Wednesday, December 12, 2007

[MOSS/WSSv3] MOSS and WSSv3 Service Pack 1 released!

Yesterday Microsoft released Service Pack 1 for MOSS and WSSv3.

"For information on what's included in the service pack view the Announcing WSS 3.0 and MOSS SP1 article from TechNet. This information will be important from both a business and technical perspective to support installing SP1. The KB "Description of Windows SharePoint Services 3.0 Service Pack 1 and of Windows SharePoint Services Language Pack 3.0 Service Pack 1" in addition is a must read. It includes a link to a list of fixes included in WSS SP1. For Office SharePoint Server 2007 SP1 another KB has been posted with a downloadable Office Servers list of fixes."

Note: For SharePoint Server 2007 environments, WSS 3.0 SP1 should be installed before SharePoint Server 2007 SP1.

Download WSS 3.0 SP1
SP1 existing deployments:
Windows SharePoint Services 3.0 SP1, 32-bit edition and 64-bit edition
Windows SharePoint Services Language Pack 3.0 SP1, 32-bit edition, 64-bit edition

Download Office SharePoint Server 2007 SP1 (includes SP1 for Project Server, Forms Server, and Groove)
Office SharePoint Server 2007 SP1 32-bit edition and 64-bit edition
Office SharePoint Server 2007 Language Pack 3.0 SP1 32-bit edition, 64-bit edition

Download SharePoint Designer 2007 SP1
SharePoint Designer SP1
SharePoint Designer Language Pack SP1


Monday, December 10, 2007

[MOSS/WSSv3] Antivirus exclusions in SharePoint 2007

A few weeks ago I installed two SharePoint 2007 (MOSS) environments at a customer. Both environments were create in VMware ESX and had one database server and one SharePoint 2007 server. The ESX administrator noticed that the CPU of both SharePoint 2007 servers used a lot of performance for about 15-20 seconds each minute. Process Explorer to the rescue!!

The System process on the server was using this CPU time and using Process Explorer I was able to track the usage to the tmxpflt.sys thread. This file was part of the TrendMicro OfficeScan product, so the CPU usage was an AV issue. I searched the Internet for antivirus exclusions for SharePoint 2007, but wasn't able to find any exclusion information for SharePoint 2007. This ment I had to do the troubleshooting myself.

After some more troubleshooting I found out that:
  • The Windows SharePoint Services Timer service started a job every minute which caused the issue. When I stopped this service, the CPU didn't spike at all.
  • The Windows SharePoint Services Administration service was running the job. When I stopped this service when the CPU was high, the usage immediately dropped.
  • The Windows SharePoint Services Administration service was writing some logging in the file WSS_AdminService.log, which was located in the directory C:\Documents and Settings\Default User\Local Settings\Temp.
  • The WSS_AdminService.log file was about 65MB. TrendMicro OfficeScan scanned the file before the Administration service was able to write in it. With 65MB, this took some time and processing power.

After deleting the log file, the CPU usage didn't spike at all, so I excluded the C:\Documents and Settings\Default User\Local Settings\Temp directory which solved all issues!

So one exclusion for your Antivirus software when using SharePoint 2007: C:\Documents and Settings\Default User\Local Settings\Temp

Wednesday, December 05, 2007

[MOSS/WSSv3] Moving sites between content databases

With the release of the Public Hotfix of October 9th (WSSv3 KB934525/MOSS2007 KB937832), StsAdm has gotten a new operation, the Mergedbs operation. A very cool operation, with which administrators are able to move sites from one content database to another!!

On his blog, Todd Klindt describes how to use the operation:
"On multiple occasions as a SharePoint administrator I have needed to move a Site Collection from one Content Database to another one. In the past this process was very painful and very manual. In this blog post I will show you how to move Site Collections between Content Databases with a single STSADM command using the "mergedbs" operation that was introduced in KB934525."

[MOSS/WSSv3] WSS Logs grow fast after installing patch

After installing some MOSS environments I got some messages about the logs in C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\LOGS which grew enormously. In one occasion the logs became 250+ MB in half an hour, filling up the C drive rappidly.

On the Microsoft site I ran into article KB941789 which described a solution. After performing the steps, the log stops growing fast.

Thursday, November 29, 2007

[MOSS] New version of the MOSS Installation Guide

I have just uploaded a new version of the MOSS Installation Guide. This time these things are added:
  • Installation of Public Update of October 9th
  • Default configuration steps of MOSS
  • Some extra steps to correct issues with the Public Update

The new version can be downloaded here

Please let me know if you have any updates/questions about the guide by posting a comment!

Have fun installing!!

Wednesday, November 21, 2007

[MOSS/WSSv3] Bug in SharePoint Public Hotfix of October 9th

Recently I have installed the MOSS and WSS public hotfix of October 9th (WSS 3.0 - KB934525, MOSS 2007 KB937832) on several environments. After the installation I noticed that DCOM errors were added to the eventlogs. I troubleshooted the issues and it turns out that the WSS and MOSS patches are resetting the permissions on the OSearch and SPSearch DCOM objects.

Before installing the hotfixes the security settings on both objects were:

  • Administrators
  • <MOSS Configuration Database account>
  • <MOSS Search account>

All account had "Local Activation" and "Local Launch" permissions.

After installing the WSS patch the security settings on the SPSearch DCOM object were reset to default settings.
After installing the MOSS patch the security settings on the SPSearch DCOM object were reset to default settings.

  • Administrators

Fortunatelly this was solved easily by adding the WSS_ADMIN_WPG and WSS_WPG groups to the OSearch and SPSearch object and granting them "Local Activation" and "Local Launch" permissions.

