A few comments on ABE:
- ABE can NOT be used to control visibility of SHARES, just control visibility of folders and files within a share
- ABE can be used to control visibility of DFS Folders within a DFS Namespace
- KB Article 907458 describes how to do this, but IMHO it is wrong, saying CACLS has to be used on the DFS folder (they call it link, which it was called in a pre Windows 2003 R2 environment, the new GUI calls it folders instead of links).
Instead of using CACLS \\DOMAIN\DFSNAMESPACE\FOLDER use CACLS x:\DFSROOTS\DFSNAMESPACE\Folder where C:\DFSROOTS is the DFS root folder you've chosen when adding the server as a namespace server. This will have to be performed on every namespace server hosting the DFS Namespace.
You still have to enable ABE on the DFSROOT.
Update 20080528: Please be aware that SP1 for SCCM 2007 has been released, so I advise to upgrade your installation to SP1 instead of the mentioned hotfix.
If you want to manage clients with Windows 2008 and Vista SP1 with the RTM version of System Center Configuration Manager 2007, you can ask MS support for hotfix 950527.
See: http://support.microsoft.com/kb/950527
Just a small typo correction in the hotfix text: if you have a separate SQL server, do NOT run the hotfix on the SQL server box.
then Instead, run it on the SCCM site server, then go into %ProgramFiles%\Microsoft Configuration Manager\Logs\KB950527\
and open update.sql in a query against the site database on your SQL server box.
Before you actually run the query, stop: SMS_EXECUTIVE and SMS_SITE_COMPONENT_MANAGER
on the Site server, then after running the SQL statement, start those services again.
Try this: create a sharepoint site with forms based authentication - log in - DO NOT click "Sign me in automatically".
Then open an Office document from a document library. Or rather try to.
"The file you are trying to open, "filename.xls", is in a different format than specified by the file extension. Verify that the file is not corrupt and is from a trusted source before opening the file. Do you want to open the file now?".
For our german readers and the sake of google, here the whole box in german:
"Sie versuchen eine Datei zu öffnen, 'filename.xls', deren Format von dem in der Dateierweiterung angegebenen abweicht. Stellen Sie sicher, dass die Datei nicht beschädigt ist und aus einer vertrauenswürdigen Quelle stammt, bevor Sie die Datei öffnen. Möchten Sie die Datei jetzt öffnen?"
When you actually open it in excel, you do see a strange page with a login form.
Workaround: check "Sign me in automatically" at the login page - then this behaves as normal.
I'll try to raise this issue with Microsoft - I'll blog the result here.
For the past few days - I've installed a demo system to the show enterprise voice capabilities of Office Communications Server 2007.
We've found a reasonably attractive solution for a small enterprise like ours to install the components and connect a mediation server to ISDN.
Ferrari electronic AG - a Germany based producer of office integration systems - both hardware and software - offers a small box (you can get it as an internal card as well) which serves as a voip/isdn gateway for Exchange 2007 unified messaging (Exchange 2007 UM) and Office Communications Server 2007.
We acquired the version which offers 4 S0 ports - with a simple ethernet port on the other side.
First of all, OCS2007 seems far more complex than most other Microsoft server backend products that I've come accross - basically because it doesn't offer out of the box functionality for what we wanted to achieve - enterprise voice.
You do need to install at least 2 servers for a pure internal use - at least 3 if you want to access OCS features over the internet.
And don't forget you do need a SQL backend server if you want to use the enterprise version of OCS.
Anyway, getting the OfficeMaster Card/Gate to run is quite simple - the only tricky part is to create normalization rules for incoming and outgoing phone numbers - as OCS 2007 internally speaks the E.164 format (+countrycodeareacodenumber) without any spaces or dots or zeros at the beginning. And ISDN (at least over here in Stuttgart, Germany) uses a single 0 to signal in country and 00 for out of country calls - and no 0 for in city calls.
On the mediation server settings, just set the IP of the box under PSTN Gateway next hop - port 5060 is fine.
Cheers
Frank
Appendix - incoming and outgoing rules in the OfficeMaster Card/Gate configuration utiliy
These rules work for our demo environment - using 2 of our external ISDN S0 ports.
