Thursday, December 06, 2012
This is an experience (rant) I share for the sake of those who may have something similar in their lives. As of this writing I am leading a Lotus Notes 8.5 to Exchange 2010 migration. Our requirements drove the usage of a co-existence solution offered by companies such as Binary-Tree or Quest. Co-existence is defined as sharing a single mail namespace between Exchange and Lotus Notes.
In our case Binary-Tree was chosen, however their co-existence solution fell somewhat short when it came to preserving functionality for migrated users in need of the ability to send mail to restricted mail groups in Lotus Notes.
During the user migration process, the Notes person document is updated to facilitate mail routing to and from Exchange. that said one would think a co-existence solution would take the necessary steps to make changes to any permissions for any groups contextual to the migrated user. Apparently one would be very wrong, at least in the case of a Binary-Tree solution.
As for the solution, it was as simple as adding the primary SMTP short name (e.g first.last from email@example.com) to the restricted group acl win the Domino(Notes) address book. Once this change is complete, replicate the address book across your domino environment. This seems to clear up those lovely Notes mail router responses of "Not authorized to send mail to this user or group" and most importantly restore user function across the co-existing environment.
Tuesday, September 11, 2012
As I prepare for our next SharePoint user group meeting, I have to take a moment to send out a shout of praise and thanks to the folks at Sharegate. Thank You for making such a great migration tool, it's as your slogan indicates a "no brianer"
For those of you not familiar with the Sharegate, I suggest you get that way. But first allow me to share some of the back story of how this blog post came to be.
Rewind roughly six weeks ago, we (my co-workers) were in the middle of a SharePoint deployment where we came to the conclusion we would introduce a new requirement which would change our information architecture. The resultant task was to consolidate three web applications into one within the same farm. Upon completion of this "simple" task we would continue our deployment and development activities around our new information architecture.
Normally I would say no sweat, we'll just move the data by means of export and re-import. Sadly, this wasn't an option since we quickly learned all of our desired data didn't live in the same farm, and to make things more complicated all of the content was rich with managed meta-data.
Our first try at this was to call on development resources, they gave it their best shot but it was turning into a bigger issue than we first sized up (I'm sure this hasn't happened to anyone else). Long story short we were spinning our wheels only to see the potential of many wasted dollars in the terms of time.
Second try was to bring PowerShell to the rescue, the thought of exporting the Managed Meta-data Service looked promising however we were running into to resource and time constraints. We now had our backs against the wall.
As it turns out, the third time was the charm, I can't recall how we stumbled upon them (probably Google) but we did stumble upon the Sharegate Migration Suite. Brilliant marketing, offer a fully functional trial program that will move five records at a time during the length of the free trial!.... THIS SAVED OUR PROJECT!
We were able to consolidate enough data in 20 minutes to allow our deployment activities to continue. Mind you we had spent one very long week trying to do this on our own. This is one of those moments where I felt very stupid for not starting with Sharegate.
What made this work was it's client based footprint, using web services to gather the data. There wasn't a server install required. That was music to our ears!
In the first use, compared to the cost of a development resource attempting to create a console app, the tool paid for itself. The console app would have pretty much been a "one and done". I'll concede the fact the core code may have been reusable, to another developer, but not to me as an admin, at least not in the fashion it was going to be designed.
Our subsequent uses have now paid for the product a couple more times in effort when compared to a build your own.
If you are in a meta-data migration nightmare or just want to empower that power user then please do yourself a favor and evaluate this tool, strongly consider it as a resource. Don't keep this tool for yourself, make this a resource for that power user or help-desk staff.
Just understand this tool is actually just a subscription type of a tool. That said if you are migrating once it should be a "no brainer" to buy it.
You can find Sharegate them at http://en.share-gate.com/
Wednesday, March 14, 2012
I know, like the blogging world needs yet another post on AD User Attributes. There are so many out there and countless other message boards however, as I set and listen to Bill Withers sing his classic song "Lean On Me" I can't help but think maybe I should put a fresh post out for those who are new to SharePoint and new to this whole thing called AD.
I know what your thinking, why waist the energy on something this simple. I have only one answer.
Because it must be done. SharePoint loves to consume external data if given the chance.
That said for those who have stuck with me this long, here are the resources I've used in my data mapping exercises.
These are the real fun exercises you get to do when AD hasn’t been kept up and you need to pitch in to help update it so SharePoint UPS can shine through and work its magic of populating the user data from its external source. To not do this would be like leaving money on the table, after all Microsoft (MSFT) gives us Forefront Identity Manager (FIM) lite as part of SharePoint...lets use it!
