Checking Open Ports with PowerShell

Over the years I have used a number of tools to check if a remote machine had certain ports open. My two favourites are nmap and PortQry (documentation). nmap is useful because of the power it has, but requires installing a considerable amount of data which can be tricky in some customer systems. One of the reasons I like PortQry is because it is lightweight, consisting solely of an EXE file.

Sometimes even getting a single EXE file onto a system is a difficult goal. One thing about every modern server that will be used for running SharePoint or SQL Server is that it has PowerShell, so I asked myself — How can I check the status of ports on remote machines with PowerShell?

The answer is Test-NetConnection. This cmdlet comes standard out of the box with Windows Server 2012 R2, Windows Server 2016, Windows 8.1, and Windows 10. If you’re building SharePoint 2013 or SharePoint 2016 farms you likely are using one of these Windows Server versions so this cmdlet is available to you today.

The cmdlet is simple and to the point. Want to see if SQL Server is accepting connections on port 1433?

Test-NetConnection -Computername -Port 1433

The best part is the Test-NetConnection cmdlet returns an object so you can use this in scripts and handle situations where an expected network resource is not available.

$testconnection = Test-NetConnection -Computername -Port 1433

As an example, here is a test I did on my local machine. I’m not running SQL Server so I expect the first request to fail, and port 135 is the Windows Messenger service which is normally open on a Windows machine. Finally I capture the results of my test into an object and evaluate the TcpTestSucceeded property.

For a SharePoint farm, here are some ports you may need to check:

  • SharePoint sites – TCP 80/443
  • SharePoint Web Services – TCP 32843, 32844
  • SQL Server Database Engine – TCP 1433
  • Search services – TCP 808
  • Search index – TCP 16500-16519
  • Distributed Cache – TCP 22233-22236

Can’t create My Site because user is ‘Enqueued’


A user’s personal site (i.e. their My Site) cannot be created. Looking at the ULS logs under the Personal Site Instantiation category, the creation failed because it is already queued.

[Enque rejected] MySiteInstantiationWorkItemJobDefinition::AddWorkItem: Not queuing Interactive MySite instantiation for: 'EXAMPLEDOMAIN\username' since the user is already pending in the queue.

(event id: ajjuq)

Root Cause

The user’s PersonalSiteInstantiationState user profile object property has been set to Enqueued. When the My Site Instantiation timer jobs run they ignore creating the site because it is already in the queue.

You can verify the value of the property with the following PowerShell script:

$SiteUrl = "https:/example"
$Username = "EXAMPLEDOMAIN\username"

Add-PSSnapIn Microsoft.SharePoint.PowerShell
$Site = Get-SPSite $SiteUrl
$ServiceContext = Get-SPServiceContext $Site
$UserProfileManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($ServiceContext)
$UserProfile = $upm.GetUserProfile($UserName)

The script will return the value of PersonalSiteInstantiationState. It will be set to Enqueued. For reference, see the MSDN for all possible values of the PersonalSiteInstantiationState enum


Force the creation of the personal site using the CreatePersonalSite() method.

$SiteUrl = "https:/example"
$Username = "EXAMPLE\username"

Add-PSSnapIn Microsoft.SharePoint.PowerShell
$Site = Get-SPSite $SiteUrl
$ServiceContext = Get-SPServiceContext $Site
$UserProfileManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($ServiceContext)
$UserProfile = $upm.GetUserProfile($UserName)

Which server or farm is SharePoint using for Office Web Apps?

If you find yourself with an unfamilar SharePoint 2013 farm with a problem with Office Web Apps the first step you’ll probably take is to figure out where Office Web Apps is running. Finding this out is simple!

Open an elevated SharePoint Management Shell on one of the SharePoint servers in the farm with an account with SPShellAdmin rights and run the following cmdlet:


The output will list all the bindings by application/extension and zone. Find the combination that is causing you grief and look at the ServerName property. This is the public hostname used by Office Web Apps. If it’s a server name go connect to it. If it’s a DNS name that abstracts away a server name or load balancer you’ll need to do more digging but at least you’re heading in the right direction. 🙂

Ignite 2015 Summary: What’s New in SharePoint 2016 for IT Professionals

Update May 12, 2015: Bill Baer has a post up, What’s new in SharePoint Server 2016 Installation and Deployment, talking about what’s new in SharePoint 2016 that details all of this more “officially.” Check out too the UserVoice Customer Feedback site for SharePoint which has discussion on features suggested from the community. As well, I do wish to point out everything presented in the session and reported here is information as we know today. Any of it is subject to change at Microsoft’s discretion.

