#spsPhilly #Blunders

Philly

SharePoint 2010Tips & Tricks of the TradeAvoiding Administrator Blunders

Scott Hoag and Dan Usher

#spsPhilly #Blunders Philly

Thanks To Our Sponsors!

#spsPhilly #Blunders Philly

SharePoint User Group

SharePoint?End UsersAdministratorsArchitectsDevelopersIT Pros

Meetings?2nd Tuesday of the month, Microsoft Malvern, 5:30-8PM

Contact?www.TriStateSharePoint.orginfo@TriStatePoint.org@tristateSP

#spsPhilly #Blunders Philly

SharePoint NetworkAre you an independent consultant or remote worker who deals with SharePoint, Office or Office365? Do you sometimes feel cut off from the rest of the SharePoint world?Do you need help with technical or business issues, or just want the chance to socialize with others?

If so, then the SharePoint Network might be for you!www.SharePointNetwork.org

#spsPhilly #Blunders Philly

who am I?

Infrastructure Consultant with Applied Information Sciences8 years of experience with the SharePoint platform from MCMS 2002 through 2013 todayA lowly developer…They let me build things…

#spsPhilly #Blunders Philly

who’s that other guy?Lead Associate at Booz Allen HamiltonInfrastructure and Systems ArchitectStarted off with HP Unix and Cisco IOSCame to the SharePoint Darkside as a server administrator…

(they had cookies… persistent cookies)Enjoys discussions about Drumming Rudiments, the Big Bang Theory and Radio Lab

“All Day I Dream About SharePoint”

DanUsher

usher

#spsPhilly #Blunders Philly

about you

#spsPhilly #Blunders Philly

rules of the road

Phones silenced, phasers set to stun

Ask questions

#spsPhilly #Blunders Philly

#spsPhilly #Blunders

Philly

basic administrative blunders

#spsPhilly #Blunders Philly

creating orphans

IIS reset solves all qualmsor so we’d like to think…

During backup of a site collectionThe backup is now invalid

During a restore of a site collectionThe restore will have portions of the site collection and associated webs restored (maybe)

Two kinds of orphansContent DatabaseConfiguration Database / Site Map

#spsPhilly #Blunders Philly

permissions management

Removing groups with Full ControlRemoving yourself from groups that have Full ControlCreating new sites and groups instead of Permission Levels

Permissions…

Permissions!

Permissions!Permissions!Permissions!

#spsPhilly #Blunders Philly

publish and approvepublish

I updated myMaster PagePage LayoutStyle Sheetor a number of other assets

And no one can see my changes!

#spsPhilly #Blunders Philly

the recycle bin

The common misconceptionsThe (cold) truth

“Regardless of whether or not an item is sent to the users' Recycle Bin or to the Site Collection Recycle Bin, items are deleted automatically after the number of days that the server administrator specified in Central Administration.”

Manage the Recycle Bin of a site (Office.com)

#spsPhilly #Blunders Philly

testing workflows as a deity

Declarative Workflows set to start when an item is created or changed will not execute when logged in as the System Account.Pro Tip: Email-enabled lists will not auto start workflows either, unless…

declarativeworkflowautostartonemailenabled (Property Reference)

> stsadm –o setproperty –pn declarativeworkflowautostartonemailenabled –pv true

#spsPhilly #Blunders Philly

deleting the wrong item

I see a hidden Forms folder when using Explorer View. I think I should delete some things in it!

#spsPhilly #Blunders Philly

web part fun…

The page is loading slowThe page web part gallery is confusingThe page is still loading slow

Closed web parts still load…

#spsPhilly #Blunders

Philly

server blunders

#spsPhilly #Blunders Philly

tune your analytics

By default, you get 25 months(!!) of analytics dataMicrosoft’s guidance for capacity planning in regards to web analytics isn’t pretty.

Dataset Characteristics Value

SharePoint components 30k

Unique users 117k

Unique queries 68k

Unique assets 500k

Reporting DB data size? 200GB per day

Capacity requirements for the Web Analytics Shared Service in SharePoint Server 2010

73TB per year511TB for 7 years

#spsPhilly #Blunders Philly

permissive file handling

Users are being prompted to download PDFsEnable permissive file handling for all files in Web Application in Central AdministrationSet specific mime types for a Web Application

> $webApp = Get-SPWebApplication("http://intranet.contoso.com")> $webApp.AllowedInlineDownloadMimeTypes.Add("application/pdf")> $webApp.Update()

#spsPhilly #Blunders Philly

running in circles

You’re browsing your site from the server. Or you’re trying to get search to work. Or you’re trying to get a web service to work. Or you just want anything to work….HTTP 401.1 - Unauthorized: Logon Failed and you’ve got a FQDN on your siteKB896861 offers several options

DisableLoopbackCheck or BackConnectionHostNames

DisableLoopbackCheck & SharePoint: What every admin and developer should know

#spsPhilly #Blunders Philly

pausing IIS

Bring up your SharePoint Products Configuration Wizard on the second screenChecking IIS to see your web applications temporarily paused