So now that we have a reference list we can use something like PowerShell to dump a list of AD into excel and begin good old fashion data massage. Of course we want to take the time to make sure this data massage is documented right? After all we can turn this documentation into our roadmap for automation to help our infrastructure counterparts an extra hand on their workload. I mean let's face it, without them we are up a creek, our beloved applications are dependent upon their work. I toast them as the unsung heroes in our professions...(just don't tell anyone)
I think this post lays the foundation for an upcoming example of "How to", which admittedly would be a greater a help than pointing you to the dictionary leaving you saying "hmmm...this might work" :)
Thursday, February 16, 2012
Recently I had the opportunity to demo the SP1 edition of Microsoft's SharePoint Productivity Hub. The environment had CISCO's ScanSafe product doing some web filtering, which was causing my claims based app to return the error of
ProtocolError occured trying to complete the request. The server returned a status code of : ProxyAuthenticationRequired and the status description is : "Proxy Authentication Denied"
After a brief period of using Google for a quick fix I discovered one of two things. Either my search was down the wrong rabbit trail or there wasn’t much in the way of useful quick fix listed for Claims Apps. Giving credit where credit is due the following site got the brain out of the fog.
From here I figured it was time to break out the MSDN site to figure out how this element works.
After reviewing the MSDN page on the defualtProxy node in the web.config, I came to the next logical step of disabling it, thinking HMMM...This Might Work
So from OLD to NEW, then a quick refresh of the browser and voila!
<defaultProxy enabled="false" />
The MSDN Page Can Be Found Here.
Monday, October 18, 2010
Recently I was helping someone with a troubleshooting a stock Approval Workflow within a document library. Their request was simple…”Help!” They continued with…”My workflow used to work but all of sudden has stopped notifying people until the task is overdue…not sure when this changed but I need help now.” If this sounds familiar then read on.
Since we all know SharePoint never just stops (ha ha) I figured I needed to drop down and look at the little things, never know it just might work. That said the task list was enabled to send mail upon creation and long story short I had to hit the forums for advice, after all everything seemed in order, even the little things.
The point of this post is to give props to a very helpful blog post by Steve Chen where SharePoint 2007 alerts are explained in some very good detail and another to a the creators of the SharePoint Manager on codeplex.
As it turns out the solution to the problem here was using the SharePoint manager to set the EnableToAssignEmail flag to “False”, wait for the timer job to run (after we used stsadm to verify job-immediate-alerts were set), and then using the manager tool to reset the EnableToAssignEmail flag back to “True”. One important note here is to make sure you hit save…otherwise it’s not going to write to SharePoint.
It would also be wise to remember you are using a tool that can seriously, and rather easily cause some harm to SharePoint if used by someone unfamiliar.
Wednesday, August 04, 2010
I have this Farm, with two WFE’s using Windows NLB. One of the WFE’s works great, however the second WFE thinks its a great idea to throw the dreaded “Unexpected Error” message once a day for a two web apps sharing a common app pool. I think “how odd…one WFE is not in sync with the other”, so I recycle the app and all is good. As it turns out this begins to be a 24 hour pattern of a manual recycle of the app pool, obviously not acceptable.
Now…I know what you are thinking “Dude there is a memory leak somewhere, fix it”. And while I agree something is causing a memory leak I’m not sure it’s the web part everybody has in the back of their mind. After doing some research I found this forum post where it appears some others have the same problem.
I don’t have a pretty answer for this problem but I do have something that works a tad better than an scheduled IIS reset. I’ve been successful (knock on wood) in setting the recycle settings for the app pool in question to after the SharePoint search service runs.
Again…Not Pretty but seems to work so far.
Monday, July 19, 2010
Gather round my water logged cohorts, listen to my story of pain and joy. As with most award winning novels this story starts off in similar fashion…
It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Summer, it was the season of Vacation, we had everything before us, but it was virtual, we were all going direct to migrate content, we were all going to have a good weekend - in short, things were supposed to be a day in the part, that said some of its noisiest authorities insisted on much preparation and testing for the task at hand. So be it, they sign the checks, and all tested well.
The task was to move two content databases from server “A” to dissimilar server “B”. So we test, simple SharePoint backup from “A” to “B”, viola! It works, in DEV. Fast-forward to the night of…Second verse same as the first. After a few network issues around a MSFT Clustering and Juniper switch gear (don’t ask, it’s another post) fiasco we have the web apps created and content DB’s in the restore process. Oh Darn!…It didn't work we now have the following problems to address.
Q1.)Contend DB failed the restore had to manually attach content DB. Ok…
A1.)Manually attach in SQL, GUI add via Central Admin.
Q2.)The SQL Log file drive full and I didn't have admin permissions
A2.)BackUp ContentDB and Shrink Logs and give myself permissions
Q3.)Pay attention!… This is the big one! NOT ALL OF THE SUB SITES ARE ACCESIBLE. But here is the kicker. The content is visible via “Manage Content and Structure” but when I tried to drill down SharePoint said the site had been deleted.
A3.)Bring up Central Admin, Enter Define Managed Paths, and Delete the managed path to the sub site collection in question.
Now let’s try that seemly mystery site again. Viola! IT works in Production.
I hope this little story aids someone in finding their happy ending.
Oh yeah… The END.
