Tag Archives: Troubleshooting

Broken SharePoint Site Connection to Teams

Leave a reply

Sometimes SharePoint site is looking like a group-based site but in fact it is standalone site. In this article I will explain why it could happen and how to fix it.

Scenario

One of the possible scenarios to get a SharePoint site with a broken connection to group (teams) is the following. Let say we have a good teams-connected SharePoint site. Somebody (one of the team owners) did a clean-up and was looking at the teams channels – chats and files and did not find anything usable. So this person deleted a team (and a SharePoint site behind as well).

Unfortunately, some team members were using the SharePoint site directly (not via Teams), not actively though. After around two months they realized they cannot get to the SharePoint site they used to work before (getting 404 error), so they submit a request to IT support asking what happened to the site and is it possible to restore the data.

IT support found that the team was deleted by some person who already left the company, but the site is still in the SharePoint recycle bin – and it is possible to restore it, as retention period for SharePoint sites is 90 days since deletion. Sadly, it is not possible to restore a Microsoft 365 group and a team (with chat messages etc.) as the retention period for teams is 30 days. IT support restored a SharePoint site.

Now we have a site with broken connection to Microsoft 365 group and team. When you go to the site permissions – you can see that the site is owned by a group identity, but if you click on the group name – nothing happens. If you search for the group name in Microsoft 365 tenant – you will found no such group.

When you get the site object with PowerShell – it says the site has related Microsoft 365 group, but there is no group with the group id in Entra Id.

How the normal SharePoint site looks like

Let us test it from scratch. I will create a new team called “Test-Broken-Team-Site”.

Here is how the normal teams-connected SharePoint site looks like. When you hove a mouse over a site name – a pop-up window appears providing team details.

When you go to the site permissions – you can see that the site is owned by group “SiteName Owners”:

And if you click to the group name – there will be another pop-up window with more information, including group members:

Let us get site object with PnP PowerShell:

$pnpTenantSite = Get-PnPTenantSite -Connection $connectionAdmin -Identity $siteUrl -Detailed
$pnpTenantSite | select Url, Template, IsTeamsConnected, GroupId, RelatedGroupId,  Owner | fl

Results:

You can see that IsTeamsConnected property is true and GroupId and RelatedGroupId are specified and the site owner is the same group Id with “_o” suffix.

Compare with the same request against standalone site:

IsTeamsConnected property is false, Group id is “00000000-0000-0000-0000-000000000000” and the site owner is the real user id.

Deleting the team and the site

I also posted some messages in the general team channel and created some test sites.

New let me delete the team. It’s possible for any team owner via

What users will see after the team deletion:

“404 FILE NOT FOUND” error upon any attempt to go to the SharePoint site via browser:

The deleted group under “https://myaccount.microsoft.com/groups/deleted-groups”:

From the admin standpoint the deleted resource looks like.

The deleted group under “deleted groups” in Entra Id and under Microsoft 365 admin center (note that it’s 30 days group can be restored):

Deleted site under SharePoint admin center “Deleted sites”. Notice that sites are retained for 93 days, and the site is marked as Microsoft 365 group connected and with a team.:

Restoring SharePoint site

After 30 days the group got deleted, but SharePoint site is still retained. So we can go ahead and restore SharePoint site from the SharePoint admin center. Let us have a look at the site Memberships. You can see that the site is still owned by the m365 group – but the group does not exist anymore 🙁

That is the reason that uses (team members) will not get access to the site automatically once the SharePoint site is restored. But let us get the SharePoint site PowerShell object:

GroupId is zeroes, which is good, IsTeamsConnected if false, which is correct, but the RelatedGroupId is still the same (as if it is a channel site) and the owner is the same.

User experience (I provided access for myself to this site as admin).

The home page (site root) looks something in between teams-connected and standalone site. There is no teams icon and no pop-up window when hover over the site title. But there is a “Conversation” menu we usually have at group-based (btw it fails if you click on it, because it supposed to send you to the group under Outlook… so you’ll get “Sorry, something went wrong” – “Invalid group id or group alias.”).

"Sorry, something went wrong" - "Invalid group id or group alias."

Site settings page looks like the group-based site settings page. Compare standalone site settings page:

and broken teams connection site settings page… Specifically, you still do not have “Users and Permissions” section (as it is supposed to be handled via teams and group membership):

And here is one more difference. On a regular standalone site when you are clicking on a gearbox – you can see “Connect to new Microsoft 365 Group” link which would allow user to convert this standalone site to a teams-connected site. Unfortunately, there is no such option in the broken site.

