I had this problem long time ago. I post here just in case someone has the same issue.
When you try to create a new schedule or change an existing schedule, you receive the error message "access is denied". Or in the environment with a dedicated search index server, open Centre Admin in the server which is not the search index server, clicking Search Settings in SSP, got IIS error HTTP 403.
To resolve this issue, please look at Microsoft knowledge base http://support.microsoft.com/kb/926959
Tuesday, June 30, 2009
Monday, June 29, 2009
Using User Filter to Limit User Profile Import in SharePoint
If you’ve ever tried to setup SharePoint 2007 to import user profiles via LDAP you’ll like this post. The setup of the SSP to import profiles is a fairly simple task, but what is not that easy is applying the right LDAP user filter to import only the accounts that you desire from Active Directory. I’d like to share with you my experience with applying user filters and some of the excellent user filter examples I have found. The user filter is a string in User filter in the page “Create New Connection” which is in User Profile and Properties section in SSP.
Below are some samples of LDAP User Filters:
Default user filter:
(&(objectCategory=Person)(objectClass=User))
Exclude disabled accounts:
(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))
Exclude accounts with no email address and disabled accounts:
(&(objectCategory=Person)(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(mail=*))
Exclude accounts with passwords set to expire:
(&(objectCategory=person)(objectClass=user)(!userAccountControl=65536))
Include only the accounts with valid email addresses
(&(objectCategory=Person)(objectClass=User)(mail=*com)
Include only the accounts that are part of the Branch1 organizational unit
(&(objectCategory=Person)(objectClass=User)(memberof:1.2.840.113556.1.4.1941:=(CN=Authenticated Users,OU=Branch1,DC=domain,DC=local)))
Exclude accounts that don’t have a first name
(&(objectCategory=Person)(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(!givenName=*)))
Below are some samples of LDAP User Filters:
Default user filter:
(&(objectCategory=Person)(objectClass=User))
Exclude disabled accounts:
(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))
Exclude accounts with no email address and disabled accounts:
(&(objectCategory=Person)(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(mail=*))
Exclude accounts with passwords set to expire:
(&(objectCategory=person)(objectClass=user)(!userAccountControl=65536))
Include only the accounts with valid email addresses
(&(objectCategory=Person)(objectClass=User)(mail=*com)
Include only the accounts that are part of the Branch1 organizational unit
(&(objectCategory=Person)(objectClass=User)(memberof:1.2.840.113556.1.4.1941:=(CN=Authenticated Users,OU=Branch1,DC=domain,DC=local)))
Exclude accounts that don’t have a first name
(&(objectCategory=Person)(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(!givenName=*)))
Wednesday, June 24, 2009
Display Left Navigation on Web Part Page Stored in a Document Library
The users in one group in my company decided to use web part pages to host multiple document libraries and lists in one page. To be honest, I don’t like this as once the users know how to create pages, they will create more and more pages, and in each pages they will create more and more libraries and lists, finally both the users and I will be crazy to manage the huge number of libraries and lists. (Unfortunately this has happened. When I clicked View All Contents, I got a huge list of libraries and lists). Anyway, user is GOD, so I did for them.
Now it comes a problem. When a user click the page, the left navigation gone! Users need it back.
After some investigations, I noticed that these pages have an empty placeholder that actually overrides what is there in the master page.
<asp:Content ContentPlaceHolderId="PlaceHolderLeftNavBar" runat="server"></asp:Content>
<asp:Content ContentPlaceHolderId="PlaceHolderLeftNavBar" runat="server"></asp:Content>
<asp:Content ContentPlaceHolderId="PlaceHolderNavSpacer" runat="server"></asp:Content>
Open these pages in the SharePoint Designer. If you remove above lines, you'll have the left navigation again visible on the page.
