共用方式為


InfoPath -SharePoint 2007/2010/2013/SPO Configuration and troubleshooting

Update on SharePoint Online - InfoPath forms would work perfectly fine for the following web services without going through any of the following steps: (We are experiencing some issues withe FEW SharePoint Online Tenants. If you are one of them, please hold, we are working on this and expected to have a fix soon).

Support kb (https://support.microsoft.com/en-in/kb/2674193) still holds good when you are dealing with other web services. The following web service calls are converted into OM calls and that’s how we are bypassing the DOUBLE HOP issue. I tried using UserProfileService.asmx without having UDCX setup and it works fine. Only requirement is to have the users imported to UserProfiles.

  • lists.asmx
  • CheckOutFile
  • CheckInFile
  • usergroup.asmx
  • GetUserCollectionFromGroup
  • GetUserCollectionFromSite
  • GetGroupCollectionFromWeb
  • UserProfileService.asmx
  • GetUserProfileByName
  • GetUserPropertyByAccountName
  • GetCommonManager
  • GetUserMemberships
  • GetCommonMemberships

==============================================BELOW CONTENT STILL HOLDS GOOD FOR SHAREPOINT 2010/2013===================================================

SharePoint 2010 has both CLASSIC and CLAIMS based authentication and SharePoint 2013 has CLAIMS mode only (from UI)

Reference: https://technet.microsoft.com/en-s/library/cc262350(v=office.14).aspx#section2

As InfoPath forms won’t work on a CLAIMS based web application, we have to follow the below steps to get it working:

This holds good for SharePoint Server 2010 and SharePoint Server 2013

Note: Screenshots are based on SharePoint Server 2013 but the same applies to SharePoint Server 2010 too.

We need User Profile Service Application to be configured and Secure Store Service Application to be created before following the below steps:

Reference: https://technet.microsoft.com/en-us/library/jj219646(v=office.15).aspx

Step 1:

* Create a new Secure Store Service application "APPID" (Say UPASSS).

* Update the fields as per the below picture: (Ticket Timeout depends on org. requirements)

* If you don’t choose Target Application Type as Group Ticket, none of the users apart from the user whose credential have been updated in the SSS APPID will be able to access the InfoPath form. This option "Group Ticket" enable us to specify ticket redeemers who usually be domain users. If you don’t select this option "IP will give you a descriptive error"

Reference: https://msdn.microsoft.com/en-us/library/ee554863(v=office.14).aspx

* Update the secure store administrator/membership details as per the below screen shot: (again as per your org. requirement)

* Now, you have setup credential for the APPID (UPASSS) which you created above. This will be used to impersonate the user credentials as shown below:

(Windows username (Domain\User) and the password should be able to access the https://Site/_vti_bin/userprofileservice.asmx of the respective site).

We have completed setting up the Secure Store Service "APPID"

* Make sure that the accounts provided for the Secure Store Service have privileges to retrieve data through User Profile Service Application

Step 2:

* Create a blank new InfoPath form; add a data connection (https://site/_vti_bin/userprofileservice.asmx) using GetUserProfilebyName by UNCHECKING “Automatically retrieve data when form is opened”

* Decide where you want to store your universal data connection (UDC) file.

More about UDC: https://msdn.microsoft.com/en-us/library/office/ms772017(v=office.14).aspx

* Convert the above created Data Connection (GetUserProfilebyName) as an UDCX file by selecting Relative to site collection or centrally managed and save it.

If you chose Relative to Site collection, you have to create a Data Connection library and chose this library while converting the UDCX file above. If you select Centrally Managed, you need to save the UDCX file and upload to the SharePoint Central Admin.

Data Connection Library:  https://msdn.microsoft.com/en-us/library/office/ms772101(v=office.14).aspx

Chose the correct location to save the UDCX files: https://technet.microsoft.com/en-us/library/ff621104(v=office.14).aspx

* Download the copy of the UDCX file and edit it as shown below:

Working with Data Connections: https://msdn.microsoft.com/en-us/library/office/ms772364(v=office.14).aspx

<udc:Authentication><udc:SSO AppId=’UPASSA’ CredentialType=’NTLM’ /> </udc:Authentication>

AppID is the Secure Store Service AppId which was created on Step 1. Credential types explained here: https://msdn.microsoft.com/en-us/library/office/ms772017(v=office.14).aspx#sectionSection1

* Make sure to upload the UDCX file back to the CA or Data connection library and approve it.

