EricHarlan.com

SharePoint Search and DisableLoopBackCheck

By Eric Harlan
Published: December 18, 2011
Updated: December 18, 2011

Another shorty blog post.

I ran into an issue on a customer site where we needed to blow away a provisioned Search Service Application, create a new one and recrawl the environment. Although when we did, the SharePoint search crawler couldn’t access the sites it was trying to index. I did the normal checks to make sure I could log into the site using the search crawl service account and found that I could. Looked into the rest of the usual suspects and couldn’t weed out the issue.

Here is the error I was getting in the ULS log:

12/08/2011 09:41:44.97 mssearch.exe (0x2878) 0x24C4 SharePoint Server Search Gatherer cd11 Warning The start address http://your.domain.here.com cannot be crawled. Context: Application 'SearchServiceApplication' Catalog 'Site_Content_Database' Details: Access is denied. Verify that either the Default Content Access Account has access to this repository or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository verify that the account you are using has "Full Read" permissions on the SharePoint Web Application being crawled. (0x80041205)

I recalled playing around with loopback check when I was trying to get a performance monitor collection up and running. Turns out this was the culprit. So if you get this error make sure you turn LoopBack check OFF (1 = disabled where 0=disabled is off). If you need more info on managing the “DisableLoopBackCheck”.

Check it out here. Enjoy.

http://support.microsoft.com/kb/926642/en-us

Submit Article

7429 Views - View Comments (0)

SharePoint Conferences 2011 + Asia

By Eric Harlan
Published: November 14, 2011
Updated: November 15, 2011

This year marked a milestone in the SharePoint community and proof that SharePoint is going to be around for quite some time. This was the year that a non-product release year (no new version announced) pulled more attendee’s at a SharePoint conference than its former self.

What does that mean? Well it means that SharePoint is growing so strong in its role in the document management arena and its supporters are so pumped it doesn’t even take a new product to pull in the people for the conference. Eight thousand people that is by the way.

This year was actually a milestone for me as well. This was the year that I was accepted to give a session at SPC11, not just one, but three sessions in fact. They were all scheduled for the same day so after transitioning one of the sessions got pushed to another softie. It was a pretty daunting task to get prepared for this event. Let’s be honest, you can’t go into this one and wing the delivery as you can with so much other content. Not necessarily because you don’t know it as well, but the simple method of delivering the content has to be refined. This is as I mentioned, the largest SharePoint conference in the world.

My first session was a SuperDashboard/DashMash/MashupDashboard? Regardless of what you want to call it, it was a demonstration of using multiple tool points to create a landing page where users can do more than just render and pivot data. It involved using, Excel Services, BI Dashboard Designer, SharePoint Designer, InfoPath and of course the star of the show, SharePoint.

It was an unbelievable turn out, the room sat 800 people and at last count they closed the doors at 1,057 people. It was funny because I was doing some revisions on my VM’s before the session started so I wasn’t looking up very much. From when the first person walked in the door until the session started, I may have looked up 4-5 times. Well when time came for the session to start and I looked up there were literally people sitting down the aisles and lining the walls.

The second session was co presented with Mark Rackley and I have to say it was the most FUN I’ve ever had giving a presentation. We did a sort of Yin/Yang style on the pros and cons of using jQuery in SharePoint. Mark talked about all the cool things you can do in jQuery, while I discussed how things can go horribly wrong, and you just might have to call in a PFE to debug the environment. We showed querying the Document Object Model, speed tests and even ran a demo that would actually crashed our server live in the demo!

We were slated as the very last session of the day just before the conference wide trip off to Disney and that session started at 5pm (8pm for us East Coasters). Armed with this information we set out to make our session different from the rest. We bought two cases of Five Hour Energy and bribed our way through it! Ok well maybe not bribed but we were tossing out the energy drinks while being very free flowing and funny in the delivery of the content. Cracking jokes on each other as one would expect from a Yin/Yang session.

Shortly after the SharePoint conference I found myself jetting off to Asia for SPC’s little brother, SharePoint Conference South East Asia/Hong Kong.

The conference was a big success as I heard from an attendee that it was the largest SharePoint only conference on the entire continent. That is a huge statement, attendees come from all over Asia as far away as India, Sri Lanka, Pakistan and all over IndoChina to meeting in Singapore or Hong Kong just to get a sliver of the amount of content that is available at the US event.

After 30 hours of no sleep I finally arrived in Singapore and delivered a session on setting up the Managed Metadata Service Application, deploying a Content Type Hub and syndicating that content to other consuming Site collections as well as using the new Metadata Navigation feature. All the while meeting with and talking about every facet of SharePoint with the attendees during scheduled free times.

We had a great bunch of speakers from all over the planet there to present the sessions. The management of the entire conference was outstanding. As always it was great to put faces to avatars and personalities to tweets. I made some great friends in Singapore and solidified some others. Even the conferences food, as you would expect in Asia was outstanding!

Some free time included checking out the Marina Bay Sands casino. You know the one with the concrete island that spans the three buildings of the casino! Wondered around down near the harbor, checked out the MerLions, Durian building, floating “football” field the parks and the skyline. Literally the cleanest city I’ve ever been in, by far bar none.

After some time in Singapore, Michael Noel and I took a run over the border to Malaysia and a sleepy town by the name of Johor Bahru (JB). It was a sleepy industrial style city with not much to do in the way of sightseeing. But that’s just the way I like it anyway. We checked out a few temples and mosques as well as the local shopping district. Seems very touristy but I had the best Naan bread ever out of a street cart in some back alley of JB along with my first exposure to sugar cane juice. Outstanding.

