Calling web services in Nintex Workflow and different authentication mechanisms

September 12, 2014 - 20:40, by Steven Van de Craen - 0 Comments

With the rise of claims based authentication in SharePoint we’ve faced new challenges in how to interact with web services hosted on those environments. Claims based authentication allows many different scenario’s with a mixture of Windows, Forms and SAML Authentication.


When you’re working with Nintex Workflow you’re faced with authentication in Actions such as “Call Web Service” or “Web Request”.

If you’re just using Windows Authentication (NTLM, Kerberos, Basic) on your site then Nintex will handle that authentication just fine for you and use the credentials you specified (manually entered or stored credentials).


However you might have to deal with different or multiple authentication mechanisms such as Forms Based Authentication, ADFS or a combination. In such cases you’ll get a 403 FORBIDDEN regardless of the credentials you enter.


Overcoming this hurdle can be challenging.

  1. Use a different URL zone (with windows authentication) to make the call
  2. Pass an authentication cookie along with the request

Use a different URL zone (with windows authentication) to make the call

Nintex Actions execute on the server, not on your -already authenticated- client. The connection information you’ve entered (URL, username, password) is used to construct a connection and execute the operation. Since the Action executes locally on the server it can make use of a different URL to do the call. It is a best practice/requirement to have the Default Zone of your Web Application configured with -just- Windows Authentication in order to get things like Search to work properly. Why not make use of this and use that URL in your Actions?


Define a set of credentials that can be used in “Call web service” or “Web Request” Actions and have it execute against the URL that has Windows Authentication. If this option is available to you it probably is the preferred way of working.

Pass an authentication cookie along with the request

If the above is no option for you things get trickier and “specific”, meaning it is specific to a certain scenario but might not be possible for yours.

In MY case I have a SharePoint 2013 on-prem environment with “mixed” authentication (Windows and Forms Based). SharePoint issues a FedAuth cookie when the user successfully authenticates. If you send this cookie along with the web request it will work just fine. Note that the “Call web service” action does NOT allow you to specify additional headers so the “Web Request” Action becomes your new best friend here.

Using the “Web Request” Actions allows for much more flexibility, but you’ll have to build the request message yourself. I our case that means the SOAP message.


Once you have all of that in place the “Web Request” will happily call out to the web service. See it here working with the FedAuth cookie I “borrowed”.


Getting the FedAuth cookie

The base premise is that you need to ‘replay’ the authentication mechanism in code to get the FedAuth cookie. Once you have this you can send it along with future requests from Nintex Workflow. Again this is really specific to my case and may not be possible for you because of additional security or complex authentication schemes.

For my SharePoint 2013 on-prem environment with “mixed” authentication (Windows and Forms Based) I force the call to do Windows Authentication:

public static class AuthHelper
    public static Cookie GetFedAuthCookie(Uri uri, ICredentials credentials)
        Cookie result = null;

        // Emulate the authentication via a request to the /_windows/default.aspx page using the provided credentials
        HttpWebRequest request = WebRequest.Create(uri.GetLeftPart(UriPartial.Authority) + "/_windows/default.aspx?ReturnUrl=%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252FDefault%252Easpx&Source=%2FDefault.aspx") as HttpWebRequest;
        request.Credentials = credentials ?? CredentialCache.DefaultNetworkCredentials;
        request.Method = "GET";
        request.CookieContainer = new CookieContainer();
        request.AllowAutoRedirect = false;

        // Execute the HTTP request 
        HttpWebResponse response = request.GetResponse() as HttpWebResponse;
        if (null != response)
            result = response.Cookies["FedAuth"];

        return result;

I actually made this available as a Web Service so that it can be called from with a Nintex Workflow.

public class AuthService : IAuthService
    public string GetFedAuthCookie(string requestUrl, string userName, string password)
        string result = null;

            NetworkCredential credential = !String.IsNullOrEmpty(userName) ? new NetworkCredential(userName, password) : null;
            Cookie cookie = AuthHelper.GetFedAuthCookie(new Uri(requestUrl), credential);

            if (cookie != null)
                result = cookie.Value;
        catch (Exception ex)
            result = null;

        return result;

And now I can call my Authentication service prior to the other services.


Door #3

It feels like it must be possible to use access tokens that can be passed along similar to the FedAuth cookie. Considering this is how the App model works in SharePoint 2013, there has to be a way to leverage this for what we’re trying to accomplish. But that’s for another post.