* Now go to InfoPath form which you have started designing>Data>Form Load rule, add the following 2 rules:

 

 

 

 

Username() function is available in SPS 2010 only post https://support.microsoft.com/kb/2516485

We are all set to use the form now on claims authentication:

* Design your InfoPath form to pull the user profile information as you wish and publish it to the same site (site collection as we are using relative data connection).

Troubleshooting:

You are likely to face the below issues if you look at the ULS trace with the correlation ID:

* A certificate validation operation took ******.**** milliseconds and has exceeded the execution time threshold.

Add all Sharepoint Root Authority certificates and the web application SSL certificates (complete Chain) into the Trusted Certification Authorities store on all SharePoint servers and the SharePoint CA.

$SPCert = (Get-SPCertificateAuthority).RootCertificate $SPCert.Export(“Cert”) | Set-Content C:\SPCert.cer –Encoding Byte

If internet access is disabled, add "127.0.0.1 crl.microsoft.com" to the HOSTS file on each server

Setup DisableLoopbackCheck value to 1 on all the WFEs https://support.microsoft.com/kb/896861);

Add HOST file entry on each WFE in the farm pointing to itself to avoid the double hop issue. This applies to all the web applications that host the InfoPath form services and are making use of the web services.

Ex: Site: https://site.contoso.com
Host entry: 127.0.0.1 site.contoso.com

* Data adapter failed during OnLoad: The remote server returned an error: (500) Internal    Server Error. A user with the account name system could not be found. ---> An error was encountered while retrieving the user profile. UserCannotBeFoundAn error was encountered while retrieving the user profile.

This happens when the account that you are trying to use is a SYSTEM ACCOUNT (due to name space query) / an account that cannot be found.

* The following data connection (GetUserProfileByName) has exceeded the maximum configured time limit. This threshold can be configured by using the SPIPFormsService -MaxDataConnectionRoundTrip PowerShell commandlet. This error is misleading sometimes as it can occur if we have proxy in IE or web.config

The following query failed: GetUserProfileByName (User: 0#.w|rajeev\administrator, Form Name: Repro-sp2013, IP: , Connection Target: https://sp2013-1r/DCL/GetUserProfileByName.udcx, Request: https://sp2013-1r/_layouts/15/FormServer.aspx?XsnLocation=https://sp2013-1r/Reprosp2013/Forms/template.xsn&SaveLocation=https://sp2013-1r/Reprosp2013&ClientInstalled=false&DefaultItemOpen=1&Source=https://sp2013-1r/Reprosp2013/Forms/AllItems.aspx, Form ID: urn:schemas-microsoft-com:office:infopath:Repro-sp2013:-myXSD-2013-07-09T06-28-47 Type: DataAdapterException, Exception Message: Authentication information in the UDC file could not be used for this connection because user forms are not allowed to use UDC authentication. To change this settings, use the InfoPath Forms Services configuration page in SharePoint Central Admin.)

Both the above settings have to be changed on the CA site. Go to the Configure InfoPath Forms Services section and enable Allow user form templates to use authentication information contained in data connection files and tweak the Data Connection Timeouts

* InfoPath also depends on the State Service and you may see the below error while opening the form:

Form render failed because the user's session was closed StackTrace:at Microsoft.Office.InfoPath.Server.Controls.XmlFormView.RenderForm(HtmlTextWriter writer)at Microsoft.Office.InfoPath.Server.Controls.XmlFormView.RenderContents(HtmlTextWriter writer

Please check the state service database and make sure that the InfoPath is able to use it. You can get the specific error details by getting verbose ULS logs.

 

Explained: https://technet.microsoft.com/en-us/library/ee704548(v=office.14).aspx

* Form load issues (performance) is mostly due to the amount of data retrieved by the data connection from SharePoint while the form is opened (in Browser or client). We’ve made enough enhancements in SharePoint 2013 and are still making changes to enhance performance. So, speaking from SharePoint stand point, we need to be within the software guidelines: https://technet.microsoft.com/en-us/library/cc262787(v=office.15).aspx

 

* InfoPath Forms Services do not work when you switch to a claims-based Web application that uses forms-based authentication or Security Assertion Markup Language (SAML) security tokens. These features do not work because claims-based authentication does not generate a Windows security token, which is necessary for these features. reference: https://technet.microsoft.com/en-us/library/hh706161.aspx 

SAML include - ADFS, Site Minder, Oracle, AD LDS, Okta etc.,.

* We could get UserProfileService.asmx working with SAML ONLY when you are using the InfoPath Rich Client (Filler) but doesn't work when you are using BROWSER based forms. To get this working in a web app which is using SAML authentication, you have to import users in the UserProfile Service Application with the same format.

