Sharepoint sync and lock issues - solutions

 Sharepoint synced down to your PC by onedrive can have a ton of errors. It is caused by the simple dis-functionality of this badly thought out service but also by the fact that 10 people at one time can open one single document with various rights and do various actions on it. Imagine that one person wants to edit an excel rubric, while another wants to change it's colour and a third in the meantime tries renaming the document. In the meantime 5more users are having it open, some on the web some on their PCs. Few of them using a VPN from home, others are on the train wifi and some at work. Maybe also one user opens it up with excel 365, another with local office and the third with Power BI. I mean this shitshow has endless possibilities and something turning bad, is just normal. 

So, first of all make sure that you are not running some old windows 10 with no updates. Make sure you are at Win11 and all are updated. Second, run a full sfc /scannow and a full dism /online /cleanup-image /restorehealth. 

Before uninstalling, run these: 
%localappdata%\Microsoft\OneDrive\onedrive.exe /reset

C:\Program Files (x86)\Microsoft OneDrive\onedrive.exe /reset 

C:\Program Files\Microsoft OneDrive\onedrive.exe /reset 

wreset.exe

%localappdata%\Microsoft\OneDrive\settings 

delete this : PreSignInSettingsConfig.json 

Win+R= copy the command and run

 Then uninstall one drive. Run again the SFC and Dism commands. Check again for windows updates. Reboot your PC. Download the latest one drive version.

Before installing, go on one-drive online and make sure that there are no sharepoint links in your personal one drive. So actually often end users place Sharepoint shortcuts into their personal one drive, when for instance a company blocks direct syncing. It is blocked because the know issues of non uniform hardware and software and crappy internet connections. If I had a full on 8gig fibre going on for 30 employees, working only from the office, with latest PCs and latest OSes, like in New York, there would never be any issues.
So again, it is crucial that there are no sharepoint shortcuts in personal one drive. Not even in sub-folders.

 

Example = don't do that !!!

So now you can install your one drive on your PC, add your account, go onto sharepoint and do a new share-point sync. Do not add shortcuts to your one drive. It will not only cause bugs and issues but poses security risks too. For instance, deleted files can end up in personal recycle bins. This can also happen on multiple ways. Accidentaly deleted files might not be recoverable and will disappear completely. Confidential files might end up in a the bin of all users who had the file open in the time of deletion. No one-drive shortcuts please ! 

Of course, if on sharepoint online, you cannot access a folder or a document, that is simply a right issues. In this case, you need to ask your sharepoint admin to give you the rights and place you into the security group accessing either as a member(RWE) or a visitor (RO).

It might happen, that you still won't get rid of the issue of sync and padlocks. Repeat the process but stop your antivius and open your firewall before installing and syncing. Also un-install your actual office and adobe reader !!! Very important !!! 
Adobe hates long file-names and also long folder paths. If you had pdf visualizing enabled in your file explorer through adobe, what is automatic after installation, it might lock files, sporadically. The thing is that it does not lock only PDFs but excel or word files too. Adobe also hates file-sharing and collaborative work ! So you might need to replace it with kofax or other sort of pdf handler. 

Sources:

https://support.microsoft.com/en-us/office/reset-onedrive-34701e00-bf7b-42db-b960-84905399050c#:~:text=Select%20Applications.,Clear%20data%20and%20Clear%20cache

https://support.microsoft.com/en-us/office/add-shortcuts-to-shared-folders-in-onedrive-d66b1347-99b7-4470-9360-ffc048d35a33

https://learn.microsoft.com/en-us/answers/questions/5380580/using-the-add-a-shortcut-to-onedrive-feature-in-a 

 

 

 

 

 

TIME SERVER IMPORTANCE - Harmony is key

Recently I came across a situation , where an RDS server started having random issues of services braking, random rebooting out of the blue and users getting disconnected. At the beginning of course we were thinking of a network issue, like the usual DHCP and DNS problems or bandwidth and network down problems. Of course the logs started showing otherwise. Running w32tm /query /configuration , w32tm /query /status , w32tm /query /source , w32tm /query /peers , we have found that the actual time server is set to be a non existent long time turned off machine. 

Time sync issues in worst case scenarios can cause the breakage of trust relationships, but mostly cause log-in issues, authentication problems not only for the users, but services and apps too. Scheduled tasks will break, especially if they were not local. 

Often time server details are propagated by a GPO or the default domain GPO. Normally the good practice is that the actual  main domain server (netdom query fsmo)gets it's time from a main continental time server like pool.ntp.org (redundancy: 0.pool.ntp.org, 1.pool.ntp.org), then it should propagate to secondary DCs and other servers. So if the main domain controller is out of sync from the european time server, the infrastructure would be still in sync and issues would not come up. The most important problems occur when certain sections of the infra are delayed by more than 5minutes. It is rare, but did my research and it can cause some serious issues, especially on hybrid infra structures running linux and ms based operations, on premises and cloud in the meantime. 

Our problem had risen from the fact that when server migration happened, they changed the server name and address. However I think it wasn't a service migration, but a hard VM to VM copy. Except that the main domain default GPO stayed as it was. Still set up for the old non existent time server. 

At this moment, we did a risky practice, we edited the default GPO, then did a gpupdate /force on the 3 other servers. Would I have done the same if I had 80 servers ? Not sure !!!
Our idea worked. So I think, that it would work also for a big infra, except that maybe on the way of propagation, something would break and would need fixing. That is not an issue, as backups and snapshots are present. But, it should be done like during the general yearly downtime or during a 3 days long weekend.

Better Practice 

Main Domain Policy GPOs have N°2 priority so setting a GPO above with N°1 priority is a more sustainable and secure practice.

First need to make sure that the PDC s time server has been set right:

w32tm /config /manualpeerlist:"fr.pool.ntp.org" /syncfromflags:manual /reliable:yes /update
w32tm /resync /force 

Right-click the domain name → Create a new GPO
Example: "Time Configuration – All Computers"

Edit the GPO → Computer Configuration → Policies → Administrative Templates → System → Windows Time Service → Time Providers
Configure: 

• Enable Windows NTP Client
• Type: NT5DS
• NtpServer: leave empty (clients follow DCs)
• Link the GPO at the domain level (top-level link)
• This applies to all computers and servers in the domain

 Then you must either wait 15 to 30min or run a gpupdate /force and maybe a w32tm /resync on each server.  Than you can check your results with w32tm /query /source or w32tm /query /status.

(Please note that in some cases DCs are stubborn, so while your new time server might propagate down to everything including all servers and PCs, DCs would still not be updated. In this case you simply need to create another GPO applied to the Domain Controllers OU ! )