Incoming rules
Set your mediation server IP (or probably your Exchange 2007 UM IP if only using Exchange 2007 UM (I haven't verified functionality yet)) in all incoming rules
1- foreign
Called Party Number: (.*) - replace with: +49711\1
Calling Party Number: (00)(.*) - replace with: +\3
Calling Party Number 2: (.*) - replace with: \4
Redirected Number: (.*) - replace with: \5
do not use other rules
2- same country
Called Party Number: (.*) - replace with: +49711\1
Calling Party Number: 0(.*) - replace with: +49\2
Calling Party Number 2: (.*) - replace with: \3
Redirected Number: (.*) - replace with: \4
do not use other rules
3- rest
Called Party Number: (.*) - replace with: +49711\1
Calling Party Number: (.*) - replace with: +49711\2
Calling Party Number 2: (.*) - replace with: \3
Redirected Number: (.*) - replace with: \4
do not use other rules
outgoing rules
1- same country
Called Party Number: (\+49)(.*) - replace with: 0\2
Calling Party Number: (\+49711)(.*) - replace with: \4
Redirected Number: (.*) - replace with: \5
do not use other rules
2- foreign
Called Party Number: (\+)(.*) - replace with: 00\2
Calling Party Number: (\+49711)(.*) - replace with: \4
Redirected Number: (.*) - replace with: \5
do not use other rules
3- rest
Called Party Number: (.*) - replace with: \1
Calling Party Number: (\+49711)(.*) - replace with: \3
Redirected Number: (.*) - replace with: \4
do not use other rules
Your IIS Admin console looks empty with "the path specified cannot be used at this time" error ?
Got Sharepoint on the same server?
Sharepoint can't create new web applications?
Check the following Hotfix: http://support.microsoft.com/kb/946517
Cheers, Frank
If you experience strange behaviour in DFSR Health Reports - like detailed replicated folder listing not showing or folder show twice - this one might be for you.
Check [DriveLetter]\System Volume Information\DFSR\Config for XML files. Do you see more than one?
Wmic /namespace:\\root\microsoftdfs path DfsrVolumeInfo
Stop the DFSR service.
Copy the XML file that is NOT shown in the WMIC output to a safe location. Delete the original file.
Run regedit, make an export of HKLM\System\CurrentControlSet\Services\Dfsr\Parameters\Volumes.
Delete the key that corresponds to the XML file.
Restart the DFSR service.
Use at your own risk!
Here is a script I've found a few months ago that will disable ISA server DNS queries - e.g. if used with an upstream proxy server.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")
' Declare the other objects needed.
Dim isaArray ' An FPCArray object
Dim webProxy ' An FPCWebProxy object
Dim restartMask ' A 32-bit bitmask of type FpcServices
' Get references to the array object
' and the Web proxy object.
Set isaArray = root.GetContainingArray()
Set webProxy = isaArray.ArrayPolicy.WebProxy
' Configure the Web proxy to skip name resolution
' while checking access and routing rules and save
' the new configuration.
msgbox "old value: " & webProxy.SkipNameResolutionForAccessAndRoutingRules
webProxy.SkipNameResolutionForAccessAndRoutingRules = True
restartMask = webProxy.GetServiceRestartMask
webProxy.Save
' Restart the Firewall service so that
' the change will take effect.
isaArray.RestartServices restartMask
WScript.Echo "Done!"
After putting in a few tries with writing a proxy.pac file for Internet Explorer, here are some random comments:
- to access a pac file on a server, use the format: file:// - and use / instead of \ for directory separation
- this means, to access a share on a file server (I've used the group policy directory itself to publish the pac file), use file://// (4 slashes) + the file server.
- To have a failover configuration with a second proxy server, use the word "PROXY" in front of the proxy server name every time. Most samples on the internet were actually stating this differently.
return "PROXY proxyserver1.domain.com:8080; PROXY proxyserver2.domain.com:8080";
instead of
return "PROXY proxyserver1.domain.com:8080; proxyserver2.domain.com:8080";
- it is possible to have more than two PROXY values, I've tried to enter 8 different hostnames with all of them existing, only the last one working - this worked. IE7 tried for about 1 second to get an answer from each proxy if the host is alive and about 30 for a host that is down and then successfully uses the 8th proxy entry.
- use "shExpMatch()" instead of the other functions to detect host names, I've found the other functions to be flaky, maybe because they do DNS lookups. I've only used isPlainHostName() and shExpMatch() - so far without issues.
Sometimes I'm just grateful for others to find out about those tricky details.
This excellent post http://www.eventlogblog.com/blog/2007/11/setting-service-permissions-wi.html describes how to use subinacl.exe to give a user permissions to start and stop services. I've seen the method using security templates and find the subinacl.exe version much easier for a quick & dirty fix.
Thanks Ingmar!
