After 2 days I finally managed to install SharePoint 2010 with a local account.
I ended up working from these 3 articles:
The rest I had to guess.
In Summary here is what I did
- Changed registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0\WSS\ServerRole == SINGLESERVER
- Used PowerShell command "New-SPConfigurationDatabase"
Step 1 should fix the local account problem
Note: After changing the registry you may have to reboot.
Step2 is to create the configuration database.
Before running Powershell make sure you have installed version 2 and you mahe to uninstall version 1 from features.
The reason I had to use the powershell command was because I was getting the following error during install:
CryptographicException: Keyset does not exist
It basically died during step 2 of the SharePoint 2010 products Configuration Wizard.
As I had never used powershell before there were a couple of gotchas.
1. At first I was running the wrong version of Powershell. You need to run the modules version.
2. At first I was getting an invalid credentials error. The trick was to run powershell with elevated privileges.
After completing these steps you should be able to run the SharePoint 2010 products Configuration Wizard successfully.
This week we set up Kerberos for a client. There are plenty of articles and blogs on how to do it so instead of writing another one I’ll just focus on what I believe will save you hours if not days if you are doing it for the first time. Namely how to avoid some gotchas.
- Firstly the article with the best step by step instructions was this. - http://technet.microsoft.com/en-us/library/cc263449.aspx
- As the Technet article does, get SQL working with Kerberos first before doing anything else.
- Don’t guess the SPN’s. You will end up with a mess. Keep a record of which SPN’s you set so you can reverse them. Keep them all in one script.
- Know your setspn commands
- setspn – a (add)
- setspn – d (delete)
- setspn – l (list)
- If you can’t debug Kerberos you will struggle. You NEED these tools & don’t be afraid to use them.
Wireshark, - http://www.wireshark.org/
ldifde & setspn - Windows 2003 resource kit
and some scripts I’ll mention in a sec.
The most common problems you can encounter with Kerberos are as follows:
1. Non-synchronized time on servers
Kerberos depends on time and if time on servers is different, Kerberos authentication will fail.
How to find out:
Run WireShark utility, start a packet capture and set the packet filter to the „kerberos“ expression. You should see a packet with error code KRB_AP_ERR_SKEW.
Synchronize time on all servers with AD server time.
2. Duplicate or missing SPNs
If you have multiple service accounts of one class (i.e. HTTP, MSSQLSvc) registered for one IP address or SPN wasn’t registered at all, Kerberos authentication will fail.
How to find out:
Run WireShark utility, start a packet capture and set the packet filter to the „kerberos“ expression. You should see a packet with error code KDC_ERR_C_PRINCIPAL_UNKNOWN or KDC_ERR_PRINCIPAL_NOT_UNIQUE.
On AD server use the ldifde.exe utility to find out the duplicate SPN.
ldifde -f c:\[output file name] -t 3268 -d "" -l servicePrincipalName -r "(servicePrincipalName=HTTP/[server name]*)" -p subtree
ldifde -f c:\spn_out.txt -t 3268 -d "" -l servicePrincipalName -r "(servicePrincipalName=HTTP/my-moss-server*)" -p subtree
3. Response too big packet
On some Windows servers system you can encounter a problem with UDP packet overflow that can result in the authentication failure.
How to find out:
Run WireShark utility, start a packet capture and set the packet filter to the „kerberos“ expression. You should see a packet with error code KRB_ERR_RESPONSE_TOO_BIG.
1. Start Registry Editor (Regedt32.exe).
2. Locate and then click the following key in the registry:
3. On the Edit menu, click Add Key, and then add the following registry key:
Key name: Parameters
4. On the Edit menu, click Add Value, and then add the following registry value:
Value name: MaxTokenSize Type: REG_DWORD
5. Quit Registry Editor.
1. Open the web application for which you enabled Kerberos and monitor the server’s security logs in event viewer for errors. Remember, if Kerberos doesn’t function properly the server falls back to NTLM.
2. Run the following SQL query on SQL server. You can see which services use Kerberos or NTLM authentication.
SELECT login_name, program_name, host_name, auth_scheme
FROM sys.dm_exec_connections C INNER JOIN sys.dm_exec_sessions S
ON C.session_id = S.session_id
3. Add an RSS webpart onto site homepage and use a list on subsite as the RSS source URL. If the RSS webpart displays RSS feeds then Kerberos authentication is working. RSS feeds from subsites do not work in MOSS without Kerberos.
Hope that saves someone time. Good luck with your Kerberos config!!!
After setting up the people search in MOSS I was getting duplicate results.
The problem was that I had indexed people in Central Admin as well as Shared Services.
The answer is to only index the Shared services using sps3://servername:[ssp port] and not the central admin site.
Remember use sps3 for indexing people and also remember that Soylent Green is people.
MOSS does not allow you to set a default custom theme to your sites upon creation. The most painful example is in mysites. There are articles that give you the full detail on how to get around this but here is the quick and easy way thanks to our good friend Scot Hillier and his SharePoint 2007 Features on Codeplex.
