“getting your data” message after a PowerApps new form submission

I was recently building an app from scratch (start from blank not a template) that leverages a couple of SharePoint lists both of which the app writes items to at different times.

When I encountered the message “Getting you data …”​ which is not strictly speaking an error but was definitely an issue.

I had followed the usual process for building a new entry function in PowerApps.
I added the data connection to the relevant lists, added a new Entry Form to a new blank page, connected the Entry Form to the connection and added a Submit control to the bottom of the page. From the OnSelect event on a control on the home page of the app I create an instance of form in New mode and navigate to it. So far so good, everything is working as expected, field validation stops submission of the form but when I submit a valid form I am presented with a blank (no fields showing) form and the message “Getting you data …”. It remains in this state until I navigate off the page or close the app and interestingly the information I had entered into the form has been successfully submitted to the SharePoint list.

This baffled me for some time. I have created apps from templates in the past that worked as I expected this one to work (i.e. after the form is successfully submitted the user is returned to the home page) but in this case I was building the forms by hand, no template involved. I thought maybe I have missed some configuration on the control to submit the form, no, it wasn’t that. I tried adding some logic to the control around the submit so that if the form was valid the submit was run and then the user was navigated back to the home page. Whilst this worked for a valid form if the form had any invalid fields it wouldn’t hit the submit function and hence the user wasn’t shown the invalid field and associated error messages. I tried making sure that the Item property of the Entry Form control was set as some suggestions included this as a technique to fix the problem.  In my case I’m not in a Gallery control or using one that I could reference so all I had available was to set it to EntryForm.LastSubmit. This succeeded in removing the “getting your data” message but left the completed form on the screen rather than send the user back to the app’s home page. Exactly what you would expect I guess.

PowerApp was doing exactly what I had configured it to do…

I finally worked out what was needed to complete the submission process in the way I was expecting. PowerApps wasn’t encountering an error as such as in my case I wasn’t letting the Entry Form control know what to do once it had been submitted successfully. In this case without the Item property set it was left ‘Getting your data’ but with no information about where to get it from. Once I gave it EntryForm.LastSubmit as the place to go for item data the form again did exactly what it should…after it was submitted it displayed the data from the last submitted record. What I actually needed to do was to tell the Entry Form control what to do after the successful submission of an item, that is configure the OnSuccess property of the Entry Form control. In this case I simply added a Navigate function to send the user back to the home page of the app and the app now worked as I expected. I actually don’t even need the Item property to be set in this case as the app only allows for entry of records not editing or displaying.

Leave a comment

Filed under Office 365, PowerApps, PowerApps, SharePoint Online, Uncategorized

Fiscal year/quarter calculations

I have been doing some work in Microsoft PowerApps recently and found that as part of one of the application requirements it was necessary to calculate for the user the current fiscal year (e.g. FY19) as well as the current fiscal quarter (e.g. Q1, Q2, Q3 or Q4). This information was then used to pre-populate the relevant fields in the data entry form, disabled so they can’t be changed.

Here are the expressions I use in the Default field for the relevant text boxes.

Fiscal Year
Fiscal Quarter
"Q" + RoundUp((If(Month(Today()) >= 7 , Month(Today()) - 6,Month(Today()) + 6 )/3),0)

Not long after this was implemented the requirement was change so that the app should be setting these values based on what they would be for the following month. For example normally June this would be FY18 and Q4 but with this change they should instead by FY19 and Q1. This means September will still be FY19 but Q2 instead of Q1.

Here are the revised expressions I use in the Default field for the relevant text boxes.

Fiscal Year a Month in Advance
Fiscal Quarter a Month in Advance
"Q" & RoundUp((If(Month(Today())+1 >= 7  , Month(Today()) - 5,Month(Today()) + 7 )/3),0)
Fiscal Year a Fiscal Quarter in Advance
Fiscal Quarter a Fiscal Quarter in Advance
"Q" & RoundUp ((If( Month(Today())+3 >= 7  , Month(Today()) - 3,Month(Today()) + 9 )/3),0)

Leave a comment

Filed under PowerApps, SharePoint Online, Uncategorized

Provider Hosted App Error – Invalid issuer or signature persists after update

The Client Secret for one of our provider hosted apps expired yesterday and we started receiving the expected “[SecurityTokenException: Invalid issuer or signature.]” error.


