Thanks to @kelvin_hoyle for pointing this one out, the .NET Security patch MS13-052 is causing issues with SharePoint. For now, it is recommended to not deploy MS13-052 to SharePoint servers. See this TechNet thread for further details.
SharePoint 2010 Service Pack 2 has been released! SharePoint Foundation: http://www.microsoft.com/en-us/download/details.aspx?id=39646 SharePoint Server: http://www.microsoft.com/en-us/download/details.aspx?id=39672 Project Server: http://www.microsoft.com/en-us/download/details.aspx?id=39657 Office Web Apps: http://www.microsoft.com/en-us/download/details.aspx?id=39659 The major additions to this Service Pack are IE10 and Server 2012 support. The Server 2012 support will require a full SharePoint 2010 SP2 ISO from Microsoft. Note the June 2013 Cumulative Update is a post-Service Pack 2 update.
In the June 2013 Cumulative Update for SharePoint 2013, if you modify the navigation settings of a Basic Search Center (/_layouts/15/AreaNavigationSettings.aspx), the OK button generates the following error: [crayon-51f48dcfc2812844176261/] To work around this, on the Navigation Settings page, you can create a node under “Structural Navigation: Editing and Sorting”. By placing a node underneath the Global or Current Navigation nodes, the error is bypassed.
So what makes a great SharePoint Administrator? These are my thoughts on things to look for in a great SharePoint Administrator; someone who will be responsible for one of the companies’ most important collaboration and information platforms. Before we get to the technologies, basic troubleshooting skills are a must. Without the basics, a SharePoint Administrator may not have the appropriate knowledge to troubleshoot the appropriate technology. As much as I hate to say it, SharePoint farms will have problems. From mild, to irritating, to severe. Without core troubleshooting abilities of Windows systems and the various first and third party tools involved in troubleshooting, identifying the root cause and potential solution can be a significant challenge. I’m presenting these technologies in what I feel are order of importance, from least to most important. DNS DNS is a requirement to understand how the hostnames for the Web Applications are looked up. Troubleshooting with nslookup can also help a SharePoint Administrator diagnose various end user accessibility issues. Active Directory A basic understanding of Active Directory is important for the SharePoint Administrator. If a SharePoint Administrators manages the User Profile Service, works with users across Domain Trusts, handles Incoming Email, or works with Kerberos, a more in-depth Active Directory knowledge base is required. Virtualization If virtualization is being used for the SharePoint and/or SQL Servers, the SharePoint Administrator should be able to identify and provide information on how virtualization can affect SharePoint and the restrictions Microsoft has in place for SharePoint (e.g. no dynamic memory, time synchronization, snapshotting, and so forth). SQL Server I usually put this one ‘low’ on the need-to-understand list, but SQL is important. The good thing about being a SharePoint Administrator is you do not have to understand the internal structure of SharePoint databases; they should be treated as a ‘blackbox’ (and if you have DBAs, let them know this, too!). This means the focus is on server administration. Making sure the SQL instance is configured correctly for SharePoint, maintenance plans are in place, and performance of the instance is monitored. If using SQL high availability, follow Microsoft SharePoint guidelines surrounding high availability methods. IIS, ASP.NET, and the .NET Framework Next in line for skills would be an in depth understanding of IIS and it’s relationship with the .NET Framework and ASP.NET. A SharePoint Administrator should have a throughough understanding of IIS Sites, Application Pools, configuration files (machine, applicationHost, and web.configs). In addition, an understanding of how IIS handles user authentication (AuthN) is a must. SharePoint Of course, knowing SharePoint is one of the most important parts of being a SharePoint Administrator. They need to understand an ever growing amount of core concepts behind managing and maintaining a SharePoint farm, often expanding into Microsoft’s BI stack, Office Web Apps, and Project Server. PowerShell (SharePoint Management Shell) PowerShell skills are very high up on the ‘must have’ for