[MOSS] Event 5214 - The EXECUTE permission was denied on the object 'proc_FetchDocForUpdate'

[ISSUE]
The following event was occuring on our environment quite often:

Event Type: Error
Event Source: Windows SharePoint Services 3
Event Category: Database
Event ID: 5214
Date: 11/19/2009
Time: 4:28:54 PM
User: N/A
Computer: [SERVER]
Description:
Insufficient SQL database permissions for user '[account]' in database 'SharePoint_AdminContent_3995bd54-8091-4157-b162-8aaaf7116355' on SQL Server instance '[SQL SERVER]'. Additional error information from SQL Server is included below.

The EXECUTE permission was denied on the object 'proc_FetchDocForUpdate, database 'SharePoint_AdminContent_3995bd54-8091-4157-b162-8aaaf7116355', schema 'dbo'.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

[SOLUTION]
To solve this issue, perform the following steps:

• Open the SQL Management Studio
• Browse to the database in question, in our case "'SharePoint_AdminContent_3995bd54-8091-4157-b162-8aaaf7116355"
• Open the database and then Security > Roles > Database Roles
• In the right part of the window, right click the WSS_Content_Application_Pools role and click Properties
• Select the menu option "Securables"
• Click "Add"
• Select "Specific objects" and click "OK"
• Click "Object Types", select "Stored Procedures" and click "OK"
• Add the following stored procedures: proc_FetchDocForUpdate, proc_GetWebMetaInfo, proc_UpdateDirtyDocument, proc_UpdateListItem
• Click "OK" to add these stored procedures
• Select the added stored procedures and select "Execute" in the "Grant" column.
• Click "Add" once more
• Select "Specific objects" and click "OK"
• Click "Object Types", select "Views" and click "OK"
• Add the following view: UserData
• Click "OK" to add this view
• Select the added view and select "Select" in the "Grant" column.
• Click "OK" to complete

[MOSS/WSSv3] Post Installation automation

Just ran into the following ver usefull tool on Codeplex: The Post Installation Tool or PIT. This tool automates various configuration changes after you have installed SharePoint. Via a config file you can customize some configuration tasks.

[MOSS/WSSv3] Feature cleanup

Have you ever seen the following error in one of your logs:

Failed to determine definition for Feature with ID '<guid>'. Skipping this feature for element querying consideration.

This message is caused by a feature that has been removed from the environment, without being properly deactivated before removal. SharePoint still has a reference to the feature, so it tires to activate the feature. But because it doesn't exist anymore, it will skip the feature.

Last week I ran into a tool which can scan your environment for such a "faulty feature". This tool is called the "SharePoint Feature Administration and Clean Up Tool" and can be found on Codeplex.

When you have started the tool, it contains a button called "Find Faulty Feature in Farm", which starts the scan for faulty features.

Have fun with this great tool!

[MOSS/WSSv3] Content Deployment/StsAdm export/import issue

[SITUATION]
At a customer the developers created a custom solution that displayed image in a picture library on a page and used the image title to overlay across the image. If the image title would be empty, the solution would use the site title. The solution worked fine on our staging environment.

We use Content Deployment to deploy the sites from the staging environment to a live environment. On the live environment, the overlayed text suddenly became the picture name instead of the picture title.

[ISSUE]
After some troubleshooting it turned out that Content Deployment deploys the site just fine from staging to live, however when an image title field is empty, Content Deployment populates this field with the image name! After performing some tests we discovered that this behavior is also occuring when:

• Deploying a document with an empty title. The document name is used.
• Using stsadm export/import to deploy the site instead of Content Deployment.

[CAUSE]
We raised a support call at Microsoft, but although they were able to reproduce the issue they are not going to fix this. According to "internal resources" this behavior is "by design". We could raise a design change, but that would probably be denied because other customers would deliberately use this behavior.

[SOLUTION/NEXT STEPS]
In this situation we had to modify our code to check if the title field is empty OR equal to the image name. Although this workaround works, we do not believe that this behavior is by design. When creating a "backup" using stsadm export and "restore" with stsadm import, you would expect no data to be changed in that process..........

[MOSS/WSSv3] Mergecontentdbs change

I have used the STSAdm operation MergeContentDbs many times in the past. But since I heard of the bug in this operation I temporarily stopped using it.

Fortunately the bug was fixed in the April Cumulative Update. So this weekend I moved some larger site collections to their own database and then I ran into an issue I didn't experience before:

MergeContentDbs used to copy the content to the new database and remove it from the old database to free up the data. However this time the amount of free space in the database did not change! Searching the Internet revealed a change in functionality of the operation.

"If a site collection is very large, an attempt to delete the site collection from a Web application fails. This causes the stsadm -o mergecontentdbs command to fail when you try to move site collections from one content database to another. This issue is resolved by adding an optional -gradualdelete parameter to the stsadm -o deletesite command. If this parameter is present, SharePoint marks the site collection as deleted to prevent further access while a SharePoint Timer job gradually deletes the data in the site collection. After you install the hotfix package that this article describes, the stsadm -o mergecontentdbs command uses this gradual delete functionality by default."

To remove the data from the database you can do two things:

1. Run stsadm -o databaserepair to remove all orphans
2. Wait until the daily timer job "Site Collection: Delete" runs, most of the times during the night.

- mergecontentdbs gotcha
- Article updates for the April Cumulative Update

[MOSS/WSSv3] Anonymous access causes documents to appear in search and accessible for users

[ISSUE]
A customer was running into a strange issue with documents that were located in a document library which had strict permissions, but the documents were returned in the search results to all users AND users were able to open them. So it looked like SharePoint didn't obey the security settings.

[SITUATION]
In the past someone played around with the anonymous access setting. Because the environment is used as an intranet this was not supposed to be configured, so we disabled anonymous access on web application level. A few weeks ago, we noticed that users were able to open sites and documents even though they did not have permissions to it.

[CAUSE]
After some investigation and checking with Microsoft it turns out that SharePoint had some left over anonymous settings. Even though anonymous access was disabled at web application level, users were still able to access the documents anonymously.

As it turns out does the disabling anonymous access on the web application level only remove the administration pages of anonymous access, it does not remove all settings that have been configured before that. To make matters worse, we even ran into an extra issue:
After we re-enabled anonymous access, configured anonymous access on site level to None instead of Entire Web Site and a full crawl ran, the documents were still returned and available for users. Some more investigation turned out that, just like permissions, the anonymous access settings were also copied when breaking inheritance. Picture the following situation:

• Enable anonymous access on the web application
• Configure anonymous access on a top level site to Entire Web Site
• Break the permissions inheritance of a document library and change the permissions
• Set anonymous access on a top level site back to None
• Disable anoymous access on the web application

In this situation, because the permissions inheritance was broken when its parent has anonymous access configured, the document library also has anonymous access configured. The only way to correct this through the GUI is to enable anonymous access on the web application level AND site level, so the anonymous access administration pages are enabled again on the document library.


[BACKGROUND]
Basically what happens: If you remove anonymous access form the web application only, on the webs it remains set. In case of the document library. By default it inherits permissions form its parent. The permission inheritance most probably was broken on the doclib when anonymous access was still enabled. The permissions were copied from the parent and the anonymous access remained enabled.

[SOLUTION]
In order to fix this issue, I have written a PowerShell script which loops through the site collection, checking each web and each library or list. If it encounters a web or list that has anonymous access configured, it disables that access.

