Name: Christopher, aka "admin"
Email:
Web Site: http://www.christophermichaelwebb.com
AIM: chriswebb18
Yahoo IM:
Jabber:
Bio: Hi there, My name is Chris Webb. I’m a Sys Admin living in Arlington, TX. My interests are VMWare, scripting, Linux, and Exchange. I currently work as a SharePoint Engineer for Microsoft, so most of my experiences revolve around Microsoft products. Please feel free to shoot me questions or suggestions at any time. I have worked as a sysadmin/systems engineer for serveral years now and also run a small web hosting business from my home. My web hosting is all Linux-based. I am also very interested in AI and robotics.
Posts by admin:
STSADM Import Creating Ghost Lists in SharePoint 2010
November 6th, 2011I need to start this post off by saying 2 little disclaimers:
A) don’t use stsadm in SharePoint 2010, I know it’s still supported but just don’t. It’s going away soon, has less functionality than PowerShell, and can cause some issues that may be unexpected. If you are having this issue as well, you are likely using it in a way that is unsupported anyway.
B) Microsoft does not support direct SQL edits on SharePoint farms. They never have and likely never will. This post has a fix to a specific issue, but I must stress that this fix is not supported by MS.
Now, on to our problem. SharePoint 2010 introduced a great new feature with its restore from unattached content database functionality. I use it all the time for restores of lists, documents, subsites, and collections. FYI, I have run into this issue several times when restoring lists, but have not even attempted the process since SP1 upgrade for sites, collections, etc. Now, if you notice, once you have browsed for an item to be pulled from the unattached content DB, SharePoint (and all the documentation) say to use Import-SPWeb PS cmdlet to import the list/site back into your environment. Before SP1, SharePoint would allow you to use stsadm -o import without complaining and it worked just fine (at least all the times I used it, remember it isn’t supported so I may have just been lucky). Now, after SP1, if you try to use stsadm to import a list, it will fail and on your site you will see some funky issues. You may experience the following:
Import fails saying List already exists with the same name (even if one doesn’t)
You cannot browse to the URL of the list in question to view content(don’t remember if it gives error of list has been deleted by another user or if it was a 404)
You will not be able to see the list at all in site content & structure admin page or in SharePoint Designer
You WILL be able to see the list in view all site content, but when you look at the URL, it does not take you to the URL with content for the list, but to another URL with the list GUID in it (again a lot of this is just from my notes/memory, sorry no screenshots or exact URL syntax). This page gives an error stating the list does not exist, may have been deleted by another user.
The content DB will not report the list as an orphan when you try to run a check.
You will NOT be able to delete the list normally. The list settings page will fail saying list does not exist, and PowerShell will fail with same error.
So, in essence you have a ghost list where you cannot see any of the content via designer or the browser and it looks like it shouldnt/doesn’t exist, but it is stuck in view all site content and prevents you from importing the list properly (as now, guaranteed you will have a list of same name, even though it doesn’t exist).
To remove this list, you will need to do some SQL queries (again, not supported by Microsoft). First, if you look at the URL from view all site content for the list, you can see the GUID. Copy the GUID down and find which content DB the site collection is in. Go to SSMS and run this query:
use <content_db>
select * from dbo.alllists
where tp_id = <list GUID>
You should see the info for your ghost list. Now, to get rid of it, just change “select” to “delete”:
use <content_db>
delete * from dbo.alllists
where tp_id = <list GUID>
Now, refresh your view all site content and the list should not show. OK, so the ghost list has been deleted, now let’s get that list imported in properly:
Import-SPWeb -Identity-Path
Simple enough, right. Oh, and just as a note, with Import-SPWeb you put just the site URL, not the URL to the list as you did with STSADM. We have started noticing this issue in 2010 SP1, even if it’s just an stsadm export, then stsadm import, so it may not be just that we were using it improperly but some changes in SP1 that may be forcing early depreciation of stsadm. I am not sure what the situation is for sure, but I have decided to just completely stop using stsadm altogether.
