tag:blogger.com,1999:blog-207343722024-03-05T07:41:43.590+01:00"Share"-Point"Share"-Point: A SharePoint blog with an infrastructural point of viewYorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.comBlogger188125tag:blogger.com,1999:blog-20734372.post-40735608460949684612012-02-29T20:16:00.000+01:002012-02-29T20:16:08.962+01:00[SP2010] Powershell generator<span style="font-family: inherit;">Someone just pointed me to the following site:</span><br />
<a href="http://www.microsoft.com/resources/TechNet/en-us/Office/media/WindowsPowerShell/WindowsPowerShellCommandBuilder.html" target="_blank"><span style="color: blue; font-family: inherit;">SharePoint PowerShell Command Builder</span></a><br />
<br />
<span style="font-family: inherit;">A really nice tool for SharePoint administrators who are new to PowerShell.</span><br />
<br />
Note: Silverlight is required!Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-46442467518414843832012-02-15T09:48:00.001+01:002012-02-15T09:48:29.859+01:00Moeten bedrijven strafrechtelijk vervolgd worden na hack?[Apologies to non-Dutch speakers for this Dutch post]<br />
<br />
De afgelopen week is bekend geworden dat KPN de dupe is geworden van hackers. Nu meer en meer informatie naar buiten komt, blijkt dat deze hack grotendeels mogelijk is gemaakt doordat ze hun zaakjes niet op orde hadden (http://tweakers.net/nieuws/79918/hack-bij-kpn-kinderlijk-eenvoudig-door-verouderde-software.html). De hackers schijnen zelfs toegang gehad te hebben tot de core componenten van hun netwerk infrastructuur en zouden daar de mogelijkheid gehad hebben om klanten af te luisteren of af te sluiten.
<br />
<br />
<strong><u>Hacks</u></strong><br />
De laatste tijd zijn steeds meer bedrijven/instellingen het slachtoffer van hackers. Een aantal pakkende voorbeelden hiervan zijn:<br />
<ul>
<li>
KPN: <a href="http://tweakers.net/nieuws/78630/kpn-haalt-site-gemnet-offline-na-beveiligingsprobleem.html" target="_blank">http://tweakers.net/nieuws/78630/kpn-haalt-site-gemnet-offline-na-beveiligingsprobleem.html</a></li>
<li>InHolland: <a href="http://tweakers.net/nieuws/78358/inholland-haalt-sites-offline-na-hack.html" target="_blank">http://tweakers.net/nieuws/78358/inholland-haalt-sites-offline-na-hack.html</a></li>
<li>Sinterklaasjournaal: <a href="http://tweakers.net/nieuws/78252/gegevens-13000-kinderen-toegankelijk-door-lek-sinterklaasjournaal-punt-nl.html" target="_blank">http://tweakers.net/nieuws/78252/gegevens-13000-kinderen-toegankelijk-door-lek-sinterklaasjournaal-punt-nl.html</a></li>
<li>Diginotar: <a href="http://tweakers.net/nieuws/73411/comodo-geeft-frauduleuze-ssl-certificaten-uit-na-hack.html" target="_blank">http://tweakers.net/nieuws/73411/comodo-geeft-frauduleuze-ssl-certificaten-uit-na-hack.html</a></li>
<li>Gemeentes: <a href="http://tweakers.net/nieuws/77290/vijftig-gemeentesites-blijken-nauwelijks-beveiligd.html" target="_blank">http://tweakers.net/nieuws/77290/vijftig-gemeentesites-blijken-nauwelijks-beveiligd.html</a></li>
<li>Gemeente Amsterdam: <a href="http://tweakers.net/nieuws/76892/diverse-gaten-ontdekt-in-website-gemeente-amsterdam.html" target="_blank">http://tweakers.net/nieuws/76892/diverse-gaten-ontdekt-in-website-gemeente-amsterdam.html</a></li>
</ul>
En deze week blijft het maar doorgaan:<br />
<ul>
<li>Creation Point/Bavaria: <a href="http://tweakers.net/nieuws/79987/hacker-krijgt-toegang-tot-database-hostingprovider-bavaria.html" target="_blank">http://tweakers.net/nieuws/79987/hacker-krijgt-toegang-tot-database-hostingprovider-bavaria.html</a></li>
<li>Philips: <a href="http://tweakers.net/nieuws/80016/hacker-steelt-e-mailadressen-uit-database-philips.html" target="_blank">http://tweakers.net/nieuws/80016/hacker-steelt-e-mailadressen-uit-database-philips.html</a></li>
</ul>
In sommige gevallen spelen ze de grote onschuld en plaatsen ze zichzelf in de slachtofferrol. In het geval van Diginotar hebben ze zelfs geprobeerd de hack onder de pet te houden, wat uiteindelijk geresulteerd heeft in hun faillissement. Vaak blijft de waarheid echter anders te liggen.
<br />
<br />
<strong><u>Oorzaak</u></strong><br />
Als de achterliggende feiten bekend worden, blijkt het beheer van de IT omgeving abominabel slecht! Alle security best practices worden met voeten getreden, niet heel onlogisch dus dat ze een keer de klos zijn. Slechte wachtwoorden, ongepatche systemen, verouderde systemen, slechte inrichting en slechte code zijn maar een kleine selectie van oorzaken. Vele van de bovenstaande hacks waren te voorkomen geweest als men hun huiswerk had gedaan en zich aan de bekende security best practices had gehouden:<br />
<ul>
<li>De hack die gebruikt is bij de 50 gemeentes: Het misbruikte probleem (Unicode hack) is al bijna 10 jaar bekend en verholpen in alle nieuwe software sinds 2002/2003.</li>
<li>De hack die gebruikt is bij het Sinterklaasjournaal: Hier werd door een gebruiker ingevoerde gegevens zonder validatie door de website gebruikt (SQL injection), met alle gevolgen van dien. Een best practice die ook al jaren bekend is en hier dus niet gevolgd is.</li>
</ul>
Met kromme tenen lees ik dan ook de berichten die de afgelopen maanden in het nieuws verschenen. Keer op keer blijkt dat bedrijven hun zaakjes niet op orde hebben. Het is gewoon wachten op het volgende bericht. Welke bedrijf zal de volgende zijn…….
