Steve Chen about SharePoint mysteries and related

Today, I want to share some very nice feature with you ;-)
The end of the area that VPN's are the only way to connect to your corporate network!

Short Introduction:

When you are traveling a lot due to business reasons you might be one of the "lucky folks" that are blessed to have a "VPN access" to your company network,
jipeeehyeah … or more like  uuuahh….sh*t???

Well, if you are one of those relevant people that are more or less "assigned" to use a VPN connection, you may know about the annoying performance, having several things to consider on connecting like start a VPN client, usually installed by your system admin *grin*, enter some password (hopefully not forgot), having some extra stuff like a random number code or a smartcard, maybe an additional code and/or password etc. etc. and short before your connection establishes……  VPN client closes the dial-in process *pah!*

Ok, maybe your security settings are saying, you're not on latest AV-pattern, have not installed latest applied updates and so on or you just had a low bandwidth and a timeout?

No matter and no further worry about, I can tell you a new story about a feature called "Direct Access"!!!   Wow! that's amazing!

No connection manager software required anymore, no further dial-in software or other stuff, except at least a smartcard! 

*shame* - Ok, to be honest:   this feature is first introduced with the new operating systems Windows 7and Server 2008 R2.
What is "Direct Access" ? Just click the link and you'll get all Info about it!

In our case, surely we'll talk about how to access in a very neat manner the corporate SharePoint Portal in the intranet "without annoying VPN Stuff!"

It's possible with Forefront UAG (Unified Access Gateway)

I read shortly a blog post about "SharePoint Extranet with Forefront UAG" by  Renan Gutman, Microsoft Program Manager which I may share with you here and with kindly concession of Renan ;-)

<quotation>  1/29/2010

SharePoint Extranet with Forefront UAG     By Renan Gutman

SharePoint provides a host of features and functionalities for Collaboration, Portal, Search, Enterprise Content Management, Forms Driven Business Process, and Business Intelligence. Forefront Unified Access Gateway (UAG) allows your users to access all your SharePoint sites securely, from any location or device.

Forefront UAG provides the following capabilities to SharePoint extranets:

• Health-based endpoint authorization - Using granular policies in Forefront UAG, you can decide not only who accesses the SharePoint site, but also on the required condition of the client machine. For example, if your employees are working remotely from their home PCs, you'd definitely want to be sure that they have an updated antivirus program installed on their computer before they upload a document to the SharePoint site. With Forefront UAG, you can prevent a user from uploading until they remediate their machine.
  


• Information leakage prevention - When users open or edit a document from a SharePoint library via Forefront UAG, no information is left on the client computer; Forefront UAG deletes all cached files, temporary files, and cookies. Even if there's a sudden power outage, once the computer recovers Forefront UAG will take care of all the leftover data and erase it.
  


• Secure access to SharePoint sites from mobile devices - Authentication of mobile users using a dedicated interface for mobile devices.
  


• Strong authentication - Forefront UAG implements many authentication schemes, ranging from simple username and password forms to smartcard-only authentication, one-time passwords, and partner integration via Active Directory Federation Services (AD FS). The user authenticates once through Forefront UAG and from then on, Forefront UAG manages the single-sign-on, allowing the user to access all published sites without re-entering their credentials.
  


• Active Directory Federation Services (ADFS) support - Secure collaboration with partners and vendors.
  


• Web farm load balancing - Forefront UAG uses affinity to ensure that, after a user has been routed once to a particular SharePoint server, the user continues to be routed to that server. To keep this persistency, Forefront UAG supports both session affinity and IP affinity.
  

In addition, Forefront UAG DirectAccess provides remote users with the experience of a seamless connection to the internal network. When Forefront UAG DirectAccess is enabled, requests for internal network resources are directed securely, without the need to connect to a VPN.

You can read more about the Forefront UAG solution for SharePoint extranet here. To read more about Forefront UAG in general click here.

</quotation>

with kind regards,
yours Steve Chen, SharePoint Support Engineer, GTSC Germany

Special thanks again to Renan Gutman for the permission to publish this post ;-)

Hello all,

the latest news I would like to share for all IT-Pro's out there is the availability of a complete virtual machine (VHD) for Hyper-V we published!

This is a very handy setup for a quick overview on SharePoint 2010 and how it works. Not only for demonstration but also for testing and playing around with it in a full configured and filled with sample data environment to explore all the features, functions and options it has.

The VHD's are containing a full evaluating and demonstrating set of two VM's with the following configuration:

Overview

This download contains a two Virtual Machine set for evaluating and demonstrating Office 2010 and SharePoint 2010.

• Virtual machine “a” contains the following pre-configured software:
• 1. Windows Server 2008 SP2 Standard Edition x64, running as an Active Directory Domain Controller for the “CONTOSO.COM” domain with DNS and WINS
• 2. Microsoft SQL Server 2008 SP2 Enterprise Edition with Analysis, Notification, and Reporting Services
• 3. Microsoft Office Communication Server 2007 R2
• 4. Visual Studio 2010 Beta 2 Ultimate Edition
• 5. Microsoft SharePoint Server 2010 Enterprise Edition Beta 2
• 6. Microsoft Office Web Applications Beta 2
• 7. FAST Search for SharePoint 2010 Beta 2
• 8. Microsoft Project Server 2010 Beta 2
• 9. Microsoft Office 2010 Beta 2
• 10. Microsoft Office Communicator 2007 R2
  
  
• Virtual machine “b” contains the following pre-configured software:
• 1. Windows Server 2008 R2 Standard Evaluation Edition x64, joined to the “CONTOSO.COM” domain
• 2. Microsoft Exchange Server 2010 Active directory has been preconfigured over 200 “demo” users with metadata in an organizational structure.
  All of these user profiles have been imported and indexed for search within SharePoint Server 2010, with “contoso\administrator” granted administrator permissions.

