Cloud based services are becoming more popular as more organisations recognise the costs savings that come from letting someone else manage your software and infrastructure. So what does it mean for companies wanting to deploy SharePoint in the cloud?
The pros
- Less expertise required to get up and running
- Guaranteed up times
- Less maintenance. Back ups and updates are done for you
- Add on services – Office 365 can provide a full suite of tools including LYNC (Communications Server), Hosted Exchange, Dynamics CRM
- Cheap if you have 10 or less users.
The Cons
- There is a minimal custom SharePoint Development allowed. Forget third party add-ons or customising the look and feel too much
- It won’t be as fast as an in house system. Especially when uploading and downloading documents
- You can’t integrate it with other systems you have on premises
- You need to run Federated Active Directory services so that your users can be imported into SharePoint
Conclusion
If you are a small company that just needs the built in SharePoint functions and isn’t concerned about the look and feel of their site and especially if you don’t have in house IT support then Office 365 is probably a good solution.
If you are a larger organisation who’s needs may grow to require custom functionality then we wouldn’t advise at this point. Plans start at approx. $8 per user per month and go up significantly depending on your plan so it is cheap if you only have a few users.
If you would like to discuss SharePoint Design, SharePoint Customisation or SharePoint Development call Webcoda to speak to one of our SharePoint Experts!
Download the SharePoint Permissions Planning Worksheet here
I was going to write a blog about what I considered best practices around SharePoint security but Jasper Oostervald - https://www.nothingbutsharepoint.com/sites/eusp/Pages/SharePoint-Permissions-Part-1.aspx in his 2 part blog pretty much covered exactly what I wanted to say and more.
So instead of rewriting what he said I hope to add something by providing a worksheet that I have been working on. It’s really in Alpha so if anyone can improve on it and share what they have done that would be great.
In case you are unaware, Microsoft provides planning worksheets here - http://technet.microsoft.com/en-us/library/cc262451.aspx
In my opinion most of them complicate things by having columns that most of our projects don’t really use.
I am hoping my one is simpler and more useful.
This worksheet has 4 tabs and instructions and tips.
Start by looking at the “Sites” tab.
Here you add your sites and the permissions of those sites.
You may need to go to the Groups tab to add your new groups that you will need.
The “Content” tab is very similar to the “Sites” tab but is for assigning permission to the libraries and lists in your site.
If your dropdowns stop working you may need to reset them by following these instructions - http://spreadsheets.about.com/od/datamanagementinexcel/qt/20071113_drpdwn.htm.
I would love to get some feedback to see if this worksheet is of use to anyone or even better if someone with actual Excel skills can improve it, that would be great!
Although SharePoint provides the ability for users to be able to tag their own content, I find it tends to get a bit unmanageable and like to stick to the “Managed Metadata” feature with hierarchical predefined tags.
Here are my guidelines for tagging:
- Think long and hard about your top level tags. You shouldn’t need more than 10 at most and there should be as little cross over as possible. Again don’t have more than 10 items per each individual branch.
- When deciding what the tags should be, think of words that will segregate content into even chunks. Don’t create a tag that will only ever be used once. Think of the game Guess Whowhere you are trying to find the person in as few guesses as possible. You don’t start with some obscure physical feature. The first question is usually - Are you a boy (or girl) to split the content evenly.
- Try not to go more than 3 levels deep in the hierarchy at first, including the top level. You can always add further levels if drilling that far down still displays too many articles.
- Don’t use words that are going to change often such as names of clients or projects. The list will eventually get too long to be useful. In this case it may be easier to keep a list of all clients in a custom list that is referenced through a site column.
The “Site Content and Structure” reports are a great way of finding files which are pending approval or checked out but I just realised you can create your own reports.
If you have never seen these reports before:
Go to site settings –> Site Administration –> Content and structure
But you can create you own reports by going to “View all site content”
Under lists –> Content and Structure Reports
Here you can see all the reports available from C & S as well as the CAML that makes these reports.
We have a form which is used for requesting leave. We were asked to put a cancel button on it so that the requester could cancel their request if it has not been approved yet. This would need to cancel any attached workflows. The approval workflow is a standard SharePoint approval workflow.
