SharePoint 2013 FBA Pack and CAPTCHA on Multiple Web Front Ends

Now this is an interesting problem!  We are using the SharePoint 2013 FBA pack on a project that has multiple WFEs.  Within the registration process is the ability to use a CAPTCHA image for human validation.  The registration page looks something like this.


In our QA system (where internal customers do lots of acceptance testing) we were having an issue where the CAPTCHA picture would not render all the time.  Many times it would render as a blank HTML picture box.  I ended up testing each WFE server in QA and found they both exhibited the same problem.  Sometimes they would be 90% good…other times they’d fail 50% of the time.  The most interesting thing about this is our PROD system did not exhibit the same issue, even though it is built the same as QA (yeah, right…we know what that means). 

If you look at the link on the picture you’ll see it is generated by a call to the ImageHipChallenge.ashx page and is implemented as shown here


From what I can tell this is code that’s been around a while, probably since ASP.NET 1.0 or so.

So, what’s different between PROD and QA?  After stumbling around a bit, I found the Request Management service was turned off in PROD!  If you look under "Services on Server" you’ll find the Request Management service.  Here it is stopped in the SharePoint PROD instance…


…and you can see here it was started on the QA SharePoint instance.


Well, that was interesting, so we turned it off in QA and found something even more interesting.  Our WFE1 box was working 100% (serving up the CAPTCHA images all the time), while the WFE2 box was working 50%.  We knocked heads on this for a while and one of our brilliant guys suggested we try configuring the Request Management Service using PowerShell.  Since we are using two WFEs in a "not very heavily loaded environment" we decided that Request Management probably wasn’t buying us a lot anyway.  So, using Set-SPRequestManagementSettings we disabled Routing and Throttling.

Add-PSSnapin microsoft.sharepoint.powershell
$web= Get-SPWebApplication -identity https://site.myco.com
Get-SPRequestManagementSettings -Identity $web
Set-SPRequestManagementSettings -Identity $web -RoutingEnabled $false -ThrottlingEnabled $false

Retrieving the settings with Get-SPRequestManagementSettings provides the following confirmation.


After doing this, our CAPTCHA images are now being served up correctly 100% of the time!  We’re thinking since the Request Management Service was never enabled in production that it is really "not running" while in QA, even when we stopped it in SCA, something about it was still lingering.  Note we did not reboot the QA WFEs during any of this configuration change.

We did have the thought about configuring the Request Management Service to not attempt to route the ImageHipChallenge.ashx requests…and we may still try that.


The server was unable to save the form at this time. Please try again.

Oh, the annoying errors from SharePoint!  At least this one didn’t say "please contact your help desk."

This error was experienced on a SharePoint site used for tracking project management tasks. 


There is a task list with a number of Lookup columns that was working perfectly fine for months.  Then, out of the blue, folks started experiencing this error, "The server was unable to save the form at this time.  Please try again."

A search of the web indicates that we are not alone experiencing this problem.  Some of the solutions point to a low memory issue, but our DEV server has 32GB of memory assigned to it, with only about 6-8GB being used, so it’s doubtful that’s the issue!

Some of the potential solutions:

  1. The Security Token Service needs to be recycled or has some other issue.
  2. An IISRESET fixes the problem.
  3. Enabling content types and adding "link to a document" content type fixes the issue for document libraries.

Until I got to the last potential solution I was having no luck.  Since this was not a document library, I couldn’t add the "link to a document" content type, but I certainly could try adding other content types.

I enabled content types on the list under Advanced Settings.


In the Content Types section, I went to add from existing content types.


From here I simply added the Item content type…one of the simplest system content types.


Voilà!  The edit can now be made to the item and saved successfully!

Now, I didn’t try every item in our list, but the one I was testing on had a file attachment.  Not sure if that has anything to do with the source of the issue, but I did capture a few SharePoint logs along the way.  Here are a couple of things I saw, but couldn’t find anything on the web that helped me much.  These messages seem to point to the RESX files in the C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\Resources folder and, as I looked inside core.resx and core.en-US.resx, I could not find any string "restricted" within the resource files.

Failed to look up string with key "Restricted", keyfile core.
Localized resource for token ‘Restricted’ could not be found for file with path: "(unavailable)".
Failed to cache field with id "{d098358c-5467-45ee-ad35-e91044fcd181}", overwrite=0

This was seen right after the EditForm.aspx link to the item on which I was experimenting.


