Archive for category SharePoint
SharePoint 2007 SP2 Trial Expiration Fix
Posted by Brian in SharePoint on June 26, 2009
Everyone else in the SharePoint is posting this so I might as well too.
Microsoft has released an update for the SP2 Expiration date issue. The MS SharePoint Team Blog has information about it HERE.
I’ll be installing it soon in test and will let you know how it goes. In production, I’ll do the manual fix I’ll include below.
One other quick thing to note is that they say they will be incorporating the hotfix into SP2 within the next few weeks. If you have an SP2 download stored, be sure to grab the new bits once they are available.
An alternative to installing this update is to fix it manually:
- Click the Operations tab in Central Administration
- Go to Convert License Type
- Enter your product key and hit OK. That is all it takes. It will update on every server in your farm.
SharePoint 401.1 Authentication error when accessing from the local machine
Posted by Brian in SharePoint on June 9, 2009
I know this has been posted all over but I’m adding my own since I can never seem to remember it. It tends to pop back up whenever I bring up a temporary server or a farm recovery server.
I believe it was in Windows Server 2003 SP1 that Microsoft released a security update that put a bunch of SharePoint admins into a minor panic. This update caused you to be denied access to your own farms from the local machine(s). You could browse just fine from a remote machine but if you tried to access it locally, you got the following error after a few failed authentication attempts:
You may also notice the following in the security event log:
The biggest problem with this wasn’t the fact that you could no longer access your machine locally. The likely reason you found about this is because your users told you that search was broken! Since SharePoint indexes itself by browsing to itself locally, it would no longer run either!
The update brings about a loopback security check for IIS 5 and IIS 6. It helps to prevent against reflection attacks. For more on reflection attacks, check out wikipedia. I admit I had to look it up.
Now we know what it is so how do we let it know it can trust us to access our own machines locally? Thankfully this is pretty easy. There are two ways to do this, you can either disable the loopback check completely or you can specify host names that it will allow. I would recommend the latter since having this in place would be a good security practice.
First off, open the registry* (REGEDIT) and browse to:
HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0
Create a new multi-string value called: BackConnectionHostNames and add the host names to it. After that, restart the IIS Admin service or better yet, restart the machine.
Now if you would rather disable the service, browse to:
HKLM\System\CurrentControlSet\Control\Lsa
Create a new DWORD value called DisableLoopbackCheck. Give it a value of 1 and restart. After that, you should be set.
Last thing I want to say is it’s probably a good idea to do this to all of your front end and application servers. It shouldn’t be necessary to do it on your SQL server unless it is on the SharePoint server or you are possibly experiencing the problem with SQL reporting.
Microsoft’s documentation on this feature is available at: http://support.microsoft.com/default.aspx/kb/896861
*It goes without saying but becareful in the registry. Take all necessary precautions before messing around in here
SharePoint / ISA AAM and SSL Termination issue
Posted by Brian in SharePoint on June 5, 2009
UPDATE: Please click HERE for an update on this post.
UPDATE #2: Click HERE for another update.
I’m having a bit of a problem with Search on Microsoft Office SharePoint Server 2007. I’m writing this blog for a few reasons. First, it allows me to put to virtual paper, everything that is in my head before it gets replaced by useless baseball stats or what I have for dinner tonight. Second, hopefully someone out there will have a solution. Third, once (and if) I am able to solve it, other people experiencing this problem might stumble across this and use this information to fix it and eventually name their first born after me. If you are here for number 3, you may want to use my nickname instead: Bada$$ SharePoint MoFo.
Now the main problem here is with the search drop-down box on a site collection. Normally when you visit a list, the search drop-down will switch to “This List” for the search scope.
Handy if all you want to do is search the list. Unfortunately for me on both my production and test environments, it doesn’t work that way. All I see is the “This Site” search scope. It does correctly search the site but sometimes I want to narrow it down a bit more.
I believe the problem is related to the fact that we publish SharePoint behind ISA and we are using SSL termination. That means that you access ISA via SSL and it talks to the SharePoint farm via standard http without SSL. This was an architecture decision that we needed to make for a number of reasons. That means changing it isn’t an option. Please take a look at the image below for an idea of our setup:
As you can see, we aren’t doing anything too drastic and you would expect this to work. Unfortunately it doesn’t. Our AAM settings are as follows:
| Internal URL | Zone | Public URL |
| http://sharepoint.domain.com | Default | https://sharepoint.domain.com |
| https://sharepoint.domain.com | Default | https://sharepoint.domain.com |
From what I have read, this should all be correct. One interesting thing is if I enable SSL on the SharePoint front end and browse to it locally, bypassing ISA, the drop-downs work. If I use the exact same URL from outside and go through ISA, the drop-down no longer works! I have been commenting on Matthew McDermott’s blog about this and I’ve found one other person that appears to be having this problem as well. My machines are patched with SP2 and the April 2009 cumulative update.
Anyone have any thoughts before I escalate this to Microsoft? If I come up with a solution, I will post it as an update here.