Restore-SPSite and Content Databases

August 13, 2014 - 11:05, by Steven Van de Craen - 0 Comments

Today I found a gotcha with the Restore-SPSite command when restoring “over” an existing Site Collection. The issue occurs if all Content Databases are at a maximum of their maximum Site Collection count.

Content Databases - limited max no of site collections

The error you’ll receive is that there is basically no room for the new Site Collection:

PS C:\temp> Restore-SPSite http://intranet -Path C:\temp\sc1.bak -Force -Confirm:0
Restore-SPSite : The operation that you are attempting to perform cannot be completed successfully.  No content databases in the web application were available to store your site collection.  The existing content databases may have reached the maximum number of site collections, or be set to read-only, or be offline, or may already contain a copy of this site collection.  Create another content database for the Web application and then try the operation again.
At line:1 char:1
+ Restore-SPSite http://intranet -Path C:\temp\sc1.bak -Force -Confirm:0
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (Microsoft.Share...dletRestoreSite:
   SPCmdletRestoreSite) [Restore-SPSite], InvalidOperationException
    + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletRestoreS

This might seem unexpected at first but imagine that the restore operation works in two stages; add the ‘to restore’ site and, when succeeded, remove the original site. It is because of this two stage approach that you’ll need to allow for 1 more Site Collection in that Content Database. Note that the Database Status also needs to be “Started” or you’ll receive the same error. Afterwards you can set the original settings back if you want.


Issue creating subsites when a built-in field is modified

June 30, 2014 - 14:26, by Steven Van de Craen - 1 Comments

One of our site collections in a migration to SharePoint 2013 experienced an issue with creating sub sites:

Sorry, something went wrong
The URL 'SitePages/Home.aspx' is invalid.  It may refer to a nonexistent file or folder, or refer to a valid file or folder that is not in the current Web.

Drilling down in the ULS logs we noticed these:

System.Runtime.InteropServices.COMException: <nativehr>0x81020030</nativehr><nativestack></nativestack>The URL 'SitePages/Home.aspx' is invalid.  It may refer to a nonexistent file or folder, or refer to a valid file or folder that is not in the current Web., StackTrace:  
at Microsoft.SharePoint.SPListItem.AddOrUpdateItem(Boolean bAdd, Boolean bSystem, Boolean bPreserveItemVersion, Boolean bNoVersion, Boolean bMigration, Boolean bPublish, Boolean bCheckOut, Boolean bCheckin, Guid newGuidOnAdd, Int32& ulID, Object& objAttachmentNames, Object& objAttachmentContents, Boolean suppressAfterEvents, String filename, Boolean bPreserveItemUIVersion)   
at Microsoft.SharePoint.SPListItem.UpdateInternal(Boolean bSystem, Boolean bPreserveItemVersion, Guid newGuidOnAdd, Boolean bMigration, Boolean bPublish, Boolean bNoVersion, Boolean bCheckOut, Boolean bCheckin, Boolean suppressAfterEvents, String filename, Boolean bPreserveItemUIVersion)   
at Microsoft.SharePoint.Utilities.SPUtility.ProvisionWikiPageHomePage(SPFile wikiPage)   
at Microsoft.SharePoint.Utilities.SPUtility.EnsureWikiPageHomePage(SPWeb web, ProvisionWikiPage provisionWikiPage)   
at Microsoft.SharePoint.SPWikiPageHomePageFeatureReceiver.FeatureActivated(SPFeatureReceiverProperties properties)   
at Microsoft.SharePoint.SPFeature.DoActivationCallout(Boolean fActivate, Boolean fForce)   
at Microsoft.SharePoint.SPFeature.Activate(SPSite siteParent, SPWeb webParent, SPFeaturePropertyCollection props, SPFeatureActivateFlags activateFlags, Boolean fForce)

System.Data.SqlClient.SqlException (0x80131904): Parameter '@tp_Author' was supplied multiple times.   
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)   
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)   
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)   
at System.Data.SqlClient.SqlDataReader.TryHasMoreRows(Boolean& moreRows)   
at System.Data.SqlClient.SqlDataReader.TryReadInternal(Boolean setTimeout, Boolean& more)   
at System.Data.SqlClient.SqlDataReader.TryNextResult(Boolean& more)   
at System.Data.SqlClient.SqlDataReader.NextResult()   
at Microsoft.SharePoint.SPSqlClient.ExecuteQueryInternal(Boolean retryfordeadlock)   
at Microsoft.SharePoint.SPSqlClient.ExecuteQuery(Boolean retryfordeadlock)  ClientConnectionId:1237a76d-2050-4ad5-82cd-cc9610f95061

The tp_Author gave an entry point into troubleshooting this issue. A quick loop through the fields on the web and then looking for ColName="tp_Author" revealed only the out of the box “Author” field being present. But it was modified at some point in history because the Group was different and there was a Version attribute present.