a good SharePoint Administrator. Certain things in SharePoint can only be done via PowerShell or are significantly more efficient to do in PowerShell. Other things, such as creating a repeatable environment, can also only be done via PowerShell. Every SharePoint Administrator should know, understand, love, and enjoy using PowerShell day in and day out. And here is where I believe a good SharePoint Administrator evolves into a great SharePoint Administrator. Blurring that line between Administration and Development, a SharePoint Administrator should have limited knowledge of C# and process debugging. Many issues that are encountered in SharePoint are often internal to the SharePoint code itself. Knowing how to read C# and being able to use tools like .NET Reflector to decompile and run SharePoint code through the Visual Studio debugger will provide a SharePoint Administrator with that final bit of troubleshooting that may allow them to avoid the bug in the first place, identify a work around, work with PSS, or keep an eye out for future resolutions to the particular bug. Unfortunately, as with a lot of Microsoft software, stack traces or error messages themselves do not provide a complete view of the issue at hand. It isn’t until looking under the covers does the error become apparent. I would strongly urge any SharePoint Administrator who hasn’t taken that last step to try it out. Find a known issue in a SharePoint Cumulative Update and try to identify the bug itself in the Visual Studio debugger. A new world of troubleshooting will open up, and it can be quite rewarding. In addition, I believe you’ll also discover “how” things work in SharePoint. This is what I believe makes a great SharePoint Administrator. What is your take on what makes a great SharePoint Administrator? I’d love to hear your thoughts! Please feel free to post a comment.
Information Rights Management (IRM) allows users to restrict how documents are handled. With SharePoint, IRM settings are applied at the List/Library level. When a document is added to an IRM-enabled Library, the IRM is stripped from the document. When that document is downloaded from the Library, the document has the IRM settings from the Library applied to it. This allows SharePoint to crawl the content. You can use PowerShell to manage IRM settings for each Library, and it is straightforward. Properties that use the InformationRightsManagementSettings are available in SharePoint 2013 only. First, bind to the Web and the List: [crayon-5200c71bd340d918904985/] When making a change to a list property, make sure to call the Update() method, for example: [crayon-5200c71bd341b792590930/] Here are the various settings you can apply. I’ll be translating from the SharePoint UI to the PowerShell property. Restrict permissions on this library on download [crayon-5200c71bd3425044555800/] Create a permission policy title [crayon-5200c71bd342e714145216/] Add a permission policy description: [crayon-5200c71bd3436016603334/] Do not allow users to upload documents that do not support IRM [crayon-5200c71bd343f046458395/] Stop restricting access to the library at [crayon-5200c71bd3447929649754/] Prevent opening documents in the browser for this Document Library [crayon-5200c71bd344f434938607/] Allow viewers to print [crayon-5200c71bd3458220313937/] Allow viewers to run script and screen reader to function on downloaded documents [crayon-5200c71bd3460367082309/] Allow viewers to write on a copy of the downloaded document [crayon-5200c71bd3468305419199/] After download, document access rights will expire after these number of days (1-365) [crayon-5200c71bd3471864861232/] Users must verify their credentials using this interval (days) [crayon-5200c71bd3479674684603/] Allow group protection. Default group: [crayon-5200c71bd3482260173351/] As noted, those properties in InformationRightsManagementSettings are not available in SharePoint 2010. However, you can manipulate the properties directly. Again, get the list object into a variable. Permission policy title: [crayon-5200c71bd348b016437298/] Permission policy description: [crayon-5200c71bd3494510671931/] Allow users to print documents [crayon-5200c71bd349c441939681/] Allow users to access content programmatically [crayon-5200c71bd34a4178405673/] Users must verify their credentials every: [crayon-5200c71bd34ad806741289/] Stop restricting permission to documents in this library on: [crayon-5200c71bd34b5314939950/]