If you don’t want to modify page by page, there’re two ways to achieve the goal: first one, modify the master page. Second one, remove the above three lines from the template files (8 templates) which locate in \12\TEMPLATE\1036\STS\DOCTEMP\SMARTPGS\spstdX.aspx (X is from 1 to 8)
But I don't recommand you to use these two ways as the first one affects all pages in the site collections, and the second affects all pages created after the changing in the FARM.
Now it comes a problem. When a user click the page, the left navigation gone! Users need it back.
After some investigations, I noticed that these pages have an empty placeholder that actually overrides what is there in the master page.
<asp:Content ContentPlaceHolderId="PlaceHolderLeftNavBar" runat="server"></asp:Content>
<asp:Content ContentPlaceHolderId="PlaceHolderLeftNavBar" runat="server"></asp:Content>
<asp:Content ContentPlaceHolderId="PlaceHolderNavSpacer" runat="server"></asp:Content>
Open these pages in the SharePoint Designer. If you remove above lines, you'll have the left navigation again visible on the page.
If you don’t want to modify page by page, there’re two ways to achieve the goal: first one, modify the master page. Second one, remove the above three lines from the template files (8 templates) which locate in \12\TEMPLATE\1036\STS\DOCTEMP\SMARTPGS\spstdX.aspx (X is from 1 to 8)
But I don't recommand you to use these two ways as the first one affects all pages in the site collections, and the second affects all pages created after the changing in the FARM.
Monday, June 15, 2009
An Issue in Updating SharePoint Form Library Column from K2
This is the same K2 InfoPath Integrated workflow which mentioned in my last post. After the form is uploaded to the SharePoint form library, I’m trying to use K2 SharePoint Document Events to update SharePoint library columns(the values are from some fields in the form). For most test cases, it works fine. But I get the following error if there’re special character such as ‘&’, ‘<’ and ‘>’ in the field which is used to update the column.
An error occurred while parsing EntityName. Line 1, position 1945.
It seems this is a known issue and K2 support told me they will fix this issue in the next SP. Well, I can’t wait for them as this workflow is running in my production. Luckily I figured out a simple solution. When publishing the form to SharePoint form library, in the publish wizard at “You can make forma data listed below available as column names on a SharePoint site” step, I chose the fields which were used as columns. And then in K2, I removed K2 SharePoint Document Events which I used to update the library columns. In another words, I used SharePoint to update the columns from the form fields instead of using K2 to update SharePoint columns. It works perfectly.
An error occurred while parsing EntityName. Line 1, position 1945.
It seems this is a known issue and K2 support told me they will fix this issue in the next SP. Well, I can’t wait for them as this workflow is running in my production. Luckily I figured out a simple solution. When publishing the form to SharePoint form library, in the publish wizard at “You can make forma data listed below available as column names on a SharePoint site” step, I chose the fields which were used as columns. And then in K2, I removed K2 SharePoint Document Events which I used to update the library columns. In another words, I used SharePoint to update the columns from the form fields instead of using K2 to update SharePoint columns. It works perfectly.
Access to the path ’Employee_Req.xsn’ is denied
I have a HR workflow which was developed on K2 platform. It is an InfoPath integrated workflow, and Employee_Req.xsn is my form name. When I built my project, I got this error: Access to the path ‘Employee_Req.xsn’ is denied. I noted the form was checked out from VSS so there shouldn’t have access problem.
This didn’t happen before I upgraded K2 BlackPearl from SP1 to 0807 with build number 4.8210.2.0. After lots of investigations, I found K2 automatically created a deployment package under obj\Debug when building, and the form was copied to obj\Debug\Deployment\Bin. I think K2 copied the form before I checked it out, so the form in that folder was still Read-Only. Now the fix is pretty simply, just uncheck Read-Only property box, or delete the whole Deployment folder under obj\Debug.
Months ago, I upgraded K2 from 0807 4.8210.2.0 to 0807.8210.2.370, and this issue doesn’t happen again.
