You are currently browsing the category archive for the ‘MOSS 2007’ category.

Installed MOSS 2007 SP2 on a 64-bit machine running Windows Server 2008, and restored a site collection from another domain. Running into SSRS issues (but lets save that for later !). Tried to open the site url in Windows Explorer and ran into errors. Then tried openning a sharepoint list using Actions -> Open with Windows Explorer, and the same problem. Got this error message”

Your client does not support opening this list with Windows Explorer.

Turns out, this is because the Desktop Experience feature was not installed. Installed as follows:

1.Click Administrative Tools -> Server Manager
2.Expand the Features node
3.Click Add Features
4.Check Desktop Experience, and install
5.Restart the server once done.

Had my users complain about how painfully slow it is the first time they hit the portal every morning, and then things get back to normal. I had put it on the back-burner, but now that things are under control, I got some time to revisit this issue.

Every night, the App Pool recycles, and then pages are compiled from the generic MSIL to native code upon first use. This is known as just-in-time (JIT) compilation. If not performed beforehand, it can cause pages to load slower the first time they are requested.

This can be simulated by doing an iisreset on your server and benchmarking the time it takes to load a page… just for kicks

What I needed was a warmup script that would hit all critical webpages for me every night, after the recycle. Found this file WarmUpServer.zip that I customized to my use.

All credit goes to Joel Olson, and Andrew Connell

After playing around with my MOSS installation for some time, I realized that a lot of stuff resides in what Microsoft euphemistically calls the ’12 hive’. So, instead of pulling up the command prompt everytime and navigating to the directory, I decided to create a desktop shortcut.

  1. Go to the Desktop on the server that is running SharePoint Server 2007
  2. Right click and choose New -> Shortcut
  3. Type %windir%\system32\cmd.exe in the location textbox, click Next
  4. Name the shortcut as Shortcut to 12 Hive or anything else you want, click Finish
  5. You will see the icon for the shortcut you just created on the Desktop
  6. Right click the icon and choose Properties
  7. On the Shortcut tab, change the value in the Start in textbox to the location of the 12 hive,
    type “%PROGRAMFILES%\Common Files\Microsoft Shared\web server extensions\12\bin”
  8. Click OK.

Of course, the other way would be to have it in your PATH

Now now, not everybody has the latest version of Excel on their desktops. Does the mean they are SOL ? Not quite, there is a way you can use Excel 2003 as a client to ‘publish’ spreadsheets for use with Excel services.

Make sure you have the Office 2007 Compatibility Pack installed. You need this to be able to save your Excel file in Excel 2007 format.

I had promised to bring the features and review the same for the neat Sharepoint Deployment Tool on Codeplex

Ability to Pick and Choose content

Say you have finished developing and unit testing the code, and now it needs to be pushed into UAT. You might not want to export/import the whole site, as there might be pieces you are still working on. This tool comes in handy in such cases as you have the ability to pick and choose the items you want to deploy, down to the individual files, items, lists level. This is very useful when deploying/migrating content from one environment to the next.

Dependant objects can be selected

Any referenced objects, master pages, CSS files, images, etc are included by default as a part of the export and that greatly reduces the chances of something ‘breaking’ as a part of the deployment. You have the option of choosing ‘Exclude dependencies of selected objects’, of you so desire.

Retain Object GUID

If you have used stsadm, you might have noticed that there is no option to retain GUIDs when deploying sites. This makes troubleshooting and debugging a lot more difficult. This tool retains object GUIDs as a part of deployment. This helps in incremental deployment on sites that already exist on the target.

Versioning Flexibility

You have the choice of getting the latest major version, major and minor version, or all versions of any and all items you are looking to deploy. This helps make incremental changes possible for objects that need to go in on top of what already exists on the target.

And best of all, its FREE

 

Nothing is perfect, of course.

Some shortcomings

Does not work for the following types of content – recycle-bin, alerts, audit trail, change log history, workflow tasks/state.

Does not work for system level files – features, assemblies, solutions, etc

Cannot transfer list items to another at a different URL. Click here for a discussion on this.

Overall, even with the few limitations, it is a great tool and something you should check out and put in your toolbox. It will definitely come in handy.

