Showing posts with label WCA. Show all posts
Showing posts with label WCA. Show all posts

Friday 25 July 2014

Office Web Apps 2013 for public facing websites

Overview:  A couple of weeks ago I told a customer that Microsoft offers a service to display Office documents thru Office Web Apps (WCA).  I thought I had read this or seen it on twitter but I was confident that viewing website office based documents was a free service offered by Microsoft.

Initial Hypothesis:  I looked on the web and could not find anything and I had to hastily tell the customer I had made a mistake as I could not find anything about it on the web.  The customer decided to setup a public facing Office Web Apps Server to feed up office documents and pdfs for their websites.

Fast forward a few weeks and the customer is installing a 1 server office web apps farm to display pdfs and word document from their public websites and I have been informed that there actually is a public service.  http://blogs.office.com/2013/04/10/office-web-viewer-view-office-documents-in-a-browser/

"Do you have Office documents on your website or blog that you want your readers to view even if they don’t have Office installed?  Would you rather view a document before downloading it?  To give your audience a better experience, try the Office Web Viewer."

To use the service there are a couple of considerations.  The service only supports office documents like word and excel, it doesn't support pdfs which is the clients preferred method of providing downloads.

Resolution:  You do not need to perform WOPI binding to use the service. 
The document is located at: http://calibre-ebook.com/downloads/demos/demo.docx

All you need to do is prefix the url link as follows:
http://view.officeapps.live.com/op/view.aspx?src=http://calibre-ebook.com/downloads/demos/demo.docx
 
Summary: A nice service offered by Microsoft for viewing Office documents "on-the-line" O Wilson, V Vaughn 2013 (The Internship).  If won't work for pdfs and you will need to call the service in the html call.  Good to know it is available but it won't meet my clients needs.

Tip: Ensure the link opens a new tab as the opened pdf will lose the clients context on yor site and force them to use the browsers back button.

Note: To get WCA to open public documents on the web using the web viewer, you need to setup the SharePoint farm to use "external-https".  If you are using it both internally and externally, which I have not done, you need to use external-https and use Alternate Access Mapping (AAM).

Example:
Below is a single WCA server farm that I am using for both internal e.g. document libraries & external i.e. public SharePoint 2013 websites.  Note the Internal and External URL are the same, you could also use AAM as suggested earlier.

FarmOU                            :
InternalURL                       : https://wca.demo.co.uk/
ExternalURL                       : https://wca.demo.co.uk/
AllowHTTP                         : False
SSLOffloaded                      : False
CertificateName                   : wca.demo.co.uk
EditingEnabled                    : False
LogLocation                       : E:\OfficeWebApps\Logs\ULS\
LogRetentionInDays                : 30
LogVerbosity                      :
Proxy                             :
CacheLocation                     : E:\OfficeWebApps\Working\d\
MaxMemoryCacheSizeInMB            : 5000
DocumentInfoCacheSize             : 5000
CacheSizeInGB                     : 40
ClipartEnabled                    : False
TranslationEnabled                : False
MaxTranslationCharacterCount      : 125000
TranslationServiceAppId           :
TranslationServiceAddress         :
RenderingLocalCacheLocation       : C:\ProgramData\Microsoft\OfficeWebApps\Working\waccache
RecycleActiveProcessCount         : 5
AllowCEIP                         : False
ExcelRequestDurationMax           : 300
ExcelSessionTimeout               : 450
ExcelWorkbookSizeMax              : 10
ExcelPrivateBytesMax              : -1
ExcelConnectionLifetime           : 1800
ExcelExternalDataCacheLifetime    : 300
ExcelAllowExternalData            : True
ExcelWarnOnDataRefresh            : True
OpenFromUrlEnabled                : True
OpenFromUncEnabled                : True
OpenFromUrlThrottlingEnabled      : True
PicturePasteDisabled              : True
RemovePersonalInformationFromLogs : False
AllowHttpSecureStoreConnections   : False
Machines                          : {EXT-WEBDEMO1}

I am using a SSL certificate installed on the WCA box as I don't have an SSL termination device (F5, Kemp).

