Issue with migrating custom list templates

If you're trying to export custom list template (with or without content) from one SharePoint collection or farm to the other, you might notice that your recently imported list template does not appear on the "Create Page" page of that site, which means that you cannot use the new template to create new list. This issue appears to be caused by the fact that your list definition ID of the new custom template is different

The workaround is to:

  • After you have imported your template, go to List templates section (Site Actions >> Site Settings >> List Templates) and write down the Title and Feature ID fields.
  • Now create new empty custom list and call it EmptyList
  • Create new list template based on the EmptyList (Settings >> List Settings >> Save List as Template)
  • Now when you try to create new list, you will see EmptyList on the list gallery. If you hover your mouse over the EmptyList item in the list gallery, your browser's status bar should display the URL similar to:
    http://SHAREPOINT/_layouts/new.aspx?NewPageFilename=EmptyList%2Estp&FeatureId={00bfea22-ec85-4403-972d-ebe475780216 }&ListTemplate=100
  • Replace the NewPageFilename and FeatureId entries with the values noted at the step one. Your new URL will look something like that:
    http://SHAREPOINT/_layouts/new.aspx?NewPageFilename=ImportedListName%2Estp&FeatureId={00bfea71-de22-43b2-a848-c05709900100}&ListTemplate=100
  • Copy modified URL to the address bar and hit Enter
  • Configure the name and the description of the list and hit Create. Your newly created list will be based on the imported list template.

Be cautious of the automatic web part installers

If one beautiful morning your SharePoint designers complain that they now get "The server sent a response which SharePoint Designer could not parse…" error when they try to edit SharePoint page or page layout, and/or your SharePoint developers all of the sudden are unable to access any of the SharePoint services under _vti_bin folder (like _vti_bin/lists.asmx), then check your web.config file. The tags in <httpHandlers> section in web.config file are probably out of order.

<remove verb="*" path="*.asmx" /> tag needs to be posted before any of the <add > tags in <httpHandlers> section in web.config file, otherwise the SharePoint web services path configuration breaks.

In our case this issue was caused by the web part install that incorrectly modified web.config file to configure AJAX in SharePoint. I guess the lesson is always be cautious of the automatic web part installers J

SharePoint and Vista: a problem with “Explorer View” and “Create list from spreadsheet”

We have recently encountered a problem with some of the SharePoint (WSS or MOSS) features not working properly in Windows Vista:

  • When users attempt to display a document library in the Explorer view within the web application that uses Kerberos authentication, nothing happens: Explorer view never comes up and no errors displayed either
  • Or, when users attempt to display a document library within the web application that uses NTLM authentication, they get "Your client does not support opening this list with Windows Explorer" error;
  • When users attempt to create list from Excel spreadsheet they get "Method 'Post' of object 'IOWSPostData' failed" error

After a lot of research and many unsuccessful attempts to fix these problems using various solutions found on the web, I have finally able to find a workaround that have worked on Windows Vista 32-bit.

Solutions that did not work in our situation:

  • Installing and enabling WebDav on IIS 7
  • Installing Desktop Experience on Windows 2008 server 64 bit
  • Modifying EXPTOOWS.XLA macro file to force using a different version number
  • Etc…

The workaround that worked:

  • Install hotfix KB945015 on the client machine to fix a bug caused by an extra forward slash mark (/)appended to the query path of a WebDAV PROPFIND request
  • Install Web folder hotfix on the client machine to get Vista map a drive to a web location on SharePoint
  • Map a "Web Network Location" on your PC to the root of the SharePoint site in question and ensure that you save the credentials

This workaround only worked for Windows Vista 32-bit.



Related resources:

On with the new… server that is

As a part of our continuing commitment to the server/service improvements and never-ending technological progress, we have moved ObjectSharp blogs to the new (better, faster, and prettier) server. ObjectSharp has always demonstrated a leadership in adopting cutting-edge technologies, so moving our blogs to the emerging cloud services only makes sense for us. For now, we use Amazon Elastic Compute Cloud running Windows, at least until Microsoft Windows Azure cloud services mature. More updates and upgrades coming soon. Stay tuned…

Please update your favorites and RSS feeds with the new URL: http://blogs.objectsharp.com

How to change the URL for SharePoint Central Administration site

I have been working on configuring high availability for SharePoint servers (MOSS or WSS), and for a little while I wasn't able to figure out the way to modify the URL for SharePoint Central Administration site. So, basically you extend the Central Administration web application (using GUI or psconfig command) to run on multiple servers, and when you click on SharePoint Central Administration icon you're still redirected to a specific SharePoint server instead of been redirected to the Load Balancing URL. Anyway, as it turns out the URL has to be changed via registry on all SharePoint servers. Weird?!

