Joel's SharePoint Architect Blog

SharePoint 2010, MOSS & WSS Tips and Consultancy Tales

Subscribe Subscribe  View Joel Jeffery's profile on LinkedIn
joelblogs.co.uk | joelj.co.uk | joeljeffery.co.uk | jfdiphoenix.co.uk

Posts Tagged ‘SharePoint Administration’

« Older Posts
Newer Posts »

Certificate Revocation List Check and SharePoint 2010 without an Internet Connection

Filed Under : SharePoint 2010 by Joel Jeffery
Sep.20,2011

UPDATED: Fix Slow SharePoint 2010 System Performance with the CRL Check

Sometimes you need to install SharePoint 2010 in an environment where the servers do not have an effective Internet connection. This posses a big problem.

Most Microsoft assemblies and DLLs are digitally signed. Each time signed assemblies are loaded, default system behaviour is to check with the owner of the root certificate that the cert with which the assembly was signed is still valid. In the case of Microsoft assemblies, this means “phoning home” to read the Certificate Revocation List at crl.microsoft.com .

Whilst this is all very well and good if you have an Internet connection, sometimes you don’t have this luxury. Many web servers, for instance, don’t have outbound Internet accessibility. The CRL check will attempt to connect to Microsoft’s servers and then timeout, usually within 30-60 seconds.

With SharePoint, you’ll get a lot of delays in this scenario. One way to check if your server is affected by this condition is to open up a SharePoint Management Console PowerShell window and run the “STSADM -help” command. If it takes 30 seconds or more to display the usage instructions, then you will be experiencing really slow server performance.

See how long STSADM takes to load

Disabling the CRL Check

There are three workarounds to this problem, in reverse order of preference:

  1. Give your servers an outbound Internet connection
  2. Edit the hosts file at “%SYSTEMROOT%\\System32\\drivers\\etc\\hosts” to fool the CRL check into thinking your local machine is crl.microsoft.com by pointing it at 127.0.0.1 (localhost):
    Editing the HOSTS file in Notepad
  3. Edit the registry to disable CRL checking by setting the State DWORD to 146944 decimal (SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WinTrust\\Trust Providers\\Software Publishing for both HKEY_USERS\\.DEFAULT and HKEY_CURRENT_USER) with the following lines of PowerShell:
    #the following statement goes on one line
set-ItemProperty -path "HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion
\\WinTrust\\Trust Providers\\Software Publishing"
 -name State -value 146944

#the following statement goes on one line also
set-ItemProperty -path "REGISTRY::\\HKEY_USERS\\.Default\\Software\\Microsoft
\\Windows\\CurrentVersion\\WinTrust\\Trust Providers\\Software Publishing"
 -name State -value 146944

#UPDATED: and the following statement goes on one line too
get-ChildItem REGISTRY::HKEY_USERS | foreach-object {set-ItemProperty -ErrorAction
silentlycontinue -path ($_.Name + "\\Software\\Microsoft
\\Windows\\CurrentVersion\\WinTrust\\Trust Providers\\Software Publishing")
-name State -value 146944}
  4. UPDATED: Edit the machine.configs and disable it there. There’s a nice piece of code from the most excellent AutoSPInstaller (autospinstaller.codeplex.com) that does this:
    5. Write-Host -ForegroundColor White " - Disabling Certificate Revocation List (CRL) check..."
ForEach($bitsize in ("","64"))
{
  $xml = [xml](Get-Content $env:windir\\Microsoft.NET\\Framework$bitsize\\v2.0.50727\\CONFIG\\Machine.config)
  If (!$xml.DocumentElement.SelectSingleNode("runtime")) {
    $runtime = $xml.CreateElement("runtime")
    $xml.DocumentElement.AppendChild($runtime) | Out-Null
  }
  If (!$xml.DocumentElement.SelectSingleNode("runtime/generatePublisherEvidence")) {
    $gpe = $xml.CreateElement("generatePublisherEvidence")
    $xml.DocumentElement.SelectSingleNode("runtime").AppendChild($gpe)  | Out-Null
  }
  $xml.DocumentElement.SelectSingleNode("runtime/generatePublisherEvidence").SetAttribute("enabled","false")  | Out-Null
  $xml.Save("$env:windir\\Microsoft.NET\\Framework$bitsize\\v2.0.50727\\CONFIG\\Machine.config")
}%MINIFYHTML1de5a231175bf71f70b969afdeab3ded15%

Method 3 is the preferred method, and should have things loading about as quickly as possible. UPDATED: Method 4 is more likely to work, but you’re editing some pretty important files there, so be careful!

