Friday, September 28, 2012

Sunday, September 2, 2012

SP2013/SP15 Overview

Key Highlights:
1. Shredded storage
2. SQL Improvement - SQL 2012 support
3. Cache Services: Win AppFabric, Farm Level Cache
4. Request Management: Redirection between farm servers based on request parameters
5. Themes
6. Sharing

* Office Webs and Web Analytics no longer available

ECM:
1. Site level retention
2. Discovery Center: Record center. Easy connect to Exchange, file shares etc

Web Content Management:
1. HTML tools for web design
2. Variation: Machine translation using cloud based service to translate individual sites or pages
3. SEO: Url handling (clean urls), metadata setting, site hirerarchy available for individual site pages.
3. Cross Site Collection Publishing
4. Video Embedding: native html 5 video rendering capability
5. Image renditions: resize images on server side by storing new versions
6. Clean urls: Drive navigation using specific term set/metadata navigation. No longer depended on physical site hirearchy but with metadata navigation
7. Metadata navigation:

Social:
1. Microblogging
2. Activity Feeds
3. Communities
4. Discussions
5. Blogs

Search:
1. Personalization
2. Contextual Previews (check with edition has it)

BI
1. Excel BI
2. Excel Services
3. PerformancePoint Services: Using Analysis Services Effective User eliminates Kerb delegation
4. Vision Services: More number of data sources (Use BCS or SQL Azure)

Mobile:
1. Automative Mobile Browser Redirection -> Part of publishing infrastructure

Evolution of customizations in SP15
1. Customization that involve gathering information from external sources are kept seperate from SharePoint and are managed seperately (patched, executed) from SharePoint.
2. This code is outside SharePoint execution context.

Reference:
http://technet.microsoft.com/en-us/sharepoint/fp123606.aspx


 

Sunday, August 26, 2012

Bulk SPDisposeCheck

Handy powershell script for IT Pros to assist in bulk validating assemblies across multiple wsps for spdispose issues.

#########################################################################################################
$deploymentfolder = "C:\SharePoint Dispose Check\ToCheck\"
$workingfolder = "C:\SharePoint Dispose Check\working\"
$spdfolder = "C:\SharePoint Dispose Check\"
$cabfoldername = "cab"
$dllfoldername = "dll"
$wspfoldername = "wsp"
$logfilename = "log_"


#########################################################################################################
$dte = get-date -format MM_dd_yyyy_HH_mm_ss
$logfilename = $logfilename+$dte+".log"

function Pause()
{
 Write-Host "Press any key to continue ...";
 $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown");
}


Write-Host "...Change working folder" -foregroundcolor yellow
pushd $workingfolder

Write-Host "...Cleaning working folder" -foregroundcolor yellow
Remove-Item $workingfolder"*" -recurse

#Pause
Write-Host "...Create new wsp folder" -foregroundcolor yellow
New-Item $workingfolder$wspfoldername -type directory

#Pause
Write-Host "...Copy all wsps to local from deployment folder" -foregroundcolor yellow
Get-ChildItem $deploymentfolder -filter "*.wsp" -recurse | Copy-Item -destination $workingfolder$wspfoldername

#Pause
Write-Host "...Create new cab folder" -foregroundcolor yellow
New-Item $workingfolder$cabfoldername -type directory
Get-ChildItem $workingfolder$wspfoldername | Copy-Item -destination $workingfolder$cabfoldername
Get-ChildItem $workingfolder$cabfoldername | Rename-Item -NewName { $_.Name -replace "wsp","cab" }

#Pause
Write-Host "...Create new dll folder" -foregroundcolor yellow
New-Item $workingfolder$dllfoldername -type directory

#Pause
Write-Host "...Expanding dlls from cab folder" -foregroundcolor yellow
Get-ChildItem $workingfolder$cabfoldername | foreach-object{expand $workingfolder$cabfoldername"\$_" -f:*.dll $workingfolder$dllfoldername}

#Pause
get-childitem $workingfolder$dllfoldername -recurse | ForEach {$_.Set_IsReadOnly($False)}

Write-Host "...Performing SPDispose check" -foregroundcolor yellow
pushd $spdfolder
Get-ChildItem $workingfolder$dllfoldername | foreach-object{.\SPDisposeCheck.exe $workingfolder$dllfoldername"\$_" | out-file -filepath $workingfolder$logfilename -append }

notepad.exe $workingfolder$logfilename
#Pause

Saturday, July 28, 2012

Windows Azure Overview

www.windowsazure.com has all the required software to start developing against Windows Azure. It is more developer focussed, eliminating various infrastructure details thereby enabling developers to focus more on application development.

