PowerShell script to update Access Request Email Address for multiple sites and webs

Yesterday I worked with one of my colleagues on a PowerShell script to update/change access request on all the sites/webs inside a web application. The requirement was to check if access request is enabled or not on a site. If yes, then update the access request email address to a specific email address. The script checks all the webs and sites inside the mentioned web application and then updates the access request email. My colleague has also blogged about this and the post can be found here.

What is access request email?
Consider a user tries to access a SharePoint site and gets "Access Denied" message. If access request are enabled on the site collection or web, then they will get similar screen like below.

If the user clicks on the "Request access" link, an email is sent to the person (who is specified in the access request settings for the site). This person can then add the user and give appropriate permissions. This is useful, if the number of users is not known when setting up the SharePoint site.

Access requests can be enabled on site (or web if the web have unique permissions) by navigating to Site Settings -> Site Permissions. In the ribbon, an option to manage access request can be seen

In the next screen, you will see options to enable access requests and specify the email address.

Now, consider that there are hundreds and thousands of site and webs (with unique permissions) and you need to update the email address for access requests. This would be a very tedious and time consuming task. Below is a script which will allow to update the access request email address for all the sites and webs in a single web application at once. The scripts iterates through all the sites (and webs inside the site) and checks if there are unique permissions or not. If not, then the web is skipped (because the access request settings are being inherited from the parent site). If yes, then the email address is updated.

Replace the "URL of Web Application" with your web application url. e.g. http://sharepointserver
and replace "Specify access request email here" with the email address of the person who should manage the access requests.

Add-PSSnapin Microsoft.SharePoint.Powershell
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")

$webapp =Get-SPWebApplication "URL of Web Application"
foreach($site in $webapp.Sites)
{
   foreach($web in $site.AllWebs)
   {
     if (!$web.HasUniquePerm)
      {
             Write-Host "Access Request Settings is inherted from parent."
      }
       elseif($web.RequestAccessEnabled)
       {
            $web.RequestAccessEmail ="Specify the access request email here"
            $web.Update()
       }
       else
      {
            Write-Host "Access Request Settings not enabled."
      }
   }
}

Let me know if this helps or if there are any queries.

SharePoint BLOB Cache (Disk Based Caching) fundamentals

What is blob cache?
Blob Cache is a disk based caching mechanism for Binary Large Objects (BLOBs) which can be used with SharePoint sites to decrease response times for pages within a SharePoint site. It also helps reduce database load on SQL servers and network traffic between SharePoint and SQL servers. Binary Large Objects (BLOBs) such as images, videos and audio files, large code files are retrieved from the database and can be cached and stored in a directory on the web front end server(s). Thus, when a user requests for a page/file, SharePoint server can respond faster by returning the file from the server cache rather than making a round trip and retrieving the data from SQL server every time. BLOB caching can be enabled on Web Front End (WFE) servers.

In SharePoint 2010, new the concept of byte-range requests is introduced which allows a user to select a later point in the video and being playback from that point. SharePoint also provides the concept of progressive caching, which starts streaming the video from the beginning of the large video file and the rest of the file is cached. Video files are also divided and retrieved in smaller sections to reduce load between the WFE and SQL servers. Administrators have the option to configured the size of these file sections.

BLOB caching is mostly used in Internet facing (anonymous access) or with sites which have read-only documents (which are not modified on regular basis) and static content. We can specify the files e.g. documents, images, etc to be cached on the server so that the response time decreases.

BLOB cache is usually stored in a directory on the web front end servers on the drive where SharePoint is installed. We need to ensure that the drive has sufficient space where the files will be stored. The location of BLOB cache can be set as per our requirement.
To enable BLOB cache on WFE servers, we need to configure the web.config file for the web applications. By default, disk based BLOB caching is turned off and must be enabled on front end web servers. In the web.config file of the web application, we will see a code line as

<BlobCache location="" path="\.(gif|jpg|jpeg|jpe|jfif|bmp|dib|tif|tiff|ico|png|wdp|hdp|css|js|asf|avi|flv|m4v|mov|mp3|mp4|mpeg|mpg|rm|rmvb|wma|wmv)$" maxSize="10" enabled="false" />

In this line, change the enabled attribute from “false” to “true”. If needed specify the location where the files need to be stored and the type of files which need to be cached. To add or remove the file types from the list of file types to be cached, for the path attribute, modify the regular expressions to include or remove the appropriate file extension. Size of the cache can also be specified. The default is set to 10 GB under the “maxSize” attribute.