One can quickly test this behaviour on a clean new site collection and updating the field with powershell:

$w = Get-SPWeb http://intranet
$f = $w.Fields.GetFieldByInternalName("Author")

The schema xml will look as follows:

<Field ID="{1df5e554-ec7e-46a6-901d-d85a3881cb18}" Name="Author" SourceID="" StaticName="Author" Group="_Hidden" ColName="tp_Author" RowOrdinal="0" Type="User" List="UserInfo" DisplayName="Created By" Sealed="FALSE" ReadOnly="TRUE" Version="1" />

And also it will now be impossible to create any sites in the site collection (exception is the ‘blank’ site but it has the same issues once you activate the “Wiki page home page” feature and edit/save a page).


Luckily the product team has provided a method named Microsoft.SharePoint.SPField.RevertCustomizations() that will undo the changes and restore the site creation functionality.


SharePoint: How to troubleshoot issues with Save as template

May 23, 2014 - 14:32, by Steven Van de Craen - 0 Comments

On an upgrade project to SharePoint 2013 we ran into an issue where a specific site couldn’t be saved as a template (with or without content). You get the non-descriptive “Sorry, something went wrong” and “An unexpected error has occurred” messages. Funny enough the logged Correlation Id is totally absent from the ULS logs, so no help there.

What you can do next is turn on advanced debugging mode by configuring the following entries in the web.config of the SharePoint site:

  • Turn on the call stack (CallStack="true")
  • Disable custom errors in Visual Studio (<customErrors mode="Off" />)
  • Enable compilation debugging (<compilation debug="true">)

If you then retry your action you’ll find additional information in the Event Log or on the page.

Exception information:
    Exception type: InvalidOperationException
    Exception message: Error generating solution files in temporary directory.
   at Microsoft.SharePoint.SPSolutionExporter.ExportWebAsSolution()
   at Microsoft.SharePoint.SPSolutionExporter.ExportWebToGallery(SPWeb web, String solutionFileName, String title, String description, ExportMode exportMode, Boolean includeContent, String workflowTemplateName, String destinationListUrl, Action`1 solutionPostProcessor, Boolean activateSolution)
   at Microsoft.SharePoint.ApplicationPages.SaveAsTemplatePage.BtnSaveAsTemplate_Click(Object sender, EventArgs e)
   at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

What this means is that the export operation ran into an issue. We can find the partial export in the temporary directory

Temporary Export Location

If you investigate the contents of the “SPSolutionExporter” folder, you’ll eventually find the issue. In our case the XML generation aborted on the Expiration Policy of one of the Content Types.


So while your issue might be different, this method should provide you with more insight on the issue and take appropriate action.


The Content Type/Policy issue in our setup was caused due to a corrupt XmlDocument that describes the changes made to Information Policies. By removing this invalid XmlDocument we were able to save the site as template:

using (SPSite site = new SPSite(url))
    using (SPWeb web = site.OpenWeb())
        foreach (SPContentType ct in web.ContentTypes)
            ct.SchemaXmlWithResourceTokens = Regex.Replace(ct.SchemaXmlWithResourceTokens, @"<XmlDocument NamespaceURI="""">.+?</XmlDocument>", "");

Fixing SharePoint DCOM errors the easy way - revised

May 8, 2014 - 16:17, by Steven Van de Craen - 0 Comments

Tagline: Fix your SharePoint DCOM issues with a single click ! - revised for Windows Server 2012 and User Account Control-enabled systems
Update 8/05/2014: Scripts were revised to work with Windows Server 2008 R2 and Windows Server 2012 with User Account Control enabled.
Original post: Fixing SharePoint DCOM errors the easy way
Direct download:


The dreaded DCOM error (10016, DistributedCOM, Local Activation, IIS WAMREG admin Service) has seen the light ever since SharePoint 2007. It carried over to SharePoint 2010 and now it seems to SharePoint 2013 as well.



