Unable to authenticate Outlook to Office 365

I had a strange issue with Outlook continually prompting me to authenticate after setting up our federated domain to office 365.

The scenario would occur on all machines trying to connect to the Office 365 Exchange even after attempting a manual configuration via Outlook

I finally found out that my ADFS proxy server required a Trusted SSL and a Self-Signed Cert just won’t do.

I recommended using Trustico 30 day free SSL first to ensure that this in fact is the issue before shelling out to buy an expensive cert.

Post to Twitter

Office 365 Lync Online There was a problem acquiring a personal certificate

There was a problem acquiring a personal certificate required to sign in. If the problem continues, please contact your support team.

If you are still experiencing issues after trying out Microsoft’s help with removing certificates and Credentials from the Credentials Manager found here http://support.microsoft.com/kb/2604176 it might be because you have setup Federated Single Sign on and have a self-signed or untrusted certificated publishing your ADFS

The best way to resolve this issue is to trust the certificate of your ADFS published site or alternatively stop being so cheap and purchase a certificate online 🙂 However I am cheap and therefore used the following steps to trust my self-signed certificate.

Go to the HTTPS address of the ADFS published site (https://adfs.domain.com) and click certificate error in the URL Navigation bar.

Then click View Certificates

Once the Certificate tab opens click Install Certificate

Click Next

Select Place all certificates in the following store and Browse to ‘Personal’ and select OK

Click Next

Click Finish

Now you will need to do the procedure again but this time adding the certificate to ‘Trusted Root Certification Authorities’

Once completed you should be able to now sign-in on Lync 2010 Online for Office 365!

 

Post to Twitter

Publishing Anonymous InfoPath form for SharePoint 2010 Internet Sites

We were working on our new SharePoint 2010 Internet site today here at G&T and had some issues without contact form not allowing anonymous users to submit contact us forms.
We had done everything right, or so we thought. After getting the below errors and a lot of head scratching and googling we managed to get everything resolved.

Unknown SPRequest error occurred. More information: 0x80070005
The XSN is null and its not a cross server issue. Most likely a permission issue
  1. Allow Anonymous Access via Central Administration
    Application Management > Manage Web Applications > Authentication Providers > Enable anonymous access
  2. Disable Viewformpageslockdown
    Open SharePoint 2010 Management Shell

    get-spfeature -site URL
    $viewformlockdown = get-spfeature viewformpageslockdown
    disable-spfeature $viewformlockdown -URL
  3. Enable Anonymous access via the Site Collection
    Goto http://URL/_layouts/user.aspx
    Anonymous Access > Entire Web site
  4. Enable Add Items to List for Anonymous users

Big thanks to Russ Maxwell for his post on the above PowerShell ViewFormLockDown solution
http://blogs.msdn.com/b/russmax/archive/2010/01/22/lockdown-mode-in-sharepoint-2010.aspx

Post to Twitter

Start-OnlineCoexistenceSync

Recently I was setting up my single sign-on with Office 365, and needed to run my OnlineCoexistenceSync. I was running the sync off a server that had SharePoint 2010 on and well UPS kicked off again and I was getting the following error.

Start-OnlineCoexistenceSync : Cannot start service MSOnlineSyncScheduler on computer '.'.

After checking my SharePoint 2010 farm I found that my UPS had stopped and needed to start it again. Once that had started everything synced up with my 365 domain.

UPS will never surprise me, I expect the worst from that service every time.

Post to Twitter

PoSh.ps1 cannot be loaded because the execution of scripts is disabled on this system

PoSh.ps1 cannot be loaded because the execution of scripts is disabled on this system

I receive the above error when trying to run a PowerShell Script that is not signed or trusted, to resolve this issue simply run the following command

Set-ExecutionPolicy unrestricted

This will then display the following

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust.
Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic. Do you want to change the execution policy?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): Y

It’s obviously not the safest option ‘unrestricted’ so to get a full break down of what is what check out this link.

http://technet.microsoft.com/en-us/library/ee176949.aspx

Post to Twitter

Setting up Forms based authentication for SharePoint 2010 Foundation

This looks straight forward if you follow this Technet article http://technet.microsoft.com/en-us/library/ee806882.aspx

Which uses the following assembly

Microsoft.Office.Foundation.Security.LdapMembershipProvider

However it is all a LIE!  There is no such assembly for SharePoint 2010 Foundation and therefor you need to use the following instead.

System.Web.Security.ActiveDirectoryMembershipProvider 

After creating your Claims-Based Authentication Web Application follow the steps below to create FBA for SharePoint 2010 Foundation

Step 1 – Configure Central Adminisrtation web.config

Start IIS Manager by typing INETMGR at a command prompt.

Go to the SharePoint Central Administration site in IIS.

Right-click SharePoint Central Administration and then click Explore.