Each SharePoint Document Library is capable of accepting Incoming Email. Here is how to manage the settings via PowerShell. In SharePoint 2010, the SharePoint Management Shell must run as the Application Pool account when setting the EmailAlias property. Other properties can be set as a standard Shell Admin user. First, bind to the Web and the List: [crayon-5200c71bd285d211621922/] When making a change to a list property, make sure to call the Update() method, for example: [crayon-5200c71bd286b291682200/] Here are the various settings you can apply. I’ll be translating from the SharePoint UI to the PowerShell property. E-mail address (note this also sets Allow this document library to receive e-mail?) [crayon-5200c71bd2876844822886/] Group attachments in folders? [crayon-5200c71bd287f609309001/] Overwrite files with the same name? [crayon-5200c71bd2887047975996/] Save original e-mail? [crayon-5200c71bd2890936319050/] Save meeting invitations? [crayon-5200c71bd2898924958000/] E-mail security policy: [crayon-5200c71bd28a1557674961/] To disable Incoming Email on a Library, simply run: [crayon-5200c71bd28a9182525871/]
This is tangibly related to SharePoint and this took me awhile to figure out the correct syntax. I’ve been building a SQL AG on Server 2012 with the Core installation option. To accomplish this, you will need a workstation with SQL Management Studio installed (which also installed the SQL PowerShell module). Some background on this setup: 2 servers with Windows Server 2012 and SQL Server 2012 SP1 CU5 3 network adapters per server Features installed (note that “D:” has the Windows Server ISO loaded) on the servers: [crayon-5200c71bd19b3440395112/] IP all of the adapters appropriately. Next, rename the secondary and tertiary network adapters for clarity: [crayon-5200c71bd19c2633051971/] Note that you may want to disable or modify the Firewall Policy for the “Domain” and “Private” profiles. You can do this via the Set-NetFirewallProfile cmdlet. On the client workstation with the RSAT tools installed (Failover Cluster), run the following to import the Failover Cluster module, create the cluster with a static IP address, then rename the network adapters to fit the adapter name on the server. Finally, set the Ethernet adapter (this is the adapter that is used for standard client to server communication) Host Record TTL to 300 seconds. [crayon-5200c71bd19cd877534054/] Next, on each server, install SQL via batch script. Real quick hint here, make sure to exit the PowerShell prompt prior to running this. The SQL installation media needs .NET 3.5, but because we’re running Server 2012 and PowerShell 3.0, we’re using .NET 4. This will cause the installation to fail. The following will install SQL Server 2012 with the Database Engine, SQL Agent, Replication, Integration Services, and Client Connectivity with the specified username and password to the E: drive while the CD/ISO is present in the D: drive. Do not forget to edit the /PID value. It will also enable TCP/IP connectivity to the instance. [crayon-5200c71bd19d8018918680/] Once complete, download SQL Server 2012 SP1 and I’ve chosen to also install CU5. Once downloaded, extract the executable using the following command, making sure to extract each package to a unique path: [crayon-5200c71bd19e5451029078/] Next, for each package, run: [crayon-5200c71bd19ee879232558/] This will install the package applying the patch to all instances on the server. You may or may not need to reboot in between patches. Next, move to the workstation. I have a workstation running Windows 8 x64 with SQL Management Studio 2012 SP1. Open Management Studio and go to View -> Registered Servers. Add the two instances under Local Server Groups. Next, run PowerShell as Administrator on the Workstation. Run “sqlps” or [crayon-5200c71bd19f7729270153-i/] to import the SQL PowerShell module. Validate the previous server registration by executing [crayon-5200c71bd1a00457629451-i/] , and running [crayon-5200c71bd1a08657140847-i/] . Both servers should appear here. The next step is to connect to each server, which can be done by executing [crayon-5200c71bd1a10549591693-i/] . For each SQL Server, the next step is to enable AlwaysOn and create the HADR Endpoint. Both cmdlets have a few options, so review them prior to execution. Note that when enabling AlwaysOn, the Database Engine service must be restarted, which the -Force switch does (or should do, it didn’t work in my case). [crayon-5200c71bd1a19086150981/] Next, create the