Tuesday, July 13, 2010
As I continue my quest to make lemonade out of the proverbial lemons tossed my way during the course of a day I leave you with the following tidbit on codec's.
Since web development really isn't my strong point this many may consider this common sense but for the administrator such as myself codec's are a pain, especially when they don’t play well with Microsoft (or vice versa) and you aren't particularly an expert on them.
The problem: Streaming Application wouldn't play sound on Windows 7 machine because of missing Sipro Lab Telecom ACELP.net codec.
MSFT Solution: A workaround (use a non MSFT multimedia playback program) See MSFT Official Solution
Since The MSFT solution wouldn't cut it for me so I was left a couple of lemons, I mean options, yes options.
- Deploy the ACELP.net codec to all the users via MSFT tools (e.g SCCM, SMS)
- Re-encode the audio stream with a different codec and figure out what XML file was referencing the original audio.
Obviously choice number one sounded best since it seemed kind of convoluted, insecure, and prone to failure. But that conclusion was only made after I wrote the darn thing and realized “Dude, the browser thinks your code is malicious”
Choice number two would have worked but then my counterparts who manager those systems were in the middle of upgrading them and wanted to focus on that before anything else (go figure).
That left me with Choice number three, so out came the MSFT Expression tool which promptly converted the original audio to a windows native codec. Change of file name in the XML config file on the streaming media and all is well.
Thursday, April 22, 2010
So I’ve been struggling with an odd issue here at the office. SharePoint kept prompting me for credentials in IE8 but not IE7. To fix this I simply moved the url http://sharepoint.abccompany.com from trusted sites to intranet sites. Problem Solved!…So I thought
Later we noticed when a user would attempt to open a document in any library the user would again be prompted for credentials. After what seemed like a week of Googleling (couple of hours) I discovered a two part MSFT hotfix to which I think SWEET this is fixed. But sadly the installer package informed me the fix wasn’t applicable to my machine. Seems at this point Microsoft has already included this in their service packs on Vista and Windows7. The sad thing is their service pack couldnt address the second part.
For those who havent clicked over to read the hot fix, part two added a Multi-String Value named AuthForwardServerList to your HKLM\SYSTEM\CurrentControlSet\services\WebClient\Parameters entry. Within this Key you are to define the servers to which your web client service would forward you credentials to without asking your permission(e.g *.abccompany.com).
Here is the code to get you started on Scripted fix. Just remember you will need to restart the WebClient service
Const HKEY_LOCAL_MACHINE = &H80000002
‘Set Computer Name
strComputer = "."
Set objRegistry = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\services\WebClient\Parameters"
strValueName = "AuthForwardServerList"
arrValue = Array("*.abccompany.com")
objRegistry.SetMultiStringValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, arrValue
As a parting note the HotFix states Windows XP machines aren't affected since they aren't shipped with IE8, but the ones I tested proved otherwise. Nonetheless it doesn't seem to harm the XP machines if you add this registry addition to them. Of course after this I’ve stumbled upon another issue I wasn’t aware of…a difference between user experience in IE8 32Bit and IE8 64Bit…Guess I know what I’m doing tomorrow :-)
Tuesday, April 20, 2010
An interesting event occurred recently in a lab environment of a SharePoint Farm I was working on. This Farm (Moss 2007, Svr 2008, SQL 2008) was a medium farm scaled out in a virtual environment (VMWare)…If memory serves me we had some maintenance to perform on the VM Host which required us to shutdown all guests on this host. I figured this wasn’t a big deal since I had a fresh install of a functioning farm so I gave the VM admin the nod to take us down. Now we fast forward to the fun part…VM maintenance complete…Time to boot up the servers, up comes the SQL cluster, now the APP, then the Index, and last but not least the front ends.
As I “attempt” to log in I notice the WFE seems to be hung on the “Applying Computer Settings”…I’m not talking just a few minute hang, I’m talking an hour plus. After calling everyone in my rolodex (very short list) I had to call our pals at MSFT. Of course secretly I was hoping this was Kerberos issue since that meant I didn't have to solve it :-) (sorry Eric)
Anyway after days with MSFT their solution of course is to boot into safe mode and disable every service that isn’t already enabled in the normal startup via regedit…. I’m thinking “GREAT PLAN! Why did I call you again?"
As MSFT support was in their second day of diagnosis I noticed the following Microsoft KB article which mentioned certain essential services such as GP Client, DNS, Etc would not start automatically because of a deadlock between Service Control Manager and HTTP.SYS - This fit the observed behavior…Let’s try the fix in the KB…
Now for the fix
- Boot Into SafeMode
- Open Registry Editor
- Navigate to HKLM\CurrentControlSet\Services\HTTP and create the following Multi-string value: DependOnService
- Double click the new DependOnService value that you created
- Enter CRYPTSVC in the Value Data field and click OK
- Reboot Server in normal Mode
This event took three days from my life, days I can never regain so I offer this seemly simple fix yet buried solution in hopes I can save someone else.