How to determine the DCOM settings??
  • Start > Run
  • dcomcnfg
  • Component Services > Computers > My Computer >DCOM Config
  • Select object OSearch or SPSearch
  • Right click > Properties
  • Select tab Security
  • Click Edit at "Launch and Activation Permissions"

Monday, November 19, 2007

[iFilter] Adobe released a work around for the PDF iFilter in x64

"Finally Adobe has come up with an interim solution to address the non-availability of a 64 bit ifilter. Now one can use the 32-bit Adobe IFilter on 64-bit platforms after installing a DCOM addin from Adobe. The installation instructions can be found on the Adobe Labs Wiki .

This is a great oppurtunity for folks who have a 64-bit installation of Microsoft Office Sharepoint Server 2007 and want to index pdf documents, but do not want to spend money on a 64-bit FOXIT IFilter."
Source: Filter Central

Thursday, October 18, 2007

[MOSS/WSSv3] Solving issues after installing a patch

Last week I installed ForeFront for SharePoint on our SharePoint 2007 servers. Unfortunatelly the version on the CD did not contain SP1, causing some issues which were solved in SP1. So I decided to upgrade to SP1. The ForeFront Security for SharePoint blog had a post which describes how to install ForeFront Security for SharePoint SP1.

Step 1 of this description was installing the SharePoint hotfix package KB936867. After installing this patch, you are required to run the SharePoint Products and Technologies Configuration Wizard, so I did......and here is where the problems all started.

At step 7 of the Config Wizard, the wizard went into an infinite loop. A reboot was the only solution.

After the reboot, running the Config Wizard again resulted in a nice error message "The Configuration Wizard is already running on another server". I kinda was stuck. Fortunately Microsoft knew the answer to my problems. They recommended me to run the following command:

psconfig –cmd upgrade –inplace b2b –wait –force

Afterwards I also installed the public updates, released on October 9th:
Public Update October 9th - WSS3.0
Public Update October 9th - MOSS2007
Everything seemed fine.......

After a few days I noticed that on my second webserver the Status of the "Windows SharePoint Services Web Application" role was stuck on "Upgrading".On the Microsoft Forum I found the following post:
Need Help after applying Hotfix May 8 - MSDN Forums

Unfortunately the answer wasn't posted there yet, but my reply on the post got a real quick answer saying I needed to run the following command:
stsadm -o provisionservice -action start -servicetype SPWebService

This solved the issue and everything was back up and running!!

Tuesday, September 25, 2007

[SPS2003/WSSv2] Service Pack 3 released

Microsoft has just release Service Pack 3 for SPS2003 and WSSv2.

Microsoft Windows SharePoint Services Service Pack 3 (SP3) contains stability improvements and performance improvements. Some fixes that are included with Windows SharePoint Services SP3 were previously released in separate updates. Windows SharePoint Services SP3 combines the previously released fixes into one update.

Microsoft Office SharePoint Portal Server 2003 Service Pack 3 (SP3) contains significant security improvements. Some fixes that are included in SharePoint Portal Server 2003 SP3 were previously released as separate updates. This service pack combines these updates into one update.

Wednesday, September 12, 2007

List columns in SPS2003/WSSv2 and MOSS2007/WSSv3

In SharePoint 2003/WSSv2 there were some limitations on the number of columns of a certain type:

Lists in Windows SharePoint Services can only contain a certain number of fields or columns. If a list in your site contains too many fields or columns, it are not migrated. You must manually re-create the list. Note that this includes surveys. The maximum numbers for fields and columns are:

  • 64 text fields, including the following field types: Single line of text, Choice, Hyperlink, or Picture.
  • 16 Lookup fields
  • 16 Date and Time fields
  • 16 Yes/No fields
  • 32 Number and Currency fields
  • 32 Multiple lines of text fields
WSSv2 Admin Guide

In MOSS2007/WSSv3 these limitations are gone. The only limitations is the performance of your list: Sharepoint 2007 - Column Limits

[SPS2003] Issue with "Add link to site" option

A colleague of mine ran into an issue with the ‘Add link to site’ option in Site Creation. After clicking the OK button nothing happens. This issue is being discussed in newsgroeps and possibly being caused by hotfix: KB933854

Someone created a solution for this issue, by changing some code in the newform.aspx file. After applying this solution, the issue was solved. More info can be found at: SPS2003 Add Link to Site not working

Changes to newform.aspx:
1. Open this file in a text editor:
C:\Program Files\Common Files\Microsoft Shared\web server
(Replace [LCID] with your locale identifier, 1033 for English)
2. Find this code fragment:

<SPSWC:InputFormButtonSection runat="server">
<SPSWC:InputFormButtonAtBottom ID="ButtonOk" runat="server"
<SPSWC:InputFormButtonAtBottom ID="ButtonCancel" runat="server"
TextLocId="Page_CancelButton_Text" visible="false" />

3. Replace it with this code fragment:
<SPSWC:InputFormButtonSection runat="server">
<!-- Workaround for WIN2003SP2 issue:
<input type="button" value=" OK "
onclick="document.forms[0].submit()" />
<!-- <SPSWC:InputFormButtonAtBottom ID="ButtonOk" runat="server"
TextLocId="Page_OkButton_Text"/> -->
<!-- End workaround -->
<SPSWC:InputFormButtonAtBottom ID="ButtonCancel" runat="server"
TextLocId="Page_CancelButton_Text" visible="false" />

4. That's it!!

Wednesday, August 01, 2007

MOSS2007 Installation guide

Over the past few weeks I have been working on an installation guide for MOSS2007. I have updated a document I created earlier with new insights and am glad to announce that it is available for download!!

Available here:Microsoft Office SharePoint Server 2007 Installation Guide

[UPDATE: A new version has been released. More info, see this post]

Wednesday, July 18, 2007

Mail Merge and Microsoft Office SharePoint Server 2007

In Word 2007 you have the possibility to merge a document template with data from a data source, creating for example a mailing very easily. The data source can be various types of documents, like Excel, Word or Access files. But it turns out that Word 2007 cannot handle data source documents on an http location.