This didn’t happen before I upgraded K2 BlackPearl from SP1 to 0807 with build number 4.8210.2.0. After lots of investigations, I found K2 automatically created a deployment package under obj\Debug when building, and the form was copied to obj\Debug\Deployment\Bin. I think K2 copied the form before I checked it out, so the form in that folder was still Read-Only. Now the fix is pretty simply, just uncheck Read-Only property box, or delete the whole Deployment folder under obj\Debug.
Months ago, I upgraded K2 from 0807 4.8210.2.0 to 0807.8210.2.370, and this issue doesn’t happen again.
Wednesday, June 10, 2009
A Sample of ADF Connecting to Oracle Database
Currently I’m working on BDC in SharePoint 2007. I’m trying to create a BDC Application Definition File (ADF) which connects to an Oracle database, and I didn’t know how to fill the connection properties. I did a search from Google and couldn’t find a sample. So I post the piece of xml which contains connection part here.
<Properties>
<Property Name="DatabaseAccessProvider" Type="Microsoft.Office.Server.ApplicationRegistry.SystemSpecific.Db.DbAccessProvider">Oracle</Property>
<Property Name="AuthenticationMode" Type="Microsoft.Office.Server.ApplicationRegistry.SystemSpecific.Db.DbAuthenticationMode">RevertToSelf</Property>
<Property Name="RdbConnection Data Source" Type="System.String">tnsDBname</Property>
<Property Name="RdbConnection Pooling" Type="System.String">false</Property>
<Property Name="RdbConnection User ID" Type="System.String">rouser</Property>
<Property Name="RdbConnection Password" Type="System.String">rouser</Property>
<Property Name="RdbConnection Integrated Security" Type="System.String"></Property>
<Property Name="WildcardCharacter" Type="System.String">%</Property>
</Properties>
The tnsDBname is the data source name I defined in tnsname.ora (Of course you should have Oracle client installed in your SharePoint server). “rouser” is my read-only account to that database.
A good choice is to use Microsoft BDC Generator, but it asks you to enter the connection string. A better choice is to use BDCMetaMan. When connecting to Oracle database, in Server Name in the popup window, remember to input the tnsname, not the physical server name.
<Properties>
<Property Name="DatabaseAccessProvider" Type="Microsoft.Office.Server.ApplicationRegistry.SystemSpecific.Db.DbAccessProvider">Oracle</Property>
<Property Name="AuthenticationMode" Type="Microsoft.Office.Server.ApplicationRegistry.SystemSpecific.Db.DbAuthenticationMode">RevertToSelf</Property>
<Property Name="RdbConnection Data Source" Type="System.String">tnsDBname</Property>
<Property Name="RdbConnection Pooling" Type="System.String">false</Property>
<Property Name="RdbConnection User ID" Type="System.String">rouser</Property>
<Property Name="RdbConnection Password" Type="System.String">rouser</Property>
<Property Name="RdbConnection Integrated Security" Type="System.String"></Property>
<Property Name="WildcardCharacter" Type="System.String">%</Property>
</Properties>
The tnsDBname is the data source name I defined in tnsname.ora (Of course you should have Oracle client installed in your SharePoint server). “rouser” is my read-only account to that database.
A good choice is to use Microsoft BDC Generator, but it asks you to enter the connection string. A better choice is to use BDCMetaMan. When connecting to Oracle database, in Server Name in the popup window, remember to input the tnsname, not the physical server name.
Thursday, June 4, 2009
Error "The tracking (workstation) service is not running" in IIS
Office Server Web Services web application in my SharePoint Server stopped! I tried to start it and got this error:
The tracking (workstation) service is not running
Simple fix is starting up the SSL service by running the following command and then start that web application.
net start httpfilter
The tracking (workstation) service is not running
Simple fix is starting up the SSL service by running the following command and then start that web application.
net start httpfilter
Got error "Could not Connect to the server. Please make sure the site is accessible." in SharePoint Search
Well, probably only I had this issue. Here is my scenario.
