Archive for Walkthrough

Installing SharePoint Server 2013 on Windows 2012 and SQL 2012

Ensure you have the following before getting started

Setup a basic Windows 2012 Server no frills required.

Setup a basic SQL 2012 instance or SQL 2008 R2 SP1

Create a domain service account with DBcreator and SecurityAdmin rights on SQL 2012 Instance

Download SharePoint Server 2013 from MSDN

*Change IMG to ISO to mount using Hyper-V

Run the pre-requisites tool

Click Next

Accept the terms and of the Licence Agreements and click Next

Server might need a restart, click Finish and the server will reboot.

After the server has rebooted you will be greeted with the above window which will continue the pre-requisite installation

Once this has completed successfully click Finish and Reboot

Go to your SharePoint Server 2013 server image location and run Setup as Administrator by right clicking on Setup.

Click Yes

If you have not yet rebooted after the Prerequisites installation you will need to reboot before the installation can complete

Add the SharePoint 2013 Server Key

6RNT8-XV26M-GWH36-VMGQH-94MMH

Accept the terms of the agreement

I have decided to install a complete solution onto a pre-existing SQL instance

The installation will begin and finish quickly -+3 minutes

After the installation a configuration is required.  Click close to continue with the SharePoint Products Configuration Wizard

Click Next

Click Yes

Create a new server farm and click next

Add the Database server alias/instance

Add the SharePoint Config Database name

Add the Username provisioned earlier with the DBcreator and SecurityAdmin rights

Supply the password and click next

The next setup is to add a Farm Password

I like to specify a manual port number in order to access the Central Administration from any machine and 2723 is my signature deployment port.  Click next to continue to the installation

This took -+ 10 minutes, I would recommend a drinks break at this point.

Once this has been click Finish

This should open up the following Central Administration view.

Complete!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Post to Twitter

Office 365 Lync Online There was a problem acquiring a personal certificate

There was a problem acquiring a personal certificate required to sign in. If the problem continues, please contact your support team.

If you are still experiencing issues after trying out Microsoft’s help with removing certificates and Credentials from the Credentials Manager found here http://support.microsoft.com/kb/2604176 it might be because you have setup Federated Single Sign on and have a self-signed or untrusted certificated publishing your ADFS

The best way to resolve this issue is to trust the certificate of your ADFS published site or alternatively stop being so cheap and purchase a certificate online 🙂 However I am cheap and therefore used the following steps to trust my self-signed certificate.

Go to the HTTPS address of the ADFS published site (https://adfs.domain.com) and click certificate error in the URL Navigation bar.

Then click View Certificates

Once the Certificate tab opens click Install Certificate

Click Next

Select Place all certificates in the following store and Browse to ‘Personal’ and select OK

Click Next

Click Finish

Now you will need to do the procedure again but this time adding the certificate to ‘Trusted Root Certification Authorities’

Once completed you should be able to now sign-in on Lync 2010 Online for Office 365!

 

Post to Twitter

Setting up Forms based authentication for SharePoint 2010 Foundation

This looks straight forward if you follow this Technet article http://technet.microsoft.com/en-us/library/ee806882.aspx

Which uses the following assembly

Microsoft.Office.Foundation.Security.LdapMembershipProvider

However it is all a LIE!  There is no such assembly for SharePoint 2010 Foundation and therefor you need to use the following instead.

System.Web.Security.ActiveDirectoryMembershipProvider 

After creating your Claims-Based Authentication Web Application follow the steps below to create FBA for SharePoint 2010 Foundation

Step 1 – Configure Central Adminisrtation web.config

Start IIS Manager by typing INETMGR at a command prompt.

Go to the SharePoint Central Administration site in IIS.

Right-click SharePoint Central Administration and then click Explore.

Open the Web.Config file.

outside of the </sharepoint></system.web> paste the following

*remember to change the name and connectionstring to conform to your settings.