<br />
<br />
<strong><u>Persoonsgegevens</u></strong><br />
Veel bedrijven willen tegenwoordig alles van je weten; NAW gegevens, e-mailadressen, gebruikersnaam/wachtwoorden, creditcard gegevens, noem het maar op. En alles wordt in databases opgeslagen. De gevolgen kunnen enorm zijn als deze informatie op straat komt te liggen doordat bedrijven laks met deze gegevens omgaan??
<br />
<br />
<u><strong>En wat nu?</strong></u><br />
Wat ik mij op dit moment afvraag: Moeten bedrijven niet strafrechtelijk worden vervolgd als persoonsgegevens door hun nalatigheid op straat komen te liggen?
Het toevallige is dat de afgelopen week een vergelijkbaar iets ook publiekelijk afgevraagd word:<br />
<br />
“CBP wil bedrijf boete geven bij hackincidenten”: <a href="http://www.telegraaf.nl/digitaal/11511512/__CBP_wil_bedrijf_boete_geven_bij_hackincidenten__.html" target="_blank">http://www.telegraaf.nl/digitaal/11511512/__CBP_wil_bedrijf_boete_geven_bij_hackincidenten__.html</a><br />
<br />
“Geef KPN megaboete”: <a href="http://www.telegraaf.nl/digitaal/11510372/___Geef_KPN_megaboete___.html" target="_blank">http://www.telegraaf.nl/digitaal/11510372/___Geef_KPN_megaboete___.html</a>
<br />
<br />
<strong><u>Nu hoor ik mensen al roepen</u></strong><br />
Als ik thuis mijn deur open laat staan en iemand neemt mijn televisie mee, moet ik dan ook vervolgd worden? Dit is echter een andere situatie en is het antwoord dus "nee", voornamelijk doordat je hier alleen jezelf mee heb. Ik ben de enige die geen tv meer kan kijken, niemand anders heeft hier last van.<br />
<br />Ook is het zo dat een gemiddelde fietsverzekering niet uitbetaald als je niet twee originele sleutels kunt overleggen. Zet je hem dus niet op slot, is dat je eigen schuld.<br />
<br /><strong><u>Conclusie</u></strong><br />
De meeste bedrijven denken veel te licht over beveiliging: <a href="http://www.telegraaf.nl/digitaal/11514835/___Bedrijven_denken_te_licht_over_beveiligen___.html" target="_blank">http://www.telegraaf.nl/digitaal/11514835/___Bedrijven_denken_te_licht_over_beveiligen___.html</a><br />
<br />
Door persoonlijke gegevens op te slaan, verplichten bedrijven zich tot het veilig houden van deze gegevens. Kunnen of willen ze dit niet, verwijder ze dan na de transactie en voorkom zo dat ze op straat komen te liggen. Echter is het vaak de (commerciële) waarde van deze gegevens voor mailings en andere marketing activiteiten die voorkomt dat deze gegevens verwijderd worden. Business gaat dan voor beveiliging.<br />
<br />
<span style="font-size: x-small;"><u><em>NOTE: This article is my personal opinion and does not reflect the opinion of my employer or anybody else.</em></u></span>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-13033428968351417432012-01-24T12:41:00.000+01:002012-01-24T12:41:38.679+01:00[SP2010/SPF] Required permissions to run command line tools or other tooling that uses the OM[ISSUE]<br />
With SharePoint in many cases the SharePoint administrators also are the Windows of the SQL server and/or SQL administrator. This means that those persons also having loads of permissions in SQL Server, which means that everything will work without issues. They can do anything they want, using any tool they want.<br />
<br />
But what about a situation where you don't have permissions on SQL. You will see actions via the Central Administration site work fine, however certain things like console applications (custom like SharePoint Manage or default applications like stsadm), scripts via PowerShell and other tooling (basically everything that uses the object model) won't work.<br />
<br />
This is caused by the fact that SharePoint requires the account to have certain permissions on the databases in order for it to work. When using the Central Administration, this is done via the application pool account which has sufficient permissions. When using the object model outside of the Central Administration, this is done under the account the command is executed with.<br />
<br />
[SOLUTION]<br />
Then which permissions are required? Here is where it becomes a little tricky!<br />
<br />
PowerShell scripts:<br />
<ul>
<li>When you are running SharePoint 2010 and you are trying to use PowerShell, Microsoft has created a SharePoint internal group called ShellAdmins. By adding your account to this group (Add-SPShellAdmins) your account has sufficient permissions to run PowerShell scripts. Other activities via the object model still don't work.</li>
</ul>
<div>
Other tools:</div>
<ul>
<li>To enable all object model activities, grant the account the following permissions:</li>
<ul>
<li>SharePoint (Depending on the activities you are going to do)</li>
<ul>
<li>Farm Administrator</li>
<li>Permissions in the site collection(s), for example site collection administrator or contributor to a list</li>
</ul>
<li>Database:</li>
<ul>
<li>Configuration database: WSS_Content_Application_Pools</li>
<li>Content database:</li>
<ul>
<li>Db_datareader</li>
<li>Db_datawriter</li>
<li>GRANT EXECUTE</li>
<li><strong>NOTE:</strong> An alternative would be db_owner permissions on the content database, however from SQL administration perspective this might be unwanted/against policy</li>
</ul>
</ul>
</ul>
</ul>
<strong>NOTE:</strong> I am assuming that the account already has local administrator permissions on the SharePoint server, how else will you be able to run tools or scripts on the SharePoint server :-)<br />
<br />
<span style="font-size: x-small;">More info: SharePoint 2010 PowerShell Permissions Explained</span><a href="http://sharepoint.microsoft.com/Blogs/zach/Lists/Posts/Post.aspx?ID=56" target="_blank"><span style="font-size: x-small;">http://sharepoint.microsoft.com/Blogs/zach/Lists/Posts/Post.aspx?ID=56</span></a>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-89474365241536004762012-01-17T09:24:00.001+01:002012-01-17T09:24:55.462+01:00[SP ALL] Opening a web service is returning a 401.1 "Access Denied" error[ISSUE]<br />