SharePoint Server 2010 has been configured in a “Complete” farm using Kerberos authentication and the default SQL Server 2008 instance for data, and has a site collection created using the Team Site template at http://intranet.contoso.com/ and a FAST Search Center at http://intranet.contoso.com/search/.

• Performance Considerations
• 1. If possible, unpack and run the VM image on a separate, fast hard drive (7200 RPM or better) from the operating system of the host machine.
• 2. If this is being done on a laptop, a second internal drive or external eSATA drive works best, though USB 2.0 (make sure it's 2.0, 1.1 is too slow) or Firewire is acceptable. For absolute best performance use a second internal SSD drive.

Download the virtual machines:

You can download here the  2010 Information Worker Demonstration Virtual Machine (Beta)
System requirements and Instructions can be found on the page as well ;-)

The password for the VM is:    pass@word1

For manual setup and palying around with SPS 2010, please see also my other posts, listed here:  SharePoint 2010 Resource Guide

Happy SharePointing ;-)

Steve Chen, Sr. Support Engineer SharePoint

As already published in several blog postings all over the web since December 2009, still some customers are asking for the Microsoft Support Lifecycle of WIndows XP SP2 and Windows 2000.

To post again the information about this topic and to remind customers to plan upgrade/migration considerations from Windows XP and 2000 up to the newer editions like Windows Vista or Windows 7, here you may find all answers or resources for this important topic!

Upcoming end of support for Windows XP SP2 and Windows 2000

Coverage highlights:

• Microsoft has used blog postings and Twitter feeds over the past few days to remind users that support for Windows XP Service Pack 2 and Windows 2000 will expire in July 2010, perhaps encouraging users of those aging operating systems to upgrade to Windows 7 if they choose to stay with a Microsoft operating system. Microsoft has created an end-of-support solution center for Windows 2000, and posted materials online designed to help users migrate from Windows XP to Windows 7. --eWeek
  
• Windows 7 is, of course, the best choice for an upgrade, especially if the migration also implies a hardware upgrade, as is generally the case for corporate customers. Users that are intent on ridding XP for all it’s got can continue doing so, however, they too must also upgrade, at least to XP SP3. With the third service pack for XP customers will enjoy extended support from Microsoft until 2014.--SoftPedia
  
• Microsoft has issued a reminder this week that it will stop providing support for Windows 2000 and Windows XP Service Pack 2 on July 13, 2010… For Windows XP SP2, users are encouraged to move to Windows 7, Windows Vista, or simply Windows XP Service Pack 3, for which support will end two years after the next service pack (likely not happening) or at the end of the product's supported lifecycle, whichever comes first. --ARS Technica
  
• … the clock is ticking for Windows 2000 (server and client) and Windows XP Service Pack 2. Extended support for those products will end on July 13, 2010…Users of XP SP2 have the option to upgrade to SP3. Extended support for XP SP3 will end on April 8, 2014, according to Microsoft's XP lifecycle page.—Redmond Magazine
  
• For a more strategic approach to OS and application migrations, Microsoft provides a guide called "Choosing a Deployment Strategy."
  If all else fails, there’s Microsoft Services, which offers consulting services to enterprises. Microsoft or its partners provide the support, which includes desktop planning, application compatibility testing, desktop imaging and desktop deployment. .—Redmond Magazine

Microsoft Support Lifecycle Policy

The Microsoft Support Lifecycle policy took effect in October 2002, and applies to most products currently available through retail purchase or volume licensing and most future release products. Through the policy, Microsoft will offer a minimum of:

• 10 years of support (5 years Mainstream Support and 5 years Extended Support) at the supported service pack level for Business and Developer products
• 5 years Mainstream Support at the supported service pack level for Consumer/Hardware/Multimedia products
• 3 years of Mainstream Support for products that are annually released (for example, Money, Encarta, Picture It!, and Streets & Trips)

Phases of the Support Lifecycle

Additional links and resources:

• Microsoft Support Lifecycle
• Microsoft Support Lifecycle BLOG
• Microsoft Support Lifecycle Policy

Bug in extended support:

If you are facing a bug while your product is in extended support phase, please note that typically perspective is that a product in extended support has most bugs fixed or known bugs are documented and published on web, TechNet, kb Article or MSDN and many Blog posts of the community. Therefore Non-security hot fixes and bugs handling is fee based in extended support phase.

So my personal tip for you: upgrade as fast as possible to either Windows 7 client OS or Server 2008 OS for  no worries about lifecycle support  ;-)
 

greetings,
Steve Chen, SharePoint Support Engineeer

There is a new announcement for the February 18th 2010 Development - Bits from the edge in a virtual conference!

The SharePoint 2010 Development offers a virtual online conference with everything that an in-person, peer-to-peer-to-expert event offers
(vConference is provided by the "SharePoint Pro" and Keynote sponsors as Microsoft and many more.)

-- without the travel, without the cost, and without the time away from your desk!