Clear the SharePoint Configuration (Timer) Cache
September 14th, 2011The config cache is where we cache configuration information (stored in the config database) on each server in the farm. Caching the data on each server prevents us from having to make SQL calls to pull this information from the configuration database. It is full of XML files containing configuration objects. The SharePoint configuration cache is where configuration information from the SharePoint configuration database is stored on each server in the farm. Caching the data from the config database as XML files on the web front ends and application servers prevents multiple calls to SQL Server thus improving performance. This is a feature in WSS & MOSS 2007 as well as SharePoint 2010.
Sometimes this cache can become corrupted. This issue can come up when developing timer job definitions . These definitions use this cache, so everytime you deploy new versions of the assemblies, you’ll have to clear the cache. Also, when the cached data becomes out of sync with what’s in the configuration database, timer jobs may start failing. This will occur if the contents of the file system cache on the front-end servers are newer than the contents of the configuration database, so after you perform a system recovery you may have to manually clear the file system cache on a server as well. Another of the reasons your cache could be out of sync is if the Timer service on your servers was stopped or failed unexpectedly.
If you are experiencing issues with WSS/MOSS/SharePoint timer jobs failing to complete or you are receiving errors trying to run psconfig, clearing the configuration cache on the farm or a problem server is a possible method for resolving the issue.
To clear the configuration cache, Follow these steps:
First, stop the timer service on the server.
Next, navigate to: C:\ProgramData\Microsoft\SharePoint\Config
You will see 2 folders in this directory. Both are named with GUIDs. Open them up and be sure NOT to touch the one with the PERSITEDFILEs. Find the one that is filled with XML files.
In the directory with the XML config files, delete everything except cache.ini. Then, edit the cache.ini file so that it just contains one line with a “1″.
Now, restart the Timer service on the server and watch for the folder to start repopulating the folder.
If this is a single-server farm, or if there is only one problem server, this may be all you need but I recommend doing it on all the web front ends and the application servers in the farm.
Once you are done, go into Central Admin and check your timer job status. You should see a timer job for “Config Refresh”. Verify that this job shows a status of succeeded.
Now you’re good to go.
SharePoint 2010 People Picker Invisible Duplicates (Issues with Security Groups)
September 14th, 2011I ran into an interesting issue the other day. In one of our client’s SharePoint 2010 install, we were trying to add a group to a site collection. People Picker kept underlining the name saying “No exact match was found. Click the item(s) that did not resolve for more options.” Just as you would expect if there were duplicate names but when you click the name, the dropdown only shows one name. (sorry, I cannot pull images from the client site, so these are simulated)
It would have the same effect whether using DOMAIN\user or just user. It also would only return one name when you search using the address book. This in itself isn’t that unusual, but when we select the name from the dropdown and click OK, it comes back saying No exact match again. People Picker and the address book both seem to only see 1 name, but when SharePoint goes to process it, it sees a duplicate.
So, I took a look at AD to see if there was an issue with the account. I realized there are 2 groups in AD that are very similar. The accounts have different sAM Account Names, which in 99% of applications is all that is needed to differentiate the accounts. Here is a table showing the basics of how the accounts compare:
sAM Account Name Display Name Object Type
group1_dl group1 distribution list
group1_sg group1 security group
If you notice with SharePoint, after People Picker resolves your account names it shows the Display Name of the account, not the sAm Account Name. This seems OK initially as well. After digging further into the issue, things started to click. People Picker is only able to see security principals (which doesn’t include distribution lists), so when it gave you the drop down to pick the exact account it only saw the security group. Once you select the account, SharePoint then takes and processes the Display Name to be added to SharePoint. I have never heard of an application doing this, but it makes sense after looking at the problem and how SharePoint is functioning.
So, People Picker is only allowing you to select the security group, but when SharePoint queries AD, it uses the Display Name, which sees both groups and causes it to think there’s a dup. So just make sure your display names are also different and not just the sAM Account Names.
SharePoint 2007 Calendar Sync with Outlook Only Updating Certain Fields
August 17th, 2011So I ran into an interesting issue recently. We had a SharePoint 2007 installation with a calendar list. The end users sync the calendar to their Outlook as a shared calendar. All of the client computers running a variety of Windows XP, Vista, and 7 with Outlook 2003 & 2007.
NOTE 9/14: This process can help to resolve several sync issues between Outlook and SharePoint Calendars. If you are receiving Failed to copy one of more items because some are not compatible with SharePoint error or somethign different, this may still be something to check out.