After Singapore wound down, many of the speakers went off to meet the remaining speakers in Hong Kong to wrap up the Conference with some time delivering to the China extension of the conference. At this event I delivered a session on actually doing a database detach-reattach method migration. This session is unique in that there are very few slides in fact there are only 6 slides including an opening, closing and agenda slide. I sat in on many sessions in the past where the entire process is talked through via slide after slide for an hour and a half. I wanted to change this by actually doing it in front of the attendee, what issues that come up, and how to fix them.

Hong Kong ended up being more about the experience I had with friends from all over the world and the local folks. It had nothing to do with where in the world it was. In fact I made the correlation of Hong Kong to China town in NYC. If you weren’t paying attention they seem pretty close, minus the obvious nature of where you were. I finally got to spend some time with Ken Lo after he moved to San Francisco. Ken was born in Hong Kong and has his entire family there so he visits quite often.

Ken showed us around all over Hong Kong from Victoria harbor to Mon Ton from Tsim Sha Tsui (TST) to Wan Chai. It was a great time, I even got a (legit) 25 dollar hour long massage. It was so awesome and cheap I went back the next night. Picked up some ceramic chop sticks for 5 bucks and some amazing Asian food. Roast duck, giant prawns, rice, chicken knee’s, squid, chicken, pork ribs etc etc. All good stuff all happy Eric stuff.

After the conferences have wrapped up and the 26,385 miles in a single month all in the name of SharePoint have been put behind me, I reflect on the unique nature of our community. A collection of smart SOCIAL people who are excited about what they do, how the product is changing the way the way enterprises do business and having good time while they do it!

(Thanks to Ken Lo, Mark Miller and Michael Noel for the collective photos)

Submit Article

15512 Views - View Comments (0)

SPC11 MSPFE Meet and Greet

By Eric Harlan
Published: September 30, 2011
Updated: September 30, 2011

Your farm goes down at what seems like the most crucial time. When it comes to support at Microsoft there is only one team to call. That’s the SharePoint Premier Field Engineer. We've often been likened to a sort of "Support Swat Team", we're there when you need us regardless of the time or day.

On Monday October 3rd at 6pm we will be holding a small and intiment gathering for those folks both interested in a career in PFE (As we are hiring like mad) as well as potential or current customers to come and pick our brains. This will be a great time to get us to yourselves and ask all the questions you can ponder up.

There will be a dozen SharePoint PFE's from all over the globe at the meet and greet. The space will be very limited so please RSVP to attend, otherwise there will be no available room.

Some quick notes:

• Location: Roys Resturant - 321 West Katella Avenue - Anaheim

o It is a 2 Minute drive from the convention center or a 11 minute walk

o Map To Roys

• Alone time with the smartest folks in Microsoft Support

• 2 hours from 6 - 8pm (the hope is to continue the evening at one of the many gatherings planned

• Must RSVP

• Sorry, food and beverages are not covered

• Talk Shop or talk Jobs, we can help make it happen!

• Microsoft Services Premier Support

• Follow #mspfe on twitter for up to the minute updates

Submit Article

22435 Views - View Comments (1)

Gump - November 16, 2011
Kudos to you! I hadn't thoghut of that!

Hard CORE AD Core setup for SharePoint

By Eric Harlan
Published: May 31, 2011
Updated: May 31, 2011

Hard Core - Core Sever AD and SharePoint

When I initially underwent the ordeal to create my virtual environment I had to abide by a few restrictions.

The first restriction was that I joined Microsoft 3 months before they rolled out new 16 gig ram laptops, so I was stuck with 8 gigs for a while anyway. The second restriction was that I keep all of my lab environments on two 128 gig SSD drives. So doing the math, with a simple farm of 1 AD box, 1 WFE, and 1 SQL server all virtualized using Hyper-V that 128 gigs of storage gets eaten up very very quickly.

So the best solution to this issue is trying to run as many of the servers in your farm in “Core” mode. Core mode is essentially a cut down lean mean serving machine. There is no fat on this server at all. There’s no UI, there’s not start button and almost nothing clickable. Your first introduction into the world of CORE is booting up the machine for the first time and being presented with the taunting and somewhat seductive blinking cursor of a command prompt. That’s it.

So where do you go from here?

I decided in this particular farm (like I said I have a few) to run the domain controller or AD server in core mode and then have just a single server farm instance. So a total of 2 virtual servers, I have the AD server running at a breath taking 128 MEGS of ram….yes MEGS and only taking up slightly less than 4 gigs of actual disk space. Those numbers alone compared to the WFE with a full server 2008 R2 instance, patched and running SharePoint as well as Active Directory services (so I can administer my AD accounts) is running on 6 gigs of ram and taking up almost 14 gigs of storage. So you can see the value of keeping things as lean as possible and the rewards for doing so.

Ok enough chatter, how’d you do it. This is nothing new folks in fact Microsoft’s PFE Bob Fox writes about it in his article here http://www.spfoxhole.com/blog/Lists/Posts/Post.aspx?ID=2 . Bob provisioned his AD box the down and dirty in the trenches way. (pun intended..SP..Foxhole..get it?)

In a brief sentence he mentions the ability to use a tool called “CoreConfig” http://coreconfig.codeplex.com/ . This thing is freaking sweet. For folks that want to have a smoother transition into the CORE world and need to provision their AD environment but don’t want to build out answer files and such, this is a GREAT alternative. We’re going to use a combination of CoreConfig and all of the tools out of the box in Server Core to provision our box.

So maybe you’ve never done this before and you want to understand the networking side of things, the command line and PowerShell side of the house then the eventual install of SharePoint. Well here we go hold on to your hats; this is going to be a long one.

