9/10/2009Here’s a short list of companies that provide end user training products or information. If there are others, let me know about them. 7/22/2009I just found out about this new website for SharePoint Governance: http://SharePointGovernance.org . I like the idea, and have already submitted 4 comments on how to improve what’s there. The biggest gap I see is that it needs text or a link on the home page that explains what SharePoint Governance is. Here’s my attempt: SharePoint Governance is the policies and procedures an organization puts in place in order to maintain an appropriate level of control over the organization's SharePoint deployment. Every organization that deploys SharePoint should have some sort of governance plan. Such a plan, what we at Magenic call a SharePoint Roadmap, can cover a wide variety of management issues. This isn’t about server monitoring, though a governance plan would say that IT must put a server monitoring plan and process in place. This is about how the organization plans to use SharePoint in the short and long term, and what policies they need to create to support that. This can include how the organization plans to deploy, use, and control the wide variety of SharePoint functionality. This can also include defining where the division of control is: collaboration sites for example may have their adoption stunted if IT chooses to exert too much control, and not delegate enough. On the other hand, no control can lead to unplanned data growth, emergency storage upgrades, and other forms of chaos. Figuring out what the right level of control is can vary by usage scenario. Collaboration sites to support teams and projects may need a very different level of control than general employer-to-employee intranet portal sites . The regulatory environment in which the organization lives may also have an impact on this. Other things a governance plan or roadmap may cover is the need for policies that address allowing business units to engage consulting firms to perform SharePoint work. Such policies might specify who is allowed to perform what type of work and how they engage with IT. Other policies that might emerge from governance planning include IT service level agreements regarding availability and restoring from backups, or definitions of IT job roles, skills, and responsibilities for SharePoint jobs and hiring for those. Other aspects that are covered might include site branding requirements – should every intranet site be branded? The list of things covered by company policies can be quite extensive. Large organizations can create a governance committee or steering committee for this, but for small organizations it might just be “the IT guy” and a business decision maker. It most cases, it should be a group that includes both IT and the business, not just IT. If you are looking for which SharePoint MVPs to watch for governance guidance, the first two that come to mind are Joel Oleson and Rob Bogue. Joel for example, has a sample governance plan on his website at Sample Governance Plan and page 5 of it is a good start for understanding what a governance plan is for. Rob has things like this list of governance resources: http://www.thorprojects.com/Notebook/Wiki%20Pages/Governance.aspx --Michael 7/7/2009I’ve been busy with a deployment of an intranet for a smaller firm, and have accumulated a number of items that I want to share. First off, yesterday and today, I ran into an issue where I had my SSP on port 82 (i.e. http://server:82) and want it to make it available on it’s own url, http://ssp.demo.local. I have all of this on one machine since it’s a dev environment – windows server 2008 and IIS7 in a HyperV VM, all 64bit to be exact.. When I extended the SSP’s web app to the new web app, the resulting new site would prompt me for authentication 3 times, and then give me a TOTALLY BLANK page. No access denied from IIS, nor from SharePoint. No error messages in the Application Event Log, nothing in the ULS log. In the Security event log, there was a Logon Failure (which made me think it might be a Kerberos issue, but it wasn’t). In the IIS log, there were a set of 401.1 and 401.2 result codes (access denied.). I had entries in my host file that mapped ssp.demo.local to a local static IP address – not 127.0.0.1 but 192.168.21.20. My friend and coworker Ralph (Twitter:@BigPix2000) pointed me to this KB article: http://support.microsoft.com/kb/896861 Next, I run Windows 2008 Server Enterprise on my laptop so I can use HyperV. I’ve got the Desktop Experience feature turned on so it has the Vista user experience, but I noticed that I was not getting previews nor thumbnails of JPEG files. The solution is here. http://www.win2008workstation.com/wordpress/2008/06/15/preview-thumbnails-in-windows-explorer/ I’ve also been doing a lot of PowerShell scripting. At some point, I plan to clean them up and add them to my PSBB Codeplex project. Some PowerShell things I’ve done : - Stop all the HyperV services so I can remove my external USB drive hosting my VHDs.
- List all the document libraries in a web application, and show their version settings.
- Add a site column to a document library
- Create a document library
- Tried out the scripts from this project: http://www.codeplex.com/PSHyperv . I found I had to modify them to include the global scope specifier for each function and filter.