When opening a mail merge template document and you try to connect a source document which is located on a SharePoint site (Mailings > Select Recipients > Use Existing Lists > My Network Places > Select document on SharePoint site), Word 2007 gives the error message “This file could not be found”. A workaround is to download the source document to the local computer (for example the desktop) and connect it there. The downside is that you have to download the document each time you want to do a mail merge.

Hopefully this issue will be fixed in the next Office Service Pack.

Monday, July 16, 2007

[MOSS2007] The inner workings of the MySite functionality in MOSS2007

In SharePoint 2007 users have the possibility to create a personal site called MySite. This site can be used to store and share documents and other data (contacts list, calendar, etc). A MySite has two parts, a personal and a public part. On the personal part of the MySite, users can edit their details, add colleagues, upload and share documents, etc. The public part is available for other users. Here the details of the user are shown and the users can access the shared documents.

The personal part of a MySite is a site collection in a web application. When accessing you personal part for the first time, a site collection is created in the web application which you configured during the configuration of the Shared Services Provider (SSP).

During this SSP configuration, the config wizard also creates a MySite Host. This is a site which redirects you to your very own MySite when you try to access it. It also provides the public part of the MySite and other generic MySite pages.

Why am I talking about this MySite Host?? Because that MySite Host determines in which language parts of you MySite are shown. When creating a MySite (with multiple language packs installed) you are asked in which language you want your MySite to be created. But this is only the private part (the site collection).

On an environment I installed recently, I had installed and configured MOSS2007. After I created a SSP (sharedservices.) and MySite WebApp (mysite.), configured the SSP and created a site collection WebApp (portal.). Then I installed the Dutch language pack and created the first site collection based on the dutch Collaboration Portal template.

During testing of the portal I ran into some issues with some parts of the MySite being in Dutch and some parts being in English. After some testing I found out about the MySite Host (root of the mysite. webapp). Because the language pack hadn’t been installed while configuring the SSP, the MySite host had been installed using the English template. To solve this issue I deleted the MySite Host site collection and recreated the site collection, using the Dutch template and voila….all of the MySite is in Dutch!!

So if you are using language packs for MOSS2007 and notice that some parts of the MySite are in English instead of the language of your language pack, just delete the MySite Host site and recreate it using the localized version of the MySite Host template (can be found under the Enterprise tab).

Friday, July 13, 2007

[MOSS2007] Issues with web part toolbars and audiences/Active Directory groups

Over the past few days I ran into some small but very annoying issues with SharePoint 2007:

The first is with a document library web part. After placing a document library web part on a page and configuring it with a “Full Toolbar”, I wanted to change some fields which are shown in the web part. I opened the “Modify This Web part” menu, clicked “Edit current view”, made some changes and clicked Ok. When the web part page was shown, the Full Toolbar had switched back to the Summary Toolbar. Also the “Modify This Web part” sidebar was closed. It meant I had to open the sidebar again and configure the Full Toolbar again. Very annoying behavior!

The second issue is when you are using Active Directory groups in audiences. In SharePoint 2003, using audiences meant creating special audiences which are compiled according to predefined rules. As of SharePoint 2007 it is possible to use AD groups directly as an audience. When a user is a member of that group, the item or web part is shown to the user.
On a page I had several web part configured with AD group audiences. In the AD I moved the groups to a different OU and after a profile import my web parts weren’t shown to anyone any more. Some troubleshooting revealed that the groups were in the profile list twice, one for the old OU and one for the new OU. Because they had exactly the same name, I could not determine which group was the correct one. I added both groups to the web part audience to get it working again.
Looks like SharePoint is looking at the absolute DN when using AD groups in audiences. Now I am hoping the “old” groups will disappear automatically……not really sure.

Tuesday, July 03, 2007

Add SharePoint sites to "My Network Places"

When browsing SharePoint sites, Windows sometimes adds these sites to the "My Network Places" on your XP box. This enables you to easily save documents right from Word for example into SharePoint. Unfortunatelly I have noticed that Windows XP not always adds SharePoint sites to the My Network Places automatically.

On a forum I found a solution for this issue. A guy named DonQ created a vbs script which I used in my logon script. Depending on group memberships, SharePoint sites are automatically created for the users while logging in.

The script I used as a starting point is:
'Create Network Folder
'This is a fix to the original, which I found did not handle URLs
'longer than 44 characters.

Option Explicit

Sub CreateNetworkFolder(siteURL, siteName)

Dim iRes, jRes, MT, TT
Dim SH, newPath
Dim objFso, f, fs, g

Dim bString
Dim ltrIndex
Dim nameLength, urlLength, urlCutoff
Dim aFile

'ForWriting (2) is the attribute to be set when writing to a file.
Const ForWriting = 2

nameLength = Len(siteName)
urlLength = Len(siteURL)
'44 seems to be the length where we have to change a 00 to a 01.
urlCutoff = 44

MT = "OK to create a My Network Places " & vbCr & "folder for " & siteURL &amp;amp;amp;amp;amp;amp;amp; vbCr & "named " & siteName & "?"
TT = "My Network Places"
iRes = MsgBox(MT, vbOKCancel + vbInformation, TT )

Set objFso = CreateObject("Scripting.FileSystemObject")

If iRes = vbCancel Then
End If

Set SH = WScript.CreateObject("WScript.Shell")

'Create the folder under NetHood that will hold the target.lnk file
newPath = SH.SpecialFolders("NetHood") & "\" & siteName

If (objFso.FolderExists(newPath)) Then
WScript.Echo "A Network Place with that name already exists."
End If


'We ceate a Desktop.ini file
Set fs = CreateObject("Scripting.FileSystemObject")
aFile = newPath & "\Desktop.ini"