Just one last note, I need to make some assumptions first.
1) You need to have all the software to do this: Server 2008 R2 ISO (has the option for core or enterprise built in)SharePoint 2010 ISO All the licensing Keys associated to run them.
2) A host machine already built running server 2008+ with Hyper-V enabled
3) You’ve downloaded the “CoreConfig” package from http://coreconfig.codeplex.com/
4) A little bit of networking understanding and a little bit of SharePoint understanding.
5) Unless I specifically say “use quotes” don’t type any quotes in any commands I say
6) To send “Cntrl + Alt + Delete” to a virtual machine hit “ Cntrl + Alt + End “. Seems silly for the vets but if this is your first hyper v image, you’ll need that piece of information a lot.
7) If at any time you lose your command line window, you can either restart or hit “Cntrl-Alt-End” then click Start task manager, under the “Applications Tab” right click and hit “New Task (RUN)” then type “CMD” and hit enter.

Installing Core AD The very first step is to setup a new virtual private network. Think of this as a closed network where all the servers you’re working with in SharePoint are hooked up to the same router for example.

- Open up Hyper V and click on “Virtual Network Manager”
- Name the network something very specific that makes sense when you look at it.
- Select “Private virtual machine network”
- Hit Apply/Ok

Now in Hyper V on the right side you’ll see “Add new Virtual Machine”. Click this, as you will be starting to build your AD Core server.

- Give your server a name
- Give your server a location (always keep this location consistent, nothing worse than virtual’s in different places.
- Hit next

Next you’ll be giving your machine memory. I personally scale this up as much as I can until I'm fully configured then I scale it back down. Here you see I have it as a little shy of 2 gigs, I ended up going with 6 gigs.

Now you want to select the Virtual network you setup in step 1. And hit next

On the next step most of this should be setup for you based on the selections you made in earlier screens. If not, you’ll want to make sure you’re creating a virtual disk at this point and the size of the virtual disk is the size you want. Mine is scaled very high here you’ll need much less than this.

In installation options, you’ll be selecting your iso file needed to install the actual Operating system.

- Click on “Install and Operating System from a boot cd/dvd-rom”
- Select “Image file (.iso)”
- Browse to your Windows 2008 (R2) ISO file

Sum it all up and make sure it looks good then hit “Finish”

Now go back to your Hyper V main window.

- Highlight the server you just created
- Hit the start button at the bottom right (start, starts the server)
- Hit the connect button (connect actually opens it up so you can work with it)

The server will boot up and since you selected a boot image it will use the .ISO you selected to start the OS install process. Go through the process as you normally would, however when you get to the screen where you select which type of OS you want to install you’ll want to choose “Windows Server 2008 R2 Enterprise (Server Core Installation)”

Once that all installs and you login to your new machine this is what you get. It’s a shocker for most but don’t let it scare you, we can concur this.

Now we need to change the name of our server to match our Hyper V image and just to make it easier for us later and allow us to map to the machine. As well we need to enable remote management so we can remote into our Core box for AD manipulation later from our SharePoint WFE.

- From the command line type the following “ sconfig “ and hit enter
- The screen will change to blue you’ll want to type the number “ 4 “ and hit enter
- Enable “Allow MMC Remote Management (1)”, “ Allow Server Manager Remote Management (3)” as a minimum and #2 if you would like.
- Hit the number 5 to exit to the main menu then type the number “ 2 “ and hit enter
- Then you’ll type the new name of the server you want. Keep it simple then hit enter.
- You’ll need to restart the machine, got ahead and do so.

The watermark is covering up my server name "ADTEMP"

Now that we have your machine renamed we want to copy some files over to our Core server. Since there is no UI to map servers to and from, we have to map a drive from our host machine. In order to do that we need to go back into our settings for the server we’re working on in Hyper V and change the network adapter to the one that will allow us to talk back to our host machine.

- While the server is running, go to the Hyper V manager and click on your AD core server
- Now right click on that machine and hit “Settings”
- Next click on “Network Adapter” on the left
- On the right hit the drop down to “Local Area Connection – Virtual Network” (This name maybe different than mine in some cases. To test if you have the right one follow the steps in the next section. If you can’t connect, chances are you selected the wrong one.)

Now you want to go to the Host machine, the host machine refers to the actual physical hardware you are on. (not the virtual core machine you're building)

- Click “Start” then “Run”
- Type in “ \\YourServersName\C$ "
- You should get prompted for a username/password, or let right in.
- Once you’re in you get a friendly and welcoming site of an explorer window. Take it in now, it’s going to be the last you see of it for a while.
- Copy your “CoreConfig” folder (not zip file, extract that zip file to a folder) to the C drive of the AD core box you just mapped to.

Ok now let’s go and launch Coreconfig. With the command prompt that is up on your AD machine do the following:

- Type in the following with no quotes “ cd c:\ “ then you’ll hit enter
- Now type in “ cd Coreconfig “ (c:\Coreconfig is assuming you copied the files directly to the c drive, if you didn’t change the location you navigate to, to where the files are)
- You should see “ c:\CoreConfig> “ in the cmd prompt you’ll now want to type “ Start_Coreconfig.wsf ”
- You’ll see some things start happening if you navigated to your files correctly. A few more command lines open up then eventually you’ll get your coreconfig interface up. Feel free to poke around, just don’t change anything yet.

While you’re inside of CoreConfig we need to install some server roles.

- Hit the “Computer Settings” button
- Hit the “Add or Remove Roles” button
- Make sure “DHCPServerCore” and “DNS-Server_Core_Role” are selected (AD-PS isn’t needed)
- Hit Apply
- At this point you may also want to take the time to register and update your AD Core box. That’s your call but using CoreConfig makes it easy. Just find the licensing button on the main window.