On the WCA VM I run the PS > Set-OfficeWebAppsFarm -OpenFromUrlEnabled:$True

This gives me the generate.aspx page on the WCA farm to provide pdfs and office documents via the web viewer.  Mine is https://wca.demo.co.uk/op/generate.aspx

Wednesday 30 April 2014

OWA intermittently not returning office documents in Office Web Apps 2013

Problem: Intermittent requests are not returning the pdf/word documents. Most requests are working and occasionally 1 request doesn't work. Every 4th request tries to get the pdf to display on Office Web Apps for a few minutes without any error message and then stops trying and displays the message "Sorry, Word Web App can't open this ... document because the service is busy."

I have 4 OWA/WCA servers on a stretched farm being used by SP2013 etc.

Initial Hypothesis: Originally I thought it was only happening to pdfs but it is happening to word and pdf documents (I don't have excel docs in my system). My monitoring software SolarWinds is badly configured on my OWA servers as the monitor is showing green, drilling down into the servers monitoring; the 2 application monitors are both failing. The server should go amber if either of the 2 applications monitoring fails and in turn red after 5 minutes. At this point I notice that I can't log onto my 4 OWA/WCA server. Web request are not being returned. I look at my KEMP load balancer and it says all 4 WCA servers are working, I notice the configuration is not on web requests but on ping (not right) and the NLB/KEMP is merely redirecting every 4th request to the broken server.

Resolution:
  1. Reboot the broken server, once it comes up I can make http requests directly to url http://wca.demo.dev/hosting/discovery on the rebooted server.
  2. SolarWinds monitoring is lousy - need to fixed the monitoring.
  3. Kemp hardware load balancing needs to be changed from checking the machine is "ON" to rather checking each machine using a web request.
SolarWinds Monitoring is not configured correctly

 

Monday 13 January 2014

CU Upgrading On Prem Office Web Apps 2013

Problem: I need to upgrade my WCA farm from the RTM version to the March 2013 CU to allow pdf's to be displayed with Office Web Apps.


Steps to upgrade an Existing WCA farm:
  1. Copy exe to machine: OWA1 & OWA2 (D:\OfficeWebApps\March 2013 CU)
  2. Remove secondary servers from farm.  In my case this is WCA2, remote into SP-WCA2 and run PS> Remove-OfficeWebAppsMachine (on WCA2)
  3. Run exe on secondaries (WCA2), Reboot, shut down and snapshot & then on the primary (WCA1)
  4. Check primary: verify the url works: http://wcauat.demo.dev/hosting/discovery this can be done on the local machine or using https from a client machine.
  5. Create a new OWAFarm, this will run over the top of your exisitng farm   PS> . missing Add-OfficeWebAppsFarm... (on WCA1)
  6. Join Secondary to farm    PS> new-officewebappsmachine –machinetojoin “sp-wca1”(Primary)
  7. Activate WordPDF PS>  New-SPWopibinding –servername “wcauat.demo.dev” –application “WordPDF” -allowhttp
Perform step 7 on the SharePoint farm.

More Info:





You can verify the version of you WCA farm using (not sure this reports the correct version): 
(Invoke-WebRequest https://wcauat.demo.dev
jsonAnonymous/BroadcastPing).Headers["X-OfficeVersion"]

An easier approach is to use Fiddler to monitor the http/https traffic to figure out Office Web Apps farm version:
Open IE
Open Fiddler
In IE, go to the url https://wca.demo.dev/m/met/particiapant.svc, replace "wca.demo.dev" with your Office web apps service url. 
In Fiddler, review the response header, you will see the response header X-OfficeVersion with a version number.

 

Tuesday 7 January 2014

Office Web App Common Problems & Fixes

There is now a article on WCA on Technet that includes troubleshooting.  Updated 30/04/2014.

Finding your issues: Office Web Apps (WCA) displays and error, without a correlation Id.  If you have a small WCA farm, you can trawl the WCA ULS logs using ULS eventviewer to find your issue.  However on a busy or large farm finding the ULS errors is tedious.  You can use IE development tools, fiddler or any tool provided you can find the correlation Id send in the response from the WCA server.