The issue we ran into was when a user would update an event, whether they did it via Outlook or SharePoint, not all of the fields would update. The new description, title, modified by, modified date/time, and event date/time would show correctly in the SharePoint calendar, but the user’s Outlook would not have the proper modified by & modified date/time. This may not seem like a big deal at first glance, but the root cause of this issue can cause other sync issues as well, in case you’re hunting some down.
There were no error codes during the Outlook send/receive, no errors in SharePoint, and nothing in the sync issues folder in Outlook so it definitely took me a while to find anything on this. I finally got to the point where I decided to open the SharePoint list in Access. By doing this, you can look for corruptions in the list or just anomolies.
In order to view the list in Access, you need to be viewing the list from a machine that has Access installed on it. Then, make sure your view is showing all list content and click Actions> Open in Microsoft Access. You will want to create an active link so you can edit the list from Access. Once you have it open, look for anything that looks improperly formatted. I did not find anything that looked corrupt, but I did notice that there were several items that did not have a title. I went back and checked the list’s required fields. Start Date, End Date, and Title were all set to required.
So, how did this happen? It was most likely just a user error, but the problem is that when users create an appointmentin the calendar via Outlook, Outlook does not enforce the rules you put on the SharePoint list. So, to resolve, all I had to do was remove those items that didn’t meet the rules for required fields (or you can simply modify them to meet your rules, if you’d prefer). Then, just have users do another send/receive and it should resolve. Although there were a couple users who were still having issues. The only thing you need to do if they still have issues is remove the calendar from their Outlook and have them recreate the connection.
To do that, in Outlook, go to Tools > Account Settings >SharePoint Lists tab > then remove the calendar. Then, have them go to the calendar in SharePoint and click Actions > Connect to Outlook. They should be good to go.
Hopefully this helps resolve some sync issues for you all. Feel free to comment if you have any other sync issues or questions.
SharePoint 2007 Site Collection Issues After Patching
June 27th, 2011In one of the environments I work in, we have a SharePoint 2007 server on Server 2003. Recently we applied our June Windows patches and the April cumulative update (CU) packs for WSS 3.0 (http://support.microsoft.com/kb/2512783) & SharePoint 2007 (http://support.microsoft.com/kb/2512782). As a note, if you aren’t patching your SharePoint with the CUs as per this site, I would highly recommend a change. Check out the site and decide for yourself. Anyway, after patching I had users complaing of certain menu items disappearing. Namely, the “Settings” options for just about everything. I went in to check it out and noticed the “Site Settings” was gone from the site menu even though I am the site collection administrator. I was able to get to it via the direct url (<site url>/_layouts/settings.aspx), but things were not quite right. I also noticed I could not modify permissions for the site collection.
Everything seemed to be functioning as far as the site would display for users, noone was denied access, they just weren’t able to modify workflows or lists or anything. I also found it strange that it was only affecting 1 site collection of 1 web application on the server. I ended up discovering that the site was set in readonly mode. The content DBs are locked during patching and backups, sometimes if the process is interupted they can remain locked afterwards. The way to check whether there are any locks on any of your sites is via this command (remember to change your prompt to the 12-hive, C:\Program Files\common files\Microsoft Shared\web server extensions\12\BIN):
stsadm -o getsitelock -url http://server_name
If it returns anything other than “none”, something is locked. Now, remember, if you are during backup/patching timeframe, someone else may be doing something that requires a db lock. In order to release all locks on your server and return to normalcy, run this command:
stsadm -o setsitelock -url http://server_name -lock none
Now, you should be good to go. If you notice lingering issues, or anything different, let me know. I’d be glad to help look into it.
SharePoint 2010 Claims Based Authentication Setup
April 29th, 2011I searched around quite a bit and found a lot of incomplete walkthroughs and information on setting up claims-based authentication for Sharepoint 2010. Here is the process I finally ended up using and some extra stuff that may be helpful. This seems to be the most direct route to getting things set up, as you don’t have to fiddle around in IIS, just edit your xml config files.
Just a notice, I am using SharePoint Server Enterprise 2010 with SQL Server R2 Standard on Windows Server 2008 R2 Standard, but your SQL can be anything, even express and SharePoint can be just WSS/SharePoint Foundation 2010.