I had to turn on email enabled lists. MVP Steve Smith’s documentation is invaluable. http://www.combined-knowledge.com/Downloads%202007.htm. - One issue that I haven’t resolved yet is that this works fine for document libraries, but for an announcements list, I had to let it accept email from anyone, not just whomever has contributor or better access to the list. If I just had it enforce doc library permissions, messages never become files.
- The other thing to note is that for configuring the SMTP service on Windows Server 2007, you use the IIS6 MMC, not the IIS7 MMC.
Also, for the document library, it would be nice if there were more options for controlling how email becomes files. If you have it set to create folders based on the message subject, it would be nice if messages without attachments would just become files and only messages with attachments would become folders plus files. Another issue I had was when I tried to set up the OWA Exchange Folder web part to display a shared Exchange Calendar. I wanted the web part title link to link directly to the OWA URL for the calendar (e.g. http://exchangeserver/public/calendarname), but it would automatically cut the link back to http://exchangeserver/public without letting you know it would do that. WHY? Also, the OWA Folder web part is not all that flexible in the views it provides. We are planning to use the KWiz Calendar Plus web part instead. http://www.kwizcom.com/ProductPage.asp?ProductID=175&ProductSubNodeID=176 There was an MSDN article that looked interesting and that I had meant to mention two months ago: “Summary: Learn about methodologies and strategies to reconcile differences between Microsoft SharePoint Products and Technologies artifact development and assembly development. The strategies include combining these two components into a single version control repository, such as Microsoft Visual Studio 2008 Team Foundation Server. (12 printed pages)”. http://msdn.microsoft.com/en-us/library/dd179854.aspx Ran into another oddity. I went into Central Admin to deploy the WSP for Gary LaPointe’s STSADM add-ons, and got an access denied message. I then ran stsadm from an elevated CMD window and it deployed just fine. Do I need to run my IE session elevated too? I recently had to create a WSP to create a site column I could easily deploy to multiple site collections. The tools I used to do this were WSPBuilder and SPManager. Both made this REALLY EASY. Make sure you take a look at all of WSPBuilder’s config options. Also, the CSPUG website was down recently for server maintenance. It’s back up now. We had two very good speakers at the June 25th meeting, Shawn Shell and Paul Schaeflein. Our next meeting will probably be in August. And finally, when doing a manual farm backup via central administration, and you are backing up to a network share, it’s not only the Web Front End that needs to be able to write to the network share, but also the SQL box in the context of the SQL service account. --Michael 6/28/2009Although no beta code has been released to the public, and I personally have had no access to it via other channels, we know or can make some intelligent guesses about a few things. First, what we know: - 64 Bit! SharePoint Server 2010 will be 64 bit only. That means that the web front ends and application servers will run best on the x64 versions of Windows Server 2008 or 2008 R2 (due out this October). Note that it WILL NOT run on Windows Server 2003, x64. SQL Server has to be 64 bit as well, but either 2005 or 2008.
- Source: Announcing SharePoint Server 2010 Preliminary System Requirements [MSFT SharePoint Product Team Blog]
- Todd Klindt and Shane Young, on Episode 18 of the SharePoint Pod Show, advise (and it seems like common sense) that if you are only familiar with Windows Server 2003, now is the time to learn Windows Server 2008. You want to avoid having to learn both Windows Server 2008 AND SharePoint Server 2010 at the same time.
- Windows Server 2008 is different enough from Windows Server 2003 that you should not underestimate this. In particular, the IIS Admin UI (the IIS 7 MMC) is very different than it was in IIS 6/ Win 2003.
- For your production farms on physical hardware, your vendor should be telling you what hardware is supported for Windows Server 2008 and providing updated drivers. If you need to buy new hardware because it’s not supported by Windows Server 2008, start making your business case for the expense now…
- For your virtual environments (my guess is this means some production environments, many staging, and most development environments), if you are using Virtual PC or Virtual Server, which today do NOT support 64 bit environments, only 32, then you should start looking at Hyper-V.
- I’m running Windows Server 2008 x64 Enterprise and Hyper-V on my Dell Laptop D620, and there are a few driver issues and quirks. Dell does not support Windows Server 2008 on the D620. If I try to use the highlighter when doing a PowerPoint 2007 presentation, my mouse locks up.