Fixing it isn’t all that hard. You have to identify the DCOM app based on the GUID, identify the user(s) affected and then modify the Local Activation permissions accordingly.

Windows Server 2008 R2 and higher made that a bit harder. You first have to set the permissions of the DCOM app in the registry, but that requires changing the owner, granting permissions on the registry key, granting local activation, and then undoing your permission and owner change on the registry key (keep things tidy, you know).



Here’s a new set of scripts that have been tested against Windows Server 2008 R2 and Windows Server 2012 with User Account Control enabled.

Note that the APPID and USER (can be user or group) in both files are currently configured for the IIS WAMREG admin Service and the IIS_IUSRS builtin group. You can change these if you want.

  • get_dcom_perms.cmd: returns the currently configured set of permissions for the DCOM object. This script can be run without elevated permissions
  • set_dcom_perms.cmd: checks if running with elevated permissions and will configure the permissions for the DCOM object for the specified user or group
  • DComPerm.exe: provided as sample source code by Microsoft, but I’ve included a compiled version in the download. It takes various parameters to list, set or remove permissions on various DCOM objects
  • SetACL.exe: a free tool for automating the management of Windows permissions. Website:


If you run set_dcom_perms.cmd without elevated permissions it will notify you of this:

set_dcom_perms.cmd non elevated

if you run it elevated it will execute the changes requeste:

User Account Control

set_dcom_perms.cmd elevated


SharePoint 2013: CreatePersonalSite fail when user license mapping incorrectly configured

May 5, 2014 - 13:49, by Steven Van de Craen - 0 Comments

Last week I was troubleshooting a farm with ADFS where MySite creation failed. The ULS logs indicated that the user was not licensed to have a MySite.

04/29/2014 17:34:10.15 w3wp.exe (WS12-WFE1:0x031C) 0x1790 SharePoint Portal Server Personal Site Instantiation af1lc High Skipping creation of personal site from MySitePersonalSiteUpgradeOnNavigationWebPart::CreatePersonalSite() because one or more of the creation criteria has not been met. [SPWeb Url=|adfs|]|adfs|]Self-Service Site Creation == True Can Create Personal Site == False Is user licensed == False Storage&Social UPA Permission == True Site or Page or Web Part is in design mode == False c0048c9c-234d-700b-502b-52356264cbda

As it turns out, this message was correct, since User License Management had been enabled recently by a colleague of mine, while preparing to roll out Office Web Apps to a subset of users.

It seems that if you enable the licensing functionality in SharePoint 2013, you need to have a license mapping for the “Standard” license in order to have MySite functionality.


I quickly came up with the following script that would add “all authenticated users” to the “Standard” license.

$claimString = "c:0(.s|True"
$cpm = [Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager]::Local
$claim = $cpm.DecodeClaim($claimString)
$lmap = New-SPUserLicenseMapping -Claim $claim -License Standard 
$lmap | Add-SPUserLicenseMapping

This adds a mapping as can be seen in the following screen (number #3 is the one relating to the above script)


A big note on this: make sure to have the correct casing! At first I used “c:0(.s|true” but since its value type is String this fails to match.

Claim Spy

If you want to get a quick overview of claims for a user you can drop a page in the layouts-folder called claimspy.aspx (body: see below) and have a user navigate to /_layouts/claimspy.aspx. It just outputs all known claims for the current token. Feel free to improve the page and do proper deployment through solution packages and such Winking smile

<%@ Page Language="C#" %>
<%@ Assembly Name="Microsoft.IdentityModel, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" %>
<%@ Import Namespace="Microsoft.IdentityModel.Claims" %>

<script type="text/C#" runat="server">
    protected override void OnLoad(EventArgs e)
            IClaimsIdentity identity = (IClaimsIdentity)Context.User.Identity;

            if (null != identity)
                repeater1.DataSource = identity.Claims;
        catch (Exception ex)

                <asp:Repeater ID="repeater1" runat="server">
                            <td><nobr><%# Eval("Issuer") %></nobr></td>
                            <td><nobr><%# Eval("OriginalIssuer") %></nobr></td>
                            <td><nobr><%# Eval("ClaimType") %></nobr></td>
                            <td><nobr><%# Eval("Subject") %></nobr></td>
                            <td><nobr><%# Eval("Value") %></nobr></td>
                            <td><nobr><%# Eval("ValueType") %></nobr></td>