Additionally, if the product is SharePoint Server 2010, we can enable “SharePoint Server Publishing Infrastructure” at the site collection level where we need to use Object caching.  Once the Publishing feature is enabled on the site, we can then enable Object caching by navigating to site settings -> Site Collection Object Cache.

Advantages of BLOB Cache

• Disk based caching is extremely fast. Decrease in response time.
• Eliminates the need for round trips between database and SharePoint servers for every request.
• Security trimmed caching.
• Can specify which files to be cached and can also restrict the types of files which need not be cached.
• Setting BLOB cache for one web application does not affect performance of other web applications which do not have BLOB cache configured.
• The files are cached on the server only if it is requested for the first time on that WFE. Thus, only the required files are cached and each WFE maintains its local copy of cache.
• Each server uses less CPU time and energy to serve the same page after the initial rendering.

Disadvantage of BLOB Cache

• The site’s performance is temporarily affected while the files to be cached are first written on the disk.
• BLOB caching can only be configured at web application level. There is one BLOB cache per web application. Hence, if there are two different site collections – one of which contains static (needs BLOB caching) and other dynamic (does not need BLOB caching), then we need to separate the two site collections and store them in two different web application. 
• In some scenarios where the files are large in size and number, BLOB caching may require lot of hard disk space and hence may need additional hard ware to accommodate the files. We need to use a hard drive which has sufficient space and which will be used by few processes as possible to avoid conflicts during cache retrieval.
• As each WFE maintains it own copy of cache, the information (about which files need to be cached) is not synchronized. Thus, if WFE1 has “file1.jpg” cached but if WFE2 gets the request for that same file, WFE2 will make a round trip to SQL to fetch the file for the first time. It is not aware that the file is cached on WFE1.
• Also, as the data is not synchronized, there are chances that each server can have different copies of the file and upon request the end user might see two different files. 
• In case few of the files are corrupted, we may need to reset the entire index file on WFE server and rebuild the cache.
• BLOB caching works only for items stored in document libraries on SharePoint site.
• BLOB caching cannot be used with Web Applications that use Web Gardening.

Performance:

Let us test the performance with and without blob cache. The performance of the page also depends on the amount of media and content (that is cached on the server) present on the page. If the content cached is more, then the performance improvement can be seen very easily. If there are lesser image or media files, then the performance improvement might go unnoticed.

e.g. Following are the page load time for a test page on SharePoint site. The page contains a image file – “SharePointDeveloperToolbar.jpg”. The following data considers the time taken for the file to load before and after the blob cache settings.

Page load time with blob cache

Approximately 0.015 seconds for that single image file.

Page load time without blob cache

Approximately 0.031 seconds for the same image file.

The above is only for one single image file on the page. If we consider all the media elements on the page, then the difference can be seen easily.

SharePoint People Picker and Active Directory

Introduction:
SharePoint People Picker enables end users to enter either username or part of the username/display name and have the input resolved against a source that is holding user information (mostly active directory, but we can also use other directory sources).
Following is the screenshot of how a people picker page looks in SharePoint 2010.

Note: The following part of the article considers that SharePoint Picker People is using classic (Windows Integrated Authentication). When SharePoint People Picker uses classic authentication method, we can use stsadm setproperty commands. If the web application is using Claims based authentication, then stsadm setproperty commands would not cause any effect on the configuration.

How people picker works:

Following is the sequence of activities that occur when you try to search for a user in people picker

• User submits a query in people picker
• The query is sent to one of the Web Front End (WFE) servers. The server which is handling the request performs a lookup in DNS for the domain controller server holding the Global Catalog Service.
• DNS returns the I.P. address of the domain controller holding GC. SharePoint will use any random port on it’s server and connect to the Domain controller server on port 3268. Port 3268 is the LDAP over TCP port used by Global Catalog service.
• SharePoint will initially ask for some information from DC which will let SharePoint know the authentication mechanism that is supported, LDAP capabilities, end points, etc.
• If the Active Directory requests for authentication, SharePoint will use the web application’s application pool account to send a LDAP query.
• SharePoint will now send a LDAP query (for the username which the user requested) to the DC server. The query is created using “System.DirectoryServices” namespace. If the server is a standalone installation and the application pool is running under Local system or Network Service, then DOMAIN\MACHINE_NAME will be used for authentication. Once username is found in the directory, Windows APIs will return the SID of the user. Using the SID, further information about the user is retrieved from the Active Directory.
• DC sends the response back to the SharePoint server.  System.DirectoryServices uses “DirectorySearcher” object to formulate the search response. A “SearchResultContainer” object is sent containing “SearchResults” which were returned by the “FindAll” method.
  Refer: http://msdn.microsoft.com/en-us/library/ms180881(VS.90).aspx
• The information is parsed and displayed in People Picker.