[Reflection.Assembly]::Load("Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c")
$site = new-object Microsoft.SharePoint.SPSite("http://<site collection url>")

foreach ($web in $site.AllWebs) {
$web.Url
if ($web.AnonymousPermMask64.ToString() -ne "EmptyMask") {
$web.AllowAnonymousAccess
$web.AnonymousPermMask64
$web.AnonymousPermMask64 = [Microsoft.SharePoint.SPBasePermissions]::EmptyMask
$web.Update()
}

foreach ($list in $web.lists) {
if ($list.AnonymousPermMask64.ToString() -ne "EmptyMask") {
$list.DefaultViewUrl
$list.AnonymousPermMask64
$list.AnonymousPermMask64 = [Microsoft.SharePoint.SPBasePermissions]::EmptyMask
$list.Update()
}
}
$web.dispose()
}

More info

[MOSS/WSSv3] Error 1387 when removing users from Farm Administrators group

[ISSUE]
Today I tried to remove the user accounts from the Farm Administrators group, that have left the company a while ago. Unfortunately I was unable to do so, SharePoint presented me with an error 1387.

[CAUSE]
Using Google I ran into the following blog post Unable to remove user from SharePoint Farm Administrators group : Error 1387. Here Tim was talking about the fact that the accounts were deleted and SharePoint was performing some kind of check.

[SOLUTION]
After temporarily recreating the accounts of the users, I was able to delete the accounts from the group successfully!

[MOSS/WSSv3] SharePoint 2007 build numbers

Here a list of build number of SharePoint 2007. Based on the build number you can determine which patchlevel your SharePoint environment is on:

12.0.0.6510 - MOSS 2007/WSS 3.0 June '09 Cumulative update
12.0.0.6504 - MOSS 2007/WSS 3.0 April '09 Cumulative update
12.0.0.6421 - MOSS 2007/WSS 3.0 SP2
12.0.0.6341 - MOSS 2007/WSS 3.0 February '09 Cumulative update
12.0.0.6335 - MOSS 2007/WSS 3.0 December '08 Cumulative update
12.0.0.6327 - MOSS 2007/WSS 3.0 August '08 Cumulative update
12.0.0.6318 - MOSS 2007/WSS 3.0 Infrastructure Update
12.0.0.6300 - MOSS 2007/WSS 3.0 post-SP1 hotfix
12.0.0.6219 - MOSS 2007/WSS 3.0 SP1
12.0.0.6039 - MOSS 2007/WSS 3.0 October '07 public update
12.0.0.6036 - MOSS 2007/WSS 3.0 August 24 '07 hotfix package
12.0.0.4518 - MOSS 2007/WSS 3.0 RTM

You can find the build number of your environment via:
Central Admin > Operations > Servers in Farm

[MOSS2007/WSSv3] "The expected version of the product was not found on the system" while installing update

[ISSUE]
I just tried to install the June Cumulative Update on a test environment. After the "Running detection" step, I got the following error:

"The expected version of the product was not found on the system"

[CAUSE]
Some troubleshooting revealed that we had installed SP2 for WSS and MOSS on the environment, but not for the installed language packs. After we installed SP2 for the WSS and MOSS Language Packs, the update installed just fine.

[MOSS/WSSv3] Error "Unable to get the private bytes memory limit for the W3WP process."

[ISSUE]
On the environment of a customer we encountered a lot of errors in the event log, which also caused some performance issues. The message was:
"Unable to get the private bytes memory limit for the W3WP process. The ASP.NET cache will be unable to limit its memory use, which may lead to a process restart. Error 0x80070005".

[CAUSE]
The message is caused by a known issue with insufficient permissions in your IIS metabase. The metabase ACL's on the target server did not include the IIS_WPG group on the following two nodes of the metabase (IIS_WPG is in both ACL's on a clean install):
- W3SVC/AppPools
- W3SVC/Filters

[SOLUTION]
Download the MetaACL utility from KB267904. When you have downloaded and installed the program, run the vbs via the following command:

cscript metaacl.vbs IIS://Localhost/W3SVC/AppPools IIS_WPG RE

The path is case sensitive - type exactly as above; after you run this command restart the IIS services and see if this corrects the problem.

Source

[MOSS/WSSv3] Large log files with default logging options

[ISSUE]
When you configured the SharePoint logging as default, it is very much possible that the logs are filled with "Preserving template record with id....." messages. You would expect these messages only to be logged when logging is set to Verbose mode.

[SOLUTION]
The question how to solve this issue has been asked a lot on the Internet, for example on the MS Forums. Unfortunately nobody had a real answer. But since a couple of months, Microsoft fixed this issue. The April Cumulative Update now contains a fix for this issue:

When you set the least critical event to report in the Event log to ERROR, and you set the least critical event to report to the trace log to MEDIUM, the following messages are logged in the Unified Logging Service (ULS) logs:
Preserving template record with size…
Deleting template record with size…
However, you only expect these ULS messages to appear if the logging level for General is set to Verbose.

Just install this update and you are good to go!!

[MOSS2007] Issues with Excel Services

[ISSUE]
Over the past weeks, we have had some issue with the amount of available disk space on our C drive. In order to free up some data, I have created a script which deleted used data from the C drive. One of the items it cleaned was the C:\Windows\Temp folder. After we ran the script on our servers, Excel Services suddenly stopped functioning properly.

[CAUSE]
As it turned out, Excel Services is writing some files into the C:\Windows\Temp folder on de Excel Services servers. After running the script, these folder were deleted, messing up Excel Services.

[SOLUTION]
From within the Shared Services page (Excel Services Settings section > Edit Excel Services Settings > Workbook Cache Location), you can change the location to which Excel Services writes these temp files. When leaving empty, it will use the system Temp folder.

IMPORTANT NOTE: The application pool account needs to have write permissions to this folder. And an iisreset is required before the changed setting will be activated.

[MOSS/WSSv3] June 09 Cumulative Update released

The June 09 Cumulative Update has been released. You can find more information about them on the following links:

MOSS:
972569 Global
http://support.microsoft.com/default.aspx?scid=kb;EN-US;972569

970948 Global
http://support.microsoft.com/default.aspx?scid=kb;EN-US;970948

970947 Language specific
http://support.microsoft.com/default.aspx?scid=kb;EN-US;970947

972562 Language specific
http://support.microsoft.com/default.aspx?scid=kb;EN-US;972562

WSS:
971538 uber package
http://support.microsoft.com/default.aspx?scid=kb;EN-US;971538

This update contains hotfixes after April CU and Microsoft recommends to install according to the following sequence:

• Install SP2 for WSS and MOSS SP2 and Language Packs
• Install the MOSS Trial hotfix http://support.microsoft.com/kb/971620/en-us
• Install the uber package for WSS http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=971538&kbln=en-us
• Install MOSS fixes on demand or wait for the uber package for MOSS because that is not yet available due to Microsoft Project 2007 dependencies. It is expected that the MOSS uber package also contains the trial fix.

Source: http://blogs.msdn.com/joerg_sinemus/archive/2009/07/01/moss-and-wss-june-cu.aspx

[Citrix WISP] The Web Interface for SharePoint shows "No Resources"

[ISSUE]
I tried to install the Citrix Web Interface for SharePoint 2007 (WISP) on our SharePoint environment according to the installation manual supplied by Citrix.

After the installation and configuration, the WISP only showed "No Resources" instead of any applications.

[CAUSE]
According to this article is one of the features supposed to create an application in IIS in the web application where you activated that specific feature. Unfortunately it did not do that. We are using Windows 2008 and IIS7, so maybe that is the cause of this issue.

[SOLUTION]
To solve this issue, I created the application in IIS manually. Just take the following steps:

• Browse to the C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\Citrix folder
• There should be a folder with a GUID as its name, copy that name
• Open IIS and browse to your web application
• Create a new application and use the GUID as the name and the same application pool as the web application

The downside of this issue is that you need to perform this step on each of your web servers manually.

[MOSS/WSSv3] Common mistake about SharePoint recycle bin

Up until recently I was under the impression (like may others with me) that the timeframe you can configure for the recycle bin in the Central Administration page was for the first stage only. When that period was expired, SharePoint would move the content to the second stage recycle bin.

Last week I have been talking with a Microsoft employee who told me something different. According to him, SharePoint deletes the items from the recycle bin after this period, both from the first AND second stage recycle bin. The only way documents get specifically moved to the second stage is when a users cleans his recycle bin.