Deployments and storage functionality can be tested by developers on local machines using Azure emulators before publishing on Azure

Deployment can be done using,
- Azure management console (web version)
- Visual studio publsh project
- Powershell

All deployments are automated by Azure using the configurations and solution packages provided by developers. Data centers at geographically significant locations, network setup, load balancing, failover storage are all provided by default to all azure applications. Based on subscriptions and configurations provided by developers Azure automatically builds required infrastructure and deploys custom solutions.

Solution package updates can be done in 2 ways:
- In place : Developers publishes updated solution package to Azure. It then takes one server at a time out of rotation from the NLB, applies the solution package and add the server back.
- Branching : Create a staging branch which will have similar vms as the production setup. It will have a private vip and dns. Developers will prepare the staging branch to what is required on production and once ready we just "Swap VIPs" between production and staging as both branches are similar.
Building blocks: Ready to use functionality already built into Windows Azure. All building blocks fundamentally make use of redundancy and failover.
- Storage : BLOB, SQL Azure, Table storage (NoSQL)
BLOB : 3 drives write for each write operation. Geo redundancy between data centers (built-in feature), file system on cloud, can be exposed on http,

Storage Account: Include a public url to allow access over http, choose a region local to where the code will be deployed, primay access key (used to program against it)
Use cloud explorer to manage Blob storage from desktop: http://clumsyleaf.com/products/cloudxplorer
The blob storage is fully accessible using API from code.

SQL Azure:
Relational db in the cloud
patching, clustering and backups are all included and managed by Azure

Table storage: non-relational tables


Messaging using Service Bus Queue: Design loosely coupled architectures.  Rather than the FE depending on synchronous callbacks from BE use Queues to store FE requests and then have BE process the queue items asynchronously. Add more resiliency.

The above point can be easily thought through using a order management system, A FE system pushing orders into a queue and a BE system processing them. Add more processing power to FE or BE as required using Azure.

Hybrid systems:
The FE system in the above example could be website hosted in Azure which accepts messages into a Service Bus Queue
the BE could be a console app running on-premise listening and closing to the messages on Azure.

Systems Center could be used to manage on-premise and cloud infrastructure.

Service Bus Relay: Let me explain this with the below e.g.
You have an on-premise database. If you need to expose this database to mobile users via a cloud app then one the ways you can do it with very less code is by using service bus relay which connects Azure to the on-premise database using WCF endpoints and then presenting the information out to the mobile user. As you can see this is a synchronous operation.

Tools:
http://azurestorageexplorer.codeplex.com/


Reference:
http://channel9.msdn.com/Events/windowsazure/learn/Keynote-Getting-Started-with-Windows-Azure
http://blogs.msdn.com/b/morebits/archive/2010/12/20/walkthrough-windows-azure-service-part1-introduction.aspx

Friday, July 27, 2012

SharePoint 2010 SharePoint Administration Service not starting

SharePoint 2010 SharePoint Administration Service (spadminv4) not starting.

This is because of a new security patch that requires access to the internet from the server which in many cases is not available. For those servers the SPAdminv4 service times out while trying to start.
http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/850d9823-2c7c-4557-8e85-904a59f73704

KB: http://support.microsoft.com/kb/2677070

Solution:
- Enable internet connectivity from the affected servers via TMG
- Uninstall the patch after checking with security.

Monday, July 16, 2012

SP2010 Fast Search

FAST Overview and Planning:

Compare SharePoint search products:
http://technet.microsoft.com/en-us/library/ff631149.aspx

Index connectors:
The FAST Search connector crawls:
- SharePoint sites
- Web sites
- File shares that contain content such as Microsoft Office documents
- Exchange public folders
- Line of business data, for example content from databases
- Custom repositories, accessed with a custom built connector

A content source in the FAST Search Content Search Service Application (Content SSA) is a set of options that you can use to specify what kind of content is crawled, what URLs to crawl, and how deep and when to crawl.


You can create up to 500 content sources in the Content SSA, and each content source can contain as many as 500 start addresses.
You can only crawl one kind of content per content source.

Custom indexing connector: http://msdn.microsoft.com/en-us/library/ee556429.aspx

Before you can start incremental crawls of one or more content sources, the system must first complete a full crawl.

Federation (Type of connections)
Search index on this server
FAST Search index.
OpenSearch 1.0 or 1.1

Authentication:
The content access account that you use must have read permissions on all content that is crawled


FAST Search Web crawler
The FAST Search Web crawler is typically a component inside a FAST Search Server 2010 for SharePoint installation. Internally, the FAST Search Web crawler is organized as a collection of processes and logical entities, which in most cases run on a single server. When the number of Web sites or total number of pages to be crawled is large, the FAST Search Web crawler can be scaled up by distributing these processes across multiple hosts. This requires additional configuration. It can crawl HTTP, HTTPS and FTP content and supports NTLM version 1 (and to a limited extend version 2), Digest, basic auth and form based logon authentication. RSS scheduling is supported and you can tag linked documents from the feed.