SP2016-TheaterBill Baer delivered a non-stop 75 minute overview Wednesday morning of the new things to look for in SharePoint 2016 relevant to IT pros. In this post I’m going to summarize the session with the items that I was able to note. There’s a lot of info here (and sadly I know I missed some things) so grab a snack or save for later. Also, just a warning that the photos included are not archive quality and were taken with an actual potato.


Roadmap and Where We are Today

SharePoint 2016 RTM is about a year away. Today Bill was showing off build 16.0.4021.1201. I don’t know if there is an official name for this build so I’ll just call it the Ignite Preview. The codebase used for SharePoint 2016 combines code from SharePoint 2013 and SharePoint Online.


Generally the requirements for SharePoint 2016 are similar to SharePoint 2013. When it comes to hardware the specs appear the same and with the software you’ll see the same prerequisites and requirements for the latest versions of Windows and SQL Server.


The hardware requirements are similar to SharePoint 2013.

Topology Memory Processors Disk
Single Server 16-24 GB x64, 4-cores 80 GB system
Farm Server 12-16 GB x64, 4-cores 80 GB system

We didn’t get any info about network requirements. It’s probably safe to assume it’s the same as 2013: 1 Gbps link with < 1 ms latency between servers. No word on stretched farms though we know Microsoft advises against them so if they are supported I expect similar guidance to 2013.

Operating Systems

For the SharePoint 2016 servers currently only the latest version as well as the next version are supported:

  • Windows Server 2012 R2
  • Windows Server 10 (or is it Windows Server 2016?)


The prerequisite software is similar to what was required in SharePoint 2013:

  • Windows Management Framework 3.0
  • Application Server Role
  • Web Server (IIS) Role
  • Microsoft .NET Framework 4.5.2
  • Update for .NET Framework 4 (KB 2898850)
  • Microsoft SQL Server 2012 Native Client
  • Microsoft Identity Extensions
  • Microsoft Sync Framework Runtime v1.0 SP1 x64
  • Windows Server AppFabric 1.1
  • Windows Identity Foundation v1.1
  • Microsoft Information Protection and Control Client (MSIPC)
  • Microsoft WCF Data Services

SQL Server

SharePoint 2016 will work with the latest current version of SQL Server: SQL Server 2014 64-bit with Service Pack 1. As well, Microsoft is planning to support any future SQL Server 201x 64-bit version.


SharePoint 2016 SharePoint 2016 will provide the ability for administrators to specify the server’s role when joining it to the farm. Selecting a role installs only the bits needed to run the services needed by the role. This will keep installations to a minimum. I think this is what is meant by “MinRole”. This step is performed using the SharePoint Products Configuration Wizard (pictured left), PSCONFIG.EXE, and presumably the New-SPConfigurationDatabase and Connect-SPConfigurationDatabase cmdlets. SharePoint servers can run as one of the following 6 roles:

  • Web front end (user services)
  • Search
  • Application (robot services)
  • Distributed Cache (caching services)
  • Special Load (the “2013 way”)
  • Single Server Farm (not standalone!)

Web Front End

The web front end role is for servers that physically deliver services to the user (user services), such as page rendering, sync client, OneNote, Excel Services, user profiles, sandbox code, Project, and Subscription Settings.


You have the ability to dedicate search serivices to a single server. I feel this will encourage behaviours that existed with SharePoint 2007, though I think this is really for farms that are scaled out. With SharePoint 2013 the best practice for medium farms was to put the query component on the WFE servers to minimize the network traffic needed to execute a search. With this dedicated role I’m not sure if the guidance will change. Expect more on this in the coming year.


Services that do not interact directly with end users fall into this role. Microsoft is calling these services “robot services” and includes provisioning services, timer jobs, and search (I’m going off the slide and it says search).

Distributed Cache

Microsoft is driving the point home that as a best practice you need dedicated distributed cache servers by making it a role that is assigned to the server. When selected you can’t run other services.