We know now that SharePoint initially queries DNS and then communicates with the Domain Controller holding GC to get the details of the user. For the communication to happen successfully, we need to ensure that the following ports are open between SharePoint and Domain controller (holding GC).

On SharePoint Server:

• TCP/UDP 135, 137, 138, 139 (RPC)
• TCP/UDP 389 (LDAP default port)
• TCP 636 (LDAP SSL default port)
• TCP/UDP 53 (DNS) 
• TCP/UDP 88 (Kerberos)
• UDP 464 (Kerberos Change Password)

On Domain Controller:

• TCP/UDP 135 (RPC)
• TCP/UDP 389  (LDAP default port)
• TCP 636 (LDAP SSL default port)
• TCP 3268 (LDAP Global Catalog)
• TCP 3269 (LDAP SSL Global Catalog)
• TCP/UDP 88 (Kerberos)
• TCP/UDP 53 (DNS)
• TCP/UDP 445 (Directory Services)

Following ports are optional

• TCP/UDP 749 (Kerberos-Adm)
• TCP port 750 (Kerberos-IV)

If people picker is pulling up users from another domain, then to support the communication between domains inside the corporate network requires at least a one-way trust relationship in which the perimeter network trusts the corporate network.

On the other domain controller (or if the communication occurs through ISA), the following ports are required to be kept open for inbound connections in the DC/ISA server.

• TCP/UDP 135 (RPC)
• TCP/UDP 389 (LDAP default port)
• TCP 636 (LDAP SSL default port)
• TCP 3268 (LDAP Global Catalog)
• TCP 3269 (LDAP SSL Global Catalog)
• TCP/UDP 53 (DNS)
• TCP/UDP 88 (Kerberos)
• TCP/UDP 445 (Directory Services)
  
  Optional Ports:
• TCP/UDP 749 (Kerberos-Adm)
• TCP port 750 (Kerberos-IV)

In case of any queries, please feel free to drop a comment and I will respond back.

When was the last you felt like an expert on SharePoint?

Microsoft is presenting the ESP Live Webcast Series, conducted by Subject Matter Experts from Microsoft, to educate you about the advantages that you might be missing out on.

1. SharePoint Architecture - Services Stack

The first webcast, on 19th September, will take you through SharePoint Architecture - Services Stack, introducing you to the various services SharePoint Server 2010 offers. Some of the key topics that we will talk about include:

• Access Services
• Dashboards
• Enterprise Content Management
• Enterprise Search
• Excel Service

2. SharePoint Architecture - Farm Deployment

The second webcast, on 21st September, will be on SharePoint Architecture - Farm Deployment, introducing you to the overall elements that comprise a SharePoint farm and how administrators can leverage interfaces to manage their farm. Topics we will cover in the webcast are:

• Farm Topology
• Load Balancing Servers
• Planning Availability
• Disaster Recovery
• Service Applications

Click here to register for the webcast on 21st September

Designing and Creating Workflows with Visio 2010

One of the biggest challenges in implementing a successful workflow is not becoming an expert in coding/creating a custom workflow but to design it as per the requirement of user or business needs. Typically, a consultant would talk to business users, understand business process and then design the workflow. This design is then handed over to SharePoint professionals to implement on SharePoint.

Visio makes the task of analyzing the requirement and actually putting it down on paper. We can draw diagrams, create flowcharts for workflows and the best part is that now, we can export the workflow in .vwi format (Visio Workflow Interchange) and then import it in SharePoint Designer 2010. Thus, a consultant or a business power user can create Visio diagrams for the workflow and SharePoint professionals can easily import them in SharePoint Designer 2010 and implement it on lists/sites.

Creating a workflow using Visio 2010:
Visio 2010 provides us with specific workflow templates that can be directly imported in SharePoint Designer 2010.