FAST Deep dive videos:
http://www.youtube.com/watch?v=Xh26u-OidLg
http://channel9.msdn.com/Events/Speakers/Jeff-Fried

Deployment steps:
http://technet.microsoft.com/en-us/library/ff381267.aspx
http://technet.microsoft.com/en-us/library/ff381240.aspx
http://technet.microsoft.com/en-us/library/ff381261.aspx
http://technet.microsoft.com/en-us/library/ff354931.aspx(deployment.xml)http://technet.microsoft.com/en-us/library/ff381251.aspx
http://technet.microsoft.com/en-us/library/gg710538.aspx(installation wizard fails)
http://technet.microsoft.com/en-us/library/ff393738.aspx(unable to connect, cert issue)
http://technet.microsoft.com/en-us/library/ff381253.aspx (enable queries)http://technet.microsoft.com/en-us/library/ff381272.aspx (verification)http://fastforum.info/viewtopic.php?f=6&t=223 (no results issue)

Configure Authorization:
If Get-FASTSearchSecurityClaimsUserStore does not return anything then configure below steps,
1. From the FAST Search Server 2010 for SharePoint, open a Microsoft FAST Search Server 2010 for SharePoint shell under the user account of a user who is a member of the local FASTSearchAdministrators group and run the following commands.
New-FASTSearchSecurityClaimsUserStore -id win
Set-FASTSearchSecurityDefaultUserStore -DefaultUserStoreId win
2. Repeat step 1 on each query server.


If you added the fast admin account to the local admin group on the server, please remove it. It should only be a part of the FASTServerAdministrators group on the server.
http://digsharepoint.blogspot.com/2011/06/unable-to-get-any-search-results-fast.html
Remember the behavior mentioned in the above link will exist if you try to query fast locally (using http://localhost:13280) or from SharePoint using an account that is added to the administrators group on the FAST server.

Other references:
http://technet.microsoft.com/en-us/library/ee781286.aspx
Availability / Fault Tolerance
http://searchunleashed.wordpress.com/2011/07/15/sharepoint-search-and-fast-search-for-sharepoint-architecture-diagrams-fault-tolerance-and-performance/

Friday, July 6, 2012

SP2010 Claims

WS-Security provides a core function by defining mechanisms for assuring message authenticity, integrity and confidentiality through the use of security tokens

WS-SecurityPolicy enables the description of the security requirements of services via assertions about the security mechanisms of the services (i.e. algorithms and types of tokens that the service accepts). Using these assertions web services are able to recognize and assess the types of security tokens and claims that are required for exchanging messages securely. 

WS-Trust provides an additional piece of the foundation for federation by defining a service model, the Security Token Service (STS), and a protocol for requesting/issuing these security tokens which are used by WS-Security and described by WS-SecurityPolicy.

A fundamental goal of WS-Federation is to simplify the development of federated services through cross-realm communication and management of Federation Services by re-using the WS-Trust Security Token Service model and protocol.
WS-Federation does not restrict users to a specific security token format. Instead, WS-Federation builds on the WS-Trust encapsulation mechanism, the RST/RSTR, which allows protocol processing to remain agnostic of the type of token being transmitted.

Access to SharePoint Server running in Claims Mode Authentication utilizes
a Security Token Service (STS) which is essentially an authentication gateway to SharePoint
Server that enables access for Windows Integrated Authentication, Form Based Authentication and Trusted Claims Providers (TRUST).


C2WTS

Some service applications require the use of the Windows Identity Foundation (WIF) Claims-to Windows Token Service (C2WTS) to translate claims within the farm to Windows credentials for outbound authentication. It is important to understand that Service Applications that come with SharePoint Server can leverage the C2WTS only if the incoming authentication method is either Classic mode or Windows claims. 


Claims Augementation

A claims provider in SharePoint Server 2010 can be used to augment claims and provide name resolution. By using claims authentication, you can assign rights based on claims without having to know who users are, or how they are authenticated. You only have to know the attributes of the users. You can, for example, use a piece of corporate metadata that is associated with a person and have the claims provider do a lookup to another system to determine the different identities of a particular person—Windows, forms-based authentication, SAP, CRM, and so on—and map another identifier or set of claims to that identity. Those claims are then used to grant access to resources.