Here an example of a script:
--------------------------------------------------------------------------------------------------------------------------
rem Frank Grossmann 2007
rem give user right to start and stop certain services
rem download windows resource kit tools first (or single download subinacl.exe)
rem do a sc \\machine query > servicelist.txt first to get service names of a machine
SET WHICHUSER=DOMAIN\USERNAME
c:
cd "\program files\windows resource kits\tools"
subinacl /service OracleDBConsoleinteg /GRANT=%WHICHUSER%=TO
subinacl /service OracleOraDb10g_home1iSQL*Plus /GRANT=%WHICHUSER%=TO
subinacl /service OracleOraDb10g_home1TNSListener /GRANT=%WHICHUSER%=TO
subinacl /service OracleServiceINTEG /GRANT=%WHICHUSER%=TO
cd\
A site was upgraded from WSS 2 to WSS 3 / Sharepoint 2007.
We've had some minor issues with this site - until we found one issue we couldn't solve: InfoPath Forms could not be published as web forms to this site.
We found out that other sites on the same server which were not upgraded previously did not have this issue.
Well, let's create a new sharepoint installation from scratch and then do a content deployment job to see if this will solve the issue.
1st of all the content deployment job would only import objects in the new site if I set "Security information in the content deployment" to None. I'm not sure if I'm supposed to setup the Users on the new site first or how this is supposed to be working.
The job log looked terrible, here some excerpts:
11/14/2007 3:18 AM The setup path is from Windows SharePoint Services version 2.0 and was not upgraded to version 3.0 Lists/AnfragenAngebote/AllItems.aspx
11/14/2007 3:18 AM The setup path is from Windows SharePoint Services version 2.0 and was not upgraded to version 3.0 Lists/AnfragenAngebote/DispForm.aspx
11/14/2007 3:18 AM The setup path is from Windows SharePoint Services version 2.0 and was not upgraded to version 3.0 Lists/AnfragenAngebote/EditForm.aspx
11/14/2007 3:18 AM The setup path is from Windows SharePoint Services version 2.0 and was not upgraded to version 3.0 Lists/AnfragenAngebote/NewForm.aspx
These 4 forms were not exported for all those lists that were created long time ago using WSS 2.0.
However, the jobs succeeded and imported most items successfully into the new site.
In the new site (which looked fine otherwise, except for the missing information on item creators), when trying to add a new item to a list, the error appears "Invalid Page URL:" and nothing happens.
When trying to edit an item the page would reload on the start page of the site.
First I've tried SharePoint designer to copy another NewForm.aspx from another list, but that would actually reference items specific to that list in the ListFormWebPart. I haven't succeeded in changing the values so that in the end it would work.
Next I've tried going through the different SQL tables to see if I could solve this issue by tweaking the list settings in dbo.AllLists, it seems that the WebPart from dbo.WebParts was missing anyway.
Even MS doesn't offer a solution to this issue, instead the KB article http://support.microsoft.com/kb/935504/en-us suggests to recreate the list from scratch. Nice.
You know what worked in the end: Use Sharepoint Designer 2007, open up both sites in two windows, drag and drop the missing forms (AllItems.aspx, DispForm.aspx, EditForm.aspx, NewForm.aspx) into the same place on the new site.
Setting up SSO was a pain!
- User ... failed to configure the single sign-on server. The error returned was 0x80630005. Verify this account has sufficient permissions and try again.
- You do not have the rights to perform this operation
The GUI says: Single Sign-On Administrator Account
In the Account name box, type the name of the group or user account that can set up and manage the single sign-on service. This account must be a member of the same domain to which the single sign-on service account belongs.
Solution: Even though the GUI says SSO Administrator account, use the service account you used for the Microsoft SSO service to log on to the machine, call up the administration website and enter this account here!
This is completely stupid, as you'd normally never log on interactively as a service account.
After requesting an and applying Windows Sharepoint Services 3.0 hotfix 936867 our Sharepoint stopped working completely.
I've found the following error messages in the application log:
Event Type: Error
Event Source: Windows SharePoint Services 3
Event Category: Topology
Event ID: 5617
Date: 23.08.2007
Time: 17:57:34
User: N/A
Computer: WEB3
Description:
The schema version (3.0.149.0) of the database SharePoint_AdminContent_f80b1f17-ff1d-4df2-93d3-66bbbaf5790f on x64a is not consistent with the expected database schema version (3.0.150.0) on WEB3. Connections to this database from this server have been blocked to avoid data loss. Upgrade the web front end or the content database to ensure that these versions match.
Solution: called "stsadm -o upgrade -inplace -url http://{central_admin_url}"
That seemed to have solved the problem.
-> related KB Article Number(s): 934577, 935958, 936867, 937038
The story goes on...