Yesterday I was asked to assist in troubleshooting an issue with a SharePoint web service. The SharePoint indexing process failed to work properly for just one web application. Some investigation revealed that the indexer was unable to open the sitedata.asmx web service. When trying to open the same web service via IE, I was prompted for credentials however whatever credentials were entered, after three attempts an "Access Denied" page (401.1 error) was shown.<br />
<br />
[SOLUTION]<br />
Unfortunately Process Monitor didn't reveal anything and I noticed that the sitedata web service wasn't the only web service that failed. After some troubleshooting I found out that the cause was in the web config:<br />
<br />
The "remove verb *.asmx" line was placed after the "add verb *.asmx" line in the httphandler setting, essentially removing the configuration after adding it. For example:
<br />
<blockquote>
<<b>add verb="*" path="*.asmx"</b> validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /><br />
....<br />
<<b>remove verb="*" path="*.asmx"</b> /></blockquote>
After correcting this by placing the remove line in front of the add line, all web services started working just fine!
<br />
<blockquote>
<<b>remove verb="*" path="*.asmx"</b> /><br />
....<br />
<<b>add verb="*" path="*.asmx"</b> validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /></blockquote>
<br />
[EXPLANATION]<br />
Why is this happening? By first placing the remove line, you make sure any declarations that are done in other (global) configuration files are made void. That way you know for sure that no conflicts will occur between two configurations. However after removing the asmx httphandler, you have to declare it again, else SharePoint (or better yet IIS) does not know how to handle the asmx file. The confusing part for this issue is that it will display an authentication prompt to the user, without it actually being an authentication issue.Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-62213030978747289322011-12-23T14:25:00.002+01:002011-12-23T14:26:20.899+01:00[SP2010/SPF] SharePoint 2010 Build numbersHere a list of build numbers for SharePoint 2010. Based on the build number you can determine which patchlevel your SharePoint environment is on:<br />
<br />
<blockquote>
14.0.6114.5000 - December '11 CU<br />
14.0.6112.5000 - October '11 CU<br />
14.0.6109.5002 - August '11 CU<br />
14.0.6106.5000 - June '11 CU<br />
14.0.6029.1000 - Service Pack 1<br />
14.0.5138.5001 - April '11 CU<br />
14.0.5136.5002 - February '11 CU<br />
14.0.5130.5002 - December '10 CU<br />
14.0.5128.5003 - October '10 CU<br />
14.0.5128.5000 - October '10 CU (Incorrect package)<br />
14.0.5123.5000 - August '10 CU<br />
14.0.5114.5003 - June '10 CU<br />
14.0.4763.1000 - RTM</blockquote>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-31935067881284338962011-12-23T14:20:00.002+01:002011-12-23T14:20:40.261+01:00[MOSS2007/WSSv3] SharePoint 2007 Build numbers (Updated)Here a list of build numbers for SharePoint 2007. This list is updated until the December '11 Cumulative Update:<br />
<br />
<blockquote>
12.0.6656 - MOSS2007/WSSv3 December '11 Cumulative Update<br />
12.0.6654 - MOSS2007/WSSv3 October '11 Cumulative Update<br />
12.0.6608 - MOSS2007/WSSv3 Service Pack 3<br />
12.0.6565 - MOSS2007/WSSv3 August '11 Cumulative Update<br />
12.0.6562 - MOSS2007/WSSv3 June '11 Cumulative Update<br />
12.0.6557 - MOSS2007/WSSv3 April '11 Cumulative Update<br />
12.0.6554 - MOSS2007/WSSv3 February '11 Cumulative Update<br />
12.0.6550 - MOSS2007/WSSv3 December '10 Cumulative Update<br />
12.0.6548 - MOSS2007/WSSv3 October '10 Cumulative Update<br />
12.0.6545 - MOSS2007/WSSv3 August '10 Cumulative Update<br />
12.0.6539 - MOSS2007/WSSv3 June '10 Cumulative Update<br />
12.0.6535 - MOSS2007/WSSv3 April '10 Cumulative Update<br />
12.0.6529 - MOSS2007/WSSv3 February '10 Cumulative Update<br />
12.0.6524 - MOSS2007/WSSv3 December '09 Cumulative Update<br />
12.0.6520 - MOSS2007/WSSv3 October '09 Cumulative Update<br />
12.0.6514.5004 - (Corrected) MOSS2007/WSSv3 August '09 Cumulative Update<br />
12.0.6514.5000 - MOSS2007/WSSv3 August '09 Cumulative Update<br />
12.0.6510 - MOSS2007/WSSv3 June '09 Cumulative update<br />
12.0.6504 - MOSS2007/WSSv3 April '09 Cumulative update<br />
12.0.6421 - MOSS2007/WSSv3 SP2<br />
12.0.6341 - MOSS2007/WSSv3 February '09 Cumulative update<br />
12.0.6335 - MOSS2007/WSSv3 December '08 Cumulative update<br />
12.0.6327 - MOSS2007/WSSv3 August '08 Cumulative update<br />
12.0.6318 - MOSS2007/WSSv3 Infrastructure Update<br />
12.0.6300 - MOSS2007/WSSv3 post-SP1 hotfix<br />
12.0.6219 - MOSS2007/WSSv3 SP1<br />
12.0.6039 - MOSS2007/WSSv3 October '07 public update<br />
12.0.6036 - MOSS2007/WSSv3 August 24 '07 hotfix package<br />
12.0.4518 - MOSS2007/WSSv3 RTM</blockquote>
<br />
You can find the build number of your environment via:<br />
Central Admin > Operations > Servers in FarmYorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-55079686592711332292011-09-13T13:06:00.000+02:002011-09-13T13:06:02.480+02:00[SP2010] Upgrade to SP2010 issue with missing content types[ISSUE]<br />
During a database upgrade from SP2007 to SP2010 I encountered an issue, which blocked a succesful upgrade. Several features could not be upgraded because of an issue with content types.<br />
<br />
[ERROR]<br />
[powershell] [SPSiteWssSequence2] [ERROR] [7/15/2011 1:14:56 PM]: Feature upgrade incomplete for Feature 'PublishingSite' (Id: 'f6924d36-2fa8-4f0b-b16d-06b7250180fa') in Site 'http://www.domain.com/sites/sitecollectionname'. Exception: The parent content type specified by content type identifier 0x010100C568DB52D9D0A14D9B2FDCC96666E9F2007948130EC3DB064584E219954237AF39 does not exist.<br />