When we select “SharePoint Workflow” template in Visio, we can see that there is a set of shapes available. These shapes relate to the actions and conditions in SharePoint Designer 2010.

Use this template and create a workflow diagram as per your business requirement. Once the diagram is done, Click on “Export the diagram” from “Process” tab in Visio. This will check the file for any errors and export the file and save it as a .vwi format file.

Importing the workflow diagram in SharePoint Designer 2010:

Open SharePoint Designer 2010 and open the site/list where you would like to associate the workflow. Under the workflow tab, you can see the button for Importing the workflow from a Visio document.

Once the workflow is imported, it can be further customized or details can be added. You can then publish the workflow on the required list/site.

How to carry out effective and efficient SharePoint searches

I have to admit. When I think about search, the first thing that comes to my mind is “Google” (or some people may even think about Bing or other search engines). Google has made searching very easy and very “fast”. And it has also made other search sites and tools look equally dumb and useless. So, an end user will open Google in one tab of the browser and SharePoint search page on another and type a query and compare the results. I am sure the person will be amazed by Google’s response time. But that does not mean that SharePoint search is weak and does not perform.

Users have to understand that there is a vast difference between Google’s infrastructure and the infrastructure of the organization they work in. Their own organization is hosting SharePoint for them (or sometimes may be it is hosted by another organization, but the point is that the infrastructure is still smaller than Google’s). So, the server capacity is limited, bandwidth is limited and storage is limited. Still, SharePoint manages to give results by just taking a little extra seconds than Google. So, I think that is commendable job from SharePoint’s point of view.

For all those who still do not like to search on SharePoint site, here are few tips that can help you get the results your are looking for in the first instance of your try. Try any or combine these tips below to narrow down the result set and get the results easily and in your first try.

Using Keywords:
Keywords are the basis of searching something. Consider you want to search for a H.R. document whose title is “Company HR Policies”. So, you can search for Policy. Searching with a single word may not give you the results.You can use phrase – Company HR Policy. SharePoint will now search for either Company or HR or Policy and return documents and items that contain any of these words. Exact phrases can  also be used like “Company HR Policy” (by specifying the quotation mark). This will search for exactly the phrase you have typed and in this case, you might get the first result as the document you were looking for. So, if you know the filename and want to search for it, use exact full phrases rather than loosely typed pieces of words.

But what if you do not know the filename but do know who wrote the document or what type of file it is. In such cases, Property Filters can be used

Property Filters:
When property filters are used while searching for content, SharePoint will limit the result set based on the matches between the data provided by you and the metadata properties of the file/item indexed by SharePoint.

e.g. You know that the document is written by a person named “Amol Ghanwat”, then following are few examples how you can use to search it.

author:Amol
author:”Amol Ghanwat”
author:”domain\username”

Note the use of quotation mark when multiple words are used.

In case you know the file type, you can search for document and limit the result set for those file type(s). e.g. if you are searching for Excel 2007/2010 file types, following query will yield only Excel files

filetype:xlsx

So, I mentioned earlier that you may not know the name of the document. But what if you know only a certain part of the filename or some other attribute. Prefix matching can be used to search for content for which you have incomplete information.

Prefix Matching:
You know that the file name starts with something like “Share….” but do not know the rest of the name. You can simply search for “Share*” (using the asterisk “*” symbol) and the search would return documents/item starting with “Share” e.g. SharePoint, ShareBook, etc.

Prefix matching can be used with property filters. e.g. You know that the content was written by a person whose name start with “Am” but do not know the last name, simply search for author:Am* and it would return documents with authors whose name start with “Am”

Note: As the name applies, “*” symbol can be used only as shown above. If you try to search something like “*Point” it will not return “SharePoint” in results. This is because wildcard characters are allowed only a
t the end when using SharePoint search.

Inclusions and Exclusions:
You are searching for a travel catalog and would like to find information about “Paris”, you can use inclusions as - Catalog + Paris or ”Travel Catalog” + Paris

This will ensure that the documents with “Catalog” or “Travel Catalog” with “Paris” are returned.

