenied.aspx page from the step 1 to "CustomPages" folder and rename it to "CustomAccessDenied".
• Open the CustomAccessDenied in notepad, Just above the <asp:HyperLink id="HLinkLoginAsAnother" ... add the line below

<p>To request access please contact the help desk xxx-xxx-xxxx or email xxx@xyz.com</p>

• Save the file.
• Now open the PowerShell Management Shell and type the command below

Get-SPCustomLayoutsPage –Identity "AccessDenied" -WebApplication "http://DEVWEBAPPLICATION



This shows the path for all the CustomLayoutPages like Access Denied, Error Page etc which will be blank as it will be default paths

• To tell the SharePoint to use your new AccessDenied, run the following command

Set-SPCustomLayoutsPage -Identity "AccessDenied" -RelativePath "/_layouts/ExampleAccessDenied.aspx" -WebApplication

• Execute Get-SPCutomLayoutsPage as below to see the effect

NOTE:
1. If you have multiple WFE, create the CustomPages folder and copy the file to other WFE servers as well
2. You don't have to run the command again in other WFE, but I have seen that you have to do an iisreset in other WFE(s) to tell the SharePoint to pick the new file.

Create views based on workflow status

To create a view to show all the completed approval items in a list/library.


- Click on List/Library tab
- Modify View
- Scroll down to add filter on workflow name
- In the filter value type 16 to filter all the approved items.





For other status, below is a list.

Status	Value
	Not Started	0
	Failed on Start	1
	In Progress	2
	Error Occurred	3
	Canceled	4
	Completed	5
	Failed on Start (retrying)	6
	Error Occurred (retrying)	7
	Canceled	15	* This is defined but I don’t think this value is used
	Approved	16
	Rejected	17

Enabling the edit in Manage User Properties page in IE 11

I was asked to hide some of the fields from appearing in the edit profile page. I knew where exactly to go to(CA->Application Management->Manage Service Application->User Profile Synchronization->Manage User Properties) change it but the page didn't show up any link for that field to edit it. In IE 11 you have do some settings to be able to make the Edit link available.


Follow the steps below to do the same.


- Open you manage user properties page in IE.
- Click on the gear icon on the top right.

- Select "Compatibility View Settings".
- Click Add.

Sign in as another user in SharePoint 2013

If you have logged into a server using a farm account and want to test your user profile page there is no OOB Sign in as different user option in SP2013. OR if you want to open CA from your local machine using Farm account, follow the below quick step.

Solution: To the URL append _layouts/closeconnection.aspx?loginasanotheruser=true

Ex: http://Centraladmin:5555/_layouts/closeconnection.aspx?loginasanotheruser=true