<br />
[CAUSE]<br />
This issue is caused by the fact that:<br />
- The publishing features (“SharePoint Server Publishing Infrastructure” and the features it is depending on) have been enabled and disabled in the past<br />
- Content types have been deleted the incorrect way: Deleted while other components were still using them.<br />
<br />
[SOLUTION]<br />
The mentioned content type ID is the ID of the content type “Page”, which does not exist anymore in the Site Content Types. To recreate these, run the following stsadm commands for each site collection that is experiencing the issue (retrieve the list from the upgrade log file):<br />
<br />
stsadm -o activatefeature -name PublishingSite -url <url> -force<br />
stsadm -o activatefeature -name PublishingResources -url <url> -forceYorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-17080615146881677652011-08-10T15:05:00.000+02:002011-08-10T15:05:44.181+02:00[SP2010] Service Pack 1 data storage changesWith the release of Service Pack 1 of SharePoint 2010, Microsoft has changed the Data Storage limitations of SharePoint 2010. The 200GB is no longer a hard limit:<br />
<ol><li>For a SharePoint content database up to 200 GB there are no special requirements and this limit is included for consistency.</li>
<li>For a SharePoint content database up to 4 TB you need to additionally plan for the following two requirements:</li>
<ul><li>Requires disk sub-system performance of 0.25 IOPS per GB, 2 IOPS per GB is recommended for optimal performance.</li>
<li>Requires the customer to have plans for high availability, disaster recovery, future capacity, and performance testing.</li>
<li>And you need to review additional considerations in the TechNet Boundaries and Limits article.</li>
</ul><li>For a SharePoint content database over 4TB specifically for a Document Archive scenario you are required to additionally plan for the following:</li>
<ul><li>SharePoint sites must be based on Document Center or Records Center site templates and must be an archive scenario where less than 5% of content is actively read from each month and less than 1% of content is actively written to.</li>
<li>Do not use alerts, workflows, link fix-ups, or item level security on any SharePoint objects in the content database. Note: document archive content databases can be the recipient of documents as a result of Content Routing workflow.</li>
</ul><li>Other specific limits changes being made at the same time: </li>
<ul><li>A new limit of 60million items in any one SharePoint content database</li>
<li>The specific 5 TB limit per SQL Server instance has been removed. Instead you should work with a SQL Server professional to plan for database storage</li>
</ul></ol>The updated limitations are incorporated into the <a href="http://technet.microsoft.com/en-us/library/cc262787.aspx" target="_blank">SharePoint Server 2010 capacity management: Software boundaries and limits</a><br />
<br />
<span style="font-size: xx-small;">Source: </span><a href="http://sharepoint.microsoft.com/blog/Pages/BlogPost.aspx?pID=988" target="_blank"><span style="font-size: xx-small;">http://sharepoint.microsoft.com/blog/Pages/BlogPost.aspx?pID=988</span></a>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-43196810785126981872011-07-20T14:17:00.001+02:002011-07-20T14:35:13.929+02:00[SP2010] Upgrade SharePoint 2007 content to SharePoint 2010 via the Database Attach methodLast week I performed an upgrade of SharePoint 2007 to SharePoint 2010 using the Database Attach method. Unfortunately the database upgrade <i>"Completed with errors"</i>. However, the site collections were available in SP2010 without errors. Also changing the visual style to SP2010 worked just fine. Detaching the database and reattaching did not give me any error, but it didn't restart or continue the upgrade process. Then how to fix this:<br />
<br />
<b>Troubleshoot upgrade errors</b><br />
Each upgrade process produces an upgrade log file, which displays each error and warning that is found during the upgrade. To successfully complete the upgrade process you will have to fix each error and restart the upgrade process to upgrade the remaining, not yet upgraded, site collections.<br />
<br />
<b>Restart/resume the database upgrade</b><br />
Once you have fixed all upgrade issues, you have to restart the upgrade process. This can be done using the following PowerShell script:<br />
Source: http://technet.microsoft.com/en-us/library/ff382638.aspx<br />
<br />
<blockquote>$guid = Get-SPContentDatabase -Identity <dbname><br />
upgrade-spcontentdatabase -id $guid</blockquote><br />
However if the database still contains issues, the upgrade will fail again. Review the generated log file to check what the errors are and retrieve more info for troubleshooting.<br />
<br />
<b>Verify upgrade status</b><br />
To verify if all components in the environment are upgraded successfully, run the following command:<br />
<blockquote>stsadm -o localupgradestatus</blockquote><br />
This command generates a report that contains a summary at the bottom. The part marked bold is the important part and specifies that in all databases there are 16 site collections not upgraded yet, this number should be zero.<br />
<blockquote>[9] content database(s) encountered.<br />
[0] content database(s) still need upgrade or cannot be upgraded.<br />
[43] site collection(s) are contained in the content databases.<br />
<b>[16] site collection(s) still need upgrade.</b><br />
[82] other objects encountered, [0] of them still need upgrade or cannot be upgraded.</blockquote><br />
If you send the output of the command to file and search for the text <i>"Needs Upgrade"</i>, you will find the site collections that aren’t upgraded yet:<br />
<blockquote> <object><br />