Availability Replicas (in memory), create the Availability Group with the Primary server specified, and finally Join the secondary server to the Availability Group. Again, these cmdlets have a lot of options, so it is best to review them so the setup fits your environment. [crayon-5200c71bd1a22055318608/] After this, via Management Studio, you should now be able to review the Availability Group status. In my case, I had a critical error which was due to my HADR endpoint being in a stopped state, preventing the secondary replica from connecting to the primary. To resolve this, I ran the following T-SQL: [crayon-5200c71bd1a2d355367795/] Once this completed, the secondary replica joined automatically. Note it is normal to have warnings as there are no synchronized databases at this point. The final step to create the Availability Group is to create the Listener, which can be done with the following cmdlet: [crayon-5200c71bd1a36754872419/] And now you have two complete SQL Servers, ready to have SharePoint databases added to the Aavailabity Group! Make sure to test failover to validate functionality. Do not forget the following resources with regards to supportability of SharePoint databases on an Availability Group. Supported high availability and disaster recovery options for SharePoint databases (SharePoint 2013) Configure SQL Server 2012 AlwaysOn Availability Groups for SharePoint 2013
In certain cases you may not want Site Collection Administrators or otherwise delegated users to use a certain type of Web template. This can be achieved using 3rd party tools quite easily, or if Publishing is turned on at the Site Collection level. However, in some cases neither of these options are available. In this case, we can do it with PowerShell. You will need your LCID (Language ID), in this case, 1033, or English. [crayon-5200c71bcebfc099101981/] To add a template back into the list, run: [crayon-5200c71bcec13898210038/] The change will appear when a user attempts to create a new Web of the selected Web.
Update on the change of the SPJobLockType between 2010 and 2013, the SPJobLockType was changed from None to Job due to a specific issue where documents may have been duplicated when there is more than one server processing Incoming Email using MX load balancing. However, Microsoft plans to fix a release for the duplication of documents issue and revert the SharePoint 2013 SPJobLockType back to None in the December 2013 Cumulative Update. This should restore the ability to use MX load balancing in SharePoint 2013.
The August 2013 Cumulative Update for SharePoint 2010 has been released. If you have installed Service Pack 2 for SharePoint 2010, this will be the first Cumulative Update you can upgrade to. SharePoint Foundation: http://support.microsoft.com/kb/2817594 SharePoint Server 2010: http://support.microsoft.com/kb/2817570 Project Server 2010: http://support.microsoft.com/kb/2817573 Office 2010 August 2013 Cumulative Updates: http://support.microsoft.com/kb/2869757
SharePoint Foundation: http://support.microsoft.com/kb/2817517 SharePoint Server 2013: http://support.microsoft.com/kb/2817616 Project Server 2013: http://support.microsoft.com/kb/2817615 Office Web Apps 2013: http://support.microsoft.com/kb/2817521 Office 2013 August 2013 Cumulative Updates: http://support.microsoft.com/kb/2873346
If you have an MSDN account, the SharePoint Server, FAST Server, Project Server, and Office Web Apps with Service Pack 2 ISOs have been released. These ISOs will allow you to install SharePoint on Windows Server 2012.
Analogies are essential to explaining SharePoint, especially to non-technical users. I’ve always expressed that “SharePoint is a platform”, but what does a platform mean, and why would an end user care about “a platform” (after all, they typically interact with only a few bits of it)? After all of these years, Microsoft has finally attempted to reach out to the business community and end user (without having to involve IT with the Productivity Hub) via www.discoversharepoint.com. Here is an analogy to explain Web Applications, Site Collections, and Webs: The Web Application is the apartment building with one or more floors. The Site Collection is the (secure) floor with one or more apartments. The Web is the apartment. Going further… A Library is like a bookshelf in the apartment. A List is like an organizational container in the apartment. Expand from here! What are your analogies for end users and executive management?