Special Load

Special Load allows you to configure the server like you did in SharePoint 2013 — all of the bits are present and you select which services it will run. This role is required on a server that runs a custom service application and for scenarios where you want to run services from different roles. For example if you wanted to run distributed cache on a web front end server in a small farm you would use the Special Load.

Single Server

Microsoft has removed the ability to create a standalone farm (finally!). MSDE and SQL Express are no longer supported database systems. You still have the ability to create a single-server farm running SharePoint and SQL Server in scenarios like development or small environments. For these instances use the Single Server role.

Specifying the role using the command line

Bill showed us the experience of selecting the role using the configuration wizard and confirmed that both PSCONFIG.EXE and existing PowerShell cmdlets (my guess is New-SPConfigurationDatabase and Connect-SPConfigurationDatabase) will have a new parameter that you can use to specify the MinRole. When (if) the 2016 hands-on lab is available I’d like to take a look at this.

MinRole Health Analyzer Rule

SP2016-Servers-in-FarmSharePoint 2016 will have health analyzer rules that run daily to enforce the selected MinRole of the server.  The rule will compare the services installed on the server to the expected configuration. If it’s not in compliance administrators will receive the alert. This rule does not run on servers that are assigned the Special Load MinRole. This information is also (as of now) surfaced in the Servers in the Farm page in Central Administration (pictured, left).

Distributed Cache Service

Distributed Cache will still be present in SharePoint 2016 and as mentioned it’s one of the MinRoles you can select when joining the server to the farm. Distributed Cache will use and Microsoft will support AppFabric even though the Windows Server team has deprecated and announced the end of life for this caching product. I’m assuming the prerequisites will be a later CU so as to not encounter the distributed cache bug that was present in SharePoint 2013 farms running AppFabric CUs earlier than CU3. There are performance changes that will allow for more connections and the service can be configured to be available 99.99% of the time.

Boundaries and Limits

Some significant increases in the boundaries and limits since 2013:

Content Database Size Site Collections per Content Database List Threshold Maximum File Size Indexed Items
In the range of TBs 100,000 > 5,000 10 GB and removed character restrictions 500 million items

When Bill revealed the content database size, list threshold, and max file size increases the crowd went nuts.

SAML Authentication is the Default

Whether your credentials live in Active Directory, Azure AD, Office 365, another LDAP directory store, a custom source, or the users are external to your organization,  you’ll be using claims-based authentication in SharePoint 2016. Microsoft is moving away from domain-based credentials and towards authentication that uses SAML claims. Windows authentication will still work, though it sounds like it’s going the way of classic auth in SharePoint 2013: available only through PowerShell.


SharePoint 2016 supports upgrades from SharePoint 2013. Microsoft was considering incorporating the ability to upgrade from SharePoint 2010 and even solicited feedback from the public, but this won’t happen. The upgrade process is the same as it was for 2010 to 2013: Database attach and third-party tools. Sites running in 2010 (14) compatibility mode need to be upgraded to 2013 (15) compatibility mode before the upgrade will work.

Performance and Availability

Taking direction from Microsoft’s learning of running SharePoint at scale with Office 365 there are a number of improvements: Distributed cache connections (noted above), BITS protocol support for file transfers and fast site creation leveraging SPSite.Copy (I think this is new because I can’t find it on MSDN) of an existing site collection rather than programmatically creating from scratch.

User Profile Synchronization

The User Profile Synchronization Service will not appear in SharePoint 2016. In its place a full install of FIM is required for bidirectional sync, and for unidirectional support the AD Sync that was present in SharePoint 2007 and 2013 (AD Import).

Project Server

SP2016-Project I didn’t catch. Here’s the slide. Hopefully someone can fill in the blanks for me.



CUs sound like they’ll be a thing of the past. The update model is changing and will allow for farms to remain online while being patched. The updates will no longer rival the size of the original media or require spanning additional CAB files due to the +2 GB size. Microsoft is claiming updates will be painless. If this is true I will be very happy however I am not holding my breath (if only to not get my hopes up).

Durable Links

Since the dawn of HTTP and HTML broken links have plagued this great planet. SharePoint 2016 will end this once and for all with Durable Links — URLs will have a resource ID (I’m assuming a GUID) that will persist whether the item the URL refers to is renamed or moved. I’m not sure if this will play nice with records and look forward to seeing it in action.

