Posts Tagged SharePoint

Training: 44CO175 – SharePoint 2010 Administrator Bootcamp

44CO175 – SharePoint 2010 Administrator Bootcamp (BPIO)

Summary
Step-by-step understanding is key to successfully implementing and deploying SharePoint 2010. This 15-module course will guide you through each critical stage, giving you exactly the skills you need to leverage full value from the latest SharePoint technology.


Agenda
Module 0 – Getting Ready for a SharePoint 2010 Implementation: Why Governance and Business Requirements are Essential for a Successful Implementation.
Module 1 – Understanding the Architecture of SharePoint Server 2010
Module 2 – Installing SharePoint Server 2010.
Module 3 – Administrating and Configuring Farm Settings in SharePoint Server 2010
Module 4 – Understanding and Administrating Web applications
Module 5 – Managing Web Applications
Module 6 – Introduction to Site Collections
Module 7 – Creating Site Collections
Module 8 – Managing Site Collections
Module 9 – Working with SharePoint Server 2010 Portals
Module 10 – Governance and Information Assurance
Module 11 – Enterprise Content Types & Managed Metadata
Module 12 – Managing Documents and Records
Module 13 – Workflow
Module 14 – Implementing and Managing Search
Module 15 – People & Social Networking
Module 16 – Disaster Recovery

A handful of notes from the week..

Installation Preparation for Service & Install Accounts 

The SharePoint Installation Account

While I’ve become used to installing applications on servers with either the local or domain admin account, SharePoint 2010 really really really needs to have its own account created for the installation process. If you don’t you’ll have to correct the various service and app pool accounts later and that’s a pain.

Key points about the account used to install with –

  • It will become the application pool account used in IIS for the Central Admin
  • If you do plan to let SharePoint create your databases (content DBs’ etc…) this account needs rights to the SQL database to create DB’s (DBCreator and DBAdmin)
  • If DB’s are already created then it only needs DBAdmin
  • It only needs Local Admin permissions on the installation machine
  • Not to be used in day-to-day admin
  • Imagine this account to be “enterprise admin” of SharePoint.
  • It should never be used again after the initial install, obviously that doesn’t mean disable or delete it.

Example User Account – spinstall

The Farm Admin Account

 The farm admin account is an account that should be used by as few people as possible.

  • It either needs to be a local admin on the SharePoint front end or create a new supper user or login as spinstall(logging in as spinstall is not recommended)
  • The farm admin account change services running on the machine hence the need for local admin rights, farm admin right in SharePoint central admin isn’t enough

Example User Account – spfarmadmin

During the SharePoint 2010 install

 Make sure you move index location during install off from the C:\…\14\data location

 This index file is a flat file used in search and can grow very large in next to no time.

After the install – the Configuration Wizard

Do not use it, it doesn’t follow best practice.

 Performance Tip for SharePoint databases 

Turn off Auto Growth

While it’s been mentioned a thousand times and shouldn’t need to be mentioned…

To prevent it happening in existing installations for any new databases:

SQL Management  Studio > Database > Model. Under the file groups section  change the properties for .mdf to grow by 50MB at a time

Fixing it for existing databases:

Open the properties of each database and under the file groups section, change the properties for .mdf to grow by 50MB at a time

Note: Why 50MB? Because it’s just right for SharePoint since it aligns with the default maximum upload file size.

Registering Managed Service Accounts for SharePoint 2010

  • Best practice is to add them here first then start to use them to run services
  • All are generally fine  as just domain user accounts without elevated privileges

Application Pool Accounts in IIS for SharePoint 2010

 Never change the app pool account from inside IIS as the config DB will not know about the change, web apps will not know about the change and new servers added to the farm will not know which account to use.

One of the few things you can and do need to configure in IIS is SSL certificates and also needs to be done on each and every web front end.