If you, or your company, loves SharePoint Foundation, this project is for you! I have updated the Nauplius.SP.UserSync project with various bug fixes, ULS logging, and best of all, SharePoint Foundation 2013 support! This solution consists of a timer job that updates the User Information List of each Site Collection from Active Directory on a nightly basis. The downloads are available from the Nauplius.SP.UserSync releases page.
A new version of the AD LDS provider has been released for SharePoint 2010 and 2013. This release includes numerous bug fixes. Uninstall the previous version and restart. Install the new version and restart a second time. This is to prevent a cached copy of the DLL from being used, as well as making sure all processes pick up the new DLL. Both the SharePoint 2010 and 2013 versions can be downloaded from the SharePoint ADLDS Releases page.
If you happen to be in the Redmond, WA area on September 21st, come to SharePoint Saturday Redmond! I will have two ‘lightning’ sessions and will be introducing the SharePoint Connector for Forefront Identity Manager (now in Release Candidate status) as well as leveraging the IIS Application Routing Request module with SharePoint, both topics I’ve detailed here on this blog. It should be a lot of fun, come join us! If you do happen to be local and would also like to volunteer at SPS Red, I’m looking for about 10 people to help out at the event with various assignments. Please contact me via the contact form if you’re interested in volunteering. We need people to handle registration, sponsor setup and tear down, as well as room monitors. You can get your free tickets for SPS Red from the spsevents.org site.
With Excel Power Query, you can query SharePoint List data quickly and easily, as well as a variety of other types of data sources. However, when we do this, only SharePoint Lists appear! This is not helpful if, for instance, you have property promotion from an InfoPath form into a Document Library that you want to query. To work around this, we simply need to show the Formula Bar, which can be found in the Query Editor window under Settings. Next, edit the query to show all Contents of the SharePoint site. Once we change =SharePoint.Tables(“http://url”) to =SharePoint.Contents(“http://url”), click the Refresh button and all Document Libraries will appear! The other valid value for the SharePoint query type is =SharePoint.Files(“http://url”). With this type, all uploaded files on the SharePoint site will be displayed. There is a 4th query type, SharePoint.Count, which is ignored in the Power Query assemblies.
I’m not even qualified to talk about the MCM/MCSM/MCA program itself, or what may have lead to the death of it. What I can do is talk about is the direction Microsoft wants us to go in, and what I see around the community. Devices, Services, and Clouds Oh My! Microsoft has been told by its board to become a “Devices and Services” company. I use devices, absolutely. Services? Sure! I’ve been using Exchange Online since the BPOS days. And this blog runs on Azure. Do I use either Microsoft “devices” or “services” at my place of employment? No. We have numerous farm solutions, admin-approved InfoPath forms, and do all sorts of interesting things with SharePoint that prevents a move to SharePoint Online. At the last SharePoint Conference and elsewhere, it was “cloud” this and “cloud that”. But Microsoft cannot forget it’s on-prem customers. Quoting from Microsoft, there is about a 70% on-prem deployment of SharePoint today and SharePoint is over a $1 billion USD application. We’re the customers that made Microsoft into the software giant it is today, and continue to pump billions of dollars into Microsoft on an annual basis. I don’t want a subscription to be provided the opportunity to return to the glory days of SharePoint as a file server. I want to continue with the evolution of SharePoint as a Platform (SaaP!). TechNet Time Bomb First, we have the loss of TechNet. I’ve personally had a long standing MSDN subscription through my employer, so this doesn’t directly impact me. The alternative Microsoft wants people to use in place of a TechNet subscription is the 180 day time bombs or Azure trials. What about environments that must mirror production for solution deployment? Those can’t be rebuilt every 180 days. I have maintained such an environment which works through the entire lifecycle of the software as it exists in production. MSDN subscriptions are the obvious replacement, but when you go from a ~$300/year subscription to a minimum of $6,119, that just isn’t acceptable. Lower subscription levels of the MSDN subscription don’t offer equivalent software, such as Dynamics CRM, Exchange Server, SharePoint Server. But even then, the minimum subscription level is $699 for MSDN