Lennaerts.com

SharePoint 2010 Blog

About

Replace Expired Fast Certificate

by Leon Lennaerts

Categories: How To

Tags: Enterprise Search, Fast, SP2010

Comments: No Comments

Published on: 12/04/2012

When the certificate of Fast Search is expired you may have the following symptons:

- Crawl which hangs forever and will have only errors
- Cannot connect to ContentDistributor errors within Eventlog/ULS

To solve this issue you will have to run some scripts. In our scenario Fast is installed on the SharePoint server. Also we use a Self-Signed Certificate. Standard this certificate expires after 1 year.
You can change this by modify the CertificateSetup.ps1 script which is located in your “FastSearch\Installer\scipts\include” folder. This can only be done when you have Windows 2008 R2. Windows 2008 will not support this.

Find the following line:

Add-Content –Path $infFile –Value “SuppressDefaults=true”

Add the following lines underneath:

Add-Content –Path $infFile –Value “ValidityPeriod=Years”
Add-Content –Path $infFile –Value “ValidityPeriodUnits=5″

You can increase or decrease the value of ValidityPeriodUnits to the number of years you want.

The next step will be the recreation of the certificate. This can be done by opening the Fast Management Shell via the service account of the Fast service. Also when you use User Account Control you will have to run this as Administrator. Ensure that all of the Fast Services are stopped.

Navigate to folder “\installer\scripts” and run the following script:

.\ReplaceDefaultCertificate.ps1 –generateNewCertificate $true

This script will create a new Self-Signed certificate. Check if the certificate will be installed in the Local Computer\Personal Certificate store. Also check if the certificate is stored in the “FASTSearch\data\data_security\cert” folder.

Now that you have created a new certificate, start all Fast Services on the server. After they have started the ContentDistributor has to be validated. To validate the ContentDistributor you also have to run a script. You will have to run this script with the SharePoint Management Shell because this script loads some SharePoint CMD-lets.

Logon to the SharePoint server with the Farm Account. Open SharePoint Management Shell and run the following script:

.\securefastsearchconnector.ps1 -ssaName “name of Fast content Service Applcation” -userName “Osearch service account”

The Management Shell will display the certificate which was found within the certificate store. Press Enter to install this certificate.
Powershell will now try to validate the ContentDistributor. Also Powershell will restart the Osearch service.

DPM2010 – Metadata Enumeration Failed

by Leon Lennaerts

Categories: DPM2010, Problem Solver

Tags: Backup, DPM2010, SP2010

Comments: No Comments

Published on: 04/07/2011

I recently spend 2 days on a problem which was very hard to solve. DPM did work very smooth. After a few weeks we did receive an error In the DPM 2010 Console:

DPM has created the recovery points, but when you need to recover this data, you will have to recovery this data to different location.

Also we did check the DPM log which is located in “%Program Files%\Microsoft Data Protection Manager\DPM\Temp” folder. The following errors did appear:

WARNING CoCreateInstance failed for CLSID_CWSS3Cmdlets : {40B0FC9C-A853-3F52-B677-A81B2D0F17AE}
WARNING Failed: Hr: = [0x8013151a] : F: lVal : hr

I recreated the Farm backup by performing some steps:

Removed the SharePoint Farm from Protection Group
Removed all databases from Protection Group
Deleted the inactive protection
Reran ConfigureSharePointProtection.exe /enablesharepointprotection
Added the SharePoint Farm to the Protection Group
Start-CreateCatalog

All these steps didn’t solve my problem.

After a couple of days I noticed an application has been installed on the SharePoint Servers. The application which has been installed was Foxit PDF Ifilter. This application adds a registry key on the SharePoint Servers:

HKLM\Software\Microsoft\Shared Tools\Web Server Extensions\12.0

DPM doesn’t understand this because the registry key indicates that MOSS2007 is installed. I did export the key and deleted it. After I performed a full backup the warning did disappear.