There was also a "UserAgent not available, file operations may not be optimized." following it, but I’ve learned to ignore these.


Referencing a Custom Help Page with the Help.aspx page in SharePoint 2013

I was trying to find an easy way to navigate directly to a custom SharePoint help page and figured there must be some URL parameters I could use to get there.  However, all my searching only turned up snippets of JavaScript such as this one…which is okay, but I really wanted to understand what /_layouts/15/help.aspx page was really wanting.

var navBarHelpOverrideKey = “[Help Collection Product]_[Context Key]”;

If you look at the link provided by clicking on the help icon, you may see some links like these, once you navigate to the exact topic you want to view.


Notice here you see AssetKey=.  This appears to expect some semi-colon delimited GUID on the parameter value.  I’ve found that using Key= is what you probably want to use.

http://site.myco.com/_layouts/15/help.aspx?AssetKey=/Lists/Site Collection Help/CustomHelp/LogonScreen/CustomTopic.htm;41fdd883-01d2-4c2a-9a25-4465d705c17a;

What I wanted to do was provide the exact topic in some sort of URL parameter.  What I found is you can use this format.  It is essentially the name of your folders you created in your custom help and the help page’s context key separated by underscores, e.g. Key=MyCustomHelpCollection_MyCustomHelpCategory_1.  The missing piece here is the Context Key added on the end.  This takes you directly to the page, without having to navigate through the Collection and Category.  Note that the URL parameter name you might be tempted to use is AssetKey=, while the correct URL parameter name to use for this type of navigation is simply Key=.


http://site.myco.com/_layouts/15/help.aspx?Key=%5BHelp Collection Folder Name]_[Help Category Folder Name]_[Help Page Context Key]

What does this mean?  This means that after you create a custom help library by enabling the feature and creating some content, as discussed in these articles, you can link directly to your topics if you need to.

Create a Custom Help Library to SharePoint 2013

Create a Custom Help Library for SharePoint Foundation 2010

It’s really possible this information exists somewhere out there, but I sure couldn’t find it after a couple hours of searching.


Remove Old Winshuttle License Activations

Trying to activate a new CENTRAL license returns the error

You cannot have Enterprise- and Workgroup-type licensing together.


The problem is likely due to having expired licenses.  To view these, change the view from By Products to By Activation on the Manage Licenses page.


Next, select View All Activations.


You should now be able to delete the old expired license activation.


Now on the Activate Licenses page you should be able to browse to your XML activation file and activate successfully.




Winshuttle license management


unable to cast object of type microsoft.sharepoint.webcontrols.splinkbutton

Been a long time since the last post…at least it feels like it.

Just finished troubleshooting an issue where a default page wouldn’t load.  The correlation ID pointed to an Unexpected error in the SharePoint ULS logs stating:

unable to cast object of type microsoft.sharepoint.webcontrols.splinkbutton

The site settings page would load (modifying the URL manually) as would View All Site Content.  However, clicking on any of the lists or libraries would throw the error.  We initially thought this was an issue with the default.aspx page getting corrupted, as we could create a new blank web part page in SPD, place it in the root of the web, and it would load up okay. 

What fixed this:  IISRESET!

Again, the same lesson learned, all over again.

SharePoint troubleshooting steps:

  2. Everything else

Web.config File Updating Automatically Every Night at 12:00 Midnight SharePoint 2013

We have a situation where we created a couple of SharePoint farms, QA and Production, that had some customized FBA implementations and implemented reversible encryption for the passwords.  Since the passwords are coming from a legacy system, we had to come up with a way to encrypt them and make them “decryptable” within SharePoint.  We were successful in doing this, but ended up having a couple of issues in production that would not allow users to log in.  Basically, their passwords were not being decrypted correctly.

This all begins in the <machineKey> section of the web.config.  The decryptionKey is used during the decryption process and, since this had to be supported across multiple machines, we made these sections the same across multiple machines and farms.  In fact, we had to use this on our legacy system so we could successfully encrypt and transfer the passwords from the AS400 (yes, mainframe).  This is what a <machineKey> section looks like.