[MOSS/WSSv3] Bug in STSADM MergeContentDBS command

With Service Pack 1, Microsoft introduced the STSAdm command "Mergecontentdbs". With this command you can move site collections between databases. Unfortunately I recently ran into a bug in this command:

When your site collection contains multi valued columns, it is possible that the data in these columns will be gone after migration.

This issue is confirmed by Microsoft and according to them fixed in the April Cumulative Update. To prevent this issue from occuring, install Service Pack 2 and the April Cumulative Update on your environment.

[MOSS2007] Unexplainable errors on the server desktop

[ISSUE]
A while ago we received some unexplainable errors on the servers desktop. A popup window would appear with the Title "Error" and three buttons "Abort, Retry and Ignore". That was all the info we got. When the popup was shown, IIS stopped responding all together until one of the buttons was clicked.

We had to call in the assistance of Microsoft and after numerous troubleshooting sessions we tracked down the issue to the Search component of SharePoint.

[CAUSE]
A user has uploaded a picture of himself to a picture library. He wanted to use that picture as his profile picture, so he copied the URL of the page (not of the picture) and managed to somehow paste this into the ProfilePicture URL field.

Unfortunately the picture library had spaces in the URL and when opening a picture, SharePoint always places the location where the user came from in the URL. Because the library contains spaces, were these URL double encoded:
Space: %20
Percentage sign: %25
Double encoded space: %2520




This caused the user to paste a double encoded URL into his ProfilePicture field. As it turns out, SharePoint throws an assertion error when it is requested to return this value, for example when searching for that specific person.

[RESOLUTION]
After discovering the issue, the Microsoft engineers checked internally and found out that coincidentally the issue was fixed in MOSS Service Pack 2. They redesigned the assertion handling in this service pack, fixing the issue.

Before we implemented Service Pack 2 on our environment, we changed the value is the users profile to a correct value and ran another crawl. Fortunately we never saw the issue ever again.

[WSSv3\MOSS] Shortcoming in stsadm MergeContentDbs - does not support multiple SQL instances

In our environment we have multiple SQL instances that host the content databases. Just tried to copy a site collection from one content database on one SQL instance to another content database on a different SQL instance. Unfortunately I got the following message:

"The databases need to be on the same database server in order to combine them"

It looks like the command does not support multiple SQL instances, which would be a real shortcoming.

Move IIS 7 root directory to different drive in Windows 2008

In IIS6, it was possible to specify the directory in which IIS should place its files during installation. In IIS7, this is not possible anymore.

To solve this issue, you can download a script which is able to do this after installation on this page:
http://blogs.iis.net/thomad/archive/2008/02/10/moving-the-iis7-inetpub-directory-to-a-different-drive.aspx

The script only contains a small bug. Solve this by:

• Search and replace "f:\" by "%MOVETO%"

[MOSS2007] SharePoint removes entries from hosts file with multiple entries on one line

[SITUATION]
The SharePoint environment consists of three servers, a web front end, an index/central admin and a database server. According to Microsoft Best Practices, we have activated the Web Application role on the index server as well and configured the index server to use the local server. SharePoint does this by modifying the HOSTS file.

[ISSUE]
Last week a colleague noticed that some entries in the hosts file were periodically removed. After some investigation, he found out that this only happens with entries where multiple hostnames are linked to one IP address, for example:

• 127.0.0.1<tab>server.domain.intra<tab>server

All entries that had only one server name in each line, remained in the hosts file.

[SOLUTION]
To get around this issue we changed the following line:

• 127.0.0.1<tab>server.domain.intra<tab>server

into:

• 127.0.0.1<tab>server.domain.intra
• 127.0.0.1<tab>server

After this change, SharePoint left the entries alone.

[MOSS2007] Import connections only shows a few domain controllers

[ISSUE]
At my current project we experienced the the issue that only one domain controller was listed when trying to configure SharePoint to use a specific domain controller (Shared Services /ssp/admin/_layouts/EditDSServer.aspx?dn=<domain name>).

[EXTRA INFORMATION]
The specific domain has about 75+ domain controllers world wide, so the fact that SharePoint lists only one is something strange. Because the listed domain controller isn't the closed one, SharePoint will always generate WAN traffic and imports will be slower.

[CAUSE]
After a long period of troubleshooting we discovered that the Active Directory guys had deleted all _ldap and _kerberos DNS entries (except for the one domain controller) in _tcp.dc._msdcs.. They have done this to make sure that computers that log on from an unmanaged site (which IP address is not configured in the AD subnets) always use the central AD server instead of randomly choose one and generating unnecessary WAN traffic. As soon as we added some extra _ldap DNS keys, these popped up in the list.

[SOLUTION]
We added the _ldap and _kerberos DNS entries for all domain controller in our 2nd datacenter. We are now able to select the closest domain controller.

[MOSS2007] Output caching error for _layouts/images path (Event 5785)

[ISSUE]
On our SharePoint environment we receive the following message very often in the Application event log:

Event Type: Error
Event Source: Office SharePoint Server
Event Category: Publishing Cache
Event ID: 5785
Date: [date]
Time: [time]
User: N/A
Computer: [server name]
Description:Unable to connect publishing custom string handler for output caching. IIS Instance Id is '[IIS web ID]', Url is 'http://[domain name]/_layouts/images/[image name].gif'.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

[CAUSE]
The reason why this is logged is that SharePoint tries to cache the file mentioned. Because the _layouts/images folder is not considered a SharePoint managed path it is not able to do so.

[SOLUTION]
To fix this issue:
- Open the web config for the mentioned web application.
- Search for the <location path="''_layouts/images"> section
- Add the following text to the section (just before </system.web>)
<httpmodules>
<remove name="PublishingHttpModule">
</httpmodules>

Source: MS Forums article, last post

[MOSS2007] Error while opening Site Columns page (/_layouts/mngfields.aspx)

[ISSUE]
When you open the Site Columns page (/_layouts/mngfields.aspx, Site Settings > Site Columns) SharePoint throws an "Unknown Error" at you.

When you change the CustomErrors=Off and CallStack=true values in the web config, SharePoint shows you the following error:
Object reference not set to an instance of an object.
at Microsoft.SharePoint.ApplicationPages.FieldListRenderer.Render(HtmlTextWriter output)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)

[CAUSE]
This issue is caused by the fact that a feature creates site columns using the incorrect casing in the url. For example:
http://<site url>/sites/Test instead of http://<site url>/sites/test
http://<site url>/Sites/test instead of http://<site url>/sites/test
source

[SOLUTION]
To determine which site columns are causing this issue:

• Open a sub site and open Site Columns of that site
• To the left of each column, the location where they have been created is shown
• Hover over links pointing to the parent site and check URL to which the link is pointing
• One or more URLs will have incorrect casing.

To solve this issue, you either have to change your feature so that it uses the internal URL which SharePoint is using. In my case, the feature that caused this issue was the "Office SharePoint Server 2007 Enterprise Site Collection Feature". In other words, some code I could not change.

I found an article on the Internet where they mentioned changing the site url in the database. I know database changes are not supported by Microsoft, but there was no other way to change this.

• Open the Content Database
• Open the table ContentTypes
• Check the column Scopes, you will find some URLs with the correct casing and some with incorrect casing. Change the casing of the incorrect records.

[MOSS2007] Profile synchronization does not work for databases which are off-line/stopped

Last week I got some complaints about user profile information not being synchronized to other sites in a SharePoint 2007 environment. After some investigation I found the following error in the ULS log:
<date> <time> OWSTIMER.EXE (0x0864) 0x08A4 SharePoint Portal Server User Profiles 8zzy Medium Aborting sweepsynch for guid instance <GUID> due to null or non-online content database

[Solution]
After configuring the database as Ready again, the profile information synchronization resumed again.