Telemetry (Analytics)

Real-time telemetry similar to what you see in Azure and Office 365. The photos I took are so bad it looks like there was an octopus on the screen. From what I remember what I saw looked pretty nice and will be pleasing to people who missed analytics in 2013.


There are improvements to discovery features including the ability to reach out to Office 365 in eDiscovery.

Cloud Search Service Application

For every company that wanted to implement or did implement hybrid search, this service is for you. The Cloud Search Service Application unifies the search experience for SharePoint Server 2016 and SharePoint Online and provides a single result set that contains items from both locations. Every customer who balked at having two results sets on the page and didn’t implement hybrid search will want SharePoint 2016 immediately.

Hybrid Scenario Picker

There is now a wizard that will configure hybrid scenarios for you. Hybrid search, OneDrive for Business, BCS. Instead of manually setting DNS entries, running obscure PowerShell cmdlets, decyphering TechNet articles, and installing SSL certificates, in SharePoint 2016 you will be able to run a wizard and have a beer.

Pre-release availability

While not discussed in the session, Microsoft has provided a pre-release version of SharePoint 2016 to customers in the TAP program. I’m not in the TAP so I can’t comment on this version, not that I could anyway since it likely comes with an NDA. This version is pre-alpha software and still has a long way to go. From what I hear it has brought with it some cloud concepts. It’s too early to tell how it is, all I can say for now is what Microsoft is saying: SharePoint 2016 will be the most tested version of SharePoint before it hits RTM.


My Summary

There was a ton of info we got today, and as I look at it all I have more questions now then when I went in. To me there are lots of new features to like: Cloud Search Service Application, Durable Links, similar requirements to 2013, and the hybrid implementation. Honestly the MinRole feature confuses me given that was the way Microsoft was heading in the past. I remember SETUP.EXE for SharePoint 2003 and 2007 had the option to select the role of the server. It’s likely different but I’m not seeing it. I’m expecting many customers will simply select Special Load for all their servers. The new update model sounds interesting and if Microsoft pulls it off it will make every SharePoint administrator’s day.

There’s still a year before RTM so there’s still lots of time to reveal new features, remove features, and change features. I’m looking forward to it, maybe RTM will be announced at Ignite 2016? 🙂

Microsoft Ignite

According to the countdown timer over on the Ignite site there’s just over 2 days remaining until Satya Nadella delivers the keynote to kick off the conference. The keynote will be streamed live so if you’re not going to be there in Chicago, still tune in because there will be lots of exciting news.

I’m making the trip to the midwest on Sunday and planning to spend the week meeting great people and learning new things. Check out my attendee profile and I’ve published my schedule so you can see where I’ll be. I’m going to focus my time in sessions about SharePoint 2016, SharePoint Online, Yammer, hybrid implementations, identity management, and Azure IaaS.

There’s an Ignite mobile app that I just learned about and totally recommend. It lets you see your sessions and has maps of McCormack Place so you can figure out where you’re going. The app is available for Windows Phone, Android, and iOS. Check it out, I expect it will make your time at Ignite run a little bit smooter!

Like every Microsoft conference I’ve been to certification exams are 50% off ($75 USD). If you have time I totally recommend knocking an exam or two off your list, you can’t go wrong with the price. 🙂

Don’t forget about the Ignite Yammer network! If you’re going you’ll want to join so you can keep tabs on what everyone’s chatting about. I think you need to be going to Ignite to join so don’t miss out.

I’ll be blogging here about my thoughts and interesting information I learn, as well I’ll tweeting as much as I can. Follow me @jaspnwarren and give me a shout if you see or hear anything interesting!

On a more personal level, I am seeking new working opportunities. If you’re looking for an award-winning SharePoint infrastructure expert please reach out and let’s chat!

And to everyone who will be there, if you see me walking around at the conference, at the parties, at the awesome event, or wherever, please feel free to stop and say hi! I’m looking forward to connecting with the community and having a great time.