I have been struggling with the best way to migrate and deploy content between farms from the development to testing environment, finally to production. The stsadmin options work best for a first-time deployment, but as things change and more code is to be pushed out on an incremental basis, those options fall short.

Looking at codeplex, I came across this tool. Will post a detailed review later

Sharepoint Deployment Tool on Codeplex

According to the author,  Chris O’Brien

The SharePoint Content Deployment Wizard is a tool for SharePoint 2007 which provides the means to deploy the following content:
– site collections
– webs
– lists
– folders
– list items (including files)

Content is exported using the Content Migration API (PRIME) as a .cmp file (Content Migration Package) which can be copied to other servers for import. Unlike the out-of-the-box tools, the Wizard allows *granular* selection of content via a treeview.

Continuing my tussle with setting up Kerberos authentication in the sharepoint environment, I ran into another issue today.

Windows has a rule that causes it to fall back to NTLM authentication if there is an issue with the Kerberos authentication. So I had to validate that we were indeed using Kerberos as the authentication method, and in order to do that, I had to enable logon events on the servers.

To get to the Local Security Settings, go to Start -> Run (or just press <Windows Key>+R)
type secpol.msc
Navigate to Security Settings -> Local Policies -> Audit Policy

Local Security Policy Window

Local Security Policy Window

 The events you want to log are:

Account logon events: This event is audited to see each instance of a user logging on to or logging off from another computer in which this computer is used to validate the account. Account logon events are generated in the domain controller’s Security log when a domain user account is authenticated on a domain controller. These events are separate from Logon events, which are generated in the local Security log when a local user is authenticated on a local computer. Note: Account logoff events are not tracked on the domain controller.

Logon events: This event is audited to see when someone has logged on or off your computer (either while physically at your computer or by trying to log on over a network).

Double-click Audit account logon events to bring up the window to change Security Settings
I found that the Properties window had the Success and Failure options greyed out

Audit Logon Events Properties (Disabled)

Audit Logon Events Properties (Disabled)

 I was logged in as a Local Administrator, but it just wouldn’t let me enable those options.
Apparently, the Group Policy at the Domain Level takes precedence over Local Security Settings. And since I do not have Domain Administrator permissions, I could not login to the Domain Controller to make any changes.

The next step was to manually override the domain level Group Policy with the caveat that it will only last for 2 hrs as the domain controller refreshes the policies every 120-min.

Open Command Prompt: Start -> Run (or just press <Windows Key>+R)
type cmd
Change directory: cd C:\Windows\Security\Database

Export the existing security policy. This extracts all policies from the database and puts them in the Security Template file. Use the following command:
secedit /export /db SecurityDBName /cfg SecurityTemplateFile

Edit the Security Template file
notepad SecurityTemplateFile

Look for [AuditLogonEvents], change the value to 3 (for both Logon and Logoff to be audited)
Look for [AuditAccountLogon], change the value to 3 (for both Logon and Logoff to be audited)

Validate the Security template file thus created
secedit /validate SecurityTemplateFile

If everything checks out okay, make the changes to the security policy as:
secedit /configure /db SecurityDBName /cfg SecurityTemplateFile /overwrite

And you should be in business, with both options checked (though still greyed out)

Audit Logon Events Properties (Enabled)

Audit Logon Events Properties (Enabled)

Add to FacebookSlashDot ItAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

 After I setup Kerberos yesterday, I was looking through the logs, and found this error coming up on a rather frequent basis:

“The application-specific permissions settings do not grant Local Activation permission for the COM Server application with CLSID {CLSID} to the user Domain\User SID {SID}. This security permission can be modified using the Component Services administration tool.”

 The associated Event ID is 10017.

Microsoft has provided a set of articles, and here are the step-by-step instructions:

  1. On the server that is running SharePoint Server 2007, click Start, click Run, type dcomcnfg in the Open box, and then click OK.
  2. Expand Component Services, expand Computers, right-click My Computer, and then click Properties.
  3. Do one of the following:
    • For Windows Server 2003, click the Default Properties tab, click Delegate in the Default Impersonation Level box, and then click OK.
    • For Windows Server 2008, click the Default Properties tab, click Identify in the Default Impersonation Level box, and then click OK.
  4. Expand Component Services, expand Computers, and then double-click My Computer.
  5. Double-click the DCOM Config folder, and then right-click IIS WAMREG admin Service.
  6. Click Properties, click the Security tab, and then under Launch and Activate Permissions, click Edit.
  7. In the Launch Permission dialog box, click Add.
  8. In the Select Users, Computers, or Groups dialog box, type the user account that you specified as the SharePoint Server 2007 application pool account, click Check Names, and then click OK.
  9. In the Permissions for UserName list, click to select the Allow check box that is next to Local Activation, and then click OK.
  10. If you have more than one application pool account, repeat steps 7 to 9 for each one.
  11. Click OK.

