Archive for the Category Uncategorized

 
 

SharePoint 2010 Chart Web Parts

So we’ve had a couple of cycles through the 2010 Chart Web Part. It’s a pretty cool thing that your higher level stakeholders will probably love and they’re pretty easy to deploy.

We have a couple of great resources from our new best friends, Corey, Channel 9 and PointBridge.

hth
-robot

Looking at the WCF Demo

The heart of Service Oriented Architecture is the interaction between services. These used to all be “web” services that ran on web servers and traveled via http through ports 80 and 443. Recently, they’ve become more generic using tcp through any port and, so, they’re not web services any more, they’re just services.

Microsoft supports the interaction between services using the Windows Communication Framework (WCF) that connects services with clients and hosts. The demonstration of these components is pretty simple.

If we need information or we need someone to manipulate some information we already have, we’ll meet that need by identifying a provider. We’ll access the provider’s service. We’ll avail ourselves of the service’s solution by accessing it’s  endpoint. The endpoint defines three things:

  • The service location.
  • The binding – The information needed to interact with the service.
  • The contract – The definition of the functionality the service provides.

 The demos include:  

  1. Define a service and its contract.
  2. The service implementation.
  3. Configuring, hosting and running the service.
  4. Create a client proxy.
  5. Configure the client application.
  6. Create and run the client.

1. Define the Service, the Contract and Its Interface

Open Visual Studio 2010. Select File | New | Project.

Select a new console application. Give it a name and a location.

Right click on the Service project in Solution Explorer and select Properties. on the Application tab of the properties dialog change the default namespace to:

Microsoft.ServiceModel.Samples.

On the Program.cs page, make the same change to the namespace.

Rightclick on the project again and select Add Reference. On the .NET tab, select System.ServiceModel and click OK.

Add a using statement for System.ServiceModel in Program.cs.

Within the namespace, but after the Program class, add the service contract on our new namespace and its interface, ICalculator

[ServiceContract(Namespace = "http://Microsoft.ServiceModel.Samples")]
public interface ICalculator
{
  [OperationContract]
  double Add(double n1, double n2);
  [OperationContract]
  double Subtract(double n1, double n2);
  [OperationContract]
  double Multiply(double n1, double n2);
  [OperationContract]
  double Divide(double n1, double n2);
}

2. Create the Contract

After the ICalculator interface code, add a new class that implements the interface:

public class CalculatorService : ICalculator
{
public double Add(double n1, double n2)
   {
       double result = n1 + n2;
       Console.WriteLine("Received Add({0},{1})", n1, n2);
       Console.WriteLine("Return: {0}", result);
       return result;
   }
   public double Subtract(double n1, double n2)
   {
       double result = n1 - n2;
       Console.WriteLine("Received Subtract({0},{1})", n1, n2);
       Console.WriteLine("Return: {0}", result);
       return result;
   }
   public double Multiply(double n1, double n2)
  {
       double result = n1 * n2;
       Console.WriteLine("Received Multiply({0},{1})", n1, n2);
       Console.WriteLine("Return: {0}", result);
       return result;
  }
   public double Divide(double n1, double n2)
   {
       double result = n1 / n2;
       Console.WriteLine("Received Divide({0},{1})", n1, n2);
       Console.WriteLine("Return: {0}", result);
       return result;
   }
} 

3. Configuring, hosting and running the service.

Within the Main() method of the Program class, set the service’s base address:

Uri baseAddress =
   new Uri(http://localhost:8000/ServiceModelSamples/Service);

 Then provide the hosting details, add the using statement:

using System.ServiceModel.Description;

Create the ServiceHost:

ServiceHost selfHost =
   new ServiceHost(typeof(CalculatorService), baseAddress);

Then, add a try\catch block to add the endpoint:

try
{
   selfHost.AddServiceEndpoint(
       typeof(ICalculator),
       new WSHttpBinding(),
       "CalculatorService");

Enable the metadata exchange:

ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
smb.HttpGetEnabled = true;
selfHost.Description.Behaviors.Add(smb);

Create the open and close methods:

selfHost.Open();
Console.WriteLine("The service is ready.");
Console.WriteLine("Press <ENTER> to terminate service.");
Console.WriteLine();
Console.ReadLine();
selfHost.Close(); 

 Close the try block and add the catch block to itself in the event of an error:

}
catch (CommunicationException ce)
{
    Console.WriteLine("An exception occurred: {0}", ce.Message);
    selfHost.Abort();
}

 At this point, you can run the service, either in Visual Studio or by clicking on the .exe in the project folder. Apparently there’s some goofiness with Windows Vista that requires you to do these as administrator but I’m not sure if a user in the local admin group will suffice. You’ll see the little black box pop up and then it will take an Enter keystroke to kill it.