<name>https://www.domain.com/sites/sitecollectionname</name><br />
<type>Microsoft.SharePoint.SPSite</type><br />
<level>6</level><br />
<status>Needs Upgrade</status><br />
</object></blockquote>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-41208563878115282872011-07-04T10:41:00.001+02:002011-07-04T10:41:52.033+02:00[SP2010] Guidance on implementation of Service Pack 1 for SP2010Check out <a href="http://blogs.technet.com/b/office_sustained_engineering/archive/2011/06/29/sharepoint-2010-sp1-and-the-june-cumulative-update-for-sharepoint-2010.aspx" target="_blank">SharePoint 2010 SP1 and the June Cumulative Update for SharePoint 2010</a> for guidance on implementing SP2010 Service Pack 1 and the June 2011 Cumulative UpdateYorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-10540379278308080102011-07-04T10:38:00.001+02:002011-07-04T10:39:22.214+02:00I use SharePointReleased last week: <a href="http://sharepoint.microsoft.com/iusesharepoint/landing.aspx" target="_blank">I Use SharePoint</a><br />
<br />
A lot of information (howto's, Quick Reference Cards, etc) on how to use SharePoint!Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-51128821261275821492011-06-29T10:22:00.000+02:002011-06-29T10:22:50.168+02:00[SP2010] Service Pack 1 releasedYesterday Microsoft released Service Pack 1 for SharePoint 2010!<br />
<br />
More info on: <a href="http://sharepoint.microsoft.com/blog/Pages/BlogPost.aspx?pID=984">SharePoint Team Blog</a>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-51446296004268633302011-06-08T13:35:00.000+02:002011-06-08T13:35:54.537+02:00Two very good SharePoint articlesYesterday I ran into two very good SharePoint articles, that describe an often forgotten part of a SharePoint implementation: Governance!<br />
<ul><li><a href="http://veroniquepalmer.wordpress.com/2011/06/02/weve-installed-sharepoint-we-have-a-successful-platform-right-wrong/">We've installed SharePoint, we have a successful platform right? Wrong!</a></li>
<li><a href="http://veroniquepalmer.wordpress.com/2009/12/16/sharepoint-is-a-car/">SharePoint is a car</a></li>
</ul>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-42538686378416982152011-06-07T12:54:00.001+02:002011-06-07T12:54:54.834+02:00[SP2007/SP2010] Migrate SharePoint across domainsA while ago I worked on a project where we had to migrate a customer’s SharePoint 2007 environment from another service provider to a newly created environment in our own datacenter. The challenge we had during this project was that the new environment was built from scratch, meaning that the Active Directory would be a different one than the original environment was located in. Unfortunately there were no possibilities to create a trust between the two domains.<br />
<br />
The above would mean that since the Active Directory changed, , the domain name would change as well as all user accounts (or SIDs). This meant that all security permissions, alerts and ownerships would become unusable. These had to be migrated to the new accounts in the new AD.<br />
<br />
For migrating users, SharePoint offers a stsadm operation called “migrateuser”. However, at the time of the project there was no operation for groups migration, so we needed a solution for that as well.<br />
<br />
[PROJECT INFO]<br />
<ul><li>The web application URL's would not change</li>
<li>The user account format would not change in the new Active Directory. User1 in the old AD, would be User1 in the new AD.</li>
<li>MIIS was used to create the users in the source environment. ILM2007 would be used in the new environment. Any custom code used in MIIS could be migrated to the ILM2007 environment, however some changes and updates would be made in the process.</li>
<li>The old environment was based on 32 bit SharePoint 2007 on Windows Server 2003. The new environment would be based on 64 bit SharePoint 2007 on Windows Server 2008.</li>
</ul>[ISSUES]<br />
<ul><li>The source SharePoint environment contained a SSP. Unfortunately there is no way to copy the SSP or its settings to the new environment automatically. The SSP had to be recreated manually.</li>
<li>The user profiles in the SSP had to be migrated as well. There was no tool available that was able to export the user profiles and import in our new environment. We had to create a tool for this. On Codeplex we found a Profile Import tool (<a href="http://mossprofileimport.codeplex.com/" target=_blank>MOSS Profile Importer</a>), but that was unable to export the information from an existing SharePoint farm. We used this code as a starting point for our own tool.</li>
<li>The migrategroup command did not exist yet, fortunately only seven different AD groups were used. These needed to be migrated manually.</li>
<li>The stsadm operation migrateuser has to be run for each user id. A custom solution is required to generate a script for all users. Running this script consumes much time and needs to be shortened as much as possible.</li>
</ul>[MIGRATION]<br />
The preparation steps we took were:<br />
<ul><li>Create the custom tooling require to perform the migration (profile export/import, migrateuser script)<br />
</li>
<li>Perform a test migration in order to validate the migration steps and target environments.<br />
</li>
</ul>The steps we took to migrate the content were:<br />
<u>Environment setup</u><br />
<ul><li>Setup the new SharePoint 2007 environment and use same patch level as the original farm</li>
<li>Install all custom solutions on the target environment</li>
<li>Create all users in the new Active Directory</li>
<li>Setup the SSP in the target environment and configure it according to the settings of the old environment (user profile properties, profile import, audiences, search, etc)</li>
</ul><u>User profile information</u><br />
<ul><li>Import all users from AD into the SSP</li>
