> For the complete documentation index, see [llms.txt](https://docs.migration-center.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.migration-center.com/scanners/sharepoint-scanner.md). # SharePoint Scanner ## Introduction The SharePoint Scanner allows extracting documents, list items, folders, list/libraries and their related information from Microsoft SharePoint sites. * Supports Microsoft SharePoint 2007/2010/2013/2016/2019 documents, list items, folders, list/libraries * Extract content(document), metadata * Extract versions * Exclude specified content types * Exclude specified file types * Exclude specified columns (attributes) * Calculate checksum during scan to be used later for validating the imported content (in combination with importers supporting this feature) The SharePoint Scanner is implemented mainly as SharePoint Solution running on the SharePoint Server, with the Job Server part managing communication between migration-center and the SharePoint component. ## Known Issues The SharePoint Scanner might receive timeout error from SharePoint when scanning libraries with more than 5000 documents (#52865) Currently a workaround can be used if the timeout errors are encountered by running the scanner with the following CAML query: ``` 1 5000 ``` This query will result in only the objects with IDs between 1 and 5000 being scanned. This query can be adapted to scan in increments so that the timeout error is avoided. ## Installation The migration-center SharePoint Scanner requires installing an additional, separate component from the main product components. The migration-center SharePoint Scanner is a SharePoint Solution which manages the scan (extraction) process from Microsoft SharePoint Server. This component will need to be installed and deployed manually on the machine hosting the Microsoft SharePoint Server. The required steps are detailed in this chapter. To install the main product components consult the migration-center Installation Guide document. To install the migration-center SharePoint Scanner, read on. ### Requirements The migration-center SharePoint Scanner is implemented as a SharePoint Solution, a functionality supported only with Microsoft SharePoint Server 2007 or newer. Since the migration-center SharePoint Scanner Solution must be installed on the same machine as Microsoft SharePoint Server, the range of Windows operating systems supported is the same as those supported by Microsoft SharePoint Server 2007-2013 respectively. Please consult the documentation for Microsoft SharePoint Server 2007-2016 for more information regarding supported operating systems and system requirements. Administrative rights are required for performing the required uninstallation, installation and deployment procedures described in this chapter. ### Installing migration-center Server Components Follow the standard installation procedure described in the [Installation Guide](/installation-guide.md) to install the migration-center Server Components containing Job Server and corresponding part of the SharePoint Scanner. ### Installing the SharePoint Solution part of the SharePoint Scanner 1. Connect to the SharePoint Server (log in directly or via Remote Desktop); in a farm, any server should be suited for this purpose. 2. Copy the *McScanner.wsp* file from *\/lib/mc-sharepoint-scanner/Sharepoint \* to a location on the SharePoint Server 3. Open an administrative Command Prompt 4. Navigate to *C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\\\\BIN* 5. Use the STSADM tool to install the SharePoint Solution part of the SharePoint Scanner\ **STSADM –o addsolution –filename \\McScanner.wsp** For SharePoint 2010, 2013 and 2016 an alternative installation using PowerShell is possible and can be used if preferred: 1. Connect to the SharePoint Server (log in directly or via Remote Desktop); in a farm, any server should be suited for this purpose. 2. Copy the *McScanner.wsp* file from *\/lib/mc-sharepoint-scanner/Sharepoint \* to a location on the SharePoint Server 3. Open the SharePoint Management Shell from the Start menu 4. Use the following PowerShell commands to install the SharePoint Solution part of the SharePoint Scanner\ **Add-SPSolution** **\\McScanner.wsp**\ The output should be like | ***Name*** | ***SolutionId*** | ***Deployed*** | | ------------- | ------------------------------------ | -------------- | | mcscanner.wsp | f905025e-3de7-44c9-828a-f7b12f726bc1 | False | ### Deploying the SharePoint Scanner solution Having installed the SharePoint Solution it is now time to deploy it. Due to differences in the various SharePoint versions’ management interfaces, the procedure differs slightly depending on the version used. Follow the steps below corresponding to the targeted SharePoint version: **SharePoint 2007:** 1. Open SharePoint Central Administration 2. Go to Operations 3. Under Global