You can also browse to the noted Uri and get a cool little “You have created a service.” page.

4. Create a client proxy.

 

 

References:

MSDN: Getting Started Tutorial

MSDN: Host a WCF Service in IIS

MSDN: Configuring Services Using Configuration Files

MSDN: ServiceModel Metadata Utility Tool (SvcUtil.exe)



Welcome, Again, To SharePoint from Scratch

It’s a new day…

SharePoint from Scratch has moved to a commercially hosted provider. We may cover those details in a post soon. Otherwise, your best robot friend is making a move away from the huge grindstone of the full-time corporate world so he can spend more time with his readers, you, and do what he was born to do, make it clear how to get things done when you’re starting from scratch.

So there’s a million things going on accordingly. But as my best reader friends, you probably care little about all of that. You’re here because you just want to know: “How do I make this doggone thing work?”

Well, the way this robot works is by making a list of doggone things:

  1. SharePoint Server 2010
  2. All the Stuff the SharePoint 2010 does.
  3. All the other complicated technical stuff  that the boss wants.

Now, this robot can teach you or he can tell you; that means you can “do” or you can “learn.” It’s a fish-fish thing. For those of you that just want fish, we’ll get to that. For those of you that want to fish, we have a brand new option: The Understanding SharePoint Journal (USPJ) and the USPJ Academy (USPJA) If SharePoint has you scratching your head, consider the Acadeny your marigold shampoo.

Now the guys and gals that run that show include several highly respected members of the SharePoint community and a newbie, your’s truly.

So we’ve just completed our first Beginning SharePoint Adminstration class and I must say, this robot is impressed with both the academy and it’s leadership as well as its student body. If you want to get involved with a group of folks that know how to collaborate and conquer, I’ve got a great group I’d like to introduce you to.

More about the Academy, its mission and its leadership will undoubtedly follow. But for now, let’s just say, it’s good to be refocused, to reduce the grindstone nose buildup and to ramp up the new SharePoint from Scratch. Someone said it’s all about “Winning.” Some of us weren’t born in the lead but learned what it takes to start gaining ground. Let’s get to it.

-robot

SharePoint 2010 Site Templates vs. Features

In SharePoint v4, site templates are considered more generically as solutions; when you save your site as a template, you end up wth a .wsp solution file, not a .stp file like in v3.

So, in our site collection, we go into site settings and select the Solutions gallery.

We can use the ribbon to select Upload Solution and get a dialog box to upload one or more solutions. After uploading, you can pull down the list item menu and select Activate. 

Once activated, we can go back to View All Site Content (/_layouts/viewlsts.aspx) and click Create. In the Create dialog box, we should see our new template listed in the sites group, perhaps filtering for Custom.

We add the site name and URL and click Create. Done.

But, this being SharePoint, like any fake religion such as the Flying Spaghetti Monster, it can be more complicated at times.

As we have seen in the past, the environment from which your site template is created casts a set of requirements on your target environment in the form of host features. For example, on one particular case, we’ve created a template from a site created on a SharePoint Server 2010 host that had been migrated from MOSS 2007.

The MOSS 2007 host, of course, included a site directory and the Site Directory site had been migrated into 2010 and the site from which the template had been created was a 2010 blank site under the Site Directory site. Got it?

Well, our host site was never a MOSS 2007 host so it doesn’t have a site directory. Consquently, when we try to create our new site on this 2010 host, we get:

Error
The site template requires that the Feature
{a392da98-270b-4e85-9769-04c0fde267aa} be activated in
the site collection.
Correlation ID: {9b9ab22e-1774-42f0-b0ca-1d3d795adaf1}
Date and Time: 12/22/2010 11:44:12 AM

So we can search for two things. First,

First, we’re still struggling with this whole Correlation ID thing. Lucky enough, our new best friend, Dina, provides an explanation here.

Then, we find a reference to the Feature ID here. It’s not great but and it’s referring to MOSS 2007 but it suggests we activate the Publishing Infrastructure feature at the site collection level and the Publishing feature at the Site level. Done.a

-Now, attempting to create a site using our template gives us:

Error
The site template requires that the Feature
{e978b1a6-8de7-49d0-8600-09a250354e14} be activated in
the site collection.
Correlation ID: {3aa51c89-319b-4d27-a64e-aa5d6833360e}
Date and Time: 12/22/2010 11:44:12 AM

This is cool because we touched it and made it do something different. When we look for this new Feature ID, we find this from 0ur new best friend, Steve. At the very bottom, he tells us our Feature ID refers to the LocalSiteDirectorySettings feature and, like we said, there’s no Site Directory in the 2010 host.