CONFERENCE DATE:  February 18th 2010 – 9:00 am – 5:30 pm GMT  

You'll be able to join experts Thomas Rizzo, Steve Fox, Andrew Connell, and others for a series of free technical sessions for developers that will help you get the most value from SharePoint.

The conference's virtual expo hall will also allow you to meet premier SharePoint technology vendors as they demonstrate, showcase, and exhibit their best-of-breed SharePoint products and services.

Greets and have fun,
Steve Chen, SharePoint Support

Besides my running SharePoint 2010 Resource Guide series, today I want to post here some very important information around this topic!

I recently noticed several requests on “Upgrades and Supportability from public Beta 2010 to RTM”.
Therefore I may share this Information again and post it here for all of you facing the same question in mind!

-quotation-

FAQ: Supportability of SharePoint 2010 Beta to RTM Upgrade

In November 2009, we released SharePoint 2010 Public Beta to the download center. So far many customers and partners have already downloaded and evaluated the new features of SharePoint 2010. We also made it clear that the upgrade from SharePoint 2010 Beta to RTM is not supported for the public. A limited set of customers who have a “go live” license will be supported by both the Product Group and CSS through upgrade in addition to internally MSIT hosted SharePoint properties. The product group is already connected and working with all of these customers and new customers will not be added to this list.

Q:  Why upgrade is blocked for SharePoint 2010 Beta to RTM?
A:  Information collected during Office SharePoint Server 2007 upgrade indicated residual objects and data that persisted from previous pre-release versions of the product and as such would over time result in problems surfacing in those environments ....as mentioned previously, a supported path is limited to a specific subset of customers ...  Cleanup required is unique to various circumstances in the environment and there will not be steps published to enable you to do this on your own.

Q:  Will content database attach work to work around the upgrade blocker?
A:  Database-attach upgrade or in-place upgrade cannot be used to bypass the block put in place to prevent the upgrade from pre-release to RTM versions of the product.

Q:  What is a "Go-Live" license? Can my customer get it?
A: A “go-live” license represents an agreement signed between Microsoft and the customer surrounding pre-release to RTM upgrade of Microsoft SharePoint Server 2010 and as a result both the Product Group and CSS are committed to assisting the customer throughout the upgrade process.  New customers will not be included at this point and time.

Q:  Will there be a new Beta/RC released to the public?
A:  No.

I thought it is important to share this with you! So if you are testing on the public beta bits and thinking of upgrading your content to RTM, bear in mind that this is not supported and you need to completely uninstall your entire SharePoint farm to ensure that no evaluation bits remainign on the system prior to reinstalling RTM!

The current timeline of RTM is planned for publishing approximately around april 2010. I'll post the release date soon as it'll be fixed!

Steve Chen, Sr. Support Engineer, SharePoint

Ok, all in one, these are the order of steps to be done when you want to install and start successfully the Public beta of SharePoint 2010!

1. Read "Determine Hardware and Software requirements"
2. Check the preliminary requirements for software and patches as described here: SPS 2010 Setup Requirements
3. Prepare your Server 2008 accordingly with all patches and service packs as needed
   
          If you want to run all on one machine, you should have at least 8GB of RAM. 
          (I have prepared my setup with two machines, one for SharePoint with all roles and services, 4GB RAM, two cores and aother one with seperate SQL 2008, 4GB RAM, two cores)
   
   
4. Prepare your AD:
   - create an account for the services, i.e.  domain\sps_svc
   - Open Active directory "users and Computers"
   - right click "Domain" and select "Delegate Control"
   - Click "Next", "Add"
   - type in the object name, i.e. domain\sps_svc
   - Click "Ok" and "Next"
   - Check the "Replicating directory changes" box
   - Click "Next" and "Finish"
   Create additional accounts as needed like Application Pool account, Search service account, farm administrator account etc.
   It is not recommended to use the farm admin account as well for the service applications or the application pool identity!
   
   
5. Ensure that you have all patches and fixes installed as described in SPS 2010 Setup Requirements
   
6. Setup the farm with "Complete farm installation". A standalone setup is only recommended for test- and Dev purposes like running it on Worksation (Win 7/Vista)
   You should now see the config wizard similar to the MOSS 2007 Setup. Just follow it, enter the product key and all other stuff when prompted, connect to SQL server etc.
   same like in MOSS 2007.
   
7. Once, the wizard finished, the new "Central Admin page" should start and you'll be prompted for participating in CEIP (Customer experience Improvement Program)
    
   
8. Now the Central Admin page shows up with this screen and for first use and test purposes you should choose the “Walk me through the settings using this Wizard”
   
   
9. You will be asked to specify a new managed account, or use the current one. Default options here will configure all Service Applications except Lotus Notes.
   Click Next to start the farm config wizard
   
10. On this screen you have to type in either an existing account as prepared on step 4 above or create a new one. All services will be configured with this account!
     
    This will take some time, so here you could go for a coffee ;-)
    
    
11. Once complete, you'll be prompted to create a new site collection. The farm wizard already created a default web application on port 80.
    
