Going virtual with your domain controllers

If you plan to convert your physical domain controllers into virtual servers, you probably know there is a lot to consider prior to the move. But what you might not know is that Active Directory doesn't like being restored from the image, which what all physical-to-virtual conversion tools (Acronis, Ghost, etc.) are doing. It doesn't matter if you are trying to convert your physical server to a virtual or if you're converting your server from one virtual format to another (for example, Vmware-to-VPC, or vice versa).

After the conversion, replication process breaks and the error starts appearing in the log files "The source server is currently rejecting replication requests"; the same error pops up when you try to run dcpromo command. Obviously if the problem is not resolved within 60 days, that domain controller will get tombstoned by Active Directory, which is not very good. Most of the websites suggest to forcibly remove that domain controller from the Active Directory by running dcpromo / forceremoval and then cleaning up your schema using metadatacleanup of ntdsutil. To me this solution is not only too drastic, but often is not an option because it might cause more problems than it will resolve.

After an extensive research I have finally found a solution that has worked for me. The solution is actually pretty simple: you simply need to enable inbound and outbound replication on the "faulty" domain controller.

To enable inbound replication, run:

repadmin /options SERVERNAME -disable_inbound_repl

To enable outbound replication, run:

repadmin /options SERVERNAME -disable_outbound_repl


And the error disappears J

Enable Detailed Error Messages in MOSS 2007 and WSS3.0

To get more detailed messages in MOSS 2007 and WSS3.0 during development process, user can enable debugging in the web.config file for the SharePoint web application:

<SafeMode MaxControls="200" CallStack="true" DirectFileDependencies="10" TotalFileDependencies="50" AllowPageLevelTrace="false">


<customErrors mode="Off" />

This should make development process so much pleasant and more efficient, by getting rid of "An unexpected error has occurred" error, which is useless to the developers.

Note: It's not recommended to have debugging enabled on the production server, if possible, please do all your debugging on the development server(s)

Piping STSADM command

I recently discovered that piping can be used in conjunction with STSADM command. I always found it difficult to use that command. It has too many options and parameters that are not always obvious and often very difficult to use. Piping makes it easier to use STSADM command, it can be used for search through STSADM keywords in the commands: For example, stsadm | find "enum" can be used to find all STSADM keywords related to enumeration within SharePoint. Or, you can also use pipe | more to paginate the STSADM output, which could be very useful.

You can also redirect STSADM output using the redirecting command: stsadm > filename >& This can be very helpful when you need to generate an output and view it later, or if you need to export that output into a different application.

I realize it's very basic, but it's the basic things like this that help me save time and keep my sanity.

Attaching old Content Database to new Web Application in MOSS 2007 or WSS 3.0

If you have recently re-attached your content database to the new web application in SharePoint 2007 (whether because you have moved your SharePoint install or simply because you had to re-create the web application on your current server), you might have noticed a new error (Event ID: 5555; Event Source: Office SharePoint Server) occurring hourly in the Event Log of your web-front SharePoint server.

The description of the error tells you to run stsadm – o preparetomove, which doesn't seem to fix the problem, unfortunately. This command only prevents the error 5555, if you run it before moving and re-attaching your content databases. To fix error 5555, you need to run stsadm –o sync instead.

In my case, running the following command made error 5555 disappear:

stsadm -o sync -DeleteOldDatabases 0


One Year Anniversary

Today was my one year anniversary in my new job as an IT Manager at ObjectSharp. It's been an interesting year; a year full of new experiences and surprises, mostly good ones.

One year ago I have traded a job at a public sector for one in a private sector. I have traded a stable and secure environment with clear guidelines, managerial or supervision rules and specific working times for a more open managerial style, openness to new ideas and more flexibility in rules with fewer guidelines. And, honestly, I have no regrets so far. After a year, I'm having more fun than ever. It's fascinating working with a team of exceptional people from a range of disciplines whose commitment to excellence is steadfast. At ObjectSharp, I got a chance to work with the newest and coolest technologies from Microsoft (often even before those technologies were available to the general public.) Here, I am working with a talented team of professionals who not only know how to get those technologies to work, but they know how to make them work better and more efficient. I love it!

On sad note, today I was expecting balloons, hugs, high fives, or even just a disgusted "I can't believe your still here". Nothing. Well, there is still time... ;)

Note: Later that day I did get a few high fives, no balloons though J





Getting around the limitation on a number of controls on SharePoint page

Apparently there is a limit on a number of controls you can have on a SharePoint page. By default, no more than 200 controls are allowed on the SharePoint page. Not sure, why this limitation is there, but it is. To get around this problem, you need to increase the MaxControls setting in your web.config file:

<SafeMode MaxControls="200" CallStack="false" DirectFileDependencies="10" TotalFileDependencies="50" AllowPageLevelTrace="false">




In my case, I have MaxControls parameter set to 300.