So what we have here is a feature that’s required by my site template but is deprecated in 2010; it’s only an issue because it was created from a site under a site directory that would never have existed except that it was migrated from 2007.

So, I spend the day looking and find this from MSDN. First it tells me to go look in the \14\Templates\Features folder where, believe it or not, contains all our features listed as folders in English readable text. I open the one called \LocalSiteDirectorySettingsLink and edit the Feature.xml file and see that is indeed the GUID of the feature I need.

Then, the MSDN article suggests we run some PowerShell to install and or activate the feature using the <Command> <FolderName> <URL> format.

I try but find that while the <foldername> parameter doesn’t work, the GUID does. I get the feature activated in my site collection and try to build the site from my template again. This time I get:

Error
The site template requires that the Feature
{fdb3e1d1-a200-46b3-ac54-11f69c0baac4} be activated in
the site collection.
Correlation ID: {adf2a768-2a9d-4fe5-b006-898d9ea0f859}
Date and Time: 12/22/2010 11:44:12 AM

References:

SharePoint 2010 User Profile Synchronization Service

As it turns out, the SPS 2010 User Profile Synchronization Service is something of a challenge. Lucky for us, our new best friend, Spencer, has pretty much covered all the details here.

First, he provides some great backrgound information and explains that the profile service is really the new Forefront Identity Manager service bundled into the SharePoint interface. We’ve got a few cycles through the old MS Identity Lifecycle Manager so the move to the FIM 2010 is likely to be reasonably painless.

Then he drops a bombshell:

[UPDATE: 01/11/2010] Also, I assume that you have not used a
Fully Qualified Domain Name or IP Address when specifying the
SQL Server when running the SharePoint Configuration Wizard
(PSConfig). Using either is strongly discouraged, and will lead
to failures with the provisioning of the User Profile Synchronization
service instance. Stick to a NetBIOS name, or a SQL Server Alias.

We, of course we used the FQDN for our database server. So we have to go back to our SharePoint Configuration Wizard and disconnect from our farm.

Then we run the wizard a second time and connect to our farm using the NetBIOS name for our database server, which is just DB01. The wizard finds the SharePoint_Config database on it and then, we reselect our details and the wizard runs and opens Central Admin.

Great.

Next, we’ll need a new service account. Spencer lets the cat out of the bag suggesting that our service accounts ought to go into the Managed Service Accounts folder in Active Directory. Now I never claimed to be an AD wizard, just an SPRobot so, I’m going to move all of our service accounts into that group and hope nothing breaks. Spencer talks about “implications” which we’ll ignore for now. I’ll put the new service account, SVC_SPUPSynch, in there.

Next, he says, our new account will need the Replicating Directory Changes permission. That’s where we meet the Delegation of Control Wizard by right clicking on the domain. We add the service account, and create a custom task. Two pages later, we select the appropriate permission and then Next and Finish.

Then, we’re running ADSIEDIT.msc. Now, Spencer says “Connect to the Configuration Partition” and I guess that’s accurate but what we need to do is right click on our Default Naming Context and select Settings.

Here, we get the Default naming context and we move down to the Select a well known Naming Context option and pull down the list and select Configuration and click OK. Then, we get the folder called CN=Configuration, DC=Domain, DC=com. We can right click on it and select Properties. On the Security tab, we add our SPUPSynch user and then check the “Allow” box for Replicating Directory Changes. We click Apply and OK.

Then, Spencer switches us to your SharePoint server and indicates that we have to let our “SPFarm” account log on locally. This is our SVC_SPDBAcces account. I presume that it can logon locally to our SharePoint server and Spencer is accounting for the possibility that our Profile Synch might run on a different server. All the same, we move to the SharePoint server and select Local Security Policy from Administrative Tools. Under Security Settings, we open the Local Policies | User Rights Assignment node and click on Allow Logon Locally.

We add our SVC_SPDBAccess account and click OK and do a Start | Run | GPUpdate.

Then we get some instructions to make our DB Access account a local administrator. No problem. And then suggests we reboot. No problem.

Now, Spencer says create two web applications, one for the portal and one for the My Sites.

SharePoint 2010 Configs and Features

So we’ve still got a little work to do to finish but we do have a functional SPS2010 farm.

We still need to create some web applications other than the default portal including the DNS settings. Then we have search and profiles to configure.

And there’s some help with anonymous access from our new best friend, Julian here.

In the meantime, we’ve had a little trafffic on SharePoint features. There’s a great list here from MSDN that will let you decode the feature ID’s of the OOTB features.

I’ve also started to detail my DNS configs below.

-robot

DNS Settings

The multi-server SharePoint farm relies on domain service accounts that presume a domain and its accompanying DNS settings.