I've attempted to run a repair installation of WSS 3.0 before finding the above mentioned solution - this seemed to have reset some other settings and we then did get some other sharepoint related errors in the application log.
Therefore I wanted to try the patch again. Unfortunately the patch did not run again, always exited with the error that the system were up to date already.
So we've run the patch with the "/extract:" option to get the sts.msp file.
Running that worked but obviously did not succeed completely.
Event Type: Error
Event Source: Windows SharePoint Services 3
Event Category: Timer
Event ID: 6398
Date: 24.08.2007
Time: 10:13:44
User: N/A
Computer: WEB3
Description:
The Execute method of job definition Microsoft.SharePoint.Administration.SPUpgradeJobDefinition (ID 8a563582-7181-417a-992f-1300d3474227) threw an exception. More information is included below.
Requested registry access is not allowed.
Event Type: Error
Event Source: SharePoint Products and Technologies Configuration Wizard
Event Category: None
Event ID: 104
Date: 24.08.2007
Time: 10:13:46
User: N/A
Computer: WEB3
Description:
Failed to upgrade SharePoint Products and Technologies.
Failed to upgrade SharePoint Products and Technologies. Further information regarding this failure can be found at E:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\LOGS\Upgrade.log.
An exception of type Microsoft.SharePoint.PostSetupConfiguration.PostSetupConfigurationTaskException was thrown. Additional exception information: Failed to upgrade SharePoint Products and Technologies.
Microsoft.SharePoint.PostSetupConfiguration.PostSetupConfigurationTaskException: Exception of type 'Microsoft.SharePoint.PostSetupConfiguration.PostSetupConfigurationTaskException' was thrown.
at Microsoft.SharePoint.PostSetupConfiguration.UpgradeTask.Run()
at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()
Event Type: Error
Event Source: SharePoint Products and Technologies Configuration Wizard
Event Category: None
Event ID: 100
Date: 24.08.2007
Time: 10:13:48
User: N/A
Computer: WEB3
Description:
Configuration of SharePoint Products and Technologies failed. Configuration must be performed in order for this product to operate properly. To diagnose the problem, review the extended error information located at E:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\LOGS\PSCDiagnostics_8_24_2007_10_9_34_258_1671849275.log, fix the problem, and run this configuration wizard again.
So we've got to run the Configuration wizard again...
Started sysinternals procmon and started configuration wizard: that now fails with "Requested registry access is not allowed."...
I've remembered Soeren Nielsens post at: http://soerennielsen.wordpress.com/2007/06/ - and indeed I've found access denied messages related to certificates and put myself into the two WPG groups...
However, the error running Configuration wizard is still the same...
I'm posting this because it took me two hours to find - I've received an error that no Exchange 2007 server running the address list service could be found when trying to move a mailbox.
First of all the "Microsoft Exchange System Attendant" service stopped, I've set that to auto-restart.
Secondly, cause 2 (no inherited permissions on the address lists, use adsiedit to correct) solved the issue:
http://support.microsoft.com/kb/935636
Fix PDF in search of WSSS 3.0 and MOSS 2007
- Install Acrobat Reader 8 on the Sharepoint Webserver
- get a PDF icon in GIF format, e.g. pdf16.gif see this post: http://msmvps.com/blogs/cgross/archive/2004/10/26/16679.aspx
- save it into \program files\common files\microsoft shared\web server extensions\12\template\images
- make sure ACLs fit! Right click the file, Security, Advanced, "Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with the entries explicitely defined here."
- edit \program files\common files\microsoft shared\web server extensions\12\template\xml\docicon.xml and add the pdf extension
add the line just above the png mapping: <Mapping Key="pdf" Value="pdf16.gif"/>
- go into your shared services provider, search settings, file types, add file type,
add file extension PDF, the icon should appear!
for WSS 3.0 search:
- add Value named "38" as String value (assuming 1 to 37 are filled) to HKLM\Software\Microsoft\Shared Tools\Web Server Extensions\12.0\Search\Applications\{ANYGUID}\Gather\Search\Extensions\Extensionlist and set "PDF" as the value.