The workflow is based around a task assigned to an approver in the workflow.
This task would be created by Start Approval Process in the workflow.
Unfortunately SharePoint does not provide a good solution for deleting this.
You could write an event handler but that’s hard to manage.
You could show users how to manually cancel workflows but that’s too complicated for some users.
You could create some whacky workflows that manage themselves but that’s too messy.
Our solution:
In the form create a status field. This field will have the following possible values: pending, cancelled, approved, rejected.
When a user cancels the leave request by clicking cancel in the form, we will update the status of the form to be cancelled. There will still be a task assigned to the approver that needs to be cancelled.
change the behaviour of the task
to check when the status field in the form changes to anything but pending.
Once it changes you can End Task Process to cancel the task.
After spending 3 days trying to work out why columns wouldn’t appear after being promoted from InfoPath, we finally resolved it today. This form had been previously working but the client decided they wanted more fields promoted.
The bad news is that it kind of solved itself. All I did was go back to basics and republish the form. Although I was told that we had tried this many times I just did it again on my pc. Previously it had been published from another pc. The columns appeared in the content type created by this form.
I then had to manually add the columns to the list from existing columns in that content type.
There are many people online complaining about having this issue but I can’t find anyone who can suggest a good answer. My suggestion is to try and republish your form until it works.
Update 29-June-2011:
One way to go about "resolving" this problem is to delete the columns and then re-publish your InfoPath form.
Delete columns using PowerShell in SharePoint 2011. Get the PS script for deleting columns from this blog. After you run this script you can delete specific columns with the command: Delete-WorkflowColumn -webURL http://portal -listName "Documents" -columnName "Column Name"
function Delete-WorkflowColumn ($webURL, $listName, $columnName)
{
#Setup variables from the user input
$web = Get-SPWeb $webURL
$list = $web.Lists[$listName]
$column = $list.Fields[$columnName]
#Make sure the column is not hidden or read only
$column.Hidden = $false
$column.ReadOnlyField = $false
$column.Update()
#Delete column and dispose of the web object
$list.Fields.Delete($column)
write-host "Deleted column"
$web.Dispose()
}
Now re-publish your InfoPath form.
The new InfoPath columns will appear with correct settings.
There is a bit of information around about upgrading from MOSS to SharePoint 2010 and from WSS to Foundation Server but not a lot about upgrading from WSS to SharePoint 2010 Enterprise.
I just did the upgrade and I can’t believe how easy it is. The only caveat was that my WSS was pretty vanilla and only had a few lists and doc libraries. I don’t guarantee this will work for everyone.
I just followed these steps.
- Back up your content database
- Install SharePoint 2010 but don’t set up a site collection
- Restore your content DB
- Use the Mount-SPContentDatabase command using powershell. The exact instructions for this can be found here. *
- Once the upgrade is complete your site will look like the WSS but you can use the Visual Upgrade from Site Actions to give it the new SP 2010 look.
*If you have never used Powershell before see some gotchas I wrote about here.
After 2 days I finally managed to install SharePoint 2010 with a local account.
I ended up working from these 3 articles:
http://technet.microsoft.com/en-gb/library/cc262485%28office.14%29.aspx#section4
http://sharepoint-sandbox.com/index.php?/Tips-and-Tricks/Infrastructure/tip-65-how-to-install-sharepoint-2010-using-local-account.html?directory=14
http://www.codersbarn.com/post/2009/11/21/Install-SharePoint-2010-on-Windows-2008.aspx
The rest I had to guess.
In Summary here is what I did
- Changed registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0\WSS\ServerRole == SINGLESERVER
- Used PowerShell command "New-SPConfigurationDatabase"
Step 1 should fix the local account problem
Note: After changing the registry you may have to reboot.
Step2 is to create the configuration database.
Before running Powershell make sure you have installed version 2 and you mahe to uninstall version 1 from features.
The reason I had to use the powershell command was because I was getting the following error during install:
CryptographicException: Keyset does not exist
It basically died during step 2 of the SharePoint 2010 products Configuration Wizard.
As I had never used powershell before there were a couple of gotchas.