So let’s review. From our previous post, we’ve got three servers:

  1. Domain Controller: DC.MyDomain.com
    IP Address: x.x.x.1
  2. Database Server: DB.MyDomain.com
    IP Address: x.x.x.2
  3. SharePoint Server: SP.MyDomain.com
    IP Address: x.x.x.3

Then I went to my domain registrar and took over the DNS settings pointing them to my DSL modem’s IP address; this is the WAN address on my router.

SharePoint 2010 Farm on Hyper-V

We’ve looked at the SharePoint 2010 install and some virtualization of our demo\dev environment but we’ve never hosted a multi-server farm on in Hyper-V. We may not finish this but let’s see if we can get a domain built and intstall a two-server farm on one Hyper-V host with 8Gb RAM.

First, our new best friend, Matt, covers the hardware and software requirements pretty well here. Some of the cool things he tells us is that we ought to be okay with less than 6Gb RAM and 100 Gb ROM.

Then we’ve also got this great PowerPoint from our new best Czechoslovakian friend, Michael, here. Michael outline the multi-farm options nicely. His RAM specs total about 30Gb but he’s building a production farm. Maybe we can trim those to fit on our skimpy little 8Gb.

So, like you know we like, starting from scratch, we have:

  • Dell PowerEdge T310.
  • QC Xeon 2.5 Ghz Processor.
  • 8Gb RAM
  • 2×232 Gb Harddrives
  • Windows 2008 R2 x64.

A couple of interesting points here:

  • We’ve enabled remote acces on the System Properties Remote tab. This will let up use our router’s port forwarding page to forward RDP traffic from the internet to our host using the RDP port 3389. Now, we can RDP from anywhere on the internet (even you) by using our IP address in the RDP Computer field. Sure, this is a threat vector but we’re not putting anything out here we don’t want to give away, except the damm HP printer driver I had to hack out of their install file.
  • The Windows Firewall is On Public and Private.
  • Our host is a member of our local work group.
  • IE Enhanced Security is Off.
  • The server is running the Application Server, File Services, Hyper-V, and Web Server roles.
  • We’ve installed MagicISO which will run on our x64 host. After it’s installed, you simply right click on the start bar tray icon and select mount and point it to the Win2k8 .iso file.

Building the Domain Contoller:

We open the Hyper-V Manager and click on the New link in the Actions panel on the left. Then, using the wizard, we set the following:

We install our VM files on a separate drive from our OS and then give it 512 Mb RAM. The Windows Server 2008 specs are here.  This says that 512 Mb RAM is the minimum for the server. Since this will only support our domain controller tasks, we’ll make it the minimum.

We connect the server to the LAN by selecting the Local Area Connection – Virtual Network option.

We give it a hard drive and provide 15 Gb disk space and tell it to create a hard drive.

Then, we tell it to boot to the .iso file mounted on our MagicDisk drive.

The wizard will complete and then you can start the VM in the Hyper-V Manager. When it starts it will be loading Windows. In the interest of conserving resources, we select the Server 2008 R2 Standard Full Installation.

Now, it turns out, we could have selected the Server Core Installation. When that is installed, you don’t get a desktop but simply a command prompt on top of blank blue wallpaper. Our new best friend, Daniel, has a great explanation of this process here. To avoid having to learn a bunch of new command line details, let’s forego this option for now, perhaps to revisit it in the near future.

Once the desktop appears, we get the Initial Configuration Tasks page. We can activate Windows and set the time zone. Then we can skip Networking and Computer Name for a second and go to Enable Updates. This will currently upload and install 55 updates and require a restart. It will take several minutes.

Now, looking at Networking, I have to wonder why they used the gerund and not just the noun, “network.” Regardless, we can go back to Daniel’s site, Petrie.co.li, where he explains many of the domain controller\active directory issues pretty clearly.

First there’s the network configuration. On the Initial Configuration Tasks we click Configure Networking. The Network Connections folder opens and shows us our LAN connection. We right click and select Properties. Then we select the IPv4 item and click the Properties button.

Here, we give the server a static IP address on the LAN and point it to our router as a default gateway. At this point, we can browse to internet sites. Doing so, we see we want to kill the IE Enhanced Security Mode by opening Server Manager and clicking on the link in the Security Information section. We aslo want to go ahead and rename our new server something intuitive instead of the gobbledygook default name. It’s best to do this before setting up Active Directory so you can avoid some more gobbledygook in some silly dialog boxes later.

Next, on Initial Configuration Tasks, we click on the Add Roles link. On the Server Roles tab, we’ll check the AD Domain Services option. This will tell us we need to install the .Net Framework 3.5.1 Features. We click through the wizard to install.

