Tech Tips, News and Tribal Knowledge

I’ve recently e-mail enabled some document libraries on our SharePoint site and have noticed some odd behavior.  It seems that In order to send a document to the library, I need to actually have some content in the message.  If I simply attach a message, using Outlook 2007, without any accompanying text, the document disappears into SharePoint heaven never to be seen again.  It doesn’t seem to need a subject, just some text.  Even a single carriage return is sufficient.

I’m running the site using a least priviledged model which requires me to add the contacts manually to AD.  Everything seems to work properly as long as I include some text.

I’m not sure if this is a SharePoint deficiency or an Outlook issue.  I will post a followup if I figure this out.

Recently I experienced some unusual Kerberos authentication issues with one of our SharePoint farms. Users accessing the farm using the Kerberos protocol would receive repeated logon dialog boxes from the front-end server. The prompts would continue even though the user was entering the proper credentials. These repeated logon attempts wouldn’t lock out the user account which indicated the logon never got past the front-end server. This behavior affected only those users authenticating to the farm using Kerberos. Any users authenticating to the farm using the NTLM protocol had no issues logging in. In addition, the following KRB_AP_ERR_MODIFIED error appeared in the event logs:

Read more

After installing SharePoint using the least privileged model, you will undoubtedly find your event logs filled with errors. You will see dozens of 10016, 7888, 6482 and 6398 events all with red the “X”, but don’t despair, you haven’t done anything wrong. If you have followed SharePoint best practices, the accounts you have used for your farm, shared services provider, default content access and application pools are all domain user accounts with no special rights or privileges. When installing MOSS under the least privileged model, these errors are expected. In order to eliminate the errors and finish your install, you need to complete three basic permissioning tasks before calling it a day.

Read more

Recently I was tasked with creating a training environment for new SharePoint site administrators. Since the trainer wanted to create as realistic an experience as possible, the site needed to closely match the production environment. The training session was scheduled to begin in a couple of days, so I didn’t have much time to come up with a workable solution.

Read more

Microsoft has just released updates to both Sharepoint 2007 and Windows Sharepoint Services 3.0.  The update addresses several performance and scalability issues as well as adding new search features such as federated search and a unified search admin dashboard.

Microsoft recommends applying these fixes as soon as possible.

You can find the patches at:

32 bit

Infrastructure Update for Microsoft Office Servers (KB951297)

Infrastructure Update for Windows SharePoint Services 3.0 (KB951695)

64 bit

Infrastructure Update for Microsoft Office Servers (KB951297)

Infrastructure Update for Windows SharePoint Services 3.0 (KB951695)

Join the forum discussion on this post - (1) Posts

In Eric Eaton’s post, How do I make our SharePoint site stop asking me to login? – Part II, he discusses several issues that prevent pass-through authentication from SharePoint to Active Directory. While browser settings are a common source of authentication problems, in this post, I’d like to discuss an interesting credential issue related to Kerberos ticket expirations.

Read more

The double-hop issue in SharePoint occurs when IIS attempts to pass the user’s NTLM credentials to a service that is running on a server that is either not part of the requesting server’s farm, or not running directly on the web server. A good example of this is a web part that requests data from a SQL server that is not part of the MOSS farm and that SQL server requires the credentials of the user making the request. This type of authentication request is disallowed in .NET. As NTLM authenticates only the client and not the server, there would be no way for the end user to know if their credentials were passed to a valid service. If Microsoft Windows authentication allowed this, a web server could collect user credentials and pass them around at will. This would be a very poor security model. Fortunately, Kerberos authentication provides a workaround for this, but it requires a little more configuration effort.

Read more

SharePoint administrators are often asked to securely publish their sites either to the Internet, internally, or both. This is a fairly straightforward process of configuring your MOSS installation for SSL and publishing your site using any one of the numerous firewalls or proxy servers available on the market. But what happens if your users forget the site is SSL secured and enter http://your.moss.site instead of https://your.moss.site? Well, if you’ve properly secured your site and blocked HTTP traffic from the Internet, they receive the all too familiar 404 page not found error and you get a call asking why the site is down. If they are internal users and enter http://your.moss.site, they receive a 403.4 Forbidden: SSL is required… error.

Read more

After installing the Office Communicator 2007 client you may have two errors indicating that there is a problem with Communicator’s integration with Outlook.

The first error refers to a required hotfix that you can download directly from the link provided in the “Information” dropdown in the Communicator client. Simply select the link in the dropdown and install the patch.

Read more