Now you need to make a decision. You can go down the road of using CoreConfig to DCPromo (create your machine as a domain controller). It does work, however I’ve found I like doing it the old fashioned way so I can control more aspects of the process. In this blog I won’t talk or show how to DCPromo your machine using CoreConfig, however if you want to use it you can just look at the settings I’ll be doing in the next few sections and figure out how to do DCPromo right from Coreconfig.

To continue on, the next thing we have to do is create our machine as a domain controller, give it that domain and start the process that in the end will allow us to join our SharePoint machine to the domain we’ve created for our virtual network.

In this step we’re going to create an AnswerFile that DCPromo will use to provision the new domain.

- In an above step I walked you through changing the network your Core machine is running under, go back to that section and change the network back to the original one that you created.
- In your command line type “ notepad.exe “ This will bring up notepad. Notpad ends up being a good way to navigate the file system, so keep that in mind.
- In your notepad file is where you’ll create your answer file type the below
- Once you’re done save the file in the C drive as “answerfile.txt”

[DCINSTALL] InstallDNS=yes
NewDomain=forest
UserName=administrator
NewDomainDNSName=Contoso.com
DomainNetBiosName=Contoso
SiteName=Default-First-Site-Name
ReplicaOrNewDomain=Domain
ForestLevel=3
DomainLevel=3
DatabasePath=”c:\NTDS”
LogPath=”c:\NTDS”
RebootOnCompletion=yes
SYSVOLPath=”c:\SYSVOL”
SafeModeAdminPassword=pass@word1

Notes on Answer file
*UserName is whatever user name you need to use
*Domains are whatever you want to name your domain
*SiteName yes leave it the way it is “Default-First-Site-Name”
*SafeModeAdminPassword change to what you want it
*For all the path names leave the “” quotes in there, they are needed in the answerfile
*You can literally copy and paste all this into your answerfile that I've provided. If you type it just double check its correctly typed.

Ok we’ve created our answerfile, now we actually have to run DCPromo and use the file.

- In your command prompt type the following (no quotes & there is a space after .exe) “dcpromo.exe /unattended:c:\answerfile.txt”
- Hit enter and watch dcpromo do its thing. If you did it right you should see something to this effect.
- The machine will restart, or ask you to restart when it’s done. If you do it right you’ll see the server come back up but with a domain stuck on to the front of the Administrator login like in the last screen shot in this section.

Ok so we’ve created our domain now we have to setup our server to be DCHP. Ultimately we need to get the “Dhcp” and “DHCPServer” services running. I had just a heck of a time getting the DHCPServer service up and running. Each time I did, I would get an error saying:

"DHCP Server" cannot be started due to the following error: Cannot start service "Dhcpserver on computer'.'

An extremely vague error that doesn’t really help me with anything. So I had to pull in some outside help with this one. Special thanks goes out to Bruno Fonseca for helping me walk through this one and getting me up and running. @BrunosITWorld

If you go to your CoreConfig interface and select “control panel” and then click “services” and find that “dhcpserver” is not running and you cant start it. If that is not the case skip the next part.

In your command prompt window to the following:

- “netsh” and hit enter
- “dhcp” and hit enter
- “add server Contoso.com 192.168.0.50” and hit enter (contoso.com is your domain and the IP address is whatever you want your AD box’s IP address to be. Feel free to use .50 like I did
- After it successfully completes type “exit” and hit enter

Now for the next part. You’ll be in the same command prompt window but you will be out of your netsh “session”. We will be setting the service to auto start on reboot.

-Type “sc config dhcpserver start= auto” and hit enter (make sure you note the space after the = sign, but not before.)

Now we will be actually starting the DHCP server service.

- Type “ net start dhcpserver “and hit enter

Next we need to add a scope to the server so go back to your command prompt and do the following:

- “netsh” and hit enter
- “dhcp” and hit enter
- “server” and hit enter
- “192.168.0.50 add scope 192.168.0.0 255.255.255.0 YourScopeName” and hit enter (make sure spell it right unlike what I did)

Now we need to add an IP range to the scope we created.

- You should still be in “netsh dhcp server” if not do the steps above to get there, if you already are…
- “192.168.0.50 scope 192.168.0.0 add iprange 192.168.0.16 192.168.0.20” and hit enter.
*What I'm doing is basically allowing .16-.20 in the IP range to be addable to the scope.
So my servers in my SharePoint farm will be:
Web Front end number one - 192.168.0.16
Web Front end number two – 192.168.0.17

And so on for however many servers are in my farm, obviously you’ll want to allow enough range for however many servers COULD be in your farm in the future.

Now we have to set up the default routers.

- You should still be in “netsh dhcp server” if not do the steps above to get there, if you already are…
- type “192.168.0.50 scope 192.168.0.0 set optionvalue 003 IPADDRESS 192.168.0.50” and hit enter.

Coming into the home stretch, the DNS for DHCP.

- You should still be in “netsh dhcp server” if not do the steps above to get there, if you already are…
- Type “192.168.0.50 scope 192.168.0.0 set optionvalue 006 IPADDRESS 192.168.0.50” and hit enter.

And FINALLY!..... lets activate the scope.

- You should still be in “netsh dhcp server” if not do the steps above to get there, if you already are…

- Type “192.168.0.50 scope 192.168.0.0 set state 1” and hit enter.

Ok that was a lot and I'm sure your eyes hurt but now but lets go and validate the changes we made worked. Go back to your CoreConfig UI and select “Control Panel” then select “Services” scroll down in that window and make sure that both “Dhcp” and “DHCPServer” are running.

If it is not, you may want to go back and retrace your steps or try restarting. Now you’ll want to go into “Network Settings” at the main window of CoreConfig and validate the screen is showing you basically all the IP address information and subnet information you entered earlier.