UPDATED: You can download a script that combines these methods here: http://joelblogs.co.uk/wp-content/uploads/2012/03/Disable-CRLCheckv2.zip.

As usual, no warranty etc etc, use at your own discretion!

Technorati Tags: SharePoint, SharePoint 2010 Training, SharePoint Administration, SharePoint Administrator

  Tags : , , ,

  Read more...

Resetting and Managing SharePoint User Alert Frequencies

Filed Under : SharePoint 2010 by Joel Jeffery
Sep.10,2011

Here’s a common use case: a user in your company is complaining about how frequently they receive Alerts from content added to SharePoint 2010 Lists.

Yes, there are quite a few tools out there, and some folks suggest using Control Point or something expensive for this requirement. But in principle you don’t need those tools.

SharePoint 2010 is best administered by PowerShell. Here’s an example script that will reset all of the alerts for a specified user (e.g. “DOMAIN\JOEL”) to receive a weekly digest.

Start-SPAssignment –Global

Get-SPWeb http://sharepoint/* | ForEach-Object { $w = $_; ForEach($alert in $w.Alerts) { if($alert.User.UserLogin -eq “domain\joel”) { $alert.AlertFrequency = “Weekly”; $alert.Update(); } } }

Stop-SPAssignment -Global

Enjoy!

Post Script:

Top tip from Andrew, one of my students. Why not train users to manage alerts for themselves? Outlook has the Manage Rules & Alerts feature to make the task easier:

Manage SharePoint Alerts from Outlook

 

Technorati Tags: PowerShell, SharePoint 2010, SharePoint 2010 Training, SharePoint Administration

  Tags : , , ,

  Read more...

SharePoint 2010 Service Pack 1 Released Today

Filed Under : SharePoint by Joel Jeffery
Jun.29,2011

Today’s Announcement

After a long wait, SharePoint 2010 SP1 is finally available.

What’s New in Service Pack 1 for SharePoint 2010

SQL Denali Support

Service Pack 1 introduces support for SQL Server Code Name “Denali”.

Shallow Copy

An improvement to the Move-SPSite PowerShell cmdlet, which means that when you move a Site Collection where you’re using the SQL Remote Blob Store for file storage, they can stay right where they are; it’s only database content (such as List, Library and other structure/metadata related content) that gets moved from one database to another.

Caveat: Shallow Copy does not support the Out-of-Box RBS provider (the Filestream Provider).

Site Recycle Bin

SharePoint 2010 SP1 Site Recycle BinMuch awaited, and much appreciated, is inclusion of the new Site Recycle Bin. Before SP1, if you deleted a site, it pretty much stayed that way. Lists, Libraries and Documents got into the Recycle Bin, but not Sites or Site Collections. You could install the free plug-in from Microsoft’s SharePoint Governance site, but it merely archived deleted sites rather than helping those who causally deleted the wrong site.

Storage Space Allocation – Storage Metrics

SharePoint 2010 Storage MetricsIn SharePoint 2010 RTM, Microsoft took away the Storage Management page (storman.aspx).

It’s back now with a new look, showing the top 100 biggest files or containers across a site collection.

Cascading Filters for PerformancePoint Services

A nice touch for Business Intelligence users: filters in PerformancePoint Dashboards can now cascade their values from one to the next.

Browser Support

Service Pack 1 brings support for Internet Explorer 9 (IE9) and IE8 Standards Mode, and now Google Chrome too!

Cumulative Updates

SharePoint 2010 Service Pack 1 includes all the (non-redacted) Cumulative Updates since the RTM:

Technorati Tags: SharePoint, SharePoint 2010, SharePoint Administration, SharePoint Administrator

  Tags : , , ,

  Read more...

SharePoint 2010 PeoplePicker Not Finding Active Directory Users

Filed Under : SharePoint by Joel Jeffery
Jun.2,2011

We had a weird problem at one of my customers the other day. They’d built a SharePoint 2010 farm with one web application and three site collections.