Fist you need to open Visual Studio and create a new web site. This didn’t make sense to me at first, either, but it is only to create your SQL database for .NET users. The aspnet_regsql command did not work for me, so I used VS2010 instead(any version that uses .NET 2.0 should be fine as that is Sharepoint 2010′s default .NET settings). So for your new site, just pick a blank C# site, make sure it is .NET 2.0.
Creating new website in Visual Studio 2010
Then you will go up top to the “Website” menu and select “ASP.NET Configuration”. This will open a site that we can configure .NET authentication database. We will go to the Providers tab first. Choose the option “Select a different provider for each feature(Advanced)”. Test the connection for both AspNetSqlMembershipProvider and AspNetSqlRoleProvider.
Next, go to Security tab and select authentication type under users. Pick “From the internet”, then click done. At this point, I would create a test user and a couple roles in the database (I just started with “standard” and “superuser” for the test roles).
Browse to the location where you created the web site (i.e. C:\Users\<user>\documents\Visual Studio 2010\web sites\<website1>\App_Data) and copy the ASPNETDB.mdf and the ASPNETDB.ldf (sometimes ASPNETDB_log.ldf or other variant) to your SQL server directory. Default directory for SQL 2008 R2 on Server 2008 R2 is: C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA.
Now close Visual Studio and delete the directory for that web site. We just needed those database files to be created.
Once the files are in the appropriate directory(this may be a seperate directory, if you do not keep your db files in the default location), we will open SQL Server Management Studio and attach the database. To attache the database, right-click on “Databases” and select “Attach”.
Then, from the next screen you click “Add…” and select the ASPNETDB.mdf file. It will then populate the other fields like so:
One thing that is important is to verify the path on the bottom is correct for the “current file location” for your log file (.ldf).
Now we will create our application & site collection in Sharepoint. Open Central Admin, click “Manage Web Applications” under the Application Management heading. Then select “New” from the ribbon up top. In the Create New Web Application box, there are only 2 sections that you will need to modify to get claims-based auth to work, the rest you can set however you see fit for your environment. First, make sure that Claims Based Authentication is selected as the Authentication method. Second, you sill need to set the providers for your forms based authentication. To do this, next to the Claims Authentication Types setting, leave The Windows authentication as it is, but check “Enable Forms Based Authentication (FBA)” and fill in the boxes as seen below:
Now, create your site collection by going to Application Management in SharePoint Central Admin console. Then Select Create site collections under the Site Collections heading. Select the application we just created, give it a title and whatnot and pick your site collection admins. I like to create the site now, because then it forces you to choose admins who can access via Windows auth, in case the FBA config doesn’t work out.
And you are pretty much ready to go, except for editing the xml configuration files. Now, before we proceed, make a backup of these xml files. This is very important. The first file we will be modifying is the Central Admin web.config. It is located at: C:\inetpub\wwwroot\wss\VirtualDirectories\<port>\web.config by default.
Between </appSettings> and </configuration>, insert the following. If there is another section named <connectionStrings>, delete it. Please do not comment anything out in here, unless you know XML well. Comments in the wrong places can cause XML to become unreadable.
<connectionStrings>
<add name=”SQLConnectionString” connectionString=”data source=<SQL Server>;Integrated Security=SSPI;Initial Catalog=ASPNETDB” />
</connectionStrings>
Next, right before the close of system.web or </system.web>, insert the following. Again delete any duplicates of <membership> or <roleManager> categories and delete everything ocntained within them as well (i.e. all between <membership> and </membership>).
<roleManager defaultProvider=”AspNetWindowsTokenRoleProvider” enabled=”true” cacheRolesInCookie=”false”>
<providers>
<add connectionStringName=”SQLConnectionString” applicationName=”/” name=”SQLRoleManager” type=”System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />
</providers>
</roleManager>
<membership defaultProvider=”SQLMembershipProvider”>
<providers>
<add connectionStringName=”SQLConnectionString” passwordAttemptWindow=”5″ enablePasswordRetrieval=”false” enablePasswordReset=”false” requiresQuestionAndAnswer=”true” applicationName=”/” requiresUniqueEmail=”true” passwordFormat=”Hashed” name=”SQLMembershipProvider” type=”System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />
</providers>
</membership>
Save that file and we’re on to the next. The web application’s web.config, which will be located by default at: C:\inetpub\wwwroot\wss\VirtualDirectories\<port>\web.config. Again, make a copy before editing. In between the </SharePoint> and </system.web>, insert the following (the same “delete duplicates applies to all xml changes, so I’m going to stop mentioning it).