    
12. After all finishing with no errors, you should get that screen:
    
     
13. Click finish and your farm has been done for the moment. You should have a ready central admin page and a web app and site on port 80  ;-)
     
    
      

Cheats and Tricks:

A.)  If you are using SharePoint on a DC, the following Windows PowerShell command would need to be run to enable Sandboxed Solutions:

   1: $acl = Get-Acl HKLM:\System\CurrentControlSet\Control\ComputerName 

   2: $person = [System.Security.Principal.NTAccount]"Users" 

   3: $access = [System.Security.AccessControl.RegistryRights]::FullControl 

   4: $inheritance = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit" 

   5: $propagation = [System.Security.AccessControl.PropagationFlags]::None 

   6: $type = [System.Security.AccessControl.AccessControlType]::Allow 

   7: $rule = New-Object System.Security.AccessControl.RegistryAccessRule($person, $access, $inheritance, $propagation, $type) 

   8: $acl.AddAccessRule($rule) 

   9: Set-Acl HKLM:\System\CurrentControlSet\Control\ComputerName $acl 

----------------------------------------------------

B.)  If you are trying to use Office Web Applications on DC 

Note:
Office Web Application need to be installed seperately  and needs to follow the same edit of config.xml as to be installed on client OS.

Then the following commands has to run to get the services working. Please note that in different languages, Service Application names could be localized. You can find them out by Get-SPServiceApplications and then change the names in the script as necessary.

$e = Get-SPServiceApplication | where {$_.TypeName.Equals("Word Viewing Service Application")} 

$e.WordServerIsSandboxed = $false 

$e.WordServerIsSandboxed

#(Please use the below script for PowerPointServiceApplication - You need to enter "Y" for the answer of each cmd)

Get-SPPowerPointServiceApplication | Set-SPPowerPointServiceApplication -EnableSandboxedViewing $false

Get-SPPowerPointServiceApplication | Set-SPPowerPointServiceApplication -EnableSandboxedEditing $false

On server, go to  c:\windows\system32\inetsrv\config\applicationHost.config
Add the line at the end of the dynamicTypes:   <add mimeType="application/zip" enabled="false" />

Do an IISRESET and it should work now.

----------------------------------------------------

C.)  Enable Developer Dashboard to turn on OnDemand troubleshooting, you can do this via STSADM or PowerShell:

1. STSADM: stsadm -o setproperty -pn developer-dashboard -pv OnDemand

2. Windows PowerShell:

$svc=[Microsoft.SharePoint.Administration.SPWebService]::ContentService 

$ddsetting=$svc.DeveloperDashboardSettings 

$ddsetting.DisplayLevel=[Microsoft.SharePoint.Administration.SPDeveloperDashboardLevel]::OnDemand 

$ddsetting.Update()

----------------------------------------------------

For further information and known issues, please review the site "Microsoft Office Servers Beta 2 Known Issues/ReadMe"

More on this series of 2010 Guides you'll find here with a complete list of the related posts on SharePoint 2010 Resource Guide topics.

Have fun and happy SharePointing ;-)

Steve Chen,
Sr. Support Engineer, SharePoint

As described in my post on SharePoint 2010 – Setup requirements, while PSConfig Wizard is running, additional software components are required.
For environments where Servers are not connected to internet for security reasons this makes it a bit difficult but I’ll provide the links for download them manually to install.

NOTE!

This post applies to the current public Beta version! When its RTM it will be available from the setup splash screen on point
when you click "Learn more about these prerequisites" in the pre-req installer tool.  I'll update this article when its applicable.

SharePoint Server

The following is needed for installation on Windows 2008 R2 and Windows Server 2008.

• KB 971831 Description (This KB only applies to Windows Server 2008 and Vista)  Download Link
• KB 976462 (WCF Fix article for Windows 2008 R2 and Windows 7)
• Microsoft SQL Server 2008 Native Client
• Microsoft "Geneva" Framework Runtime
• Microsoft Sync Framework Runtime v1.0 (x64)
• Microsoft Chart Controls for Microsoft .NET Framework 3.5
• Microsoft SQL Server 2008 Analysis Services ADOMD.NET
• Filter Pack 2.0 -> should be already included in installation files.

On Windows Server 2008, additional files are needed:

• .Net Framework 3.5 SP1
• Full package
• KB 959209 ;  KB 967190  (updates for the .NET Framework 3.5 Service Pack 1)
• PowerShell V2 RTM, KB 968930 (It's better to use RTM than CTP3 due to some issues on older Builds)

SQL Server 2005 Patches:

• SQL Server 2005 SP3
• CU3 for SQL Server 2005 SP3

SQL Server 2008 Patches:

• SQL Server 2008 SP1
• Cumulative update package 2 for SQL Server 2008 SP1

Hopefully this makes it easier for you ;-)

For more on this series, please see the complete list of related posts on SharePoint 2010 Resource Guide 

Steve Chen
Sr. Support Engineer, SharePoint

Preliminary soft- and hardware requirements and prerequisites for SharePoint 2010 beta installation.

Preliminary Requirements:

• SPS 2010 supports only 64-bit platforms
• Windows Server 2008 SP2 and KB 971831 or
  Windows Server 2008 R2 and KB 976462
• SQL Server 2005 x64 SP3 + CU3 or
  SQL Server 2008 x64 SP1 + CU2
• IE 7/8 or Firefox 3.x (windows systems)
• Exchange 2007 SP2 or Exchange 2010 RTM

Server 2008 Note!

You must download the above mentioned updates for Windows Server 2008/2008 R2 before you run SPS2010 Setup!
If you don't have this fix installed, you will get "Unrecognized attribute 'allowInsecureTransport'" error in ULS log and most of the service applications will not run properly.
Please note that the 2008 fix also applies to Vista, while the 2008 R2 fix also applies to Windows 7.