Ex: If you search for a user in your userprofile service application, you usually see users account name as domain\user but to get this working, make sure to create a new sync connection with you SAML Authentication and set the CLAIM USER IDENTIFIER to your SAML in user properties.

Ps: Always try with a user account to test the behavior.

Comments

  • Anonymous
    January 01, 2003
    ..Thanks jagan and sree.

  • Anonymous
    January 01, 2003
    did you publish the form to a SharePoint library and test it? if you still have the same issue, please create a support ticket with MS.

  • Anonymous
    November 05, 2013
    Excellent infomation

  • Anonymous
    November 14, 2013
    $rootCertSP.Export("Cer")  should be $rootCertSP.Export("Cert")

  • Anonymous
    January 23, 2014
    very nice article. Just want to include 2 things I found. 1) In order to create a new data connections library run this: Enable-SPFeature DataConnectionLibrary -url [SITE]2) If you are using windows server 2008 or 2012 as your client machine you will need to enable "Desktop Experience" for WebDav to function. http://blogs.technet.com/b/meamcs/archive/2012/05/01/how-to-add-desktop-experience-feature-on-windows-server-8-beta.aspx

  • Anonymous
    May 15, 2014
    After doing all the steps when previewing in the infopath edit area. I am having an error: "The settings for one or more data connections in your form are defined in a data connection library on a Microsoft Sharepoint Server. To retrieve these settings, the form must be published to the server that contains the data connection library, and the form must be opened from the published location." The form is on the list. Thanks

  • Anonymous
    May 21, 2014
    Pingback from Post Links 05/21/2014 | dlowedown

  • Anonymous
    July 26, 2014
    Thanks for updating the article.....Excellent source for resolving all the InfoPath problems....I think you missed out nothing...Outstanding Job on this one...:)

  • Anonymous
    July 28, 2014
    The Approve option is not available in the drop down and gray out on the ribbon. My account is the Site Collection Admin. Any idea why? Thanks.

  • Anonymous
    July 29, 2014
    Perfect article for most complex issue with Infopath.

  • Anonymous
    September 09, 2014
    getuserprofilebyname brings wrong values for normal users in InfoPath form, if you are on RTM for SharePoint 2013. Upgrade to SP1 for SP2013 to fetch correct values by getuserprofilebyname.

  • Anonymous
    November 05, 2014
    Seems to be working, problem is initially the details being displayed are from the service account instead of the specified account in the form, have to press the button twice to refresh the correct data, any ideas?

  • Anonymous
    January 08, 2015
    Nice article thank you for your work. I am still having a bit of an issue. I am still getting the 5566 error when opening the form. In the ULS logs it says "The Following query failed: GetUserProfileByName (User: Domainme...) Unauthorized Operation.

    I was under the assumption that the credentials set in the Secured Stored Credentials would be making the call to the service? I did log in as the account that I set and visited the https://URL/_vti_bin/UserProfileService.asmx and I was able to access.

    Any thoughts would be greatly appreciated.

  • Anonymous
    January 08, 2015
    Info Path is still trying to hand the claim off. You have to set a rule in your Info-Path form to remove the claim ("0#.w|")

    The post here goes in full detail for you:
    http://suehernandez.wordpress.com/2013/10/11/sharepoint-2013-infopath-claims-getuserprofilebyname/

  • Anonymous
    January 09, 2015
    The comment has been removed

  • Anonymous
    March 02, 2015
    Information was good, I like your post.
    Looking forward for more on this topic.
    http://staygreenacademy.com">SharePoint 2013 Administration training Online

  • Anonymous
    March 17, 2015
    Thanks for this article. This got my form working again!

  • Anonymous
    May 28, 2015
    Issue:
    =====
    When we see a 5566 error in the InfoPath form loading with a correlation ID and we

  • Anonymous
    May 28, 2015
    Issue:
    ======
    When we see a 5566 error in the InfoPath form loading with a correalation ID and

  • Anonymous
    June 11, 2015
    Thanks all. I will update this article as and when I see challenging issues with InfoPath Forms :)

  • Anonymous
    January 18, 2016
    I have followed this and yet I still get the 500 error. I am using a Trusted Identify provider. To avoid the potential of the wrong username being sent, for testing, I am hardcoding one in yet I still get the error. Can anyone help?

    Thank you!

    CBR19

  • Anonymous
    July 07, 2017
    What's up, after reading this remarkable piece of writing i am too cheerful to share my experience here with colleagues.