Monday, May 31, 2010

Access 2010 Web database conversion

Native SharePoint 2010 is dissapointing in terms of not being able to have relational data lists or lookups with filtering and for reporting I used Access reporting based on SharePoint lists.
With Access Services in SP2010 I thought I'd just convert these reports and data sources over, but as ever its not that simple. You need to create a new Access Web database and then import tables into Web Compliant tables. It would appear that linked tables to sharepoint are not compatible. As ever with Microsoft so near and year so far from a complete solution....

Here is a very good article about converting your access databse "Converting Access Databases to Access Web Databases (25th May 2010)"

Friday, May 28, 2010

IE Automation & Tabs - Tony Schreiner's Blog - Site Home - MSDN Blogs

I wanted to launch IE and open several additional tabs. - thanks to Tony Schreiner's blog

IE7 does not support specifying multiple URLs on the command line, but another way to do this is to use IE Automation to launch IE as an out-of-proc COM server and then call methods such as IWebBrowser2::Navigate2.
While you can do this using C++ or any language that supports COM, the easiest is to use Windows Scripting Host.

First, create a 'lanuchie.js' file using your favorite text editor, add the following, and save:

var navOpenInBackgroundTab = 0x1000;
var oIE = new ActiveXObject('InternetExplorer.Application');
oIE.Navigate2('', navOpenInBackgroundTab);
oIE.Navigate2('', navOpenInBackgroundTab);
oIE.Navigate2('', navOpenInBackgroundTab);
oIE.Visible = true;

Now from the command line you can do:

wscript.exe launchie.js

to open IE, navigate the first tab, and then open three background tabs.
One caveat: due to some IE features such as Protected Mode you will sometimes observe that the links are opened in an existing IE window."

Thursday, May 27, 2010

Firebox x10 user count exceeded error

On adding a couple of new devices behind my firebox firewall I recieved the most unhelpfull message "user count exceeded".  I double checked everything and after many weeks of fighting with the issue I finally found the solution.

What the error message means is that there is a licensed limit (based on the key you've purchased) for the number of IP addresses on the local network that can use the firewall to access the external interface.  The error message most un-helpfully calls these IP Addresses "users".

So where you have upgraded a number of machines, changed the IP addresses, and the odd printer has chatted to the internet all these old IP addresses are stored on the Firebox.  These then block any new ones for new devices and have to be manually removed.

To do this open the Firebox System Manager ->Authentication Tab->IP Address button

This will give all the addresses that the Firebox has remembered for you as having access to the external interface.

Either clear them all to start a new list or remove the ones you don't want!

This link eventually told me what I needed to know.

Sunday, May 23, 2010

How to remove the “title” column from a SharePoint list |

With custom Sharepoint lists or those imported from Excel the default Title field (which is inherited from the content type Item) is always included. This link gives a neat trick to hide this field from the edit screen if you dont want it.
How to remove the “title” column from a SharePoint list

Friday, May 21, 2010

How To: Create, Configure, Consume SharePoint 2010 Secure Store in Business Connectivity Services

How To: Create, Configure, Consume SharePoint 2010 Secure Store in Business Connectivity Services

Configuring Business Data Connectivity Services

Setup BDC with its own user, database and App pool
Start the service
You should have a pages host to contain the external content type definitions so you need to Configure /add an External Content Type Profile Page Host.
Create a new site collection (I use the same web application as the metadata hub created earlier)
Use the Publishing Pages Portal Template
Once published goto Central Admin ->Manage service applications –> Choose the BDC /BCS Service -> Click manage from the toolbar->Configure->Type in the URL of the site collection you created above. ie assign administrators of the BDC Metadata Store by clicking on the Set MetaData Store Permissions.