Web Server Editions are not supported. Windows Server Fundation edition is not supported either.
You can also install SharePoint 2010 on Windows 7 and Vista, however additional steps would be required as pre-requisite installer does not work currently on client OS.
Windows 7 N and KN would not work due to an installer bug.
Please also note Office Web Application needs to follow the same edit of config.xml to be installed on client OS.

Software prerequisites:

• Web- and application server role
• .Net framework 3.5 SP1
• Several other software will be downloaded/Installed while setup when running Pre-Requisition Installer.
  An internet connection is required for this.
  If not possible, you can download the additional components also from “SharePoint 2010 Pre-Install Download Links”

SQL Note!
When you use a separate SQL Server on a Server 2008 operating system, please bear in mind that you may add a rule to the advanced firewall and allow minimum port 1433 for remote access. Otherwise the Configuration wizard is not able to finish the setup due to failed creation of the config database.
For SQL Server on Windows 2008/R2, you can use the script in KB 968872 to open all necessary ports.

Additional information:

Read the article  "Determine Hardware and Software requirements":   http://technet.microsoft.com/en-us/library/cc262485(office.14).aspx 

Now you are ready to start the SharePoint 2010 Beta Setup. For configuration, please see my other posts on SharePoint 2010 Resource Guide

Have fun and enjoy it,  Steve Chen 

from the early experiences with the SharePoint 2010 beta, I’ll post here a list of articles, links and resources all around SPS 2010 from the beginning ;-)

Previous postings related:

Now its official! SharePoint 2010 and the new features!

SharePoint 2010 Beta Announcement

Since mid December 2009, the official update packages for WSs/MOSS are published as usual.

The full server packages are available here:

The October cumulative Update packages (former known as “Uber package”, now called “Full Server” package) are now available.

Download and installation instruction:

• Install SP2 for WSS and MOSS and also the Service Packs for the Language Packs as applicable or not done so far.
• Install the full server package for KB 977027- WSS v3 (Dec. CU 2009)
• Install the full server package for KB 977026 - MOSS (Dec. CU 2009)

Important notes about the cumulative update package

• The hotfixes are now multilingual. Therefore, there is only one cumulative hotfix package for all languages.
• One cumulative hotfix package includes all the server component packages. The cumulative update package updates only those components that are installed on the system.
• The cumulative packages are based on the last Service pack prior published.
  It is not recommended to install the packages on an earlier Service pack as the latest provided.

Note!

It is always recommended to test first the updates in a test environment before applying it to productive systems! Otherwise ensure that you have a full, valid backup of your farm/servers!  (Please check also the Official SharePoint Team blog for more info’s)

Additional Information on support lifecycle:

Support for SharePoint Server 2007 RTM (Service Pack 0) ended on January 13^th of this year. Support to customers submitting issues that have not upgraded to Service Pack 1 or Service Pack 2 are not provided anymore. Support services to help these customers upgrade to the latest service pack and then reevaluate their issue at this point is still provided.  More information regarding service packs you’ll find on Microsoft’s Support Lifecycle policy. Information on the end of support for SharePoint Server 2007 RTM/SP0 can be found here. 

Please let me know if you have any further questions.

Additional Information:

Please see also for a complete history of all published updates and service packs since RTM my “Cube Sheet with the Build numbers for MOSS and WSSv3”

We recently noticed that there might be an issue with Office 2003 and RMS. this issue is fixed in-between and here are the information:

Symptom:

Starting on December 11, 2009, customers using Office 2003 will not be able to open Office 2003 documents protected with the Rights Management Services (RMS) or Active Directory Rights Management Service (AD RMS). Customers will also not be able to save Office 2003 documents protected with RMS/AD RMS.

The following error message may be displayed when attempting to open RMS-protected/ AD RMS-protected documents using Office 2003:

"Unexpected error occurred. Please try again later or contact your system administrator"

Scope:

This symptom affects Office 2003 products used in conjunction with RMS and AD RMS, including Word 2003, Excel 2003, PowerPoint 2003, Outlook 2003, Excel Viewer and Word Viewer. It does not affect Office 2007. 

Solution:

A supported hotfix is now available from Microsoft. Note: the hotfix is intended to correct only the problem described above. Apply the hotfix only to systems that are experiencing this specific problem. Please review the following KB Articles for more information on affected products, hotfix prerequisites, restart requirements, workarounds, hotfix supersedence, registry information and file information:

· KB798551: Description of the Office 2003 documents protected with AD RMS/RMS Hotfix package: December 11, 2009

· KB978557: Description of the Excel Viewer documents protected with AD RMS/RMS Hotfix package: December 11, 2009

· KB978558: Description of the Word Viewer documents protected with AD RMS/RMS Hotfix package: December 11, 2009

More Information: The Office product group will provide updated information as it becomes available at the Web sites below.

Resources Related to This Alert

· RMS Team Blog: http://blogs.technet.com/rmssupp/

· Office Team Blog: http://blogs.technet.com/office_sustained_engineering/

Steve Chen from daily business @ SharePoint Support

Problem description:

You are using load balanced ISA Server 2006 to publish an internal MOSS portal and here you are also using the password change feature on ISA Server to allow the users to change their password on the form.

When a user browses from internet to your Site like https://portal.company.com via ISA Server 2006 – SP1
your users will receive Error messages that the password is expired even though the password is not expired.
A try to renew the password fails also.