The screenshot below shows how to use fiddler to find a correlationId returned from the WCA server.  In the browser view the http response and find the "X-CorrelationId" property.

Tip: It is also worth verify the WCA farm is reachable and running using https://wcaservername/hosting/discovery

==========================================

Problem: When opening a work or pdf document I receive the following error popup "Sorry, there was a problem and we can't open this PDF. If this happens again, try opening the PDF in Microsoft Word.".
Initial Hypothesis:  WCA was working and pdf's were opening.  The error is similar to the error received when the networking is not correct (WCA machines can't access the SharePoint WFE's).  Opening the ULS logs on the WCA machines, I can see the following error message "WOPI CheckFile: Catch-All Failure [exception:Microsoft.Office.Web.Common.EnvironmentAdapters.UnexpectedErrorException: HttpRequest failed ---> Microsoft.Office.Web.Apps.Common.HttpRequestAsyncException: No Response in WebException ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 10.189.xx.15:443"   

Resolution:  My load balancer is not passing through the traffic from the WCA servers using https to the WFE's.  Fixed the loadbalance so https traffic is forwarded correctly.  The WCA servers need to speak to the WFE/SharePoint servers either on http or https depending on how the WCA farm is configured (SSL termination, with or without ssl are the 3 options).

===========================================

Problem:  Can't open any document in WCA and the WCA ULS is generating the following issue:
WOPI CheckFile: Catch-All Failure [exception:Microsoft.Office.Web.Common.EnvironmentAdapters.UnexpectedErrorException: HttpRequest failed ---> Microsoft.Office.Web.Apps.Common.HttpRequestAsyncException: No Response in WebException ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.   

Initial Hypothesis:  On each specific WCA server, I try open the SharEPoint web Application i.e. https://www.demo.dev, the browser displays that the certificate has errors "Certificate error".  Opening up the certificate and the certificate chain looks correct.

Resolution:
1.> Run > MMC > File > Add snap-ins > Certificates > Add > Computer Account > Local Computer > Finish. OK.
2.> In the MMC console navigate to Certificates > Trusted Root Certificate Authorities > Certificates > (Right click) All Tasks > Import (both the Trust root and the intermidiary certificates required.
After adding the missing certificates, open the the browser and check the certificate.  Thank to David C for documenting and figuring out the issue is the certificate chain being used on the WCA servers.  Office web apps is working again.

===========================================

Problem: When Opening a word document I get the following error when Office Web Apps tries to render the document "There's a configuration problem preventing us from getting your document. If possible, try opening this document in Microsoft Word."

Initial Hypothesis: Check the ULS logs on the Web Front End (SharePoint Server) as this doesn't tell me much.  I found the following issue in my ULS:
WOPI (CheckFile) - Invalid Proof Signature for file SandPit Environment Setup.docx url: http://web-sp2013-uat.demo.dev/Docs/_vti_bin/wopi.ashx/files/6d0f38c0d5554c87a655558da9cedcad?access_token...
Resolution: Run the following PS> Update-SPWOPIProofKey -ServerName "wca-uat.demo.dev"

More Info:
http://technet.microsoft.com/en-us/library/jj219460.aspx

===========================================

Problem:  When opening a docx file using WCA (Office Web Apps) I get the following error mes: "Sorry, there was a problem and we can't open this document. If this happens again, try opening the document in Microsoft Word."
I then tried to open an excel document and got the error: "We couldn't find the file you wanted.
It's possible the file was renamed, moved or deleted."

Initial Hypothesis: Checked the ULS logs on the only OWA server and found this unexpected error:
 HttpRequestAsync, (WOPICheckFile,WACSERVER) no response [WebExceptionStatus:ConnectFailure, url:http://webuat.demo.dev/_vti_bin/wopi.ashx/...
This appears to be a networking related issue, I have a NLB (KEMP) and I am using a wildcard certificate on the WCA adr with SSL termination.