To change the URL for SharePoint Central Administration URL:

  • Open Registry editor
  • Backup the registry before making any changes!!!
  • Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\WSS and change the value of CentralAdministrationURL to whatever you want to be


Related resources:

How to change the port number for SharePoint Central Administration site

To change a port number that SharePoint Central Administration site is running on:

  • Open Command Prompt
  • Go to BIN folder in SharePoint install directory (by default, it would be "C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN")
  • To get the port number that Central Administration site is currently running on, type

    stsadm.exe -o getadminport
  • To change a port number that SharePoint Central Administration site is using, type

    stsadm.exe -o setadminport -port <portnumber>

SharePoint: No easy way to deny access

For a sophisticated web application, SharePoint (WSS or MOSS) is missing a feature as simple as Deny access (Deny Read, Deny Write, Deny All). To deny access to the SharePoint for single user or a group of users, you modify Policy for Web Application in SharePoint Central Administration:

  • Open SharePoint Central Administration
  • Click on Application Management
  • Then, under Application security, click on Policy for Web Application
  • Select correct web application in the drop down
  • Click on Add Users
  • Select web application and the zone. Click Next
  • Enter the username or security group. Select Deny Write or Deny All and click on Finish

Note: This will deny access to the whole web application in SharePoint! There is no way to deny access to a specific SharePoint item (site, list, document library and so on)

Hopefully Microsoft will fix this weakness in the next service pack or so…

SharePoint bug: extending web application breaks the backup process

There appears to be a bug in SharePoint (WSS or MOSS) that breaks the backup process after extending a web application. If you need to add host headers or load balancing URL to your SharePoint web application, the only way to do that is to extend your web application (SharePoint Central Administration >> Application Management >> Create or extend Web application >> Extend an existing Web application). Even though extending web application allows you to add load balancing URL and host headers, for some reason, it breaks the backup for all site collections and sites that use that web application. You could still backup SharePoint site collection using stsadm.exe command (stsadm.exe –o backup –url http://damagedWebApp/ -filename backup_damaged_webapp.bak), but built-in SharePoint backup through Central Administration wouldn't work. You will start receiving an error (Error: Object SharePoint - 80 failed in event OnPrepareBackup. For more information, see the error log located in the backup directory. KeyNotFoundException: The given key was not present in the dictionary) every time you attempt to backup modified web application using Central Administration website.

To get backup process working again you will have to perform the following steps:

  1. Backup your web application database through Microsoft SQL Server Management Studio!!!
  2. Detach the content database from the web application:
    1. Go to SharePoint Central Administration >> Application Management >> Content Databases
    2. Make sure to select damaged web application form the drop down list, otherwise you will messing with the wrong web application
    3. Click on the content database used by damaged web application
    4. Check "Remove content database" and click OK (ignore the warning). Removing the content database does not delete the database; it only removes the association of the database with the Web application. This action is analogous to detaching a database in SQL Server in that the content of the database remains intact.
  3. Delete the web application (remove SharePoint from it):
    1. Go to SharePoint Central Administration >> Application Management >> Delete Web Application
    2. Make sure to select damaged web application form the drop down list
    3. Leave "Delete Content Databases" and "Delete IIS Websites" options set to "No". You can always remove them later, right now we are only interested in removing SharePoint references to the damaged web application
  4. Create a new web application with the appropriate settings for host header, load balancing URL and so on:
    1. Go to SharePoint Central Administration >> Application Management >> Create or extend Web application >> Create new Web application
    2. Configure new web application settings. Don't forget host headers, new website and port settings, and load balancing URL (as needed) and click OK
  5. Remove content database of the newly created web application by running
    stsadm.exe -o deletecontentdb -url http://newwebapplication:port -databasename NEW_WEBAPP_DB
    Go to http://technet.microsoft.com/en-us/library/cc262449.aspx for more information on deletecontentdb operation of stsadm.exe command
  6. Attach the existing database to the new web application by running
    stsadm.exe -o addcontentdb -url http://newwebapplication:port -databasename OLD_WEBAPP_DB
    Go to http://technet.microsoft.com/en-us/library/cc263422.aspx for more information on addcontentdb operation of stsadm.exe command
  7. Make sure that host headers in IIS as well as Alternate Access Mapping is set properly and try running the full SharePoint backup again through Central Administration.