Configuration, click Solution Management 4. Click McScanner.wsp and follow instructions to deploy the solution. **SharePoint 2010, 2013 and 2016:** 1. Open SharePoint Central Administration 2. Go to System Settings 3. Under Farm Management, click Manage Farm Solutions 4. Click McScanner.wsp and follow the instructions to deploy the solution Verify the solution works correctly after deployment by calling the following URL in a web browser: ***http\://\/\_vti\_bin/McScanner.asmx?wsdl*** If the output looks like picture below, deployment was successful and the SharePoint Scanner is working. ![](/files/-M7JjN-uMpBkp1U8nZHb) ### Java keystore configuration If the SharePoint site is configured to run over HTTPS using the SSL protocol, the two SharePoint Scanner components (the mc Job Server part running in Java, and the SharePoint Solution part running on IIS) need additional configuration to communicate between one another. In this case the issuer of the server’s SSL certificate must set as a trusted certification authority on the JVM used by the Job Server to allow the Job Server component of the SharePoint Scanner to trust and connect to the secure SharePoint site. Follow the steps below to register the certification authority with the JVM: 1. Export the certificate as a .cer file 2. Transfer the file to the machine running the Job Server 3. Open a command prompt 4. Import the certificate file to the Java keystore using the following command (use the actual path corresponding to JAVA\_HOME instead of the placeholder; the below is one single command/line!)\ JAVA\_HOME\bin\keytool –import –alias <*set an alias of your choice, e.g. SP2013*> -keystore ..\lib\security\cacerts –file <*full* *path and name of certificate file from step 2*> 5. Enter “changeit” when asked for the password to the keystore 6. The information contained in the certificate is displayed. Verify the information is correct and describes the certification authority used to issue the SSL certificate used by the secure SharePoint connection 7. Type “y” when prompted “Trust this certificate?” 8. “Certificate was added to keystore” is displayed, confirming the addition of the CA from the certificate as a certification authority now trusted by Java. 9. Restart the Job Server Repeat the above steps for all machines if you have multiple Job Servers with the SharePoint Scanner running. ## Scanner Configuration To create a new SharePoint Scanner, create a new scanner and select *SharePoint* from the *Adapter Type* drop-down. Once the adapter type has been selected, the Parameters list will be populated with the parameters specific to the selected adapter type. Mandatory parameters are marked with an \*. The Properties of an existing scanner can be accessed after creating the scanner by double-clicking the scanner in the list or selecting the Properties button/menu item from the toolbar/context menu. A description is always displayed at the bottom of the window for the selected parameter. Multiple scanners can be created for scanning different locations, provided each scanner has a unique name. ### Scanner parameters The common adaptor parameters are described in [Common Parameters](/common-parameters.md#common-adaptor-details). The configuration parameters available for the SharePoint Scanner are described below: * **webserviceUrl**\*\ This is the URL to the SharePoint Scanner component installed on the SharePoint Server Also see chapter 3 Configuration for more information. Example: *http\://\/\/* * **username**\*\ The SharePoint user on whose behalf the scan process will be executed. This user also needs to be able to access the temporary storage location where the scanned objects will be saved to (see parameter exportLocation below). Should be a SharePoint Administrator. Example: *sharepoint.corporate.domain\spadmin* * **password**\*\ Password of the user specified above * **includeLibraries**\*\ List of Document Libraries the connector should scan.\ Multiple values can be entered and separated with the “|” character. At least one valid Document Library must be specified * **query**\ Sharepoint CAML query for a detailed selection of scan documents. Does not work with ***excludeContentTypes.