Comments (1)

SharePoint 2007 / WSS3.0 broken by AllItems.aspx overwrite

Yesterday I managed to seriously break our production SharePoint 2007 site (WSS3.0 on SBS2008) site by inadvertently saving a word document over the AllItems.aspx file.
This is an incredibly easy thing to do by pasting the URL of a SharePoint folder location from the browser, there is the is the mistake (if taken from a Windows Explorer would be okay) into the Save As control e.g.

Copying https://sharepoint.fqdn.com:PortNNN/General%20Documents/Forms/AllItems.aspx?RootFolder=%2fGeneral%20Documents%2fFoldrer1%2fFolde2%2fFolder3 out of the IE address bar to paste into the Save As File name entry in hope that it would then enumerate the target folder..

Anyway, clearly its the wrong thing to do and in this case replaced the Allitems.aspx with a word document, this broke the browser view of all SharePoint pages on the site collection although using Windows Explorer to access SharePoint folders continued to work okay.

Our resident SharePoint expert and Development Director (Chris Hermon) used SPD 2007 to try and replace/restore the Allitems.apsx but whilst this initially appeared to resolve the issue, the basic SharePoint object controls were still broken such as not having the drop down available e.g.

We took a view on this and decided to perform an stsadm restore from the last content dB backup. This was a relatively straightforward decision for us as we knew and had made copies of documents changed since the last backup (daily), however in a busier enviornment this would not be so easy.

Restoring the stsadm backup resolved the issue it’s a rather drastic resolution for a incredibly easy issue to create (and no, I was not using an Admin account or the collection administrator, just a normal author).

I’ll try the same on SP2010 and see if Microsoft have fixed this rather obvious gap in system integrity protection!

Comments (1)

Microsoft tech•ed Europe 2009, Berlin, 12 November 2009

Slighty shabby and a late start to Thursday following the Windows Server 2008 R2 EAP dinner followed by the 1E TechEd party – a heavy night! 

For the dinner, the UK team chose a fabulous Italian restaurant called Bacco (www.bacco.de/english/restaurant/restaurant.html) which I’d definately go back to and hosted a great evening… many thanks to Stuart, Gareth, Neil, Alex, etc. from Microsoft UK. 

We were also joined by Allen Stewart & Rajesh Dave from corp.  Allen is Principal PM for Windows Server and Raj is a PM for Windows Hyper-V.  Both very interesting & incredibly knowledgable guys with deep understanding across a wide range of topics (and not just Microsoft!).
I pestered them for info on Hyper-V thin provisioning of memory and whilst they couldn’t confirm anything as we all said ‘we live in hope!’ 😉 

…as for the  night, I’d been invited to the 1E TechEd Europe party at Spindler & Klatt www.spindlerklatt.de – an uuber trendy restaurant/club in East Berlin frequented by the likes of Angelina, Clooney, and now Cook! 

What a great party and many many thanks to the team at 1E (www.1e.com).  Did I mention I was the 4th member of the business in the founding year?  (yes I probably did & several times.. lots to drunk! ;-)) We went our separate ways in 1999, oh for a slice of that now… anyway, moving on! 

Seriously though hats off to Samir, Mark, and Phil – they have built a company that knows how to throw a great party (regarded as the best at TechEd), and a team of very bright, talented people who have a lot of respect for the company and its founders. 

Ouch my head is pounding!  time to go to sessions, starting with… 

ITS211 Keeping Your CIO Happy: Microsoft Office SharePoint Server 2007 SLA Scorecarding with Operations Manager 2007 and SQL Server 2008

Gordon McKenna & Sean Roberts speaking at TechEd
Presenters: Gordon McKenna, Sean Roberts, www.inframon.com
Thu 11/12 | 10:45-12:00 | London 2 – Hall 7-1b
Learn how you can create CIO level SLA scorecards in SharePoint Server 2007 for Microsoft System Center Operations Manager 2007 using some of the new features in Microsoft SQL Server 2008 Reporting Services and to create Executive SLA views of your Operational Environment. The session looks at why these types of views are important to many companies, what impact this can have on your business, and what simple steps you can take to achieve very effective, high-level executive views of everything from performance and availability of your key LOB services and applications, whether important SLAs and KPIs are being achieved and whether your IT department is meeting the day-to-day needs of your business. The key demos in this session take you through the steps you need to implement effective business scorecarding in SharePoint Server 2007 using key metrics collected in the Operations Manager 2007 Datawarehouse based on “real-world” experiences gained from the field. After attending this presentation you will have a good insight into how CIO Scorecards can help you add value to your Operations Manager deployments, helping you to show real value to your executives.
Tip – to remove parameter data from Ops Mgr reports imported into a SharePoint webpart, suffix the url with &rc:Parameters=collapsed
Cracking session from Gordon & Sean on how to try and keep your CIO happy (if that’s possible! ;-))
blog Daniel Savage