This happens every 12 months as the secret key by default expires 12 months after it is generated. When you create Provider/Remote Hosted app you have to generate a Client ID and Secret ID for your app. These are used as part of the technique for ensuring the app can only be accessed from your Office 365 tenant and by someone who is authenticated against it. The problem is that unless you make a note in your calendar 12 months in advance you wont know the client secret is about to expire as the system wont warn you.

The expiration hasn’t been a issue in the past as I understand the process of generating a new key and updating the app (e.g. This example plus updating the app config through Azure has worked before). The problem is that I worked through the process yesterday and the error was still occurring.

Most of the information I’v seen regarding updating the key says that it can take anywhere up to 24 hours for the change to propagate within the O365 and Azure environments. Whilst this hasn’t be the case in previous years I waited over 12 hours and there was no change to the problem. I checked the app principal and confirmed that the keys had propagated using the following PowerShell

Get-MsolServicePrincipalCredential -AppPrincipalID {YOUR-CLIENT-ID} -ReturnKeyValues 1

After some further research I found a blog post from Microsoft Developer Support that described almost exactly the issue we were experiencing.

I first tried removing the numerous expired client secrets to leave only the new valid one using the following PowerShell

Remove-MsolServicePrincipalCredential -AppPrincipalID {YOUR-CLIENT-ID} -KeyIds @("{KEY-GUID-1}","{KEY-GUID-2}","{KEY-GUID-3}")

This made no difference to the issue so I did the following:

  1. First I removed the remaining, valid, client secret from the app principal using the PowerShell above,
  2. next I checked the app principal again using the first PowerShell cmdlet above to confirm that there were now no keys associated with the app,
  3. I then generated a new Client Secret key,
  4. checked the app principal using PowerShell again and verified the new key was there,
  5. updated the Client Secret in the apps web.config  as well as the Application Settings of the Azure web app with the new key. This is required specifically when you are hosting the app in an Azure Web Application,
  6. I then published the web application to the Azure web app so that the web.config was deployed.

After following these steps provider hosted app was working again and I was able to access an run it with no issues.

Leave a comment

Filed under Office 365, SharePoint, SharePoint Online

Adding an O365 Security group to the Site Collection Administrators group

Here is the scenario… you wish provision every site collection in your SharePoint Online environment so that a key group of staff, say for example your support staff, have Site Collection Admin access.  To provide centralised control of this group you want to define it and its membership outside the boundaries of your SharePoint Online environment. In this case you have two options, a Security Group or an Office 365 Group. In the case of a Security group there is no associated email address so people can’t mail to it and it doesn’t appear in the address book. This is ideal for the type of group we are creating as communications with the support staff should be via a central help desk.

Here is where your problem arises because Microsoft publicly state that you cannot use a Security Group provide Site Collection Administrator  access. The reality is that it cane be done both manually and in code.


To add the security group as the primary SCA you will need to have O365 tenant admin permission. Go to the SharePoint Admin Center, locate the site collection in question , select the check box next to it and then click on Owners in the ribbon. In the Manage Administrators window you can add the security group just like you would any other user, both as a Primary or Secondary SCA.

If you don’t have tenant admin permission you will need to have SCA rights on the site collection in question. In this case you will be able to add the security group as a Secondary SCA by going to Site Settings and then selecting Site collection administrators under Users and Permissions. you can then add the security group as a Secondary SCA just like you would any other user .


You may have a requirement to retrospectively apply a change like this across your tenant using PowerShell or to set this up when you are provisioning the site collection as part of a provisioning app similar to the PnP provisioning samples.