*** * **excludeContentTypes**\ Exclude unneeded content types when scanning the document libraries specified above. Multiple values can be entered and separated with the “|” character. * **excludeFileExtensions**\ Exclude unneeded file types when scanning the document libraries specified above. Multiple values can be entered and separated with the “|” character. * **excludeAttributes**\ Exclude unneeded columns (attributes) when scanning the document libraries specified above. Multiple values can be entered and separated with the “|” character. * **includeInternalAttributes**\ List of internal SharePoint attributes to be scanned. * **scanDocuments**\ If enabled the scanner will a process all the Documents it encounters for the configured valid path. * **scanListItems**\ If enabled the scanner will a process all the List Items it encounters for the configured valid path * **scanFolders**\ If enabled the scanner will a process all the Folders it encounters for the configured valid path * **scanLists**\ If enabled the scanner will a process all the Lists/Libraries it encounters for the configured valid path * **scanSubsites**\ If enabled the scanner will a process the data of the subsites * **scanPermissions**\ If enabled each created item no matter the type will have the Permissions scanned into the migration center database for further use in the migration process * **scanVersionsAsSingleObject**\ If enabled the scanner will process each version tree as a single object in MC, which contains the content and metadata of the latest version and also the link to the contents of the other versions in the **mc\_previous\_version\_content\_paths** attribute * **computeChecksum**\ If enabled the scanner calculates a checksum for every content it scans. These checksums can be used during import to compare against a second checksum computed during import of the documents. If the checksums differ, it means the content has been corrupted or otherwise altered, causing the affected document to be rolled back and transitioned to the “import error” status in migration-center. * **hashAlgorithm**\ Specifies the algorithm to be used if the computeChecksum parameter is checked. Supported algorithms: MD5, SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512. Default algorithm is MD5. * **hashEncoding**\ Specified the encoding to be used if the computeChecksum parameter is checked. Supported algorithms: HEX and Base64. Default is HEX. * **exportLocation**\*\ Folder path. The location where the exported object content should be temporary saved. \ See: [Export location requirements](#export-location-requirements). * **loggingLevel\*** See: [Common Parameters](/common-parameters.md#logging-level). {% hint style="warning" %} Parameters marked with an asterisk **(\*)** are **mandatory**. {% endhint %} ### Export location requirements When scanning from SharePoint, the “exportLocation” parameter must be set. For ensuring proper functionality of the content export there are a few considerations to keep in mind: * Regarding the path:\ The export location should (ideally) be a UNC path that points to a shared location (e.g., \\\server\fileshare).\ If a local system path is used (D:\Temp), this path will be relative to the SharePoint Server where the WSP solution is running, and NOT to the Job Server machine.
* Regarding the credentials:\ For accessing the specified file share the SharePoint scanner will use the credentials provided in the scanner configuration. Therefore, the same user used to do the migration (e.g., sharepoint\mcuser) must have write permissions on the file share. ### Scanning using the CAML query Starting from version 3.3 of migration-center the SharePoint scanner is able to use SharePoint CAML queries for filtering which objects are to be scanned. Based on the entered query, the scanner scans documents, folders and list items in the lists/libraries, which are specified in the parameter “includeLibraries”. If the parameter “includeLibraries” contains \*, the query applies to all lists/libraries within the site. The following example shows a simple CAML query for scanning the contents of the "Level1" folder inside the "TestLib" library alongside all its subfolders:\ \ `` \ `` \ `` \ `/sites/mc/TestLib/Level1`\ ``\ `` For details on how to form CAML queries for each version of SharePoint please consult the official Microsoft MSDN documentation. {% hint style="info" %} When using the CAML query parameter “query” the “excludeContentTypes” parameter must be empty. Otherwise the scanner will fail to start with an error message. {% endhint %} ## Extra logging Additional logs are generated by the SharePoint Solution part of the SharePoint Scanner on the server side. The location of this log file can be configured through the file C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\CONFIG\ Migration\_Center\_SP\_Scanner.config . Open the file with a text editor and edit the line below to configure the path to the log file \ {% hint style="info" %} Only change the path to the file, do not change the name! (the %property{LogFileName} part). {% endhint %} ## Troubleshooting ### exportLocation validation When starting a SharePoint Scanner job, the following error can occur during configuration validation: ``` javax.xml.ws.soap.SOAPFaultException: Server was unable to process request. ---> Logon failure: the user has not been granted the requested logon type at this computer ``` This happens while the SharePoint Scanner validates the configured `exportLocation`. The validation is