Resolution:  The error message tells me that it can't get back to the SharePoint WFE servers from the OWA server.  The request from the WCA/OWA1 server back to the SP front end server is not done using https but http.  I have an issue as my nlb can't deal with traffic on port 80.
I add a host entry on my OWA1 server so that traffic to the SharePoint WFE goes directly to a server by IP and it works.  This means i don't have high availaibilty.  A NLB service dealing with the web application on port 80 will fix my issue.

The OWA Server need to access the web app on port 80.  My NLB stopped all traffic on port 80.

==========================================

Problem:  The above issue was temporairly fixed by adding a host entry on the WCA1 server so that using the url of the web application on port 80 would direct the user back to WFE1.  I turned on WCA2 and WFE2 so I now have 2 SharePoint Web front ends & A 2 server WCA farm.  In my testing I have docs, doc and excel files.  From multiple locations I could open and edit the docx and doc files but opening the excel file gave me this issue: "Couldn't Open the Workbook
We're sorry. We couldn't open your workbook. You can try to open this file again, sometimes that helps."
 

Initial Hypothesis: Documents are cached and the internal balancing seemed to make word document available using office web apps.  I assume the requests are coming out the cache or from OWA that has the host entry.  I need to tell OWA where to go via a host entry or NLB entry.  Note: using a host entry won't make the OWA highly available/redunadant.  This is the same issue as mentioned in the problem above.

Resolution: I added a host entry to the WCA2 server, it points to the WFE1 machine.

==========================================

Problem: Opening docx or pptx files in Office Web Apps 2013 results in the error "Sorry, Word Web App ran into a problem opening this document. To view this document please open it in Microsoft Word."

 Resolution:  I don't like it but I had to remove the link to the WCA farm, rebuild the WCA farm and hoop SP2013 back to the WCA farm.  [sic].  Other documents were opening and I realised that my bindings were incorrect after I rebuilt.

============================
Problem: Can't open word, pdf, pptx or excel documents using Office Web Apps.  ULS on the OWA servers included these log messages: WOPI (CheckFile) - Invalid Proof Signature for file.  WOPI Proof: All WOPI Signature verification attempts failed.  WOPI Signature verification attempt failed with public key. 
Also found in the logs: "Error message from host: Verifying signature failed, host correlation" "
HttpRequestAsync (WOPICheckFile,WACSERVER), request failure [HttpResponseCode:NotFound, HttpResponseCodeDescription:Not Found, url:https://www.demo.dev/_vti_bin/wopi.ashx/files/8b07d55558955551beb5555bed545553?access_token=REDACTED_1014&access_token_ttl=1392256555993]"

Same issue ULS excerpt:  
Error message from host: Verifying signature failed, host correlation:
WOPI CheckFile: Catch-All Failure [exception:Microsoft.Office.Web.Common.EnvironmentAdapters.FileUnknownException: WOPI 404   
 at Microsoft.Office.Web.Apps.Common.WopiDocument.LogAndThrowWireException(HttpRequestAsyncResult result, HttpRequestAsyncException delayedException) 
 
FileUnknownException while loading the app.


Hypothesis: None, I can't understand why the SP and WCA farm are struggling to communicate.  I believe the cause is to do with the the load balancing/network changing [sic - maybe]. 

Resolution: Remove the link between the Sp farm and WCA
PS> Remove-SPWOPIBinding –All:$true
Connect SP to the WOPI farm
PS> $internalName = "wca.demo.dev"
PS> $internalZone = "internal-https"
PS> New-SPWOPIBinding -ServerName $internalName –AllowHTTP
PS> Set-SPWopiZone -zone $internalZone
 

==============================
 Problem: Intermitten requests are not returning the pdf/word documents.  Most requests are working and occasionally 1 request doesn't work.  Every 4th request tries to get the pdf to display on Office Web Apps for a few minutes without any error message and then stops trying and displays the message "Sorry, Word Web App can't open this ... document because the service is busy."