Now, when we open Server Manager, we can see that the Active Directory Domain Services link has a red X icon beside it. When we click on that link, we get to the ADDS page with an i icon and a link to run dcpromo.exe.

This will open the ADDS Installation Wizard. We forego the advanced mode installation and click through to select a new domain in a new forest. We enter the fully qualified domain name. We set the Forest Functional Level to Server 2008 R2 eschewing the option to later add down rev domain controllers.

The wizard will finish by installing the services and then report that no DNS was found and offer to install it. It will warn about creating a delegation but we can ignore that and click Yes. If gives us file locations that are fine and then wants a restore password. We get a summary and the wizard installs DNS and begs for a reboot.

Once we reboot, we enable remote desktop in Server Manager. We can close the Hyper-V VM window and RDP to the IP address. We can also add our new domain name to our host file using the IP address and that will let us RDP to the domain name.

The Database Server:

For the database server, the Windows install is a repeat of the domain controller except we give it 2,560 Mb RAM and a 60 Gb hard drive. When Windows comes up, we configure networking by giving it an IP address but then pointing DNS back to the domain controller’s IP address. At this point, the browser should connect to the internet.

Then we click on Provide computer name and domain. We rename the computer and tell it we want to join our new domain. This will require us to enter the password we used for the administrator on the domain controller. We get a Welcome to the Domain dialog and then have to reboot.

When we try to log back in, we can see that our Domain\Administrator user can log into the new database server. This is the first real evidence that our domain is working. We can then go on with the updates and provide for remote access.

On the Hyper-V host, we work our MagicDisk to unmount the Windows Server DVD and then mount the SQL Server DVD. Then we go back to our new server and run Setup.exe.

A dialog box complains that we have to enable the .NET Framework Core role. It looks like it will add the role for us. We click OK and then, after a moment, we get the SQL Server Installation Center. On the Planning tab, there’s a semester’s worth of reading. On the Installation tab, we click New Installation

The SQL Server 2008 R2 Setup wizard opens and tells me it’s checking for Setup Support Rules. We pass seven and fail none. So far, so good. We click OK.

It wants a product key. You’re on your own here.

I accept the terms and it rolls to the Setup Support Files page. We click Install.

Once this guy runs, we get another scorecard. We’ve passed 10, failed 0 and have one warning about our firewall. Hmmm…

Well, no problem, the dialog box refers us to this page at MSDN where it talks about firewall configuration. Then we get some help from our new best friend, Ashsish, here.

What we ought to be able to do is follow these steps and then rerun our Setup Support Rules and get the warning to go away. Let’s see.

We run Firewall.cpl. Click on the Allow a program…link. We get the Allow Programs dialog. We click Add another program… and see that only the SQL Server Installation Center option is available. Domainis checked so we click OK  and rerun the Setup Support Rules. Still we get the error.

The MSDN page suggest running WF.msc and adding an inbound rule for port 1433 using TCP. Done. We still get the error.

Looking at the error in detail, it’s simply warning about the firewall, not reporting that a specific SQL Server action is not working. So, I’m going to back both of my mods out and proceed with the SQL Server install. Back on the Setup Support Rules wizard, we click Next.

We get the Setup Role page. Since we don’t want just the default service accounts, we’re going to select the SQL Server Feature Installation option. Then we’re going to create our service account on our domain controller as noted in the Service Account section below.

On the Features Selection tab, we select everything except Books Online and SQL Server Replication. We get a check that we passed six and ignored eighteen. Whatever.

We’re rolling with the default installation on Instance Configuration. Disk space requirements check out okay.

On Service Configuration we’re going to select the Use the same name… and then use our SVC_SQLServer account. Odd, here is won’t take the SVC_SQLServer@Domain.com format so I revert the the Domain\SVC_SQLServer.

On the Database Engine tab, we select Mixed Mode and enter a password for the sa account. We also add the current user who is our domain adminstrator, and our DB Server’s local administrator. That’s three users plus an sa account.

We add the same three users to the Analysis Services Configuration tab.

We check the Install the SharePoint integrated mode default configuration option on the Reporting Services Configuration tab.

Let’s pass on the error reporting. We get a 6-0-2 on the Installation Configuration Rules, skipping only the instance name and the SQL Server 2000 installation action, whatever that is.

It says we’re Ready to Install. Let’s  take a snapshot first and then find out.

While it’s running, I go to the domain controller and try to ping the db server; request time out. This is apparently a firewall issue as noted by our new best freind, Jeff, here. Sometimes it’s great to get a simple answer to a simple question. Ping, both ways, is good.

@Success!!! Your SQL Server 2008 R2 installation completed successfully.

We go back to the installation page and it suggest we check for updates; there are none.