- You need to add your primary and secondary DNS ipaddress in this screen as I have done here.

Ok that’s pretty much it, there is a bit of housekeeping that you’ll need to do to make sure that when you install your full GUI based windows server 2008 server to be your first SharePoint server everything goes smoothly.

First thing you really want to do is make sure that you have your AD Core server on the private network you setup earlier. Also, when you do provision your SharePoint server and then after you patch and update it in the open network (same network we used above to map a drive to our AD box) that you set it back to the private network which is the same network that the AD box is already on.

Basically you want all the servers in your farm to be on the same private network while in use.

After you provision the server that SharePoint will live on AND BEFORE you install SharePoint, you'll want to join the SharePoint server to the domain you just created.

If you need a good tutorial on how to install SharePoint, check this out. http://www.ericharlan.com/Moss_SharePoint_2007_Blog/install-sharepoint-2010-and-manually-configure-service-accounts-a179.html

On the new server you created (not the AD Core server)

- Control Panel
- Network Connections
- Right click on your LAN adapter and select properties
- Uncheck Internet Protocol Version 6 (TCP/IPv6)
- Make sure "Obtain IP Address Automatically" is selected. You should be able to set the NIC card to automatically pick up settings in the NIC card and it should give you a .16 address if all other network settings are right.

- On the new server go to "Start" > "Run" and type in "cmd" and press enter
- type in "ping 192.168.0.50" you should get a response back letting you know the server you're on can see your AD Core server
- After that ping type in "ipconfig" and press enter, you should see an IP address of 192.168.0.16 or one of the IP addresses in the range you set earlier 16-20

If all is well there we need to join your new server to the domain and reap all the rewards of your work

- Go to "Start" > and right click on "Computer" and select "Properties"
- About 2/3 the way down that window you'll see "Change settings" on the right click that - A new window comes up labeled "System Properties" hit the "Change" button
- Select the radio button next to "Domain" and type in the domain you created in our case "Contoso.com"
- Hit OK and you should a login prompt that comes up and allows you to login to the Domain controller

The last thing you need to do is setup your new server so you can remote into your AD Core box to manage Active Directory itself. This way you won't need to keep logging into the Core machine and try to manipulate Active Directory through command line.

- Go to "Start" > "Administrative Tools" > "Server Manager"
- Click on "Roles" on the left side
- The new window will come up showing the roles installed on the server, on the right side find "Add Roles" and click it
- Hit "Next" past the "before you begin part" > Find "Active Directory Domain Services" and hit the check box for it
- You'll be told to install any required features for it which you can hit "Add Required Features" and finish out the installation (next, next, next finished)
- Then you'll be able to go to "Start" > "Administrative Tools" > "Active Directory Users and Computers" - Once this comes up you'll need to connect to the domain you created, I don't have the steps off the top of my head, but it should be simple enough on the left side, usually right clicking will give you options to connect to your domain.

THATS IT! As if that wasn't enough. Remember folks the point of this exercise is to give us a very lean Active directory environment. If storage isn't an issue for you, or you dont care about having the bloat of the UI, this isn't for you. If you want to be a lean mean, hard CORE machine. Then go at it. Hopefully I covered everything.
Submit Article

35597 Views - View Comments (2)

Eric - August 5, 2011
Should be good now

David Patrick - August 5, 2011
I don't see any images. All I see is a big red circle with a white dash in it. Is it just me?

Error creating out of the box workflows

By Eric Harlan
Published: May 27, 2011
Updated: May 27, 2011

When you’re used to troubleshooting SharePoint, unfortunately things that touch SharePoint are things you need to troubleshoot as well. In this case Internet Explorer and Group Policy settings ended up being my issue.

The customer I was working with had provisioned and setup a Multi-Tenant SharePoint 2010 instance through all powershell scripts. The provisioning went perfectly except for some interesting issues that popped up.

Whenever we tried to create a site column or create an out of the box workflow SharePoint would error out and gave a correlation ID. I tested the same exact functionality by creating a new site collection under the same multi-tenant web application in SharePoint’s central admin. Since it wasn’t provisioned through powershell it wasn’t truly a multi-tenant site and therefore the issue didn’t show it self there. So I narrowed it down that it was definitely a multi tenant site and it was something about the session state.

We would get the following errors in the ULS logs when testing the workflow:

o Name=Request (GET:http://domain.com:80/_layouts/mngfield.aspx?i=1&Cmd=NewField&Web=%7B20398D6E%2DEB65%2D4A24%2DB671%2D4E8CEDCD0ED8%7D&NextUsing=http%3A%2F%2Fdomain%2Ecom%2F%5Flayouts%2Fmngfield%2Easpx)

o Site=/

o Updates are currently disallowed on GET requests. To allow updates on a GET, set the 'AllowUnsafeUpdates' property on SPWeb.

o System.Runtime.InteropServices.COMException: Updates are currently disallowed on GET requests. To allow updates on a GET, set the 'AllowUnsafeUpdates' property on SPWeb. at Microsoft.SharePoint.Library.SPRequestInternalClass.ValidateFormDigest(String bstrUrl, String bstrListName) at Microsoft.SharePoint.Library.SPRequest.ValidateFormDigest(String bstrUrl, String bstrListName)

o Leaving Monitored Scope (Request (GET:http://domain.com:80/_layouts/mngfield.aspx?i=1&Cmd=NewField&Web=%7B20398D6E%2DEB65%2D4A24%2DB671%2D4E8CEDCD0ED8%7D&NextUsing=http%3A%2F%2Fdomain%2Ecom%2F%5Flayouts%2Fmngfield%2Easpx)). Execution Time=23.9002443047929

The first thing I did was go about AllowUnsafeUpdates to see if that would have an effect. It did not clear up the issue right away.