Initial Hypothesis:  Originally I thought it was only happening to pdfs but it is happening to word and pdf documents (I don't have excel docs in my system).  My monitoring software SolarWinds is badly configured on my OWA servers as the monitor is showing green, drining into the servers monitoring the 2 application monitors are failing.  The server should go amber if either of the 2 applications fail and in turn red after 5 minutes.  At this point I notice that I can't log onto my 4 OWA/WCA server.  Web request are not being returned.  I look at my KEMP load balancer and it says all 4 WCA servers are working, I notice the configuration is not on web requests but on ping (not right) and the NLB/KEMP is merely redirecting every 4th request to the broken server.

Resolution: 
  1. Reboot the broken server, once it comes up I can make http requests directly to http://wca.demo.dev/hosting/discovery the server: and it's all working again.
  2. SolarWinds monitoring is lousy - need to get it fixed
  3. Kemp hardware load balancing needs to be changed from checking the machine is on to rather checking each machine using a web request.




 

Tuesday 1 October 2013

AutoWCAInstalller - Create an Office Web App 2013 Farm automatically

Overview:  Create a 2 VM WCA farm that will be used by the SharePoint 2013 farm on Windows 2008 R2.

Overview of the WCA farm and SharePoint WFE's

1.> Copy the folling files onto each VM in the WCA farm.  I add this to my template or do an xCopy to the machines.
2.> Install the Pre-requisites and WCA binaries
Run the following PS cmds in this order on each VM:
VM-WCA1
C:\Windows\Temp\OWA\InstallOWA.ps1 # WCA Pre-reqs on the 1st VM

C:\Windows\Temp\OWA\InstallOWA2.ps1 vm-wca1 # WCA binaries on the 1st vm
 

  
VM-WCA2
C:\Windows\Temp\OWA\InstallOWA.ps1

C:\Windows\Temp\OWA\InstallOWA2.ps1 vm-wca2
 

 
VM-WCA1
C:\Windows\Temp\OWA\WAC_ConfigureOWAFarm.ps1 \\192.168.1.1\c$\EN\Build\OWA\OWAFarmConfig-UAT.xml
VM-WCA2
C:\Windows\Temp\OWA\WAC_ConfigureOWAJoin.ps1 "VM-WCA1.demo.local"

Explaination:
  • InstallOWA.ps1 - Install pre-requisites for Windows 2008 R2 VM's.
  • InstallOWA2.ps1 - Installs the WCA binaries and WCA patching needed for Windows 2008 R2.
  • WAC_ConfigOWAFarm.ps1 - Create the WCA farm on the 1st/main VM.
  • WAC_ConfigOWAJoin.ps1 - Join the 2nd or more farms to the WCA farm.
  • SP2OWAConfig.ps1 - Hookup of Sp2013 to your new WCA farm.
  • configSilent.xml - I use this to install the WCA binaries/exe in silent mode for automation.  You can see an example of creating this on the Office Web Apps 2013 installation media.
Tip: Use the Invoke Cmd to install WCA remotely, I use TeamCity to do this but PS work perfectly on a remote server.

My generated log file from VM-WCA2 is here if you want to check your install.

Appology:  I lifted some of this PowerShell off codeplex and I can't find the original source to reference the code.  
 

Tuesday 24 September 2013

Office Web App WCA - SSL confussion

Overview: Office web Apps (WCA) 2013 defaults to using https, this is a good position to take but SSL offloading may be needed or you may want to do testing without SSL.  In my case we are using KEMP for SSL termination and before the NLB's are in place I made some hard discoveries.

Options:
SSL, WCA wants to use SSL and has some confusing switches, they make sense eventually so to summerise: You have 3 options to install WCA with SP2013:
  • Not using SSL (not recommened),
  • SSL Certificates on the WCA servers
  • SSLOffloading (Hardware device such as an F5 or KEMP does the SSL decryption, this saves you distributing certs to the WCA servers but means that the traffic between the NLB and the servers is not encrypted.)
My Scenario and Resolution:
Basically I have 2 WCA servers that make up my Office web App farm.  I want to connect SharePoint 2013 to display/edit document via the web browser and I want the preview cabability that SharePoint search needs.  This post explains the situation "Not Using SSL". 