SharePoint 2013: Workflows failing on start

April 29, 2014 - 12:10, by Steven Van de Craen - 0 Comments

Recently I helped out a colleague with an issue in a load balanced SharePoint 2013 environment with Nintex Workflow 2013 on it. All the workflows that were started on WFE1 worked fine, but all started on WFE2 failed on start with the following issue logged to the SharePoint ULS logs:

Load Workflow Class: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.

at System.Diagnostics.PerformanceCounter.InitializeImpl()

at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)

at System.Workflow.Runtime.PerformanceCounterManager.CreateCounters(String name)

at System.Workflow.Runtime.Hosting.ManualWorkflowSchedulerService.OnStarted()

at System.EventHandler`1.Invoke(Object sender, TEventArgs e)

at System.Workflow.Runtime.WorkflowRuntime.StartRuntime()

at Microsoft.SharePoint.Workflow.SPWinOeHostServices..ctor(SPSite site, SPWeb web, SPWorkflowManager manager, SPWorkflowEngine engine) -

-- End of inner exception stack trace ---

at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)

at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark)

at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

at System.Reflection.Assembly.CreateInstance(String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

at Microsoft.SharePoint.Workflow.SPWorkflowManager.LoadPluggableClass(String classname, String assembly, Object[] parameters)

If you look up this issue you’ll find a lot of references to SharePoint 2007, but it seems that this is still possible in a SharePoint 2013 / Windows Server 2012 environment as well.


An incorrect registration of the Windows Workflow Foundation performance counters will cause this. You can easily verify this by opening up perfmon, adding a counter and looking for the category “Windows Workflow Foundation”.

perfmon - Add Counters


Register the performance counters on each affected server:

lodctr C:\Windows\Inf\Windows Workflow Foundation\perfcounters.ini

That restores the counters and will make your workflows start again!

SharePoint Saturday Belgium 2014 - Content Enrichment in SharePoint Search

April 28, 2014 - 15:06, by Steven Van de Craen - 0 Comments

Last Saturday I delivered a session on “Content Enrichment in SharePoint Search” on the Belgian SharePoint Saturday 2014, showing how to configure it, its potential and some development tips and tricks. Although it was a very specific and narrow topic there was a big audience for it. We even had to bring in extra chairs to have everyone seated.

If you missed my session (shame on you!) or you want to read up on it again, below is my deck and demo code.


SPSBE 2014 Content Enrichment in SharePoint Search



The demos showed the basic configuration, how to use WCF Routing to overcome the biggest limitation, how to debug using Fiddler by configuring the proxy, how to debug by attaching to the noderunner process, etc. The final demo would extract bank account numbers from indexed documents and store them in dedicated Managed Properties to increase findability when searching on one of these numbers.


Disclaimer: you’re free to use this code as you desire, but I’m not taking responsibility should it blow up your server or make babies cry.


Community Red heart

I think we can all agree that SPSBE2014 was a huge success. A big applause for the organisers, the speakers and the attendees for making it all happen. It goes to show that the our SharePoint Community is really great, so show them some love on or

SharePoint 2013 search open in client

March 26, 2014 - 16:26, by Steven Van de Craen - 1 Comments


SharePoint 2013 search results uses Excel Calculation Services to open workbooks found in the search results, despite having "open in client" specified on the Document Library and/or the Site Collection level. Notice the URL pointing to _layouts/xlviewer.aspx at the bottom of the screen. In this scenario I only have SharePoint Server 2013 installed without any Office Web Apps servers.
Searching a workbook


Initial solution

In my previous encounter with this issue I used a custom Search Result Type with Display Template in order to control the link that is rendered for the search result item.