Compund Claims augemenation with AND operator


http://msdn.microsoft.com/en-us/magazine/hh547099.aspx

Claims encoding

http://www.directsharepoint.com/2011/11/claims-encoding.html

Difference between Windows Claims and SAML Claims

http://msdn.microsoft.com/en-us/library/ee534967.aspx

Network load balancer considerations

You need to set network load balancing to single affinity when using claims-based authentication. If you use SAML token-based authentication with AD FS on a SharePoint Server 2010 farm that has multiple Web servers in a load-balanced configuration, there will be an effect on the performance and functionality of client Web-page views. When AD FS provides the authentication token to the client, that token is submitted to SharePoint Server 2010 for each permission-restricted page element. If the load-balanced solution is not using affinity, each secured element is authenticated to more than one SharePoint Server 2010 server, which will result in rejection of the token. After the token is rejected, SharePoint Server 2010 redirects the client to authenticate again back to the AD FS server. After this occurs, an AD FS server will reject multiple requests that are made in a short time period. This behavior is by design, to protect against a denial of service attack. If performance is adversely affected or pages do not load completely, set network load balancing to single affinity. This isolates the requests for SAML tokens to a single Web server.

 
References:

Wednesday, June 6, 2012

NoSQL

SharePoint search - Reduce network traffic

Scenario:
http://hostname1.com is an intranet site is hosted on an internal Server 1. The host file on server has an entry to make sure all requests made to hostname1 points to the same server, 
127.0.0.1 hostname1
However each time the SharePoint search crawler runs all requests made to http://hostname1 is first made to the proxy which then redirects it back to Server 1 which unnecessarily increases load on the network and the proxy introducing performance issues.


Solution:
- Review the corporate proxy script (if you have one) used for IE on the server and make sure it does not send intranet request to the proxy.


- If the above does not solve the problem, follow below steps
        => Grant search content access local server rdp access on Server 1
        => Login to the server with the search content access account 
        => Open IE and uncheck "Automatically detect proxy"
        => Remove the search content access account rdp access to Server 1
I am very sure the above steps can be handled differently by editing the registry for the local machine which is something I was not able to uncover so far.

Project Server 2010 Quick Launch

Scenario:
Hide quick launch entries on Project Server 2010 web access site does not work. Navigate to Server Settings -> Quick Launch -> "Quick Launch Item" -> Display on Quick launch -> No -> OK and Save.


Solution:
This is a very strange problem and is observed when you have Publishing infrastructure activated on the pwa site. Navigate to Site Settings -> Navigation -> Click OK.


If you have already hidden the quick launch item from Project Server 2010 and it still shows up then after performing the above steps it should now become invisible. I think this is a bug in the product.


Reference:
http://social.technet.microsoft.com/Forums/en-US/projserv2010setup/thread/a60cc21b-4594-4a73-86a1-a4cc78930216

Tuesday, June 5, 2012

Project Server 2010 - Delegation error

Scenario:
Users are presented with the below error message when they navigate to PWA homepage on a Project Server 2010 web instance.


You do not have sufficient permissions to view the specified page. Please contact your administrator for permissions to view this page.


Solution:
This situation can happen when there are several delegations setup for a particular user and some of the accounts used in the setup are either inactive now or do not have any security permissions.


Remove the incorrect delegations for the user account which is facing this error. 


If you do not see any delegations when you click on "Manage Delegations" link under "Personal Settings" then permissions are not correctly set. To set the correct permissions, follow below steps,
- Click on "Server Settings"
- Click on "Manage groups"
- Click on the group that includes the current account.
- Under Categories section click on any category, in my case it was "My Organization"
- Permissons for "My Organization" will open. Now make sure 'Manage Resource Delegates' is enabled under Resource section and hit Save.
- Also make sure that the current Group permission have the same option enabled.
This link provides all details, http://technet.microsoft.com/en-us/library/gg188119.aspx




References:
http://social.technet.microsoft.com/Forums/ta/projserv2010setup/thread/17ebfb42-2fcf-43f1-b401-7c52d6d9a5a5
http://www.msprojectnow.com/Knowledge/Blog/tabid/142/entryid/394/Cancel-Delegate-Session-in-Project-Server-2010-via-SQL-Statements.aspx

Tuesday, May 22, 2012

SP2010 Export/Import List

Scenario:
Copy a list "ListName" (Title = ListTitle) from source "Site 1" to destination "Site 2" subsites. "Site 2" already has a list with the name "ListName". The title and url both are the same on source and destination.


Solution:


export-spweb "http://hostheader/subsite/site 1" -path "c:\folder_name" -itemurl "/subsite/site 1/listname" -includeusersecurity -nofilecompression -includeversions 4


Open the folder, "folder_name" and edit the Manifest.xml file.
Find and replace "ListName" to something else.
Find and replace "ListTitle" to something else.


Import-SPWeb " http://hostheader/someothersubsite/site 2 " -path "c:\folder_name" -nofilecompression -includeusersecurity



Monday, May 14, 2012

Powershell - Bulk spdispose check


Script to bulk-rename all wsp's to cab:
dir *.wsp | Rename-Item -NewName {$_.Name.Replace('.wsp','.cab')}


Script to extract dlls from cab files:
get-childitem | foreach-object {Write-Host "Processing:"$_.Name; expand.exe .\$_.Name -f:*.dll "Path where all extracted dlls must be saved. Must end with \ ";  }




Script to perform dispose check and save log file for all dlls:
get-childitem "Path where all dlls are saved" | foreach-object {Write-Host "Processing:"$_.Name; .\spdisposecheck.exe $_.fullname }

Tuesday, May 8, 2012

SP2010 Search one-way trust domain

Scenario:
In a multi-domain environment where is one way trust between domanis search does not return security trimmed results for either one of the domains. 