To create external connections see this article

Multiple Authentication Methods in SharePoint 2010

There are new and exiting authentication methods such as Claims-based authentication in SharePoint 2010 which leads Microsofts product line in being the first Server to offer it.  This article introduces them
while (alive) { writeCode(); } : Multiple Authentication Methods in SharePoint 2010:

Thursday, May 20, 2010

Setup Managed Meta Data Hub for the Sharepoint 2010 farm

My personal notes to: Setup a Managed Meta Data Hub for the SP2010 farm
Create a new web applicationCreate a new user for this (and make sure its in the Managed accounts list with the correct permissions)

Create a new web application & make sure the "Document Sets metadata synchronization" web app. feature is activated (you can find this by managing the web application and choosing "manage features" from the tool bar.
always use NTLM to start with to test work and can switch after
Create a new site collection with a template of "Publishing ->publishing Portal"

Create the service application

Create a new "Service Application" from Central Admin->Application Managment->Service Applications->Manage Service applications

Click on the new button on the toolbar and choose "Managed Metadata Service"

Enter the name, SQL server and DB name.

You can either use the IIS Web application pool you created when you setup the web application and site above or create a new one with yet another new user account which has been added to the managed users

For the Content Type Hub use the URL of the site collection you setup above and then click ok.
Note: this will not start the Managed Metadata service, and you may see errors in the event log saying that this service is not running on any of the servers in your farm. You need to start the serice seperatly.
You start the service by Central Admin->System Settings->Servers->Manage services on server

Click start next to Managed Metadata Web Service


To check it is working and to manage the content goto Central Admin->Application Management-> Service Applications->manage Service Applications

You will see two entries for the Service, the first is the actual service and the second indented line is a proxy stub.

Click on the first line and choose Manage from the toolbar. This will bring you up the Term Store Mangement Tool where you can manually input Terms or import them using a CSV

Note: you may find errors if you do this straight away as certain timer services need to run to fully impliment this service. Gernerally I would always do an IISReset as well (well it cant hurt!)

Article for next steps setting up content types

SharePoint 2010 Connection Filter Logic

For SharePoint 2007 our MOSS profile sync uses the an LDAP query that filters which OU Users we dont't require -

ie User filter: (&(objectClass=user)(!Status:=System)(!UserAccountControl:1.2.840.113556.1.4.803:=2))

This assumes we want everyone except those with and AD attribute of Status=System (the UserAccountConrol setting excludes accounts disabled)

For SharePoint 2010 once you have setup your Sychronization Connection to include one or more OUs from AD, you can then add exclusion rules by clicking to the right of the Syncronization Connection and choosing Edit Connection Filters from the menu.

I didn't read the screen properly and just applied the same filter logic as SharePoint 2007 but after 4 hours of pain not getting the results I wanted, so I read what it said on the screen.
It says "Exclusion Filter for Users" - as such YOU MUST REVERSE YOUR LOGIC from SP2007!!

Thus to achieve the same result above you need:
ie User filter: (Status:=System)(UserAccountControl:Bit On:=2))

I'll read the screen next time - duh!

The importance of SharePoint 2010 Managed Service Application install order

SharePoint 2010 is very unforgiving when it comes to the configuration of its Managed Service Applications. Not only do all the security settings need to be just so, but the order of install needs to be just right.
Because of this sensitivity, after installing the binaries and getting the administration site running I concentrated on getting the most tricky Service Apps running first, ie the User Profile and User Sync Service Application. However after a good install with few errors, on editing a user's profile some of the fields had really odd errors saying that "There was a problem retrieving data for this field"

There was nothing obvious; however it turns out that if you don't install the Managed Meta Data Service then you will have this problem. It doesn't matter if you install the MMD before are after the UPA but it just needs to be there.