After that update we were getting these errors in the ULS log when testing the workflow:

• Name=Request (GET:http://domain.com/_layouts/CstWrkflIP.aspx?List=%7BDD2401D7-AD69-4383-90DD-682BA9569030%7D&_InfoPath_Sentinel=1)

• Site=/

• System.ArgumentNullException: Value cannot be null. Parameter name: g

at System.Guid..ctor(String g)

at Microsoft.Office.Workflow.WrkAssocPage.AssociationOnLoad(EventArgs ea)

at Microsoft.Office.Workflow.CstWrkflIPPage.OnLoad(EventArgs ea)

at System.Web.UI.Control.LoadRecursive()

at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

• Leaving Monitored Scope (Request (GET:http://domain.com/_layouts/CstWrkflIP.aspx?List=%7BDD2401D7-AD69-4383-90DD-682BA9569030%7D&_InfoPath_Sentinel=1)). Execution Time=69.2073992644317

This series of errors was also what I was seeing when trying to deploy a site column as well so the two issues were definitely related. I did some internal lookups with some of the tools we have in Microsoft and saw an obscure reference to the “InfoPath_Sentinal=1” string that is being tacked onto the url that you see in the second set of error logs above.

One of them mentioned something about cookies on the browser, I suppose the tie in was that in a multi tenant site the session state is handled differently to be able to get information that is requested in the InfoPath-ish form that is being served up once you select the type of workflow you want, give it a name and tell it to kick off on a new item. Again simple out of the box workflow that was bound to a normal document library.

So to test my theory I navigated to the site on a machine that had a browser that had full rights that the GPO didn’t dictate so cookies were fully enabled. Wouldn’t you know it worked like a charm.

So the fix for this is either (or a combination of the two) allowing updates and making sure cookies isn’t disabled on the browser.

Good Luck!

Submit Article

35717 Views - View Comments (0)

SharePoint Server NIC unable to find network

By Eric Harlan
Published: May 23, 2011
Updated: May 23, 2011

I saw a VERY interesting little issue today that had SharePoint completely unresponsive. I’ve have literally never seen this issue.

Went on site today and the customer was speaking of an issue that was happening with their SharePoint environment. The environment was on VMware 4.x, which ended up being a very big piece of the puzzle.

For some reason every time the server was rebooted the NIC cards on two of the virtual machines couldn’t find the network. The reboot was causing the NIC to not be able to detect the network and as a result was defaulting to NIC settings that were making it unable to connect to its own virtual private network.

After some investigation, it was determined that the two servers in question had recently installed the latest version of NetMon on them.

NetMon and its driver were making it so that the Network Locator Assistant Service couldn’t correctly ID the network security settings and kept the settings that were enabled for this NIC from applying.

After we removed NetMon and rebooted the servers the NIC was able to find its settings and connect to the private network.

Amazing, and another check in the box for why I’ve always preferred Hyper V.

Submit Article

35710 Views - View Comments (0)

SharePoint 2010 Lotus Notes Connector Service

By Eric Harlan
Published: May 22, 2011
Updated: May 22, 2011

The other day I found myself on a plane out to the southwest to San Diego in fact. Ahh San Diego MMMMmm drink it in, It always goes down smooth [/anchorman] but I digress.

So this customer had an issue with the Lotus Notes connector. Well there were actually a few issues, let’s go through the list and what is needed to resolve this specific issue. The root cause of the ticket was that the customer was trying to use the Lotus Notes Connector for SharePoint 2010. Each time they tried to start the service it was proceed to say “starting” then would eventually time out and read “stopped”. They were never able to get the service up and running. They were using Lotus Notes 6.5 which is 32 bit only.

The first issue/situation was that each time the customer tried to enable the SharePoint 2010 Lotus Notes Connector the Lotus Notes application on the server would crash each time it was used. Initially we thought this was a root of the their problem in not being able to get the connector up and running,

What we found was happening was that lotus notes was adding a reference to the “notes.ini” file calling “extmgr_addins=noteswebservice.dll”. If you deleted that reference the notes client that you had running on the server would work just fine. Ok so let’s store that outcome in our back pocket for a bit.

The second issue that we alluded to above was that the customer each time they went through and tried to start the Lotus Notes connector would just try to start but never get going. Here’s what we found to be the issue.

Service Accounts.

The old service account shuffle yet again reared its head to cause havoc. Service accounts kind of remind me of “Allstate Mayhem Guy” always ready to pounce and really screw you up.

http://www.youtube.com/watch?v=tZXM_g3mqew

Another reason to really pay close attention to your Service Accounts, their permissions and how you use them. If you’re not too sure about it I’ve created a grid for the baseline Service Accounts you should be running in your SharePoint 2010 Farm.

So back on point. I’ve never had the pleasure of setting up the Lotus Notes Connector as I’ve never been, ahem, exposed to Lotus Notes. So I wasn’t really sure of the procedure until I did it in my lab environment. Turns out the first time you create the connector Service Application you are prompted to create a web application. This isn’t really all that new to folks that have been exposed to the Service Application model in 2010. The problem is that once you create the web application using the wrong service account (or an account without correct permissions), there isn’t any interaction with that web application until you go directly into IIS. After running ProcMon to see where the failures were happening. Once I saw that it was happening at IIS I realized it was a web app issue.

Once I got the correct Service Account WITH the correct permissions as the main account for the web application the setup process went very smooth. Back to tie in the point of the crashing client. We never found a fix for this the client still crashes after you get the Notes Connector up and running. I guess the theory is that you don’t really use the client on the SharePoint server once it’s up and running anyway.