Error in ULS: 
AuthzInitializeContextFromSid failed with ERROR_ACCESS_DENIED. This error indicates that the account under which this process is executing may not have read access to the tokenGroupsGlobalAndUniversal attribute on the querying user's Active Directory object. Query results which require non-Claims Windows authorization will not be returned to this querying user. da324c89-8a72-4b2b-a2b9-ed5cab78c16d


Solution:
This is because the search service accounts do not have required permissions to gather ACLs for the domain account who issued the search query. Resolution is to force search service app to use Claims to store acl information and for security trimming the service account do not need to talk to domain controllers to get acls.


http://support.microsoft.com/kb/2344518 

SP2010 Upgrade


Scenario:
Error while upgrading site with publishing features enabled. Command used is upgrade-spcontentdatabase


Upgrade [SPSite Url=site url] failed. Microsoft.SharePoint.Portal.Upgrade.MossSiteSequence has the ContinueOnFailiure bit set. Moving on to the next object in sequence.
[powershell] [SPUpgradeSession] [ERROR] [5/8/2012 2:16:28 PM]: Inner Exception: Attempted to perform an unauthorized operation.
[powershell] [SPUpgradeSession] [ERROR] [5/8/2012 2:16:28 PM]:    at Microsoft.SharePoint.SPSite.set_AllowMasterPageEditing(Boolean value)
   at Microsoft.SharePoint.Portal.Upgrade.AllowMasterPageEditingAction.Upgrade(SPSite site)
   at Microsoft.Office.Server.Upgrade.SiteAction.Upgrade()
   at Microsoft.SharePoint.Upgrade.SPActionSequence.Upgrade()


Solution:
Make sure all options are enabled for the SharePoint Designer settings at the web application level and re-run the command.

Friday, May 4, 2012

Managed Metadata Service - OfflineTermStorenames

Scenario:
Created a new managed metadata service application and associated it to web apps. When we try to execute the below three lines of powershell, you notice that the metadata service application is listed under offlinetermstorenames and nothing under TermStore or DefaultTermStores. This used to be case even if I created the service application using UI or Powershell.



$site = Get-SPSite $site_url
$session = Get-SPTaxonomySession -site $site
$session



Solution: 


To get offline termstore back:
1. Make sure we have MMS service started on at least one machine in the farm.
2. IIS reset on all WFEs.
3. Wait for about 15 to 20 minutes. [IMP Step]
4. It will back online by itself.



Reference:
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.taxonomy.taxonomysession.offlinetermstorenames.aspx

Wednesday, May 2, 2012

Search service is not able to connect to the machine that hosts the administration component

Scenario:
A SP2010 Farm with 1 SSA(Search service application). Trying to provision another SSA using UI or Powershell, either ways results in the same behavior. The provisioning completes successfully however when you navigate to the SSA management page for the particular app, it displays the above message with the GUID of the administration component. Key point to observe here is that the search pool account used by SSA1 is the account under which the OSearchv4 service runs. SSA2 which is being provisioned now uses a different service account.


Solution:
I checked the databases that got created once SSA2 was provisioned and noticed that only the new service account is getting added to them as owner. ULS logs in verbose mode indicates that the OSearchV4 service account is trying to access SSA2's databases and cannot login. Hence the solution to my problem was to simply add the OSearchv4 service account as dbowner to the newly created databases and then wait for some time for the administration component to get provisioned.


Alternatively the below powerhshell can also be executed,
$searchapp=New-SPEnterpriseSearchServiceApplication "SSA2 name"

$searchinstance= Get-SPEnterpriseSearchServiceInstance "servername" 
$searchadmin=Get-SPEnterpriseSearchAdministrationComponent -SearchApplication $searchapp
$searchadmin=Set-SPEnterpriseSearchAdministrationComponent -SearchApplication $searchapp -SearchServiceInstance $searchinstance


Remember to wait at least 5 mins for the provisioning to complete.




Friday, April 20, 2012

Powershell - Get-SPSite Owner, Size

Get-SPSite "url" | select url,owner,@{label="Size in GB";Expression={$_.usage.storage/1GB}} | convertto-csv | set-content test.csv

Friday, April 13, 2012

Design Ideas - Get Latest changes from SharePoint

Requirement: Users need to know new additions, modifications or deletions within a SharePoint site collection during a time range.