Set f = fs.OpenTextFile( aFile, ForWriting, True )

'Write the data lines that will make this a folder shortcut.
f.WriteLine "[.ShellClassInfo]"
f.WriteLine "CLSID2={0AFACED1-E828-11D1-9187-B532F1E9575D}"
f.WriteLine "Flags=2"
f.WriteLine "ConfirmFileOp=0"

'We make Desktop.ini a system-hidden file by assigning it attribute of 6
Set fs = CreateObject("Scripting.FileSystemObject")
Set g = fs.GetFile(newPath & "\Desktop.ini")
g.Attributes = 6

'We make the folder read-only by assigning it 1.
Set fs = CreateObject("Scripting.FileSystemObject")
Set g = fs.GetFolder(newPath)
g.Attributes = 1

'This is where we construct the target.lnk file byte by byte. Most of the lines are shown in 16 byte chunks,
'mostly because that is the way I saw it in the Debug utility I was using to inspect shortcut files.

'Line 1, 16 bytes
bString = Chr(&amp;amp;amp;amp;amp;amp;amp;H4C) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H01) & Chr(&H14) & Chr(&H02) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&HC0) & Chr(&H00) & Chr(&H00) & Chr(&H00)

'Line 2, 16 bytes
bString = bString & Chr(&amp;amp;amp;amp;amp;amp;amp;H00) & Chr(&H00) & Chr(&H00) & Chr(&H46) & Chr(&H81) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00)

'Line 3, 16 bytes
bString = bString & Chr(&amp;amp;amp;amp;amp;amp;amp;H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00)

'Line 4., 16 bytes. 13th byte is significant.
bString = bString & Chr(&amp;amp;amp;amp;amp;amp;amp;H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H01) & Chr(&H00) & Chr(&H00) & Chr(&H00)

'Line 5. 13th byte is significant.
bString = bString & Chr(&amp;amp;amp;amp;amp;amp;amp;H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00)

'When I was analyzing the next byte of shortcuts I created, I found that it is set to various values,
'and I have no idea what they are referring to. In desperation I tried substituting some values.
'00 caused a crash of Explorer. FF seeems to work fine for all.
'If anyone can get back to me on what this byte is or why FF works, please contact me.
bString = bString & Chr(&HFF)

'This byte is 00 if the URL is 44 characters or less, 01 if greater.
If urlLength > urlCutoff Then
bString = bString & Chr(&H01)
bString = bString & Chr(&H00)
End If

bString = bString & Chr(&amp;amp;amp;amp;amp;amp;amp;H14) & Chr(&H00)

'Line 6, 16 bytes
bString = bString & Chr(&amp;amp;amp;amp;amp;amp;amp;H1F) & Chr(&H50) & Chr(&HE0) & Chr(&H4F) & Chr(&HD0) & Chr(&H20) & Chr(&HEA) & Chr(&H3A) & Chr(&H69) & Chr(&H10) & Chr(&HA2) & Chr(&HD8) & Chr(&H08) & Chr(&H00) & Chr(&H2B) & Chr(&H30)

'Line 7, 16 bytes
bString = bString & Chr(&amp;amp;amp;amp;amp;amp;amp;H30) & Chr(&H9D) & Chr(&H14) & Chr(&H00) & Chr(&H2E) & Chr(&H00) & Chr(&H00) & Chr(&HDF) & Chr(&HEA) & Chr(&HBD) & Chr(&H65) & Chr(&HC2) & Chr(&HD0) & Chr(&H11) & Chr(&HBC) & Chr(&HED)

'Line 8, 16 bytes
bString = bString & Chr(&amp;amp;amp;amp;amp;amp;amp;H00) & Chr(&HA0) & Chr(&HC9) & Chr(&H0A) & Chr(&HB5) & Chr(&H0F) & Chr(&HA4)

'This byte is 00 if the URL is 44 characters or less, 01 if greater.
If urlLength > urlCutoff Then
bString = bString & Chr(&H01)
bString = bString & Chr(&H00)
End If

bString = bString & Chr(&amp;amp;amp;amp;amp;amp;amp;H4C) & Chr(&H50) & Chr(&H00) & Chr(&H01) & Chr(&H42) & Chr(&H57) & Chr(&H00) & Chr(&H00)

'Line 9, 16 bytes
bString = bString & Chr(&amp;amp;amp;amp;amp;amp;amp;H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H10) & Chr(&H00)

'Line 10, 2 bytes
bString = bString & Chr(&amp;amp;amp;amp;amp;amp;amp;H00) & Chr(&H00)

'The next byte represents the length of the site name.
bString = bString & Chr(nameLength)

'Take the site name, and write each letter, preceeded by a "00" character.

For ltrIndex = 1 to nameLength
bString = bString &amp;amp;amp;amp;amp;amp;amp; Chr(&H00) & Mid(siteName, ltrIndex, 1)

'Middle line, separates the Folder Name from the URL. 3 bytes.
bString = bString & Chr(&amp;amp;amp;amp;amp;amp;amp;H00) & Chr(&H00) & Chr(&H00)

'The next byte represents the length of the site URL.
bString = bString & Chr(urlLength)

'Take the site URL, and write each letter, preceeded by a "00" character.
For ltrIndex = 1 to urlLength
bString = bString &amp;amp;amp;amp;amp;amp;amp; Chr(&H00) & Mid(siteURL, ltrIndex, 1)

'Last line, 13 bytes
bString = bString & Chr(&amp;amp;amp;amp;amp;amp;amp;H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00) & Chr(&H00)

'Let's create the target.lnk file.
Set fs = CreateObject("Scripting.FileSystemObject")
aFile = newPath & "\target.lnk"
'aFile = newPath & "\vb.sss"
Set f = fs.OpenTextFile(aFile, ForWriting, True)
f.Write bString