<html xmlns:mso="urn:schemas-microsoft-com:office:office" xmlns:msdt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882"> 
<title>Excel Client Item</title>

<!--[if gte mso 9]><xml>
<mso:TemplateHidden msdt:dt="string">0</mso:TemplateHidden>
<mso:MasterPageDescription msdt:dt="string">Displays a result tailored for Microsoft Excel documents.</mso:MasterPageDescription>
<mso:ContentTypeId msdt:dt="string">0x0101002039C03B61C64EC4A04F5361F385106603</mso:ContentTypeId>
<mso:TargetControlType msdt:dt="string">;#SearchResults;#</mso:TargetControlType>
<mso:HtmlDesignAssociated msdt:dt="string">1</mso:HtmlDesignAssociated>
<mso:ManagedPropertyMapping msdt:dt="string">'Title':'Title','Path':'Path','Description':'Description','EditorOWSUSER':'EditorOWSUSER','LastModifiedTime':'LastModifiedTime','CollapsingStatus':'CollapsingStatus','DocId':'DocId','HitHighlightedSummary':'HitHighlightedSummary','HitHighlightedProperties':'HitHighlightedProperties','FileExtension':'FileExtension','ViewsLifeTime':'ViewsLifeTime','ParentLink':'ParentLink','FileType':'FileType','IsContainer':'IsContainer','ServerRedirectedURL':'ServerRedirectedURL','ServerRedirectedEmbedURL':'ServerRedirectedEmbedURL','ServerRedirectedPreviewURL':'ServerRedirectedPreviewURL'</mso:ManagedPropertyMapping>
    <div id="Item_Excel_Client">
        if(!$isNull(ctx.CurrentItem) && !$isNull(ctx.ClientControl)){
            var id = ctx.ClientControl.get_nextUniqueId();
            var itemId = id + Srch.U.Ids.item;
            var hoverId = id + Srch.U.Ids.hover;
            var hoverUrl = "~sitecollection/_catalogs/masterpage/Display Templates/Search/Item_Excel_HoverPanel.js";
            $setResultItem(itemId, ctx.CurrentItem);
            ctx.CurrentItem.csr_Icon = Srch.U.getIconUrlByFileExtension(ctx.CurrentItem);
            ctx.CurrentItem.csr_OpenApp = "excel";
            ctx.CurrentItem.csr_Path = ctx.CurrentItem.Path;
            ctx.currentItem_ShowHoverPanelCallback = Srch.U.getShowHoverPanelCallback(itemId, hoverId, hoverUrl);
            ctx.currentItem_HideHoverPanelCallback = Srch.U.getHideHoverPanelCallback();
            <div id="_#= $htmlEncode(itemId) =#_" name="Item" data-displaytemplate="ExcelItem" class="ms-srch-item" onmouseover="_#= ctx.currentItem_ShowHoverPanelCallback =#_" onmouseout="_#= ctx.currentItem_HideHoverPanelCallback =#_">
                <div id="_#= $htmlEncode(hoverId) =#_" class="ms-srch-hover-outerContainer"></div>


/* This file is currently associated to an HTML file of the same name and is drawing content from it.  Until the files are disassociated, you will not be able to move, delete, rename, or make any other changes to this file. */

function DisplayTemplate_89a1689efe684e93be8c5bdaa1e46b07(ctx) {
  var ms_outHtml=[];
  var cachePreviousTemplateData = ctx['DisplayTemplateData'];
  ctx['DisplayTemplateData'] = new Object();
  DisplayTemplate_89a1689efe684e93be8c5bdaa1e46b07.DisplayTemplateData = ctx['DisplayTemplateData'];

  ctx['DisplayTemplateData']['TemplateUrl']='~sitecollection\u002f_catalogs\u002fmasterpage\u002fDisplay Templates\u002fSearch\u002fItem_Excel_Client.js';
  this.DisplayTemplateData = ctx['DisplayTemplateData'];

  ctx['DisplayTemplateData']['ManagedPropertyMapping']={'Title':['Title'], 'Path':['Path'], 'Description':['Description'], 'EditorOWSUSER':['EditorOWSUSER'], 'LastModifiedTime':['LastModifiedTime'], 'CollapsingStatus':['CollapsingStatus'], 'DocId':['DocId'], 'HitHighlightedSummary':['HitHighlightedSummary'], 'HitHighlightedProperties':['HitHighlightedProperties'], 'FileExtension':['FileExtension'], 'ViewsLifeTime':['ViewsLifeTime'], 'ParentLink':['ParentLink'], 'FileType':['FileType'], 'IsContainer':['IsContainer'], 'ServerRedirectedURL':['ServerRedirectedURL'], 'ServerRedirectedEmbedURL':['ServerRedirectedEmbedURL'], 'ServerRedirectedPreviewURL':['ServerRedirectedPreviewURL']};
  var cachePreviousItemValuesFunction = ctx['ItemValues'];
  ctx['ItemValues'] = function(slotOrPropName) {
    return Srch.ValueInfo.getCachedCtxItemValue(ctx, slotOrPropName)