Solution options:
1. Use the SharePoint Foundation change log, http://msdn.microsoft.com/en-us/library/bb417456.aspx
2. Query the site collection using SPQuery or SPSiteDataQuery based on Created and Modified columns.



Thursday, April 5, 2012

PS2010 Solution Starter - Unauthorized 401

Couple of tools (Bulk Edit / Import) in the Project Server 2010 Solution Starter, http://archive.msdn.microsoft.com/P2010SolutionStarter do not work in a load balanced environment and result in 401 Unauthorized exception.


Solution: This is due to double hop issue arising out of PSI calls in the code.
Here are the various options,
1. Implement Kerberos on the farm (production solution)
2. Implement AAM to point all requests to one of the servers in the farm.
    - Set up public url in the internet zone.
    - Set up IIS bindings on all servers to point to the 1 server which will server content.
    - IIS reset


*Make sure the project web access application pool account is a project server administrator on the pwa instance.

SharePoint 2010 and Kerberos

Simple cheat sheet to enable kerberos on an existing SP2010 web application configured in Classic Mode and currently using NTLM.


Scenario: Web application host name is xyz.company.com and is hosted over http. Pool account is domain\poolacnt


Steps: 
1. Check if there is a SPN existing in current forest as http\xyz.companyname.com. If the spn is not setup for account domain\poolacnt then we will run into a duplication issue. Hence either the existing SPN needs to be removed or a decision needs to be made on the host name.


For W2008 Server use command setspn -q http/xyz.companyname.com


2. Register SPN for pool account using setspn command


3. Configure SP Authentication Provider in central admin


4. In IIS 7 -> Web Site -> Authentication -> Windows Authentication make sure Negotiate is the first option selected. For testing purpose, remove everything from the listbox and add only Negotiate:Kerberos to the list. This will prevent NTLM fallback


5. Use Fiddler, KerbTray and Windows event logs to troubleshoot and make sure kerberos is the authentication mechanism being used.


Issues faced: Due to a duplicate SPN registered with another service account in AD the behavior I experienced was, the web site was repeatedly prompting for user credentials although the credentials were right and eventually returned HTTP 401. Once we removed the duplicate and waited for replication to complete, this issue was resolved.

References:
http://technet.microsoft.com/en-us/library/cc961976.aspx
http://technet.microsoft.com/en-us/magazine/ee914605.aspx
http://technet.microsoft.com/en-us/library/cc738207(v=ws.10).aspx

Wednesday, April 4, 2012

SP2010 Managed Account 20 char limit

If you use an account which has more than 20 chars length while registering managed accounts the below error is returned,


The specified user domain\username could not be found. Some or all identity references could not be translated.

Wednesday, March 28, 2012

SP2010 Upgrade Incoming Email does not work

Scenario:
Configured Incoming email on new SP2010 farm as per technet. Database attach upgraded a SP2007 site collection. The host name has not changed in SP2010 but the incoming email server address changed.
Incoming emails are seen in the drop folder but do not get processed. ULS reports "missing alias" errors for the aliases which were working in SP2007.


Solution:
For the library where the incoming email feature is not working, navigate to list settings -> incoming email settings, disable incoming email and enable with same email address


To identify impact on environment using below SQL query against content database,



SELECT Webs.FullUrl, AllLists.tp_Title, AllLists.tp_EmailAlias
FROM AllLists
Inner join webs on AllLists.tp_WebID = Webs.Id
where AllLists.tp_EmailAlias is not null

Tuesday, March 20, 2012

When to create a Service Application ?



Scenarios where service application development becomes a requirement


Those that share data across site collections or web applications (such as the Web Analytics or Managed Metadata service applications in SPS 2010)

Those that provide specialized calculations or analytics services (such as Web Analytics, Excel Services, or PerformancePoint Services)

Those that aggregate data (such as Search)

Those that are long-running or very intensive processes (such as Web Analytics, Search, or Word services)

Those that are used for middle-tier applications

Reference: http://msdn.microsoft.com/en-us/library/gg193964.aspx

Wednesday, March 14, 2012

PostBuild - GACUtil

Here is a handy visual studio post build script to GACassemblies and recycle application pools.

gacutil.exe -if "$(TargetDir)$(TargetFileName)"
iisapp /a SharePointContentAppPool /r

Wednesday, February 29, 2012

Project Server 2010 - Custom workspace template

To create a new workspace template for in project server 2010,
1. Create a new site using Microsoft Project site template
2. Make customizations
3. Save site as template, i.e. solution (wsp file)
4. Download wsp file from solution store and re-upload to pwa site collection. 
5. Activate solution
6. Navigate to Server settings -> Project workspace settings and change default site template.
7. Navigate to Server settings -> Enterprise Project Types (For each project type change the default template)

Monday, February 20, 2012

SP2010 Breadcrumb Missing

Scenario:
On sites with /default.aspx as homepage after migration from SP2007 to SP2010, the breadcrumb is missing on homepage. When you click the folder icon in ribbon it says "The page location is:" and does not show anything else below it.