[Background information]
If you put you content database off-line, SharePoint is still able to access it but it will not create new site collections. Because were creating new site collections, which we wanted created in a specific database we put all databases (except for that specific one) on off-line. As it turned out, the downside of this is that SharePoint is unable to synchronized the user profile information to databases that are off-line.

[MOSS2007/WSSv3] Messages about missing resource files in SharePoint ULS logs

[ISSUE]
The following messages appear a lot in the ULS logs of SharePoint:
11/24/2008 10:06:58.66 w3wp.exe (0x07F4) 0x1550 Windows SharePoint Services General 72kg High #20015: Cannot open "Proj.en-US.resx": no such file or folder.
11/24/2008 10:06:58.66 w3wp.exe (0x07F4) 0x1550 Windows SharePoint Services General 72kg High (#2: Cannot open "Proj.en-US.resx": no such file or folder.

[SOLUTION]
This is caused by the fact that the resource file is not present with a specific English tag in its name. To solve this issue do the following

• Open the directory C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\Resources
• The mentioned files are not in there, but the proj.resx is
• Open a command prompt and browse to the same directory
• Run the following commands:
  copy avm.resx avm.en-US.resx
  copy compproc.resx compproc.en-US.resx
  copy ep.resx ep.en-US.resx
  copy er.resx er.en-US.resx
  copy hlpdsk.resx hlpdsk.en-US.resx
  copy itteam.resx itteam.en-US.resx
  copy proj.resx proj.en-US.resx
  copy pws.resx pws.en-US.resx
  copy rer.resx rer.en-US.resx
  copy tsa.resx tsa.en-US.resx
• This will copy the default resource files to the English version resource files and the messages will disappear.

[MOSS2007/WSSv3] Kerberos, CNAMEs and SharePoint

When trying to configure Kerberos on the environment, I ran into the following issue:

[ISSUE]
When opening the SharePoint site from another machine, Internet Explorer logs on with NTLM anyway. When opening the site from the server, a logon prompt appears which won't accept any credentials. After three times, an Unauthorized message is shown.

[TROUBLESHOOTING]
I had all Service Principal Names configured as described in Configure Kerberos authentication (Office SharePoint Server). To get more information I enabled Kerberos logging (How to enable Kerberos event logging), which resulted in a lot of events in the System log:

Source: Kerberos
Type: Error
Event: 3
Message: "A Kerberos Error Message was received:
on logon session <user>
Client Time:
Server Time: 12:5:19.0000 10/30/2008 Z
Error Code: 0x34 KRB_ERR_RESPONSE_TOO_BIG
Extended Error:
Client Realm:
Client Name:
Server Realm: <domain>
Server Name: krbtgt/<domain>
Target Name: krbtgt/<domain>@<domain>
Error Text:
File: e
Line: 6c0
Error Data is in record data.

[SOLUTION]
After using Network Monitor v3.2, I found that the Kerberos traffic from the server was requesting a different Service Principal Name than the url of the SharePoint site. The error which was also listed in the eventlog was returned by AD. The SPN that was send, contained the CNAME value instead of the original URL. Using Google, I found the following article:
The Problem with Kerberos Delegation (Section: "Confused Yet?")

This article states the following:

• Computer running IIS: ws.identitychaos.com (WS)
• Service Account hosting the Central Admin app pool: idchaos\svc.wss.farm
• Host Header for Central Admin: spca.identitychaos.com
• SPN's registered to idchaos\svc.wss.farm
• HTTP/spca
• HTTP/spca.identitychaos.com

Using a CNAME, when IE requests the SPN, spca.identitychaos.com resolves to ws.identitychaos.com (the alias resolves to the host) so IE asks AD, "tell me which account has an SPN registration of HTTP/ws.identitychaos.com" and it gets the WS computer account, not the service account. How do you fix it? You use A records instead of CNAME's.

After changing our CNAME records to A records, all Kerberos issues were resolved.

In other words:
Do not use CNAMEs when using Kerberos authentication!!!

[MOSS2007] Search issues due to corrupt SSL certificate

After installing MOSS2007 which has Service Pack 1, the Infrastructure Update and the August Cumulative Update slipstreamed I ran into the following issue:

My environment consists of one Index server and two Search servers. When opening the new Search Administration page, it is supposed to list the status of all of the index and search servers. Unfortunately the Search servers were listed as Error. After doing some more investigation I found the following error appear in the application log of both search servers each minute:

Event: 6482
Type: Error
Source: Office SharePoint Server
Category:Office Server Shared Services

Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (aa8a83f6-ff42-4be3-ae6c-c1cb2205cc8f).

Reason: The underlying connection was closed: An unexpected error occurred on a send.

Techinal Support Details:
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at Microsoft.Office.Server.Search.Administration.SearchApi.RunOnServer[T](CodeToRun`1 remoteCode, CodeToRun`1 localCode, Boolean useCurrentSecurityContext, Int32 versionIn)
at Microsoft.Office.Server.Search.Administration.SearchApi..ctor(WellKnownSearchCatalogs catalog, SearchSharedApplication application)
at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

When I tried to open the SearchAdmin.asmx page (http://<index or search server name>/SearchAdmin.asmx), I get a page cannot be displayed.

This issue is caused by a corrupt SSL certificate on the "Office Web Services" web site. To solve this issue, you have to create a new certificate. You can use the SelfSSL tool, included in the IIS resource kit.

Run the following command on all search and index servers:
selfssl.exe /N:CN=<server> /K:1024 /V:9999 /S:951338967 /P:56738

[MOSS2007] Crawl issue after installation .NET Framework 3.5 SP1

[ISSUE]
When the .NET Framework 3.5 SP1 has been installed, it is possible that you get some Access Denied error messages when crawling your MOSS sites. If you're indexer is set to crawl itself, via the Central Admin setting, or manual hosts modification, you might be running into this issue. You will see a combination of errors in your event logs, ULS logs and crawl logs that match the following:

Crawl Log:
Event Type: Warning
Event Source: Office Server Search
Event Category: Gatherer
Event ID: 2436
Date: 10/22/2008
Time: 10:02:55 AM
User: N/A
Computer: MOSS2007
Description:The start address <http://portal/> cannot be crawled.

Context: Application 'SharedServices1', Catalog 'Portal_Content'
Details:Access is denied. Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content. (0x80041205)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

ULS Logs: (verbose)
10/22/2008 10:59:04.23 mssdmn.exe (0x1420) 0x151C Search Server Common MS Search Indexing 7hoo Verbose GetVirtualServerPolicy is about to call WS for virtual server, strVirtualServerUrl http://portal/10/22/2008 10:59:04.23 mssdmn.exe (0x1420) 0x151C Search Server Common PHSts 0 Monitorable ***** Couldn't retrieve server http://portal/ policy, hr = 80041205 - File:d:\office\source\search\search\gather\protocols\sts3\sts3util.cxx Line:548
10/22/2008 10:59:04.23 mssdmn.exe (0x1420) 0x151C Search Server Common PHSts 0 Monitorable ****** Server portal security initialization failed, hr = 80041205 - File:d:\office\source\search\search\gather\protocols\sts3\sts3util.cxx Line:317
10/22/2008 10:59:04.23 mssdmn.exe (0x1420) 0x151C Search Server Common PHSts 0 Monitorable CSTS3Accessor::InitURLType: Return error to caller, hr=80041205 - File:d:\office\source\search\search\gather\protocols\sts3\sts3acc.cxx Line:1542
10/22/2008 10:59:04.23 mssdmn.exe (0x1420) 0x151C Search Server Common PHSts 0 Monitorable CSTS3Accessor::InitURLType fails, Url http://portal/, hr=80041205 - File:d:\office\source\search\search\gather\protocols\sts3\sts3acc.cxx Line:184
10/22/2008 10:59:04.23 mssdmn.exe (0x1420) 0x151C Search Server Common PHSts 0 Monitorable CSTS3Accessor::Init fails, Url http://portal/, hr=80041205 - File:d:\office\source\search\search\gather\protocols\sts3\sts3handler.cxx Line:243
10/22/2008 10:59:04.23 mssdmn.exe (0x1420) 0x151C Search Server Common PHSts 0 Monitorable CSTS3Handler::CreateAccessorExB: Return error to caller, hr=80041205 - File:d:\office\source\search\search\gather\protocols\sts3\sts3handler.cxx Line:261

Security Logs:
Logon Failure:
Reason: An error occurred during logon
User Name: mosscrawl
Domain: SPI
Logon Type: 3
Logon Process: Èù8
Authentication Package: NTLM
Workstation Name: MOSS2007
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: XX.XX.XX.XX
Source Port: 1417

[SOLUTION]
Perform the steps mentioned in the KB article below to fix this issue:
http://support.microsoft.com/kb/896861

Source: Ron Grzywacz's Blog

[MOSS2007/WSSv3] Login box when a normal user logs on, but not with admin

[ISSUE]
A logon box constantly appears when a users is trying to log onto a SharePoint site. Whatever the user enters, he cannot get onto SharePoint.

