03 April, 2009

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms‏

After you upgrade from Microsoft ASP.NET 1.1 to Microsoft ASP.NET 2.0, some ASP.NET-based applications may not function correctly. Additionally, when you access ASP.NET Web pages that have ViewState enabled, you may receive the following error message:
[InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.]


This problem occurs when the following conditions are true:
-The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy registry subkey is set to 1.
-ASP.NET 2.0 uses the RijndaelManaged implementation of the AES algorithm when it processes view state data. The ReindaelManaged implementation has not been certified by the National Institute of Standards and Technology (NIST) as compliant with the Federal Information Processing Standard (FIPS). Therefore, the AES algorithm is not part of the Windows Platform FIPS validated cryptographic algorithms.
Resolution:-
http://support.microsoft.com/kb/911722

Note:-Please follow each step carefully within this document and the issue will be definately resolved.

I hope the above document helps you to overcome the above mentioned error message. Thanks!

Move the SharePoint data from c:\ drive to d:\ drive

=Opened Central administration page and checked for no of web applications & system account (administrator) which is used for those web applications.

=Stopped all SharePoint related IIS web sites

=The following Services had set to Manual:
-Windows SharePoint Services Administration
-Windows SharePoint Services Timer
-Windows SharePoint Services Search
-Windows SharePoint Services Tracing
-Office Document Conversions Launcher Service
-Office Document Conversions Load Balancer Service
-Office SharePoint Server Search
-Indexing services
-IIS Admin Service

= Opened SQL Server Management Studio
= Expanded the Databases section
= For each SharePoint database we need to move, we must perform the following:
-Right clicked on the database
-Clicked on Properties
- Selected Files from the left hand pane
-Make note of the Path
-Clicked on Cancel
-Right clicked again on the database
-Selected Tasks -> Detach..
-Clicked the checkbox for Drop Connections. By default, the checkbox for keep Full Text Catalogs should be checked. Make sure that is true.
-Clicked OK
-For each additional database we need to move, perform the detach method for each
= Once we have detached all the databases, opened a Explorer window, and browse to the database location that was noted in the Properties task
= Selected the databases to be moved
= Right clicked, and selected Copy
= Browse to the new location for the databases
= Right clicked, and selected paste
= Go back to SQL Server Management Studio
= Right clicked on Database and selected Attach
= Clicked on Add..
= Browse to the new location for the databases and selected a database
= We have added each database one at a time
= reset all the services you set to manual in Step 2 to Automatic and started services.
= Turned on all IIS websites that we have stopped
= Browse to your central administration site; we were able to browse all sites correctly.
I hope the above steps will helps you to move your sharePoint databases from one drive to another drive. Thanks!

Moving documents between document libraries in MOSS 2007

There are several ways to move documents between SharePoint document libraries and one of the simplest ways to do this is to use the explorer view.
Here's a step by step reference on how to use the explorer view feature to migrate documents between document libraries.

Open the source and destination document libraries in two separate Internet Explorer windows.
Now select the explorer view

Now copy the source file by simply right clicking the mouse and selecting copy, then paste the file in the destination document library. It's important to remember that when you move documents between document libraries you lose the document version history.

Some users may experience an annoying popup when copying and pasting.

The way to turn this off is to make a change to the client's Internet Explorer:
-Open Internet Explorer
-Click "Tools", then "Internet Options"
-Select the "Security" tab
-Choose the appropriate zone
-Click the "Custom level" button
-Select "Enable" for the "launching programs and files in the IFRAME" option
-Click the "OK" button
-Click "Yes" when prompted to change the settings
-click the "OK" button
-Restart IE.

If you have any queries/questions regarding the above mentioned information then please let me know.
I would be more than happy to help you as well as resolves your issues, Thank you

02 April, 2009

Microsoft Office SharePoint Server (MOSS 2007) Versions

How do you find out what version of SharePoint you are running?

The first approach is to open a web browser and got to the site settings page (Site Actions > Site Settings > Modify All Settings).

