Wednesday, January 22, 2020

Quick Tip: Getting [HTTP]:500 when approving permissions in the API Management page

This blog post covers an issue that I've followed on Github. Basically, a SharePoint user faced this error message [HTTP]:500 - [CorrelationId]:4e7c8a66-9bbe-4c66-95f1-bc4afd1a51ed [Version]:16.0.0.19708 while trying to approve permissions in the API Management page which is located in the SharePoint Admin Center.

Background information: The API Management page allows administrators to manage (approve, reject and remove) permissions requested/granted at tenant-level.

BUT, what kind of administrators are we talking about? Can a SharePoint administrator manage those requested permissions? Or are only Global administrators allowed to do that?

In that issue, the permission level (SharePoint administrator) of the logged in user was causing the problem. Although SharePoint administrators have access to the API Management page, they can't approve, reject or remove those requested/granted permissions. You must be a Global Administrator if you want to manage API permissions at tenant-level. From my point of view, that makes a lot of sense, since you are dealing here with permissions to access resources that goes beyond SharePoint. Nevertheless, the [HTTP]:500 error message (just to remember, HTTP 500 stands for internal server error) confuses people and should be replaced with an user friendly feedback message or a SharePoint administrator should not be able to access the API Management page.

Depending on the operation you are trying to execute, you will face a different error message. I've listed below the possible error messages for the different cases:

• Approve a requested permission as a SharePoint administrator[HTTP]:500 - [CorrelationId]:53ee2d9f-a0f9-2000-078d-b1ec5183945b [Version]:16.0.0.19527
• Reject a requested permission as a SharePoint administrator[HTTP]:403 - [CorrelationId]:5cee2d9f-801d-2000-6cd2-3db457dd64f0 [Version]:16.0.0.19527 - Access denied. You do not have permission to perform this action or access this resource
• Remove a granted permission as a SharePoint administratorInsufficient privileges to complete the operation

As you can see, the operations "reject" and "remove" already output a more informative error message. That could also be enhanced with "You must be a Global Administrator if you want to manage API permissions at tenant-level". The operation "approve" outputs an internal server error message which makes no sense in this case. The very good part of this history is that this issue has already reached Microsoft since Vesa Juvonen (Principal Program Manager from SharePoint Engineering) has helped solving this problem. I believe that Microsoft will provide a better and consistent error message experience across all the operations that can be executed from the API Management page. Thanks Vesa for being so fast with the support!

Link to the issue on Github.

Saturday, January 11, 2020

Quick Tip: Three PowerShell commands that help you keeping Site Designs and Site Scripts limitation under control

The management of Site Designs and Site Scripts is a really important aspect to consider in SharePoint. Especially because of its limitation! It means that you can't have more then 100 Site Designs and 100 Site Scripts in your Office 365 tenant. If you have reached the limitation and you try to add new Site Designs or Site Scripts to your environment, SharePoint returns error messages that aren't optimal for a good user experience. In other words, depending on your IT background you are not going to understand it immediately. Before you start getting those exceptions, you should consider deleting unused Site Designs or Site Scripts if you no longer need them. Here is how the exception looks when reached the amount of Site Designs or Site Scripts allowed per each tenant:

Add-SPOSiteScript: Specified argument was out of the range of valid values.

Add-SPOSiteDesign: Specified argument was out of the range of valid values.

In this blog post, I just want to show short PowerShell scripts that I've been using to avoid the wild goose chase with my Site Designs and Site Scripts.

Note that I'm using the SharePoint Online Management Shell for the examples below.

1. Know how many Site Designs and Site Scripts you have:

(Get-SPOSiteDesign | Measure).Count
(Get-SPOSiteScript | Measure).Count

2. Delete a Site Design or a Site Script based on its unique identifier:

Remove-SPOSiteDesign -Identity $siteDesignId
Remove-SPOSiteScript -Identity $siteScriptId

3. Delete all Site Designs or Site Scripts at once:

Get-SPOSiteDesign | foreach { Remove-SPOSiteDesign -Identity $_.Id }
Get-SPOSiteScript | foreach { Remove-SPOSiteScript -Identity $_.Id }

That's it for today 😃 Hope this blog post helps you keeping the Site Designs and Site Scripts' limitation under control!

Friday, January 3, 2020

Quick Tip: Length limits for Office 365 Group properties

Creating or updating Office 365 Groups can become a guessing game if you get the InvalidLength error code 😮 First of all, it is really nice that Microsoft has started providing those details in the error response. I believe, they will improve the details information over the time, so it will be easier to understand the reason for bad requests. Anyway, the InvalidLength error message doesn't indicate the supported length for the Office 365 group properties. It results in trial and error sessions in order to figure out what the supported length limit is.

These are the error messages that you get, when trying to create a group which contains properties with invalid length:

• Invalid value specified for property 'description' of resource 'Group'.
• Invalid value specified for property 'displayName' of resource 'Group'.
• Invalid value specified for property 'mailNickname' of resource 'Group'.

After doing some research, I listed below the supported length for those properties:

• description: 1024 characters
 displayName: 256 characters
• mailNickname: 64 characters

That's it for today! I hope this blog post helps you to bypass those kind of exceptions!