Protect SP2010 with DPM 2010

by Leon Lennaerts

Categories: DPM2010, How To, How To, SP2010

Tags: Backup, DPM2010, SP2010, VSS

Comments: No Comments

Published on: 22/04/2011

When you want to backup a SharePoint farm there are certain steps necessary to follow. Also there are some differences between backing up a SharePoint 2010 farm or a WSS3.0/MOSS 2007 farm. When you want to protect WSS3.0/MOSS 2007 Search, you need to configure one Web Front-end Web Server to enable SharePoint Search protection. Just follow the next steps for backing up a SharePoint 2010 farm:

First you need to install a DPM agent on the SharePoint 2010 and SQL server. Verify if the SQL Server VSS Writer has been started. If not, start this service.

After the agent has been installed you need to run the ConfigureSharePoint.exe tool. This tool can be found in the bin directory of the DPM Installation Directory. When you run this tool you must be a member of the local administrators group. Enter the following command in an elevated command prompt (I use the SP2010 Management Shell):

ConfigureSharePoint –EnableSharePointProtection

Enter the username and password of the SharePoint farm account. I recommend you to use the Farm Account of SharePoint 2010.

If you are using a multiple server farm, you will have to unregister the WSS writer. This can be done by opening the SharePoint 2010 Management Shell and enter the following command:

Stsadm –o unregisterwsswriter

Now you can create a protection group in DPM and add the SharePoint farm.

Health Analyzer – SharePoint 2010 Tracing (SPTraceV4)

by Leon Lennaerts

Categories: Problem Solver, SP2010

Tags: SP2010

Comments: 6 Comments

Published on: 11/04/2011

When installing SharePoint 2010, the default SPTraceV4 account will be the Local Service account. SharePoint Health Analyzer will report that the use of built-in account is not supported in a farm configuration.

The description within the Remedy section will not work. You cannot choose a managed account for SPTraceV4 service because this service is not listed on the Service Accounts page.

To solve this problem you first need to create a user account for the SPTraceV4 service. In my case this was the sa_sptrace account. The next step will be running the following Powershell Script within the SharePoint Management Shell:

$traceMa = “DOMAIN\sa_sptrace”
$service = “SPTraceV4″
$farm = Get-SPFarm
$tracev4 = $farm.Services | Where {$_.Name -eq $service}
$newTraceAccount = Get-SPManagedAccount $traceMa
$tracev4.ProcessIdentity.CurrentIdentityType = “SpecificUser”
$tracev4.ProcessIdentity.ManagedAccount = $newTraceAccount
$tracev4.ProcessIdentity.Update()

After you performed this script you will have to perform an IISRESET. You can test if this problem is solved by reanalyzing the problem within the SharePoint Health Analyzer. After this warning has disappeared you can restart the SPTraceV4 service. You can test if the SPTraceV4 is working by restarting the service. There should be created some new logfiles in de log directory.

Using Web Analytics

by Leon Lennaerts

Categories: How To

Tags: Service Application, SP2010

Comments: 1 Comment

Published on: 05/04/2011

When you want to run a Web Analytics report you will receive the following error:

There is no data available for this report. Here are some possible reasons: (1) Web Analytics has not been enabled long enough to generate data; (2) There is insufficient data to generate this report; (3) Data logging required for this report might not be enabled; (4) Data aggregation might not be enabled at the level required for this report.

In order to view a report you will have to install the Web Analytics Service Application. The next steps will describe how to install the Web Analytics Service Application in a multiple server farm (with 2 farms). The Web Analytics Service Application will be installed on the backend farm.

Go to the Central Administration à Application Management à Manage Service Applications
Click within the Ribbon on New à Web Analytics Service Application
Provide a name for the Service Application and create a new app pool or use an existing (I recommend to use one application pool for several Service Applications)
Provide a unique name for the Web Analytics, Staging and Reporting Database
After you have created the Service Application you will have to start two services for populating the data. Go to Central Administration -> Application Management -> Manage service on server . Start the following two services:
- Web Analytics Data Processing Service
- Web Analytics Web Service

Its recommended when using a multiple server farm to start these service on multiple servers.

After you have performed these steps you can use the Web Analytics reporting. It can take one day before you can view any results. This because the data has to be populated.