performed by the SharePoint Solution (`McScanner.wsp`) on the SharePoint Server, using the account configured in the scanner parameter `username`. The `exportLocation` is therefore checked from the SharePoint Server, not from the Job Server machine. If a local path is configured, for example `D:\Temp`, it must be valid on the SharePoint Server. If a UNC path is configured, for example `\\server\share`, the configured scanner user must be able to access this share from the SharePoint Server. #### **Cause** Windows does not allow the scanner account to perform the required logon type on the computer where the SharePoint Solution is running to check that the export location is valid and accessible. Check the following effective logon rights on the SharePoint Server that hosts `McScanner.asmx`. Do not check only the Job Server or the domain controller. The most common cause is that the scanner account does not have: ``` Allow log on locally ``` or that the account, or one of its groups, is included in: ``` Deny log on locally ``` If `exportLocation` is a UNC path, also check share/NTFS permissions and network logon rights on the file server hosting the share. #### **Checks to perform** Perform these checks on every SharePoint Server that can respond to the configured `webserviceUrl`. If `webserviceUrl` is load balanced, check every SharePoint Web Front End server behind that URL. The checks can be performed using standard Windows administration tools. Commands are not required if the administrator can provide screenshots or exported reports from the tools below. **Check using Group Policy Results** On a domain joined SharePoint Server, use Group Policy Management Console: 1. Open `Group Policy Management`. 2. Go to `Group Policy Results`. 3. Run the `Group Policy Results Wizard`. 4. Select the SharePoint Server that hosts the SharePoint Scanner solution. 5. Select the scanner account, if available, or select `Do not display user policy settings` and review the computer settings. 6. Open the generated report and go to: ``` Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment ``` Verify: * `Allow log on locally` includes the scanner account or a group containing it * `Deny log on locally` does not include the scanner account or any group containing it * `Access this computer from the network` is allowed where needed * `Deny access to this computer from the network` does not include the scanner account or any group containing it #### **Check using Resultant Set of Policy** Use `rsop.msc` on the computer whose effective policy must be checked. For this scanner startup error, run it on every SharePoint Server that can host `McScanner.asmx`. If `exportLocation` is a UNC path and the logon failure or access issue occurs on the file share, run the same check on the file server hosting the share. On the relevant server: 1. Open `Run`. 2. Enter `rsop.msc`. 3. Go to: ``` Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment ``` Review the same policies listed above. On the SharePoint Server, the most important settings are `Allow log on locally` and `Deny log on locally`. On the file server, the most important settings are `Access this computer from the network` and `Deny access to this computer from the network`. The local policy editor (`secpol.msc`) can also be used for a quick check, but on domain joined servers the effective setting may be controlled by domain Group Policy. Prefer `Group Policy Results` or `Resultant Set of Policy` when possible. #### **Export location test** From the SharePoint Server, verify that the configured scanner user can create and delete a folder under the configured `exportLocation`. This can be done through Windows Explorer by signing in with the scanner account and creating/deleting a test folder in the export location. If direct sign-in with the scanner account is not possible, verify the permissions through the Windows UI: * on the file server, check the share permissions of the configured share * on the target folder, check `Properties > Security > Advanced > Effective Access` for the scanner account Alternatively, an administrator can run: ```cmd runas /user:domain\mcuser cmd ``` In the command prompt opened as the scanner user, run: ```cmd mkdir "\\server\share\mc-export\mcscanner-test" rmdir "\\server\share\mc-export\mcscanner-test" ``` If this test fails, correct the local logon rights on the SharePoint Server, or the share permissions, NTFS permissions, and network logon rights on the file server. On the file server hosting the share, verify that: * `SeNetworkLogonRight` includes the scanner account or a group containing it * `SeDenyNetworkLogonRight` does not include the scanner account or any group containing it --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.migration-center.com/scanners/sharepoint-scanner.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.