<connectionStrings>
<add name=”SQLConnectionString” connectionString=”data source=<SQL Server>;Integrated Security=SSPI;Initial Catalog=ASPNETDB” />
</connectionStrings>
Now, in between your <machineKey …> and the </system.web> insert the following.
<roleManager enabled=”true” defaultProvider=”c”>
<providers>
<add name=”c” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />
<add connectionStringName=”SQLConnectionString” applicationName=”/” name=”SQLRoleManager” type=”System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />
</providers>
</roleManager>
<membership defaultProvider=”i”>
<providers>
<add name=”i” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />
<add connectionStringName=”SQLConnectionString” passwordAttemptWindow=”5″ enablePasswordRetrieval=”false” enablePasswordReset=”false” requiresQuestionAndAnswer=”true” applicationName=”/” requiresUniqueEmail=”true” passwordFormat=”Hashed” name=”SQLMembershipProvider” type=”System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />
</providers>
</membership>
Alright, save it and we’re on to the Security Token Serivce’s configuration. This one is located at: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken\web.config by default. Here, we are going to insert this right in between your </system.net> and </configuration>, but if you already have a <system.web> category in this section, please be sure to copy your <machineKey… > entry from the old system.web and put it into this new one (then delete the old).
<system.web>
<roleManager defaultProvider=”c” enabled=”true” cacheRolesInCookie=”false”>
<providers>
<add name=”c” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />
<add connectionStringName=”SQLConnectionString” applicationName=”/” description=”Stores and retrieves roles from SQL Server” name=”SQLRoleManager” type=”System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />
</providers>
</roleManager>
<membership defaultProvider=”i”>
<providers>
<add name=”i” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />
<add connectionStringName=”SQLConnectionString” passwordAttemptWindow=”5″ enablePasswordRetrieval=”false” enablePasswordReset=”false” requiresQuestionAndAnswer=”true” applicationName=”/” requiresUniqueEmail=”true” passwordFormat=”Hashed” description=”Stores and Retrieves membership data from SQL Server” name=”SQLMembershipProvider” type=”System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />
</providers>
</membership>
</system.web>
<connectionStrings>
<add name=”SQLConnectionString” connectionString=”data source=<SQL Server>;Integrated Security=SSPI;Initial Catalog=ASPNETDB” />
</connectionStrings>
Now, you can save this file and go to your site you created earlier. You will log in with Windows authentication, this time and then in site permissions, add the test user you created in Visual Studio earlier to the site with whatever permissions you like. Or, add the two roles (standard & superuser) with the rights you want them to have. i.e. add the “standard” role from SQL to the site members group in Sharepoint. This will all depend on your group and permissions structure.
An important note, the people picker normally can search partial names to find users in AD, but for FBA, it cannot do the search for user and group names. If your user/role is named “test1″, you cannot enter test and let it check namees to search for it. You need to type the full name in, then click check names and it should show that the name either came from active directory or your FBA database. Below, I show how you can tell whether it sees the users from FBA DB. I have two accounts with the same username in SQL and in AD. people p[icker will show you which it is like so:
Now, sign out of the sharepoint site and try to sign in using the user account from forms auth db. Should be good to go.
So, now your site is working for claims-based authentication, but there are some other disclaimers about things I ran into along the way. Hopefully, these extra little nuggets save you some time.
First, you may receive an error like so when using FBA or resetting passwords:
You must specify a non-autogenerated machine key to store passwords in the encrypted format. Either specify a different passwordFormat, or change the machineKey configuration to use a non-autogenerated decryption key.
See this MSDN article for information on Machine Keys. Honestly, you will most likely just want a key that you can use for your site. This auto-generater may help.
Also, you will see that when you try to access .NET Users or .NET Roles via IIS manager, you will get this error and not be able to manage users:
This feature cannot be used because the default provider type could not be determined to check whether it is a trusted provider.