It also tells us that the sample databases are not installed but are available here from CodePlex. We’ll need some sample data so let’s take care of this straightaway. I’m going get the 2008 Adventure Works executable but I’m going to download it to my host box first and then install it by mapping a drive from my DB server to the host. The instructions on COdePlax say you have to activate FILESTREAM and it provides instructions. There’s also alot of noise about the database installer being flakey. When I see flakey ahead, I like to get a snapshot so we’re good where we are now so we’ll get a snapshot and then, if we really get any flakiness, we’ll rollback. The executable extracts files and opens an install wizard. We select only the AW LT 2008 and click install. It runs, completes and then, in SSMS, we can see the top 1000 rows of the customer table.

No, in order to leverage the SQL Server Reporting Services for SharePoint we may have to come back and install SharePoint on this server but we’ll wait to figure that out. We should at least be able to go ahead and create our web server.

SharePoint Server

We’re going to call this our web server, our index server and also a server for all our applications.

For the SharePoint server, the Windows install is a repeat of the others except we give it  1,536 Mb RAM and a 40 Gb hard drive. Just like the DB server, when Windows comes up, we configure networking by giving it an IP address but then pointing DNS back to the domain controller’s IP address.  At this point, the browser should connect to the internet.

We’re going to need some service accounts and I’m tracking them below; we’ll create them on the domain controller as we encounter the need.

So, we mount the SharePoint install disk on our host, open that drive on the web server desktop and click Install software prerequisites. We accept the agreement and it’s off to the races.

During the install, we get a failure to download the SQL Server Native Client. It suggests we try again and, this time, it works fine. We get told to restart.

When it comes back up, the install finishes and we get an Installation Complete reward.

We take a snapshot here and then start the install again, this time selecting Install SharePoint Server. We enter the product key, accept the terms, select Server Farm and Complete and then click Install Now.

It runs for a couple of minutes and then tells us to run the configuration wizard. We click through the wizard and opt to create a new farm. We ID our database server and our database access account. Here, we need to be sure to use the <domain>\<user name> format for the acocunt name.

Now, this returns a Cannot Connect error. When we turn off the Windows Firewall on the web server and database server, the connection is completed no problem. Hmmm…

Now, we got some help here from MSDN and from here from our new best friend, Tristan, at SharePoint2007Security.com. But this robot is no firewall\security expert and the details are daunting. So, after a review, we open port 1433, outbound on the web server and inbound on the db server using the Firewall application in the control panel’s Advanced properties. @Success.

So we need a Passphrase. It’s kind of a farm admission gate. I know it’s used in the event you need to recover from the database level. No problem.

Then we encounter the Central Admin web application configuration page and we run into Kerberos authentication. I also like to always use the same port number. Also, we can note in the More Information page that changing the CA port number is only supported using the Configuration Wizard but my guess is there’s a PowerShell command that will get it done for us.

Now, at one time we were experts at configuring Kerberos for MOSS 2007. It was a bitch running some silly command line gobbledygood and some peculiar computer configs in Active Directory. My hope is that there’s some new technology and knowledge available for 2010.

So, our first options is on MSDN here. On the domain contoller, we run ADSIEdit.msc.  We connect to our local domain and drill down to the SQL Server Service Account properties. This opens a properties dialog box with an attributes edits and servicePrincipalName is one of these attributes. We click edit and get a Multi-valued String Editor.

Now, of course, the MSDN article is using generic names for all these objects and most are easily translated to our install. However one that may be be difficult to recognize the the service name. MSDN uses MSSQLSvc while, on our DB server, our SQL Server service is named MSSQLSERVER. That matters because our SPNs format is:

<Service Name>\<Host>:<Port Number>

And, you may recall, hosts must be identified both as standalone and fully qualified. Thus our SPNs for the SQL Server Serivce Account are:

MSSQLSERVER\DBServer:1433
MSSQLSERVER\DBServer.Domain.com:1433

Then the confirmation for this is to install the SQL Server Client Tools on the web server and try to open the database on the DB server. Unmount, mount, run, pass, product key, agree, install Setup Support files, pass. Then SQL Server Feature Installation and check Management Tools – Basic. Pass, next, next, pass, ready, install, close.

Now we can open SQL Server Management Studio from our Start menu and connect to our database server. @Success. The MSDN article says to look at the SQL Server’s Security Event Log but it says look for an event ID = 540. What we find is an event ID 4624 that says An account was successfully logged on and then tells us our Logon Process and Authentication Package was Kerberos. Woot!

