I’ve been working with a client this week getting Kerberos working on their SharePoint farm. As you would expect I spent most of my time working out what SPN’s needed to be created. I created a simple little tool that will help you sort out the basic SPN’s: SharePoint Kerberos SPN Creation Tool 
The idea is that you enter the details about your farm and the tool will generate the SPN’s that you need to create (you can copy / paste from this site into your console window). The client I was working with had a much more complex farm that included reporting services, analysis services and proxy servers that all needed SPN’s, this tool doesn’t cover those types of farms, but it will help you get the base portal services up and running, then you can work out what SPN’s to create in order to get the rest of the services functioning. Don’t forget that you’ll also need to set up delegation for each of the accounts. By far the best SharePoint Kerberos reference is: http://blogs.msdn.com/martinkearn/archive/2007/04/23/configuring-kerberos-for-sharepoint-2007-part-1-base-configuration-for-sharepoint.aspx
This week I ran into an interesting problem. When adding a workflow to a content type we saw the following error: Unable to validate data. at System.Web.Configuration.MachineKeySection.GetDecodedData(Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Int32& dataLength) at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) I did the normal thing at searched on Google, only to find this KB (http://support.microsoft.com/kb/928028) which describes the error message, it gives the solution as ensuring that SharePoint is installed with the same path on each of the server. This seemed odd, since all our servers have a standard build. The error message indicated that the view state has been modified between postbacks, so it was back to the drawing board looking for a solution that involved some change that could possibly have some effect on the view state. After talking with the designer it turned out that he had made some changes to the application.master page. We replaced the altered file with a backed up version of the application.master and sure enough the workflow could be added without any issues. After a bit more experimentation it turned out that the problem was with this: <SharePoint:DelegateControl ID="MyDelegateControl" runat="server" controlId="SmallSearchInputBox" /> It seems that the small search box alters the view state in some way to cause it not to validate on postback. Hopefully this will save someone else the hassle of this error.
I’ve been setting up Kerberos for a client that is using Windows Server 2008, I’ve found the following: Since Windows Server 2008 uses http.sys which is a kernel mode driver designed to intercept web requests at the kernel level (thus improving performance) it required a little more configuration. By default http.sys will handle the authentication request using the local system account not the application pool account, this will cause problems if you want to use Kerberos. The solution is the following: In the application.host file (located at: <system drive>/windows/System32/inetsrv/applicationHost.config ) Find the following xml fragment: <configuration><system.webServer><security><authentication> Change the windows authentication node: <windowsAuthentication enabled=”true” useKernelMode=”true” useAppPoolCredentials=”true”/> This just tells the http.sys kernel module to use the application pool credentials. Enable Kerberos logging: Run regedit: Find: HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlSet / LSA / Kerberos / Parameters Add a new DWORD entry named: LogLevel and set it’s value to 1. On windows server 2008 this will take effect immediately. Now that logging has been turned on, you might want to reference the Common Kerberos Error Codes: http://support.microsoft.com/kb/230476 These error messages will show up in the System Tab of the Event Viewer. Of course there are a few more steps involved in setting up Kerberos, but hopefully this will help with the windows server 2008 specific problems.
I was recently asked a question around this scenario: If you log into a SharePoint Portal by using the ‘Sign in as Different User Button’ as User2 it works fine, however when you click on the ‘MySite’ link it will show the MySite of User1 not User2 as you would expect. 
I should also point out that the MySite and Portal are running in separate web applications (this should give away the answer). So what is happening here is that when you click on the MySite link, this web applications asks the browser for the users authentication details, since it is a different URL (i.e. because its running in a separate web application, it will be a subdomain or even a different domain name) the browser will forward the logged in users credentials i.e. User1 (provided that it is in the local intranet zone), the browser will not keep User2’s credentials and will not forward them on. So the end effect is the scenario described above which may seem odd to the end user. The only way to get around this is to user the ‘RunAs’ command from windows and run the browser process as User2. What we’ve normally found is that the ‘Sign in as Different User’ option is normally only used by power users, these people will generally understand the problem if you explain it to them.
Just a quick note to point out the following link: http://www.visifire.com/ They provide open source Silverlight and WPF charts:  
Worth remembering next time you want to add a rich chart to your applications
A couple of random tips for using lists inside of SharePoint: - Make use of the RSS features of Lists – Each document library publishes an RSS feed which really provides the user with a wealth of options, there is no site collection limits on how that feed is consumed, so it’s possible to use in their MySites etc. If you have Kerberos setup correctly it is possible that other systems can make use of the feed. RSS is a good option to supplement the alerts that a list can send, often users won’t want their email cluttered with alerts.
- Alerts – Granularity is the key to successful alerts, a user can be alerted when a specific view of a list changes. This can make the alert more useful to the end user, we don’t want to spam them.
- Folder Level Permissions beware – The ability to create folder-level and document level security permissions can really cause some headaches for new users and administrators. The feature is really powerful, but can also create complex problems that can be hard to solve. There has been lots of discussion around the need for folders in a document library, I think there is value to be gained from them personally.
- Picture Libraries – It should be noted that the picture libraries have limited support for thumbnail view, it’s not a major limitation but it’s likely to come up in discussions / training with new users.
I was asked recently if the BDC search results (when indexed by the search) can be controlled by an access list. The answer is that yes, the Security trimmer is the SharePoint feature to accomplish this. In fact any search result can be trimmed, so if you wanted to index some website that used custom permissions (i.e. a content access account that has full rights to a website) but you didn’t want to show that information to say public users of your site, this same security trimmer functionally can be used. The important things to note are: - The security trimmer is attached to a crawl rule
- The security trimmer is a class that implements the ISecurityTrimmer interface, the registration process defines the full assembly name, as such it must be loaded into the GAC.