The usual way to add someone as a SCA to a Site Collection using PowerShell is to use the Set-SPOUser cmdlet for example like this…

Set-SPOUser -Site $siteUrl-LoginName $userEmail -IsSiteCollectionAdmin $true 

You will notice that they way to identify the user being added as an SCA is via the -LoginName parameter which requires a valid email address in the tenant. The issue is that the  Security group doesn’t have an email address so it can’t be used it here. I’ve tried a number of approaches to including using the Object ID returned from Get-MSOLGroup cmdlet to no avail. I was able to resolve it and the simplest way to avcheive uses the claims encoded identity for the security group.

First you need to determine the claims encoded identity for the security group. One simple manual way of doing this is to go to a site and use the Check Permissions feature Under Site Permissions in Site Settings. Check the permissions for the security group in question and part of the report provides you with the claim encoded identity. It should look something like ‘c:0-.f|rolemanager|s-1-1-11-111111111-1111111111-1111111111-11111111’. In my case this manual approach is fine but it is probably possible to retrieve this using PowerShell as well.

Once you know this information you can substitute it where you would normally use the users email address in the SetSPOUser call and it will recognise the security group and set it in the Secondary Site Collection Admins group e.g.

Set-SPOUser -Site $siteUrl -LoginName "c:0-.f|rolemanager|s-1-1-11-111111111-1111111111-1111111111-11111111" -IsSiteCollectionAdmin $true

To achieve the same in code as part of a remote hosted app you will need to use CSOM. Something like the following C# ,NET code should allow you to do this. Obviously you will need to determine the claims ID for each of the security groups you want to add and will have already created you context object ctx

Dictionary<string, string> groupsForAdminAccess = new Dictionary<string, string>()
    {"Global Support Staff", "c:0-.f|rolemanager|s-1-1-11-111111111-1111111111-1111111111-11111111"},
    {"Legal eDiscovery","c:0-.f|rolemanager|s-1-1-11-111111111-1111111111-1111111111-11111111"}
 foreach (KeyValuePair<string, string> groupToAdd in groupsForAdminAccess)
    User claimsGroupUser = ctx.Web.EnsureUser(groupToAdd.Value.ToString());
    claimsGroupUser.IsSiteAdmin = true;


1 Comment

Filed under General SharePoint Development, Office 365, SharePoint, SharePoint Online

Report Performance – Dataset filters vs query parameters?


The two types of filters in SSRS are:

  • Dataset Filter.  This is the most common:  filtering within the source query.  When you implement a filter within the dataset, less data is sent over the network from the source database server to the Report Server – usually a good thing.
  • Report Filter.  This includes filtering after the source query has come back – on a data region (like the Tablix), or a data grouping.  When you implement a filter within the report, when the report is re-executed again with different parameter choices, the Report Server uses cached data rather than returning to the database server.  This is a viable option if you intentionally want to return all possible data from the database server in the initial query.  Keep in mind this could be far less performant if the volume of data is high & the report won’t be re-executed numerous times.

Generally speaking, using a Dataset Filter is the most efficient method.

http://technet.microsoft.com/en-us/library/bb395166(v=sql.90).aspx  …

Query Design

A report is processed in the following order: query execution, report processing, and report rendering. To reduce overall processing time, some of the first things you need to decide are which data to retrieve from the data source, and which calculations to include in the report. Reporting Services supports a wide range of data sources, including plain file systems, advanced database servers, and powerful data warehousing systems. The functionality of data sources and the structure of the report determine which operations should be done in the query, as opposed to which operations should be done inside of the report. Although the Reporting Services processing engine is capable of doing complex calculations such as grouping, sorting, filtering, data aggregation, and expression evaluations, it is usually the database system that is best optimized to process some or all of these data operations. With that said, always keep the following in mind:

  • Optimize report queries.Query execution is the first step of the reporting process. Having a good understanding of the performance characteristics of your database system is the first step to good query design. For example, you can use SQL Profiler to track the performance of your queries if you use SQL Server as the database server.
  • Retrieve the minimum amount of data needed in your report.Add conditions to your query to eliminate unnecessary data in the dataset results.If the initial view of the report shows only aggregated data, consider using drill-through to display details. Drill-through reports are not executed until the user clicks the drill-through link, whereas show/hide reports or subreports are processed during the initial report processing, even if they are hidden.


Filed under Uncategorized

What is my Site Collection Quota in SharePoint Online?