-> see KB Article for reference: http://support.microsoft.com/kb/927675/en-us
then:
http://blogs.msdn.com/ifilter/archive/2007/03/29/indexing-pdf-documents-with-adobe-reader-v-8-and-moss-2007.aspx
for safety, I'll copy the settings mentioned in this article:
The version 8 of the adobe reader has some significant architectural changes (for the better of course) including an inbuilt IFilter to index PDF documents. Previously the adobe IFilter was available as a seperate download. This new change in architecture compromised the ability to search pdf documents from within MOSS 2007. However, the pdf filter works fine with WDS 3.0 . While many consultants recommend that if we're to index pdf documents through MOSS 2007, we use the the v.6 of adobe IFilter and if we want to index pdf documents through WDS 3.0 or higher, we use the v.8 of adobe reader. But what if we wanted to index pdf documents using both WDS and MOSS 2007?!!! Here's how you can use MOSS 2007 with adobe reader v.8, the version currently patronized by WDS:)
1. Download Adobe Reader v.8 .
2. Add the filter-extension to the File types crawled:
Start -> Program -> Microsoft Office Server -> SharePoint 3.0 Central Administration -> <Name of SharedService Provider> -> Search Settings -> File Types -> New File Type (Add extension pdf here)
3. Modify the following Registry keys by changing their "Default" value to the new CLSID of the Adobe IFilter: {E8978DA6-047F-4E3D-9C78-CDBE46041603}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office
server\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.pdf
Default --> {E8978DA6-047F-4E3D-9C78-CDBE46041603}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server
Extensions\12.0\Search\Setup\ContentIndexCommon\Filters\Extension\.pdf
Default --> {E8978DA6-047F-4E3D-9C78-CDBE46041603}
4. Add the Installation directory of the Adobe Reader v.8 to the System Path. For example, if the Reader is installed on "D:\Program Files\Adobe", then add "D:\Program Files\Adobe\Reader 8.0\Reader" to the system path by:
--> Right Click on My Computer -> Properties -> Advanced -> Environment Variables -> Path (Under System Variables) -> Edit -> (Add "D:\Program Files\Adobe\Reader 8.0\Reader").
This effectively tells the adobe IFilter where to pick up the dependent DLLs.
5. Recycle the search service: > net stop osearch
> net start osearch
Sources:
Deb Haldar's Article on how to get AdobeReader8 Ifilter to work:
http://blogs.msdn.com/ifilter/archive/2007/03/29/indexing-pdf-documents-with-adobe-reader-v-8-and-moss-2007.aspx
Specify file types to crawl:
http://technet2.microsoft.com/Office/en-us/library/0f60c820-83c7-4d2b-99f2-8c49cff494481033.mspx?mfr=true
Limit or increase the quantity of content that is crawled:
http://technet2.microsoft.com/Office/en-us/library/51caa05d-b0bb-4598-bcc8-82d2723ba6101033.mspx?mfr=true
File types and IFilter reference:
http://technet2.microsoft.com/Office/en-us/library/09357d8e-37b9-4e96-b8fd-f17b990d010a1033.mspx?mfr=true
Now you've downladed all the Server Admin Templates from Microsoft from http://www.microsoft.com/downloads/details.aspx?FamilyID=5807b5ef-57a1-47cb-8666-78c1363f127d&DisplayLang=en and see that you'll have to individually import them using stsadm.exe.
Here is a little shortcut for you.
Start AllTemplates.exe and extract all files into a directory.
Create a .cmd file called deploy.cmd with the following content:
"C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN\stsadm.exe" -o addsolution -filename %1
"C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN\stsadm.exe" -o deploysolution -name %1 -allowgacdeployment -immediate
Create another .cmd file called startdeploy.cmd with the following content:
"C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN\stsadm.exe" -o addsolution -filename ApplicationTemplateCore.wsp
"C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN\stsadm.exe" -o deploysolution -name ApplicationTemplateCore.wsp -allowgacdeployment -immediate
"C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN\stsadm.exe" -o copyappbincontent
call dodeploy AbsenceVacationSchedule.wsp
call dodeploy ApplicationTemplateCore.wsp
call dodeploy BudgetingTrackingMultipleProjects.wsp
call dodeploy BugDatabase.wsp
call dodeploy CallCenter.wsp
call dodeploy ChangeRequest.wsp
call dodeploy ComplianceProcessSupport.wsp
call dodeploy ContactsManagement.wsp
call dodeploy DocumentLibraryReview.wsp
call dodeploy EventPlanning.wsp
call dodeploy ExpenseReimbursementApproval.wsp
call dodeploy HelpDesk.wsp
call dodeploy InventoryTracking.wsp
call dodeploy ITTeamWorkspace.wsp
call dodeploy JobRequisition.wsp
call dodeploy KnowledgeBase.wsp
call dodeploy LendingLibrary.wsp
call dodeploy PhysicalAssetTracking.wsp
call dodeploy ProjectTrackingWorkspace.wsp
call dodeploy RoomEquipmentReservations.wsp
call dodeploy SalesLeadPipeline.wsp
Call startdeploy.cmd.
More Posts
Next page »