It looks like I just fixed it by changing the order of the Windows Authentication Providers so that NTLM was first. In IIS7, got to Authentication, right click on Windows Authentication and select Providers. Use the arrows to move NTLM above Negotiate
SharePoint 2010/2013
Monday, April 14, 2014
IIS Windows Authentication promting for Username and password
It looks like I just fixed it by changing the order of the Windows Authentication Providers so that NTLM was first. In IIS7, got to Authentication, right click on Windows Authentication and select Providers. Use the arrows to move NTLM above Negotiate
People Picker from Non trusted domain to trusted domain
Reference# http://blogs.msdn.com/b/jorman/archive/2011/02/16/people-picker-why-don-t-you-trust-me.aspx?Redirected=true
Password which I have used to set the AppPassword on all the 4 servers
We can get the binary value of the password in the registry here HKEY_Local_Machine\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure - AppCredentialKey : REG_BINARY
• Using STSADM we can configure which forests and domains are searched for accounts by setting the peoplepicker-searchadforests property. The best part is that we can supply a username and password for a trusted domain.
• SharePoint doesn’t allow you to store this username and password in plain text on the server. So you will have to configure a secure store. If you skip this step, configuring the search account for trusted domains will always fail with the following message - Cannot retrieve the information for application credential key.
• To create a credential key you will have to use the following command.
stsadm -o setapppassword -password <password>
This command has to be executed on every server in the farm.
• Now you can configure the forests and domains you want to search using the following command.
stsadm -o setproperty -url <web application url> -pn peoplepicker-searchadforests -pv forest:<source forest>;domain:<trusted domain>,<trusted domain>\<account>,<password>
You can combine any number of forests and domains, but you need to specify at least one. You also need to include all forests and domains in one statement because every time you execute this command it will reset the current settings.
Applying Document Retention in SharePoint 2010
According to MSDN, “An information management policy is a set of rules that govern the availability and behavior of a certain type of important content.” Retention rules are considered a kind of information management policy. (Note: information management policies are only available for the SharePoint 2010 server product, and are not available in SharePoint Foundation 2010.) You can create retention policies in several ways:
- You can create a retention policy definition within your site collection, then apply that policy to content types throughout the site.
- You can create a retention policy that’s associated with a content type that’s defined in the root of the site collection.
- You can create a retention policy that’s associated with a local content type that has been applied to a list or library.
- You can create a retention policy directly on a list or library itself
More Infor: http://blogs.msdn.com/b/mvpawardprogram/archive/2011/10/03/applying-document-retention-in-sharepoint-2010.aspx
Friday, September 13, 2013
Sharing SharePoint 2010/ 2013 Service Applications across Farms
We can share/Publish-consume a Service Application across different farms like User Profile Service Application on Production can be shared to DEV, QA and UAT farms which will save duplication.
Below is the Technet Link and more steps how the Service Application can be shared across farms.
http://technet.microsoft.com/en-us/library/ff621100(v=office.14).aspx
1.Exchange trust certificates between the farms
http://technet.microsoft.com/en-us/library/ee704552(v=office.14).aspx
2.On the publishing farm, publish the service application.
3.On the consuming farm, set the permission to the appropriate service applications
4.On the consuming farm, connect to the remote service application
5.Add the shared service application to a Web application proxy group on the consuming farm
Thursday, September 12, 2013
Backup, Restore and Disaster Recovery
Gathering Requirements
* RTO - Recovery Time Objective
* RPO - Recovery Point Objective
Content Recovery
- Less Serious
- Recycle bin is the best friend
1) First stage made available to business users
2) Second stage available to site collection administrators
3) Recycle bin settings configures in web application
4) Users can recover deleted Items/ Documents/ Sites
- Third Party tools like Ave Point (or) Quest can get item level restore
Disaster Recovery
- Its a Big one
- If entire Data Center is down,
1) Data center synchronization via Log shipping is one method
2) Stand by farm in remote location and wit Log shipping you can easily recover simply by flipping the switch. (DNS Headers, IP's Info etc)
3) DB Mirroring is another method, basically it takes a mirror image of your environment and run simultaneously on your recovery farm.
High Availability
- Expect problem and plan for up time
- Doubling up the servers so that if one goes down we have other
- Most effective focus on SQL Server databases
1) Database Mirroring
2) Database Clustering
3) Transaction log shipping
Backing Up SharePoint Content
- Two Common Strategies
1) Backup site collection - SharePoint backups
i) Backup-SPSite/ Restore-SPSite
*** Can lead to performance issues with 1GB or more
ii) Export-SPWeb/ Import-SPWeb
iii) Export-SPList/ Import-SPList
Power Shell Script: Backup all the site collections to "C:\backups"
Get-SPWebApplication |Get-SPSite |
ForEach-Object{
$FilePath = "C:\Backups" + $_.Url.Replace("http://","").Replace("/","-") + ".bak"
Backup-SPSite -Identity $_Url -Path $FilePath
}
iv) Granular backup - Sitecollection/ Web/ List
2) Backup content databases - SQL backups
i) SQL Server backup/ restore tools are very mature
ii) Provides efficient means to recover content
DR: Server failure - Farm
- Decide what to back up
1) Content Databases
2) Configuration Database
3) Service Application databases
DR: Server failure - Server
- Files
1) Solution Packages
2) Webtemp.xml
3) Docicon.xml and file icons
4) SSL Certificates
5) Web.config
6) Configuration from IIS metabase
7) Registry Keys
- Folders
1) \15 hive
2) \14 hive
3) \inetpub
4) \install
In addition, system level files
%windir%\System32\inetsrv\appcmd.exe add backup "My Backup Name"
%windir%\System32\inetsrv\appcmd.exe restore backup "My Backup Name"
%windir%\System32\inetsrv\history
DR: Server failure - Farm Backup
SharePoint Supports Farm Level backup
Wednesday, September 11, 2013
User Profile Application in SP2013
The user Profile Sync service must be run in the context of the farm account. That is still one of the requirements. You can't change it to use a different account
I am having problem to start “User Profile Synchronization Service”.
(1) I grant the farm admin account “Replicate Directory Changes” permission and add the account to the “Pre-Windows 2000 Compatible Access” group on the domain
(2) Create a User Profile Service application with the farm admin account.
(3) Start “User Profile Service”.
(4) Start “User Profile Synchronization Service”.
Because this is a single server farm, so I following the instruction on the set up page to restart IIS. However, the service just cannot started - “Starting” forever.
Both “FIMService” and “FIMSynchronizationService” are disabled. Both services are log on with the same farm admin account. I set them to “Auto (Delay)”. I tried to manually start them but get errors “Window could not start the Forefront Identity Manager Synchronization service on local computer” and “The Forefront Identity Manager Service stop automatically…”.
I have recreate the service application couple times and nothing is changed. I really appreciate if someone can help me out. Many thanks.
Subscribe to:
Posts (Atom)