[CAUSE]
The environment on which we experienced this behaviour was locked down according to security guidelines. One of these guidelines was to strip the "Read & Execute" permissions on the C:\Windows folder from the local users group. The .NET Framework requires Execute permissions on the C:\Windows directory to operate properly and because SharePoint relies on .NET, users were prompted for credentials.

[SOLUTION]
Add the Execute permissions for the Users group on the C:\Windows folder or restore the permissions on the C:\Windows directory to default:
- Open a command prompt.
- On a domain controller, run
secedit /configure /db c:\windows\temp\seceditsv.sdb /cfg "c:\windows\security\templates\DC security.inf" /log c:\windows\temp\seceditsv.log
- On a non-domain controller, run
secedit /configure /db c:\windows\temp\seceditsv.sdb /cfg "c:\windows\security\templates\setup security.inf" /log c:\windows\temp\seceditsv.log

[MOSS2007/WSSv3] Using a clustered SQL named instance behind a firewall in SharePoint

[Issue]
For a customer I have been working on a new installation of SharePoint 2007. The environment has high availability requirements, so all components need to be redundant. The customer environment already contained a clustered SQL environment which we could use for SharePoint. We just needed to install a new SQL named instance, dedicated for the SharePoint 2007 installation.

For extra security, the SQL cluster was placed in a separate database VLAN, which was secured by a firewall. To enable communication between the SharePoint 2007 servers and the SQL named instance we opened UDP port 1434 and TCP port 4000 (port used by the instance).

After installing SharePoint 2007 on one server, I ran the SharePoint Products and Technologies Configuration Wizard to create a new farm/Configuration Database. When I used the <server>\<instance> format, SharePoint reported that it could not connect to the instance. It reported that the instance was not running, the server wasn’t a SQL server or a firewall was blocking the traffic.

[Reason]
After troubleshooting on the SharePoint and SQL servers, I turned to the firewall guys. With their troubleshooting tools we found out that:

• SharePoint connected to virtual SQL cluster name (ip 10.10.10.3) using the UDP protocol over port 1434 to determine the port of the SQL instance (see “Background Information”)


• The firewall allowed the traffic to the virtual SQL cluster name


• The server replied on the physical node ip address (ip 10.10.10.1) back to the server


• Because the server registered an outbound connection on the virtual SQL cluster name, it does not allow a reply on a different ip address and blocked the reply

Due to this behavior the SharePoint Config Wizard could not determine the port used by the instance and therefore could not connect to the instance.

After using Google we ran into the following article:
Unable to connect to a SQL Server named instance on a cluster

This issue is caused by the fact that the SQL Browser is not “cluster-aware”. It listens to all ip addresses of the server and replies always on the ip addresses of the physical node instead of on the ip address on which it received the request. The solution according to the blog post: Use SQL Server 2008 in which it is solved…….no real option at the moment.

[Solution]
To solve this issue, we created a ODBC System DSN which is configured to connect to the correct port directly and preventing the discovery process from happening:

• Start > Settings > Control Panel > Administrative Tools > Data Sources (ODBC)


• Tab System DSN


• Click Add


• Select SQL Server


• Enter the name you would like the DSN to have


• Enter a description


• Enter the name of the server


• Click Next


• Click “Client Configuration”
  Clear the “Dynamically determine port” checkbox and enter the port number of the SQL instance


• Click Next


• The connection is now checked. Click Finish to save the DSN

Now use the name of the DSN as the SQL server name.

[Background information]
When a named instance is used, in most cases that instance is running on a port which is chosen randomly at installation time (customizable afterwards). Any processes that would like to use that specific instance first connect to the SQL Browser (using UDP over port 1434), which supplies the port that the instance is running on. The process then connects to the specific port.

[MOSS2007] Error in search configuration after installing Infrastructure Update

The infrastructure update introduces a Search Administration page on the Shared Services. When creating a slipstream installation, this page is automatically created when creating the Shared Services. But when you install the Infrastructure Update on an existing environment, this page is not automatically created. It does change the breadcrumb trail on the Search pages of the Shared Services site, which cause some error messages. You cannot open the “Search Administration” page (http://<ssp_url>/ssp/admin/searchadministration.aspx).

To solve this, run the following commands:
stsadm.exe -o installfeature -name S2SearchAdmin
stsadm.exe -o activatefeature -name S2SearchAdmin -url http://<ssp_url>/ssp/admin -force

Usefull and Free SharePoint Tools (Part 2)

A while ago I posted a list of tools I ran into and found very usefull. Here is part 2: More usefull tools :-)

SharePoint Inspector
Using the SharePoint Inspector you can browse through the SharePoint object model, can see objects composing its structure, get their properties by reflection. This cool can be very useful when you want to check if your code does what it should do. You can use also some advanced features like activate/deactivate SharePoint features, add/remove event receivers, manage your recycle bin.

Link: SharePoint Inspector

SharePoint Manager
The SharePoint Manager 2007 is a SharePoint object model explorer. It enables you to browse every site on the local farm and view every property. It also enables you to change the properties (at your own risk). It is a very powerfull tool for developers that like to know what the SharePoint holds of secrets.

Link: SharePoint Manager

MS IT Site Delete Capture
Every had the unpleasant question of users if you could restore a site or site collection they accidentally deleted? The only way to do this by default is to perform a restore to a separate environment and use stsadm to extract the site and restore into your environment again. Even though SharePoint 2007 does have a recycle bin, this does not capture site or site collection deletions.

After you installed the Microsoft IT Site Delete Capture Feature 1.0 SharePoint administrators can intercept both site/web delete requests and archive the site/web to a resource local to the web front-end computer or UNC path before the site/web is removed from the configuration and content databases.

The Microsoft IT Site Delete Capture Feature 1.0 also exposes functionality allowing SharePoint administrators to send e-mail messages to the end-user indicating the site has been archived and deleted, any failure in the event receiver will generate an e-mail message to the end-user indicating that the site/web has not been deleted. The message format, text, and language are stored in a flexible, culture-independent extensible markup language configuration file.

Link: MS IT Site Delete Capture

SharePoint 2007 Test Data Population Tool
The SharePoint 2007 Test Data Population Tool is a capacity planning and performance testing tool that populates data for testing SharePoint deployments. The SharePoint 2007 Test Data Population Tool is available as a command-line executable program that extracts information about how to populate the server from an XML configuration file.

Use this tool to populate test data for SharePoint capacity planning. Also included are some sample test scripts that can be used for performance and load testing SharePoint and Excel Services with the test data. These tools are being provided as is and there is no ongoing support for these tools.

Link: SharePoint 2007 Test Data Population Tool

SharePoint Logging Spy
A lot of SharePoint 2007 environments consist of multiple servers. Each server is producing logs and in case of issues you always have to dig through multiple server logs. The SharePoint Logging Spy allows you real time diagnostics of multiple servers in a SharePoint farm using a single console view.