The second approach is against the databases. Open SQL Server Management Studio, Connect to the server, new query, run the following:
SELECT [VersionId]
,[Version]
,[Id]
,[UserName]
,[TimeStamp]
,[FinalizeTimeStamp]
,[Mode]
,[ModeStack]
,[Updates]
,[Notes]
FROM [SharePoint_Config].[dbo].[Versions]
WHERE VersionId = '00000000-0000-0000-0000-000000000000'
ORDER BY Id DESC
This returns :-





The top row is the latest version. The query is performed on the SharePoint Configuration database. If you have called this database something instead of "SharePoint_Config" change the query to reflect this.
You can also look at the versions for Content Databases, by changing the database name. For example: FROM WSS_Content_MySites.[dbo].[Versions]

WSS SP1:- Download

MOSS SP1:- Download

MOSS 2007 post SP1 hotfix KB941422

MOSS 2007 post SP1 hotfix KB941274

MOSS 2007 post SP1 hotfix KB948945

MOSS 2007 Infrastructure Update KB951695 & KB951297

MOSS 2007 Cumulative update KB956056 & KB956057







31 March, 2009

Uninstalling Windows SharePoint Services 2.0

There are different degrees to which you can uninstall Microsoft Windows SharePoint Services. Depending on your needs, you can choose from the following options:

-Remove Windows SharePoint Services from a virtual server and preserve the site content.
You can choose to remove Windows SharePoint Services, but keep the site content in the content databases. This allows you to extend the virtual server again later and reconnect to the site content. If you leave the content databases intact, you can reconnect to them, from the same virtual server or from a different virtual server, and continue hosting the site content using the same Uniform Resource Locator (URL). Use this method to temporarily remove and then restore a virtual server, or to change which virtual servers are hosting which content in a server farm setting.

-Remove Windows SharePoint Services from a virtual server and delete the site content.
You can choose to remove Windows SharePoint Services and delete the site content in the database. Use this method to remove a virtual server permanently, but continue using Windows SharePoint Services on other virtual servers. For example, use this method if you are finished with a project and no longer need the associated Web sites.

-Uninstall Windows SharePoint Services completely from a server.
You can choose to uninstall Windows SharePoint Services by using the Add/Remove Programs control panel. This method does not delete site content. You can reinstall and reconnect to the site content. Use this method to repair an installation or to remove a Web front-end server from a server farm.

Removing from a Virtual Server by Using HTML Administration
To remove Windows SharePoint Services from a virtual server by using HTML Administration, you use the Remove Windows SharePoint Services from Virtual Server page.

Remove from a virtual server
-Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint -Central Administration.
-On the Central Administration page, under Virtual Server Configuration, click Configure virtual server settings.
-On the Virtual Server List page, select the virtual server you want to configure.
-On the Virtual Server Settings page, under Virtual Server Management, click Remove Windows SharePoint Services from Virtual Server.
-On the Remove Windows SharePoint Services from Virtual Server page, select one of the following:
-Remove without deleting content databases
This removes only the Windows SharePoint Services folders from the virtual server — the content database remains intact, so you can reconnect to it later using the same virtual server or a different one.
-Remove and delete content databases
This both removes the Windows SharePoint Services folders from the virtual server and deletes the content database. You will not be able to reconstruct the sites previously stored on that virtual server unless you have a backup.
-Click OK.

Removing from a Virtual Server by Using the Command Line
You can use the unextendvs operation with the Stsadm.exe command line utility to remove Windows SharePoint Services from a virtual server. The unextendvs operation takes the -url parameter and the optional -deletecontent parameter. When you use unextendvs without the -deletecontent parameter, it leaves the content databases in place, so that you can reconnect to the content for a virtual server. When you include the -deletecontent parameter, the content databases are removed and the virtual server is removed from the configuration database.

For example, to remove Windows SharePoint Services from a virtual server, but preserve the content databases, use the unextendvs operation with syntax like the following:
stsadm -o unextendvs -url http://servername

To remove Windows SharePoint Services from a virtual server and remove the content databases permanently, use the unextendvs operation with syntax like the following:
stsadm -o unextendvs -url http://servername -deletecontent

Note:-When you use the unextendvs operation with the -deletecontent parameter, you cannot reconnect to the site content later.