#spsPhilly #Blunders Philly

lost passphrases

Passphrase is no longer known

Managed accounts and auto-password resetsDocument your farm

TechNetCodePlex

> $passphrase = ConvertTo-SecureString -asPlainText -Force> Set-SPPassPhrase -PassPhrase $passphrase -Confirm

#spsPhilly #Blunders Philly

certificate revocation list

Slow (up to 60 seconds) execution of stsadm and Application Pool recycles

Enable outbound internet access to crl.microsoft.comHOSTS file redirectSet the State registry key for all users who will run a shell or application pool

Edit the machine.config for each server in your farm

<psuedocode>if (!server.HasInternetConnectivity()) {

server.DisableCRLCheck();}

</psuedocode>

Certificate Revocation List Check and SharePoint 2010 without an Internet Connection

SOFTWARE\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

#spsPhilly #Blunders

Philly

installing SharePoint

#spsPhilly #Blunders Philly

hardware and software requirements

Under-sizing the infrastructureVirtualizing on oversubscribed hardwareAttempting to use an IaaS cloud providerUnderestimating storage and IOPS requirements

#spsPhilly #Blunders Philly

not enough service accounts

Excuses, excuses…We only need a Farm accountManaging passwords is hardWe don’t need our search to workThere’s a cookie on my Wookie!

#spsPhilly #Blunders Philly

primary service accountsAccount Purpose Requirements

SQL Server Runs SQL Server • Domain user account• No rights in SharePoint

Setup Account Installs the bits and performs initial configuration

• Domain user account• Member of Local Admins on each

server in the farm• securityadmin and dbcreator on

SQL instance

Farm Account Used for configuring and managing the farm and runs primary services (e.g. SPTimerV4)

• Domain account• Additional rights are

automatically granted as part of installation (both server and SQL)

#spsPhilly #Blunders Philly

other service accountsAccount Purpose Requirements

MySites Application Pool

Worker process identity for MySites

• Domain user account• Managed account

Content Application Pool

Worker process identity for Content web applications

• Domain user account• Managed account

Services Application Pool

Worker process identity for Service Application Pools

• Domain account• Managed account

Search Service Process

Process identity for SharePoint Foundation (Help) search service and SharePoint Search service

• Domain account• Managed account

Search Service Default Content Access

Used to crawl content specified in content sources

• Domain account

User Profile Import Account

Account used to import (and optionally export) user data from an identity store

• Domain account• Replicate Directory Changes in

AD

#spsPhilly #Blunders Philly

still more service accountsAccount Purpose Requirements

Object Cache Super User

Processes items in the object cache of a web application

• Domain user account• Managed account• Full Control User Policy on target

web application(s)

Object Cache Super Reader

Processes items in the object cache of a web application

• Domain user account• Managed account• Full Read User Policy on target

web application(s)

#spsPhilly #Blunders Philly

running the farm configuration wizard

Don’t do it.Really, don’t do it. Your GUIDs will thank you!

#spsPhilly #Blunders Philly

sql foibles

Not having a part time DBANot having a maintenance plan in placeNot having dedicated spindles for performanceNot using a domain account for your SQL server serviceSetting up a lot content databases in a mirrored environmentUsing Full Recovery when you don’t need toNot setting auto growth properlySetting quotas larger than disk sizeNot setting Max Degree of Parallelism properly in SP2013Modifying the stored procedures

#spsPhilly #Blunders

Philly

configuring SharePoint

#spsPhilly #Blunders Philly

sandboxed solutions…“The sandboxed code execution request was refused because the Sandboxed Code Host Service was too busy to handle the request”

Your ports are blocked internally (TCP 32846)The UserCode Solutions service isn’t runningGPO Policy

RPC Endpoint Mapper Client AuthenticationRestrictions for Unauthenticated RPC clients

Registry Key Exists

Value set incorrectly for CRL checkHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC

HKEY_USERS\AccountSID\SOFTWARE\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\SoftwarePublishing

#spsPhilly #Blunders Philly

managing managed paths

Don’t create managed paths for URIs that already exist!Both sites exist, but only 1 is accessible

Take care created managed paths with managed codeThere are limits

20 managed paths per web application

#spsPhilly #Blunders Philly

trim your (audit) logs

MOSS 2007 audit trimming does not occur automatically

> stsadm -o trimauditlog –date 20120502 –databasename SP2010_Content_FEDSPUG

#spsPhilly #Blunders Philly

trim your (audit) logs

SharePoint 2010 works a little better

#spsPhilly #Blunders Philly

setting up Kerberos

Not reading the documentationNot knowing how to use ADSIEdit or setspnNot realizing that Kerberos usually dies at the boundaryNot understanding the Claims to Windows Token Service

Configuring Kerberos Authentication for Microsoft SharePoint 2010 Products

#spsPhilly #Blunders Philly

questions

#spsPhilly #Blunders Philly

find us

Scott HoagTwitter: @ciphertxtEmail: scott.hoag@appliedis.comWeb: http://psconfig.com

Dan UsherTwitter: @usherEmail: usher_daniel@bah.comWeb: http://www.spdan.com