SharePoint Logging Spy is a real time diagnostic application for MOSS 2007 which allows a SharePoint administrator to view (and save to disk) the ULS Log & Event log entries from multiple machines in a SharePoint farm through a single console. NOTE - There is a known issue with Event Log Entries not being displayed from remote machines. SharePoint Logging Spy also allows the administrator to view the historic ULS logs on the farm using the same interface.
SharePoint Logging Spy also has a treeview which allows a developer or administrator to view the state of the current SharePoint enviroment. The Plug-in architechture allows for extensibility of the core application.

The application also provides drill downs for information regarding the thread or process which generated the log entries which are reported in the main screen. The thread and process information is collected on demand (when you click the menu) and is NOT historical therefore it is feasable that the process/thread may no longer exist when you ask for the information and you will get an empty result set.
To easy configuration there is a discovery wizard which will discover on-line servers in the farm and allow selective monitoring to begin.

Link: SharePoint Logging Spy

SharePoint SUSHI
SUSHI is a powerful, user-friendly SharePoint application enabling you to accomplish common SharePoint administrative and development tasks. You can think of SUSHI as a Swiss army knife for SharePoint.

SUSHI = SharePoint Utility with a Smart, Helpful Interface

SUSHI Tools
Administration
Security Reports: View all sites and lists a user has access to (VERY USEFULL!!!)
Profile Images Import: Upload Profile Images and Apply them to User Profiles.
Backup: Backup a site. Restore: Restore site from backup.
Email Test: Send a test email to make sure outbound email is set up correctly.

Lists
Copy View: Copy a view from one SharePoint list to another. Meta Data: Get detailed information about metadata in a list. Move metadata from one column to another for all items in a list. And more.
Bulk List: Creation Create a large number of subsites based on a site template.
Bulk Site Columns: Create Site Columns. Import Documents: Upload entire file structures from a file share into a document library.

Sites
Bulk Site Creation: Create a large number of subsites based on a site template.
Themes: Apply a Theme to many sites at once.

Link: SharePoint SUSHI

[MOSS2007/WSSv3] Technical Library content available as downloadable CHM file

Just recently Microsoft released the entire Technical Library for Windows SharePoint Services v3 and Office SharePoint Server 2007 in Compiled Help format (CHM) to be downloaded from their site:

Available here:
- Windows SharePoint Services 3.0 Technical Library in Compiled Help format
- Office SharePoint Server 2007 Technical Library in Compiled Help format

[MOSS2007] Error during editing navigation items

[ISSUE]
When trying to edit the navigation items in a site, I get the following error message:
"The page has been modified by another author on <time>"
.....even when I am 100% nobody is changing the navigation of this site.

The reason why I was editing the navigation was because some items were having some strange URL's:
/_layouts/viewlsts.aspx?BaseType=0?BaseType=0?BaseType=0?BaseType=0

[CAUSE]
After browsing on the Internet I found that this had been caused because I used the Content and Structure Manager to move a site. SharePoint has an issue, which is causing the behaviour above.

[SOLUTION]
To solve this issue, do the following:

• Remove all of the Document Libraries and lists from the navigation by:
• Open the list/library you want to remove from the quick launch
• Click Settings > List Settings (or Library Settings)
• Click on Title, description and navigation
• Choose No for Display this list on the Quick Launch?
• Remove all corrupted navigation items
• Readd the Lists/Libraries

[MORE INFO]
Technet Forum
Windows Tech
Blog Paul Gavin

[MOSS2007/WSSv3] SharePoint 2007 and Console Applications [UPDATED]

During a project, the developers created a console application which they wanted to schedule in Task Scheduler. This turned out to be a challenge because using console applications with SharePoint 2007 requires permissions on three locations. The service account will need to have the following permissions:

1.) Permissions on the SharePoint databases

• Open SQL Management Studio
• Go to Security > Logins
• Right click Logins and select New Login
• Enter account name and open User Mappings tab
• Select the master database, permissions public
• Select the config database (default SharePoint_Config), permissions public and WSS_Content_Application_Pools
• Select the content database (default format WSS_Content_), permissions public and db_owner

2.) Permissions on the SharePoint server

• Add the service account to the local administrator group (See update below)

3.) Permissions on the SharePoint site

• Grant the service account the required permissions in the SharePoint site
• For example: add to Site Owners group

[UPDATE] The service account doesn't need to be local admin on the server. You can use the following permissions as well:

• "Logon as batch job" in Local Security Policy
• Member of the local WSS_ADMIN_WPG group
• Grant the local group BATCH read permissions to C:\Windows\System32\cmd.exe to make sure the scheduled task can run batch scripts.

[MOSS2007] Error "Cannot complete this action. Please try again."

Over the past month I have been working on a major incident on our production SharePoint 2007 environment.

ISSUE:

When opening a sub site in a site collection by entering it url without default.aspx file, SharePoint would show an HTTP 500 error (Internal Server error). When you try to open the default.aspx file, SharePoint would display the error "Cannot complete this action. Please try again.". The symptoms were similar to:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;937038


CAUSE:
About a month ago a site administrator of a sub site noticed that the NT AUTHORITY\AUTHENTICATED USERS group was listed in the site members group. In other words, everybody who was authenticated in the domain or trusted domains had Contribute permissions. As you can imagine this was not supposed to happen, so he tried to delete the AUTHENTICATED USERS group from the members group. What the user exactly did and what happened is not really clear, but the the result was that the sub site was no longer reachable.

STEPS TAKEN:
After searching for a solution for about a day, we could not figure it out and called in the support of Microsoft. Unfortunately they also weren't very sure how to solve it, but did mentioned the possibility of installing SP1 which might solve the issue. On the other hand, the also feared that installing SP1 would fail because of the broken site. To be sure we prefered to test the installation of SP1 first. In the meantime, the users couldn't access their data and we had to fix that first.

The suggestion of Microsoft was to use stsadm -o export/import. We would restore a known good copy of the database to a restore environment, export the sub site tree, copy it to the production environment and import on top of the broken sub site. Unfortunately this did not work, we received the same error. The alternative was to restore to a new sub site. The import started fine, but after about seven hours stsadm crashed! Also a second import crashed......now what.

We had bought MetaLogix Migration Manager to migrate content from file shares, ASP/HTML websites and other SharePoint environments into our new central MOSS2007 environment. So we gave that tool a go. Fortunately that worked. After several hours, the data was available again for the users.

FIX THE PRODUCTION ENVIRONMENT:
I wanted to test the installation of SP1 on a copy of that site collection. I tried to use stsadm -o backup/restore to copy the production site collection and to a restore environment. The backup went fine, but restore failed after 8 to 10 hours :-(

I then tried to create a backup of the entire database, restore that to the restore database server and attach to an empty web application. Fortunately that worked and I had an environment to test SP1 on. The installation of SP1 completed successfully and we now know that we can install SP1 without any issues on the environment.

KEY INFO:
The entire site collection was about 48GB of size. The sub site tree was about 25GB. Moveing the data using the default stsadm tools, did not work. It looks like stsadm is having some issues with large sites.

According to Microsoft Product Support, SP1 contains stored procedures which check and fix security issues. They weren't sure if those stored procedures would fix our issue. Obviously it did :-)

[MOSS2007] Version 2.0 of my Installation Guide has just been released

I finally had the time to complete a new version of my MOSS2007 Installation Guide and have just uploaded it. This new version includes installing Service Pack 1 for the .NET 2.0 and 3.0 Frameworks and MOSS2007. I also added the SQL Server 2005 SP2 Cumulative Update Pack and an IIS fix, which solves an issue which caused the error message "Attempted to read or write protected memory" in the event log.

The new version can be downloaded here: HOWTO - Install MOSS2007 v2.0

And again: if you have any comments or additions, please let me know!

Have fun!