Solution:
Use SPD to remove, ContentPlaceHolderId="PlaceHolderTitleBreadcrumb" runat="server"/>” from default.aspx.


Reference: http://social.technet.microsoft.com/Forums/en/sharepoint2010setup/thread/632558af-f9f0-4b54-87e4-cc75a0947b2a 

Friday, February 17, 2012

Target audience - Navigation

Scenario: Target audience does not work for SharePoint groups configured for navigation links on top and left (quick launch) in SharePoint 2010.

Solution: Make sure the User Profile Service application is created and associated to the web application in central administration.

Wednesday, February 15, 2012

Create sharepoint site in a specific content database

This is possible by using New-SPSite powershell cmdlet in SP2010. Other option which was useful even in SP2007 was to toggle the max site count settings per database.


http://technet.microsoft.com/en-us/library/ff607937.aspx

Tuesday, January 31, 2012

STSADM import error

Scenario: You get this error although you have a valid export of a subsite from a site collection which you had taken using a farm account. You are trying to import using the farm account.


FatalError: The file cannot be imported because its parent web does not exist


Solution:


Make sure that before you do the export the site is not set to readonly.





Saturday, January 28, 2012

Disaster Recovery - Server down

Scenario: For some reason, if the SharePoint installation gets corrupt on one of the front end's or application server in a SharePoint farm. If this is a front end server, users will get service errors when a request is sent to the faulting front end. If there is a load balancer that would greatly help the situation.


Solution:


*If you have a load balancing solution, remove the faulting server from the load balancer first.


1. Uninstall SharePoint binaries from the server. If Project Server binaries are installed, uninstall that also from the Control Panel. This will automatically remove the server from the farm.


2. Reboot server
-After reboot open IIS and check if there are any orphan sites. If you see something like IIS_Site0, click on the Sites tab above it and remove the site.


3. Reinstall all binaries on the server, e.g.
   a. SharePoint binaries
   b. Project Server binaries
   c. SharePoint Foundation - SP1 
   d. SharePoint Server - SP1
   e. Foundation - June CU
   f. Server - June CU


4. Run psconfig using Configuration Wizard or powershell and choose to add the server to an existing farm. Provide configuration database information. The server will automatically be configured and added to the farm. If there is no other server in the farm hosting central admin, then this server will automatically be enforced to host central admin.


5. If custom solutions were installed on the server, during psconfig all the 14\hive folders will be automatically be provisioned. If any custom changes were made not using wsp's in the 14 hive then they will have to be manually re-done as the re-install process wipes out the 14 hive.


6. If the faulting server was the server where the search admin component was hosted and also if it served the query role, search will be broken. 
To restore the admin component use the below script (assuming there is only 1 search service application)


$varInstance = Get-SPEnterpriseSearchServiceInstance -local  
$varSearchApp = get-spenterprisesearchserviceapplication
set-spenterprisesearchadministrationcomponent –searchapplication $varSearchApp –searchserviceinstance $varInstance


7. Sometimes the crawl component may get stuck in a Recovering state. To resolve this, create a new crawl component with the same parameters on the same server. Once this is complete, you will notice that the old and new crawl component both come online. Delete the old crawl component.


References:

http://blogs.technet.com/b/poojk/archive/2011/11/28/sharepoint-2010-search-service-is-not-able-to-connect-to-administration-component-server.aspx


http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/02eb41cd-1907-409a-a6f9-18c1954676db/




Wednesday, January 25, 2012

SP2010 content and structure tool error


Scenario:
When users visit the content and structure tool then get an "object reference not set to instance of an object" error. Here is the stack trace,


"Server error in'/' application.
Object reference not set to an instance of an object."