The order I attempted to install Services after the binary and install of the administration site is as follows:

  • Register some pre-configured AD accounts into SharePoints' Managed Accounts (having setup the right AD permissions first). These will be used for the IIS Application Pools so you know what is running what. SharePoint very unhelpfully gives these GUIDS as names.
  • Create a New Web Application for the MySite Profiles with its own application pool and use one of the Managed Users we setup above

  • Create New Site collection in that Web Application – using a template of Enterprise –> My Site Host
    (Don't try to load site at this time)

  • Create a new User Profile Service Application with its own app pool
    • Start the UPA service – (very easy to miss this)
  • After service has started do an IIS Reset – or even reboot to make sure
  • Start the User Profile Sync service – prompts for details – wait 10 minutes until started
  • Reboot again – very important.
  • Add a Synchronization Connection to AD (You can add LDAP Filters to the connection after it is setup)
  • Start profile Synchronisation (full)
  • Once complete (and it will take a while…..) Manage User Profiles and you will see on some of the fields the errors I mentioned above.
  • Now install the Managed MetaData Service
  • IISReset or reboot again – and these field errors disappear!!

Glad it's so intuitive……..!
References :
Spencer Harbar's Rational Guide to implementing SharePoint Server 2010 User Profile Synchronization
SharePoint 2010 – Provisioning User Profile Synchronization

MSDN: Edit Profile Synchronization connection filters

Monday, May 17, 2010

Visual Studio error 'Cannot find the certificate and private key for decryption'

I have a perfectly good (and expensive) Thwate Code Signing Certificate - but when I try to import it into Visual Studio to sign an assembly I get a daft error of the form of the title above. I thought MS might have fixed this in VS2010 but no.

The problem appears to be that the certificate holds too much information for VS to comprehend, so you need to import the Certificate onto your machine and export it without all this extra "stuff".

The solution is to run CertMgr.msc - import your certificate - (usually into Personal->Certificates) and then:
export it by right clicking on the certificate you just imported ->All Tasks ->Export->Yes Export Private Key->
(Do not include any Personal Information Exchange check boxes)
Type a password and export it to a folder (preferably in your VS Project)

Now, in Visual Studio->Signing->Strong Name Key File-> try and browse to your new key and it should load after you enter the password.

Tuesday, May 11, 2010

Sharepoint 2010 BCS connection getting started and authentication issues

There is a very good "get you started" article here, walking you through creating a SharePoint List to an external SQL table. Whilst all the steps were clear it did not deal with security and authentication to the SQL server.

Several methods are available to connect through to back end data providers, however "Connect with User's Identity" (or Pass Through) will only work with Kerberos enabled, and if it is not you will get a Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' error.

With SP2010 it is much better to use either the Impersonate Windows (or Custom) Identity - which makes use of the SharePoint 2010 Secure Store Service.

If however you dont want to use these or havnt set them up then you can use RevertToSelf which uses the BCS's application pool credentials.

Microsoft warn against this method as a potential security risk and if you try to select it as a connection property it will give you an error saying that revert has to be enabled for the application pool. (See this link)

This is done by setting RevertToSelfAllowed for the BCS model's authentication mode wont work without using powershell to set the Sharepoint Server setting for this to True.

$apps = Get-SPServiceApplication
$bcs = Get-SPServiceApplication where {$_ -match ""}

## If you’re doing this by hand, just type $apps and look #for the Business Data one, then index into it like $apps[i].#If you’re doing it for automation, filter by #$_.GetType.FullName (not $_.TypeName, which is localized).

$bcs.RevertToSelfAllowed = $true

Remember that if you do use this method then the BCS's application pool credentials must have the appropriate rights to the SQL Server Table.

Authenticating to Your External System - BCS Team blog
BCS and External List Learning – Part1
BCS and External List Learning – Part2
Getting started with Business Connectivity Services (BCS) in SharePoint 2010

Sunday, May 09, 2010

SharePoint 2010 and Project 2010 Server demo and Eval VM (RTM edition)

Having spent a week fighting with SharePoint 2010RTM to setup demo scenarios, it is refreshing to see that Microsoft have released RTM VM machines for both SharePoint and Project server. Downloading now and will see what goodies they hold...

Chris Johnson : SharePoint 2010 Demo and Eval VM (RTM edition): "SharePoint 2010 Demo and Eval VM (RTM edition)"