News from Home - SharePoint 2007 SP3 & SQL Server 2012 !

Just got the TechNet Flash mail and I was really happy to read new information about great products that's need to be come out very soon !

My top stories:

SharePoint 2007 Server - SP3 will come out within the next few months, its going to include all the CU's from the SP2 until now and even more than that, like Microsoft sad, this going to be for my opinion the last Service Pack for SP2007 before we say goodbye (End of Life - April 2012).

"Denali" Revealed as SQL Server 2012 !After working with CTP1 and CTP3 on my Dev ENV at my work place and participating the TAP program of SQL "Denali" I can say that it's a great news and I know about really amazing and great features on that version of SQL Server.

As soon as I can I will write a POST about the new version of the SQL Server that's need to coming out in the beginning of 2012. 
Please read this post about the last news. Link 

And I want to say, Gilad Shalit - WELCOME HOME ! - this is the real best news ever my friends ..

Set SharePoint to use cross-domain queries (PeoplePicker)

Scenario:
You have 3 domains env's, DEV - TEST - PROD.
prod.contoso.com | NetBIOS: PROD
test.contoso.com | NetBIOS: TEST
dev.contoso.com | NetBIOS: DEV

One-Way Trusts:
DEV > PROD
TEST > PROD

You have SharePoint Farm in your Dev env, you want to access to this farm from your Prod env without entering your Dev user.

Resolution:
Using the right command with STSADM you can set PeoplePicker at your farm to find also users from your prod.contoso.com and dev.contoso.com.

Phase 1:
Open CMD as administrator and type:

Syntax: stsadm.exe -o setapppassword -password <RandomString>

Simple: stsadm.exe -o setapppassword -password GsfE2#4ew


Phase 2:
Enter this command with the following settings:

Syntax: stsadm.exe -o setproperty -pn peoplepicker-searchadforests -pv "<Valid list of forests or domains, Login name, Password>" -url <Web application URL>

Simple: stsadm.exe -o setproperty -pn peoplepicker-searchadforests -pv "prod.contoso.com,PROD\OrB,EGsf#fr3" -url Http://spsdev2010

* The user you enter needs rights to your AD !

* From my experience with this command you can type this syntax and you will get "Command line error" .. as I know you can write this command as follows:

- Simple 2: stsadm.exe -o setproperty -pn peoplepicker-searchadforests -pv "domain:prod.contoso.com" ,PROD\OrB,EGsf#fr3 -url Http://spsdev2010
- Simple 3: stsadm.exe -o setproperty -pn peoplepicker-searchadforests -pv "forest:prod.contoso.com" ,PROD\OrB,EGsf#fr3 -url Http://spsdev2010

Phase 3:
Check your self:

Syntax: stsadm.exe -o getproperty -url <Web application URL> -pn “peoplepicker-searchadforests”

Simple: stsadm.exe -o getproperty -url Http://spsdev2010 -pn “peoplepicker-searchadforests”

You need to see your domain from the last command that you ran on Phase 2.

Why inventing the wheel again ?!
Refer to this great sites:
- Configure People Picker (SharePoint Server 2010) - TechNet
- People Picker overview (SharePoint Server 2010) - TechNet

* Known Issues:
- SharePoint 2010: people picker issue "There was an error in the callback"
- More People Picker issues - Great post about issues with this command !

SharePoint 2010 - Service Pack 1

So, WE Have it, the first SP for Office 2010 - SharePoint Server 2010.

New features: · Support for SQL Server Code Name “Denali” 
· Shallow copy functionality (Nice one ! You can move sites between Content DB's who configured to work with RBS without moving the BLOB Store.)
· Site-level recycle bin
· Improvements to storage management (StorMan.aspx)
· Cascading filters for PerformancePoint services
· Additional browser support (IE9,Chrome)

* As one of the SP1 Beta Testers I can say that this SP1 will be very helpful for all of us !