So what should we do? Can we re-connect this site to teams or make it true standalone site? Would this broken site stay as broken forever?

Is there a fix for broken teams connection in SharePoint site

First of all, GroupId and RelatedGroupId are read-only properties, so no need to thing of messing with it.

Let us try to change site primary site owner (remember it was a group) and see what has changed:

Set-PnPTenantSite -Identity $siteUrl -PrimarySiteCollectionAdmin $adminUPN

Hmm… primary site owner is a user, but SharePoint admin center still think the site is owned by non-existing group:

So this did not help.

Let us try “Add-PnPMicrosoft365GroupToSite” to connect site to a new group via PowerShell.
Hooray! This did work!!!

The command worked perfectly:

Add-PnPMicrosoft365GroupToSite -Url $SiteURL -Alias "newM365GroupForBrokenSite" -DisplayName "New Team/Group for a broken site"  -KeepOldHomePage

Group was created in Entra Id and connected to SharePoint site:

SharePoint site is owned by a new group (the old one we will delete):

PnP PowerShell object contains correct information:

The only 🙂 problem is it says site is team-connected, but it’s not…

If you click on a Teams icon near to the site title – it’ll give you “We’re still setting up the Microsoft Team for this group” “Please come back in a few minutes” message and it might last forever…

Ok, we have a m365 group and a group-based site without a team. Can we create a team from an existing group? Yes. Let us try it.

When you create a team – there is a link “More create team options”. It leads us to the list of options and one of them – create a team from group. There will be a list of groups and one of them would be our “New Team/Group for a broken site”. Select it. It say ok, a new team created.

Now let us see what we got.

It seems like it worked! Now we have a consistent full-functioning group-based site connected to team.

At the SharePoint site – teams icon redirects us to a team channel.
In the teams app – the team is listed among other teams.
Entra Id displays all the services correctly.
Teams admin center can see the team and all the settings look good.
SharePoint admin center also displays a team correctly. You might want to update “Don’t show team email address in Outlook”.

The only tat might confuse is channels. Long ago when you create a team – a channel named “General” was created by default. Not far ago Microsoft changed creating team experience – now you need to provide a name for channel. As you know – channel is a folder in the default document library. So our “broken” site has a folder “Test-Broken-Team-Site” that used to be a sole channel. When we created a team from an existing group (group with site) – a new default main channel was created named “General”, so under SharePoint we can see two folders, and under teams we can see only “General” channel.

But all our data was under the old folder. Can we fix it? I think of two options.

Option 1 – add a tab to the channel – so we can see the existing folder under the main channel:

Option 2 – moving content of the “old” folder to a “new” folder, then you can delete the old folder and rename channel to the original name.

Update SharePoint Site Title: GUI vs PowerShell

Leave a reply

If you need to update a SharePoint site title (site name) programmatically (e.g. with PowerShell), and if this site is a group-based site (e.g. Microsoft Teams team site or Viva Engage community site or…) – you should not update SharePoint site title, but you should update group display name instead. Here is why.

In Microsoft 365 there is no sync from SharePoint site title to a group name. When you are updating SharePoint site title with GUI – you can see that new site title becomes new group/team name as well. So you might think that if you update SharePoint site title – Microsoft synchronizes it to connected group name. That’s not true. Actually when you are updating a group-based (e.g. teams-connected) SharePoint site title with GUI – Microsoft updates group first, then syncs updated group display name to SharePoint site name (title).

Here is the proof:

That’s a network trace I got with browser dev tools when I renamed site (updated site title) with GUI. So you can see the first API call is to update group, then group properties are synced back to site.

When we are updating a standalone site title – we are not seeing these calls.

So, if you need to update group-based site title programmatically – you must update group instead. 

# does not work for group-based (e.g. Teams) sites:
Set-PnPTenantSite -Identity ... -Title "New Site Title"

# instead, you'd update group display name 
Set-PnPMicrosoft365Group -Identity ... -DisplayName "New Display Name"
# and site title will be updated accordingly

References:

Who is Microsoft forms form owner

1 Reply

It is a very common situation in Microsoft 365 when someone creates a form and the form works perfectly, but then the form stopped working and nobody knows who was (or who is) this Microsoft form owner. Below is how to detect the form owner based only on existing form link. You can find out is it a group or a user.