Uninstalling from the Server Computer
If you want to remove Windows SharePoint Services from a server computer entirely, you can uninstall by using the Add or Remove Programs control panel. Uninstalling Windows SharePoint Services does not remove any chained products that were installed, such as WMSDE. You must uninstall these programs separately.

Uninstall
-On the server computer, click Start, click Control Panel, and then click Add or Remove Programs.
-Select Windows SharePoint Services, and then click Remove.

When you use the Add or Remove Programs control panel to remove Windows SharePoint Services from a server, it calls a command-line operation, stsadm -o uninstall, to perform the task. The uninstall operation does not remove any chained products that were installed. The uninstall operation takes the optional -deletecontent parameter. When uninstall is used without the -deletecontent parameter, it leaves the content and configuration databases in place, so that Windows SharePoint Services can be reinstalled, and you can reconnect to the databases and continue hosting sites. When the -deletecontent parameter is used, the content and configuration databases are removed, and you cannot recover the site content.

Refferance:-http://technet.microsoft.com/en-us/library/cc288469.aspx

SharePoint 2007 Installation on Windows Server 2008

1. You must enable the IIS7 Feature Role on Windows Server 2008 with .NET 3.0
-From Control Panel, Programs and Features, Select 'Turn Windows Features On or Off'
-Next, Under 'Server Manager, Features' Select '.NET Framework 3.0 Features'. When askedto install the IIS7 role, select yes.
-Under IIS7 'Security', be sure to select the authenticationyou want, i.e. Basic, NTLM, Kerberos, etc.
-Next, you must slipstreamWindows SharePoint Server 3.0 SP1 AND SharePoint Server 2007 SP1 into your SharePoint Server 2007 installation directory.

2. I used Winrar to extract the files from my SharePoint Server 2007 ISO, but you can alsocopy them into a directory directly from the DVD. Create a directory, we'll use c:\Slipped for our installation point. Copy the entire DVD contents to c:\Slipped

3. Next, you must download and extract both Windows SharePoint Services SP1 and SharePoint Server 2007 SP1you can get them here
http://blogs.msdn.com/sharepoint/archive/2007/12/11/announcing-the-release-of-wss-3-0-sp1-and-office-sharepoint-server-2007-sp1.aspx

-Create a directory to host the WSS 3.0 files after extraction. We will use c:\wsssp1
-create a directory to host the SharePoint Server 2007 files after extraction. We will use c:\mosssp1
-we will assume we have downloaded both service packs to c:\

Extract the WSS 3.0 service pack files by executing 'c:\wssv3sp1-kb936988-x86-fullfile-en-us.exe /extract:c:\wsssp1' Agree to the license terms, and the service pack will unpack.

Extract the SharePoint Server 2007 service pack by executing 'C:\officeserver2007sp1-kb936984-x86-fullfile-en-us.exe /extract:c:\mosssp1' Agree to the license terms, and the service pack will unpack.

4. Copy the service pack files from the above directories into the installation updates directory.
5. Last, run the setup from the x86 directory, and it should install!

Note:-Microsoft has now released a slipstreamed SharePoint Server 2007 SP1 image here

Additional Resources:
MOSS and WSS SP1 files are located here. You will need both service packs for the slipstream installation. Note: the links have both the 32 and 64 bit versions.
WSS SP1: Windows SharePoint Services 3.0 Service Pack 1 (SP1)
MOSS SP1: The 2007 Microsoft Office Servers Service Pack 1 (SP1)

I hope the above information helps you to install sharepoint on windows server 2008 successfully.
All The Best !

30 March, 2009

The restricted trust level is not supported + Infopath

Recently I tried to create an InfoPath 2007 form template and publish it to a SharePoint Forms Library and I received the following error:The restricted trust level is not supported.

This Form template cannot be uploaded to the server.Review the following 1 error(s) for more information.
Errors

The restricted trust level is not supported.