What is a Site Quota?

Site Quotas allow you to define a limit on the storage capacity of a top-level site (in SharePoint terms a site collection).The storage limit applies to the site collection as a whole. In other words, the storage limit applies to the total size of the content for the top-level site and for all sub-sites within the site collection. SharePoint Apps, the content in the Recycle Bin and if versioning is enabled, the versions in a site also count toward storage limits.

How do I request a site storage quota increase?

When a new site collection is created often a site quota is applied to the site to meet the organisation’s requirements to limit the unrestricted growth of their environment. In situations where the quota limit is exceeded or about to be exceeded you should contact you SharePoint farm administrator or support desk to request an increase. You may also find that your organisation has policies and procedures in place to deal with quota increase requests that define what constitutes a valid business reason for an increase and how to go about the request process.

How do I know when I am approaching my quota limit?

Over time and regular use your storage use will likely increase so how will you know if you are at risk of hitting the limit?

Firstly, SharePoint will proactively alert you to the fact that you have almost reached the current quota limit by flagging​ this at the top of the web page when you are on your site as shown below.

Second, SharePoint will send those identified as the Site Collection Administrators an email notifying them that the quota limit has almost been reached.

How Can I find out how much storage I am currently using?

Determining how much of your quota has currently been used is quite easy if you are the site owner i.e. you have Site Collection Administrator access to the site.

To view your current quota limit, how much storage your site is using and what within the site is using the storage simply go to the Site Settings for your site and click on Storage Metrics under the Site Collection Administration options e.g.

The page displayed looks something like this (obviously your metrics will be different)…

Storage Metrics

What happens if the storage limit is reached?

You will continue to be able to upload and create content until the quota is exceeded. This means that if for example you have 1Mb left of you quota you will still be able to upload a 200Mb file. Once the file is uploaded though, the quota will have been exceeded and no more updates or uploads will be possible until the storage used is brought back below the quota limit.

When the quota limit is exceeded an email is sent to the site collection administrator notifying them.  The email send includes a reference to the site with a URL, has links to the recycle bin and storage metrics for the site, and displays the site statistics (current usage). In addition to this email, a message is shown at the top of every page in the site. Unlike warnings, this message is seen by all users and is shown on every page of the site.

Quota Exceeded Banner

You cannot add content to a site that has exceeded its quota. This applies to list items as well as document/file based content. If you try to create, upload or drag and drop content you will receive an error message informing you of this e.g.

This message will also be displayed if you attempt to add a new App to your site after exceeding the limit.

How do I free up space on my site?

You might think that the answer to this question is simple…”just delete content I don’t need from my document library”. This is find if you are still within your quota limits. Unfortunately, once you have exceeded your quota, simply deleting content won’t work as it is put in the recycle bin and that also counts against usage. In this scenarios you will need to remove items from the recycle bin first to free up enough space. If there isn’t enough space freed up by the recycle bin, you’ll need to delete something from the site first and then remove it from the recycle bin. Note that unless you are a site collection administrator you can only see your personal recycle bin.
Even if you are a site collection administrator, the “empty the recycle bin” link provided in the red or yellow banner only takes you to the personal recycle bin for that user. If you are a site collection administrator and you want to see the recycle bin for all users go to Site Settings > Recycle Bin. This will take you to the administrative recycle bin page where you can see end user recycle bin items for all users as well as items deleted from the end user recycle bin (the second stage recycle bin).
Note: you do not need to delete items from the second stage recycle bin in order to clear up space as content stored here apparently does not count against your quota.

Leave a comment

Filed under Office 365, SharePoint, SharePoint Online

Customising Overlay Colours in SharePoint Calendars

It was recently noted by one of our technical team that when setting up Calendar overlays the list of colour​s available seemed a bit screwed up with the same colour name appearing next to different colours. This issue is a result of the colour palette used to generate the custom Look for all sites in our SharePoint environment and is actually not a currently defined by Microsoft as a bug even though it would be nice to have a bit more clarity and control of how these are determined. So the question was asked ‘can we change these colours?’