- Running a VHD from a recent version of Virtual PC under Hyper-V is easy – Open it under Hyper-V, uninstall the VPC Virtual Machine Additions and install the Hyper-V Integration Services. Several Reboots may be required. Note that the machine might want you to go through Windows Activation again.
- Therefore, the latest & Greatest stack for your 2010 server farm will be SharePoint 2010 servers on Windows 2008 R2 x64 and SQL Servers running SQL 2008 x64 also on Windows 2008 R2 x64.
- We also know several things from looking at the output of the Pre Upgrade Check report that can be produced by STSADM if you have MOSS 2007 SP2 installed. Joel ran this recently and put the output in his blog.
- Microsoft is switching from CAML to XSLT for some part of how List Views work.
- “A list view using custom Collaborative Application Markup Language (CAML), a list view not associated with a Feature, or a list view associated with a custom Feature, will not be upgraded to the new XSLT-based list view. A list view that is not upgraded will still render properly in Windows SharePoint Services 4.0, but it will not inherit any benefits of the new XSLT-based list view, such as SharePoint Designer customization support, conditional formatting and improved developer experience with XSLT standard-based language support.” and “It is highly recommended that you manually upgrade all custom list views to the new XSLT-based list views. The new XSLT-based list view is going to be the default view used in Windows SharePoint Services 4.0, replacing the existing list view in Windows SharePoint Services 3.0. For more information about this rule, see KB article 956450”. Note however, that KB article 956450 IS NOT LIVE AS OF NOW. (You get the page not found message when you go to http://support.microsoft.com/kb/956450/)
- Likewise, Microsoft is using XSLT instead of CAML for how parts of Fields work.
- “A field type using custom Collaborative Application Markup Language (CAML) in its RenderPattern element will not be upgraded as an XSLT-based field type. Fields based on this custom field type will be rendered without any custom formatting in Windows SharePoint Services 4.0.” and “It is highly recommended that you manually upgrade all custom field types to the new XSLT-based field types in order to have full rendering and customization support. For more information about this rule, see KB article 956451”
- This KB article is not live yet either.
- Furthermore, the fields listed [quoted from the output in Joel’s blog post] look like out of the box fields:
- HoldsField(Hold Status)
- HoldStatusField(Hold Status)
- HTML(Publishing HTML)
- Image(Publishing Image)
- Link(Publishing Hyperlink)
- SummaryLinks(SummaryLinks)
- LayoutVariationsField(Variations)
- ContentTypeIdFieldType(Content Type ID)
- BusinessData(Business data)
- TargetTo(Audience Targeting)
- One wonders what will happen to these fields!
- We know SharePoint workflows are going to be very different because Windows Workflow Foundation 4.0 is significantly different – there was an article in … I think it was Redmond Magazine … saying so. Further evidence is the next item in the log:
- “Web.config file(s) on this server contain modified authorized types for workflow. Upgrade will replace these file with new versions, and all modifications will be lost. Declarative workflows that use added authorized types will fail. Authorized types that were manually disabled will be enabled. The following files will be replaced:
C:\inetpub\wwwroot\wss\VirtualDirectories\8080\web.config” and “It is highly recommended that you track modifications in these files and reapply them after upgrade. For more information about this rule, see KB article 965449” - No KB article live for this either…
If you hear anything else about 2010 that you can share, please post a comment here or someplace else (twitter or Linked In) that everyone can find. Michael 6/3/2009You’ve already installed SharePoint. You want to use SSL to secure Central Admin because it is the Right Thing To Do and it makes those annoying warnings go away. Note that you could not do this during installation because psconfig does not provide a command line option for creating Central Admin with SSL. See http://technet.microsoft.com/en-us/library/cc263093.aspx#section2. You need a certificate, but you don’t need to buy an official one – after all, the only people using the Central Admin site are the Farm Admin(s), and they can set their web browsers to trust a self signed certificate. In fact, if they always remote desktop into the web front end that runs Central Admin, they only have to set the web browser there to trust the self signed certificate issuer. IIS 7 can make a self signed certificate, but will use the server’s full name (FQDN) instead of just the hostname. The url for Central Admin generally just uses the hostname however. That’s where SelfSSL comes in handy. SelfSSL is an IIS 6 resource kit tool. You get it here: details.aspx-FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en. You MUST run SelfSSL from an ELEVATED command prompt (in other words, RUN AS ADMIN!). Then you can use a command like this: SelfSSL /T /N:CN=MOSSCA1 /V:3650 /S:697346987 /P:21121 It may as you “Do you want to replace the SSL settings for site 697346987? (Y/N). If you are not running an elevated command prompt, even if you answer yes, nothing will happen though the program will exit without error. When it works (and again, you must be running as admin), it will say “The self signed certificate was successfully assigned to site 697346987.” This assumes your Central Admin server is named MOSSCA1, you want the cert to be good for 10 years (3650 days) , the IIS site ID of the CA site is 697346987 and Central Admin is on port 21121. You can find the IIS Site ID by clicking on the Sites folder in the IIS 7 IIS Manager MMC. Once you run SelfSSL, then you need to update the binding for the CA website, in IIS. Select the site, click Bindings in the task pane, and update the port number for HTTP to an unused port. Then add an HTTPS binding and pick the certificate you created. Once you have the HTTPS binding defined, you can then go to the Features view of the Central Admin site and click on the SSL Settings (the lock icon) to specify that SSL is required, not optional, and that it should use 128 bit SSL. 