Application Pool User Profile

by Leon Lennaerts

Categories: Problem Solver

Tags: Application Pool, IIS, SP2010, User Profile

Comments: 2 Comments

Published on: 09/03/2011

When performing an iisreset, I saw an error about the local user profile. The application pool account seems to have no user profile on the server. When checking the user directory (c:\users) I see the application pool account doesn’t have a profile.

There are several ways to create a profile. You can logon locally to the server with the application pool account or you can manualy create one by using de command line:

First add the application pool account temporarily to the Administrators group. You can do this by using lusrmgr.msc or you can type the following line in the command prompt:

net localgroup administrators <domain>\AppPoolAccount /add
Next you have to perform an iisreset. The application pool account is using the temporary profile. By performing an iisreset the profile will be unloaded.
Now we can create an user profile by using the following command:

runas /user:<domain>\AppPoolAccount /profile cmd

You will have to enter a password for the application pool account. After you have pressed enter, the command prompt will open a new windows. Just type echo %userprofile% and you will see the account has its own profile.

Configure User Profile Sync

by Leon Lennaerts

Categories: How To

Tags: DCOM, SP2010, User Profile

Comments: 6 Comments

Published on: 08/03/2011

This post will describe how to install and configure the User Profile Service Application.

First of all you need to create the User Profile Service Application. I always use the same application pool for all Service Applications. In my case this will be ‘Publishing_ServiceApplication’.

Before starting the User Profile Synchronization Service I perform a couple of necessary actions which will prevent some bad errors (DCOM and MSIServer warnings). Probably these errors only will show up when using Windows 2008 R2. Perform these actions on each server which will run the User Profile Syncrhonization.

Modify Registry key of MSIServer

Go to ‘Start à Run à regedit’. Navigate to the following key:

HKEY_CLASSES_ROOT\AppID\{000C101C-0000-0000-C000-000000000046}

Open the permissions for this key en click on Advanced. Now click on the ‘Owner’ tab. Click on Administrators and check the ‘Replace owner on subcontainers and objects’ checkbox.

Click on ‘Ok’ the replace the ownership of this key. After you have performed this action you can give Administrators full control on this key.
Modify DCOM permission {000C101C-0000-0000-C000-000000000046}

The next step is to modify the DCOM permissions of the MSIServer object. Go to ‘start à Administrative Tools à Component Services’. Navigate to {000C101C-0000-0000-C000-000000000046} and open the properties op this object. Edit the ‘Launch and Activation Permissions’ within the security tab. Give the Network Service account Local Launch and Local Activation permissions.
Edit NTFS permissions

Now give the Network Service account Full Control permissions on folder ‘%ProgramFiles%/Microsoft Office Server/14.0′.

After you have performed the above steps you can start the User Profile Synchroization service. Therefore go to the Central Administration à Services on server.

Click on ‘Start’ to start the service. Next enter the credentials of the Farm Account.

NOTE: The Farm Account needs to be a local admin when starting this service. This is for provisioning the User Profile Service. After the service is started you can safely remove the local admin permissions

Starting the service will take a couple of minutes.

The last step of configuring the User Profile Service Application is to create a connection to Active Directory for the synchronization of the User Profiles. Use a dedicated account to synchronize the User Profiles. This account needs ‘Replication Directory changes’ within Active Directory. Based on the needs of the organization this can be on the whole domain or on a specific Organization Unit.

Now you can start a Full Synchronization of the User Profiles.

Usage and Health Data Collection Proxy

by Leon Lennaerts

Categories: Problem Solver, SP2010

Tags: Proxy, Service Application, SP2010

Comments: No Comments

Published on: 08/03/2011

When installing SP2010 you often see that the Usage and Health data collection proxy is not started.

You can solve this problem by following the next steps. You have to determine the id of the ‘Usage and Health data collection’.
You can determine this by running the following command in Powershell. Run Powershell as Administrator, otherwise you receive an error that the local farm is inaccessible.

Get-SPServiceApplicationProxy

Run the following command: $UP = Get-SPServiceApplicationProxy | where {$_.ID -eq “<PASTE COPIED ID HERE>“}
$UP.Provision()

After running this command you will see that the Usage and Health Collection Proxy is Started.

page 1 of 1