After those steps you will probably also have to configure search server setting for your content database (SharePoint Central Administration >> Application Management >> Content Databases >> Select Search Server from drop-down list) and get full crawl running to make sure that your search is up-to-date and working properly.

Now that your backup is running again, it should safe to remove:

  • the database that was created with new web application (see Step 5 above)
  • the website used by damaged web application (assuming you don't need this website for anything else)

 



Related resources:

Implementing Kerberos for SharePoint running on Windows Server 2008 and IIS7

Before I start writing how to set up Kerberos authentication in SharePoint, let me explain our set up a little bit, i.e. server names, account names and so on that will be used in this guide:

WSSSERVER1 – SharePoint web front server

WSSSERVER2 – another web front server (optional)

DBSERVER1 – database server running Microsoft SQL Server 2005 SP2

Domain\wss_srvc_account – User account used to run SharePoint services

Domain\sql_srvc_account – User account used to run SQL services on database server

Domain\wss_apppool – User account used to run SharePoint web application pool

Domain\mysite_apppool – User account used to run My Site web application pool

Domain\sspadmin_apppool – User account used to run Shared Services Provider web application pool

 

To set up a Kerberos authentication in SharePoint (WSS or MOSS) you need to do a bunch of small configuration changes:

  1. Make sure that you have host headers set up for your SharePoint sites. For example, in case of Windows SharePoint Services you will have only the main SharePoint website, whereas in case of Microsoft Office SharePoint Server 2007 you will have main SharePoint website, My Site website, and Shared Services Provider Sites. For the sake of simplicity, let's call those host headers: http://sharepoint, http://mysite, http://sspadmin respectively.
  2. Update Alternate Access Mappings to point websites to website host headers. In other words, replace http://servername:2222 entry with http://sharepoint

     

  3. Add SPN records for:
    1. Hostnames and FQDN of computer account(s) of your SharePoint server(s), for example
      Setspn.exe -A HTTP/WSSSERVER1 DOMAIN\wss_ srvc_account
      Setspn.exe -A HTTP/WSSSERVER1.domain.local DOMAIN\wss_srvc_account
      Setspn.exe -A HTTP/WSSSERVER2 DOMAIN\wss_ srvc_account
      Setspn.exe -A HTTP/WSSSERVER2.domain.local DOMAIN\wss_srvc_account
    2. Hostnames and FQDN of computer account of your SQL server, for example
      Setspn.exe -A MSSQLSvc /DBSERVER1:1433 DOMAIN\sql_srvc_account
      Setspn.exe -A MSSQLSvc /DBSERVER1.domain.local:1433 DOMAIN\ sql_srvc_account
    3. Host headers for your SharePoint websites, for example
      Setspn.exe -A HTTP/INTRANET DOMAIN\wss_apppool
      Setspn.exe -A HTTP/ INTRANET. domain.local DOMAIN\wss_apppool
      Setspn.exe -A HTTP/MYSITE DOMAIN\mysite_apppool
      (Do not apply in case of WSS)
      Setspn.exe -A HTTP/MYSITE. domain.local DOMAIN\mysite_apppool
      (Do not apply in case of WSS)
      Setspn.exe -A HTTP/SSPADMIN DOMAIN\sspadmin_apppool
      (Do not apply in case of WSS)
      Setspn.exe -A HTTP/SSPADMIN. domain.local DOMAIN\sspadmin_apppool
      (Do not apply in case of WSS)

       

    1. Configure "Trust for Delegation" on all computer accounts and user accounts used in SharePoint configuration. To configure "Trust for delegation":
      1. Open Active Directory Users and Computers management console
      2. Right click on a user or computer account that require ""Trust for Delegation" configured and click on Properties
      3. Where you find this option in the GUI depends on the Active Directory functional level. In case of Windows 2000 domain, the option is under Account tab for user accounts and General tab for computer accounts. In case of Windows 2003 domain, the option is under a separate Delegation tab. Note: Delegation tab is only visible for accounts that have SPNs registered