MT = siteName & " created."
jRes = MsgBox(MT, vbOK, TT )

End Sub

CreateNetworkFolder "", "Really, Really Long"


Monday, July 02, 2007

Deploying MOSS in an DMZ configuration

When planning to deploy MOSS as an Internet solution, the question "can I place the database server in my internal network, instead of the DMZ" is often asked. During some wondering around the Microsoft site I ran into the following article: Plan security hardening for extranet environments:
"This article details the hardening requirements for an extranet environment in which a Microsoft Office SharePoint Server 2007 server farm is placed inside a perimeter network and content is available from the Internet or from the corporate network"

Very usefull information, but the thing I found extremely usefull was the link to the "Extranet hardening planning tool: back-to-back perimeter" This is a Visio drawing which explains which ports need to be opened when deploying components inside or outside firewalls, etc. Take your advantage of it!!!

Thursday, June 28, 2007

Outlook 2007 and SharePoint integration issues

Just the other day I ran into an issue with the integration between Outlook 2007 and SharePoint 2007. This issue is quite anoying from a user perspective:

When connecting a list to Outlook 2007, Outlook creates a PST file in C:\Documents and Settings\%username%\Local Settings\Application Data\Microsoft\Outlook\ called "SharePoint List.pst" or "SharePoint Folders.pst". When you are using Roaming Profiles, the Local Settings directory is not copied along with the profile. This sounds logical, because the PST can become very large and you don't want this data to be copied to the server.

But, and here is the catch, if a user logs onto another workstation Outlook does know it has connected to a PST file before and tries to open it. Because the file has not been copied with the profile, it does not exist.....presenting the user with an error message.

On the blog of Jose Barreto I found a post which explains how to disable the Outlook integration. By entering a key in the registry, connecting Outlook to SharePoint is not possible anymore. This will definately solve the issue, but will also prevent user from using the Outlook integration. Something I do not like.

After some more Googleing I found the Office 2007 System Adminstrative Templates on the Microsoft site. When importing them into a Group Policy, you have the possibility to configure some settings for Outlook 2007. And then especially the two following settings:
User Configuration > Administrative Templates > Microsoft Office Outlook 2007 > Tools Account Settings SharePoint

  • Do not allow Sharepoint-Outlook integration
  • Do not roam users' SharePoint lists
The first setting will do the same as explained in the blog post mentioned earlier. But the second one will just prevent SharePoint lists from roaming along with the user and solving the issue!!

Wednesday, June 06, 2007

DB Maintenance whitepaper to be released

Microsoft will release a database maintance whitepaper for SharePoint databases shortly, which describes which maintenance you should do on a regular basis. For example database defragmentation and updates of statistics and re-index key tables.
So keep an eye on the Microsoft site!!

ForeFront Security for SharePoint

Microsoft has just released the Client Security version of ForeFront. But the ForeFront Security for SharePoint (FSSP) has been release for a while now. FSSP supplies the following functionalities:
1.) Anti-virus scanning of documents uploaded and/or downloaded.
2.) File filtering based on file signatures.
3.) Document content keyword filtering
With FSSP is supplied with eight scan engines (Microsoft, Computer Associates, Norman, AhnLab, VirusBuster, Sophos, Kaspersky and Authenticum) and it is possible to check files with up to five scan engines at a time.

How do viruses enter SharePoint:
Viruses can enter SharePoint when infected files are uploaded or when a mapping to a SharePoint document library has been made from an infected computer.

Why an anti-virus solution:
Some people ask “why do you need anti-virus software on your SharePoint environment when your server has a file system anti-virus software installed”. The answer to this question is simple:
Files uploaded to SharePoint do not touch the file system. They come in through the TCP/IP protocol and are saved to the database. Therefore file system AV software is not able to scan the files.

When the SharePoint environment is used on the internal network and all computers on that network are managed, having a AV solution on your SharePoint environment might not be necessary. But with SharePoint being used to collaborate with external users (e.g. partners, customers, suppliers), knowing 100% that all files uploaded are virus free is impossible. Therefore having a AV solution in SharePoint is a must.

How does ForeFront Security for SharePoint work:
FSSP has two types of scanmodes. The first is the Realtime Scan mode. Files uploaded and/or downloaded are scanned by FSSP and blocked if a virus is found.
The second mode is Manual Scan mode, which scans the environment (or a subset) for viruses.

FSSP uses the VSAPI of SharePoint, which is optimized for SQL. This integration means that some basic settings must be made in SharePoint, for example are files scanned during upload and/or download.
These settings can be viewed from the FSSP Management console.

What does ForeFront Security for SharePoint have to do when a virus is found:
Once FSSP detects a virus, administrators have several options what to do with those viruses. In Realtime Scan mode, the options are “Skip, Detect only” and “Clean, Repair document. Delete if unsuccessful”. In both cases the detection is logged in the incident log, but of course the first option is not a very secure setting to use.

In Manual Scan mode, the options are “Skip, Detect only”, “Clean, Repair document. Delete if unsuccessful” and “Delete file”. This last option replaces the content of file with some customizable text, notifying the user that the file contained a virus and has been deleted.

File Filter option:
Besides virus scanning, does FSSP also supply a File Filter option. This functionality can be used for blocking potentially dangerous content, for example exe, com, vbs or scr files, but also block unwanted content like mp3 or avi files.
The difference with the file blocking option of SharePoint is that FSSP does not look at the extension alone, but also checks the file header. So renaming a exe file to txt will fool the “Block file types” option of SharePoint, but not FSSP.

As you might know, with SharePoint it is possible to block certain extensions. These blocks have precedence over the virus scanning. So if you upload an exe file which contains a virus, this file is block (by default) by the “Blocked file types” option of SharePoint, not by FSSP.