-Make sure that the form’s trust is set to domain.
-Go to Tools > Form Options > Security and Trust and Uncheck “automatically determine security level” and select “Domain”or "Full Trust" as the level of trust.
-Click “Ok”.

To publish InfoPath 2007 form to a SharePoint library:

Using SharePoint to Verify and Upload the Form Template

The SharePoint Central Administration site contains the Upload Form Template page,to verify a form template before uploading it. Once the form template is verified, enter the path to the form template and upload it to the server.

To verify the form template by using SharePoint Central Administration
1. Click Start, click All Programs, click Administrative Tools, and then click SharePoint 3.0 Central Administration.
2. In the top navigation bar, click the Application Management tab.
3. On the Application Management page, under InfoPath Forms Services, click Upload form template.
4. On the Add Form Template page, click Browse.
5. In the Choose file window, browse to C:\InfoPathLabs\deploylab01.xsn, click the template, and then click Open.
6. In the Deploy Form Template section, click Verify.
7. In the Report Details section, look for any errors and warnings for the form template.
8. If the system warns you that the template already exists, click Application Management, click Manage form templates, click the arrow that appears next to the form template, and then click Remove Form.
9. On the Remove Form Template page, click Remove.
10. If you did not receive a warning, click OK.

Stsadm access denied on Windows Server 2008

We recently faced one situation where we encountered Access Denied errors when attempting to run stsadm on a dev Windows Server 2008 Web Edition.We checked to see if the user account we were using was a local administrator on the server and it was.

We were not sure what was causing the problem.Then we looked into the User Account Control settings and those were enabled to help "protect" the server. Turning those off allowed me to run stsadm from the command line.

The User Account Control (UAC) is found under Control Panel --> User Accounts --> Turn User Account Control on or off.

You do not have permissions to open this file on Excel Services

Hello Guys,
If you receive the following Exception when you try to open the sample workbook or another workbook try the following steps:


You do not have permissions to open this file on Excel Services.Make sure that the file is in an Excel Services trusted location and that you have access to the file.

1.Open Central Administration -> go to Operations tab -Ensure that the Excel Service is running.
2.Open Central Administration -> go to your configured Shared Service -> click Excel Service Settings.

-File Access Method: ensure that it is not using Impersonation, instead the Option Process Account should be enabled.

3. Open Central Administration -> go to your configured Shared Service -> click add new trusted file location
-Field URL: here you can specify a report library or the whole portal
-Location Type: should be Windows SharePoint Services
-Children trusted: defines whether the children should also be trusted or only the definied path

How to enable SSL site collections using host headers to be browseable using ISA

1.In ISA 2006, right click Firewall Policy, New, and finally SharePoint publishing rule; type a new name for the publishing rule.Click Next.

2.Select Publish a single Web site or load balancer since we are dealing with a single site collection. Click Next.

3.Select Use SSL.. Click Next.

4.Type the name of the published web site, which is the external URL as it would appear on the certificate. Click the box next to Use a computer name or IP address to connect to the published server, and fill in the correct IP address for the server. Click Next.

5.From the drop down for Accept requests for, select This domain name. In the Public name box, type in the domain name you wish to use. Click Next.

6.We now must create a new listener. Give the new listener a name. Click Next.

7.Select Require SSL secured connections with clients. Click Next.

8.Select External Network and then the IP Address. This IP address will be dedicated to accept requests from SharePoint traffic externally. Click on OK, and then click Next.

9. Click on Select certificate and select the correct certificate with the name you are using in the public name. Click on Select.

10. Select the authentication type, and configure as needed. Click Next.

11. If SSO is being used, click on Enable SSO for Web sites published with this Web listener, and configure the SSO domain being used for authentication. Click Next.

12. Click Finish.

13. Select the new Listener, and click on Next.

14. Select the NTLM authentication, and click on Next.

15. Select the first option if AAMs are already configured; if not select the second option. Click Next.

16. Select All Authenticated Users. Click Next.

17. Click on Finish.

Disable MySite and MyLinks in MOSS 2007

In order to turn off or disable the MySite or MyLinks functionality you need to be an Sharepoint administrator.