You found while troubleshooting that the issue only occurs when a specific DC is online, regardless which ISA node is used.

CAUSE:

This happens since ISA Server is receiving an invalid response from the problematic DC.
This is a known issue for Windows Server 2003 DC's if the password change policy is set to Maximum password age (days): 0

RESOLUTION:

Currently we can only work around this issue since we won’t get a fix for this issue for Windows Server 2003.

Solution #1 - upgrade your DC's to Windows Server 2008 or later

Solution #2 - disable the notification for the users on the ISA Server Web Listener for the password change notifications.

Steve Chen from daily business @ SharePoint Support

;-)

Today I’ll post another nice issue that may appear in your farm ;-)

Description:

You try to move the encryption-key server role to the index server as suggested in out article  http://technet.microsoft.com/en-us/library/cc262305.aspx 

"The encryption-key server should be an application server computer, such as the index server"

The same article described the scenario "how to move the role to a different server":

[…] Move the encryption-key server role to a different server computer 

1. Back up the encryption key
2. Disable the Single Sign-On service on all computers in - the farm
3. Log on to the new encryption-key server
4. Start the Single Sign-On service
5. Configure SSO farm-level settings in the Central Administration site. Specify the existing SSO database
6. Restore the encryption key
7. Start the Single Sign-On service on all Web server computers in the server farm.  […]

Result:

You may be still not able to configure the encryption-key server on the index server. In the central administration only the old server is displayed and configurable and the move of SSO encryption service failed.

Cause:

The encryption-key server can only be configured on a WFE running the Central Administration. 

Resolution:

  1. Back up the encryption key
  2. Disable the Single Sign-On service on all computers in the farm
  3. Log on to the new encryption-key server (the Index server in this case)
  4. run PSConfig and configure the Index Server to host the Central Admin
  6. Start the Single Sign-On service
  7. Browse to http://indexserver:XXXXX (to access the central Admin on this server)
  8. Configure SSO farm-level settings. Specify the existing SSO database
  9. Restore the encryption key
10. Start the Single Sign-On service on all Web server computers in the server farm

Now you should be fine ;-)

Steve Chen  from a daily business in SharePoint Support…

This will be the first post about “troubleshooting MOSS/WSS” on a series, defined by topics and Issues. Once I have created several posts of this kind, I’ll push up a main page with a repository of single links to each topic and its content.

ALERTS in SharePoint

I think one of the most reported and popular issues within SharePoint Server 2007 / WSS

(and have been also before on SPS 2003) is:  the “Alert problem”.

Well, when we’re talking about “alerts” it usually means the “Notification email” that is sent to a user.

i.e. this is mostly set on a document library where users configuring their “Alerts” for getting notified on certain actions like changes on documents, new added, deleted, modified etc. This can be set to an “immediate alert” which sends out immediately emails due to the configured actions that happened and/ or

The typical issue is this one:

You create an alert on a document library. You get the notification that the alert has been created.

But you don’t get any alerts sub sequentially 

So what I‘ll try to tell you today is a little “toolbox“ you can use on troubleshooting your environment while investigating problems with your alerts.

First of all, we should split of some wording when we’re talking about “Alerts”:
- the initial email, sent to you with notification that you have set and/or created an alert
- the following emails (subsequently) sent to you, when you have configured to be notified on any changes to a document, Item, List entry a.s.o.
- the search based alerts …
- the workflow initiated email alerts for i.e. assigning you a task.

As you see, we may handle several different kinds of “Alerts” and also why or if they sent or not.
Therefore it is often quiet difficult to troubleshoot the cause of those issues as they may vary each time.

From my daily business I often have very tricky cases and issues. But sometimes and despite the Internet,
some “simple resolutions” also may work based on native settings or better let’s say: 
”why can’t we see the forest about all those trees in front of it?”

– sounds simple, doesn’t it?  But I can hear also some “uuuhh yeahhh oooahhh” but what’s the joke?”

Let’s check some examples where the cause and resolution were quiet simple but not noticed on the first research:

Issue 1:  “Some email alerts are sent but some others are not…”

Problem:

We had users registered for alerts. The “initial email” was sent to the user, notifying him that he just created an alert.

Now another user changed the document/item you marked for an alert but you don’t  get it!

Resolution:

The resolution was as simple as seeing the “forest behind the tress” ;-) 
When you have typically a load balanced environment and also using an exchange server for all email traffic,
you should have a look also into the “mail relay settings of the SMTP Server”

Cause:

The IP addresses that were configured to allow relay did not include the IP address for one of the front end servers.

Adding that IP address resolved the problem.

Issue 2:  “All users are getting alerts but only one user not”

Problem:

- In this case, just to keep it short, it was Outlook causing it and moved all email alerts into the “junk mail folder” of the affected user
Simple, isn’t it?

Ok, but this is “fortunately” not the usual case and should be only to show up how troubleshooting sometimes can be so easy
when you’re able to “see the forest BEHIND the trees”.

Coming back to some more difficult and more interesting causes of almost similar problems:  Alerts are not working…

1. Migration Issue:

One common issue regarding suddenly not working email alerts can occur after migrations and/or detach/re-attach databases to a different web application.
For this you may find a little sample code chunk here, which should you help to fix such an issue:
E-mail notifications for alerts are not sent when content in a migrated list or in a migrated document library changes after you perform a database migration to upgrade to Windows SharePoint Services 3.0 (KB 936759)

Additionally you can also try to fix it by using the new "stsadm -o updatealert" command and the SharePoint Administration Toolkit v4  (x64 version) ; (x86 version).