Note 2:
When a file is blocked by the File Filter, the user will receive a “Virus Found” message. Even when the file does not contain a virus. Educating your users is wise to do.

What else:
One thing to know is that once a file is scanned, it will not be scanned again until it has been changed. This will improve performance.

As mentioned before, when FSSP detects a virus during a Manual Scan it will replace the content of the file with customizable text. The name of the file will remain exactly the same. Users will not see any difference, besides the changed file size. This is due to limitations of SharePoint. The FSSP team is working with the SharePoint team to fix this.

FSSP does support the Office 2007 file format, but cannot detect if the file is a Word, Excel or PowerPoint file (besides checking the extension). The File Filter will has just one OpenXML option.

SP1 for FSSP will be release somewhere this month (June 2007). One option that has been added in this Service Pack is that installing FSSP on an Exchange server is not possible. When you have a server which is running both Exchange and SharePoint, FSSP cannot be used. Personally I find this very strange, but Microsoft probably has it reasons.

More info:
ForeFront Security for SharePoint Product Overview
Download trial

Monday, June 04, 2007

I WON!!!

I won something, I actually won something!!

And I hear you think "what did he win"? I won a copy of Microsoft Office 2007 Ultimate!!
Ok, I already had that via my MSDN subscription, but hey....I never win something and now I did!! Of course I am excited :-)

Sysinternals tools

Recently Microsoft has bought the company Winternals. Winternals also supplied the excellent Sysinternals tools. A lot of people worldwide thought that this would be the end of those tools. Fortunately, this is not the case. They are still available and will be in the future.

During a session, given by Otto Helweg, the current situation and plans for the future passed the scene. The tools still are and will remain free. Available via the site, as a one by one download or by downloading the Sysinternals Suite and getting all tools at the same time. By average, the tools are downloaded 50.000 times a day, with the Process Explorer being the absolute number one.
Some changes to the lold Sysinternals icensing model are:
  1. You are not allowed to redistribute the tools yourself
  2. They are free to use on every pc you own.
This last change is very anoying for Service Providers. Fortunately, it is possible for them to contact Microsoft and work out a way to solve this licensing issue.
Since 2007, Microsoft has added a EULA approval to the Sysinternal tools. This caused lots of automated scripts to stop functioning, waiting for an acceptance to the EULA. Microsoft has added an "/accepteula" option to the tools to get around it.
One thing that I did not know is that the Process Monitor is a replacement for the FileMon and RegMon tools. Both tools are still available for download, but why use it if you have one integrated tool.
An issue I ran into in a project where we tried to use PSExec, is that it is not possible to start a remote PowerShell script. Somehow PowerShell does start, but is not running the script. Otto mentioned the new Windows Remote Shell, which is available in Vista, Windows Server 2008 and as seperate download somewhere over the next 6 months for XP and Windows Server 2003 to solve this issue. Too bad that we are running W2K3 at the moment :-)
Anyway, the goal of Microsoft is to expand the number of tools and functionalities in the future. Maybe even create PowerShell commandlet equivalents.

TechEd 2007 has started!!

This morning Bob Muglia (Senior Vice President Server and Tools Business) opened TechEd 2007 with his keynote. It started with a view backstage of Bob after his keynote. He had been targeted with fruits and vegtables, but then........Doc Brown (you know, the guy from Back To The Future) appeared to the rescue with his very own DeLorean, IT Style. He took Bob "Back to the history" to see what happened with Microsofts visions. After they returned to the current time they drove on stage with the DeLorean.

After some uplifting words from Doc, he started his keynote. This time not about Microsoft visions, but about real world problems and how to fix them. With Infrastructure Optimization, System Center Configuration Manager, System Center Virtual Machine Manager and System Center Operations Manager modeling your IT environment and from there move forward, changing split between the costs for maintaining your environment and implementing new solutions to increase efficiency, becomes easier than ever.

We are here!! TechEd 2007!!

I am writing this post from the TechEd 2007 in Orlando, Florida. After getting out of bed at 4am CET to go to Schiphol (Amsterdam) it is now 20 hours later and I have just completed registration. In a couple of minutes I am going to my hotel for a well deserved shower (yes, I need one), some diner and then a good night sleep.

Over the next few days I will post all things that I learn over here. So keep an eye on my blog!!

[Update] Just arrived in my hotel The Caribe Royale and man it is good!! It has a great pool including waterfalls and my room is on the top floor with excellent view!! In other words....I think I will survive this week just barely :-)

Oh and just one other thing: Can anyone tell me why the cabs of the "Yellow Cab Company" are orange?? As a dutchman I don't mind the color, but the name is a little confusing :-p

Monday, May 14, 2007

[MOSS2007] Issue with starting the Central Admin component on another server

On an environment I have just installed I ran into an issue when I tried to start the Central Admin component on a second server. The environment consisted of two load balanced web servers and an application server. The application server had been installed first, so was running the Central Admin component. IIS had been installed on the D drive on this server.

When I tried to start the Central Admin component on one of the web servers (which only had a C partition), the component refused to start. After looking through the logs the cause turned out to be that SharePoint tried to configure the Central Admin on the D partition, because the application server also had been installed on the D partition. The only way to get around this was to create a D-partition on the web servers.

So when you are installing a SharePoint 2007 environment, make sure all partitions on all servers are the same. Or at least the drive letters.

Friday, May 11, 2007

[MOSS2007] SP1 to be released soon!!

I have just heard that SP1 is planned to be released in June/July 2007… quite soon.

[MOSS2007] Configure SharePoint 2007 to show the PDF icon [UPDATED]

To configure SharePoint 2007 to show the PDF icons with PDF documents, do the following:

  1. Download the pdf icon.
  2. Copy the image to C:\Program Files\Common Files\Microsoft Shared\Web server extensions\12\Template\Images
  3. Edit the docicon.xml in C:\Program Files\Common Files\Microsoft Shared\Web server extensions\12\Template\XML and add: <Mapping Key="pdf" Value="icpdf.gif" />
  4. Perform an IISReset.
  5. Voila, you are done!!