        if(!$isNull(ctx.CurrentItem) && !$isNull(ctx.ClientControl)){
            var id = ctx.ClientControl.get_nextUniqueId();
            var itemId = id + Srch.U.Ids.item;
            var hoverId = id + Srch.U.Ids.hover;
            var hoverUrl = "~sitecollection/_catalogs/masterpage/Display Templates/Search/Item_Excel_HoverPanel.js";
            $setResultItem(itemId, ctx.CurrentItem);
            ctx.CurrentItem.csr_Icon = Srch.U.getIconUrlByFileExtension(ctx.CurrentItem);
            ctx.CurrentItem.csr_OpenApp = "excel";
            ctx.CurrentItem.csr_Path = ctx.CurrentItem.Path;
            ctx.currentItem_ShowHoverPanelCallback = Srch.U.getShowHoverPanelCallback(itemId, hoverId, hoverUrl);
            ctx.currentItem_HideHoverPanelCallback = Srch.U.getHideHoverPanelCallback();
,'            <div id="', $htmlEncode(itemId) ,'" name="Item" data-displaytemplate="ExcelItem" class="ms-srch-item" onmouseover="', ctx.currentItem_ShowHoverPanelCallback ,'" onmouseout="', ctx.currentItem_HideHoverPanelCallback ,'">'
,'                ',ctx.RenderBody(ctx),'                '
,'                <div id="', $htmlEncode(hoverId) ,'" class="ms-srch-hover-outerContainer"></div>'
,'            </div>'
,'    '

  ctx['ItemValues'] = cachePreviousItemValuesFunction;
  ctx['DisplayTemplateData'] = cachePreviousTemplateData;
  return ms_outHtml.join('');
function RegisterTemplate_89a1689efe684e93be8c5bdaa1e46b07() {

if ("undefined" != typeof (Srch) &&"undefined" != typeof (Srch.U) &&typeof(Srch.U.registerRenderTemplateByName) == "function") {
  Srch.U.registerRenderTemplateByName("Item_Excel_Client", DisplayTemplate_89a1689efe684e93be8c5bdaa1e46b07);

if ("undefined" != typeof (Srch) &&"undefined" != typeof (Srch.U) &&typeof(Srch.U.registerRenderTemplateByName) == "function") {
  Srch.U.registerRenderTemplateByName("~sitecollection\u002f_catalogs\u002fmasterpage\u002fDisplay Templates\u002fSearch\u002fItem_Excel_Client.js", DisplayTemplate_89a1689efe684e93be8c5bdaa1e46b07);

if (typeof(RegisterModuleInit) == "function" && typeof(Srch.U.replaceUrlTokens) == "function") {
  RegisterModuleInit(Srch.U.replaceUrlTokens("~sitecollection\u002f_catalogs\u002fmasterpage\u002fDisplay Templates\u002fSearch\u002fItem_Excel_Client.js"), RegisterTemplate_89a1689efe684e93be8c5bdaa1e46b07);


Then I pushed the Display Template and Result Type automatically to all Site Collections, because I wanted a uniform experience.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction:SilentlyContinue

function DropFile([Microsoft.SharePoint.SPWeb]$spweb, [string]$fileName, [byte[]]$fileContents)
    $spfolderUrl = $spweb.Url + "/_catalogs/masterpage/Display Templates/Search";
    $spfolder = $spweb.GetFolder($spfolderUrl);
    $spfile = $spweb.GetFile("$spfolderUrl\$fileName");
    if ($spfile.Exists)

    $spfile = $spfolder.Files.Add($fileName, $fileContents, $true);
    if ($spfile.CheckOutType -ne "None")

    Write-Host " > Display Template Provisioned."
    return $spfile;

function CreateSearchResultType([Microsoft.SharePoint.SPWeb]$spweb, [string]$spfileUrl)
    $ssa = Get-SPEnterpriseSearchServiceApplication
    $owner = Get-SPEnterpriseSearchOwner -Level SPSite -SPWeb $spweb
    $excelRIT = Get-SPEnterpriseSearchResultItemType -Owner $owner -SearchApplication $ssa | Where Name -eq "Microsoft Excel"
    $rules = $excelRIT.Rules
    $dispProps = $excelRIT.DisplayProperties
    $sptemplateUrl = "~sitecollection/$spfileUrl";
    Write-Host $sptemplateUrl;