Once you have that done, you can browse to Central Admin on the new port, and then you need to update the Alternate Access Mappings for the Central Admin web application to specify HTTPS instead of HTTP. For more details on this step, see step #5 of this blog post: http://blogs.msdn.com/bgeoffro/archive/2008/02/11/adding-kerberos-ssl-to-central-administration.aspx I think that about covers it. --Michael 3/23/2009Recently, I was involved in deploying two solution packages I had created. The farm administrator had just used the the Solution Management page in Central Admin to deploy the packages globally, and the status was "Deploying" but more than the usual amount of time went by and it was still listed as Deploying. To resolve this, we first ran stsadm -o execadmsvcjobs on the server running Central Admin. No change. We then ran stsadm -o execadmsvcjobs on each member of the farm that had OWS Timer (sptimerv3) on it (everything included Reporting Sevices Servers, but not the database servers used only on the back end). At this point, one solution package completed, but the other still did not. We restarted the OWS Timer Service (sptimerv3) on each member in the farm (again, everything that had OWS Timer on it). At that point, both packages completed their deployment and all was well. --Michael 1/2/2009So I am working in a Windows 2003 server virtual machine that is hosted by my client and is a member of their domain. This VM is my development VM, and it has MOSS installed and uses many of the same service accounts that our production environment uses so that it's a realistic development environment. This morning, I went to do a compile of a workflow solution I am working on. I have build scripts set up, and they do several things including manaully deploying a shared utility DLL to the GAC and restarting the WSS timer service (sptimerv3), because some of my workflows that use this DLL run after a delay, and when they run after a delay activity, they run under the context of the WSS Timer, so to make sure that the timer is seeing the latest version of the DLL, as well as any app config changes that I have put in the app config file I created for the timer, I restarted the timer. Except that this is what I got: The Windows SharePoint Services Timer service is not started. More help is available by typing NET HELPMSG 3521. System error 1069 has occurred. The service did not start due to a logon failure. Well, my timer service is using a domain account, and today is 1/2/2009, I am working from home, and the client's office is closed. Even if they were open, I do not have any AD admin rights. However, I do have read rights to the domain, and I have Softerra's free LDAP browser (http://www.ldapbrowser.com/) and I have PowerShell. That's all I need to confirm my suspicion that the service account expired at the end of 2008. In the LDAP browser, I do a directory search using the filter (&(objectclass=*)(CN=TimerServ*)) where TimerServ is the beginning of the Common Name that the timer service is using. There are also other attributes you could search on instead of CN, for example sAMAccountName. Either way, the result I get back is an LDAP entry that has the following attribute: 
So how do you convert that value to a date time? http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=321717&SiteID=1 and http://msdn.microsoft.com/en-us/library/system.datetime.fromfiletime(VS.85).aspx But more practically, this line of PowerShell does the trick. [DateTime][System.DateTime]::FromFileTime(128752632000000000) It returns Thursday, January 01, 2009 12:00:00 AM Yep, the first time the Farm Admin restarts the timer service in 2009, he's going to have a service that doesn't start. I brought this to his attention right away, so he knows he has to talk to the AD admins Monday morning, and he'll get it fixed before it's an issue. In the mean time, I have to switch my timer service on my dev machine over to another account (my user account) that has equivalent local permissions. Happy New Year! Michael |
|
|
|
|