which only provides you with Operating Systems. I get that TechNet has been fraught with abuse, from people using it for personal installations, to selling the keys. MSDN, being more expensive, is less likely to have that happen. But you’re taking a highly valuable IT Pro resource and telling them to buy a much more expensive Dev resource or use time bomb/trial software. Or get on the “cloud” bandwagon, where none of this software is required. Then again, much of the time the “cloud” isn’t applicable to the IT Pro who needed the TechNet subscription. Certifiably Dead Now, we have the death of the MCM/MCSM/MCA programs with a poorly timed, poorly worded email. While Microsoft certifications of any sort are great, I knew my fair share of “paper” MCSEs that earned them in the NT4 days, and to be honest, the MCITP for SharePoint Administration wasn’t all that difficult (went in without studying, and passed both in the same week). However, I do believe the MCM program has offered value. They have a very deep understanding of the product, one that can’t just be had by walking into Prometric and sitting down for 30 minutes to pass a test. With weeks of in-person training (only near the end of the program dropping that requirement) and grueling labs, you must know the product inside and out to have a chance to pass the MCM program. I hope Microsoft Learning, and Microsoft as a whole understands that on-prem still has a long life to live. There is value in Microsoft’s MCM/MCA program, through reducing cost to Microsoft for support (PSS) as well as increased sales of the product. Microsoft, MCMs and MCAs are to your benefit. Bring them back or show us the path forward to a replacement program that pulls the current MCMs and MCAs into it. As much as I respect people who take the time to pass “standard” certifications, there are simply too many brain dumps out there which generates useless paper certifications. The MCM program provided us with specific individuals who know the product, and who we can get very accurate and detailed information from. With all of these types of changes, Microsoft needs to have a clear, unmuddied message of what they expect from us, the community, moving forward. We also need to hear that clear message in order to understand what lies ahead. Instead, in many cases we’ve been getting silence, the “marketing pitch” (Yammer), or poorly worded, easily disputed communications. Microsoft, help us to help understand you.
SharePoint 2010, and after a revision, SharePoint 2013 support stretched farms. Microsoft terms a ‘stretched’ farm by being a farm not contained within the same data center. There are some serious limitations on the performance of stretched farms, primarily with [network latency] distance and network speed. I would not recommend implementing a stretched farm. It requires careful planning between the SharePoint Admin and network admin (and possibly teleco). It may also require some fairly expensive equipment for proper implementation. Microsoft also does not recommend this, but will support it. Stretched farms require <= 1 ms one-way response time over an average of 10 minutes, and 1Gbps connectivity between the SharePoint servers and SQL Server(s). This is primarily due to certain service applications, e.g. the User Profile Service, not using the proxy to make calls to SQL Servers. Now, if you live in a vacuum and your network equipment introduces absolutely no latency, your maximum stretched farm distance is 186.3 miles, or 299.8 km. From personal experience, I haven’t seen an even moderate distance WAN (MPLS) provide 1ms latency over a period of 10 minutes. If the goal is content replication, look into 3rd party products like Metalogix Replicator or AvePoint Replicator (at least I’m not alone in lacking the ability to come up with marketing-based naming). With the Metalogix product, it replicates the content, but nothing below, for example Web Application, Farm settings, or Farm solutions so you will need to maintain those manually. As always, test, test, test, and avoid stretched farms.
EDIT: 9/19 – this is a known issue and will be resolved in the Office 2010 client December 2013 updates. If you have a custom content type with a multi-line site column added to it, and the client has Word 2010 SP1 or SP2 with KB2760758 installed, attempting to save the document will yield an error: If you only enter a single line of text in the multi-line document property, the save will succeed. Uninstallation of KB2760758 should also work. To validate which version of MSO.DLL is installed, look at C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL. If the file version is 14.0.7106.5001, the issue is present. Earlier versions, such as the SP2 MSO.DLL, 14.0.7015.1000, do not have this issue.
More Pages to Explore .....