Download Themechanger from http://www.codeplex.com/features/Release/ProjectReleases.aspx?ReleaseId=2502
Install it on server
Find both WSP files and deploy.
Edit the Feature.xml file in 12\TEMPLATE\FEATURES\Themechanger
The last bit is to assign which site definitions should apply the theme.
You edit this in the Elements.xml file.
I added the line for mysites - SPSPERS#0
To see how to get a list of all site templates go here - http://stsadm.blogspot.com/2007/08/set-available-site-templates.html
Make sure you recycle your app pool for changes to take effect.
That’s it, should all work!!
1. Its Expensive
A SharePoint implementation doesn't have to be expensive. The most commonly used features such as:
These all come standard with Windows SharePoint Services (WSS).
WSS comes free with Windows Server 2003 and 2008. You don't even have to
purchase a SQL server licence.
2. It's not user friendly
Because SharePoint is easy to get up and running and is relatively inexpensive, many organisations install it and provide no training or instruction to their staff.
Like any highly functional software, SharePoint can introduce a lot of new concepts and so there are certain steps that should be taken by every organisation implementing SharePoint:
Assign a SharePoint champion(s).
Someone who has a good understanding of SharePoint from a users perspective and can help with day to day issues.
Someone to help manage change in an organisation, often with resistance from users.
With proper planning many of the common usability issues users experience when they first encounter sharepoint can
be greatly reduced or even removed. E.G Hiding features that are unnecasary or by creating shortcuts to the most commonly used features.
3. It doesn't look good always looks like SharePoint.
When it comes to the look and feel of SharePoint there are really 2 different SharePoints.
There is the Web Content Managment Side (WCM) and the Enterprise Content Management (ECM) side.
The good news is that the WCM side can be made to look however you choose.
Some of the best examples can be found here - http://www.wssdemo.com/Pages/topwebsites.aspx
The ECM side which is more commonly used for intranets is easy to brand, harder to customise but can still be done so with a bit of effort.
Examples of what can be done can be seen on sites such as sharepointpackages.com
4. It's only a document management system
Although the fantastic Document Management functionality is what initially attracts most organisations to SharePoint,
Document Management is only skimming the surface of SharePoint's capabilities.
Some of the out of the box features are
and much more
5. It can be installed and configured by your IT dept even if they have no
SharePoint installations can be done by anyone with IT experience but there are likley to be many best practices that will get overlooked.
Examples are incorrect permissions, sub optimal performance configuration, planning for future growth and correct back up procedures.
Ever go into a meeting where clients have asked you questions that you didn't know the answer to? No, that's never happened to me either. But a friend of mine thought every time he went into a meeting where a client asked him a (sensible) question he didn't know the answer to, he would list it here so that others could ponder the answers.I'll list the answers if I find them - Whoops - I mean if he finds them.
- Can the mysites left hand side nav contain different items by default on creation?
- Can you prevent users from creating subsites under my sites?
- Apparently yes - http://www.sharepointblogs.com/tbaginski/archive/2006/11/14/how-to-prevent-creation-of-sub-sites-within-moss-2007-my-sites.aspx
- Can you change the users display name?
- Yes. - http://www.21apps.com/sharepoint/user-profiles-why-do-my-changes-not-show-in-other-sites/ Basically just need to change or remap the name field in user profile properties in Central Admin.
- Once users are imported from AD, can you clear them all out?
SharePoint out of the box supports only one way replication of user from AD to SharePoint which ofcourse means that when users update their profiles in their Mysites it doesn;t get replicated back to AD.
Even worse, their properties can get overwritten during the next profile import from AD.
The 2 recommended methods for updating AD from SharePoint that I have heard of are..
- Microsoft Identity Lifecycle manager
- Bamboo Solutions User Sync
From my little research the Bamboo Solutions seems to be a lot better. - ee review here - http://www.sharepointreviews.com/component/content/article/50-user-management/102-User-Profile-Sync-Web-Part-by-Bamboo-Solutions.html
ILM requires creating an import file from SharePoint - Already sounds too complicated if you ask me.
If anyone has experience with this, I would love to hear some feedback.I will probably end up using the Bamboo Solution so will be able to provide some feedback soon.
In part 1 we looked at creating a Staff Directory using the User
Information List. This time we'll attempt it with the People Search.
begin with obviously we need to be able to search find people using the
search. I have already set up a site using the Search Center site
template. The only problem is I am getting no results when searching
I followed these instructions. - http://groups.google.com/group/microsoft.public.sharepoint.portalserver.development/browse_thread/thread/6f01af3e9da9e0b2/3caa0e3d6d1237c1
and it now works.
The first thing we can explore is what happens when we click edit on the page. Remembr that the search results page is actually a publishing page which is why it sits in a /pages directory.
Looking at this page in edit mode can provide some insight into what all those search web parts in the web parts gallery do. The capabilities of this page are beyond the scope of this article but will definitely be revisited in another article.