You can use this feature only when the default provider is a trusted provider. If you are a server administrator, you can make a provider a trusted provider by adding the provider type to the trusted providers list in the Administration.config file. The provider has to be strongly typed and added to the GAC (Global Assembly Cache).
The provider can be added to the trusted assemblies by adding the following line to your <trustedProviders> section in the following file: C:\Windows\System32\inetsrv\Config\administration.config.
<add type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />
However, due to a glitch in IIS 7, this will still not allow you to manage the users via IIS. See this post for information on trustedProviders.
Now, you have the issue of trying to manage users in the SQL db. You can access the users that are in the database from sharepoint and grant them permissions, but you cannot actually add roles or users to the SQL db. Here is where I simply point you in the right direction, but have a little less detail. You can, for now, use Visual studio to open the web site that sharepoint created and go to the website menu, then ASP.NET Configuration and create more users/roles as we did with the first one, but this can be a pain for regular use.
Also, this video is pretty short and has some good info on ASP membership, if you are fairly new to it.
Finally, for our site, we made a page with this createuserwizard for user addition and there is definitely a lot that you can do with the basic wizards, but it may help, as most likely if you are using this form of authentication, users will be registering themselves for the site anyway. This wizard is a basic template for registration for your users. Maybe not ideal when we go to production, but it works to et things going quickly for dev. Good luck!
<providers>
<add connectionStringName=”SQLConnectionString” passwordAttemptWindow=”5″ enablePasswordRetrieval=”false” enablePasswordReset=”false” requiresQuestionAndAnswer=”true” applicationName=”/” requiresUniqueEmail=”true” passwordFormat=”Hashed” description=”Stores and Retrieves membership data from SQL Server” name=”SQLMembershipProvider” type=”System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a” />
</providers>
</membership>
Installing SharePoint 2007 on Server 2008 R2
March 13th, 2011This process is really simple, but when I was doing it, I kept running into issues and all the how-to’s I found had something missing. Here is my process for installing SharePoint 2007 on Server 2008 R2.
First off, MOSS 2007 will not install on Server 2008 R2 without SharePoint service pack 1. For me, we were moving over an install that did not have SP2 installed yet, so I only slipped in SP1, but for a fresh install, I would recommend slipping in SP2 instead. This guide uses SP1 and we assume you already have a SQL server and AD configured. A note, the account you use when you run the products & technologies configureation wizard after install must have dbcreator & securityadmin rights in SQL Server.
To start, take all of the files from your install disc and copy them to a local directory on the server. For Argument, we will use C:\MOSS2007Install.
Next, download WSS 3.0 SP1 and OSS 2007 SP1. You will extract them both to the C:\MOSS2007Install\updates folder. Make sure you extract WSS 3.0 SP1 first. Use the following command:
<path\filename of servicepack.exe> /extract
It will prompt you to browse to a directory where you want to extract the files. Choose the updates folder mentioned before.
Once both service packs have been extracted to the updates folder, you will want to delete the file C:\MOSS2007Install\updates\wsssetup.dll. This is very important, I tried the install several times without doing this and the install would not complete, it will just hang and timeout.
Next, you will install the .NET 3.0 framework to your server. Open server manager and go to Features, then “Add Features”. You will select the .NET 3.0 Framework and continue through that installation.
Now you are ready to run the setup.exe file in the MOSS2007Install folder.
Once MOSS install finishes, goto Roles, then “Add Roles”. You will add the “Web Server(IIS)” role. You will also want to add whatever authentication you plan to use (basic, windows, etc.).
After the install finishes, reboot and run the Products & Technologies configurations wizard. You should be good to go.
SSH VPN Tunnels – Secure, Unrestricted Access From Public/Work
September 26th, 2010***I do not endorse using this for anything that would break your company’s internet use policy. This is for users with legitimate business needs and/or like having secure connections while using public internet(Starbucks, airport, hotels, etc.)***
Our office recently made some firewall/proxy modifications and I could no longer do a few things. I couldn’t access my gmail via Outlook, couldn’t download torrents, and some other things I’, sure I could list if i wanted to take the time. These may not seem work related, but I do use gmail to test applications and use uTorrent to download utilities I use here at work. I had to find a fix.
