Tech Tips, News and Tribal Knowledge

VMware has released an urgent notification concerning an issue with their “Update 2″ release.  It appears this patch will cause power-on and VMotion failures for some systems.  I thought I’d post the entire text of the notification here in case some readers fail to receive it directly from VMware.

This is a huge foul-up on the part of VMware and will probably damage their credibility for some time to come.  The ability of one update to take down entire server farms will surely hamper adoption of virtualization for production servers across the board.  This is very unfortunate for VMware.

Read more

Recently I experienced some unusual Kerberos authentication issues with one of our SharePoint farms. Users accessing the farm using the Kerberos protocol would receive repeated logon dialog boxes from the front-end server. The prompts would continue even though the user was entering the proper credentials. These repeated logon attempts wouldn’t lock out the user account which indicated the logon never got past the front-end server. This behavior affected only those users authenticating to the farm using Kerberos. Any users authenticating to the farm using the NTLM protocol had no issues logging in. In addition, the following KRB_AP_ERR_MODIFIED error appeared in the event logs:

Read more

After installing SharePoint using the least privileged model, you will undoubtedly find your event logs filled with errors. You will see dozens of 10016, 7888, 6482 and 6398 events all with red the “X”, but don’t despair, you haven’t done anything wrong. If you have followed SharePoint best practices, the accounts you have used for your farm, shared services provider, default content access and application pools are all domain user accounts with no special rights or privileges. When installing MOSS under the least privileged model, these errors are expected. In order to eliminate the errors and finish your install, you need to complete three basic permissioning tasks before calling it a day.

Read more

After previously deriding the pretty permalinks mantra, I have finally decided to drink the “Kool-Aid.”  Although I’m still not convinced it will make any difference in search engine rankings, I do see the value of pretty permalinks in overall site design and organization.  There are two primary reasons I’ve decided to change the default permalink structure, neither of which have anything to do with search engine optimization (SEO).  The first, and most important, concerns how manually entered links back to my blog appear to potential readers.  The second involves the limitations imposed on site hierarchy when using the default permalink structure.

Read more

Recently I was tasked with creating a training environment for new SharePoint site administrators. Since the trainer wanted to create as realistic an experience as possible, the site needed to closely match the production environment. The training session was scheduled to begin in a couple of days, so I didn’t have much time to come up with a workable solution.

Read more

Microsoft has just released updates to both Sharepoint 2007 and Windows Sharepoint Services 3.0.  The update addresses several performance and scalability issues as well as adding new search features such as federated search and a unified search admin dashboard.

Microsoft recommends applying these fixes as soon as possible.

You can find the patches at:

32 bit

Infrastructure Update for Microsoft Office Servers (KB951297)

Infrastructure Update for Windows SharePoint Services 3.0 (KB951695)

64 bit

Infrastructure Update for Microsoft Office Servers (KB951297)

Infrastructure Update for Windows SharePoint Services 3.0 (KB951695)

Join the forum discussion on this post - (1) Posts

In Eric Eaton’s post, How do I make our SharePoint site stop asking me to login? – Part II, he discusses several issues that prevent pass-through authentication from SharePoint to Active Directory. While browser settings are a common source of authentication problems, in this post, I’d like to discuss an interesting credential issue related to Kerberos ticket expirations.

Read more

There seems to be near universal agreement among bloggers and search engine optimization (SEO) experts that the default permalink structure in WordPress is not optimal for SEO.  While I don’t know where this belief originated, I do know that a presentation by Matt Cutts at WordCamp 2007 lent further support to this notion.  Matt is on the Google search team and his opinion carries a lot of weight.  Being the suspicious curmudgeon I am, my stated position is: “saying it doesn’t make it so.”

Read more

The double-hop issue in SharePoint occurs when IIS attempts to pass the user’s NTLM credentials to a service that is running on a server that is either not part of the requesting server’s farm, or not running directly on the web server. A good example of this is a web part that requests data from a SQL server that is not part of the MOSS farm and that SQL server requires the credentials of the user making the request. This type of authentication request is disallowed in .NET. As NTLM authenticates only the client and not the server, there would be no way for the end user to know if their credentials were passed to a valid service. If Microsoft Windows authentication allowed this, a web server could collect user credentials and pass them around at will. This would be a very poor security model. Fortunately, Kerberos authentication provides a workaround for this, but it requires a little more configuration effort.

Read more