<connectionStrings>
<add name="LDAPConnection"
connectionString="LDAP://domain.co.za/DC=domain,DC=co,DC=za" />
</connectionStrings>

within <system.web><membership></system.web>


<membership defaultProvider="LDAPMembers">
<providers>
<add name="LDAPMembers"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LDAPConnection"
enableSearchMethods="true"
attributeMapUsername="sAMAccountname" />
</providers>
</membership>

Step 2 – Configure Secure Token Service web.config 

Start IIS Manager by typing INETMGR at a command prompt.

Go to the SharePoint Web Services site.

Go to the SecurityTokenServiceAppliction sub-site.

Right-click SecurityTokenServiceAppliction and then click Explore.

Open the Web.Config file.

Update the web.config above the </configuration> </system.net> right at the end of the file.

*remember to change the name and connectionstring to conform to your settings.

</system.net>
<connectionStrings>
<add name="LDAPConnection"
connectionString="LDAP://domain.co.za/DC=domain,DC=co,DC=za" />
</connectionStrings>
<system.web>
<membership defaultProvider="LDAPMembers">
<providers>
<add name="LDAPMembers"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LDAPConnection"
enableSearchMethods="true"
attributeMapUsername="samaccountname" />
</providers>
</membership>
</system.web>
</configuration>

Step 3 – Configure Web Application web.config

Start IIS Manager by typing INETMGR at a command prompt.

Go to the Claims Forms site.

Right-click Claims Forms and then click Explore.

Open the Web.Config file.

Update the web.config outside of the </sharepoint></system.web>

*remember to change the name and connectionstring to conform to your settings.


<connectionStrings>
<add name="LDAPConnection"
connectionString="LDAP://domain.co.za/DC=domain,DC=co,DC=za" />
</connectionStrings>

Add the below configuration under <add name=”i” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />


<add name="LDAPMembers"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LDAPConnection"
enableSearchMethods="true"
attributeMapUsername="samaccountname" />

Step 4 – Configure Claims-based web application

Central Administration > Manage Web Application > Select the web application > Authentication Providers > Default

  • Check Enable Forms Based Authentication (FBA)
  • Add “LDAPMembers” to ASP.NET Membership Provider name

Post to Twitter

Lync for Android

Recently I installed Lync for Android on my Samsung Galaxy Note leveraging my company’s office 365 service.  It didn’t go exactly smoothly and I thought it would be best if I shared my experience.

First things first download Lync for Android here (https://market.android.com/details?id=com.microsoft.office.lync) or search for it via Market on your phone.

Once Lync has been downloaded and installed, start it up, you will be presented with the following screen.

Simply add in your credentials to sign in.

*I added my domain credentials using Office 365 Single Sign on.  I will blog about that later.

If you see the following error “Can’t connect to server. It might be unavailable. Also check your network connection, sign-in address and server address”

To resolve this issue turn off Auto-Detect server and manually add in the Lync Discovery Address or SIP address https://sipdir.online.lync.com:443 for both external and internal, unless you have an internal WiFi and on premise Lync Server, then you would need to use that URL instead. The reason for adding this in manually if because your DNS settings are either not correct or have not propagated yet. Check out this guide for help.

Lync should now connect and prompt you with the following screen

Click Next

Add in your telephone number including country code and click next

You should be All Set!

Once you are in the Lync console you will be able to see “My Info”, “Contacts” and “Chats”

Chats is a very easy and cool way to chat to other Lync users, on the move!

Post to Twitter

Rugby World Cup 2011 SharePoint Site Template

I had an idea today on the way to work that SharePoint 2010 could be used to follow the Rugby World cup 2011. This site can be used by many different organizations hence the reason I am giving it away for free 🙂

Basically the site has all the teams and their match fixtures for users to follow the games. Whats more is users can get to vote on the outcome of each game and have on going discussions about the results.

