Friday, 17 September 2010

Image dump - Ribbon actions are disabled

Problem: Adding a new domain account user to the "Farm administrators" group. The new account mydomain\mstest1 cannot use the "New", "Extend" or "Delete" buttons on the ribbon within "Web Application Management".
Rolling over the buttons on the ribbon display the following information: "This control is currently disabled." "You might not have the right permission level to use this, you might need ...".
Additionaly you will also notice the "Manage Service Applications" will not allow you to create or delete new Service Applications.
New user in the Farm administrators group
Hypothesis: The new farm administrator does not have the appropriate permissions on the configuration database.

Resolution: Give the new administrator db_owner rights and the ribbon action options are available.

Further Info:
By making a content database read-only as shown below all Site Collections become read-only, ribbon actions are disabled.  Not coentent can be added to the Site Collection.
Make the content db read-only

Resulting Site Collection (Can't use most ribon options)



NLB
NLB 2
Posted by Paul Beck at 13:50 5 comments
Labels: ,

Unified Logging Service (ULS)

Overview: ULS is made up of 3 components: Trace logs, Reporting database & the Windows Event viewer. 

Trace Logs:
Trace Logs by default are located in the 14 hive/SharePoint Root, by default they are created every 30 minutes and can be viewed in notepad. 
ULSviewer is available on codeplex to improve usability as the logs are easier to follow than if you use notepad.
Trace logs can grow extremely quickly.  Only log the appropriate messages for troubleshooting without making the logging to big.  Verbose logging cause huge amounts of logging but it is extremely detailed.  The amount of logging or what is logged can be set using the CA> Monitoring > Diagnotic Logging "Configure Diagnostic Logging".
SharePoint 2010 uses NTFS compression for log files to reduce storage on the WFE (logging) servers.
Consider moving the trace logs to a new drive so that the logs don't fill up the default drive (usually the c drive).  This change applies to all servers in the farm.
Logs by default are kept for 14 days, you can also hold them using sizes rather than duration.
Event Log Flood Protection in CA should always be turned on to stop repeated errors being recorded multiple time in you logs.
Correlation ID's as the name suggest helps us track errors from the UI through to the Trace Logs.  The end user when the receive an error are shown a unique correlation ID that can be used to track down the problem.  Correlation Id's as also shown on the developer dashboard and can be used to tract from the UI into the trace logs without errors.

Update 7 Oct 2010 - Useful Monitoring artlicle:
http://www.sharepointproconnections.com/content.aspx?topic=How-SharePoint-2010-s-Monitoring-Features-Can-Help-Admins&catpath=sharepoint
Update 14 Dec 2010 - ULS Viewer
Tool to view ULS log and filter data


Various SharePoint Logs Explained:
http://stackoverflow.com/questions/525197/where-is-the-default-log-location-for-sharepoint-moss
Posted by Paul Beck at 13:48 0 comments
Labels: , ,

Tuesday, 14 September 2010

Recomended SP2010 Books

Professional SharePoint 2010 Administration - Todd Klindt, Shane Young, Steve Caravajal.  Wrox.   Good admin book, and useful for architecture.  Has a lot of best practice points and clearly explains core concepts such as service applications in SP2010 & claims based authentication.

Microsoft SharePoint 2010: Building solutions for Sharepoint 2010 - Sahil Malik.  APRESS.  Good all round book - especially useful for getting .net developers into SharePoint.   There are better reference developer books but it clearly works through major areas that SharePoint developer should know.
Posted by Paul Beck at 00:32 0 comments
Labels:

Thursday, 9 September 2010

SPAutoinstaller accounts

Change the setup.xml file to use 5 accounts:
  1. SP-Install - domain account with admin local rights on each WFE also need SQL dbcreator and dbsecurity roles (used to login and install binaries, use this account for add new servers to the farm);
  2. SP-Farm - domain account no permissions, will be the account to run timer job and other key roles;
  3. SP-Web-App-Pool - Content Web app account - Domain account only;
  4. SP-Services - Install all services to use the same domain account, this can be seperate for each services but for easy of setup and mainentance use 1 account. Exception is the User Profiles service, setup seperately using Spence Harbors post as the user domain account needs unique security, and
  5. SP-Crawl - Used to crawl SP content.
6th SP-SQL - Domain user account with no prividges used to start the SQL service (recommended) can use local/builin accounts but for Reporting services, and other advanced functionality need a domain account.
 
7th account should be used for User Profiles called SP-Service-UP.  This is a complex issue and needs full review don't try install this blindly hoping it will work.
References
Todd Klindt's Blog
Todd's netcast 49 about installation (specifically install accounts, user profile services and an SP2010 internet version enterprices edition licence bug).
Liam Cleary's list of SharePoint 2010 Service Accounts
Posted by Paul Beck at 13:41 3 comments
Labels: , , ,

Wednesday, 8 September 2010

SP 2010 Service Applications

SharePoint 2010 Serices Chart
Posted by Paul Beck at 10:07 0 comments
Labels:

DisableLoopbackCheck fix

I was listening to Todd Klindt's netcast 50 this morning and he mentioned that DisableLoopbackCheck is not the correct approach for allowing your SharePoint servers to see themselves (needed if crawling).  I have been doing this on my server installation and need to review my approach.

MS KB on disabling loopback using either approach.  DisableLoopback was introduced by MS to reduce prevention attacks.  As SharePoint needs to crawl itself and it's pretty nice to have a local browser for A records/renamed resources, I need to disable loopback however, the method of specify what to disable is definately more preferable.
Posted by Paul Beck at 08:12 0 comments
Labels: ,

Tuesday, 7 September 2010

SP2010 AutoSPInstaller NLB farm install issue - Trial period for this product has expired

Problem: I created a farm using the AutoSPInstaller project. All works perfectly. I then joined a 2nd SharePoint 2010 server using the script however the script was change to not create the services again. All works and I have a 3 server farm including the database server. I then added Windows 2008 R2 network load balancing on the 2 SharePoint 2010 servers. If try access the default Team Site created when I built the 1st server on the new server I get the error "The trial period for this product has expired." Event log doesn't show an error and the ULS shows the following error "Exception thrown while adding control 'Microsoft.SharePoint.Portal.WebControls.SearchBox' : Thread was being aborted ...".


Hypothesis: The install adds the IIS web site created on my initial farm build on the 2nd SharePoint server. Routing is working and the error occurs when the request is routed to the 2nd SP2010 server. The response is coming from the IIS web server and we know the issue is within the specific web app.  In MOSS there were 2 causes for the error message and this is clearly not the SP2 bug so it looks more like the app pool account bug.

Resolution: Create a new Web Application and create a new root Site Collection. The error goes away. OR
Using Powershell change the Managed account then using IIS Manager on each web server go to the approoriate app pool and change the account to the new account. 
OR
Use Central Admin to change the service account.  CA > Security > Configure service account.  You will need to reset IIS on each web server.
Demo on changing app pool managed accounts
Posted by Paul Beck at 13:52 0 comments
Labels: , ,
Subscribe to: Posts (Atom)