I have a couple linux servers with ssh access and I can still get out via ssh, so I thought it was a good time to delve into learning about ssh tunnels. It is incredibly easy. This is for tunneling from a Windows client(although it is easy from linux, as well, I am not including in this post) to a server running the OpenBSD SSH daemon. Here is a quick guide:
First, you’ll need to install ssh, this is most likely already installed on any linux box, so I won’t go too far into it. If you are just now installing, I can at least say in Ubuntu, the command is:
sudo apt-get install openssh-server openssh-client
Nothing else really to it for starting out, although you may want to google some guides for securing/restricting access.
OK, so once ssh is installed, you will need to modify the configuration file (/etc/ssh/sshd_config). You will need to change/add the following lines:
PermitRootLogin forced-commands-only
PermitTunnel yes
Alternately, you could use “PermitTunnel point-to-point”, but I think going with “yes” is more flexible for future modifications. Alright, the server-side is done. Simple enough, right.
Now, go ahead and download the putty ssh client.
Open up putty and type in the IP/hostname of your server, and select SSH.
Expand Connection>SSH on the left and select “Tunnels”
For Internet browsing and some other applications, normally a dynamic tunnel is best. Type in a port that is normally unused(I used 7070, but most people advise using something above 10000) and select Dynamic then hit “Add”.
This is all you will need for internet browsing and torrents, but for now we’ll continue with outlook requirements. Since Outlook does not allow proxy server configuration, you will have to simply forward your ports on your machine to the ports on the server you are connecting to.
Open up Outlook and goto Tools>Account Settings.
Select the account you want to go over the tunnel and hit change.
First, note your incoming and outgoing mail server names(mine are already changed to the final setting in the screenshot)
Then click “More Settings…” and go to the “Advanced” tab.
Now take down the incoming and outgoing server port numbers.
OK, go back to your putty configurations and put the port number for incoming server in Source port and the incoming server name:port number in the destination.
Click Add.
Do the same for the outgoing server.
Once you have done this, go back to the “Session” section of putty on the left and hit Save. Now, to connect your tunnel, hit Open.
To enable your applications to use the new tunnels, we will need to make a couple more small changes.
FIREFOX:
Goto: Tools>Options
Click the Advanced tab, and the Network tab within that.
Select Settings…
Choose Manual proxy configuration:
Fill in SOCKS Host: line with localhost, and the Port to whichever port you chose for the dynamic port in the tunnel(mine was 7070). Select SOCKS v5 and hit OK.
Now, your Firefox will browse via your home internet connection.
INTERNET EXPLORER
almost identical to Firefox configuration.
Goto Tools>Internet Options
Click the Connections Tab, then click LAN Settings
Fill in the proxy data:
(My layout may look different, I am using IE 9 beta, but they all have the same options with a slightly different look)
UTORRENT
Goto Options>Preferences
Select Connection.
Under Proxy server, change the Type to Socks5 and put 127.0.0.1 in the Proxy: line and the port into the port line.
Make sure to check “Use proxy server for peer-to-peer connections”.
Click OK.
OUTLOOK
OK, the one I’m sure most of you are the most interested in, Outlook.
All we have to do here is go back to the account settings where you viewed your incoming/outgoing server before, and change the server name to “localhost”(without the quotes).
You should be all set. The only thing to note is, these applications will only work with those settings when your tunnel is connected. If you close putty or are back at home and don’t need the tunnel, just uncheck to use proxy and everything(except outlook) will save your settings and work, where you only have to go back and say use proxy and it will use the tunnel you created before. For Outlook, you would have to put the incoming/outgoing servers back in.
Let me know if you have questions about other apps, ideas for improvement, or any problems.
Cisco PIX VPN Setup for Windows 7 & Vista x64
July 16th, 2010Alright, sorry it took so long to put the rest of my Vista x64 setup on here. Here’s part 2 – configuring Cisco PIX VPNs for Windows Vista & Windows 7 64-bit machines. To start, Cisco is dropping support for PIX devices and ASA is definitely a more robust device anyway. Cisco has stated they will not be creating a 64-bit VPN client for Vista or 7, you will have to upgrade to the ASA device for your VPN to use the new 64 bit client.
There is a freeware open-source program that will connect to a PIX VPN with minimal configuration, though. The program is called vpnc-fe. simply download and install the application, then follow these steps to ensure connectivity.