 - List of all SharePoint 2010 and Office Server 2010 SP1 packages - Downloads\Info

Read this Post about install process for SP1 and June 2011 CU - Link

SharePoint 2010 Topology - Visio Template

I share with you today a Visio that I made for myself, use this template to design your SharePoint farm with a clear design and easy to understand.

You can even link the shapes to a SharePoint list with servers information and to SQL Database such as SCOM and get the DEAD\LIVE link.  

Here you can see part of the Visio:

Using Kernel-Mode with SharePoint 2010 Farm

I will start with this quote from Microsoft: "Kernel Mode Authentication is not supported in SharePoint 2010 Products. This information is provided for informational purposes only."

But, Microsoft gave us work around for this issue, as you probably know the Kernel-Mode says that the Kerberos tickets will be decrypted using SPN's that exist on the machine account instead of the custom application pool identity.
What we going to do is to say to the IIS to use application pool identity instead of the machine account when the Kernel-Mode is Enabled.

What we need to do is very simple, just read this article from Microsoft about adding to theApplicationHost.config file (located at: %windir%\system32\inetsrv\config\)
the attribute useAppPoolCredentials, example:

<system.webServer>
   <security>
      <authentication>
         <windowsAuthentication enabled="true" useKernelMode="true" useAppPoolCredentials="true" />
      </authentication>
   </security>
</system.webServer>

I tested this work around on a testing environment (Tier 1 - 2 WFE servers with NLB, 2nd tier - Application Server, 3nd tier - SQL server) and its work Perfectly, if you have more information about issues with this work around please share with as, thanks.

For more information about the subject you can refer to this articles :
- Michel Barneveld's Blog
- MSDN Blog's
- Kerberos configuration known issues (SharePoint Server 2010)  - TechNet
- Internet Information Services (IIS) 7.0 Kernel Mode Authentication Settings - TechNet

DelegConfig (Delegation / Kerberos Configuration Tool)

We all know how frustrating it is to configure Kerberos in some situations, I want to show you now really nice tool by Brian-murphy-booth that can help you to pass smoothly that part of building new secure environment using Kerberos \ Constrained Delegation, and for SharePoint, yes this tool supports SharePoint as a service type well as other service types for Back-End for checking double hoping, you can see it at the picture below.

I recommend you to read the Welcome page when you open the tool at the first time.

The DelegConfigTaken from here

Overview 
This is an ASP.NET application used to help troubleshoot and configure IIS and Active Directory to allow Kerberos and delegating Kerberos credentials.

Features
- Supports IIS 6.0 as well as IIS 7.0 (useKernelMode / useAppPoolCredentials) Allows adding backend servers of type UNC, HTTP, LDAP, OLAP, SQL, SSAS, and RDP Allows chaining of multiple hops (versus only a single backend) Performs duplicate SPN check against all trusted domains.

/Set/SPNs.aspx - Allows adding and removing of ServicePrincipalNames.

/Set/Delegation.aspx - Allows changing Trust for Delegation settings.

/Set/Providers.aspx - Allows correcting of inadequate NTAuthenticationProviders settings.

/Report.aspx - Gives a picture of what is right and what is wrong.

/Wizard.aspx - A set of wizard steps that supports adding more tiers to /Report.aspx.

/Test.aspx - Allows double-hop tests for webServer-to-Sql or webServer-to-fileServer or webServer-to-webServer.

Requirements
IIS 6.0 or IIS 7.0
ASP.NET 2.0 or higher

Links:
- Brian-murphy-booth Blog
- IIS Community Official Page 

I start using it on every IIS\SharePoint servers, just create new site pointing to DelegConfig Folder and make the site as STOP, use it when you want to check Kerberos problem's, My friend (Assaf Lev from Matrix Company) gave this tool a nick name "Kerbi" :-)



As well don't forget that you can use the "setspn.exe -x" to see duplicate SPN's in your domain (just on the new setspn version in Win2K8), Refer to this link (Read It !) for more new features.

If you have new Info to share with me and other viewers just make a comment, thanks and good luck my friends.