Similarly, if you would like that documents with “XYZPlace” in its name should not be returned, then we can query as - Catalog – XYZPlace

Boolean Expressions:
If there are multiple words or phrases in your query, you can use OR AND operations. e.g. If you want to search for a restaurant with the name ABC, you can search as restaurant AND ABC

Numeric Expressions:
Lets consider that you are an account executive and would like to search for accounts whose balance is less than 1000. In such cases, you are use Numerical Operators to compare values from SharePoint list/library/site columns. e.g. Accounts < 1000

Note that if Accounts is a custom column, your SharePoint site owner or administrator might have to request for this column to be mapped to metadata properties and crawled. If the metadata mapping is not done, then Numeric expressions will not yield correct results. Also, metadata mapping affects property filters.

Search Alerts
If you search for something very frequently and the main purpose of the search is to track which documents are added, removed, updated, etc, then you are use Search Alerts. When you search for something, the result page will contain links for Alert Me and RSS. Use any one of the links to keep yourself updated. e.g. If “ABC” was the first search result that used to come and after few days, “XYZ” relevance increases, it will show up first. Or a document named “PQR” was added and showed up in the search results. All these changes are summarized and sent across to you as RSS feed or as an email.

The sdk service is either not running or not yet initialized

I would like to bring out some points which can be used to troubleshoot issue related to System Center Operation Manager 2007 R2 SDK Service. You may get the below mentioned error while opening SCOM console, or on other services or applications (like SharePoint) where this data is being utilized. The problem lies with the SCOM server's sdk (System Center Data Access) service.

To analyze the issue further, we will need to reproduce the issue and check “Operations Manager” logs from event viewer on SCOM server.

Following are few possibilities/cause of the issue -

1. If any of the following service is stopped.
• System Center Management (Health)
• System Center Data Access (SDK)
• System Center Configuration (Config service)
2. If any of the above service is stopped, please start the service. 
3. Re-enter the password for the identity of above services and restart the service. 
4. In case we are getting an error while starting the service, the reason might one of the reasons mentioned below

• Incorrect SPN set for the account that is running the System Center Data Access (OpsMgr SDK) service. Need to find out what SPNs are set for the account and rule out any possibility of incorrect SPNs.
• If SCOM is running on Windows 2003 SP1 and uses SQL 2005, we can also check the “SynAttackProtect” TCP registry as mentioned in the blog article below: http://blogs.msdn.com/b/sql_protocols/archive/2006/04/12/574608.aspx
• Before making the above registry change, we need to ensure that we are getting System.Data.SQLClient.SQLException from Operations Manager event viewer logs. Event ID: 26380
• If System Center Operations Manger 2007 R2 Authoring console is installed on System Center Operations Manager 2007 SP1 RMS or if there are errors related to assembly in event viewer, please check this article: http://support.microsoft.com/kb/2526827
• Verify if the port numbers are same across the following registry key and SQL Server configuration manager settings for the SQL instance.
• Registry Key Location: HKLM\Software\Microsoft\Microsoft Operations Manager\3.0\Setup\
  Check the “DatabaseServerName” key information.
  Match it with the port number specified in SQL Configuration manager for SQL instance. Both should be same.
  Related: http://support.microsoft.com/kb/2002620
• Ensure that we are able to open SCOM Console on SCOM server.
• Check for any handler or access denied errors in event viewer. If yes, then the SDK account might not have permissions on “Services Configuration” or SCOM installation directory.If starting a sdk service gives time out error, we can consider increasing the timeout for the sdk service – http://support.microsoft.com/kb/922918

Windows XP lifecycle to end in April 2014

The most successful Microsoft OS - Windows XP life-cycle should get over in April 2014 as per the statement from Kevin Turner.

"We are end-of-lifing XP and Office 2003 and everything prior, in April 2014," said Kevin Turner, Microsoft's chief operating officer, during a meeting with financial analysts Wednesday. "So for all those companies that have the old products that haven't quite started the refresh, guess what? This has been a great product, XP has been a wonderful product; great TCO has been given. It's now time for it to go."