I have a SharePoint farm which is composed of two web servers and one database server. There is a SharePoint web application running on port 31000. For some reason, I extended the web application to another one with port number 80 and host head value MyFQDN. Months later, I decided to stop using the extended application, so I configured the host head value of the original application with port number 31000, and stopped the extended one (but not delete it).
Everything was running well until yesterday the search engine failed to crawl. I got this error:
Could not Connect to the server. Please make sure the site is accessible.
Well, you could find this is a common error in the search if you do some investigation from Google. But this time no solution worked for me. As this is my production environment, I have to make it work as soon as possible. So I changed the Content sources from http://machinename:31000/ to http://myfqdn/ and do a full crawl. It worked!
Now I have time to do more investigations. Usually I only work on the first web server to run Central Admin and to check IIS. As usual I opened IIS Manager in the first server and nothing was different. I didn’t know why I connected to the IIS services in the second web server but I did connect. What?! The original web application stopped and the extended one was running! Who did that?
So I stopped the extended application and started the original one in the second web server, then back to the Central Admin, changed the Content sources back to http://machinename:31000/ and did a full crawl. It worked!
This time I deleted the extended web application from the two web server!
Monday, June 1, 2009
Access denied when crawling MOSS Content
The SharePoint search is configured properly and everything is running perfectly. My SharePoint web applications use Kerberos authentication. I applied .NET 3.5 SP1 and the search didn’t work. I got the following error:
Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has "Full Read" permissions on the SharePoint Web Application being crawled. (The item was deleted because it was either not found or the crawler was denied access to it.)
Lots of blogs talked about this issue. The suggested solution is below:
Disable the loopback check
Follow these steps:
1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. Right-click Lsa, point to New, and then click DWORD Value.
4. Type DisableLoopbackCheck, and then press ENTER.
5. Right-click DisableLoopbackCheck, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Quit Registry Editor, and then restart your computer.
Source: http://support.microsoft.com/kb/896861
This resolved the issue in my production but not QA!
So what’s the difference between my production and QA?
After one day investigation, I found there was a wrong Kerberos setting in QA. Run the following:
Setspn –l severname
I found there was a line like this: HTTP/servername:portnumber other than HTTP/servername. So I run setspn –d HTTP/servername:portnumber SharePointServiceAccount to remove it, did a search again and it worked!
Get Error When Browsing K2 Workspace
When browsing K2 workspace, I got the following error in the page:
Error:Initialization failed: Index was out of range. Must be non-negative and less than the size of the collection. Parameter name: indexAn error has occurred.Please contact your administrator.
Error:Initialization failed before PreInit: Thread was being aborted.
Possible causes- using anonymous logon in IIS while Windows security is specified in Workspace configuration- current logged on user can not be verified against the Active Directory Membership provider- please review log files for more information
Many people met the same problem. I don’t know why K2 doesn’t try to fix it. The solution is pretty simple. Go to \Program Files\K2 blackpearl\WorkSpace\Site, open the web.config file, find connectionString="LDAP://fulldomainname”, add “:389” at the end. So it looks like:
connectionString="LDAP://fulldomainname:389”
Browse K2 workspace again and it works!
Error:Initialization failed: Index was out of range. Must be non-negative and less than the size of the collection. Parameter name: indexAn error has occurred.Please contact your administrator.
Error:Initialization failed before PreInit: Thread was being aborted.
Possible causes- using anonymous logon in IIS while Windows security is specified in Workspace configuration- current logged on user can not be verified against the Active Directory Membership provider- please review log files for more information
Many people met the same problem. I don’t know why K2 doesn’t try to fix it. The solution is pretty simple. Go to \Program Files\K2 blackpearl\WorkSpace\Site, open the web.config file, find connectionString="LDAP://fulldomainname”, add “:389” at the end. So it looks like:
connectionString="LDAP://fulldomainname:389”
Browse K2 workspace again and it works!
Subscribe to:
Posts (Atom)