Open the Web.Config file.

outside of the </sharepoint></system.web> paste the following

*remember to change the name and connectionstring to conform to your settings.


<connectionStrings>
<add name="LDAPConnection"
connectionString="LDAP://domain.co.za/DC=domain,DC=co,DC=za" />
</connectionStrings>

within <system.web><membership></system.web>


<membership defaultProvider="LDAPMembers">
<providers>
<add name="LDAPMembers"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LDAPConnection"
enableSearchMethods="true"
attributeMapUsername="sAMAccountname" />
</providers>
</membership>

Step 2 – Configure Secure Token Service web.config 

Start IIS Manager by typing INETMGR at a command prompt.

Go to the SharePoint Web Services site.

Go to the SecurityTokenServiceAppliction sub-site.

Right-click SecurityTokenServiceAppliction and then click Explore.

Open the Web.Config file.

Update the web.config above the </configuration> </system.net> right at the end of the file.

*remember to change the name and connectionstring to conform to your settings.

</system.net>
<connectionStrings>
<add name="LDAPConnection"
connectionString="LDAP://domain.co.za/DC=domain,DC=co,DC=za" />
</connectionStrings>
<system.web>
<membership defaultProvider="LDAPMembers">
<providers>
<add name="LDAPMembers"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LDAPConnection"
enableSearchMethods="true"
attributeMapUsername="samaccountname" />
</providers>
</membership>
</system.web>
</configuration>

Step 3 – Configure Web Application web.config

Start IIS Manager by typing INETMGR at a command prompt.

Go to the Claims Forms site.

Right-click Claims Forms and then click Explore.

Open the Web.Config file.

Update the web.config outside of the </sharepoint></system.web>

*remember to change the name and connectionstring to conform to your settings.


<connectionStrings>
<add name="LDAPConnection"
connectionString="LDAP://domain.co.za/DC=domain,DC=co,DC=za" />
</connectionStrings>

Add the below configuration under <add name=”i” type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />


<add name="LDAPMembers"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LDAPConnection"
enableSearchMethods="true"
attributeMapUsername="samaccountname" />

Step 4 – Configure Claims-based web application

Central Administration > Manage Web Application > Select the web application > Authentication Providers > Default

  • Check Enable Forms Based Authentication (FBA)
  • Add “LDAPMembers” to ASP.NET Membership Provider name

Post to Twitter

Lync for Android

Recently I installed Lync for Android on my Samsung Galaxy Note leveraging my company’s office 365 service.  It didn’t go exactly smoothly and I thought it would be best if I shared my experience.

First things first download Lync for Android here (https://market.android.com/details?id=com.microsoft.office.lync) or search for it via Market on your phone.

Once Lync has been downloaded and installed, start it up, you will be presented with the following screen.

Simply add in your credentials to sign in.

*I added my domain credentials using Office 365 Single Sign on.  I will blog about that later.

If you see the following error “Can’t connect to server. It might be unavailable. Also check your network connection, sign-in address and server address”

To resolve this issue turn off Auto-Detect server and manually add in the Lync Discovery Address or SIP address https://sipdir.online.lync.com:443 for both external and internal, unless you have an internal WiFi and on premise Lync Server, then you would need to use that URL instead. The reason for adding this in manually if because your DNS settings are either not correct or have not propagated yet. Check out this guide for help.

Lync should now connect and prompt you with the following screen

Click Next

Add in your telephone number including country code and click next

You should be All Set!

Once you are in the Lync console you will be able to see “My Info”, “Contacts” and “Chats”

Chats is a very easy and cool way to chat to other Lync users, on the move!

Post to Twitter

Error creating SharePoint site collection using createsiteinnewdb

I had an issue when creating a new site collection in a new content database today using the following command.

 stsadm -o createsiteinnewdb -url http://sharepoint/newsite -owneremail brad@bradg.co.za -ownerlogin bradgadm-bgeldenhuys -sitetemplate "STS#0" -title "New site collection" -databasename WSS_Content_new 

The database was created and then the following error appeared

The site /newsite could not be created.  The following exception occurred: <nativehr>0x80070003</nativehr><nativestack></nativestack>.

The reason was because I did not add the correct Managed Path to the Web Application.  I then created the Explicit Managed Path for /newsite, deleted the content database (One needs to do this otherwise you will receive an error around unique ID’s ) and ran the above createsiteinnewdb again and was good to go.

Post to Twitter

Change SharePoint 2010 Web Application Name with PoSh

Tired of seeing ugly web application names in Central Administration? The easiest way to change that old outdated Web Application name is with PowerShell (PoSh for our 1337 users)


$Old=Get-SPWebApplication | where {$_.Name -match "Old web application name"}

$Old.Name $Old.Name="New web application name"

$Old.Update()

Thanks to Mathieu Chateau for the script.

Post to Twitter