Hopefully this will just add to your current SharePoint 2010 ROI or boost End user adoption

Check it out here http://www.bradg.co.za/rwc.zip

Post to Twitter

Enable Kerberos Logging

If you ever require the need to enable Kerberos logging because you have configured your SharePoint farm to use Kerberos or have an application that uses Kerberos like K2 you will need to Enable Kerberos logging.

Start Registry Editor by running ‘regedit’
Add the following registry value

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaKerberosParameters

Registry Value: LogLevel
Value Type: REG_DWORD
Value Data: 0x1

If the Parameters subkey does not exist, create it.

Post to Twitter

SharePoint 2010 security token expiration date

In SharePoint 2010 when one uses Forms based authentication or NTLM and the popup box for credentials has a “Sign me in automatically” or “Remember my credentials” and one checks the tick box available you would think this would now log you on for the rest of time. However by default SharePoint 2010 security token expires on the client side machine after 24 hours.

To increase the security token expiration date on SharePoint 2010 one needs to run the following command from SharePoint PowerShell


$sts = Get-SPSecurityTokenServiceConfig
$sts.WindowsTokenLifetime = (New-TimeSpan -Day 365)
$sts.FormsTokenLifetime = (New-TimeSpan -Day 365)
$sts.Update()
Iisreset

Note that this will change the token to expire of 365 days for both Forms and NTLM.

Post to Twitter

Unable to create a Service Connection Point in the current Active Directory domain

I was upgrading a SharePoint 2010 farm using PSConfig.exe as shown below

PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures

After the timer stopped at “The farm is being upgraded in the timer service process. The task is 10.00% completed.” it failed and after searching the LOGS I found the below error.

Unable to create a Service Connection Point in the current Active Directory domain. Verify that the SharePoint container exists in the current domain and that you have rights to write to it.
Microsoft.SharePoint.SPException: The object LDAP://CN=Microsoft SharePoint Products,CN=System,DC=*,DC=*,DC=com doesn't exist in the directory.
at Microsoft.SharePoint.Administration.SPServiceConnectionPoint.Ensure(String serviceBindingInformation)
at Microsoft.SharePoint.PostSetupConfiguration.UpgradeTask.Run()

To resolve the the issue I used this walkthrough.

http://blogs.msdn.com/b/opal/archive/2010/04/18/track-sharepoint-2010-installations-by-service-connection-point-ad-marker.aspx

Post to Twitter

SharePoint 2010 Application Pool GUIDs

SharePoint 2010 has some rather strange application pool guids.  The GUIDS are unique to each enviroment and therefore allmost impossible to tell what they are on face value.  This causing some issues when troubleshooting, so here is a quick guide to figure out what the Applications Pool GUID’s actually are.

In SharePoint Management Shell (Powershell) run the following command

Get-SPServiceApplicationPool

This will return the following

</p>
Name                                     ProcessAccountName
----                                     ------------------
BusinessDataConnect                      DOMAINsp2010.bcsserv
ManagedMetadataService                   DOMAINsp2010.mmdserv
PerformancePoint                         DOMAINsp2010.perfpnt
SearchAdmin                              DOMAINsp2010.searchapp
SearchQuery                              DOMAINsp2010.searchquery
SecureStoreService                       DOMAINsp2010.secstore
SecurityTokenServiceApplicationPool      DOMAINsp2010.apppool
SharePoint Web Services Default          DOMAINsp2010.farm
SharePoint Web Services System           DOMAINsp2010.farm
User Profile Service                     DOMAINsp2010.userprof
VisioGraphics                            DOMAINsp2010.visioserv
WebAnalyticsServiceApplication           DOMAINsp2010.webanserv
WordAutomationService                    DOMAINsp2010.wordauto
<p>