<li>Backup all user profile information to file</li>
<li>The import tool is using the user id to import the data to the correct profile, so we had to replace the old domain name with the new domain name in the export file</li>
<li>Restore all user profile information into the new SSP</li>
</ul><u>Content</u><br />
<ul><li>Create SQL backup of the source content databases (web applications and MySites) to a USB disk</li>
<li>Ship the disk to the other datacenter and connect it to the server</li>
<li>Restore the SQL backups on the target SQL server from USB disk</li>
<li>Connect the content databases to the correct web applications</li>
<li>Test the site collections for correct operation of the databases</li>
<li>Run the migrateuser script generation tool. This tool created three script files, which we could run on three different servers to speed up the migration process.</li>
<li>Run the migration scripts</li>
<li>Manually change group membership for each used group (add new group, grant permissions and remove old group) in the entire site structure</li>
</ul><u>Testing</u><br />
<ul><li>Test, test, test</li>
</ul>[POST INFO]<br />
<ul><li>Since the August 2009 Cumulative Update, SharePoint 2007 stsadm includes the migrategroup operation, which is able to migrate groups the same way migrateuser does for users.</li>
</ul>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-46737353864828503792011-04-04T14:09:00.000+02:002011-04-04T14:09:24.163+02:00[MOSS2007/WSSv3] PowerShell Library - List where a feature is activated[DESCRIPTION]<br />
Microsoft recommends to deactivate a feature everywhere before you remove the feature from the environment. Unfortunately there is no way of determining where the feature is activated.<br />
<br />
To solve this issue, I have created a PowerShell script.<br />
<br />
How to use it:<br />
<ol><li>Download the <a href="http://www.xs4all.nl/~ykuijs/powershell/ListFeatures.ps1" target="_blank">PowerShell script</a> </li>
<li>Open the script in Notepad and edit the <featureid> text to match the id of the feature you are interested in</li>
<li>Run the script</li>
<li>Open the output in Microsoft Excel and use "*" as separator </li>
<li>Based on the Scope column you can determine if the specific feature is a site or web feature</li>
</ol>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-91533881778908140702011-03-31T20:15:00.000+02:002011-03-31T20:15:25.955+02:00[SP2010] SharePoint Timer service crashes constantly[SYMPTOMS]<br />
I tried to retract a solution, but the status remained "Retracting" and never changed. After some investigation I found out that the SharePoint Timer service on one of the servers crashed every couple of minutes. The event log showed the following errors:<br />
<br />
<blockquote>Log Name: System<br />
Source: Service Control Manager<br />
Date: 3/31/2011 9:24:55 AM<br />
Event ID: 7024<br />
Task Category: None<br />
Level: Error<br />
Keywords: Classic<br />
User: N/A<br />
Computer: [Server name]<br />
Description:<br />
The SharePoint 2010 Timer service terminated with service-specific error %%-2147467259.</blockquote>and<br />
<br />
<blockquote>Log Name: System<br />
Source: Service Control Manager<br />
Date: 3/31/2011 9:24:55 AM<br />
Event ID: 7031<br />
Task Category: None<br />
Level: Error<br />
Keywords: Classic<br />
User: N/A<br />
Computer: [Server name]<br />
Description:<br />
The SharePoint 2010 Timer service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.</blockquote>The ULS log showed the following errors:<br />
<blockquote>- The timer service could not initialize its configuration, please check the configuration database. Will retry later. <br />
<br />
- Exiting the process because the timer could not be initialized after multiple attempts. <br />
- The timer service is stopping </blockquote>[CAUSE]<br />
After searching the Internet I found one article where someone explained that this was caused by the fact that the Configuration Cache directory (C:\ProgramData\Microsoft\SharePoint\Config) did not contain a folder with the farm GUID as the name. After checking the configuration cache folder, that folder was indeed missing.<br />
<br />
I then remembered I had to clear the configuration cache last week because the implementation of the February 2011 Cumulative Update failed during the Configuration Wizard step. Clearing the configuration cache fixed this issue. As it turned out, I was a little too enthousiastic with deleting the folders :-)<br />
<br />
[Resolution]<br />
<ol><li>Open the Registry Editor</li>
<li>Browse to HKLM > SOFTWARE > Microsoft > Shared Tools > Web Server Extensions > 14.0 > Secure > ConfigDB</li>
<li>Copy the value in the property "Id"</li>
<li>Browse to folder C:\ProgramData\Microsoft\SharePoint\Config and create a folder with the name of the previously copied value</li>
<li>Restart the SharePoint Timer service</li>
<li>The folder should be populated with XML files within a minute.</li>
</ol>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com13tag:blogger.com,1999:blog-20734372.post-35950619493836975332011-02-25T10:11:00.001+01:002011-02-25T10:13:28.077+01:00The “Soft” part of SharePoint - Part 6, Challenge the BusinessThis is a tricky one! I know the saying "the customer is always right" or "the customer is king". In IT the business is your customer, IT by itself is useless. IT is there to support the business to work as efficient as possible, but does this mean that the customer is indeed always right.......<br />
<br />
I have seen many cases where IT puts the business before everything. They do pretty much everything to do what the business asks them to do, often without questions. Very often this resulted in projects turning into disasters: <br />
<ul><li>The business asks for more that they need</li>