The cause here is  that the issue occurs if the URL of the Windows SharePoint Services 2.0 server differs from the URL of the Windows SharePoint 3.0 server. For example, this issue occurs if the URL of the Windows SharePoint Services 3.0 server is http://ServerNameVersion3, and the URL of the Windows SharePoint Services 2.0 server is http://ServerNameVersion2.

2. setproperty- Issue:

Another cause also mostly occurring after migrations is the missing or not correct set property value for the alerts at all or in particular on your site-url.

To check those properties you just open a command box, navigating to the 12-hive BIN folder (by default:  C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\…) and run STSADM command line tool

Once on 12-hive, type in the following commands to check all related property settings:

stsadm –o getproperty –url http://YourURL –pn alerts-enabled         
-the expected result should be  <Property Exists=”Yes” />

stsadm –o getproperty –pn http://YourURL –pn job-immediate-alerts      
-the expected result should be  <Property Exists=”Yes” Value=”every 5 minutes between 0 and 59” />  
 where the Value type may vary.

When  the properties are not set correct or even set but due to migrations, database restore or detach/re-attaching it, the alerts may stop working for no obvious reason.

Resolution:

Run the stsadm commands to “set” the properties correct or just to trigger SharePoint once more to processing it.

stsadm –o setproperty –url http://YourURL –pn alerts-enabled –pv True

stsadm –o setproperty –url http://YourURL –pn job-immediate-alerts –pv “Every 5 minutes between 0 and 59" 

You can specify for the property “job-immediate-alerts” one of the following values:
•"Every 5 minutes between 0 and 59"
•"Hourly between 0 and 59"
•"Daily at 15:00:00"
•"Weekly between Fri 22:00:00 and Sun 06:00:00"

Please see here for options and syntax of the commands:

Alerts-enabled: Stsadm property (Office SharePoint Server)
Job-immediate-alerts: Stsadm property (Office SharePoint Server)

3. Scheduled Alert Issue:

Another finally very simple cause is that SharePoint for some reasons sometimes needs to be “reminded” on what’s its job on alerts ;-)

latest I had the case with problems on not sent “scheduled alerts”. The initial alerts as well as the immediate alerts were sent properly but no scheduled alert (which is a summary of certain changes, notified daily, weekly etc.) received the user.

After extensive troubleshooting and research we finally just ran again a stsadm command to re-register the alert template on the server and “oh wonder”,
suddenly the alerts worked again.

Resolution:

Run stsadm -o updatealerttemplates -url http://YourURL -f C:\Alerttemplates.xml –lcid 1033

First Troubleshooting steps:

- Check your Outgoing Email settings on SharePoint / SMTP Settings on WFE/IIS and/or Mail relay permissions and restirictions

- Check if email notficiatiosn and alerts are fired only partly (immediate but not scheduled), if the initial email at all is delivered and exclude any Outlook client problem  (junkfilter, blocklists, etc.)

- In SharePoint on Central Admin page, you’ll see under “Operations” the Timer job Definitions and status. First of all, check if the timer jobs finished successfully at all.

- Check the alert properties via stsadm, if they’re set properly

- Re-register the alerttemplate again

- Check if the issue only occurs on a particular site collection, web application
  (to test,this, just create a brand new Web app, Sitecollection and leave all on default. Create alerts as applicable and check for delivering)

• If the alerts are fired on a new web app/Sitecollection, then consider the effort to just export from faulty site and import to working site your content
  
• If the alerts are not fired at all, use Network Monitor, Process Monitor traces, to see if any email at all arrives your mail relay/Exchange server or not
  
• If the alerts are not working only on certain libraries or sub sites or even just randomly, check for custom event handler or other parts that you may implemented or changed to performing email alerts

Additional Links and resources:

Alerts in Windows SharePoint Services

SharePoint Alert Manager

Another very good blog from my colleague Victor Butuza describes the topic "Search based Alerts"
with some further hints and tips on troubleshooting alerts to be fired on search results!

Some Technical details on Alerts:

Once you have done all the previous investigations and tests but still no glue or idea what may causing your alerts issue, you can dig a bit deeper into the SharePoint Mysteries:

Alerts are processed by the OWSTimer job. In central admin you may see just the “Immediate alerts” job, but this one processes both, the immediate and the scheduled alerts at intervals of every 5 minutes by default.

To follow the trace of an alert process you can look into the content database tables on your SQL server.

The interesting tables here to review are as follows:

ImmedSubscriptions      (records the immediate alerts settings)

SchedSubscriptions      (records the scheduled alerts settings)

EventCache                    (records all events in SharePoint, so either the alert changes)

EventLog                         (This table contains events for which only non-immediate alerts exist)

EventSubsMatches        (records the timestamp when a scheduled alert has to be processed by the timerjob)

TimerLock                       (records the server that processes the timerjobs)

First of all go to Central Admin page and screw up your Diagnostic (ULS) logging to “verbose - All Errors”.

Start repro your issue by creating an alert (immediate and/or scheduled) and note the timestamp you started as well as the timestamp you configured the scheduled alert to be fired.