To find the GUID run the following

Get-SPServiceApplicationPool | select Id, Name
</p>
<p>Id                                      Name<br />
--                                      ----<br />
9b3d53c7-fa8d-4448-93a9-8d400831ad74    BusinessDataConnect<br />
cbef2e49-25d2-4ca8-91fb-8c71a40742de    ManagedMetadataService<br />
24fccf54-c7ec-41ae-b016-f277e1b42e81    PerformancePoint<br />
c108b149-9696-4b13-8ca0-90b8bb8d050c    SearchAdmin<br />
ee40e2b9-d21c-4831-b24e-be67896f47ba    SearchQuery<br />
c5793f1a-7498-45a9-8472-ddfe7f26a74a    SecureStoreService<br />
3e6d3d36-0d29-4570-8724-88bd440cdcac    SecurityTokenServiceApplicationPool<br />
e68de5b9-1af9-4aaa-9b36-bc3ddbb83a18    SharePoint Web Services Default<br />
1e6817d2-2f13-4e6a-9554-4887fb105836    SharePoint Web Services System<br />
1e99faf7-e990-4f6b-8a9b-4dc72498aef4    User Profile Service<br />
15565b3f-18a0-49cc-9924-478907b0e319    VisioGraphics<br />
616ea3be-65d9-499a-aec2-c0de8279de90    WebAnalyticsServiceApplication<br />
aa6062de-816f-4213-9cec-d41cd5c909f2    WordAutomationService</p>
<p>

More info can be found at Harbar’s blog

http://www.harbar.net/archive/2009/12/04/more-on-sharepoint-2010-application-pools.aspx

Post to Twitter

How to transfer the logins and the passwords between instances of SQL

When you need to create a development enviroment of a production SQL box and you have SQL logins to your databases you need to recreate them on your dev enviroment.  It takes way to long to recreate each user so just take the steps below and you should be done in 5 minutes.

Microsoft explains it simply enough from here http://support.microsoft.com/kb/918992/

Take the below code and run it against the instance of SQL you want to copy the logins from.


USE master

GO

IF OBJECT_ID ('sp_hexadecimal') IS NOT NULL

  DROP PROCEDURE sp_hexadecimal

GO

CREATE PROCEDURE sp_hexadecimal

    @binvalue varbinary(256),

    @hexvalue varchar (514) OUTPUT

AS

DECLARE @charvalue varchar (514)

DECLARE @i int

DECLARE @length int

DECLARE @hexstring char(16)

SELECT @charvalue = '0x'

SELECT @i = 1

SELECT @length = DATALENGTH (@binvalue)

SELECT @hexstring = '0123456789ABCDEF'

WHILE (@i <= @length)

BEGIN

  DECLARE @tempint int

  DECLARE @firstint int

  DECLARE @secondint int

  SELECT @tempint = CONVERT(int, SUBSTRING(@binvalue,@i,1))

  SELECT @firstint = FLOOR(@tempint/16)

  SELECT @secondint = @tempint - (@firstint*16)

  SELECT @charvalue = @charvalue +

    SUBSTRING(@hexstring, @firstint+1, 1) +

    SUBSTRING(@hexstring, @secondint+1, 1)

  SELECT @i = @i + 1

END

SELECT @hexvalue = @charvalue

GO

IF OBJECT_ID ('sp_help_revlogin') IS NOT NULL

  DROP PROCEDURE sp_help_revlogin

GO

CREATE PROCEDURE sp_help_revlogin @login_name sysname = NULL AS

DECLARE @name sysname

DECLARE @type varchar (1)

DECLARE @hasaccess int

DECLARE @denylogin int

DECLARE @is_disabled int

DECLARE @PWD_varbinary  varbinary (256)

DECLARE @PWD_string  varchar (514)

DECLARE @SID_varbinary varbinary (85)

DECLARE @SID_string varchar (514)

DECLARE @tmpstr  varchar (1024)

DECLARE @is_policy_checked varchar (3)

DECLARE @is_expiration_checked varchar (3)

DECLARE @defaultdb sysname

IF (@login_name IS NULL)

  DECLARE login_curs CURSOR FOR

      SELECT p.sid, p.name, p.type, p.is_disabled, p.default_database_name, l.hasaccess, l.denylogin FROM

sys.server_principals p LEFT JOIN sys.syslogins l

      ON ( l.name = p.name ) WHERE p.type IN ( 'S', 'G', 'U' ) AND p.name <> 'sa'