That covers the Database server. Now, for the SharePoint web apps, we have to do a little planning. First, we have a service account for DB access. We also need service accounts for our applications pools. So aside from central admin that will use the DBAccess account for an application pool, we want three applications, so we’ll have three application pools with three application pool IDs. :

  • Portal – A publishing site: Portal.Domain.com – Domain\SVC_SPPortalAppPool
  • Home – A team site: Home.Domain.com – Domain\SVC_SPHomeAppPool
  • My Sites: MySite.Domain.com – Domain\SVC_SPMySiteAppPool

Now, remember:

  • We’ll have SPNs for standalone and for fully qualifed host headers
  • We have alternative access mappings that include the host headers as well as the web server computer name, WebServer, which we’ll point to our Portal app or Central Admin depending on port number. Likewise our raw IP address will point to either Portal or Central Admin depending on port numer. In all, we need fourteen SPNs not counting the two we created for SQL Server:

We’ll add these to the Domain\SVC_SPDBAccess account:

HTTP/192.168.1.3:63999
HTTP/WebServer:63999
HTTP/WebServer.Domain.com:63999
HTTP/CentralAdmin:63999
HTTP/CentralAdmin.Domain.com:63999

We’ll add these to the Domain\SVC_SPPortalAppPool account:

HTTP/192.168.1.3:80
HTTP/WebServer:80
HTTP/WebServer.Domain.com:80
HTTP/Portal
HTTP/Portal.Domain.com

We’ll add these to the Domain\SVC_SPHomeAppPool account:

HTTP/Home:80
HTTP/Home.Domain.com:80

We’ll add these to the Domain\SVC_SPMySiteAppPool account:

HTTP/MySite:80
HTTP/MySite.Domain.com:80

My guess is that we’ll have to duplicate alot of this when it’s time to register our certificates and run our apps through https and use port 443 and then again when we deploy a bunch of applications with their own service account.

Anyway, we’re going back in ADSIEdit and finding our accounts and adding our SPNs just like we did before for the database server.Then we continue through the install wizard and it counts x of 10 tasks. # 3 took a few minutes but the rest was pretty quick and we get a Configuration Successful scooby snack. Rooby roo!!

We get the Initial Farm Configuration Wizard and an option to Help Make SharePoint Better.

I’m taking a snapshot.

I agree to send my install info to Microsoft and continue\start with the wizard.

First, I tell all the services to use a new managed account, Domain\SVC_SPServices. Don’t tell but I’m using the same password.

Then I give my new portal a name and description, tell it to use the http://HostName/ root URL and then the publishing portal template. Iget a This Completes the Farm Configuration Wizard page with a bunch of service applications listed. I click Finish and land on the Central Administration homepage. I enter my portal URL and I land on the Adventure Works homepage with all my favorite dorks.

I go back to Central Admin and, on the Application Management page, I click Configure alternate access mappings.

Here, I enter my host headers:

  • Portal
  • Portal.domain.com
  • CentralAdmin
  • CentralAdmin.domain.com

 

Firewall Settings

Our new best friend, Michael, provides a full detail of the necessary firewall settings here.

DBServer:

  • 1433 inbound TCP

Web Server:

  • 1433 Outbound TCP

Service Accounts

On the domain controller, we create the following accounts. Except for Password Never Expires, we’ve noted any non-default settings:

  • Database Engine Service Account – Domain\SVC_SQLServer. Logs in the MSSQLSERVER service.
  • SharePoint Database Access Account – Domain\SVC_SPDBAccess. This account must be added as DBCreator and SecurityAdmin in SQL Server Management Studio by right clicking on the Security node and selecting New Login. Create the new login and then, on the Server Roles tab, check the two roles.
  • SharePoint Services Account – Domain\SVC_SPServices. This account will be assigned to the SharePoint services during the configuration wizard that is kicked off after the Central Administration website is created.
  • Portal Application Pool – Domain\SVC_SPPortalAppPool: Portal is a web application for a publishing site.
  • Home Application Pool – Domain\SVC_SPHomeAppPool: Home is a web application for team sites.
  • My Site Application Pool – Domain\SVC_SPMySiteAppPool: MySite is a web application for My Sites.

 That’s a pretty good effort for a robot on Friday. We’ll get to the other servers, next.

hth

-robot

References:

http://www.petri.co.il/installing-active-directory-windows-server-2008.htm

http://support.microsoft.com/kb/300684

http://technet.microsoft.com/en-us/library/cc262485.aspx

http://msdn.microsoft.com/en-us/windowsserver/cc196364.aspx

http://www.sql-server-performance.com/articles/dba/Configure_Windows_Firewall_for_SQL_Server_Remote_Connections_p1.aspx

http://www.magiciso.com/

http://serverfault.com/questions/6046/enable-ping-in-windows-server-firewall

http://msdn.microsoft.com/en-us/library/cc646023(SQL.100).aspx#BKMK_WF_msc

http://www.sharepoint2007security.com/guidance/firewall_rules

http://technet.microsoft.com/en-us/library/ee806870.aspx

http://blogs.catapultsystems.com/matthew/archive/2009/12/05/hard-disk-optimization-on-hyper-v.aspx

http://sharepoint.microsoft.com/blogs/fromthefield/Lists/Posts/Post.aspx?ID=112

RYG Indicators in Any SharePoint List

You guys know me. When I say “this is the heat,” you know it is really the heat.