How to find Microsoft forms form owner

the steps are:

1. Use form link

You can use collaborator form link that looks like:
https://forms.office.com/Pages/DesignPage.aspx?FormId=<formId>
or responder form link that looks like: https://forms.office.com/Pages/ResponsePage.aspx?id=<formId>
(or short one: https://forms.office.com/r/kDKaHDauj7)

so just follow the link (use it in your browser)

2. Open browser developers tool – just hit F12 in browser or select “open developer tool” from menu. Inspect the network traces.

You need to find a request Url that starts with https://forms.office.com/formapi/api/…
(you can use filter as below for “formapi”).

You’d refresh your page, or complete and submit the form until this url appears under network traces like this:

3. Then copy request Url to notepad as text. Bingo!

In the url example below:
https://forms.office.com/formapi/api/tc05faac-c82a-5b9d-b0c5-1f64b6755421/groups/f28f8c19-52cb-435c-948c-4c5619c943b7/forms...

The “tc05faac-c82a-5b9d-b0c5-1f64b6755421” id is the form owner’s tenant id
“/groups/” indicates that this specific form is owned by group, and
the “f28f8c19-52cb-435c-948c-4c5619c943b7” is the owner group id in EntraId

In case the form is owned by user, the Url would look like
https://forms.office.com/formapi/api/tc05faac-c82a-5b9d-b0c5-1f64b6755421/users/f6351c57-e247-528e-90ab-5i3d50c235b6
where
“/users/” indicates that the form belongs to a user and
“f6351c57-e247-528e-90ab-5i3d50c235b6” is the id of the user who owns the form

This hack works also for users who already left the company (account is disabled).

Note:
If you have an SSO in your org and cannot find this call under network – try different browser or incognito mode or logging out before the call – as what you need appears at early stages – even before authentication or when you submit the form

Some other tricks:

Having a collaborator or long responder link – I can say the form is owned by a person if the form id is 80 characters length, and the form is owned by group – if the form id is 88 characters length

References

You cannot use Power BI to visualize this list issue

Leave a reply

If you are working with SharePoint Online list and select Integrate – Power BI – Visualize the list, but it gives you error message “You cannot use Power BI to visualize this list”, “Looks like the feature for visualizing lists is turned off. Please contact your admin to enable this feature”:

You cannot use Power BI to visualize this list

The issue appears to be not in SharePoint, but in Power BI. Note it says “You cannot use Power BI to visualize this list” and “Looks like the feature for visualizing lists is turned off. Please contact your admin to enable this feature.”

Also the url of this page is Power BI Url:
“https://app.powerbi.com/sharepointlist?spListId=%7Bd3b56”, so you’d need contact Power Platform Administrators, not SharePoint administrators.

Power BI administrator would go to Microsoft Fabric Admin portal

and ensure “Integration with SharePoint and Microsoft Lists” is Enabled for the entire organization or for specific security groups. In the last case – ensure user who is getting “You cannot use Power BI to visualize this list” is added to at least one of the groups but not added to “Except specific groups”.

If the user is allowed under “Integration with SharePoint and Microsoft Lists” so “Users in the organization can launch Power BI from SharePoint lists and Microsoft Lists. Then they can build Power BI reports on the data in those lists and publish them back to the lists.” then, normally, user would see:

and something like:

Microsoft Forms Troubleshooting

1 Reply

So far some findings I came up with after several Microsoft forms troubleshooting sessions… I’ll keep all the gotchas here as “how to” guide for myself. I’d be glad if this also helps you troubleshoot your Microsoft forms.

Microsoft forms links

You know, a user can create a Microsoft form. Then user can share it. There are two kind of links –

  • to respond
  • to edit/view/export results

Link to respond is kind of :
https://forms.office.com/Pages/ResponsePage.aspx?id=FHPcfQGf1UWwEnFmW7HFRMgvShgV5J1Phpi7J1M_UoVUOUI1TzNQUEdWOTAzVVdRUVYzVVg4MlhZNC4u
or short one: https://forms.office.com/r/kDKaHWauj7

Link “to collaborate” -e.g. with the link a person can edit and view results – is created under … “Create or duplicate”, and could be for anyone, for all people in org, and for specific people in org

if the link looks like
"https://forms.office.com/Pages/DesignPageV2.aspx?subpage=design&FormId=<FormId>"
then it’s for specific people in org

if the link looks the same but also contains
"&Token=e3cd16ccf8034a3e868c68747e1f9584"
then it’s for anyone with work or school account or for anyone in the organization

The one with the “edit” link can edit the form (including questions, answers options, and form visibility , view responses, delete responses, create a “summary link”, create a duplicate link, and export responses to excel (“Open in Excel” button). But cannot change collaboration options.