Service Level dashboard – free solution accelerator dashboard on Microsoft 

SVR401 & 402 DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and Transition Technologies + Part 2 of 2: Putting It All Together

John Cradock presents DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and Transition Technologies 

Presenter: John Craddock (www.xtseminars.co.uk)
Thu 11/12 | 13:30-14:45 | Helsinki – Hall 7-2a
Take a sprinkling of Windows 7, add Windows Server 2008 R2, IPv6 and IPsec and you have a solution that will allow direct access to your corporate network without the need for VPNs. Come to these demo-rich sessions and learn how to integrate DirectAccess into your environment. In Part 1 learn about IPv6 addressing, host configuration and transitioning technologies including 6to4, ISATAP, Teredo and IPHTTPS. Through a series of demos learn how to build an IPv6 Network and interoperate with IPv4 networks and hosts. In Part 2 we add the details of IPSec, and components that are only available with Windows 7 and Windows Server 2008 R2 to build the DirectAccess infrastructure. Learn how to control access to corporate resources and manage Internet connected PCs through group policy. Part 1 is highly recommended as a prerequisite for Part 2.
John Craddock is an extremely talented AD/identity expert, and deeply technical across many other fields – in this case IPv6 & DA.
I was also lucky enough to have a drink with John and my old Microsoft PSS chum Paul Duffy on Monday night at the cleverly named hotel ‘Berlin Berlin’.
John is a genuine international industry expert and a thoroughly nice bloke with it!   Paul, another ‘genie-I’ went on to become PM for Office Communicator and knows a thing or ten about OCS amongst other subjects to a deep level.  This probably explains why these two know each other!
Anyway, back to the session plus my own notes, links, etc.
Gems & Tips
– be careful, not all apps will be compatible – test!
– to be native will likely mean new network gear, is new network layer (layer 2 unchanged)
– hex is back!  use of double colon notation, but can only be used once per address
– cannot mix with ipV4 mask bit notation
– host derived with mac address which has privacy issues, Win7 & R2 generate random based on interface, can be disabled (revert to mac based) with netsh interface ipv6 set global randomizeidentifiers=disabled
– route print -6 will show IPv6 route table
– ::1 is IPv6 loopback
– if you have a registered IPv4 address then you automatically have an IPv6 address on the 6to4 network
6to4 http://en.wikipedia.org/wiki/6to4 states 6to4 performs three functions:
  1. Assigns a block of IPv6 address space to any host or network that has a global IPv4 address.
  2. Encapsulates IPv6 packets inside IPv4 packets for transmission over an IPv4 network using 6in4.
  3. Routes traffic between 6to4 and “native” IPv6 networks.

– you need to manually unblock ISATAP entry in DNS which can be done via the registry or command line, e.g. 

C:\>dnscmd /config /globalqueryblocklist wpad 

Registry property globalqueryblocklist successfully reset.
Command completed successfully. 

ISATAP is a huge subject in it’s own right, the Intra-site Automatic Tunnel Addressing Protocol Deployment Guide is available at http://www.microsoft.com/downloads/details.aspx?familyid=0f3a8868-e337-43d1-b271-b8c8702344cd&displaylang=en 

Putting it all together..