-Go to the Central Administration Web Page
-Click on the link for Shared Services Administration
If you have more than one SSP, select the one that is running the MySites functionalityUnder "User Profiles and My Sites" click Personalization Services Permissions

Select the group you want to limit the functionality for. More than likely you will just have NTAuthority\Authenticated Users.
In the next screen you will see a list of checkboxes,

--To disable MySites uncheck "Create Personal Site"
--To disable MyLinks uncheck "Use Personal Features"
Once you find it, disabling the functionality is pretty easy.
Hopefully this will save your lot of efforts.

29 March, 2009

Configure single sign-on

Single sign-on (SSO) is a Microsoft Office SharePoint Server feature that provides storage and mapping of credentials such as account names and passwords. Using SSO, portal site–based applications can retrieve information from third-party applications and back-end systems such as Enterprise Resource Planning (ERP) and Customer Relations Management (CRM) systems.

The use of single sign-on functionality enables users to authenticate only once when they access portal site–based applications that need to obtain information from other business applications and systems.

There are seven main activities that we need to do:
1.Create the SSO service account -- This is the account that the service will run under.
2.Create the SSO groups -- These groups are used to control who has the ability to administer SSO (export the master key) and who has the ability to manage it (add/remove application definitions.)
3.Configure the SSO Service - Set SSO to start and get it to use the service account.
4.Configure SQL Server - Authorize the SSO service account to SQL server.
5.Manage SSO - Setup SSO in MOSS including the groups and the database.
6.Manage the encryption key -- Create the encryption key that will be used for protecting the username and password information on the system.
7.Manage settings for enterprise application definitions -- Define what initial applications SSO will be setup to manage passwords for.

Create the SSO Service Account
We need to create an account for the "Microsoft Single Sign-on Service" (SSO Service) to run as. This account has to be a domain account that has local administrative privileges for the front end web servers, must be a member of the SharePoint group Farm Administrators, must have db_creator and security administrator roles in SQL Server, and must be a member of the group that is defined as SSO administrators.

1.From the Start Menu click Administrative Tools-Active Directory Users and Computers
2.In the left hand pane on the Users folder right click and select New-User from the menu that appears. If your organization places service accounts in a different organizational unit (OU) you can certainly add this account to that location.
3.Enter the First Name (SharePoint SSO), Last Name (Service), and User logon name (SharePointSSOSvc) fields and click the Next button. You can name the account anything you want, however, these values make it clear what the account is used for.
4.Enter the a password into the Password and Confirm password fields. Uncheck the User must change password at next logon checkbox. Check the User cannot change password and Password never expires checkboxes. Click the Next button. This sets the account up to be a service account.
5.Click the Finish button.
6.On the user that was just created, right click and select Properties.
7.Click the Member Of tab.
8.Click the Add button.
9.Enter the group name Domain Admins and click Check Names then click OK. As mentioned above, if you're using another group to provide local administrator access to the farm servers, use that group here.
10.Click the OK button.

Create the SSO Groups
There are two important groups for SSO. The first group is the administrative group which includes those users capable of administering SSO. This includes the ability to backup and restore the encryption key -- because of this they can effectively decrypt all user credentials in the SSO database and thus membership to this group should be severely limited. The second group, a managers group, is used to manage the application profiles in the SSO system. This group doesn't directly have access to passwords but could inadvertently delete all of the stored passwords. In the following steps we'll create both groups and add the SSO service account we created above into the administrators group.

1.In Active Directory Users and Computers (still open from the last set of steps) from the left pane right-click Users and select New-Group. As before if your organization requires that groups be placed in a different OU, select that OU to create group in.
2.Enter the Group Name (SharePoint SSO Administrators) and click the OK button.
3.Left click the new group, and then right click the new group and select Properties.
4.Click the Members tab.
5.Click the Add button.
6.Enter SharePointSSOSvc, click the Check Names button, and click the OK button.
7.Click the OK button.
8.In the left pane, right click Users and select New-Group. As before, if your organization requires a different location, use that location.
9.Enter the Group Name (SharePoint SSO Managers) and click the OK button.
10.Close Active Directory Users and Computers, we're done with it.