1. At first I was running the wrong version of Powershell. You need to run the modules version.
2. At first I was getting an invalid credentials error. The trick was to run powershell with elevated privileges.
After completing these steps you should be able to run the SharePoint 2010 products Configuration Wizard successfully.
Good luck!!
This week we set up Kerberos for a client. There are plenty of articles and blogs on how to do it so instead of writing another one I’ll just focus on what I believe will save you hours if not days if you are doing it for the first time. Namely how to avoid some gotchas.
My tips.
- Firstly the article with the best step by step instructions was this. - http://technet.microsoft.com/en-us/library/cc263449.aspx
- As the Technet article does, get SQL working with Kerberos first before doing anything else.
- Don’t guess the SPN’s. You will end up with a mess. Keep a record of which SPN’s you set so you can reverse them. Keep them all in one script.
- Know your setspn commands
- setspn – a (add)
- setspn – d (delete)
- setspn – l (list)
- If you can’t debug Kerberos you will struggle. You NEED these tools & don’t be afraid to use them.
Wireshark, - http://www.wireshark.org/
ldifde & setspn - Windows 2003 resource kit
and some scripts I’ll mention in a sec.
Using Wireshark
The most common problems you can encounter with Kerberos are as follows:
1. Non-synchronized time on servers
Cause:
Kerberos depends on time and if time on servers is different, Kerberos authentication will fail.
How to find out:
Run WireShark utility, start a packet capture and set the packet filter to the „kerberos“ expression. You should see a packet with error code KRB_AP_ERR_SKEW.
Solution:
Synchronize time on all servers with AD server time.
2. Duplicate or missing SPNs
Cause:
If you have multiple service accounts of one class (i.e. HTTP, MSSQLSvc) registered for one IP address or SPN wasn’t registered at all, Kerberos authentication will fail.
How to find out:
Run WireShark utility, start a packet capture and set the packet filter to the „kerberos“ expression. You should see a packet with error code KDC_ERR_C_PRINCIPAL_UNKNOWN or KDC_ERR_PRINCIPAL_NOT_UNIQUE.
Solution:
On AD server use the ldifde.exe utility to find out the duplicate SPN.
ldifde syntax:
ldifde -f c:\[output file name] -t 3268 -d "" -l servicePrincipalName -r "(servicePrincipalName=HTTP/[server name]*)" -p subtree
Example:
ldifde -f c:\spn_out.txt -t 3268 -d "" -l servicePrincipalName -r "(servicePrincipalName=HTTP/my-moss-server*)" -p subtree
3. Response too big packet
Cause:
On some Windows servers system you can encounter a problem with UDP packet overflow that can result in the authentication failure.
How to find out:
Run WireShark utility, start a packet capture and set the packet filter to the „kerberos“ expression. You should see a packet with error code KRB_ERR_RESPONSE_TOO_BIG.
Solution:
1. Start Registry Editor (Regedt32.exe).
2. Locate and then click the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos
3. On the Edit menu, click Add Key, and then add the following registry key:
Key name: Parameters
4. On the Edit menu, click Add Value, and then add the following registry value:
Value name: MaxTokenSize Type: REG_DWORD
Radix: Decimal
Value: 65535
5. Quit Registry Editor.
1. Open the web application for which you enabled Kerberos and monitor the server’s security logs in event viewer for errors. Remember, if Kerberos doesn’t function properly the server falls back to NTLM.
2. Run the following SQL query on SQL server. You can see which services use Kerberos or NTLM authentication.
SELECT login_name, program_name, host_name, auth_scheme
FROM sys.dm_exec_connections C INNER JOIN sys.dm_exec_sessions S
ON C.session_id = S.session_id
3. Add an RSS webpart onto site homepage and use a list on subsite as the RSS source URL. If the RSS webpart displays RSS feeds then Kerberos authentication is working. RSS feeds from subsites do not work in MOSS without Kerberos.
Hope that saves someone time. Good luck with your Kerberos config!!!
After setting up the people search in MOSS I was getting duplicate results.
The problem was that I had indexed people in Central Admin as well as Shared Services.
The answer is to only index the Shared services using sps3://servername:[ssp port] and not the central admin site.
Remember use sps3 for indexing people and also remember that Soylent Green is people.