SharePoint: Certain users not resolved in People Picker

Here I cover how to use Fiddler and IE Developer Tools (F12) to troubleshoot People Picker problems in SharePoint 2013 and 2016 within the context of a problem I recently came across. Problem: Certain users are not resolved in People Picker.  The client-side people picker control shows no results, but doesn’t throw an error either. …


SharePoint 2013 & 2016 - Manager and Assistant values swapped in User Profiles

Here’s one that was a problem in SharePoint 2013, was fixed, but never ported to SharePoint 2016, so we had to fix it again. Consider the following scenario: You are importing user profiles from Active Directory (AD).  This can happen using any of the profile import methods for either SharePoint 2013 or 2016. 2013: SharePoint…


SharePoint: Users randomly lose permission - are deleted from site

This is a good one, it appears to be random, and intermittent, and is extremely hard to track down. Consider the following scenario: Intermittently, when a user browses to a resource (site, list, etc) that they are supposed to have access to, they receive “Access Denied”, or our more friendly version: “Sorry, this site hasn’t…


SharePoint: Facts and Troubleshooting the Claims To Windows Token Service (C2WTS)

Facts: 1. The Claims to Windows Token Service (from here on denoted as “C2WTS”) is only used when SharePoint needs to get data from an external system that does not understand claims.  Examples include (but are not limited to): SQL Server Reporting Services (SSRS) Excel Web Services (EWS) PowerPivot / Power View Business Data Connectivity…


SharePoint 2013: User Profile Incremental Synchronization timer job fails with Access Denied

Problem: Consider the following scenario: The User Profile Service (the web service, NOT the Sync service) is running on two servers in the farm: App1, App2. In that case, the <UPA name>- User Profile Incremental Synchronization timer job (internal name: ProfileImportJob) can run on either server. The User Profile Synchronization Service is running on App2….


SharePoint 2016: Some Profile Pictures are not imported from MIM 2016

Problem: Consider the following scenario: You have SharePoint 2016 set up to import user profiles from Microsoft Identity Manager (MIM) 2016. You have configured User Profile Pictures (PictureURL property) to import from Active Directory Attribute Thumbnailphoto. You run the Sync and everything is successful including the MOSS_Export sync step.However, after running the Update-SPProfilePhotoStore command, you…


SharePoint 2016: Active Directory Import timer job does not run

This is an interesting “gotcha” that came up recently: Problem: The Active Directory Import (UserProfileADImportJob) timer job does not run.  It’s enabled and scheduled to run (default every 5 minutes), but never runs. The result is that the user profiles never get imported.   Cause: All the servers in the farm that are running the…


Users forced to re-authenticate unexpectedly

This post covers the scenario where users log in via a trusted provider / SAML-claims  (like ADFS, Ping, Site Minder, etc) and intermittently, they are redirected to the login page to re-authenticate. There are a few pieces of information you need for a scenario like this (beyond the regular scoping): 1. Output of Get-SPSecurityTokenServiceConfig 2. A Fiddler…