Stack Trace:
[NullReferenceException: Object reference not set to an instance of an object.]
Microsoft.SharePoint.Publishing.Internal.WebControls.ObjectSerializer.evaluateTestAutomationId(CachedList cachedListToEval) +48
Microsoft.SharePoint.Publishing.Internal.WebControls.ObjectSerializer.get_AutomationId() +189
Microsoft.SharePoint.Publishing.Internal.WebControls.EcbEnabledTreeNode.RenderPreText(HtmlTextWriter writer) +183
System.Web.UI.WebControls.TreeNode.Render(HtmlTextWriter writer, Int32 position, Boolean[] isLast, Boolean enabled) +7748
System.Web.UI.WebControls.TreeNode.RenderChildNodes(HtmlTextWriter writer, Int32 depth, Boolean[] isLast, Boolean enabled) +962
System.Web.UI.WebControls.TreeNode.Render(HtmlTextWriter writer, Int32 position, Boolean[] isLast, Boolean enabled) +8926
System.Web.UI.WebControls.TreeView.RenderContents(HtmlTextWriter writer) +274
System.Web.UI.WebControls.WebControl.Render(HtmlTextWriter writer) +41
ASP._layouts_sitemanager_aspx.__RenderForm1(HtmlTextWriter __w, Control parameterContainer) +1011
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +114
System.Web.UI.HtmlControls.HtmlForm.RenderChildren(HtmlTextWriter writer) +252
System.Web.UI.HtmlControls.HtmlForm.Render(HtmlTextWriter output) +86
System.Web.UI.HtmlControls.HtmlForm.RenderControl(HtmlTextWriter writer) +52
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +239
System.Web.UI.HtmlControls.HtmlContainerControl.Render(HtmlTextWriter writer) +41
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +239
Microsoft.SharePoint.WebControls.UnsecuredLayoutsPageBase.RenderChildren(HtmlTextWriter writer) +57
System.Web.UI.Page.Render(HtmlTextWriter writer) +37
Microsoft.SharePoint.WebControls.UnsecuredLayoutsPageBase.Render(HtmlTextWriter writer) +57
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeSta
Solution:


The content and structure tool is very sensitive to any kind of missing lists or subsites in the site collection. Possibly caused due to Publishing feature activation/deactivation or some other type of corruption


First we need to check if corruption exists using,
stsadm -o databaserepair


This will return the orphaned objects with the corresponding ID and WebID. If it does not return any results then you will have to write some powershell to get all lists in the site collection and check if any of them returns the famous "List does not exist" error when you browse to /site/subsite/_layouts/ListEdit.asps?List={GUID} page


In my case databaserepair returned some lists which were orphaned all from the same subsite.


I took the ID of 1 of the list which was orphaned and fired a SQL query against the content database.


select * from dbo.AllDocs with (nolock) where ListId='listID'


This query also returned the WebID associated with the ListId. In my case all the orphaned sites were from the same web and this web was deleted by an end user and hence it was in the recycle bin.


Here are the steps I am going to take to fix this,
1. Delete the items from the recycle bin and make sure it is completely deleted.
2. Run databaserepair cmd again to test for corruption
3. If everything works out the tool should be working again.

SP2010 search crawl error

Scenario:
The crawl log returns the following error while crawling some site collections in the farm, 
1. The object cannot be found
2. Cannot download the item


Solution:
In my case this was because the site was not accessible from the index server. Try to open the site in a browser on the index server (assuming that host file entries are configured to point to itself). If it does not open or returns an error message "An unexpected error occurred"  on a white screen then it is because the server cannot connect to the database server.


If used,make sure the SQL alias is configured correctly for 32-bit and 64 bit configurations. Make sure the port number is correct. Make sure you can access the database instance using management studio with the same instance name configured in SharePoint.



SP2010 RecycleBin bug

Scenario:
If you delete a list or navigation item using the browser, and if recycle bin is enabled for the site the item is moved to the recycle bin. In SP2007 the deleted item is not shown in the regular views, i.e. in the all site content view or in the top navigation. In SP2010 SP1/June CU it does show up and if you use Powershell to open it, it does return a partial reference to the object, i.e. $web.Lists["deleted list name"] will show some properties of the list, but $web.Lists["deleted list name"] will throw an object reference not found error.

Solution:
Delete the item from the recycle bin !




SP2010 Client Access License

Tuesday, January 24, 2012

SP2010 Site Templates


Issue 1:
If you create a site template by saving an existing site as template from site settings, it creates a user solution in the site collection and automatically activates it. You can then go ahead and create sites based on this template. If for any reason you delete the site created from the template and if the user solution was still active in site collection settings, then we will not be able to deactivate the solution at all. This leaves an orphaned solution in the site collection. There is no permanent fix for this problem at the moment. One workaround is to restore the deleted site from recycle bin and then deactivate the solution after which you can delete the site.

References:

Issue 2
When you try to create a site template you are presented with the below error and the spinning processing icon,
InvalidOperationException: Error generating solution files in temporary directory.
ULS Logs error : List does not exist.

This situation occurs if you had enabled SharePoint Publishing feature on the site at one point in time before and then deactivated it later to save the site as template. The deactivation leaves references to some SharePoint internal lists but the lists themselves get deleted (My assumption). Hence you will not be able to create a template from such a site. Also, please note that this situation is not consistent, i.e. in some cases you are able to create site templates from a site which had SharePoint Publishing feature enabled previously.


If you google this error, you will notice that people talking about insufficient permissions on the temporary directory on the front-ends etc. Just to be sure that it is not the case make sure that you can create site templates from other sites in the same site collection or different site collections in the farm.


As a workaround you can recreate the source site artifacts for a clean template either manually or using powershell / custom code.