ELSE

  DECLARE login_curs CURSOR FOR

      SELECT p.sid, p.name, p.type, p.is_disabled, p.default_database_name, l.hasaccess, l.denylogin FROM

sys.server_principals p LEFT JOIN sys.syslogins l

      ON ( l.name = p.name ) WHERE p.type IN ( 'S', 'G', 'U' ) AND p.name = @login_name

OPEN login_curs

FETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @type, @is_disabled, @defaultdb, @hasaccess, @denylogin

IF (@@fetch_status = -1)

BEGIN

  PRINT 'No login(s) found.'

  CLOSE login_curs

  DEALLOCATE login_curs

  RETURN -1

END

SET @tmpstr = '/* sp_help_revlogin script '

PRINT @tmpstr

SET @tmpstr = '** Generated ' + CONVERT (varchar, GETDATE()) + ' on ' + @@SERVERNAME + ' */'

PRINT @tmpstr

PRINT ''

WHILE (@@fetch_status <> -1)

BEGIN

  IF (@@fetch_status <> -2)

  BEGIN

    PRINT ''

    SET @tmpstr = '-- Login: ' + @name

    PRINT @tmpstr

    IF (@type IN ( 'G', 'U'))

    BEGIN -- NT authenticated account/group

      SET @tmpstr = 'CREATE LOGIN ' + QUOTENAME( @name ) + ' FROM WINDOWS WITH DEFAULT_DATABASE = [' + @defaultdb + ']'

    END

    ELSE BEGIN -- SQL Server authentication

        -- obtain password and sid

            SET @PWD_varbinary = CAST( LOGINPROPERTY( @name, 'PasswordHash' ) AS varbinary (256) )

        EXEC sp_hexadecimal @PWD_varbinary, @PWD_string OUT

        EXEC sp_hexadecimal @SID_varbinary,@SID_string OUT

        -- obtain password policy state

        SELECT @is_policy_checked = CASE is_policy_checked WHEN 1 THEN 'ON' WHEN 0 THEN 'OFF' ELSE NULL END FROM sys.sql_logins WHERE name = @name

        SELECT @is_expiration_checked = CASE is_expiration_checked WHEN 1 THEN 'ON' WHEN 0 THEN 'OFF' ELSE NULL END FROM sys.sql_logins WHERE name = @name

            SET @tmpstr = 'CREATE LOGIN ' + QUOTENAME( @name ) + ' WITH PASSWORD = ' + @PWD_string + ' HASHED, SID = ' + @SID_string + ', DEFAULT_DATABASE = [' + @defaultdb + ']'

        IF ( @is_policy_checked IS NOT NULL )

        BEGIN

          SET @tmpstr = @tmpstr + ', CHECK_POLICY = ' + @is_policy_checked

        END

        IF ( @is_expiration_checked IS NOT NULL )

        BEGIN

          SET @tmpstr = @tmpstr + ', CHECK_EXPIRATION = ' + @is_expiration_checked

        END

    END

    IF (@denylogin = 1)

    BEGIN -- login is denied access

      SET @tmpstr = @tmpstr + '; DENY CONNECT SQL TO ' + QUOTENAME( @name )

    END

    ELSE IF (@hasaccess = 0)

    BEGIN -- login exists but does not have access

      SET @tmpstr = @tmpstr + '; REVOKE CONNECT SQL TO ' + QUOTENAME( @name )

    END

    IF (@is_disabled = 1)

    BEGIN -- login is disabled

      SET @tmpstr = @tmpstr + '; ALTER LOGIN ' + QUOTENAME( @name ) + ' DISABLE'

    END

Then once that has completed run the following command in the same query window


EXEC sp_help_revlogin

SQL will create a script that you need to copy and then paste into a query on the other SQL instance and run.

Post to Twitter