In my initial attemp at installing the WCA farm I selected the switch -SSLOffLoading, this makes the WCA farm accept http requests.  My issue was that other resources then made http requests that with a load balancer performing SSL termination in place is correct.  And here was the problem, when i open a word document it just waits.  I opened my IE developer toolbar and noticed the https request.  Below is how I rolled out of the issue to allow me to use http throughout (Don't do this in production).

Location of the ULS logs on the WCA VM's: C:\ProgramData\Microsoft\OfficeWebApps\Data\Logs\ULS
 
***********************************************************
 
This part of the post differs in that I explain how to use the "SSLOffloading scenario".
You need a load balancer such as F5 or Kemp with networking configured.
The big differences are:
Ensure the "WopiZone : internal-https"
Tip:  Watch the networking. 
Tip:  You can't use a wild card certificate if you use SSL termination on the load balance (it actually works if you only have 1 WCA VM in your farm).
 
Scenario: SharePoint 2013 farm (represents any WOPI client/consumer), this can be on http or https.  The WCA farm consists of 2 or more WCA dedicated VM's.
 
The diagram above shows of the clients browser will interact with the WOPI consumer namely SharePoint 2013 and it accesses the SSL based url for the WCA server.  So the request would go to https://wca.demo.dev.  The load balancer performs SSL termination and load balances to any WCA server on port 80 using session affinity.
 
Tip: I used a wildcard certificate in UAT that works in a load balanced scenario but rather go for the fully qualified certificate for the WCA https service. 
 
********************
 
Problem:  When I create a WCA farm (1VM) and connect SharePoint to use the WCA farm, office documents show correctly.  However when I have WCA multiple servers, I get a the error “[ServerError: Verifying signature failed]. [status:NotFound”.  In my  VM logs on the Office web app server (WCA ULS).

Initial Hypothesis: The error appears to be an issue with SSL, while routing around I found the following information on certificates: http://technet.microsoft.com/en-us/library/jj219435.aspx#certificate

·         The certificate must come from a trusted Certificate Authority and include the fully qualified domain name (FQDN) of your Office Web Apps Server farm in the SAN (Subject Alternative Name) field. (If the FQDN is not in the SAN when you try to use the certificate, the browser will either show security warnings or won’t process the response.)

·         The FQDN in the SAN field can’t begin with an asterisk (*).

Below is a view of our wildcard certificate of the SAN field:
 
What made this issue tough to track is that when I only have 1 WCA server, WCA displays my word document correctly.  This document is cached when I add the remaining servers however once the cache clears down I loose WCA functionality.
 
***********************************************************
Microsoft troubleshooting for WCA
 
***********************************************************
Tip:  A lot of issues around WCA involve networking.  It is useful to verify networking on the VM's.  I use host entries until I am ready to get the load balancing service working.  Note:  Ensure communication from WCA back to the SP WFE's.
 
 

Automate the deployment of an WCA 2013 farm - run the setup.exe silently

Problem:  I have been trying to automate the creation of my Office Web Apps (WCA) 2013 farm and hook it into my SharePoint 2013 farm.  When installing the WCA binaries using PowerShell I get prompted periodially. 

Initial Hypothisis:  Using the setup.exe /? switch I don't see a run silently or accept defaults.  I tried extracting the exe and workingout the switches without joy.  Asked some folks an no answer.  The is a /config switch but I have no idea how to structure it.  Eventually I noticed a folder on the WCA binaries ""



Resolution:  Run the setup.exe and supply the location of the configuration file for a silent install.  If you refer to the config.xml as I have done above, the install will use all the default settings.  Change it if you want a custom Office Web Apps install on each machine in the farm.

I could not find this on the Internet and once I got there is is on the net, see below - recon I need a Google search training day.

More Info:
http://www.sharepoint13.org/?p=124
http://technet.microsoft.com/en-us/library/cc261668(v=office.14).aspx