Here is what I had to do to use Kerberos as the authentication method:

1. Service Principal Name (SPN) Registration 

A service principal name (SPN) is the name by which a client uniquely identifies an instance of a service.
For Kerberos authentication to work, we have to register the required SPNs for MOSS, SQL Server and SQL Server Analysis Services.
Logged in as a Domain Administrator, run the following from the command prompt:

For MOSS:
setspn.exe HTTP/FQDN domain\MOSS_ApplicationPoolAccount
setspn.exe HTTP/url domain\MOSS_ApplicationPoolAccount

For SSP:
setspn.exe HTTP/FQDN_for_SSP:portNum domain\SSP_ApplicationPoolAccount
setspn.exe HTTP/url_for_SSP:portNum domain\SSP_ApplicationPoolAccount

For Central Administration:
setspn.exe HTTP/FQDN_for_CentralAdmin:portNum domain\MOSS_AdminAccount
setspn.exe HTTP/url_for_CentralAdmin:portNum domain\MOSS_AdminAccount

For SQL Server:
setspn.exe MSSQLSvc/FQDN_for_SQLServer:[1433 | instance name] domain\SQLServerAccount
setspn.exe MSSQLSvc/url_for_SQLServer:[1433 | instance name] domain\SQLServerAccount

For SQL Server Analysis Services (OLAP):
setspn.exe MSOLAPSvc.3/FQDN_for_SQLServer domain\OLAP_Account
setspn.exe MSOLAPSvc.3/url_for_SQLServer domain\OLAP_Account

2. Enable Delegation for Servers (MOSS and SQL Server) and Accounts 

After registering the SPNs as outlined above, the next step is to ensure that the MOSS servers, SQL Server and accounts are trusted for delegation.
Logged in as a Domain Administrator:
Go to the Delegation tab for the Server, and select Trust this computer for delegation to any service (Kerberos only)
Go to the Delegation tab for the Service, and select Trust this user for delegation to any service (Kerberos only) 

3. Modify SSP to use Kerberos authentication

 Logged in as a Domain Administrator, run the following from the command prompt:
cd %Program Files%/Common Files\Microsoft Shared\web server extensions\12\BIN
stsadm –o setsharedwebserviceauthn –negotiate
iisreset /noforce

4. Modify Excel Services to use Kerberos authentication

Logged in as a Domain Administrator, run the following from the command prompt:
cd %Program Files%/Common Files\Microsoft Shared\web server extensions\12\BIN
stsadm -o set-ecssecurity -ssp Shared Services Provider Name -accessmodel delegation
stsadm -o execadmsvcjobs

5. Change default authentication mode to Kerberos

Go to Central Administration -> Application Management -> Authentication Providers
Click on “Default”
Change from NTLM to Negotiate (Kerberos)

And that should be it.

There is a bug in MOSS 2007 (or should I say another bug) that prevents you from deleting a copy of a .master file in Sharepoint Designer 2007.

The error message says:
This item cannot be deleted because it is still referenced by other pages

Apparently this happens because when you reset a master page to a site definition, MOSS somehow disconnects the copy file from the Sharepoint server – consequently you cannot delete it and get the “This item cannot be deleted because it is still referenced by other pages” error message.

Microsoft has this on their known issues list and suggests a workaround.
To work around this problem, mark the master file as hidden so that the master file does not appear as a selection when you create a new site.
Click here for steps

Use this as an easier workaround:

  1. Open Sharepoint Designer
  2. Create a New folder
  3. Move the ‘to be deleted’ files to this new folder
  4. Delete the folder and the files are gone… just like that !

Timeline

August 2017
M T W T F S S
« Mar    
 123456
78910111213
14151617181920
21222324252627
28293031  

Blog Stats

  • 42,577 hits