Configure the SSO Service
By default the SSO service in SharePoint doesn't start. In this activity we're going to enable the SSO service. On each server in the farm and then once completed we're going to change the account used for SSO in SharePoint Central Administration.

1.On the Start menu click Administrative Tools-Services
2.In the Services application in the right hand pane scroll down to the Microsoft Single Sign-on Service, right click and click Properties.
3.Change the Startup type from Manual to Automatic.
4.Click the Start button.
5.Click the OK button.
6.Close the Services application. We're done with it.
7.Repeat steps 1-5 on each server in the SharePoint farm.
8.On the Start menu click Administrative Tools-SharePoint 3.0 Central Administration
9.Click the Operations tab
10.In the Security Configuration section, click the Service Accounts link
11.In the Windows service drop down list select Single Sign-on Service.
12.Enter the Username (DC\SharePointSSOSvc) and Password for the service account and click the OK button.

Configure SQL Server for the SSO Service Account
The SSO service account needs to create the SSO database and setup the correct permissions. In order to do that it needs the security administrator (securityadmin) and database creator (dbcreator) system roles. In the following steps we'll get permissions setup for the service account.

1.On the Start menu click All Programs -Microsoft SQL Server 2005 - SQL Server Management Studio.
2.If your server name isn't correct in the dialog select the correct server. Then click the Connect button to connect to your SQL server.
3.Click on the plus sign to the left of Security to expand it. Click on the plus sign to the left of Logins to expand it.
4.Right click on the SharePoint SSO service account (DC\SharePointSSOSvc) and click properties.
5.In the Select a page (left) pane select Server Roles.
6.Click the checkboxes to the left of dbcreator and securityadmin.
7.Click the OK button.
8.Close Microsoft SQL Server Management Studio, we're done with it.

Manage Settings for Single Sign-on

In this step we'll go through the process of creating the SSO database by using the Manage settings for single sign-on link on the central administration operations screen.
1.On the SharePoint Central Administration Operations page in the Security Configuration heading select the Manage settings for single sign-on link.
2.Click the Manage server settings link.
3.In the far upper right corner, click the down arrow next to Welcome System Account (or whatever name is displayed.) From the menu that appears, select Sign in as a Different User.
4.In the User name text box enter the SharePoint SSO Service Account (DC\SharePointSSOSvc) and in the Password text box enter the account's password. 5.Enter the administrators group name including the domain name (DC\SharePoint SSO Administrators)in the Single Sign-On Administrator Account section's Account name textbox.
6.Enter the managers group name including the domain name (DC\SharePoint SSO Managers) in the Enterprise Application Definition Administrator Account section's Account name textbox.
7.Click the OK button.

Manage the Encryption Key
The next step is creating an encryption key for the credentials to be encrypted with. In order to do this, follow these steps:
1.On the Manage Settings for Single Sign-on page click the Manage encryption key link
2.Click the Create Encryption Key button.
3.Click the OK button.
4.In the breadcrumbs, click the Manage Single Sign-On link.

With an encryption key set, you're ready to create an application definition.

Manage Settings for Enterprise Application Definitions

The final step is to define an application definition for SSO. This can be done with the following steps.
1.On the Manage Settings for Single Sign-On for... page in the Enterprise Application Definition Settings, click the Manage settings for enterprise application definitions link.
2.Click the New Item button.
3.Enter a Display name (Demo Application), a Application name (Demo), and Contact e-mail address (sharepoint@demo.thorprojects.com).
4.Select the Account type. Generally this will be Individual. Note that this cannot be changed once the application has been defined.
5.Click the OK button.
6.Close the web browser with central administration.

I hope the above steps helps you to configure Single Sign On . If you have any query or doubt regarding any step then please let me know. I would be more happy to answer your queries.




Configure single sign-on