<li>They radically change their requirements when you just started the implementation</li>
</ul>And of course, afterwards the business starts complaining that it took too long and the costs were too high.<br />
<br />
Then what is causing these kind of issues. Two reasons behind these drama’s are:<br />
<ol><li>The business doesn’t know what exactly they want.</li>
<ul><li>Result 1: They ask something else every day</li>
<li>Result 2: They ask what they think they want</li>
</ul><li>The business is asking for IT solutions instead of specifying the business need</li>
<ul><li>Result: They ask for a technical solution which is not fitting their business need</li>
</ul></ol>That is why IT should challenge everything the business is asking for: Do they have a clear picture what they want? Do they really want what they ask? Don't they mean something else and therefore ask the wrong question? Isn’t there an easier way to meet their business need?<br />
<br />
This is not to question everything they do, but to get to know the true question behind the question. When all requirements are clear on all ends, projects can be executed easier and cheaper.Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com1tag:blogger.com,1999:blog-20734372.post-40659088091635158542011-01-28T09:45:00.001+01:002011-01-28T09:47:29.102+01:00[MOSS2007/WSSv3] PowerShell Library - Check for large lists[DESCRIPTION]<br />
Microsoft recommends not to use lists/libraries with a huge amount of items, so called large lists. These lists can seriously impact the performance of SharePoint. Unfortunately there is no way to keep track of such large lists from an administrative side.<br />
<br />
In order to be able to determine where large lists exist, I have created a PowerShell script.<br />
<br />
How to use it:<br />
<ol><li>Download the <a href="http://www.xs4all.nl/~ykuijs/powershell/CheckListSizes.ps1" target=_blank>PowerShell script</a> </li>
<li>Open it in a text editor like Notepad </li>
<li>Run the script </li>
<li>Open the output in Microsoft Excel and use "*" as separator </li>
</ol>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-5746099979602342602011-01-25T11:39:00.000+01:002011-01-25T11:39:46.726+01:00[MOSS2007/WSSv3] PowerShell Library - Overview Request Access Email AddressWhen creating a site collection or sub sites, it is possible to configure an e-mail address to which SharePoint will send Access Requests mails. When a mail address of a user is configured and that user leaves or changes roles, by default there is no way of checking where that address is used.<br />
<br />
To solve this, I have created a script that generates a report with all configured mail addresses:<br />
<br />
How to use it:<br />
<ol><li>Download the <a href="http://www.xs4all.nl/~ykuijs/powershell/CheckRequestEmail.ps1">PowerShell script</a></li>
<li>Run the script</li>
<li>Open the output in Microsoft Excel and use "*" as separator </li>
</ol>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com5tag:blogger.com,1999:blog-20734372.post-88218273098790997552011-01-24T15:34:00.000+01:002011-01-24T15:34:27.754+01:00The “Soft” part of SharePoint - Part 5, Change ManagementThis time something that is not really SharePoint related, but this doesn’t make it less important!<br />
<br />
Way too many times I have seen “Administrators from the Wild West”, in other words true cowboys. Clicking links and buttons like their lives depended on it. Reading error messages is so 2010 :-)<br />
<br />
When troubleshooting an issue, Google is my friend. However not all answers given on the Internet always work or are safe to the environment. What if something goes wrong and I bring down the environment……..in a lot of cases all hell will break loose and I have to test my running skills :-p<br />
<br />
<strong>How to prevent this?</strong><br />
Every change you are about to implement to a production environment is supposed to be tested before implementation. If you are working as an administrator (server or application), I hope you are familiar with ITIL* and its procedures, especially change management. If not, see the “More info” section and read up real quick!!<br />
<br />
In a lot of cases Change Management is seen as a pain in the butt. But when implemented correctly it can save you a lot of work or better yet save you from having to do some overtime. The goal of change management is to make you think well about the change you are going to implement and put those steps on paper:<br />
<ul><li>What are you trying to fix/resolve/accomplish?</li>
<li>What changes are you going to make?</li>
<li>What are the steps to implement the change?</li>
<li>What are the components that are affected?</li>
<li>What is the impact of the change for users and administrators?</li>
<li>Who needs to be notified about the change?</li>
<li>What to do if something goes wrong?</li>
<li>What to document afterwards?</li>
<li>Etc, etc</li>
</ul>But that is not all: Two know more than one. Change management is also about having the thought process reviewed by others. These persons can have the same type of skills, but it is also important to have it reviewed by persons with different skills. Maybe your change has impact on their area of expertise you didn’t think of.<br />
<br />
<strong>Change Management and DTAP</strong><br />
In combination with a DTAP strategy, Change Management can become even more powerful. All changes are tested on the Test environment, the implementation procedure tested on the Acceptance environment, after which the change is implemented on the Production environment.<br />
<br />
<span style="font-size: x-small;">More info:</span><br />
<span style="font-size: x-small;">ITIL: </span><a href="http://en.wikipedia.org/wiki/Information_Technology_Infrastructure_Library" target="_blank"><span style="font-size: x-small;">http://en.wikipedia.org/wiki/Information_Technology_Infrastructure_Library</span></a><br />