Team System Web Access 2008 SP1 CTP and Work Item Web Access 2008 CTP are now available

Team System Web Access 2008 SP1 CTP (Community Technology Preview) and Work Item Web Access 2008 CTP are now available for download. Even though it's only CTP version at the moment, don't let it discourage from using it, because it seems to be working very well. By the way, you still have to have Team Explorer 2008 installed to use TWSA and/or WIWA, which is not a big deal since it's free and most of us already have it installed anyway. For those who don't have Team Explorer 2008 installed, it can be downloaded for free from http://www.microsoft.com/Downloads/details.aspx?familyid=0ED12659-3D41-4420-BBB0-A46E51BFCA86&displaylang=en.

Team System Web Access 2008 SP1 has some really great features:

  • Single instance with multiple languages (9 languages are available: ENU, CHS, CHT, DEU, ESN, FRA, ITA, JPN, KOR)
  • Support for specifying field values in the URL for creating new work items (works in both TSWA and WIWA)
  • Share ad-hoc work item queries
  • Shelveset viewer
  • Improved search support

Team System Work Item Web Access 2008 CTP allows users to use some work item tracking feature without having TFS client access license (CAL.) A user without TFS CAL can use WIWA to:

  • Create new work items
  • Edit the work item you have created
  • See the list of work items you have created

However, user cannot:

  • See work items created by others
  • List, view, edit or run work item queries
  • Add, edit or remove work item links (except attachments and hyperlinks)
  • Access documents stored on the project portal
  • Access project reports
  • Access source control
  • Access team build

Specs for WIWA can be found at http://msdn2.microsoft.com/en-us/teamsystem/bb936702.aspx

SharePoint public-facing website and Microsoft Office documents

When you have a public-facing site built using SharePoint technologies, opening Microsoft Office documents (Word, Excel, PowerPoint, Visio, etc.) stored on this website requires user to login. You can hit Cancel at the login prompt and still be able to see the document, but having a login prompt displayed to the Internet users, sort of defeats the purpose of having SharePoint-built public facing website with anonymous access turned on. This happens becuase Microsoft Office is closely integrated with MOSS or WSS 3.0 now, and MS Office is now able to recognize that the document is stored within SharePoint, so the appropriate SharePoint authentication/authorization tools kick in. This problem can be resolved mostly by implementing two simple steps (assuming you have already enabled anonymous access on SharePoint):

  1. Disable 'Client Integration' for the web application under Central Admin Home Page >> Application Management >> Authentication Providers
  2. Remove the OPTIONS verb from the <HTTPHandlers> registration line in web.config file

Related resources:

Enabling anonymous access on MOSS 2007 / WSS 3.0 web applications

To enable anonymous access for a web application within SharePoint:

1. Go to Central Administration >> Application Management >> Authentication Providers.

  • make sure to pick correct web application from the drop-down list at the top-right corner of the page.
  • select the Membership Provider (most likely it will be "Default") and enable check "Enable anonymous access" checkbox.
  • click OK to save the settings.

2. The step above will usually enable anonymous access in IIS Manager, but just be sure:

  • open IIS Manager
  • right-click on your website and click on "Edit" under Authentication and Access Control
  • make sure "Enable anonymous access" is checked

3. We now need to explicitly enable anonymous access on our website(s)

  • browse to the website
  • click Site Actions >> Site Settings >> People and Groups >> Site Permissions
  • click on Settings >Anonymous Access and enable anonymous access for the site

* Anonymous access will be also enabled on all subsites that inherit security settings from the parent site.

Related resources:

How open source has influenced Windows Server 2008

I have found a very interesting article on Technet on how open source community has influenced Windows Server 2008. I think it is very encouraging that Microsoft is taking user’s feedback seriously and trying to integrating the improvements developed by open source community into its system. And, if they make a few bucks along the way by doing this, so be it.

One has to admit, there's no better enterprise level system then Windows server. Not yet, anyway. It's streamlined and well designed; it's an excellent tool for desktop and user support/control (OUs and policies). Exchange, ISA, WSUS, and many others integrate naturally into AD. It is about what public knows the best, at work, at home, and in the library. As much as I love Linux, it's not even close to being there. It's all dispersed, scattered-around collection of technology DIY's, that works, but has no core. For those who want to learn more about Windows Server 2008 and, as I am, are too lazy to read a book, here are some clear installation instructions from TrainSignal:


It will be interesting to see a similar lists for other Microsoft products, such as Office, SQL Server or Visual Studio.