When user complete the form (after submit button), there is an option “Save my response” – if so – user will see this for with only one (his/her) response under forms app.

Collaborator is not seeing the form he/she has access to until follow the link.

Move the form to a group

Form owner can move the form to a group (and this is strictly recommended for all production forms). If so:

  1. people who are group members (not only owners) will see this form under forms app – under specific group
  2. form id will be changed, so the long “respond” link will be different. Though the short link will be the same. All links should continue to work: Old and New long and short respond links. Group-owned form id seemed to me be little longer – 88 characters vs 80 chars for individual-owned forms.

The trick Tomasz Szypula @toszypul shared here (I’m also citing the trick below) on how to find form owner having just a link works like a charm! Even for deleted owner`s IDs.

But let me share some more here. If the form is owned by group – the link will be similar, but with “/group/<groupId>” instead of “/user/<UserId>” .
E.g. here:
https://forms.office.com/formapi/api/7ddc7314-9f01-45d5-b012-71665bb1c544/groups/65714e55-87f4-49c3-b790-fc75d7349c8a/light/...

you can see “65714e55-87f4-49c3-b790-fc75d7349c8a” which is group Id. So you can use the same trick to figure out what group owns a form.

Deleting user who owns forms

What if the original owner of a form is no longer with a company? How can I transfer ownership of the form?

If the employee account was deleted or disabled, the global administrator or office application administrator of the organization who have a valid Forms license can transfer for ownership within 30 days of when an account was disabled/deleted. See details. Note that all forms user owned will be transferred to an admin, then an admin can transfer forms to a group so new owners can have access to answers etc.

Deleting a group that owns forms

When a form is owned by group and the group is getting deleted… tbp…

Audit log events

You can get some ideas on the form from an audit log, including

  • is the form owned by group or by user
  • to whom the form was shared with collaborator link

Below are kinds of events related to Microsoft 365 forms:

  • ListForms – Listed forms – viewed forms home page with list of forms
  • ViewForm – Viewed Form –
  • ViewRuntimeForm – Viewed response page
  • ViewResponses- Viewed responses
  • CreateResponse – Created response
  • ExportForm – Exported form – “export to excel” – file saved to the local machine (form owner=user)
  • ConnectToExcelWorkbook – Connected To Excel Workbook – “export to excel” – file saved to the teams SharePoint site under Documents (form owner = group)
  • EnableSameOrgCollaboration –

How to find Microsoft forms form owner

(credit goes to Tomasz Szypula @toszypul )


toszypul   replied to  Jason_B1025
‎Jan 03 2022 03:17 AM - edited ‎Jan 03 2022 03:18 AM 

@Jason_B1025 I was able to get the ID of the user with a bit of a hack. Here are sample steps:

-Access the form using this designer direct URL https://forms.office.com/Pages/DesignPage.aspx?origin=shell#FormId=<YourFormID>

-Inspect the network traces. You will find a request similar to this 

https://forms.office.com/formapi/api/72f988bf-86f1-41af-91ab-2d7cd011db47/users/e5351c57-d147-418e-89ab-3a3d50c235b6/light/forms('v4j5cvGGr0GRqy180BHbR1ccNeVH0Y5Bias6PVDCNbZUOUg4TkZJUEswSVQ1ODhNNkpHVVlMMldPTi4u')?$select=id,... 

-The ID in bold is the AAD ID of the user
-Use Graph Explorer - Microsoft Graph to run this request to retrieve the username and email address of the owner https://graph.microsoft.com/v1.0/users/<UserID>

My 3×5 cents to this clever trick:

  • Not only “collaborator” link helps, but also “respond to”
  • If the form is owned by the group – the link would be similar but with “…/group/group_id/…” instead of “…/user/user_id/…”
  • If you have a SSO in your org and cannot find this call under network – try different browser or incognito mode or logging out before the call – as what you need appears at early stages – even before authentication

How do I know – is it a person-owned or group-owned form

Let say you got a claim that “we were able to work with the form, and now it is gone”, and the only you have is the “collaborators” link to the form – so you can edit form, view responses etc. but nobody knows who created that form… So how to determine who owns the form – person or group and what person/group.

