#trispug
SharePoint 2010:Tips & Tricks of the TradeAvoiding Administrator Blunders
Scott Hoag and Dan Usher
#trispug
who are we?
Infrastructure Consultant with Applied Information Sciences
Jack of All Trades, Master of Some, still a lowly developer
With over 8 years of experience, Scott has been utilizing Microsoft based content management solutions from MCMS 2002 to SharePoint 2010 today
Enjoys discussions about user adoption, search, and world peace
ScottHoag
ciphertxt
#trispug
who’s that other guy?
7 years of experience with SharePoint going back to adventures with STS 2001 and SPS 2003 to the present
Follows the SharePoint Credo - ADIDASAll Day I Dream About SharePoint
Enjoys discussions about Claims AuthZ, SmartCard AuthN, Atomic Molecular Optics & the Big Bang Theory
Enjoys whey protein biscuits
DanUsher
usher
#trispug
introductions
basic administrative blunders
#trispug
creating orphans IIS reset solves all qualms
or so we’d like to think… During backup of a site collection
The backup is now invalid During a restore of a site collection
The restore will have portions of the site collection and associated webs restored (maybe)
#trispug
permissions management Removing the SharePoint group that you
gave Full Control… Removing yourself from the SharePoint
group that has Full Control…
#trispug
I updated my Master Page Page Layout Style Sheet or a number of other assetsAnd no one can see my changes!
Publish and approvepublish
#trispug
the recycle bin The common misconceptions The (cold) truth
“Regardless of whether or not an item is sent to the users' Recycle Bin or to the Site Collection Recycle Bin, items are deleted automatically after the number of days that the server administrator specified in Central Administration.”
Manage the Recycle Bin of a site (Office.com)
#trispug
testing workflows as a deity Declarative Workflows set to start when
an item is created or changed will not execute when logged in as the System Account.
Pro Tip: Email-enabled lists will not auto start workflows either, unless…
stsadm –o setproperty –pn declarativeworkflowautostartonemailenabled –pv true
will fix thisdeclarativeworkflowautostartonemailenabled (Property Reference)
#trispug
deleting the wrong item I see a hidden Forms folder when using
Explorer View. I think I should delete some things in it!
#trispug
tune your analytics By default, you get 25 months(!!) of
analytics data Microsoft’s guidance for capacity planning
in regards to web analytics isn’t pretty.
Dataset Characteristics
Value
SharePoint components 30k
Unique users 117k
Unique queries 68k
Unique assets 500k
Reporting DB data size?200GB per day
Capacity requirements for the Web Analytics Shared Service in SharePoint Server 2010
73TB per year511TB for 7 years
#trispug
permissive file handling Users are being prompted to download
PDFs Enable permissive file handling for all files
in Web Application in Central Administration
Set specific mime types for a Web Application
> $webApp = Get-SPWebApplication("http://intranet.contoso.com")> $webApp.AllowedInlineDownloadMimeTypes.Add("application/pdf")> $webApp.Update()
server blunders
#trispug
running in circles You’re browsing your site from the server.
Or you’re trying to get search to work. Or you’re trying to get a web service to work. Or you just want anything to work….
HTTP 401.1 - Unauthorized: Logon Failed and you’ve got a FQDN on your site
KB896861 offers several options DisableLoopbackCheck or
BackConnectionHostNames
DisableLoopbackCheck & SharePoint: What every admin and developer should know
#trispug
pausing IIS Bring up your SharePoint Products
Configuration Wizard on the second screen
Checking IIS to see your web applications temporarily paused
#trispug
lost passphrases Passphrase is no longer known
Managed accounts and auto-password resets
Document your farm TechNet CodePlex
> $passphrase = ConvertTo-SecureString -asPlainText -Force> Set-SPPassPhrase -PassPhrase $passphrase -Confirm
#trispug
certificate revocation list
Slow (up to 60 seconds) execution of stsadm and Application Pool recycles Enable outbound internet access to
crl.microsoft.com HOSTS file redirect Set the State registry key for all users who
will run a shell or application pool
Edit the machine.config for each server in your farm
<psuedocode>if (!server.HasInternetConnectivity()) {
server.DisableCRLCheck();}
</psuedocode>
Certificate Revocation List Check and SharePoint 2010 without an Internet Connection
SOFTWARE\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
installing SharePoint
#trispug
not enough service accounts We only have a Farm account Managing passwords is hard
#trispug
primary service accountsAccount Purpose Requirements
SQL Server Runs SQL Server • Domain user account• No rights in SharePoint
Setup Account
Installs the bits and performs initial configuration
• Domain user account• Member of Local Admins
on each server in the farm
• securityadmin and dbcreator on SQL instance
Farm Account
Used for configuring and managing the farm and runs primary services (e.g. SPTimerV4)
• Domain account• Additional rights are
automatically granted as part of installation (both server and SQL)
#trispug
other service accountsAccount Purpose Requirements
MySites Application Pool
Worker process identity for MySites
• Domain user account• Managed account
Content Application Pool
Worker process identity for Content web applications
• Domain user account• Managed account
Services Application Pool
Worker process identity for Service Application Pools
• Domain account• Managed account
Search Service Process
Process identity for SharePoint Foundation (Help) search service and SharePoint Search service
• Domain account• Managed account
Search Service Default Content Access
Used to crawl content specified in content sources
• Domain account
User Profile Import Account
Account used to import (and optionally export) user data from an identity store
• Domain account• Replicate Directory Changes
in AD
#trispug
still more service accountsAccount Purpose Requirements
Object Cache Super User
Processes items in the object cache of a web application
• Domain user account• Managed account• Full Control User Policy on
target web application(s)
Object Cache Super Reader
Processes items in the object cache of a web application
• Domain user account• Managed account• Full Read User Policy on
target web application(s)
#trispug
running the farm configuration wizard Don’t do it. Really, don’t do it. Your GUIDs will thank
you!
#trispug
sandboxed solutions…“The sandboxed code execution request was refused because the Sandboxed Code Host Service was too busy to handle the request”
Your ports are blocked internally (TCP 32846) The UserCode Solutions service isn’t running GPO Policy
RPC Endpoint Mapper Client Authentication Restrictions for Unauthenticated RPC clients
Registry Key Exists
Value set incorrectlyHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC
HKEY_USERS\AccountSID\SOFTWARE\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\SoftwarePublishing
configuring SharePoint
#trispug
managing managed paths Don’t create managed paths for URIs that
already exist! Both sites exist, but only 1 is accessible
There are limits
trim your (audit) logs MOSS 2007 audit trimming does not occur
automatically
stsadm -o trimauditlog –date 20120502 –databasename SP2010_Content_TRISPUG
trim your (audit) logs SharePoint 2010 works a little better
questions?