– Check tunnel endpoint authentication using ‘klist’ to list Kerberos data
– Use NRTP to direct DNS queries to a specific server for a particular names space (view using ‘netsh namespace show effectivepolicy’)
– PKI needs to be right as certificates are the foundations
– you must publish the revocation list
– NLS (Nework Location Server) is just a https website accessible from the DA server, e.g. nls.corp.example.com
– if it doesn’t work, it could be a couple of days troubleshooting! 

If you’re thinking of setting this up in a virtual lab, I also took note from Allen Stewart’s blog at http://blogs.technet.com/wincat/

…if you’re planning to virtualize your lab environment on Hyper-V, you should ensure you’re using Legacy Network Adapters for the child partition where you’re running the DAS. Using the default synthetic NICs is OK for all the other resources in the test lab, but for the DAS itself, it’s important to have both the Internet and Corpnet NICs as legacy ones, to ensure proper passing of traffic between both sides of the DAS. If you use the default synthetic adapters, you may end up in a situation where traffic doesn’t properly flow from the outside to the inside, even though all your IPsec, 6to4, Teredo, and IP-HTTPS settings are correct. Basically, you’ll be in a situation where connectivity will fail at a basic level, with you not even being to successfully ping the internal DNS server using its ISATAP address.If you’ve already built your lab on Hyper-V using the synthetic adapters, the fix is pretty simple. Just replace them with legacy ones, reconfigure the IP addressing as specified in the guide and rerun the DirectAccess wizard, again supplying all the information specified in the guide. After doing so, all your traffic should flow properly.

– Thanks Allen!

DAT312 All You Needed to Know about Microsoft SQL Server 2008 Failover Clustering

Presenter: Gopal Ashok
Thu 11/12 | 17:00-18:15 | London 3 – Hall 7-1b
There are major architectural changes in SQL Server 2008 for failover cluster setup and management, geared towards increased reliability and high-availability. To learn all the benefits and changes, attend this session for a comprehensive overview direct from the product development group. We cover SQL Server 2008 failover clustering setup, underlying Windows Server cluster and how SQL Server uses it, what’s new in SQL Server 2008 for failover clustering, differences from previous versions of SQL Server and future directions. This includes details of SQL Server 2008 failover clustering setup operations together with demos to illustrate the new setup.

– new features
– applications need retry mechanisms built in to provide seamless failover
– no longer have to take down the cluster to upgrade, supports rolling upgrades 

Want to deploy stretched clusters?  lots do.  As in separate geo-redundant clusters, not separate nodes e.g. 

Stretched SQL Clusters or the doodles of an artist?

Stretched SQL Clusters or the doodles of an artist?

– sql 2008 failover clustering install breaks on windows server 2008 R2 and needs to be slipstreamed with SP1 (If only we knew this last weekend!)
(slipstreaming is incorporating patches into the installation media to effect a higher level of install base over RTM – Microsoft tend to do this but not always quickly!)
see http://blogs.msdn.com/psssql/archive/2009/03/17/how-to-fix-your-sql-server-2008-setup-before-you-run-setup-part-ii.aspx for more info
– during upgrades to a 2-node cluster there will be a period of time when you are exposed to node failure, and must not have a failover attempt for fear of corruption.  removing the node from the cluster owners will stop premature attempted failover. 

Further Microsoft resources.. (will add others also) 

      SQL Server ® 2008 Failover Clustering White Paper: http://sqlcat.com/whitepapers/archive/2009/07/08/sql-server-2008-failover-clustering.aspx 

      Recommended  Books Online  Doc Refresh #7 (May, 2009), or later: http://msdn.microsoft.com/en-us/library/ms130214.aspx 

      Failover Clusters – Getting Started: http://msdn.microsoft.com/en-us/library/ms189134.aspx 

      Rolling upgrade process and best practice: http://msdn.microsoft.com/en-us/library/ms191295.aspx 

      Maintaining a Failover Cluster: http://msdn.microsoft.com/en-us/library/ms178061.aspx 

      Setup command line usage: http://msdn.microsoft.com/en-us/library/ms144259.aspx 

      Configuration.ini file usage: http://msdn.microsoft.com/en-us/library/dd239405.aspx 

Leave a Comment