<span style="font-size: x-small;">Change Management: </span><a href="http://en.wikipedia.org/wiki/Change_Management_(ITSM)" target="_blank"><span style="font-size: x-small;">http://en.wikipedia.org/wiki/Change_Management_(ITSM)</span></a>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-51919441219026066792011-01-18T10:35:00.004+01:002011-01-18T10:39:39.159+01:00[MOSS2007/WSSv3] SharePoint 2007 Build numbers (Updated)Here a list of build numbers for SharePoint 2007. This list is updated until the December '10 Cumulative Update:<br />
<br />
<blockquote>12.0.0.6550 - MOSS2007/WSSv3 December '10 Cumulative Update<br />
12.0.0.6548 - MOSS2007/WSSv3 October '10 Cumulative Update<br />
12.0.0.6545 - MOSS2007/WSSv3 August '10 Cumulative Update<br />
12.0.0.6539 - MOSS2007/WSSv3 June '10 Cumulative Update<br />
12.0.0.6535 - MOSS2007/WSSv3 April '10 Cumulative Update<br />
12.0.0.6529 - MOSS2007/WSSv3 February '10 Cumulative Update<br />
12.0.0.6524 - MOSS2007/WSSv3 December '09 Cumulative Update<br />
12.0.0.6520 - MOSS2007/WSSv3 October '09 Cumulative Update<br />
12.0.0.6514.5004 - (Corrected) MOSS2007/WSSv3 August '09 Cumulative Update<br />
12.0.0.6514.5000 - MOSS2007/WSSv3 August '09 Cumulative Update<br />
12.0.0.6510 - MOSS2007/WSSv3 June '09 Cumulative update<br />
12.0.0.6504 - MOSS2007/WSSv3 April '09 Cumulative update<br />
12.0.0.6421 - MOSS2007/WSSv3 SP2<br />
12.0.0.6341 - MOSS2007/WSSv3 February '09 Cumulative update<br />
12.0.0.6335 - MOSS2007/WSSv3 December '08 Cumulative update<br />
12.0.0.6327 - MOSS2007/WSSv3 August '08 Cumulative update<br />
12.0.0.6318 - MOSS2007/WSSv3 Infrastructure Update<br />
12.0.0.6300 - MOSS2007/WSSv3 post-SP1 hotfix<br />
12.0.0.6219 - MOSS2007/WSSv3 SP1<br />
12.0.0.6039 - MOSS2007/WSSv3 October '07 public update<br />
12.0.0.6036 - MOSS2007/WSSv3 August 24 '07 hotfix package<br />
12.0.0.4518 - MOSS2007/WSSv3 RTM</p></blockquote><br />
You can find the build number of your environment via:<br />
Central Admin > Operations > Servers in FarmYorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-28596083294365375442011-01-18T09:27:00.000+01:002011-01-18T09:27:58.277+01:00[SP2010/SPF] SharePoint 2010 Build numbersHere a list of build numbers for SharePoint 2010. Based on the build number you can determine which patchlevel your SharePoint environment is on:<br />
<br />
<blockquote>14.0.5130.5002 - December 10 CU<br />
14.0.5128.5003 - October 10 CU<br />
14.0.5128.5000 - October 10 CU (Incorrect package)<br />
14.0.5123.5000 - August 10 CU<br />
14.0.5114.5003 - June 10 CU<br />
14.0.4763.1000 - RTM</blockquote>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-8308297527374009582011-01-17T10:49:00.001+01:002011-01-17T10:51:09.933+01:00[MOSS2007] PowerShell Library - Start Incremental crawl[DESCRIPTION]<br />
SharePoint 2007 does not support crawl schedules larger than 24 hours. So if you want to schedule a crawl to run every 36 hours, by default there is no way to do this.<br />
<br />
At a customer we had a very large environment, which had a huge amount of changes on a daily bases. A crawl during the weekend took just a few minutes, but during the week this increased to 32 hours. Because Microsoft also recommends not to start a crawl when the previous crawl is still running (even though it cannot run two instances of the same crawl, SharePoint does something that can break the index before it detects the crawl is already running), I have created a script that does this for me.<br />
<br />
The script checks if a crawl is running and if so quits. If a crawl is not running, it starts another incremental crawl. By scheduling this script every 15 minutes, I can make sure the crawl is never stopped for more than 15 minutes.<br />
<br />
How to use the script:<br />
<ol><li>Download the <a href="http://www.xs4all.nl/~ykuijs/powershell/StartIncrementalCrawl.ps1" target="_blank">PowerShell script</a></li>
<li>(If necessary) Change the Content Source name</li>
<li>Run or schedule the script</li>
</ol>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-34340067662251106972011-01-11T14:33:00.000+01:002011-01-11T14:33:14.923+01:00[MOSS2007/WSSv3] PowerShell Library - Site definition inventoryFor a project we were wondering which site definitions were used in our environment. I created the following script in order to create this inventory. It loops through all web applications, site collections and sub sites and logs the use definition for each site in a log file:<br />
<br />
How to use it:<br />
<br />
<ol><li>Download the <a href="http://www.xs4all.nl/~ykuijs/powershell/ListWebtemplates.ps1" target="_blank">PowerShell script</a></li>
<li>Run the script</li>
<li>Open the output in Microsoft Excel and use "*" as separator </li>
</ol>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com0tag:blogger.com,1999:blog-20734372.post-21615639418197857072011-01-10T16:56:00.000+01:002011-01-10T16:56:24.926+01:00[MOSS2007] PowerShell Library - Delete MOSS User Profiles[Description]<br />
At a customer we had some disabled accounts which were not imported in the profile database but did have an MOSS profile. For whatever reason SharePoint did not deleted these profiles. The customer wanted to delete these profiles without removing all profiles.<br />
<br />
To achieve this goal, I have created a PowerShell script.<br />
How to use it:<br />
<br />
<ol><li>Download the <a href="http://www.xs4all.nl/~ykuijs/powershell/DeleteMOSSUserProfiles.ps1" target="_blank">PowerShell script</a></li>
<li>Open it in a text editor like Notepad </li>
<li>Change the <url> into the URL of the web application you would like to check </li>
<li>Run the script </li>
</ol>Yorickhttp://www.blogger.com/profile/11902915833083267735noreply@blogger.com3