One of the requirements of the staff directory is that users should be able to click on a letter like this..
This was easily achieved by modifying the script found here - http://www.ramonscott.com/wordpress/?p=8
to look like this.
peoplesearch.txt (1.85 kb)
Next we want to customise the layout of the search results themselves. As with most of the web parts you will need to edit the XSL. Before you do though note that there appears to be a bug that throws an error every time you edit the XSLT. You can ignore it but unfortunately you can't see any changes you make until you publish the page. More info here - http://www.sharepoint-tips.com/2007/04/error-item-with-same-key-has-already.html
Instructions on customisation can be found here - http://www.sharepointology.com/development/customize-the-people-search-results-part-1/ and here - http://www.sharepointology.com/development/customize-the-people-search-results-part-2/
I was going to provide some of these instructions myself but these articles explain them really well.
Just to add a few finishing touches we can adjust the search dropdown options by mofidying propeties of searchbox.
I added favourite Cake and it now looks like.
Staff directories are a very common request for Intranets. Oddly SharePoint doesn't have a feature called Staff Directories but it contains many bits and pieces that can help build one.
i.e People Search, Custom user properties, My sites, People and Groups page.
There are also out of the box solutions that you can purchase from http://www.bamboosolutions.com such as http://store.bamboosolutions.com/p-41-user-directory-web-part-release-14.aspx
Or you can write code such as http://blogs.syrinx.com/blogs/sharepoint/archive/2007/10/05/sharepoint-2007-face-book-web-part.aspx
This article is to demonstrate how far we can go with just out of the box configuration trying various methods.
Method 1 - Using the User Information List
################### Read this First ################################
Before you try this at home, please note that this solution is very limited. I am making notes as I attempt various methods and these articles are my findings not neccesarily the best solutions.
A better solution is found in part 2 of this article - http://blog.sharepointsydney.com.au/post/Creating-a-staff-Directory-in-SharePoint-Part-2-People-Search.aspx
Pros of this method
Very easy to set up
- Does a good basic job
- Some decent styles and info available OOTB
- Can't create own styles
- Content doesn't synch with SharePoint Profiles (This may be fixable with Bamboo Solutions User Sync)
- As users are removed from SharePoint they still remain in this list (This may be fixable with Bamboo Solutions User Sync)
- Can't edit the page that results appear on. E.G Can't add web parts.
- Can't search for users. Can only group by SharePoint groups.
- When users update their details in MySites it takes a while for the UIL to reflect the changes. This is because syncing is done by a Timer Job called "Profile Synchronization" which runs by default once an hour.
More info: http://sharepointsherpa.com/2008/01/31/employee-directory-using-user-information-list-in-sharepoint-2007/
As part of the experiment I will use the Personalization Site Template
to create a dedicated Staff Directory site for no particular reason
other than I want to see what this site template does.
So here is what the new site looks like. It is just a normal site but it contains a couple of filters preloaded on the page. It also applies a link to this area directly to the creators mysites section.
Now let's go to the People and Groups page and see what our options are.
In this image you can see that I have actually jumped a few steps ahead.
Really all that I have done is created a few groups - Sales, Marketing etc. Under Settings -> 'Edit Group Quick Launch' you can define which groups to show in the Quick Launch on the left.
In our example the client would like to be able to browse by department so we can either create groups to represent each department or perhaps these departments already exist if you are using AD.
Next notice in the top right dropdown that we have created a new view called Staff Directory. You could create as many views as you like perhaps even filtering by location. Or alternatively instead of using the groups in quick launch you could use the views to filter by dept instead.
Note: For some reason list settings option only appears from the top level site which is where you go to create custom views.
Here is where we start the limitations of this approach. You can create a new view but the properties that are displayed in that view seem to be limited to these.
Not sure at this point if you can add more. This may not be a huge limitation as all we areally want this view fo ris to display some basic info about the users and if they want more they can really click through to the user MySite page.
The other bit of customisation for this view is that you can select different styles for displaying the info.
I'm trying to find if you can create your own styles but can't find any info.
You can open any of the views of the UIL from SharePoint Designer by opening the root site but the only options available appear to be the same as you get from the browser view.
On thing I noticed is that a ListViewWebPart is used to display the info but can't find any info on editing styles for LVWP either.
At this point this solution is not looking flexible enough for me so I am abandoning it and moving onto trying the People Search instead in part 2 of this artilce.
I was trying to format the layout of the Custom Query Webpart similar in fashion to instructions found at http://www.heathersolomon.com/blog/articles/CustomItemStyle.aspx.
The problem was that no matter what I did in CQWP based on the announcements list the title and image appeared but the body text was not showing up.
After reading a few articles including http://martijnmolegraaf.blogspot.com/2008/12/configuring-and-customizing-content_20.html I realised that body was a custom field and so I needed to export the webpart.
Edit the exported webpart file with all my custom fields.
The line to edit looked like
<property name="CommonViewFields" type="string">
Note the name followed by datatype.
Then import the webpart back in and use it as you would any other CQWP.