Get a list of SharePoint sites that allow anonymous authentication

For administrators who manage (usually) public-facing SharePoint farms, it’s good to keep tabs on the sites that allow anonymous users. Configuring anonymous access is a multi-step process — there are web application settings, site settings, and permissions. Although there is a lot of configuration, it’s easy to see which sites allow anonymous authentication using the SPWeb.AnonymousState site-level flag. Using this property we can write a short PowerShell script to list out all the sites in the farm and display whether or not they allow anonymous authentication.

SharePoint 2013 and SharePoint 2010

For SharePoint 2010, SharePoint 2013, and presumably future versions of SharePoint, getting this list is simple using the Get-SPSite cmdlet which can be used to list every site collection in the farm:

$sites = Get-SPSite -Limit All
foreach ($site in $sites) {
	$site.AllWebs | Select Url, AnonymousState

The output will look like something like this:

Url                                         AnonymousState
---                                         --------------                                 Disabled                    Disabled                                      On                                On                              On                              On                               On

SharePoint 2007

If you have PowerShell installed on a server in the farm (you really should), you can use PowerShell to build this handy report just it takes a bit more effort:

$farm = [Microsoft.SharePoint.Administration.SPFarm]::Local
$websvcs = $farm.Services | where -FilterScript {$_.GetType() -eq [Microsoft.SharePoint.Administration.SPWebService]}
$webapps = @()
foreach ($websvc in $websvcs) {
	foreach ($webapp in $websvc.WebApplications) {		
		foreach ($site in $webapp.Sites) {
			$Site.AllWebs | Select Url, AnonymousState

The output will look look the same as with later versions of SharePoint:

Url                                          AnonymousState
---                                          --------------                                 Disabled                    Disabled                         On                   On           On

(HT to Gary Lapointe for the code to get the web applications in a SharePoint 2007 farm using PowerShell: Getting an SPWebApplication object using PowerShell.

Add and remove MIME types from SharePoint (PowerShell)

Petro Margaritis has a PowerShell script for adding a MIME type to a SharePoint web application: Setting Trusted IIS MIME Types In SharePoint using PowerShell. I modified it to allow you to remove the MIME type if it already exists:

Write-Host "This script will check if a particular MIME Type is excluded from the AllowedInlineDownloadedMimeTypes list when STRICT Browser File Handling Permissions are set on the Web Application" -foregroundcolor Darkcyan
$webAppRequest = Read-Host "What is the name of your Web Application? i.e. http://<serverName>"
$webApp = Get-SPWebApplication $webAppRequest
$mimeType = Read-Host "Which MIME Type would you like to confirm is included in the AllowedInlineDownloadedMimeTypes list for $webApp ? i.e. application/pdf"
If ($webApp.AllowedInlineDownloadedMimeTypes -notcontains "$mimeType")
    write-host "$mimeType does not exist in the AllowedInlineDownloadedMimeTypes list" -foregroundcolor Yellow
    $addResponse = Read-Host "Would you like to add it? (Yes/No)"
    if ($addResponse -contains "Yes")
        Write-Host "The MIME Type ' $mimeType ' has now been added" -foregroundcolor Green
        $iisresponse = Read-Host "This change requires an IIS Restart to take affect, do you want to RESET IIS now (Yes/No)"
        if ($iisResponse -contains "Yes")
            Write-Host "IIS has now been reset" -foregroundcolor Green
            Write-Host "IIS has not been reset, please execute the IISRESET command at a later time" -foregroundcolor Yellow
        Write-Host "The MIME Type ' $mimeType ' was not added" -foregroundcolor Red
    Write-Host "The MIME Type ' $mimeType ' already exists in the AllowedInlineDownloadedMimeTypes list for this Web Application" -foregroundcolor Yellow
	$addResponse = Read-Host "Would you like to remove it? (Yes/No)"
    if ($addResponse -contains "Yes")
        Write-Host "The MIME Type ' $mimeType ' has now been removed" -foregroundcolor Green
        $iisresponse = Read-Host "This change requires an IIS Restart to take affect, do you want to RESET IIS now (Yes/No)"
        if ($iisResponse -contains "Yes")
            Write-Host "IIS has now been reset" -foregroundcolor Green
            Write-Host "IIS has not been reset, please execute the IISRESET command at a later time" -foregroundcolor Yellow
        Write-Host "The MIME Type ' $mimeType ' was not removed" -foregroundcolor Red