#trispug

SharePoint 2010:Tips & Tricks of the TradeAvoiding Administrator Blunders

Scott Hoag and Dan Usher

#trispug

who are we?

Infrastructure Consultant with Applied Information Sciences

Jack of All Trades, Master of Some, still a lowly developer

With over 8 years of experience, Scott has been utilizing Microsoft based content management solutions from MCMS 2002 to SharePoint 2010 today

Enjoys discussions about user adoption, search, and world peace

ScottHoag

ciphertxt

#trispug

who’s that other guy?

7 years of experience with SharePoint going back to adventures with STS 2001 and SPS 2003 to the present

Follows the SharePoint Credo - ADIDASAll Day I Dream About SharePoint

Enjoys discussions about Claims AuthZ, SmartCard AuthN, Atomic Molecular Optics & the Big Bang Theory

Enjoys whey protein biscuits

DanUsher

usher

#trispug

introductions

basic administrative blunders

#trispug

creating orphans IIS reset solves all qualms

or so we’d like to think… During backup of a site collection

The backup is now invalid During a restore of a site collection

The restore will have portions of the site collection and associated webs restored (maybe)

#trispug

permissions management Removing the SharePoint group that you

gave Full Control… Removing yourself from the SharePoint

group that has Full Control…

#trispug

I updated my Master Page Page Layout Style Sheet or a number of other assetsAnd no one can see my changes!

Publish and approvepublish

#trispug

the recycle bin The common misconceptions The (cold) truth

“Regardless of whether or not an item is sent to the users' Recycle Bin or to the Site Collection Recycle Bin, items are deleted automatically after the number of days that the server administrator specified in Central Administration.”

Manage the Recycle Bin of a site (Office.com)

#trispug

testing workflows as a deity Declarative Workflows set to start when

an item is created or changed will not execute when logged in as the System Account.

Pro Tip: Email-enabled lists will not auto start workflows either, unless…

stsadm –o setproperty –pn declarativeworkflowautostartonemailenabled –pv true

will fix thisdeclarativeworkflowautostartonemailenabled (Property Reference)

#trispug

deleting the wrong item I see a hidden Forms folder when using

Explorer View. I think I should delete some things in it!

#trispug

tune your analytics By default, you get 25 months(!!) of

analytics data Microsoft’s guidance for capacity planning

in regards to web analytics isn’t pretty.

Dataset Characteristics

Value

SharePoint components 30k

Unique users 117k

Unique queries 68k

Unique assets 500k

Reporting DB data size?200GB per day

Capacity requirements for the Web Analytics Shared Service in SharePoint Server 2010

73TB per year511TB for 7 years

#trispug

permissive file handling Users are being prompted to download

PDFs Enable permissive file handling for all files

in Web Application in Central Administration

Set specific mime types for a Web Application

> $webApp = Get-SPWebApplication("http://intranet.contoso.com")> $webApp.AllowedInlineDownloadMimeTypes.Add("application/pdf")> $webApp.Update()

server blunders

#trispug

running in circles You’re browsing your site from the server.

Or you’re trying to get search to work. Or you’re trying to get a web service to work. Or you just want anything to work….

HTTP 401.1 - Unauthorized: Logon Failed and you’ve got a FQDN on your site

KB896861 offers several options DisableLoopbackCheck or

BackConnectionHostNames

DisableLoopbackCheck & SharePoint: What every admin and developer should know

#trispug

pausing IIS Bring up your SharePoint Products

Configuration Wizard on the second screen

Checking IIS to see your web applications temporarily paused

#trispug

lost passphrases Passphrase is no longer known

Managed accounts and auto-password resets

Document your farm TechNet CodePlex

> $passphrase = ConvertTo-SecureString -asPlainText -Force> Set-SPPassPhrase -PassPhrase $passphrase -Confirm

#trispug

certificate revocation list

Slow (up to 60 seconds) execution of stsadm and Application Pool recycles Enable outbound internet access to

crl.microsoft.com HOSTS file redirect Set the State registry key for all users who

will run a shell or application pool

Edit the machine.config for each server in your farm

<psuedocode>if (!server.HasInternetConnectivity()) {

server.DisableCRLCheck();}

</psuedocode>

Certificate Revocation List Check and SharePoint 2010 without an Internet Connection

SOFTWARE\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

installing SharePoint

#trispug

not enough service accounts We only have a Farm account Managing passwords is hard

#trispug

primary service accountsAccount Purpose Requirements

SQL Server Runs SQL Server • Domain user account• No rights in SharePoint

Setup Account

Installs the bits and performs initial configuration

• Domain user account• Member of Local Admins

on each server in the farm

• securityadmin and dbcreator on SQL instance

Farm Account

Used for configuring and managing the farm and runs primary services (e.g. SPTimerV4)

• Domain account• Additional rights are

automatically granted as part of installation (both server and SQL)

#trispug

other service accountsAccount Purpose Requirements

MySites Application Pool

Worker process identity for MySites

• Domain user account• Managed account

Content Application Pool

Worker process identity for Content web applications

• Domain user account• Managed account

Services Application Pool

Worker process identity for Service Application Pools

• Domain account• Managed account

Search Service Process

Process identity for SharePoint Foundation (Help) search service and SharePoint Search service

• Domain account• Managed account

Search Service Default Content Access

Used to crawl content specified in content sources

• Domain account

User Profile Import Account

Account used to import (and optionally export) user data from an identity store

• Domain account• Replicate Directory Changes

in AD

#trispug

still more service accountsAccount Purpose Requirements

Object Cache Super User

Processes items in the object cache of a web application

• Domain user account• Managed account• Full Control User Policy on

target web application(s)

Object Cache Super Reader

Processes items in the object cache of a web application

• Domain user account• Managed account• Full Read User Policy on

target web application(s)

#trispug

running the farm configuration wizard Don’t do it. Really, don’t do it. Your GUIDs will thank

you!

#trispug

sandboxed solutions…“The sandboxed code execution request was refused because the Sandboxed Code Host Service was too busy to handle the request”

Your ports are blocked internally (TCP 32846) The UserCode Solutions service isn’t running GPO Policy

RPC Endpoint Mapper Client Authentication Restrictions for Unauthenticated RPC clients

Registry Key Exists

Value set incorrectlyHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC

HKEY_USERS\AccountSID\SOFTWARE\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\SoftwarePublishing

configuring SharePoint

#trispug

managing managed paths Don’t create managed paths for URIs that

already exist! Both sites exist, but only 1 is accessible

There are limits

trim your (audit) logs MOSS 2007 audit trimming does not occur

automatically

stsadm -o trimauditlog –date 20120502 –databasename SP2010_Content_TRISPUG

trim your (audit) logs SharePoint 2010 works a little better

questions?