In two of the site collections, the PeoplePicker control allowed the users to select the correct folks from their Active Directory. However, for one site collection, only users that already exist in the User Information List could be resolved by the PeoplePicker:

SharePoint 2010 PeoplePicker Failing to Resolve a User

This was accompanied in the ULS (14 hive logs) with the following message:

Error ID 72e9 Error in resolving user ‘fred’ : System.DirectoryServices.DirectoryServicesCOMException (0x8007202B): A referral was returned from the server.       at

System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()     at Microsoft.SharePoint.WebControls.PeopleEditor.SearchFromGC(SPActiveDirectoryDomain domain, String strFilter, String[] rgstrProp, Int32 nTimeout, Int32 nSizeLimit, SPUserCollection spUsers, ArrayList& rgResults)     at

Microsoft.SharePoint.Utilities.SPUserUtility.ResolveAgainstAD(String input, Boolean inputIsEmailOnly, SPActiveDirectoryDomain globalCatalog, SPPrincipalType scopes, SPUserCollection usersContainer, TimeSpan searchTimeout, String customFilter)     at

Microsoft.SharePoint.Utilities.SPActiveDirectoryPrincipalResolver.ResolvePrincipal(String input, Boolean inputIsEmailOnly, SPPrincipalType scopes, SPPrincipalSource sources, SPUserCollection usersContainer)     at

Microsoft.SharePoint.Utilities.SPUtility.ResolvePrincipalInternal(SPWeb web, SPWebApplication webApp, Nullable`1 urlZone, String input, SPPrincipalType scopes, SPPrincipalSource sources, SPUserCollection usersContainer, Boolean inputIsEmailOnly, Boolean alwaysAddWindowsResolver).

A lot of people on the Internet seem to be having the same issues, and a lot of the advice seems to centre around setting Web Application level properties to configure the PeoplePicker.

But the problem here is not Web Application wide – it only affects one site collection.

So I decided to have a look at some of the properties on the SPSite object itself – through courtesy of PowerShell. A look at the SPSite.UserAccountDirectoryPath property showed an unexpected difference between the site collections that worked and the one that didn’t.

Here’s an example snippet to illustrate the point:

PS C:\> $site = get-spsite http://brokensite.contoso.com
PS C:\> $site.UserAccountDirectoryPath
DC=dev,DC=contoso,DC=com

 

The site collections that worked instead had an empty string for SPSite.UserAccountDirectoryPath. Simply updating the value of the errant site collection resolved the problem. You could also use the Set-SPSite cmdlet:

PS C:\> Set-SPSite -Identity http://brokensite.contoso.com  -UserAccountDirectoryPath ""

 

This resolved the problem for our client. I hope you find it useful too!

Technorati Tags: SharePoint Administration

  Tags :

  Read more...

SharePoint 2010 Service Pack 1

Filed Under : SharePoint by Joel Jeffery
May.23,2011

Service Pack 1 for SharePoint 2010 has been announced. It’s not going to be released until late June 2011. However, what is being reported seems interesting.

Site Recycle Bin

For a long time SharePoint Admin guys have been plagued by users deleting the wrong SharePoint sites. It’s not so much a matter of users deleting sites by accident; you have to click “Delete This Site” from the Site Settings page, then SharePoint prompts you for confirmation two further times. Clearly, users clicking “Delete This Site” by accident is not the problem. The problem is users being in the wrong site when they go to Site Settings and hit “Delete This Site”. So, the problem is users deleting the wrong site by accident.

Why is this a problem? SharePoint has Site and Site Collection level recycle bins by default. When I delete via the browser a List, Library, List Item or Document it all goes into the Recycle Bin, which I can then restore. However, Sites and Site Collections do not get this treatment. Delete one of those, and they’re gone straight away.

Microsoft has known about this issue from very early on. In fact this issue was around in SharePoint 2007 as well. The Microsoft IT team – the Redmond guys who first installed SharePoint 2007 for Microsoft themselves – noticed the problem and came up with a solution: The Site Recycle Bin.

You can download the Site Recycle Bin today as a feature for SharePoint 2007 and SharePoint 2010 from Microsoft’s SharePoint Governance page on CodePlex.

But now… Microsoft has realised this behaviour should be available by default. So from SharePoint 2010 SP1, it’s in the box.

Technorati Tags: SharePoint 2010, SharePoint Administration

  Tags : ,

  Read more...

« Older Posts
Newer Posts »

Copyright 2010 Joel's SharePoint Architect Blog | Hosted by JFDI Phoenix Ltd | Designed by Joel Jeffery