Our new best friend, Christope, at PathToSharePoint.com is bringing the heat.

What he has here is a web part that lets you poke a SharePoint status indicator into any SharePoint list. And he does it the way this robot has always liked to do things, by making SharePoint do what you want it to.

First create a list with a “status” column. Make it a choice and make your choices:

(1) Red
(2) Yellow
(3) Green

Now, we’re going to use the numbers in a calculated column so be sure to use the (x) format. The rest of the verbiage is irrelevant.

We’ve talked about composing HTML in calculated columns before. I’ve always just used a datasheet view to to click and drag over the column and pasted it into a CEWP in source mode and called it done.  So add a calculated column and call it whatever you want but use this for the formula:

=”<DIV><IMG src=’/_layouts/images/KPIDefault-”&(3-RIGHT
(LEFT(Status,2),1))&”.gif’ /></DIV>”

Note how the right\left string magic sheds everything but our status color index number.

Now, it just so happens that SharePoint’s silly little Red, Yellow, Green indicators are found at the URL embedded in the resulting img tag. They are numbered 0, 1 and 2 so the formula just subtracts our index number from 3 to get the necessary text and mashes is all together.

Add some items to your list and look at the view and you’ll see that the HTML appears flawlessly.

Then, Christophe seals the deal by giving us the JavaScript (here) that converts this gobbledygook into pretty little indicators at run time. Drop the JavaScript in a second CEWP and put it on the page and your calculated HTML is converted into a rainbow of colors.

Ouch, that’s hot.

-robot

SharePoint 2010 MySite: Community Report

The deployment of My Sites is among the most difficult desicsion to make in enterprises with a timid or conservative management style. I thought I would look through the community to see if we have any consensus about what to expects or how to avoid pitfalls.

First of all, our new best friend, Chandima has a nice look here. He identifies benefits, such as connectability and discovery, and he also describes some of the overhead on performance and storage.

He also describes the SharePoint 2007 SSP approach to managing the permission to create a MySite.

Things will be different in the 2010 solution. There’s no SSP servers, only dedicated service servers. I sense that throttling MySite creation is one thing we might use to mitigate the management timidity we spoke of, I supposed we’ll be looking through the profiles service to find the permissions to create new MySites.

-hth
robot

Root Level Site Collections

I’m finding a number of good sources on the topic of creating your site collection at the root level of your web applications.

Consider this requirement: In an existing SharePoint operation with a top level site, you need to create a new site collection in a new database with a simple URL like:

http://MyPortal.com/MyNewSiteCollection

Using your standard Central Admin interface, your new site collection will end up under:

http://MyPortal.com/MyNewSiteCollection/Sites or
http://MyPortal.com/MyNewSiteCollection/Personal

Well, of course, that because “Sites” and “Personal” are managed paths in the default install. We’ll need to create a new managed path at the server’s root level and then add our site to it.

Our new best friend, Cory, give us a good start here. He explains how to create the site collection using explicit inclusions of both the root and the top level site.

Then, our other new best friend, Ben, explains, here, that what we need is a new managed path using an explicit inclusion.

I’m not sure I absolutely understand the difference, at least in SharePoint 2010.

Like Cory says, the server won’t display the site at the root if it’s configured as a wildcard excusion. For example, I have a site at:

http://MyServer

If I do like Cory says and delete the root managed path and recreate it with a wildcard inclusion, we can see that the root site quits working. Furthermore, no URL defined as a wildcard exclusion will display a site.

So,  in Central Admin, I go to Application Management | Manage Web Applications. I select my SharePoint – 80 and click on Managed Paths. 

 Add my new site with an explicit inclusion and click Add Path:

Then, when you go to Application Management | Create Site Collection, you can see that the managed path is available in the pull down list and that it will create your new site with the template you select at the root of your new managed path.

 

The next thing we need to do is make sure the database gets built into it’s own distinct database. For this, we visit Application Management | Manage Content Databases. Here we click Add a content database and give the new database an appropriate name. Then we go into all the existing databases and set their Maximum Number of Site Collections to the Current Number of Site Collections. This will assure us that the new site collection gets it’s content written into the new database. After it’s created, change the numbers again to make sure future site collections poke their data into the appropriate database.

hth
-robot