    Get-SPEnterpriseSearchResultItemType -Owner $owner -SearchApplication $ssa | Where Name -eq "Microsoft Excel (Client)" | Remove-SPEnterpriseSearchResultItemType -Owner:$owner -SearchApplication $ssa -Confirm:$false
    $rit = New-SPEnterpriseSearchResultItemType -Name "Microsoft Excel (Client)" -Owner $owner -SearchApplication $ssa -Rules $rules -DisplayProperties $dispProps -DisplayTemplateUrl $sptemplateUrl
    Write-Host " > Search Result Type Created."
    return $rit;


$cd = gl
$fileNames = @("Item_Excel_Client.js", "Item_Excel_Client.html");

Get-SPWebApplication "http://mywebapp" | Get-SPSite -Limit ALL | ForEach {
    $spsite = $_;
    $spweb = $spsite.RootWeb;

    Write-Host $spsite.Url

    # Upload File(s)
    $fileNames | foreach {
        $fileName = $_;
        $fileContents = [System.IO.File]::ReadAllBytes("$cd\$fileName");
        $spfile = DropFile $spweb $filename $fileContents;

    # Register Search Result Type
    $fileUrl = $spfile.Url.Replace(".html", ".js");
    CreateSearchResultType $spweb $fileUrl;

Better solution

Recently I stumbled upon the “Preferences” link at the bottom of the search result page. This allows each user to control how links in the search results should be opened.

Search preferences


This actually changes the experience for the given user immediately… awesome! I did some digging and it seems to be saved globally to the Search Service Application (Proxy), so all Web Applications and Site Collections making use of the same SSA should give the user a uniform experience.

The question still stands whether this setting can be pushed out programmatically to a specific user or group of users. I was thinking along the lines of the following script, but no luck so far.

$web = Get-SPWeb http://intranet
$ctx = [Microsoft.SharePoint.SPContext]::GetContext($web)
$pref =[Microsoft.Office.Server.Search.Administration.UserPreference]::GetUserPreference($false, $ctx)


SharePoint and PowerShell remoting

February 28, 2014 - 13:30, by Steven Van de Craen - 2 Comments

In my current project I’m dabbling with PowerShell to query different servers and information from different SharePoint 2010 farms in the organization. This blog contains a brief overview of the steps I took in order to get a working configuration.

Enable remoting and credential pass-through

You need to enable remoting and also credential pass-through. The latter is important because your SharePoint statements will need to authenticate to the SQL Server containing your SharePoint databases, or all your statements will fail with an access denied.


I did this on both the “client” and the “server”, because my client can actually be queried itself as well…

Enable-WSManCredSSP -Role Client –DelegateComputer MYSERVER01

I ran this on the “client”.

Enable-WSManCredSSP –Role Server

I ran this on the “server”.

CredSSP allows the credentials to pass-through (double hop) . There’s a security note in the TechNet article;

Caution: CredSSP authentication delegates the user's credentials from the local computer to a remote computer. This practice increases the security risk of the remote operation. If the remote computer is compromised, when credentials are passed to it, the credentials can be used to control the network session.

» Enable-PSRemoting:

» Enable-WSManCredSSP:

Force PSVersion 2.0

If you have multiple versions of PowerShell then most likely new instances will be using the latest version. There is a common issue regarding SharePoint 2010 Management Shell and PowerShell 3.0 (or above) outlined here:

Microsoft SharePoint is not supported with version 4.0.30319.17929 of the Microsoft .Net Runtime.

If you’re seeing this issue when remoting you can create a new PSSessionConfiguration on the “server” and have “clients” reference it.

Register-PSSessionConfiguration -Name PS2 -PSVersion 2.0

I ran this on the “server” in a PowerShell 3.0 prompt.

» Register-PSSessionConfiguration:

Invoke-Command / Enter-PSSession

There’s but one thing that remains, and that is to see if it worked. Make sure to specify CredSSP and the reference to the PSSessionConfiguration object.

Invoke-Command -ComputerName MYSERVER01 -ConfigurationName PS2 -Authentication CredSSP –Credential MYDOMAIN\myuser -ScriptBlock { asnp Microsoft.SharePoint.PowerShell; Get-SPFarm }

» Invoke-Command:

» Enter-PSSession:


Happy remoting!

 Next >>