Perform some actions like changes, deletions, uploads etc. and note the timestamp of changes and wait about 5-10 minutes

Check if you received the alert notifications (Initial email, immediate alert email)

Check on SQL Server if you can find your alert by using these queries:

select * from [Content_DB].[dbo].[ImmedScubscriptions] where [UserEmail] = ‘User.email@domain.com’

select * from [Content_DB].[dbo].[SchedScubscriptions] where [UserEmail] = ‘User.email@domain.com’

select * from [Content_DB].[dbo].[EventCache] order by [TimeLastModified]

select * from [Content_DB].[dbo].[EventSubsMatches]

• Can you find your alerts in “ImmedScubscriptions / SchedScubscriptions” table?
• Do you have a related record in EventCache due to the Timestamp (TimeLastModified) you noted from your repro?
• Do you see the record for scheduled alert in the EventSubsMatches table

Check now your ULS logs (by default located at (C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\logs)  for entries like that:

[…] …Begin invoke timer job Immediate Alerts, id … […]

[…] …AlertsJob loaded 9 of 9 event data records…  […]

[…] …AlertsJob loaded 5 of 5 subscription records…  […]

[…] …Alertsjob results for immediate delivery: 9 prematches, 9 passed filtering, 5 of 9 passed security trimming, 0…  […]

[…] …Alertsjob results for scheduled delivery: 0 prematches, …  […]

[…] …AlertsJob processed 0 daily notifications …  […]

[…] …AlertsJob processed 0 weekly notifications …  […]

[…] … …  […]

• Can you see any records indicating that your alerts are processed at all?

Check your Event log for suspicious errors related to the timeframe and probably containing phrases like “exception,  HResult errors, etc.”.

Check if you are on an almost actual patch level as probably the cause of your issue already has been fixed in one of the last updates?

So if all those steps are don’t get you closer to the cause you are at least much more better prepared for the next step on calling Microsoft Support for assistance.
With all these troubleshooting steps done before you can provide all these actions to the support engineer and this may speed up the resolution as the Support Guys then can go directly and already narrowed down to a particular area with very deep troubleshooting steps for you!

So hopefully this post could help you somehow. I’ll be on updating this post whenever some new or deeper insights can be published to get this topic a bit more structured in depth and usage.

Stay tuned ;-)

Steve Chen from daily business and the SharePoint Mysteries…

Beta announcement:

As previously posted on "Now it's Official" I’ll proudly present the official news of the day:

Today, Microsoft is releasing the public beta of

• Office 2010, SharePoint Server 2010, Visio 2010, Project 2010 and Office Web Apps for business customers.
  Millions of people can download the beta at the following links:

SharePoint Foundation 2010 (Windows SharePoint Services 2010 Beta)

Microsoft SharePoint Server Enterprise 2010 Beta

Microsoft SharePoint 2010 Products (Beta) Management Pack

Microsoft SharePoint Foundation 2010 (Beta) Management Pack

Microsoft FAST Search Server 2010 for SharePoint Beta

Microsoft SharePoint Server for Internet Sites Enterprise 2010 Beta

Microsoft SharePoint Designer 2010 Beta (64-bit)

Microsoft SharePoint Designer 2010 Beta (32-bit)

Note!  The public beta will be shown as Build  14.0.4536.1000

• Office Mobile 2010 has also reached the public beta milestone and is now available on
  the Windows Mobile Marketplace  for Windows Mobile 6.5 phones.
  
• As part of the beta Microsoft is unveiling several new capabilities, including:
  
  • The Outlook Social Connector, a new feature which brings communications history, business and social networking feeds into the Outlook experience.
    
    • At beta The Outlook Social Connector will support SharePoint social networking and support Windows Live at launch.
    • Microsoft is also announcing that Linked-in and Facebook will be the among the first third-party social networking sites that  have providers for the Outlook Social Connector.
    • Microsoft also released the Outlook Social Connector SDK for developers to build connectors to third-party social networks.
  • Technology and design advancements, including deeper integration between Office 2010 and Office Web applications, improved navigation, visual design and icon updates, a new Office logo and increased performance and stability.
• As a result of the continued partnership with SAP, Microsoft also announced intend to deliver Duet Enterprise for Microsoft SharePoint and SAP, which will expand the long standing solutions that blend the worlds of process and collaboration. The solution is planned to be released in the H2 2010

Find more Links and resources on my previous post about “2010 and the new features”

Installation notice for the SharePoint Server Public Beta
on Microsoft Windows Server 2008 R2 and Microsoft Windows 7

If you will be installing the SharePoint Server 2010 Public Beta on Microsoft Windows Server 2008 R2 or Microsoft Windows 7, then you will need to download and install an update from http://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?DownloadID=23806  to resolve an issue that occurs in Microsoft SharePoint Server 2010 when provisioning Service Applications or when accessing pages that make service calls. 

Without the hotfix, these operations will result in an error

"System.Configuration.ConfigurationErrorsException: Unrecognized attribute 'allowInsecureTransport'.

Note!

Attribute names are case-sensitive!
(C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebClients\<Service Area>\client.config line <Line Number>)". 

If you have already installed Microsoft SharePoint Server 2010 on a server running Microsoft Windows Server 2008 R2 or Microsoft Windows 7, Microsoft SharePoint Server 2010 does not need to be reinstalled when the update becomes available; however, Service Applications that have been successfully provisioned without the update installed may need to be removed and re-provisioned once the update has been successfully applied.

have fun with the new “Wave 14” ;-)  Steve Chen