PDF Icon:

[MOSS2007] Missing “Up” button in folder

I have just ran into the following issue:
When you open a document library which contains folder, the breadcrumb trail above the document library enables you to go back up into the folder structure. But when you show this library on a SharePoint page using a webpart, after going into the folder the only way to get back up is to use the “Back” button of your browser. In SharePoint 2003 the toolbar showed an “Up” button, but this button seems to have disappeared in SharePoint 2007.

Also when you apply one of the other masterpages which are supplied out-of-the-box (for example, BlueBand.Master) the breadcrumb trail which works in the default masterpage seems to break as well.

I think this might be an issue to be fixed in SP1 :-)

Tuesday, May 08, 2007

[MOSS2007] PDF and SharePoint 2007

Just like in SharePoint 2003, SharePoint 2007 does not show the pdf icon and is not able to index these files. But fortunately Microsoft made it possible to reconfigure SharePoint yourself and upload an icon and install a PDF iFilter. Adobe created an iFilter to accomplish this.

SharePoint 2003 only came as a 32-bit version, but with SharePoint 2007 SharePoint can be installed as a 64-bit version as well. And here is the catch……Adobe has not released a 64-bit version of its iFilter yet and it looks like it won’t be available for a very long time (come on Adobe!!).

To solve this issue you have several options:
  1. Reinstall the server with 32-bit Windows and reinstall SharePoint…….ok, not really an option.
  2. Not index PDF files at all…….ok, also not an option.
  3. Beg Adobe to create a 64-bit version of their iFilter…….ok, you have something to do for about 5 minutes but it won’t solve your problem. But if you have nothing to do……go ahead: Submit Product Enhancement
  4. Try to trick MOSS into accepting the 32-bit version of the iFilter…….uhm, do you really want to?
But fortunately there is a fifth solution!! A company called FoxIT released a alternative PDF iFilter............and they created a 64-bit version as well…..and it is free!! What more do you want?? Great, isn’t it :-)

So go ahead and download the 32-bit version or the 64-bit version

Happy indexing!!

Thursday, April 19, 2007

Error when trying to create a crawl schedule for a content source

When you try to configure a crawl schedule for a content source, you will receive the error message:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)

This is a known issue and Microsoft has published a solution on their site: KB926959

Monday, March 19, 2007

Language Packs and Microsoft Office Sharepoint Server 2007

MOSS Language packs enable site owners and site collection administrators to create SharePoint sites and site collections in multiple languages without requiring separate installations of Microsoft Office SharePoint Server 2007. You install language packs, which contain language-specific site templates, on your front-end Web servers. When an administrator creates a site or a site collection based on a language-specific site template, the text that appears on the site or the site collection is displayed in the site template's language. Language Packs are typically used in multinational deployments where a single server farm supports people in different locations or in situations where sites and Web pages must be duplicated in one or more languages. Application of a Language Pack will not change the language of the installed Office server product SKU.

- What’s the difference between WSS Language Packs and MOSS language Packs?

  • WSS Language Packs are for WSS stand-alone installations and enable the creation of SharePoint sites in different languages; multiple language packs can be installed on the same server.
  • MOSS Language Packs are for MOSS, MOSS for Search, Forms Server, and Project Server installations and enable the creation of SharePoint sites in different languages; multiple language packs can be installed on the same server.

What’s the difference between a MOSS Language Pack and a fully localized version of MOSS?

Microsoft’s 2007 Office server products are localized into languages in two different ways:

  1. fully translated SKUs and
  2. Language Packs.

A language-specific SKU delivers the respective Office server product localized into a given language. A Language Pack may be applied to an installed Office server product to create sites or site collections in other languages. Application of a Language Pack will not change the language of the installed Office server product SKU, or the language of the admin features.

How does a customer license them?

MOSS Language Packs can be downloaded and installed on Microsoft Office SharePoint Server 2007 servers free of charge. If the Language Packs deployed fall within your “listed languages” then your Microsoft Office SharePoint Server 2007 Standard and Enterprise CALs license your desktops/devices for those Language Packs. If Language Packs deployed fall outside of your “listed languages” then you will need to consider modifying your CAL to a multi-language option (for Select/Open agreements) or an “all languages” option (for Enterprise Agreements).

What’s the pricing?

There is no cost for MOSS Language Packs; however, there may be additional CAL costs associated with licensing for languages outside your listed languages.

More information about deploying MOSS Language Packs can be found at the Microsoft TechNet site. The following TechNet articles relate to MOSS Language Pack deployment:

I heard that there are issues related to specific server language packs. What is this about?

For certain languages (Arabic, Hindi and Thai), spellers were not included in either the fully localized version of MOSS or the MOSS Language Pack. (Spellers for Basque and Galician are also absent from the Spanish MOSS and Spanish MOSS Language Pack). These spellers, as well as instructions for installing them, will be made available to customers via the MOSS Server Multi-Language Pack (SMLP). The SMLP will be downloadable from the Microsoft Download Center and MVLS/eOpen web sites. The SMLP is expected to be available towards the end of May 2007. Note: while a customer can obtain any MOSS Language Pack or the SMLP free of charge, they are not necessarily licensed to use all of the languages. They should consult their listed languages for more clarification on which languages they are licensed to use.

More information about language pack availability: Estimated release timeframes for SharePoint 2007 Language Packs

(Source: Additional information about WSS 3.0 and MOSS 2007 Language Packs)

Thursday, March 01, 2007

Search and Index Sizing and Planning - Real world data from MSW

Source: Blog Joel Oleson

"I've heard such a huge variety of guidance around Index sizing. This is a topic that will have a huge swath, so its very important to understand your data or to be conservative. If you have the ability to resize later or add larger disks you may find this data compelling.