[MOSS2007] Hotfixes to clear up 95% off the MOSS2007 event logs errors

Last week a colleague of mine send me an e-mail about the patches and hotfixes that are currently available and fix about 95% of all event log error messages:

---------------------------------------------------------------------
Hi Folks,

As promised, here’s a list of Microsoft hotfixes and patches that cleared up 95% of the MOSS 2007 event log errors:-

It’s assumed that you’ve already installed WSS v3.0 Service Pack 1 and MOSS 2007 Service Pack 1

As always, read the release notes and any associated guidance before applying.

KB923028 - Attempted to read or write protected memory
http://support.microsoft.com/kb/923028
Also fixed in .NET Framework Service Pack 1: http://support.microsoft.com/kb/945757

KB933061 - WMI Hotfix
http://support.microsoft.com/kb/933061
Note: This one was geared more towards fixing issues with SQL Server Reporting Services (SSRS) 2005. Might want to install this if you’re using the SSRS 2005 SharePoint Add-In.

KB946608 - SQL Server Cumulative Update 6
http://support.microsoft.com/kb/946608
Note: Once again, geared towards the SSRS 2005 Add-In. This MUST be installed if you are using the SSRS 2005 Add-In for SharePoint

KB941274 - MOSS 2007 Post SP1 Hotfix
http://support.microsoft.com/kb/941274
Note: Several WSS v3.0/MOSS 2007 fixes included in this Hotfix package

KB946517 - IIS6 Multiple Thread Fix
http://support.microsoft.com/kb/946517

Happy Hotfixing!
---------------------------------------------------------------------

[MOSS2007] License has expired error

ISSUE:
Users got the error message "Your licence for Office Server Search has expired" when performing a search or when opening a page which contained a web part that used the search.

CAUSE:
The other day I had to install some language pack on a MOSS2007 environment. After installing a language pack, you need to run the Configuration Wizard. But because people were working on the environment and the Configuration Wizard stops some services, I waited until a more suitable time to run the wizard.

While troubleshooting the issue I noticed that permissions on the registry were gone. So MOSS2007 wasn't able to read the license information and therefore reverts to expired mode, presenting the users with the error mentioned above.

Putting two and two together: Installing a language pack resets some permissions on the file system and/or registry. This is corrected when you run the Configuration Wizard.

RESOLUTION:
After running the Configuration Wizard, all problems were solved.

LESSON LEARNED:
Do not install language packs when you cannot run the Configuration Wizard immediately afterwards.

[MOSS2007] Fix for Event ID 6398 - Corrupted Memory

ISSUE:
On several environments I ran into an issue which logged an event in the event log (event id 6398). The following event occures regularly:

Event Type: Error
Event Source: Windows SharePoint Services 3
Event Category: Timer
Event ID: 6398
Date: 17-9-2007
Time: 9:38:18
User: N/A
Computer: Webserver
Description:The Execute method of job definition Microsoft.Office.Server.Administration.ApplicationServerAdministrationServiceJob (ID 3dc44d7a-008a-4c71-8e96-8c19da3d2ce2) threw an exception. More information is included below.

Attempted to read or write protected memory. This is often an indication that other memory is corrupt.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

RESOLUTION:
At first I found some solutions which directed me to a .NET patch (KB923028, also included in .NET v2.0 SP1). This patch solved the issue for a short time, but after a while the messages reappeared.

Last week I found KB article 946517, which provides a fix for IIS. This patches fixes the issue mentioned above. The message never appeared again.

[MOSS2007] "Database Default Locations" ignored by SharePoint 2007

PROBLEM:
While installing a new environment today, I changed the "Database Default Locations" setting in SQL Server 2005 to make sure the database files and log files were created on a certain location. Testing by creating a database manually in the SQL Management Studio worked, but when I ran the SharePoint Configuration Wizard the databases were created in the old location.

CAUSE
After some troubleshooting I found out that SharePoint somehow retrieves the old setting until SQL Server 2005 has been restarted (reboot of the server or restart of the services). Why this is I have no clue.

RESOLUTION
Just restart SQL Server 2005 and try again. The new databases are now created in the correct place.

Usefull and Free SharePoint Tools (Part 1)

Over the past few months I have been working with several tools for SharePoint. Some of these tools I find very usefull:

DAVCopy
When you need to copy a lot of data to SharePoint (for example from a file share), doing this manually is:

1. A lot of work
2. Not easy to do, especially when you need to upload a directory structure. You have to use the explorer view
3. Not really IT like (script what you can script, better lazy than tired :-)

Browsing through the Internet I ran into a tool called DAVCopy. This tool can upload files and directories to SharePoint, with the same functionality as XCopy. For example /E for subdirectories including empty ones.

The tool has some shortcomings though:

1. As most of you probably already know, SharePoint doesn't accept certain characters in filenames (http://blogs.msdn.com/joelo/archive/2007/06/27/file-name-length-size-and-invalid-character-restrictions-and-recommendations.aspx). Just like copying with the Explorer view, DAVCopy just tries to upload the files without checking any illegal characters. A good thing is that DAVCopy logs the error and skips the illegal file.
   
   To get around this issue I created my own filename checker script, which corrects all illegal characters before running DAVCopy.
2. The logging of the tool is very limited. It can only write logging to the console. A nice logging to a text file and especially a good summary will be a great improvement!

Link: DAVCopy

SharePoint 2007 Shared Services Provider User Profile Property Replicator
On a lot of projects we are using a development/test/acceptance/production strategy. Each environment must have its own settings. When migrating a solution to a new environment, all required settings need to be migrated as well. One of these settings are the custom User Profile Properties. A solution I recently deployed required these properties to be present before it started to work.

Creating these properties manually is not only time consuming, but also susceptable to errors. The User Profile Property Replicator tool is able to export and import these properties using XML files. I created an export of all properties in my development environment, changed the XML file to just include my custom properties and used this file to create the properties on all other environments. Quick, easy and without errors!

The only thing that can be improved is changing properties. When importing a property that already exists, the tool skips this property. I would like to see that the tool would update the property instead of skipping it. This is especially usefull when using big choice lists!

Link: MOSS Profile Replicate

Sharepoint Shared Services Search Provider Property Creation
Just like the tool above, this tool is able to export and import properties to/from XML files. Only this tool can export and import crawled properties, managed properties, content sources and search scopes.

A solution I had to deploy was relying on crawled and managed properties. To be able to map crawled properties to managed properties, the indexer first needed to discover these crawled properties in documents or content types. Using this tool I was able to export all managed and crawled properties from my development environment, change the exported XML files and import these properties into other environment. Again quick, easy and without errors!

Link: MOSS Provider Property Creation

SharePoint 2007 Shared Services Provider User Profile Importer
SharePoint is able to import settings from a external source (Active Directory, BDC source, etc) and map these values to certain profile fields. The external source is then leading for that property. But for some fields, you might not have an external source available but do want the field populated. Using the Profile Importer you can. Just create a XML input file and a XML mapping file (map the used XML tags in the input file to User Profile Property field) and off you go.

After creating my own User Profile Property, I would like to have certain values populated for certain users. Unfortunately these values were not in the Active Directory, so I could not sync them from AD. Using the Profile Importer tool I am able to populate the values I want into the fields I want for the users I want. All and all a great tool!

Link: MOSS Profile Import

SharePoint Solution Installer
As of SharePoint 2007 all custom components can be deployed using the Solution Deployment framework. Developer just have to place their solutions into a wsp package, which can then be imported into SharePoint 2007 and deployed to all servers.

Importing and removing wsp files into SharePoint 2007 must be done using the stsadm command, after which the solutions can be deployed from the Central Admin. The steps become difficult when you try to deploy a new version of a wsp file:

1. Retract the old version from the Central Admin
2. Use stsadm to remove the old version from solution deployment
3. Use stsadm to add the new version to solution deployment
4. Deploy the new version from the Central Admin

In other words switching between tools a lot. There must be an easier way!