         

  4. Configure Component Services to allow Local Launch and Activation permissions for IIS WAMREG Admin Service for all application pool accounts used in SharePoint configuration. To configure Component Services setting go Control Panel >> Component Services >> Computers >> My Computer >> DCOM Config >> properties of the "IIS WAMReg Admin Service" >> Security tab >> edit "Launch and Activate Permissions" >> add "Local Launch" and "Local Activation" permissions for all the application pool accounts

     

  5. Because in IIS7 HTTP.sys is handling the authentication, it is by default done under the LocalSystem account regardless of the application pool account you're using. However, because even a single SharePoint server configuration is now considered a web farm, we should use a domain account to run SharePoint application pools. As a result we need to modify applicationhost.config file to configure the useAppPoolCredentials attribute in system.webServer/security/authentication/Windows-Authentication configuration section to true.

    <windowsAuthentication enabled="true" useKernelMode="true" useAppPoolCredentials="true"/>

     

     

  6. Once you have made a change to applicationhost.config file you might start getting errors 6398, 7076, 6482 in your Event Viewer. To get rid of those errors you need to apply hotfix KB946517. This hotfix is currently is available for Windows Server 2003, XP and Vista and it is under development for Windows Server 2008. I have used Vista version of the hotfix on Windows Server 2008 and it seems to have worked fine (knocking on wood...)

     

  7. Now you're ready to switch your SharePoint web applications to Kerberos authentication. Open SharePoint Central Administration >> Application Management >> Authentication Providers >> choose your web application >> change authentication to Negotiate (Kerberos)

     

     

  8. In case of MOSS, to change your Shared Services Provider web application to use Kerberos authentication run the command: stsadm.exe -o SetSharedWebServiceAuthn –negotiate. Stsadm.exe is usually placed under C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\bin.

 

 

That's it, you should now have your web applications using more secure Kerberos authentication. You can use Fiddler (http://www.fiddlertool.com/Fiddler2/version.asp) to verify that your web application is in fact using Kerberos authentication. Here are a few links that will help you might find useful:



Related resources:

How to get Exchange 2007 running on a virtual server

It's been a while since I blogged about something. Maybe it's because I've been busy lately, maybe it's because of I've spent a week at the TechEd conference (the best conference ever, by the way) and a week working on my tan at Daytona Beach, or maybe it's because I'm just getting old and lazy. But I digress...

I have recently had the "pleasure" of installing Microsoft Exchange 2007 SP1 on a virtual server running Windows Server 2008. I was eager to try Microsoft's latest and greatest product. Originally I wanted to install it on Microsoft Virtual Server, but unfortunately MS Virtual Server doesn't support 64-bit virtual servers on a 32-bit host server! So, to get virtual server running, I had to rebuild the physical server, which makes no sense to me whatsoever. Since I was willing to do that, I had no choice but to go with VMWare Virtual Server which fully supports 64-bit virtual servers on a 32-bit host server. VMWare's product turned out to be an excellent product with tons of easy to use features. Hopefully, Microsoft's product will soon catch up.

Usually, I would never recommend running Exchange 2007 virtually in the production environment, unless you have a kick-a$$ host server to run it or if you have fewer than 50 mailboxes. But if you have to - or want to - run Exchange 2007 on VMWare Virtual Server, you need to know that Microsoft does not support this scenario. Even though for the most part it runs fine, there is a problem with the way VMWare virtual adapters work with IP6, which causes the problem with Outlook Anywhere connectivity.

Fortunately, there is a great article on Microsoft Exchange Team blog that helps you to deal with that problem: http://msexchangeteam.com/archive/2008/06/20/449053.aspx . Essentially, you need to turn off IP6 on your Exchange server NIC configuration and in the hosts.conf file. You also need to make sure that your Exchange server can talk to Global Catalogue servers by configuring RPCProxy port in the registry.

There is also a great online tool from Microsoft that helps you troubleshoot any connectivity issues with Exchange 2007/2003: https://www.testexchangeconnectivity.com/

In conclusion, kudos to VMWare for the great product, and kudos to Microsoft for their detailed documentation to get things working, as well as providing great online tools for troubleshooting.