In the capacity planning document you'll see we recommend 30% of disk for Index. What does that mean? Well, since now we have a search db, the index edb file, and SSP database it can be confusing. Reading the response from Sam from Microsoft's internal/Intranet deployment you can see how mileage really does vary. If the 12TB deployment which is currently being indexed were to have 30% of disk just for the size of the index on disk, the file would be 3TB! Currently the index file on disk is 83GB, but the search database is 243GB. This is with 19.4 million documents indexed. Since the recommendation is to have 2X the size for the index file for swapping it out on the query server, a planner would say that they should plan for 60% on disk or over 6TB. This would be quite a loss given the current size or "real world" size is 83GB. They currently have 300GB allocated for that drive and since it's on a SAN they can grow the disk if needed. Obviously with a heavy records management repository or a page heavy site will have different results, so be sure to understand your content.

My tip is don't over plan or let this kill your design on this one. The recommendation has gone from 50% to 30% over time, maybe you've even seen 10%. My recommendation is to understand your data. Remember that the content of audio, video, archives, ZIPs, PDFs, MDB, MPP, MSG, VSD, GIF, JPG, PSD, CAD, WAV, MSI, EXE, and hundreds of file types are not indexed by default. You have to add Ifilters for the files that are not indexed by default (which is a pretty decent list (most Office file types and text based formats) and you should be selective about what you add since many of them are not multi threaded. The other consideration is file size. If files larger than 16MB are not indexed by default, then the biggest files taking up the largest size on disk won't be indexed. When you have a 15MB PPT, how much of it is even indexed? Maybe 100K worth (if you have verbose notes)?

Our indexes are larger than they were in SPS 2003, but my recommendation is to be conservative at 10% with the expectation that you'll really see something around 1-5%. Don't underestimate the Search Database though. In the MSW farm, that database sees the most action in terms of writes. It is the most actively written to database in the farm from what I hear. Makes sense understanding that it is the property store. Although I've almost completely gone to RAID 5 in all my planning for minimizing cost, I do recommend a RAID 0+1 drive for the search and config database, and RAID 0+1 for the transaction logs.

Message from Sam...

The real-world data today is that we are indexing 12TB of Sharepoint content worldwide + an unknown amount of non-Sharepoint content from our Redmond SSP. The numbers look like this:

Number of documents indexed: 19.4 million Size of search database: 243GB Size of index on disk: 83GB

Thus you could consider the amount of disk used to be about 326GB. Assuming a 14TB total corpus say (just a guess, really) then the real-world data would indicate 2.33%. Of course this is very much a 'mileage may vary' exercise as everyone's document mix is different."

Friday, February 23, 2007

The "Fantastic 40" are complete

Microsoft has released the remaining 20 templates of the "Fantastic 40". The first 20 were named "Site Admin Templates" and the last 20 are named "Server Admin Templates". More information can be found at New Application Templates for Windows SharePoint Services 3.0 or at Completing the "Fantastic 40" – 20 remaining application templates now available, plus more!

Microsoft SQL Server 2005 SP2 Reporting Services integration with WSS 3.0 and MOSS 2007

A few days ago Microsoft released Service Pack 2 for SQL Server 2005. This Service Pack enables deep integration with Microsoft Office Sharepoint Server 2007 (MOSS2007) and Windows SharePoint Services v3 (WSSv3).

On the blog of the Microsoft SharePoint Products and Technologies Team a new post describes the ins and outs of this integration:
Microsoft SQL Server 2005 SP2 Reporting Services integration with WSS 3.0 and MOSS 2007

Office 14 Sneak Preview

Aero XP has posted a sneak preview on Office 14 on their site:
Office "14:" An AeroXP Exclusive

Monday, February 05, 2007

CSS Reference Chart for SharePoint 2007 (Microsoft Office SharePoint Server 2007 and Windows SharePoint Services v3)

Heather Solomon posted a CSS Reference Chart for SharePoint 2007 on here blog. This reference chart highlights the major styles used in MOSS and WSS v3 sites.

CSS Reference Chart for Sharepoint 2007

Thursday, January 18, 2007

How to change the navigation depth of the top menu in MOSS2007

The default top navigation menu shows the mavigation structure in two levels, the first level are tabs and the second level is a dropdown menu.

It is possible to change the maximum depth of these menus. To change this default setting, do the following:
The setting can be changed by changing MaximumDynamicDisplayLevels iten in the SharePoint:AspMenu tag of the master page.

- Open the default.master page at [drive]:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\GLOBAL
- Search for "TopNavigationMenu" in the file.
- Change the property MaximumDynamicDisplayLevels to the value which you like.
- Save the file and you're done.

Wednesday, January 17, 2007

[SPS2003] Requesting userdetails from list item

When a user adds a new item to a list, for example an Announcement, the name of the users is registered aswell. If these items are shown on a page using a webpart, like the default Announcements on a team site, the username is shown also. It is possible to click the name of the user to request more user details.

On an environment of a customer, a "Page cannot be displayed" error message is displayed when clicking this item. After some troubleshooting and reading through the IIS log, the cause of this issue is the following:
The link of the page that displays the user details is http://<servername>/sites/<sitename>/_layouts/1033/UserDisp.aspx?ID=<id>. This aspx file requests the aspx PortalAPI.aspx. The PortalAPI request the "Up To Link" URL and tries to contact the configured portal. In our case it turned out that users configured the Up To Link to a team site instead of the portal. Therefore the PortalAPI tries to generate a non existing URL, causing the Page cannot be displayed error.

So if you run into the same issue: First check if the Up To Link is really a portal!!