I followed two great write ups for setting up the Lotus Notes Connector:

http://technet.microsoft.com/en-us/library/ff463593.aspx

http://blogs.msdn.com/b/opal/archive/2010/02/16/crawl-lotus-domino-with-lotus-notes-connector-in-sharepoint-server-2010.aspx

Good Luck!

Submit Article

36273 Views - View Comments (4)

Eric - January 16, 2012
Rex, opening proc mon and attaching it to the wpw3 process will allow you to see what is getting hit while you try to provision the lotus notes connector. but you have to actually try to provision the service and watch proc mon.

Ultimately it really isn't about proc mon if you're having the exact same issue. If thats the case really what this boils down to is a permissions issue. Try ditching everything you created with the connector, web app, service account permissions etc. and start from scratching insuring that you are giving correct permissions.

Rex - January 12, 2012
Hi Eric, I'm experiencing the same symptoms you were having, so I fired up procmon but I don't know what to look for. Do you perhaps have a good lead on a filter I can use to narrow it down?

Eric - December 30, 2011
Sami, did you try running process monitor to see what process was being denied access? Thats the key to it all, run that and see which one it is then start there with permissions. Let me know what you find.
E

Sami - December 27, 2011
Hi,

what did you do to correct the permissions? I'm having a similar case. When trying to start the connector service it just shows the "provision" button because I have tried to start the connector already, with wrong credentials..

I have tried to delete Lotus notes connector service application, service application pool and service application proxy via powershell. After that SP asks for the web application pool and account settings when trying to provision the connector service.. But this still fails..

In the logs all I can find is :
Exception caught in Search Notes Provisioning. Notes web service instance NOT PROVISIONEDSystem.ComponentModel.Win32Exception: Access is denied at System.Diagnostics.ProcessManager.OpenProcess(Int32 processId, Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited) at System.Diagnostics.Process.Kill() at Microsoft.Office.Server.Search.Administration.NotesWebServiceInstance.Provision()

SharePoint 2007 Slow load after SP2 August CU

By Eric Harlan
Published: November 5, 2010
Updated: November 7, 2010

Update: http://support.microsoft.com/kb/2483219 has been issued to address this scenario.

Consider the following scenario:

You create a site collection in Office SharePoint Server 2007.
You create a new subsite under the site collection.
You add a new link to the subsite navigation.
You use a browser to access the new link.

In this scenario, the new link loads very slowly.

I recently came up against a pretty interesting issue. The environment was a SharePoint MOSS with SP1 with some CU updates, content databases ranging from just a few gigs to over 500 gigs a few front ends app’s and clustered sql. The move to SP2 and right after that to August 2010 CU was made. Everything was fine it seemed until some load was placed on the server. So no issue was ever noticed as it was done over the weekend. The assumption was made that there was no problem with the updates.

Come Monday at the hint of any load on the farm SQL CPU spiked to the roof and four specific the pages would time out or just plain die. After the IIS time out was adjusted to over 5 mins the pages were loading up but to the tune of 4 minute load times. With some work with moving the databases to a much beefier box the load time came down to about 3 mins. Something was up.

When the “show all subsites” was unchecked for the sites that were running slow, the page loaded up in under 5 seconds. Started digging into navigation and the way the taxonomy was setup, but it ended up only being a very small percentage of the actual problem. Did a TON of digging around to find the culprit, pssdiag, SQL processes, hardware and network perf checks. And when I say a TON I mean totally exhausting.

The issue actually came from the navigation querying all the sites in the navigation (in order to build it) and cross referencing the permissions of the user against those sites in order to know if it needed to be security trimmed or not. With inheritance had been broken multiple times in the environment for permissions, SharePoint had to go through all those one off sets of permissions (some as large as the original parent permission schema) in order to come to a conclusion on what sites to show in the navigation.

Long story short there were a few culprits that goes to promote “best practices”.

1- Huge database – Needed to be split up in >100 gig databases

2- Site topology was crazy out of whack. Navigation had hundreds of subsides that were being queried and built out

3- Permissions – all the groups were totally in SharePoint more than 50,000+ users and 5,000+ groups.

Remember the 100 gig limit for database sizes is not only best practice because it will help you restore those DB’s faster but the larger the databases get without the performance to back it up from the server side you WILL SEE performance degradation in the SharePoint environment.

A quick win to help load times get back to normal if you are in this situation is by unchecking the “Show all sub sites” box in the navigation section of the site settings.

If you are worried about users checking this box again you can also change the DynamicChildLimit in the web.config if you have access AND YOU KNOW WHAT YOU ARE DOING. http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.publishing.navigation.portalsitemapprovider.dynamicchildlimit.aspx

Hope that helps, if there ends up being an end all be all fix to this issue outside of the three I listed above, I’ll post it.

Submit Article

53237 Views - View Comments (1)

Eric Nash - March 12, 2011
This solved a huge mystery for me with a MUCH smaller db and only 1,300 users. Don't understand what changed about inheritance checking and it forced me to lobotomize my navigation but hey, it worked! Why so little chatter about this though? Took weeks to find this post.

I really liked the grid we had for SharePoint 2007 and although we have some very detailed information about Service Accounts we should be using in SharePoint 2010, I couldn’t find a quick reference guide.

So here we go a quick reference guide to the service accounts you should create when installing SharePoint 2010. This is the guide I use when installing SharePoint 2010. If for whatever reason something changes, i'll note the change in red.