Make sure you install the OpenTAP driver when installing, this driver is used to create the virtual interface that the VPN will tunnel through.
This program is a little strange at first, in that there is no interface that shows when you run it, it is just an icon in the bottom right.
Right-Click it to open the menu, goto options> Import PCF. Here you can specify the PCF file you would normally use for the Cisco VPN client.
Now, there’s about a 50% chance you are good to go. I had to make some other changes as well.
If you are able to connect and reach your office network by IP, but DNS is not working, just add these as your pre-and disconnect scripts:
pre-script:
netsh interface ip set dns name = “Local Area Connection” source = static addr = <insert your internal primary DNS server here>
netsh interface ip add dns name = “Local Area Connection” addr = <insert your internal secondary DNS server here>
netsh interface ip add dns name = “Local Area Connection” addr = <insert a public DNS server here(4.2.2.2)>
Disconnect Script:
netsh interface ip set dns name = “Local Area Connection” dhcp
Save those as batch(.bat) files in the C:\Program Files(x86)\VPNC Front End\ directory. Then right-click the vpnc-fe icon and goto > options > Connection Settings > Scripts ta. In the appropriate lines, just put the name of the scripts, not the full path, as it only looks in the directory above. Try connecting and your DNS woes should be over.
If VPNC shows you are connected, but you cannot reach anything by any means, it probably didn’t properly create the routes.
For this, I was lucky enough to have 2 machines, one XP x86 with Cisco client that worked, and one Vista x64 that didn’t work. I just did route print and compared to find the issue. If this is an option, it is your best bet. Here is a rather slim overview on what I did. Please ask me questions, it has been a couple of months, though, so I don’t remember everything, but if you ask me questions, I can work with you to get yours set up.
OK, so open a command prompt after connected and type “route print”. Take a look at your interfaces, find the one labeled “TAP-Win32 Adapter V9″. If it doesn’t show, you may need to enable it and run route print again(it should be enabled if you are connected, though).
First, if you see any routes for 169.254, add these to you pre-connect script:
route DELETE 169.254.0.0
route DELETE 169.254.255.255
Now, look for any references to your network, generally, the routes are created, but without the right mask or interface specified.
Find those, and delete them as well:
route DELETE <Your companies network>
route DELETE <your company’s network(we have 5 subnets that we connect to, so 5 of these)>
Now, you will need to create those routes with the proper info. At the end off your script put:
route ADD <Your companies network> MASK <the mask in format 255.255.255.0> <the gateway that your VPN is connecting to internally, IE the gateway of the virtual network created during the tunnel creation, not the public IP for VPN)> METRIC 2 IF <the number of the interface “TAP-WIN32..”>
Here is an example as it should look:
route ADD 192.168.64.0 MASK 255.255.252.0 10.0.0.1 METRIC 2 IF 12
Again, let me know if you have any problems or questions, I had some other tweaks for different issues, but it has been a couple months so give me a problem and I can try to work through it with you.
Here is a complete script as an example:
netsh interface ip set dns name = “Local Area Connection” source = static addr = 172.21.1.20
netsh interface ip add dns name = “Local Area Connection” addr = 4.2.2.2
netsh interface ip add dns name = “Local Area Connection” addr = 172.21.1.41
netsh interface ip add dns name = “Local Area Connection” addr = 4.2.2.3route DELETE 169.254.0.0
route DELETE 169.254.255.255route DELETE 172.21.1.0
route DELETE 172.21.1.0route ADD 172.21.1.0 MASK 255.255.248.0 10.0.0.1 METRIC 2 IF 12
route ADD 172.21.1.0 MASK 255.255.252.0 10.0.0.1 METRIC 2 IF 12route DELETE 192.168.64.0
route ADD 192.168.64.0 MASK 255.255.252.0 10.0.0.1 METRIC 2 IF 12
Know No Stranger Presents
May 19th, 2010Sorry I have been posting a little off-topic lately, but there has been a lot going on lately. My wife graduated from Herron School of Art & Design, we opened a print shop/gallery in downtown Indy, and now she has been featured in a new e-zine called Know No Stranger Presents. Know No Stranger is a collective of artists, musicians, actors, and dacers from throughout the midwest. Here is a link to the article:
