[SP2010/SPF] Required permissions to run command line tools or other tooling that uses the OM

[ISSUE]
With SharePoint in many cases the SharePoint administrators also are the Windows of the SQL server and/or SQL administrator. This means that those persons also having loads of permissions in SQL Server, which means that everything will work without issues. They can do anything they want, using any tool they want.

But what about a situation where you don't have permissions on SQL. You will see actions via the Central Administration site work fine, however certain things like console applications (custom like SharePoint Manage or default applications like stsadm), scripts via PowerShell and other tooling (basically everything that uses the object model) won't work.

This is caused by the fact that SharePoint requires the account to have certain permissions on the databases in order for it to work. When using the Central Administration, this is done via the application pool account which has sufficient permissions. When using the object model outside of the Central Administration, this is done under the account the command is executed with.

[SOLUTION]
Then which permissions are required? Here is where it becomes a little tricky!

PowerShell scripts:

• When you are running SharePoint 2010 and you are trying to use PowerShell, Microsoft has created a SharePoint internal group called ShellAdmins. By adding your account to this group (Add-SPShellAdmins) your account has sufficient permissions to run PowerShell scripts. Other activities via the object model still don't work.

Other tools:

• To enable all object model activities, grant the account the following permissions:
• SharePoint (Depending on the activities you are going to do)
• Farm Administrator
• Permissions in the site collection(s), for example site collection administrator or contributor to a list
• Database:
• Configuration database: WSS_Content_Application_Pools
• Content database:
• Db_datareader
• Db_datawriter
• GRANT EXECUTE
• NOTE: An alternative would be db_owner permissions on the content database, however from SQL administration perspective this might be unwanted/against policy

NOTE: I am assuming that the account already has local administrator permissions on the SharePoint server, how else will you be able to run tools or scripts on the SharePoint server :-)

More info: SharePoint 2010 PowerShell Permissions Explainedhttp://sharepoint.microsoft.com/Blogs/zach/Lists/Posts/Post.aspx?ID=56

[SP ALL] Opening a web service is returning a 401.1 "Access Denied" error

[ISSUE]
Yesterday I was asked to assist in troubleshooting an issue with a SharePoint web service. The SharePoint indexing process failed to work properly for just one web application. Some investigation revealed that the indexer was unable to open the sitedata.asmx web service. When trying to open the same web service via IE, I was prompted for credentials however whatever credentials were entered, after three attempts an "Access Denied" page (401.1 error) was shown.

[SOLUTION]
Unfortunately Process Monitor didn't reveal anything and I noticed that the sitedata web service wasn't the only web service that failed. After some troubleshooting I found out that the cause was in the web config:

The "remove verb *.asmx" line was placed after the "add verb *.asmx" line in the httphandler setting, essentially removing the configuration after adding it. For example:

<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
....
<remove verb="*" path="*.asmx" />

After correcting this by placing the remove line in front of the add line, all web services started working just fine!

<remove verb="*" path="*.asmx" />
....
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

[EXPLANATION]
Why is this happening? By first placing the remove line, you make sure any declarations that are done in other (global) configuration files are made void. That way you know for sure that no conflicts will occur between two configurations. However after removing the asmx httphandler, you have to declare it again, else SharePoint (or better yet IIS) does not know how to handle the asmx file. The confusing part for this issue is that it will display an authentication prompt to the user, without it actually being an authentication issue.

[SP2010/SPF] SharePoint 2010 Build numbers

Here a list of build numbers for SharePoint 2010. Based on the build number you can determine which patchlevel your SharePoint environment is on:

14.0.6114.5000 - December '11 CU
14.0.6112.5000 - October '11 CU
14.0.6109.5002 - August '11 CU
14.0.6106.5000 - June '11 CU
14.0.6029.1000 - Service Pack 1
14.0.5138.5001 - April '11 CU
14.0.5136.5002 - February '11 CU
14.0.5130.5002 - December '10 CU
14.0.5128.5003 - October '10 CU
14.0.5128.5000 - October '10 CU (Incorrect package)
14.0.5123.5000 - August '10 CU
14.0.5114.5003 - June '10 CU
14.0.4763.1000 - RTM

[SP2010] Upgrade to SP2010 issue with missing content types

[ISSUE]
During a database upgrade from SP2007 to SP2010 I encountered an issue, which blocked a succesful upgrade. Several features could not be upgraded because of an issue with content types.

[ERROR]
[powershell] [SPSiteWssSequence2] [ERROR] [7/15/2011 1:14:56 PM]: Feature upgrade incomplete for Feature 'PublishingSite' (Id: 'f6924d36-2fa8-4f0b-b16d-06b7250180fa') in Site 'http://www.domain.com/sites/sitecollectionname'. Exception: The parent content type specified by content type identifier 0x010100C568DB52D9D0A14D9B2FDCC96666E9F2007948130EC3DB064584E219954237AF39 does not exist.

[CAUSE]
This issue is caused by the fact that:
- The publishing features (“SharePoint Server Publishing Infrastructure” and the features it is depending on) have been enabled and disabled in the past
- Content types have been deleted the incorrect way: Deleted while other components were still using them.

[SOLUTION]
The mentioned content type ID is the ID of the content type “Page”, which does not exist anymore in the Site Content Types. To recreate these, run the following stsadm commands for each site collection that is experiencing the issue (retrieve the list from the upgrade log file):

stsadm -o activatefeature -name PublishingSite -url <url> -force
stsadm -o activatefeature -name PublishingResources -url <url> -force

[SP2010] Service Pack 1 data storage changes

With the release of Service Pack 1 of SharePoint 2010, Microsoft has changed the Data Storage limitations of SharePoint 2010. The 200GB is no longer a hard limit:

1. For a SharePoint content database up to 200 GB there are no special requirements and this limit is included for consistency.
2. For a SharePoint content database up to 4 TB you need to additionally plan for the following two requirements:
• Requires disk sub-system performance of 0.25 IOPS per GB, 2 IOPS per GB is recommended for optimal performance.
• Requires the customer to have plans for high availability, disaster recovery, future capacity, and performance testing.
• And you need to review additional considerations in the TechNet Boundaries and Limits article.
3. For a SharePoint content database over 4TB specifically for a Document Archive scenario you are required to additionally plan for the following:
• SharePoint sites must be based on Document Center or Records Center site templates and must be an archive scenario where less than 5% of content is actively read from each month and less than 1% of content is actively written to.
• Do not use alerts, workflows, link fix-ups, or item level security on any SharePoint objects in the content database. Note: document archive content databases can be the recipient of documents as a result of Content Routing workflow.
4. Other specific limits changes being made at the same time:
• A new limit of 60million items in any one SharePoint content database
• The specific 5 TB limit per SQL Server instance has been removed. Instead you should work with a SQL Server professional to plan for database storage

The updated limitations are incorporated into the SharePoint Server 2010 capacity management: Software boundaries and limits

Source: http://sharepoint.microsoft.com/blog/Pages/BlogPost.aspx?pID=988

[SP2010] Upgrade SharePoint 2007 content to SharePoint 2010 via the Database Attach method

Last week I performed an upgrade of SharePoint 2007 to SharePoint 2010 using the Database Attach method. Unfortunately the database upgrade "Completed with errors". However, the site collections were available in SP2010 without errors. Also changing the visual style to SP2010 worked just fine. Detaching the database and reattaching did not give me any error, but it didn't restart or continue the upgrade process. Then how to fix this:

Troubleshoot upgrade errors
Each upgrade process produces an upgrade log file, which displays each error and warning that is found during the upgrade. To successfully complete the upgrade process you will have to fix each error and restart the upgrade process to upgrade the remaining, not yet upgraded, site collections.

Restart/resume the database upgrade
Once you have fixed all upgrade issues, you have to restart the upgrade process. This can be done using the following PowerShell script:
Source: http://technet.microsoft.com/en-us/library/ff382638.aspx

$guid = Get-SPContentDatabase -Identity <dbname>
upgrade-spcontentdatabase -id $guid

However if the database still contains issues, the upgrade will fail again. Review the generated log file to check what the errors are and retrieve more info for troubleshooting.

Verify upgrade status
To verify if all components in the environment are upgraded successfully, run the following command:

stsadm -o localupgradestatus

This command generates a report that contains a summary at the bottom. The part marked bold is the important part and specifies that in all databases there are 16 site collections not upgraded yet, this number should be zero.

[9] content database(s) encountered.
[0] content database(s) still need upgrade or cannot be upgraded.
[43] site collection(s) are contained in the content databases.
[16] site collection(s) still need upgrade.
[82] other objects encountered, [0] of them still need upgrade or cannot be upgraded.

If you send the output of the command to file and search for the text "Needs Upgrade", you will find the site collections that aren’t upgraded yet:

  <object>
    <name>https://www.domain.com/sites/sitecollectionname</name>
    <type>Microsoft.SharePoint.SPSite</type>
    <level>6</level>
    <status>Needs Upgrade</status>
  </object>

[SP2010] Guidance on implementation of Service Pack 1 for SP2010

Check out SharePoint 2010 SP1 and the June Cumulative Update for SharePoint 2010 for guidance on implementing SP2010 Service Pack 1 and the June 2011 Cumulative Update

I use SharePoint

Released last week: I Use SharePoint

A lot of information (howto's, Quick Reference Cards, etc) on how to use SharePoint!

[SP2010] Service Pack 1 released

Yesterday Microsoft released Service Pack 1 for SharePoint 2010!

More info on: SharePoint Team Blog

Two very good SharePoint articles

Yesterday I ran into two very good SharePoint articles, that describe an often forgotten part of a SharePoint implementation: Governance!

• We've installed SharePoint, we have a successful platform right? Wrong!
• SharePoint is a car

[SP2007/SP2010] Migrate SharePoint across domains

A while ago I worked on a project where we had to migrate a customer’s SharePoint 2007 environment from another service provider to a newly created environment in our own datacenter. The challenge we had during this project was that the new environment was built from scratch, meaning that the Active Directory would be a different one than the original environment was located in. Unfortunately there were no possibilities to create a trust between the two domains.

The above would mean that since the Active Directory changed, , the domain name would change as well as all user accounts (or SIDs). This meant that all security permissions, alerts and ownerships would become unusable. These had to be migrated to the new accounts in the new AD.

For migrating users, SharePoint offers a stsadm operation called “migrateuser”. However, at the time of the project there was no operation for groups migration, so we needed a solution for that as well.

[PROJECT INFO]

• The web application URL's would not change
• The user account format would not change in the new Active Directory. User1 in the old AD, would be User1 in the new AD.
• MIIS was used to create the users in the source environment. ILM2007 would be used in the new environment. Any custom code used in MIIS could be migrated to the ILM2007 environment, however some changes and updates would be made in the process.
• The old environment was based on 32 bit SharePoint 2007 on Windows Server 2003. The new environment would be based on 64 bit SharePoint 2007 on Windows Server 2008.

[ISSUES]

• The source SharePoint environment contained a SSP. Unfortunately there is no way to copy the SSP or its settings to the new environment automatically. The SSP had to be recreated manually.
• The user profiles in the SSP had to be migrated as well. There was no tool available that was able to export the user profiles and import in our new environment. We had to create a tool for this. On Codeplex we found a Profile Import tool (MOSS Profile Importer), but that was unable to export the information from an existing SharePoint farm. We used this code as a starting point for our own tool.
• The migrategroup command did not exist yet, fortunately only seven different AD groups were used. These needed to be migrated manually.
• The stsadm operation migrateuser has to be run for each user id. A custom solution is required to generate a script for all users. Running this script consumes much time and needs to be shortened as much as possible.

[MIGRATION]
The preparation steps we took were:

• Create the custom tooling require to perform the migration (profile export/import, migrateuser script)
  
• Perform a test migration in order to validate the migration steps and target environments.
  

The steps we took to migrate the content were:
Environment setup

• Setup the new SharePoint 2007 environment and use same patch level as the original farm
• Install all custom solutions on the target environment
• Create all users in the new Active Directory
• Setup the SSP in the target environment and configure it according to the settings of the old environment (user profile properties, profile import, audiences, search, etc)

User profile information

• Import all users from AD into the SSP
• Backup all user profile information to file
• The import tool is using the user id to import the data to the correct profile, so we had to replace the old domain name with the new domain name in the export file
• Restore all user profile information into the new SSP

Content

• Create SQL backup of the source content databases (web applications and MySites) to a USB disk
• Ship the disk to the other datacenter and connect it to the server
• Restore the SQL backups on the target SQL server from USB disk
• Connect the content databases to the correct web applications
• Test the site collections for correct operation of the databases
• Run the migrateuser script generation tool. This tool created three script files, which we could run on three different servers to speed up the migration process.
• Run the migration scripts
• Manually change group membership for each used group (add new group, grant permissions and remove old group) in the entire site structure

Testing

• Test, test, test

[POST INFO]

• Since the August 2009 Cumulative Update, SharePoint 2007 stsadm includes the migrategroup operation, which is able to migrate groups the same way migrateuser does for users.

[SP2010] SharePoint Timer service crashes constantly

[SYMPTOMS]
I tried to retract a solution, but the status remained "Retracting" and never changed. After some investigation I found out that the SharePoint Timer service on one of the servers crashed every couple of minutes. The event log showed the following errors:

Log Name: System
Source: Service Control Manager
Date: 3/31/2011 9:24:55 AM
Event ID: 7024
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: [Server name]
Description:
The SharePoint 2010 Timer service terminated with service-specific error %%-2147467259.

and

Log Name: System
Source: Service Control Manager
Date: 3/31/2011 9:24:55 AM
Event ID: 7031
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: [Server name]
Description:
The SharePoint 2010 Timer service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

The ULS log showed the following errors:

- The timer service could not initialize its configuration, please check the configuration database. Will retry later.

- Exiting the process because the timer could not be initialized after multiple attempts.
- The timer service is stopping

[CAUSE]
After searching the Internet I found one article where someone explained that this was caused by the fact that the Configuration Cache directory (C:\ProgramData\Microsoft\SharePoint\Config) did not contain a folder with the farm GUID as the name. After checking the configuration cache folder, that folder was indeed missing.

I then remembered I had to clear the configuration cache last week because the implementation of the February 2011 Cumulative Update failed during the Configuration Wizard step. Clearing the configuration cache fixed this issue. As it turned out, I was a little too enthousiastic with deleting the folders :-)

[Resolution]

1. Open the Registry Editor
2. Browse to HKLM > SOFTWARE > Microsoft > Shared Tools > Web Server Extensions > 14.0 > Secure > ConfigDB
3. Copy the value in the property "Id"
4. Browse to folder C:\ProgramData\Microsoft\SharePoint\Config and create a folder with the name of the previously copied value
5. Restart the SharePoint Timer service
6. The folder should be populated with XML files within a minute.

The “Soft” part of SharePoint - Part 6, Challenge the Business

This is a tricky one! I know the saying "the customer is always right" or "the customer is king". In IT the business is your customer, IT by itself is useless. IT is there to support the business to work as efficient as possible, but does this mean that the customer is indeed always right.......

I have seen many cases where IT puts the business before everything. They do pretty much everything to do what the business asks them to do, often without questions. Very often this resulted in projects turning into disasters:

• The business asks for more that they need
• They radically change their requirements when you just started the implementation

And of course, afterwards the business starts complaining that it took too long and the costs were too high.

Then what is causing these kind of issues. Two reasons behind these drama’s are:

1. The business doesn’t know what exactly they want.
• Result 1: They ask something else every day
• Result 2: They ask what they think they want
2. The business is asking for IT solutions instead of specifying the business need
• Result: They ask for a technical solution which is not fitting their business need

That is why IT should challenge everything the business is asking for: Do they have a clear picture what they want? Do they really want what they ask? Don't they mean something else and therefore ask the wrong question? Isn’t there an easier way to meet their business need?

This is not to question everything they do, but to get to know the true question behind the question. When all requirements are clear on all ends, projects can be executed easier and cheaper.

The “Soft” part of SharePoint - Part 5, Change Management

This time something that is not really SharePoint related, but this doesn’t make it less important!

Way too many times I have seen “Administrators from the Wild West”, in other words true cowboys. Clicking links and buttons like their lives depended on it. Reading error messages is so 2010 :-)

When troubleshooting an issue, Google is my friend. However not all answers given on the Internet always work or are safe to the environment. What if something goes wrong and I bring down the environment……..in a lot of cases all hell will break loose and I have to test my running skills :-p

How to prevent this?
Every change you are about to implement to a production environment is supposed to be tested before implementation. If you are working as an administrator (server or application), I hope you are familiar with ITIL* and its procedures, especially change management. If not, see the “More info” section and read up real quick!!

In a lot of cases Change Management is seen as a pain in the butt. But when implemented correctly it can save you a lot of work or better yet save you from having to do some overtime. The goal of change management is to make you think well about the change you are going to implement and put those steps on paper:

• What are you trying to fix/resolve/accomplish?
• What changes are you going to make?
• What are the steps to implement the change?
• What are the components that are affected?
• What is the impact of the change for users and administrators?
• Who needs to be notified about the change?
• What to do if something goes wrong?
• What to document afterwards?
• Etc, etc

But that is not all: Two know more than one. Change management is also about having the thought process reviewed by others. These persons can have the same type of skills, but it is also important to have it reviewed by persons with different skills. Maybe your change has impact on their area of expertise you didn’t think of.

Change Management and DTAP
In combination with a DTAP strategy, Change Management can become even more powerful. All changes are tested on the Test environment, the implementation procedure tested on the Acceptance environment, after which the change is implemented on the Production environment.

More info:
ITIL: http://en.wikipedia.org/wiki/Information_Technology_Infrastructure_Library
Change Management: http://en.wikipedia.org/wiki/Change_Management_(ITSM)

[SP2010/SPF] SharePoint 2010 Build numbers

Here a list of build numbers for SharePoint 2010. Based on the build number you can determine which patchlevel your SharePoint environment is on:

14.0.5130.5002 - December 10 CU
14.0.5128.5003 - October 10 CU
14.0.5128.5000 - October 10 CU (Incorrect package)
14.0.5123.5000 - August 10 CU
14.0.5114.5003 - June 10 CU
14.0.4763.1000 - RTM

The “Soft” part of SharePoint - Part 4, DTAP

What is DTAP?
DTAP is a strategy very often used in software development projects. It stands for “Development, Test, Acceptance, Production” (http://en.wikipedia.org/wiki/Development,_testing,_acceptance_and_production). Software is developed on a development environment, then technically tested on the Test environment, user acceptance tests are performed on the acceptance environment after which it is transferred to the production environment.

SharePoint is a product that can function as a platform on which companies can build custom solutions. Even though SharePoint is build on the .NET Framework, it has its own rules and boundaries. Poorly developed code can easily affect SharePoint and cause it to fail or seriously impact performance. From an administration standpoint it is very important to evaluate solutions before deploying them to the production environment (see previous article in this series). A DTAP strategy will assist you in this evaluation process.

But not only with the deployment of solutions a DTAP strategy can be useful. Also the implementation of changes or SharePoint updates/Service Packs can benefit from this strategy. They can first be tested before implementing on the production environment.

Environments: Purpose and permissions
Development
With SharePoint you can have multiple kinds of development environments. Each developer can create his own virtual local environments or you can use a centrally managed environment. Both options have their pros and cons.

Local development environment:
Purpose: Environment used for developing new SharePoint solutions. The environment is under total control of the developer.
Responsible: Developer
Server admin: Developer
Admin access: Developer
Pro : Flexible, can be used everywhere, total control over environment, developers do not impact each other
Con : Developer has to maintain environment the environment (patches, etc), host needs to have sufficient resources, environment used by one developer only

Central development environment
Purpose: Environment used for developing new SharePoint solutions. Multiple developers per environment (2 max), but they can impact each other.
Responsible: Developer
Server admin: TAM
Admin access: TAM & Developer
Pro : Centrally managed according to standards, multiple developers per environment, requires less licenses, no high end local hardware required
Con : Can only be used when connected to the network (direct or VPN), developers can impact each other

Test
Purpose: Environment used for technical testing of developed SharePoint solutions (check if conflicts are present with other solutions) and their deployment instructions. Also changes to the environment (e.g. change of settings or implementation of patch or Service Pack) can be tested on this environment.
Responsible: TAM
Server admin: TAM
Admin access: TAM
Other access: FAM and developers have admin access to SharePoint site collections and if required read access to administration pages

Acceptance
Purpose: Environment used for functional testing of developed SharePoint solutions (check if solutions complies with functional design). This environment should match your PRD as close as possible (setup and configuration wise). Just content can be out-of-date.
Responsible: FAM
Server admin: TAM
Admin access: TAM
Other access: FAM has admin access to SharePoint site collections and if required read access to administration pages

Pre-Production environment
Purpose: Environment that is a very close mirror to the production environment. Mirror on solutions, content, architecture and infrastructure. Meant for testing the implementation to a production like environment and the impact on production. Performance tests can also be done on this environment.
Responsible: TAM
Server admin: TAM
Admin access: TAM
Other access: None

Production environment
Purpose: Environment that is running the production solutions/content and is serving end-user requests.
Responsible: TAM
Server admin: TAM
Admin access: TAM
Other access: FAM has admin access to SharePoint site collections and if required read access to administration pages

Important!!
Make sure that starting with the Test environment and onwards, all environments have the same layers of the topology. The environments don’t have to be equal in number of servers, but if PRD has three layers (database, application. Web front-end), Pre-Production, Acceptation and Test should be three layers as well. Back in 2006 I learned this the hard way (http://share-point.blogspot.com/2006/02/problems-with-search-functionality.html). Our Acceptation environment consisted out of two servers and Production out of three servers……..Installation of Windows 2003 SP1 worked just fine on Acceptation, it didn’t on Production and broke search. It took me two weeks to find out the issue and another two weeks to clean up the mess I created during troubleshooting :-)

Explanation:
Purpose : Describes the purpose of the environment.
Responsible : Who is functionally responsible for the environment.
Server admin : Who is the administrating party of the environment and has to make sure that the environment is patched, secure, backed up, etc.
Admin access : Who has administrative access to the server.
Other access : Which other access is granted to which parties.
TAM : Technical Application Management
FAM : Functional Application Management

[SP2010] Site templates in SharePoint 2010

In SharePoint 2007 it was possible to create a site template (stp file) of a site and use that template to create new sites. When you downloaded that stp file and added it to the global template gallery by using the stsadm command addtemplate, you were able to create new site collections based on this template.

With SharePoint 2010, this mechanism has changed a bit. Site templates are no longer stp files, but when creating a template of a site SharePoint creates a Sandboxed solution which is placed in the sandboxed solutions gallery.

A possible solution
On his site Todd Klindt explains how to use these solutions to create new site collections based on this template.

Unfortunately this method has the downside that it requires manual actions, each time you would like to use the template.

An alternative
Another solution is to add the solution to the Farm Solutions gallery. This has the advantage that you don't have to upload the solution each time. But the downside is that when adding the solution, the template does not become available in the template selection, but is added as a feature to all site collections. During site collection creation you therefore still need to activate this feature before you can use the template.

The solution
Then how to solve this issue farm wide......simply by making a small change to the solution. The template feature in the solution is scoped to a site collection by default and therefore uploads the template to the site collection template gallery. If you change the scope of the feature to Farm and then activate that Farm feature, the template is globally deployed and available for selection during site collection creation!

The “Soft” part of SharePoint - Part 3, Solution intake process

Where developer should have a standard SharePoint Development process, which describes the development best practices in your environment, should every SharePoint administrator have a solution intake process.

Poorly implemented custom solutions can introduce security or performance risks, increase the cost of support, complicate deployment, and reduce productivity. Over the past years I have seen that developers do not always know how to develop good solutions for SharePoint. Even though SharePoint is build on .NET, developing for SharePoint is a totally different discipline than developing for .NET. More than often I have seen developers delivering code that was either seriously affecting the environment, not using the SharePoint deployment framework or very poorly documented.

In order to guarantee quality, it is very important to create a solution intake process. The process verifies if certain best practices have been followed and the solution is safe to deploy the environment:

• Create a code acceptance checklist for the developer to fill out.
• This checklist forces developer to sign off their solutions against a list of Best Practices.
• Check the code using SPDisposeCheck.
• This tool checks the custom code for memory leaks and proper use of disposable objects.
• Check deployment documentation.
• Check if the deployment documentation is correct and contains the required information.
• Check solution package
• Check if the solution package is created properly, using the Solution Deployment framework technologies.

If you want to have a good example of a solution intake process, Microsoft has released some documents for their SharePoint Online cloud service. Their intake process is really strict and requires the developer to design, document and test the solution before handing it over to Microsoft. They have published their process in the following documents:

• SharePoint Online Dedicated Custom Solution Policies and Process (October 2010)
• SharePoint Online Dedicated Custom Solution Developers Guide (October 2010)

More information:
Check list example: http://technet.microsoft.com/en-us/library/cc707802.aspx
SPDisposeCheck: http://code.msdn.microsoft.com/SPDisposeCheck
Using Disposable Object: http://msdn2.microsoft.com/en-us/library/aa973248.aspx

[SP2010] Issue migrate Classic to Claims authentication

[SITUATION]
Currently I am working at a customer where we have to migrate SharePoint 2007 data to a new SharePoint 2010 environment. Security ACLs on the SharePoint 2007 data are registered in the old SharePoint 2007 way (called Classic in SharePoint 2010). In order to use claims these ACLs need to be converted into Claims ACLs.

[ISSUE]
On the TechNet site I discovered this article. Unfortunately when performing these steps (running a PowerShell script), it did not work. As with many issues, SharePoint doesn't give any clue what might be wrong :-(

[SOLUTION]
After some troubleshooting I remembered an issue I had back in MOSS2007. There I tried to perform an activity on a site collection, which did not work. It turned out that I did not have permissions on the site collection. To solve that, I granted myself "Full Control" permissions via the "Policy for Web Applications" page, after which the activity worked fine.

To test this theory, I tried the following steps:

1. Create a new web application
2. Create a new site collection
3. Add some data and set unique permissions
4. Grant my admin account Full Control permissions for the web application
5. Run the PowerShell script to migrate the web application to Claims

and see here, the script now runs just fine and migrates all Classic ACLs to Claims ACLs!!

[NOTE]
Microsoft has confirmed that there are some issues with the Classic to Claims migration. According to them, Service Pack 1 will include a tool which should be able to successfully migrate Classic to Claims. So either test your migration thoroughly or wait for SP1 (expected end Q2/beginning Q3)!!

The “Soft” part of SharePoint - Part 2, Impact of design choices

During every SharePoint design phase, choices have to be made on exactly how to implement SharePoint and its components. These choice can have serious implications later on during the administration phase.

To be able to create a good design, it is imperative to have good requirements for the environment. These requirements must be gathered both at the business and at IT end, as they both have to “use” the platform in the future, although their use will be completely different.

For example:

1. Where the business has certain availability requirements (e.g. 99.9% 24x7), IT has the requirement that these availability requirements must be achieved using redundancy. The final design has to be an environment design with which all parties can live with.
2. In order to deliver a good service, IT will have to be able to test each change to the environment. In order to do this, they will require testing facilities in the form of DTAP environments. In most cases, the business will experience the DTAP strategy as annoying and time consuming.

It is very important that all choices are documented in a design document, especially when the persons performing the implementation are different than the actual administrators of the environment. The design document has to be reviewed and approved by the future administrators before implementation starts. If during implementation a deviation from the original design has to be implemented, this deviation has to be agreed between both parties.

Basically: If the implementation project messes up (for whatever reason), the future administrators will suffer the consequences!!

Very good examples of critical design choices with high impact are:

• Use of a DTAP environment* - During a project, implementing a DTAP strategy requires time and money. Two things a project very often doesn’t have a lot of. Skipping the implementation of DTA environments saves time and money for the project. However this choice will seriously impact administrators in their ability to test changes before implementation (patches/service packs, new solutions or configuration changes).
• Redundancy in the environment - Implementing redundancy requires extra hardware and therefore extra costs for hardware, software licenses and installation. If during implementation the requirements do not include redundancy, this will not be designed and implemented. Unfortunately, adding redundancy later will require a lot of work and has a high impact, especially for SQL Server where adding redundancy (clustering) will mean a complete reinstallation of the entire SQL environment.
• Sizing - I have been part of a project where the available storage was limited. We only had a certain amount of storage available, that was it. The disk space for all servers was just enough to contain all data. Once the environment was transferred to the administrators, one of the first things they had to do was adding extra disk space and moving database across these extra disks.

The message of this story: Most items mentioned might sound obvious, but unfortunately I have seen a lot of situations where this turned out to be harder than you would think/like.

If you are part of the implementation project, make sure that you involve the future administrators as soon as possible. If you are the future administrator, make sure you get involved as soon as possible. Each design decision has to be approved by both parties! So check and communicate between both parties early and continuously.

A very good input for IT requirements are acceptation criteria. This is a list of criteria to which the project has to comply to. That way you can save yourself a huge amount of time, effort and stress! So make sure you create these!

*More on DTAP will follow in a later post