I have done some additional research and confirmed that the colours presented to the user for calendars are generated by SharePoint based on the theme selected for the web site (in our case the custom Look) and not immediately customisable for calendars out of the box. Specifically each one of the 9 colours defined comes from the definition of Accent 1-6, Hyperlink, and 2 of the text/background theme colours in the custom Look. This is why the first 6 colours map directly to a colour defined by the accent shown in the SharePoint Color Palette Tool. I think the Hyperlink text/background colours are generated based on the definitions within the custom Look.

There are a number of solutions for implementing customisations but these are point solutions that apply to a specific calendar in a specific site and end users would need to deploy the solution themselves to customise the colours in their calendars. We could possibly look at updating our custom site provisioning app to deploy this customisation with a calendar when the site is first created.

For future reference here a few of possible point solutions (all use a similar approach)…

Leave a comment

Filed under General SharePoint Development, SharePoint, SharePoint 2010, SharePoint 2013, SharePoint Online

SharePoint app icon and version different in Site Contents to ‘add an app’ area

I recently deployed a new version of a provider host SharePoint app that updated the app icon and the app name. Whilst the deployment was successful and I could see the new name and icon in the ‘add an app’ area of team sites the appearance of the app as it exists in the Site Contents had not changed. When a new team site is created this custom app is pre-provisioned on the site so the user doesn’t have to add it themselves. Because of this I thought maybe the change would only occur for new teams sites that are created so I created one to check. Unfortunately this wasn’t the case and the original default icon and old app name were still associated. I also noticed that the version was not correct but strangely, if I clicked through from the app to the app details page it showed the correct details for the new version, the name was correct and the new app icon was displayed.

After working through some possible reason I found that whilst the app had been deployed I hadn’t been to the app catalog for and allowed it to push out the update.

To do this I went to the app site for the SharePoint tenant (e.g.  <tenant url>/sites/apps) and then went to the Site Contents. Here I found a note under the app “An update for this app is available.” with a link on the word update. I then clicked through the update link. Here I found that whilst the “Add It” button was disabled SharePoint was recognising a new version was available and providing a button titled “Get It” (shown below).updateAppSnapAfter clicking on the Get It button I was asked to verify the trust in the app which I did and once I returned to an existing team site and refreshed the Site Contents view found that the icon, name and version details were all updated to the new values.


Leave a comment

Filed under SharePoint, SharePoint 2013, SharePoint Online

Provider Hosted App Error – Invalid issuer or signature

I was recently redeploying a provider hosted SharePoint app from development to production. I had completed the app component of the deployment but hadn’t made any changes to the web component. The updates to the SharePoint app, in this case a new icon image and more meaningful app title, were successfully deployed and I could see them. I was able to add the app to a site with no problems but when I tried to run the app and was redirected to the azure web site I received the following error:

                 System.IdentityModel.Tokens.SecurityTokenException: Invalid issuer or signature

For the life of me I could sort out what had happened to cause this error or how to fix it as everything seemed to have worked correctly with the deployment.

Eventually I worked out what had happened. I had deployed the app from development to production but had not corrected the Client Id and Client secret to the values that had previously been generated for production. This meant that when the user was redirected to the production azure web site the client details in SharePoint, in this case from development, did not match those configured into the associated Azure web site and the end result was the above error. Once I returned to the visual studio solution and corrected the Client Id/Secret in the web.config and the publishing profile and deployed a new version of the app component the issue was successfully resolved.

Leave a comment

Filed under SharePoint, SharePoint 2013, SharePoint Online

Free ‘second shot’ on Microsoft Cert Exams is back!

From today (5th January 2015) until the end of May this year Microsoft is once again offering those wishing to sit a Microsoft Certification Exam a second shot at passing the exam if they fail the first time around.

There are of course conditions associated with the offer but these are clear and reasonable such as booking the retake within 30 days of sitting the first attempt.

Full details can be found at the Microsoft Born To Learn blog

Leave a comment

Filed under Computers and Internet, General SharePoint Development, Office 365, SharePoint, SharePoint 2010, SharePoint 2013, SharePoint Online, Wollongong .Net Users Group