Read more - http://www.informationweek.com/news/windows/microsoft_news/231601604

Batch file to delete files older than 2 minutes

Specify the directory where the files are located, save the file as .bat (batch) file and run it. When you run it, it will delete all the files which are older than 2 minutes

@echo off
cd "Directory where files need to be deleted"
setlocal
call :DateToMinutes %date:~-4% %date:~-10,2% %date:~-7,2% %time:~0,2% %time:~3,2% NowMins
for /f "delims=" %%a in ('dir * /a-d /b') do call :CheckMins "%%a" "%%~ta"
goto :EOF
:CheckMins
set File=%1
set TimeStamp=%2
call :DateToMinutes %timestamp:~7,4% %timestamp:~1,2% %timestamp:~4,2% %timestamp:~12,2% %timestamp:~15,2%%timestamp:~18,1% FileMins
set /a MinsOld=%NowMins%-%FileMins%
if %MinsOld% gtr 2 del %file%
goto :EOF
:DateToMinutes
setlocal
set yy=%1&set mm=%2&set dd=%3&set hh=%4&set nn=%5
if 1%yy% LSS 200 if 1%yy% LSS 170 (set yy=20%yy%) else (set yy=19%yy%)
set /a dd=100%dd%%%100,mm=100%mm%%%100
set /a z=14-mm,z/=12,y=yy+4800-z,m=mm+12*z-3,j=153*m+2
set /a j=j/5+dd+y*365+y/4-y/100+y/400-2472633
if 1%hh% LSS 20 set hh=0%hh%
if /i {%nn:~2,1%} EQU {p} if "%hh%" NEQ "12" set hh=1%hh%&set/a hh-=88
if /i {%nn:~2,1%} EQU {a} if "%hh%" EQU "12" set hh=00
if /i {%nn:~2,1%} GEQ {a} set nn=%nn:~0,2%
set /a hh=100%hh%%%100,nn=100%nn%%%100,j=j*1440+hh*60+nn
endlocal&set %6=%j%&goto :EOF

At the start of the file, specify the directory where the files are located. If you need to change the number of minutes, locate "if %MinsOld% gtr 2 del %file%. Change the number of minutes. You can use this to schedule jobs and delete log files older than specified amount of minutes.

Visio Graphic Service Protocol

Visio Graphic Service Protocol is used to retrieve information about a Web Drawing (which is usually stored in a .vdw format) in a SharePoint document library. SharePoint as an application uses this protocol to retrieve data and display the graphic on the site. When we open a Visio diagram in SharePoint site, the Visio protocol client calls the server for information. The information is either returned in raster or vector format. Raster file data is returned as .png (portal network graphic) format while a vector data is returned as XAML.

Visio Graphic Services uses SOAP (Simple Object Access Protocol) for formatting request and response received from the server. The information is transmitted using TCP IP protocol (either through HTTP or HTTPS, depending on the way you have configured Visio Service Application). Following Diagram shows the messaging and transport stack used by the service.



Following are the pre-requisites for the service protocol to work properly:

• Service endpoint. 
• Appropriate permissions to call the method from VisioGraphicService.svc 
• Token based security mechanism

SharePoint acts as the client requesting the information. Visio Service is hosted in a website known as “SharePoint Web Services”. The sub directory name is usually a GUID. Search through the contents of the site and you will find that VisioGraphicService.svc is hosted in one of the directories of the web application.


Open IIS Manager and check the Content view of the “SharePoint Web Services” web application. You should see a similar picture as above. The GUID might differ though.

VisioGraphicService.svc acts a a service endpoint and is needed to communicate and transfer data across. SharePoint Web Services web application uses TCP port 32843 (HTTP) and TCP port 32844 (HTTPS) for communication. Usually a default configuration of SharePoint uses HTTP port for communication unless you specific any other setting from Central Administration site.

Ensure we have these port(s) open. In case firewall is blocking the ports or you are facing any network issue, Visio diagrams may fail to refresh or may not render at all. Just in case, I am documenting some sample error messages I received because TCP 32843 port was blocked.

w3wp.exe Visio Graphics Service Web Access 8046 Critical Failed to get Vector Diagram for visio file (null) page (null) Exception : Could not connect to http://servername:32843/virtualDirectoryID/VisioGraphicsService.svc. TCP error code 10061: No connection could be made because the target machine actively refused it :32843.
w3wp.exe Visio Graphics Service Web Access High BeginGetVectorDiagram failed: System.OperationCanceledException: The server failed to process the request. ---> System.ServiceModel.EndpointNotFoundException: Could not connect to http://servername:32843/virtualDirectoryID/VisioGraphicsService.svc. TCP error code 10061: No connection could be made because the target machine actively refused it :32843. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it :32843

See Microsoft Technet Article for details about ports that need to be open for communication: http://technet.microsoft.com/en-us/library/cc262849.aspx#ServiceApp