Configure SharePoint - SP2 Test Installation

Overview

My first test with SP2 is a Hyper-V x64 Virtual Machine that I have setup for this purpose. I have several snapshots of this machine and right now I have it patched at SharePoint Service Pack 1. After I install this service pack I will setup a few other SharePoint solutions and applications and see how they work. We are starting at version:


I am starting with the WSS service pack and then the WSS language service pack


After the typical legalese we get:



Into the Wizard:


The wizard completed and I can now see it is at version are at 12.0.0.6421



On to the language pack:
Okay it told me it was already installed…. Interesting.


So let’s try the MOSS SP2 which contains the infrastructure update and a host of other updates. After the legalese we have the usual:


Back to the wizard:


The wizard finished and as usual Central Admin started up…. Very slowly. Everything appears in good order in Central Admin so I take a look at the SharePoint Logs and the Event Logs. About the only thing that caught my eye was a few errors during the upgrade before the wizard completed:






It appears as though all services stopped appropriately during the installation. Overall the installation seemed to go quite smoothly. Sites appear to be running and rendering correctly, now its time for a more detailed test of SharePoint features and solutions.

Configure SharePoint - What's in SharePoint Service Pack 2

Overview

SP2 for SharePoint comes in 3 pieces (WSS Service Pack, WSS Language Service Pack, Moss Service Pack) and if you download them for both 32 and 64 bit systems 6 files. One of the features I am really interest in is the Auto-Defragment database feature: http://support.microsoft.com/kb/968785. I will be measuring the effectiveness of that over time.

WSS Improvements:

Some big areas of the improvements that the Windows SharePoint Services team wanted to highlight:

• Faster, more reliable content migration and data backup and restore
• Reduced memory consumption
• Smoother upgrade experience
• Significant database performance adjustments
• Updated integration for forms authentication
• Advanced permission management
• Helpful administrative tools
• Expanded browser compatibility

List of WSS Changes: http://download.microsoft.com/download/7/A/3/7A3E2E01-5454-4427-95CB-28CE84523B0A/Windows%20SharePoint%20Services%203.0%20Service%20Pack%202%20Changes.xlsx

MOSS Improvements:

Description of fixes for SP2 (http://support.microsoft.com/kb/968785):

Microsoft Enterprise Content Management (ECM)

• Improves the performance and stability of the content deployment feature and of the Variations feature.
• Adds a new command to the Stsadm.exe tool. This tool provides the following functionality:

• Lets a SharePoint administrator use the Variations feature to scan a site for errors, report the errors, and fix certain problems.
• Finds and repairs missing peer relationships and corrupted entries in the internal variations relationships list.
• Handles the propagation of large volumes of variations content in a more manageable way.

Microsoft Office Excel and Microsoft Office Access services

• Fixes Open Snapshot so that snapshots open more reliably, even if there is no SharePoint root site.
• Fixes display issues that cause calculations to appear incorrect in some cases.
• Improves connections to cubes by using .odc files in non-English cases.
• Improves the performance of programmatic scenarios.
• Fixes conditional formatting in Mozilla Firefox browsers.
• Improves support for generating Excel Web Access Web parts on new sites.

Microsoft Office Forms Server

• Improves performance of large browser forms on InfoPath Form Services, both for memory usage and for page load time.
• Improves reliability of Forms Server and of Microsoft Office SharePoint Server by addressing the previous behavior in which an upgrade of an administrator-approved form template triggers an IIS reset.
• Improves the Digital Signature functionality for InfoPath Forms Services.

Microsoft Office Search Server

• Improves the reliability and stability of WSS crawl, of SharePoint crawl, of crawling through a very large corpus, and of backup restore.
• Introduces a new command to the Stsadm.exe tool that lets a SharePoint administrator tune the Query processor multiplier parameter. For example, the Query processor multiplier can be used to tune the query performance for SSP indexing content sources that have highly restrictive permissions and many duplicates.
• Improves the accuracy of searches that involve numbers. For example, there is additional support for large numbers in which a comma is used to separate every three digits (for example, 1,000,000), for numbers that are between 9 and 40 characters, and for numbers that are separated by spaces.

List of Changes in SP2 http://download.microsoft.com/download/4/1/F/41F3A698-55E8-40B4-A306-AD6CF1F95394/2007%20Office%20Servers%20Service%20Pack%202%20Changes.xlsx

Microsoft Blog Link: http://blogs.msdn.com/sharepoint/archive/2009/04/28/announcing-service-pack-2-for-office-sharepoint-server-2007-and-windows-sharepoint-services-3-0.aspx

I will be documenting my first installations of this very closely!