DB Server Alias - SQL Server Client Network Utility

I will show you here a tool called "SQL Server Client Network Utility" (RUN > CliConfg.exe), With this tool we can create SQL Alias for our DB Server instead of the FQDN of the DB Server when we install SharePoint for example.

It makes life easier when we want to move to other SQL Server, just change the Alias on the WFE's and you ready to go, It's known as Best Practice for installing SharePoint.
More than that, when you configure the DB Alias in the utility you can specify pre-defined protocol so you get better performance for your clients !

Refer to this great post about CliConfg.exe: Click Here

New BDC created with error: There are no addresses available for this application

Today I got into this nice error that brought to me by someone from the Dev Department, He created a new BDC on our SP2010 Dev Farm and got this error: "There are no addresses available for this application", first if you got this error, go to "Manage services on server" and Start the BDC Service, Started ? great .. now do IISRESET and you ready to GO !

Windows Installer Stuck at some preparations parts

 Today I worked on a very annoying problem, the Windows Installer just stop working when we try to install some product of Symantec .. what ever you try to install. 
After 2 weeks of trying to fix it by CheckPoint and SecureNet, I got the chance to try solve this problem by my self, I managed to find it, if you have really strange problems with Windows Installer and you tried all ready the Windows Installer Cleanup Tool .. just copy the "magic" file called "MsiZap.exe" from the Windows Support Tools to the "System32" or at the installation folder, when you copy it you should run the MsiZap.exe with the "g" switch.
Example: "MsiZap.exe g" just like this.

By the way, just search "msizap.exe windows installer" at google and you can find really nice info about this tool ..

Exporting Public Folders Names and other attributes

This days I started to work on moving the Public Folders from our Exchange 2003 to the SharePoint, at the first step I needed to make a list that include all the names of our PF, for that I using the PFDAVAdmin Tool from Microsoft, its a great tool to fix DCAL's of PF who got corrupted and you cant change the Client Permissions, the error you get: "An unknown error has occured id no: 8004010f Exchange System Manager "
So back to our subject, download the PFDAVAdmin (google it) and connect to your Exchange server to get the PF List, for export the list you need to go to Tools > Export Properties, at the list make sure to mark "PR_DISPLAY_NAME".

Export it to Text file and import to Excel, nice tool not ?

How to get Assembly (DLL) from GAC

Their are many ways to get Assembly from the GAC folder, I thinks that the easiest way to do this is just run the command: "Subst X: c:\windows\ assembly" (X = Drive letter to get into the GAC Folder). 

After you done to run this command you can enter your new "drive" and find your Assembly.

How to get rid of InfoPath 2007 Logo in InfoPath Forms

Today I got a request says that the InfoPath Logo interrupt to print the InfoPath Form, it creates another blank page to the form.

Apparently Microsoft made stsadm command for disabling that logo, nice not ?

"stsadm -o setformsserviceproperty -pn AllowBranding -pv false"

Cannot activate SharePoint Server Publishing Infrastructure at Site Collection level

Sometimes we can run into really strange things on SharePoint like you want to activate SharePoint Server Publishing Infrastructure at the Site Collection Features level, but you get a message that say that you need to activate this feature first at the Web Application level and guess what ? its all ready activated .. 

What we need to do is very simple, just run this STSADM command line: "stsadm -o activatefeature -name PublishingResource -url http://SiteCollectionName -force"
and try to activate the feature again from the Site Collection Feature.

Great Post about relative problem: Click Here

Error Event 5586 - Unknown SQL Exception

When we failed to execute upgrade command for the DB's with psconfig, We could see that our CA not available. There for we need to exec the command "C:\Program Files\Common Files\Microsoft Shared\Web server extensions\12\BIN\psconfig -cmd upgrade -inplace b2b -wait -force" But I prefer to run again the "SharePoint 2010 Products Configuration Wizard" after you execute the command and it's end successfully, Try to get in to the CA and your Site collections. 

* Sometimes the web applications lost their host header and your site wont work so check it !