SharePoint 2010/2013

Monday, April 14, 2014

IIS Windows Authentication promting for Username and password

It looks like I just fixed it by changing the order of the Windows Authentication Providers so that NTLM was first. In IIS7, got to Authentication, right click on Windows Authentication and select Providers. Use the arrows to move NTLM above Negotiate

People Picker from Non trusted domain to trusted domain

Reference# http://blogs.msdn.com/b/jorman/archive/2011/02/16/people-picker-why-don-t-you-trust-me.aspx?Redirected=true

Password which I have used to set the AppPassword on all the 4 servers
We can get the binary value of the password in the registry here HKEY_Local_Machine\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure - AppCredentialKey : REG_BINARY

• Using STSADM we can configure which forests and domains are searched for accounts by setting the peoplepicker-searchadforests property. The best part is that we can supply a username and password for a trusted domain.
• SharePoint doesn’t allow you to store this username and password in plain text on the server. So you will have to configure a secure store. If you skip this step, configuring the search account for trusted domains will always fail with the following message - Cannot retrieve the information for application credential key.
• To create a credential key you will have to use the following command.
stsadm -o setapppassword -password <password>
This command has to be executed on every server in the farm.
• Now you can configure the forests and domains you want to search using the following command.
stsadm -o setproperty -url <web application url> -pn peoplepicker-searchadforests -pv forest:<source forest>;domain:<trusted domain>,<trusted domain>\<account>,<password>

You can combine any number of forests and domains, but you need to specify at least one. You also need to include all forests and domains in one statement because every time you execute this command it will reset the current settings.

Applying Document Retention in SharePoint 2010

According to MSDN, “An information management policy is a set of rules that govern the availability and behavior of a certain type of important content.” Retention rules are considered a kind of information management policy. (Note: information management policies are only available for the SharePoint 2010 server product, and are not available in SharePoint Foundation 2010.) You can create retention policies in several ways:

You can create a retention policy definition within your site collection, then apply that policy to content types throughout the site.
You can create a retention policy that’s associated with a content type that’s defined in the root of the site collection.
You can create a retention policy that’s associated with a local content type that has been applied to a list or library.
You can create a retention policy directly on a list or library itself

More Infor: http://blogs.msdn.com/b/mvpawardprogram/archive/2011/10/03/applying-document-retention-in-sharepoint-2010.aspx

Friday, September 13, 2013

Sharing SharePoint 2010/ 2013 Service Applications across Farms

We can share/Publish-consume a Service Application across different farms like User Profile Service Application on Production can be shared to DEV, QA and UAT farms which will save duplication.

Below is the Technet Link and more steps how the Service Application can be shared across farms.

http://technet.microsoft.com/en-us/library/ff621100(v=office.14).aspx

1.Exchange trust certificates between the farms
http://technet.microsoft.com/en-us/library/ee704552(v=office.14).aspx
2.On the publishing farm, publish the service application.
3.On the consuming farm, set the permission to the appropriate service applications
4.On the consuming farm, connect to the remote service application
5.Add the shared service application to a Web application proxy group on the consuming farm

Thursday, September 12, 2013

Backup, Restore and Disaster Recovery

Gathering Requirements

* RTO - Recovery Time Objective
* RPO - Recovery Point Objective

Content Recovery
- Less Serious
- Recycle bin is the best friend
1) First stage made available to business users
2) Second stage available to site collection administrators
3) Recycle bin settings configures in web application
4) Users can recover deleted Items/ Documents/ Sites
- Third Party tools like Ave Point (or) Quest can get item level restore

Disaster Recovery
- Its a Big one
- If entire Data Center is down,
1) Data center synchronization via Log shipping is one method
2) Stand by farm in remote location and wit Log shipping you can easily recover simply by flipping the switch. (DNS Headers, IP's Info etc)
3) DB Mirroring is another method, basically it takes a mirror image of your environment and run simultaneously on your recovery farm.
High Availability
- Expect problem and plan for up time
- Doubling up the servers so that if one goes down we have other
- Most effective focus on SQL Server databases
1) Database Mirroring
2) Database Clustering
3) Transaction log shipping

Backing Up SharePoint Content
- Two Common Strategies
1) Backup site collection - SharePoint backups
i) Backup-SPSite/ Restore-SPSite
*** Can lead to performance issues with 1GB or more
ii) Export-SPWeb/ Import-SPWeb
iii) Export-SPList/ Import-SPList
Power Shell Script: Backup all the site collections to "C:\backups"
Get-SPWebApplication |Get-SPSite |
ForEach-Object{
$FilePath = "C:\Backups" + $_.Url.Replace("http://","").Replace("/","-") + ".bak"
Backup-SPSite -Identity $_Url -Path $FilePath
}
iv) Granular backup - Sitecollection/ Web/ List
2) Backup content databases - SQL backups
i) SQL Server backup/ restore tools are very mature
ii) Provides efficient means to recover content

DR: Server failure - Farm
- Decide what to back up
1) Content Databases
2) Configuration Database
3) Service Application databases
DR: Server failure - Server
- Files
1) Solution Packages
2) Webtemp.xml
3) Docicon.xml and file icons
4) SSL Certificates
5) Web.config
6) Configuration from IIS metabase
7) Registry Keys
- Folders
1) \15 hive
2) \14 hive
3) \inetpub
4) \install
In addition, system level files
%windir%\System32\inetsrv\appcmd.exe add backup "My Backup Name"
%windir%\System32\inetsrv\appcmd.exe restore backup "My Backup Name"
%windir%\System32\inetsrv\history

DR: Server failure - Farm Backup
SharePoint Supports Farm Level backup

Wednesday, September 11, 2013

SP2013 Migration Process

1) Create SharePoint 2013 Farm setup

2) Copy databases to New SQL Server

3 & 4) Upgrade content databases and service applications(if required)

i) Create a web applications in the new farm and use the same url and port numbers

5) Upgrade site collections independently

User Profile Application in SP2013

The user Profile Sync service must be run in the context of the farm account. That is still one of the requirements. You can't change it to use a different account

I am having problem to start “User Profile Synchronization Service”.

(1) I grant the farm admin account “Replicate Directory Changes” permission and add the account to the “Pre-Windows 2000 Compatible Access” group on the domain
(2) Create a User Profile Service application with the farm admin account.
(3) Start “User Profile Service”.
(4) Start “User Profile Synchronization Service”.

Because this is a single server farm, so I following the instruction on the set up page to restart IIS. However, the service just cannot started - “Starting” forever.
Both “FIMService” and “FIMSynchronizationService” are disabled. Both services are log on with the same farm admin account. I set them to “Auto (Delay)”. I tried to manually start them but get errors “Window could not start the Forefront Identity Manager Synchronization service on local computer” and “The Forefront Identity Manager Service stop automatically…”.

I have recreate the service application couple times and nothing is changed. I really appreciate if someone can help me out. Many thanks.