Configure SharePoint - Upgrading the Farm and KB 944267

Overview

Sometimes when I get a call to investigate a SharePoint farm, I find SharePoint servers that are partially upgraded. This can lead to disaster as database backups and site collections are in between versions, it is very important the SharePoint Products and Technologies wizards completes on all servers: http://support.microsoft.com/kb/944267. Here are some screenshots of errors where the servers in the farm failed to upgrade from standard to enterprise.

Remember if it fails to upgrade: psconfig -cmd upgrade -inplace b2b –force



You can see the Timer jobs failed:





The Configuration Wizard Failed too





The Logs:

An exception of type Microsoft.SharePoint.Administration.SPUpdatedConcurrencyException was thrown. Additional exception information: An update conflict has occurred, and you must re-try this action. The object DiagnosticsService Parent=SPFarm Name=SharePoint_Config is being updated by …\spsadmin, in the PSCONFIG process, on machine X. View the tracing log for more information about the conflict.

Microsoft.SharePoint.Administration.SPUpdatedConcurrencyException: An update conflict has occurred, and you must re-try this action. The object DiagnosticsService Parent=SPFarm Name=SharePoint_Config is being updated by …\spsadmin, in the PSCONFIG process, on machine X. View the tracing log for more information about the conflict.

at Microsoft.SharePoint.Administration.SPConfigurationDatabase.StoreObject(SPPersistedObject obj, Boolean storeClassIfNecessary, Boolean ensure)



If you look at Central Admin Timer Jobs, you can see which servers failed.

Implementing a Help Desk - Adding Controls to pages

Overview

There are some pretty cool controls that you can add to pages and people frequently ask how it is done. It’s a pretty simple process to create a new web page and add controls. Remember that you can use the web page viewer web part in SharePoint to open a url from any page. Here is how you can add a movie to a web page with SharePoint Designer:

1. Create a new web page with SharePoint Designer
2. Then Click Insert and Web Component

3. Click Customize to go to a list of custom ActiveX controls and select Windows Media Player:

4. Click OK

5. Select Windows Media Player then click Finish.
6. Right click on the windows media player.

7. Put the url in of the movie and adjust your settings.

Implementing a Help Desk - Incoming Email Support

Overview

Incoming email is a great tool that can let users publish contents to sites via mail enabled document libraries and lists.


Mail Enabling Document Libraries and Lists

You can mail enable a document library or list by going to the Settings page and then under Communications click on “Incoming Email Settings”


Then

Where did the “Incoming Email Settings” go?

It’s important to remember that incoming email support for lists is limited to a few varieties of list:

Details:

http://office.microsoft.com/en-us/sharepointserver/HA100823071033.aspx

“In Microsoft Windows SharePoint Services 3.0, a site owner can enable and configure incoming e-mail support for the following:

• Document, picture, or form library
• Announcements list
• Calendar list
• Discussion board
• Blog “

Architecting a Solution - What Place does FBA have in the Global SharePoint Environment

Overview

Forms Based Authentication is a great tool, typically used to connect users who are not in the corporate active directory. The technical issues have been pretty well outlined in the links below, but beyond the technical issues the same types of questions have come up from most service managers.

Microsoft FBA: http://msdn.microsoft.com/en-us/library/bb975136.aspx

CodePlex tool: http://fba.codeplex.com/


Typical Corporate Strategies that influence FBA:

1. Connect all users to SharePoint consistently
2. Connect 3^rd parties to SharePoint
3. Utilize a single directory as much as possible
4. Govern Access Control

Into the details:

1. Effective communication is really stressed in a global environment, and users can be confused if they have to use different URLs to access the same resource. In addition to different URLs, FBA has other limitations on how it responds to authenticated users and may not be setup to integrate with Office.
2. A great use of FBA (when used with another directory provider such as a SQL Database) is the ability to give 3^rd parties access to SharePoint without giving them access to any other resources. Considerations have to be made for publishing SharePoint externally http://technet.microsoft.com/en-us/library/cc268368.aspx
3. The disadvantage to “2.” is maintaining a separate directory which often creates issues with 4.
4. CodePlex’s tool puts control of FBA users in the hands of site collection administrators. Essentially the users make their own directory…. I wonder why IT security has a problem with this one ;-). http://fba.codeplex.com/Wiki/View.aspx?title=basic%20FBA%20user%20and%20role%20management&referringTitle=Home

So before I put in FBA, I have some business considerations to address.

Implementing a Help Desk - Configuring Automatic Authentication

Overview

In a global organization users connect to SharePoint resources from different domains and sometimes stand-alone computers. This can be very frustrating for users who access SharePoint and have to authenticate over and over again. I have found a few configurations settings that can help.