- After the security trimmer is registered, you will need to recreate the content source and perform a full crawl
- Performance might be an issue, since every search result will be access checked, if your looking for insight on how to approach this refer to this MSDN article
With little effort you can make your site a little more search friendly, it’s possible to embed some xml into your site which your browser can use in its search box. Most modern browsers support OpenSearch, which is what this xml fragment is using. The first step is to create the following xml, but replace the bits that are specific to your site: 1: <?xml version="1.0" encoding="UTF-8"?> 2: <OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/"> 3: <ShortName>SharePoint Search</ShortName> 4: <Description>Search for SharePoint</Description> 5: <Url type="text/html" method="get" template="http://YourSite/SearchCenter/results.aspx?k={searchTerms}"/> 6: <Image width="16" height="16">http://YourSite/favicon.png</Image> 7: <InputEncoding>UTF-8</InputEncoding> 8: <SearchForm>http://YourSite/SearchCenter/</SearchForm> 9: </OpenSearchDescription>
In the master page, you will need to refer to this xml file:
1: <link rel="search" type="application/opensearchdescription+xml" href="/Style%20Library/OpenSearch.xml" title="SharePoint Search">
Finally you can drop down the search provider box in your browser to select your new search provider, there is no need to browse to the search centre again.
Little things like this can help entrench searching as the primary navigation method in an organisation.
So last week I rebuild my work laptop, previously it was running Windows XP with 2GB of RAM. These days I’m almost always running a virtual machine running some form of SharePoint and I would constantly get frustrated with the performance of my laptop. I did some pricing and found that 4GB of laptop RAM was around $110, I was shocked, so I headed down to the shop to pick it up. I knew that if I continued using a 32 bit OS that I wouldn’t be able to take full advantage of all the RAM. 
So my next step was to upgrade to 64 bit Vista, I grabbed my MSDN disk with Vista x64 SP1 and installed, I wasn’t to sure how it would go installing all of the 64 bit drivers for my Dell Latitude D630, but it turns out that Dell has great support for 64 bit, I downloaded them all and had a fully functional system in no time. As anyone who knows me will tell you that I’m a huge Vista fan, I really missed having all the cool Vista features on my work laptop, it really does feel to me that I’m more productive on a Vista machine. So now a week later I wish I had upgraded sooner, I can now run two virtual machines both with 1GB of RAM allocated to them, but best of all I can swap between applications very smoothly. Just for giggles this is what I see now: 
You may have noticed in your coding adventures that some column names have had the spaces replaced with _x0020_. To understand why this is happening a little background is needed, a site column has two types of ID’s, the first is a unique name and the second is a unique ID. The ID is a GUID, however the unique name has two parts, the internal name and the display name, it is the internal name that has it’s space characters replaced with the hex value of the HTML space character: %20. Now that you know why this happens, the way to prevent the _x0020_ characters using the web UI is to firstly create the column without any spaces (this will create the ID and the unique name), then after it has been created, you can go back and rename it (this will just updated the display name).
By default SQL Server will auto grow your databases by 1 MB for your data file and 10% for your log files. There have been numerous discussions about the usefulness of this default value, but at the end of the day you should really understand how this will effect your database. In the world of SharePoint it’s common for users to upload multiple mega-byte files, which will be stored in the content database and would cause the database file to grow and could potentially cause performance issues. Another SharePoint scenario that needs consideration is the SSP databases, the indexing of content performs a large number of write operations of the metadata associated with the crawled content. It might be wise to monitor the performance of these databases to determine if changing the auto growth rate would help. 
If you came to the conclusion that you did want to change the default options for all new databases, then you can simply change the default values of the model database, you can do this by right clicking on the model database and selecting the button next to the file you wish to change: 
Like all performance related tips, it’s best if you conduct some of your own analysis.
Scott Hanselman recently posted about the IIS 7 Rewrite module and how easy it is to setup and use, he covers the topic extensively, I just wanted to point out that this tool will also work with SharePoint. I was recently in a position where the marketing guys had decided that the URL should be the promotion name of the marketing campaign, but it was both impractical and impossible (the URL had to point to a survey) to create a page in SharePoint that would suit their needs. Since the site was running IIS 7 we used the IIS 7 Rewrite module. For example: Say the requested URL was: http://server/marketing/promo/ But we needed to post to: http://server/Lists/Marketing Survey 1/overview.aspx The first step after installing the rewrite module is to create a ‘Rule with rewrite map’: 
Then choose the rule action type, in this case it is a rewrite action, give it a meaningful name: 
Then add the mapping (right click in the panel that gets opened after the last step), the Original value is the URL you want your users to navigate to: 
That’s it your done, now you can browse to your URL and your users will end up in the correct location: 
By default SharePoint will create a content source called ‘Local Office SharePoint Server sites’ such as: 
This will contain the starting addresses of all the sites on your SharePoint server such as: 
Notice how it also includes the sps3://, this is the indexing of your user profiles. My tip is to remove the sps3:// link from the default content source and add it as a new content source on it’s own. The reasons why I think this is helpful: - By default you need to crawl all your other content just to update your user profile information.
- You can schedule your profile crawls at a time that suits your active directory imports
In any case it’s worth considering breaking the profile crawl into it’s own content source.
|