SharePoint Saturday Baltimore is in full swing. Registration is open and it’s shaping up to be a great event. Do yourself a favor and make sure you’re there. You can go register now to secure your spot. Hopefully there are still spots available for you to get in. http://www.sharepointsaturday.org/baltimore

Account	What it’s for	Permissions
Administrative Accounts
SVCSPSQL	The SQL Server service account is used to run SQL Server. It is the service account for the following SQL Server services: MSSQLSERVER SQLSERVERAGENT If you do not use the default SQL Server instance, in the Windows Services console, these services will be shown as the following: MSSQL$InstanceName SQLAgent$InstanceName	Use either a Local System account or a domain user account. If you plan to back up to or restore from an external resource, permissions to the external resource must be granted to the appropriate account. If you use a domain user account for the SQL Server service account, grant permissions to that domain user account. However, if you use the Network Service or the Local System account, grant permissions to the external resource to the machine account (domain_name\SQL_hostname$). The instance name is arbitrary and was created when Microsoft SQL Server was installed.
SVCSPSetup	The Setup user account is used to run the following: Setup SharePoint Products Configuration Wizard(which you really should NEVER RUN unless you know exactly why you're running it)	Domain user account. Member of the Administrators group on each server on which Setup is run. SQL Server login on the computer that runs SQL Server. Member of the following SQL Server security roles: securityadmin fixed server role dbcreator fixed server role If you run Windows PowerShell cmdlets that affect a database, this account must be a member of the db_owner fixed database role for the database.
SVCSPFarm	The server farm account is used to perform the following tasks: Configure and manage the server farm. Act as the application pool identity for the SharePoint Central Administration Web site. Run the Microsoft SharePoint Foundation Workflow Timer Service.	Domain user account. Additional permissions are automatically granted for the server farm account on Web servers and application servers that are joined to a server farm. The server farm account is automatically added as a SQL Server login on the computer that runs SQL Server. The account is added to the following SQL Server security roles: dbcreator fixed server role securityadmin fixed server role db_owner fixed database role for all SharePoint databases in the server farm
SVCSPFoundSearch	The SharePoint Foundation 2010 search service account is used as the service account for the SharePoint Foundation 2010 Search service	This account must have domain user account permissions. The following machine-level permission is configured automatically: The search service account is a member of WSS_WPG. The following SQL Server and database permissions are conferred by membership in the WSS_CONTENT_APPLICATION_POOLS role in the server farm configuration database: Read access to the server farm configuration database. Read access to the SharePoint_Admin content database. This account is assigned the db_owner role for the SharePoint Foundation 2010 search database.
SVCSPFoundSearchCA	The SharePoint Foundation 2010 search content access account is used by the SharePoint Foundation 2010 Search service to crawl content across sites	This account must have domain user account permissions. This account must not be a member of the farm administrators group. The following SQL Server and database permissions are configured automatically: Read access to the server farm configuration database. Read access to the SharePoint_Admin content database. This account is assigned to the db_owner role for the SharePoint Foundation 2010 search database. A full Read policy for the SharePoint Foundation 2010 search content access account is created on all Web applications.
Service Applications Accounts
SVCSPAppPool	The application pool account is used for application pool identity.	The following machine-level permission is configured automatically: The application pool account is a member of WSS_WPG. The following SQL Server and database permissions for this account are configured automatically: The application pool accounts for Web applications are assigned to the db_owner role for the content databases. This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the farm configuration database. This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the SharePoint_Admin content database.
SVCSPSearch	The SharePoint Server 2010 Search service account is used as the service account for the SharePoint Server 2010 Search service. The SharePoint Server Search Service is an NT Service, which is used by all Search Service Applications. For any given server, there is only one instance of this service.	The following machine-level permission is configured automatically: The SharePoint Server 2010 search service account is a member of WSS_WPG. The following SQL Server and database permissions are configured automatically: This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the farm configuration database. This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the SharePoint_Admin content database.
SVCSPSearchAccess	The default content access account is used within a specific service application to crawl content, unless a different authentication method is specified by a crawl rule for a URL or URL pattern.	The default content access account must be a domain user account and it must have read access to external or secure content sources that you want to crawl by using this account. For SharePoint Server sites that are not part of the server farm, this account must be explicitly granted full read permissions to the Web applications that host the sites. This account must not be a member of the farm administrators group.
SVCSPExcel	The Excel Services unattended service account is used by Excel Services to connect to external data sources that require a user name and password that are based on operating systems other than Windows for authentication. If this account is not configured, Excel Services will not attempt to connect to these types of data sources. Although account credentials are used to connect to data sources of operating systems other than Windows, if the account is not a member of the domain, Excel Services cannot access it.	This account must be a domain user account.
SVCSPMySite	The My Sites application pool account must be a domain user account. This account must not be a member of the farm administrators group.	The following machine-level permission is configured automatically: This account is a member of WSS_WPG. The following SQL Server and database permissions are configured automatically: This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the farm configuration database. This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the SharePoint_Admin content database.
Service Application Accounts (User Profile Sync)
SVCSPUPSContent	Used to host the sync content as an application pool	The following machine-level permission is configured automatically: The application pool account is a member of WSS_WPG. The following SQL Server and database permissions for this account are configured automatically: The application pool accounts for Web applications are assigned to the db_owner role for the content databases. This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the farm configuration database. This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the SharePoint_Admin content database.
SVCSPUPS	Used to do the actual profile synchronization (server side)	Requires Replicating Directory Changes permissions
SVCSPUPSServices	Used to run the UPS Service Application
Additional Service Application Accounts
SVCSP_ADDITIONAL _ACCOUTS	ANY OTHER SERVICE ACCOUNTS YOU NEED IN ORDER TO EFFECTIVLY ISOLATE YOUR DATA/FAILOVER

Twitter Feed @ericharlan

Latest Blog

Blogs I Frequent

Connect

RSS Syndicator