The form is owned by a person if

  • form id is 80 characters length
  • on “Export to Excel” button – it saves/downloads excel file to the file system
  • audit log contains ExportForm (Exported form) event – as clicking “Export to Excel” button generates ExportForm (Exported form) event
  • network trace contains “https://forms.office.com/formapi/api/<tenantId>/users/<UserId>/…”

The form is owned by a group if

  • form id is 88 characters length
  • on “Export to Excel” button – it saves excel file to the team SharePoint site and opens it in browser
  • clicking “Export to Excel” button generates ConnectToExcelWorkbook – “Connected To Excel Workbook” event in the audit log
  • network trace contains “https://forms.office.com/formapi/api/<tenantId>/groups/<GroupId>/…”

References

See also:
Form blocked due to potential phishing

Microsoft Form Blocked due to Potential Phishing

1 Reply

You are seeing messages “This form can’t be distributed as it is asking for personal or sensitive information. Contact your admin for assistance. Terms of use”

This form can’t be distributed as it is asking for personal or sensitive information. Contact your admin for assistance. Terms of use

or

Form can no longer be accessed. This form has been flagged for potential phishing.

“Form can no longer be accessed. This form has been flagged for potential phishing. Technical details”

Cause

The reason is: Microsoft enabled automated machine reviews to proactively detect the malicious collection of sensitive data in forms and temporary block those forms from collecting responses. More about it.

Solution

Ask your tenant global or security admin to go to the Microsoft Security Administration (Defender) Alerts:

Microsoft Defender Alert Phishing Form Microsoft Security Administration (Defender) Alerts

If your list of alerts is too big – use filter by Policy: “Form blocked due to potential phishing attempt”.

Microsoft Purview - Compliance-Alerts-Filter-By-Policy

To unblock the form or confirm it is phishing – admin should open the alert:

Microsoft Defender Alert Phishing Review this Form

And then click “Review this form“.
“Review the form” opens the page “https://forms.office.com/Pages/AdminPhishingReviewPage.aspx?id=”
where is the form Id.

Then global/security admin can review the form and unblock it or confirm it is phishing:

m365 global/security admin can review the form and unblock it or confirm it is phishing

References

vscode stuck on start with blue frame

Leave a reply

I’ve got a new machine, installed Visual Studio Code but it did not start.

Problem

My Visual Studio Code just stuck on start showing a blue frame and “Visual Studio Code” – “The window is not responding” message: “You can reopen or close the window or keep waiting”, after a while:

I tried 

code --verbose --log debug --disable-extensions

And found:

[704:0622/103533.849:ERROR:gpu_process_host.cc(983)] GPU process exited unexpectedly: exit_code=-1073741819

[704:0622/103533.850:WARNING:gpu_process_host.cc(1288)] The GPU process has crashed 1 time(s)

[704:0622/103538.853:ERROR:gpu_process_host.cc(983)] GPU process exited unexpectedly: exit_code=-1073741819

[704:0622/103538.853:WARNING:gpu_process_host.cc(1288)] The GPU process has crashed 2 time(s)

[704:0622/103543.835:ERROR:gpu_process_host.cc(983)] GPU process exited unexpectedly: exit_code=-1073741819

[704:0622/103543.835:WARNING:gpu_process_host.cc(1288)] The GPU process has crashed 3 time(s)

[main 2022-06-22T05:35:45.833Z] CodeWindow: detected unresponsive

So it seemed to me like some GPU-vscode conflict – Which led me to “VSCode stopped opening – The GPU process has crashed” discussion.

It turned out this Electron issue is to blame. It is recommended to avoid –no-sandbox flag as it disables application sandbox for all processes, since this issue is isolated to the gpu process –disable-gpu-sandbox should serve as an alternative.

Solution

Just run Visual Studio Code with “–disable-gpu-sandbox” parameter:

code --disable-gpu-sandbox

Note: if one instance is started this way, second instance is started the regular way

Note: it seems the issue happens with vscode versions 1.66-1.68, so workaround would be return to v 1.65

Note: since the issue is some kind of conflict between new versions of vscode and new machine’s GPU – this might happen when you upgrade a vscode or upgrade your hardware or both.

References

Orphan SharePoint sites vs orphan content databases

Note: the article below is for on-prem SharePoint. For Microsoft 365 orphan/ownerless resources – sites, groups – please check 
Ownerless Microsoft 365 groups, teams and sites Q&As 
Microsoft 365 ownerless groups policy email template format and content
Orphan Microsoft 365 groups in large environments

Remove orphan sites from SharePoint content database

Problem: When you patch SharePoint or perform database-attach migration or just do Test-SPContentDatabase, sometimes you can see errors with category “SiteOrphan”. Although it says “UpgradeBlocking : False”, Ignoring this error may cause severe issues, even data loss.
Continue reading