<machineKey validationKey="8C3B5469A19FA84540F9B9E353679822934EF13EA0C26887B2AD4A6CA139BBBB" decryptionKey="634A6FD0D98D0A254D5E54F9D35287244C9DEB23A029BCAEA1C4FE21874C63AF" validation="HMACSHA256" />

When SharePoint is installed, it records some of the portions of the web.config file in the SharePoint configuration database.  These are located in the Objects table.


Allen Wang had a good blog post on the issue:  http://blogs.msdn.com/b/allenwang/archive/2012/03/23/sharepoint-2010-health-analyser-timer-job-changed-custom-web-config-machine-key.aspx.  Here he identifies how to find the keys in the Objects table.  Here is a select statement with a part of the offending decryption key in the WHERE clause. 


This returns exactly one record.  Copy and paste it in something like Notepad++ so you can see it more easily.


Apply some XML formatting to more easily wade through the XML.  Here you’ll find m_ViewStateValidationKey and m_ViewStateDecryptionKey that correspond to the validationKey and decryptionKey in the <machine.config>


These were initially set when SharePoint was installed and, to my knowledge, there is not a “supported” way to change them in the config database.  Of course, any of us could change these in the database, but if you do make a good backup in case you need to put it back!

I can reason through why they do this.  Since the view state data is being encrypted/decrypted and there could be multiple WFEs, you certainly don’t want these values to be different across WFEs, lest your requests bounce across WFEs, as different values would yield different results, i.e. reading the view state would break.  That would be a mess.  So, they created a Health Analyzer rule to insure these values remain the same across WFEs.  Health Analyzer rules are viewed within the Monitoring section of SCA.


Here is the rule in the Health Analyzer.  Web.config files are not identical on all machines in the farm.  You can see I have already disabled this rule. 


I actually disabled this rule using the PowerShell command.  Here the rule name is ViewStateKeysAreOutOfSync. 

Add-PSSnapin microsoft.sharepoint.powershell
Get-SPHealthAnalysisRule ViewStateKeysAreOutOfSync | Disable-SPHealthAnalysisRule

Here you can see the relationship between the Name of the rule and the Summary of the rule from the PowerShell command, Get-SPHealthAnalysisRule ViewStateKeysAreOutOfSync.


Now, most of the solutions to this issue I’ve read employ PowerShell to disable this Health Analyzer rule, as shown previously.  However, you can also manage rules in the web interface.  The rules are in a SharePoint list, so simply click on the rule and edit it.


Here you can see there is another setting, Repair Automatically.  This is likely the culprit that is changing the web.config.  A Health Analyzer rule can be set to report the issue and/or attempt to repair the issue.  So, instead of disabling the rule completely, you can simply stop it from attempting to repair the issue.










An error has Occurred with the Data Fetch. Please refresh the page and retry.

An error has occurred with the data fetch.  Please refresh the page and retry.

I’ve seen this error multiple times with SharePoint 2013.  Seems like one time in the past it was related to some updates that needed to be installed on the server to fix the problem.  Most recently, I was working on one of our 2012 servers and this popped up again while attempting to access the site settings icon (you know, the "gear" icon).




I did some more searching and came upon a fix that worked for me.


In Sharepoint 2013 integrated SSRS 2012, on clicking on action in IE 10 some users were getting error:
an error has occurred with the data fetch. please refresh the page and retry.

On doing F12 we saw:
SCRIPT3: The system cannot find the path specified.
core.js, line 1 character 6957

On unchecking Tools => Internet options => Advanced => “Enable DOM storage” settings, it starts working.

  • Proposed as answer by SaurabhMathur Monday, August 31, 2015 4:05 AM

Monday, August 31, 2015 4:04 AM

So I gave it a try.  Go into Internet Options, select the Advanced tab and scroll down under Security and you’ll find "Enable DOM Storage."  Uncheck it.


And voila’!  It works for me!


Funny thing is, my Windows 7 machine has "Enable DOM Storage" checked, and it works fine.  So it must be something about the Windows Server and some update that is or is not installed.  I’ll update our server and see what happens next.

Asif Rehmani’s SharePoint Videos


Click to access a wealth of SharePoint videos

SharePoint Rx

SharePoint Rx Home


Posts by Date

October 2016
« Jun    
Support Wikipedia