And with the SharePoint Solution Installer there is! The tool first checks if SharePoint is installed, then if you have sufficient permissions to perform a deployment, if the Administration and Timer services are running and if the solution is already installed. If this is not the case, you can choose the web application to which the solution must be deployed. If it is installed, you can select to remove or repair (!!!!) the solution. In case of a repair, the tool automatically performs the four steps above automatically.

Installing wsp files made easy!!

Link: Sharepoint Solution Installer

SSL cannot find private key

ISSUE
Last week I generated a certificate request in IIS and requested an SSL certificate. Today I tried to install the recieved certificate, but after "Processing the request" the certificate was damaged. I was able to locate it in the Certificates MMC, but while trying to export the certificate the wizard came with the message "A private key cannot be found".
When I tried to apply the certificate to a IIS web site, the web site couldn't be reached using https. No error messages were reported.

TROUBLESHOOTING STEPS
I found the Microsoft SSL Diag tool on the Microsoft site and used this tool to troubleshoot. It came back with the error ""You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed"".

CAUSE
The above issue was caused by the fact that permissions on files in the following directory were incorrect:C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeysThis directory contains files with the server's private keys. Due to the incorrect permissions, was the server unable to read the certificate private keys.

RESOLUTION
I reapplied the security settings of the directory to all files by opening the properties of the directory, select the security tab, click the Advanced button, select the "Replace permission entries on all child objects with entries show here that apply to child objects" and click OK.
The server was now able to read the private key files and therefore able to use the certificate.

[MOSS/WSSv3] MOSS and WSSv3 Service Pack 1 released!

Yesterday Microsoft released Service Pack 1 for MOSS and WSSv3.

"For information on what's included in the service pack view the Announcing WSS 3.0 and MOSS SP1 article from TechNet. This information will be important from both a business and technical perspective to support installing SP1. The KB "Description of Windows SharePoint Services 3.0 Service Pack 1 and of Windows SharePoint Services Language Pack 3.0 Service Pack 1" in addition is a must read. It includes a link to a list of fixes included in WSS SP1. For Office SharePoint Server 2007 SP1 another KB has been posted with a downloadable Office Servers list of fixes."

Note: For SharePoint Server 2007 environments, WSS 3.0 SP1 should be installed before SharePoint Server 2007 SP1.

Download WSS 3.0 SP1
SP1 existing deployments:
Windows SharePoint Services 3.0 SP1, 32-bit edition and 64-bit edition
Windows SharePoint Services Language Pack 3.0 SP1, 32-bit edition, 64-bit edition

Download Office SharePoint Server 2007 SP1 (includes SP1 for Project Server, Forms Server, and Groove)
Office SharePoint Server 2007 SP1 32-bit edition and 64-bit edition
Office SharePoint Server 2007 Language Pack 3.0 SP1 32-bit edition, 64-bit edition

Download SharePoint Designer 2007 SP1
SharePoint Designer SP1
SharePoint Designer Language Pack SP1

Source: http://blogs.msdn.com/sharepoint/archive/2007/12/11/announcing-the-release-of-wss-3-0-sp1-and-office-sharepoint-server-2007-sp1.aspx

[MOSS/WSSv3] Antivirus exclusions in SharePoint 2007

A few weeks ago I installed two SharePoint 2007 (MOSS) environments at a customer. Both environments were create in VMware ESX and had one database server and one SharePoint 2007 server. The ESX administrator noticed that the CPU of both SharePoint 2007 servers used a lot of performance for about 15-20 seconds each minute. Process Explorer to the rescue!!

The System process on the server was using this CPU time and using Process Explorer I was able to track the usage to the tmxpflt.sys thread. This file was part of the TrendMicro OfficeScan product, so the CPU usage was an AV issue. I searched the Internet for antivirus exclusions for SharePoint 2007, but wasn't able to find any exclusion information for SharePoint 2007. This ment I had to do the troubleshooting myself.

After some more troubleshooting I found out that:

• The Windows SharePoint Services Timer service started a job every minute which caused the issue. When I stopped this service, the CPU didn't spike at all.
• The Windows SharePoint Services Administration service was running the job. When I stopped this service when the CPU was high, the usage immediately dropped.
• The Windows SharePoint Services Administration service was writing some logging in the file WSS_AdminService.log, which was located in the directory C:\Documents and Settings\Default User\Local Settings\Temp.
• The WSS_AdminService.log file was about 65MB. TrendMicro OfficeScan scanned the file before the Administration service was able to write in it. With 65MB, this took some time and processing power.

After deleting the log file, the CPU usage didn't spike at all, so I excluded the C:\Documents and Settings\Default User\Local Settings\Temp directory which solved all issues!

So one exclusion for your Antivirus software when using SharePoint 2007: C:\Documents and Settings\Default User\Local Settings\Temp

[MOSS/WSSv3] Moving sites between content databases

With the release of the Public Hotfix of October 9th (WSSv3 KB934525/MOSS2007 KB937832), StsAdm has gotten a new operation, the Mergedbs operation. A very cool operation, with which administrators are able to move sites from one content database to another!!

On his blog, Todd Klindt describes how to use the operation:
"On multiple occasions as a SharePoint administrator I have needed to move a Site Collection from one Content Database to another one. In the past this process was very painful and very manual. In this blog post I will show you how to move Site Collections between Content Databases with a single STSADM command using the "mergedbs" operation that was introduced in KB934525."

[MOSS/WSSv3] WSS Logs grow fast after installing patch

After installing some MOSS environments I got some messages about the logs in C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\LOGS which grew enormously. In one occasion the logs became 250+ MB in half an hour, filling up the C drive rappidly.

On the Microsoft site I ran into article KB941789 which described a solution. After performing the steps, the log stops growing fast.

[MOSS] New version of the MOSS Installation Guide

I have just uploaded a new version of the MOSS Installation Guide. This time these things are added:

• Installation of Public Update of October 9th
• Default configuration steps of MOSS
• Some extra steps to correct issues with the Public Update

The new version can be downloaded here

Please let me know if you have any updates/questions about the guide by posting a comment!

Have fun installing!!

[MOSS/WSSv3] Bug in SharePoint Public Hotfix of October 9th

Recently I have installed the MOSS and WSS public hotfix of October 9th (WSS 3.0 - KB934525, MOSS 2007 KB937832) on several environments. After the installation I noticed that DCOM errors were added to the eventlogs. I troubleshooted the issues and it turns out that the WSS and MOSS patches are resetting the permissions on the OSearch and SPSearch DCOM objects.

Before installing the hotfixes the security settings on both objects were:

• Administrators
• <MOSS Configuration Database account>
• <MOSS Search account>
• SYSTEM
• WSS_ADMIN_WPG
• WSS_WPG

All account had "Local Activation" and "Local Launch" permissions.



After installing the WSS patch the security settings on the SPSearch DCOM object were reset to default settings.
After installing the MOSS patch the security settings on the SPSearch DCOM object were reset to default settings.

• Administrators
• LOCAL SERVICE
• SYSTEM

Fortunatelly this was solved easily by adding the WSS_ADMIN_WPG and WSS_WPG groups to the OSearch and SPSearch object and granting them "Local Activation" and "Local Launch" permissions.

How to determine the DCOM settings??

• Start > Run
• dcomcnfg
• Component Services > Computers > My Computer >DCOM Config
• Select object OSearch or SPSearch
• Right click > Properties
• Select tab Security
• Click Edit at "Launch and Activation Permissions"

[iFilter] Adobe released a work around for the PDF iFilter in x64

"Finally Adobe has come up with an interim solution to address the non-availability of a 64 bit ifilter. Now one can use the 32-bit Adobe IFilter on 64-bit platforms after installing a DCOM addin from Adobe. The installation instructions can be found on the Adobe Labs Wiki .

This is a great oppurtunity for folks who have a 64-bit installation of Microsoft Office Sharepoint Server 2007 and want to index pdf documents, but do not want to spend money on a 64-bit FOXIT IFilter."
Source: Filter Central