Configuring Internet Explorer and Windows to send credentials a few practical steps:

1. How to manage stored usernames and passwords:

http://support.microsoft.com/kb/306541 not in a domain

http://support.microsoft.com/kb/306992 in a domain

Go to User Accounts, Find your User Account and Click on “Manage my network passwords”

Add the computer and the username and password. Just remember if your password changes you will have to update this.

2. Make sure Internet Explorer has Integrated Windows Authentication enabled. This is the default configuration. (Tools then Internet Options then Advanced then Check the box for “Enable Integrated Windows Authentication”)

3. If you trust the site, “Trust the Site” and setup trusted sites to send the current username and password. Internet Options then Zones then Trusted Sites then Custom Level). At the very least make sure that the site shows up in your Intranet Sites and that your username and password are configured to be sent automatically for that zone.

4. Webdav and Authentication

1. There is a fix for vista: http://support.microsoft.com/kb/943280
2. Another vista fix: http://support.microsoft.com/kb/941853
3. Vista and Server 2008: http://support.microsoft.com/kb/956943
4. Vista (netbios related): http://support.microsoft.com/kb/940172

Configure SharePoint - SharePoint Versions

Overview

Keeping a folder of all SharePoint updates is critical in a Global SharePoint environment. As companies are divested and incorporated often new SharePoint farms will come into and out of existence. Some of these farms may have applications that are only supportable at a particular version of SharePoint and often I have to build a SharePoint farm at a particular version to test or replace an environment. For all these reasons and more it is important to have a complete set of patches and understand SharePoint Versions. Remember that when it comes to content databases its easy to go up but a whole lot of trouble to go down. FYI a full directory of updates will cost you about 2.5 GB. Space well spent. Keep your eye on the updates Resource Center for SharePoint: http://technet.microsoft.com/en-us/office/sharepointserver/bb735839.aspx

SharePoint Versions

12.0.0.4518 - RTM (No Patches)
12.0.0.6036 - August hotfix Package (KB941422)
12.0.0.6039 - October Public Update (KB934525)
12.0.0.6219 - SP1
12.0.0.6300 - post-SP1 hotfix (KB941422)
12.0.0.6301 - post-SP1 hotfix (KB941274)
12.0.0.6303 - post-SP1 hotfix (KB948945)
12.0.0.6318 - Infrastructure Update (KB951695 and KB951297)
12.0.0.6327 - First Cumulative Update - (KB956056 and KB956057)
12.0.0.6331 - October Cumulative update (KB957693, KB958346, KB958615, KB958714,KB958569, KB958567)
12.0.0.6335 - December Cumulative Update (KB 960011 and KB960010) - Caused a lot of Errors
12.0.0.6341 - February Cumulative Update (KB 961755 and KB 961756)
12.0.0.6421 - Service Pack 2 ( KB953334 and KB953338)

Which SharePoint Version are you:

Go to site settings from any site:

Configure SharePoint - Best Practices for Microsoft Updates

Overview

Microsoft has documented a set of best practices for SharePoint servers, and among these is the best practices to update all servers with the latest patches. This is good policy but largely incomplete and if followed without that comprehension will result in a disaster potentially worse than ignoring updates. Don’t get me wrong Ignoring Updates = Disaster.

Microsoft Best Practices Update Policy

http://technet.microsoft.com/en-us/library/cc850692.aspx

“6. Keep servers current with the latest updates

It is important to keep current by applying the latest hotfixes, updates, and service packs. These updates contain important product enhancements and improvements. However, be sure that you thoroughly test these updates on the pre-production environments before you apply them to the production environments. Follow the recommended procedure for deploying the updates, including the following:

• Turn on Windows Update to download updates automatically, but not install automatically.
• Schedule time to install updates at off-peak hours.
• For high availability, rotate servers out of service one at a time during the update process.

Make sure that you are patching the BIOS (server computers, controllers, and disks), Windows operating system, Windows SharePoint Services 3.0 and Office SharePoint Server 2007, and SQL Server.

For more information, view the presentation Understanding and deploying hotfixes, public updates, and service packs (http://go.microsoft.com/fwlink/?LinkId=123927&clcid=0x409), and see the Updates Resource Center for SharePoint Products and Technologies (http://go.microsoft.com/fwlink/?LinkID=106182&clcid=0x409).”

Microsoft Best Practices Securing your Web Server

http://msdn.microsoft.com/en-us/library/aa302432.aspx#c16618429_009

“Steps for Securing Your Web Server

The next sections guide you through the process of securing your Web server. These sections use the configuration categories introduced in the "Methodology for Securing Your Web Server" section of this chapter. Each high-level step contains one or more actions to secure a particular area or feature.

Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9

Patches and Updates IISLockdown Services Protocols Accounts Files and Directories Shares Ports Registry

Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 Step 17

Auditing and Logging Sites and Virtual Directories Script Mappings ISAPI Filters IIS Metabase Server Certificates Machine.config Code Access Security

“

Step Number 1 for Securing your web server -> Patches and Updates

Aligning Microsoft Best Practices to the SharePoint Implementation

Production SharePoint implementations require supporting farms. These farms can be physical or virtual, but the closer they are in architecture and content to the production site the more useful they are.

SharePoint Farms to Support the Production Farm

• Developers Sandbox Farm
• SharePoint Admin’s Sandbox Farm (if you can’t share)
• Development Farm
• Staging Farm

Many of the Microsoft SharePoint Service Packs and Hot fixes have caused issues. A few come to mind right away: SharePoint Portal Server 2003 SP3 and MOSS Post Service Pack 1 Hot fix to version 12.0.0.6300. Remember: SharePoint Service Packs cannot be uninstalled. So a good policy has to be established to test patches and make sure they are fully deployed in the environment.

I recommend a virtual environment for the Sandboxes (and incidentally so does Microsoft) you can snapshot these environments before patching. After thoroughly testing the Sandbox (Minimum 1 month of testing) they can be applied to the development, staging and production farms in that order. Never apply patches in production as they immediately become available, it is worthwhile to note that Microsoft has not rated a SharePoint patch as Critical yet.

A good strategy is to apply the latest service packs but only apply updates as required. Even MS says:

"If you are not severely affected by any of these problems, we recommend that you wait for the next 2007 Office suites service pack that contains the hotfixes in these cumulative update packages."

Architecting a Solution - Moving IIS Logs into SQL Server: To Cache or not to Cache, that is the question.

Overview

The Ages old method of directly sending IIS logs to SQL works well for SharePoint Collaboration Farms. This is so for several reasons:

• Collaboration servers tend to work with a lot of file content
• Collaboration servers tend to work with a fixed number of users in specific environment
• Logs for Collaboration servers tend to be smaller than for publishing servers that have static content published to a large group of users (read Internet)

Although Microsoft recommends not using OBDC logging on high activity web servers, typical SharePoint collaboration servers do not respond to user requests the same way as high activity publishing sites. If your SharePoint Collaboration farm is responding poorly to obdc logging your farm is probably already overworked or incorrectly configured. Plan for performance with hardware load balanced web front end servers and enough SQL Servers on a fast SAN.

Kernel Mode Caching and the MOSS 2007 Boost

• MOSS 2007 was designed to take further advantage of Kernel Mode Caching which is disabled when you send logs directly to SQL however there are quite a few limitations with KMC: http://support.microsoft.com/kb/817445

• Web pages must not have security restrictions. In other words, the request must be anonymous and not require authentication. The HTTP.sys driver only caches anonymous responses. http://www.eggheadcafe.com/articles/20050613.asp

• Collaboration Content Caching there are some good details in this article: http://blogs.msdn.com/sharepoint/archive/2006/02/27/539689.aspx

So if your Collaboration farm could benefit from iis logging directly into SQL here are the keys to success:

Indiana Jones Style Ancient Key to success (a really old KB):
http://support.microsoft.com/kb/296085

Slightly more updated:
http://support.microsoft.com/kb/245243


Can you do OBDC Logging in IIS 7? YES.

Make sure that you have ODBC Logging installed.


In IIS 7 setting up the web app for obdc logging is quite a process, you will have to use the command line. Here is a good link for the operation:
http://weblogs.asp.net/steveschofield/archive/2007/12/20/iis7-post-57-how-to-setup-odbc-logging-in-iis-7-0.aspx

IIS 7 Caching:
“HTTP Cache Improves performance by returning a processed copy of a requested Web page from cache, resulting in reduced overhead on the server and faster response times. IIS 7.0 supports several levels of caching including output caching in user mode and output caching in kernel mode. When you enable kernel-mode caching, cached responses are served from the kernel rather than from IIS user mode, giving IIS an extra boost in performance and increasing the number of requests IIS can process.” http://technet.microsoft.com/en-us/library/cc268244.aspx

Configure SharePoint - Logging Verbosity

Overview

Diagnostic logging is important to SharePoint to identify problems. Key points for diagnostic logging:

• Frequently review your log files, this should be a scheduled activity
• As a performance benefit separate your logs from your OS. (http://technet.microsoft.com/en-us/library/cc850692.aspx)
• Fine Tune Logging

Fine Tune Logging
Central Administration -> Operations -> Diagnostic Logging