Skip to main content
Sign In |
  Help (new window)

From The Field

Go SearchAdvanced Search
From The Field
  

SharePoint Gurus
Official Blog of the SharePoint Product Group
Spence Harbar (MVP)
Bob Fox (MVP)
Andrew Connell (MVP)
Chris Gideon
Dan McPherson
Nick Swan (MVP)
Eric Shupps (MVP)
Natalya Voskresenskaya (MVP)
Agnes Molnar
MCS UK Super Blog
Todd Klindt
Keith Ritchie - Utility Suite Guy
Mark Harrison
Mike Watson - Mad Scientist
Bill Baer
Joel Oleson
Links
Photos
Archive
Archive (Calendar)
From The Field > Categories

10/19/2009

Single Server Complete Install of SharePoint 2010 using local accounts
 
UPDATED 19 Nov 2009 - It is suggested the reader refer to MSDN article -
Setting Up the Development Environment for SharePoint Server
 - http://msdn.microsoft.com/en-us/library/ee554869(office.14).aspx
 
Before commencing with implementing this approach to a single server installation.
 
Something that was possible in SharePoint Server 2007 has become tricky in SharePoint Server 2010. The complete installation on a single server using non-domain accounts. Something most developers, demonstrators and testers do a lot of suddenly requires the use of domain accounts instead of local machine accounts. Or does it....
 
The recommendation for a single server build of SharePoint 2010 is to use the Stand Alone installation giving you SQL express and a default configuration. But what if you want to use SQL Server 2008 and to have more control over the build, and to use local service accounts. In this case you need to use complete install and either PowerShell alone or a combination of Windows PowerShell and PSCONFIG(UI).EXE
 
To begin with carry out your SharePoint 2010 installation using the advanced option and complete as the server type. This is recommended in a farm configuration.
 
Next you would think to use either PSCONFIG or PSCONFIGUI to create the farm. Well you would be wrong
 
PSCONFIG.EXE -cmd configdb -create -server neilhw2k8r2 -database sharepoint_2010_config -user neilhw2k8r2\administrator -password ******** -passphrase ********
-admincontentdatabase sharepoint2010_admincontent
 
Results in
 
SharePoint Products Configuration Wizard version 14.0.4514.1009. Copyright (C) Microsoft Corporation 2010. All rights reserved.
The specified user neilhw2k8r2\administrator is a local account.
Local accounts should only be used in stand alone mode.
 
So how do we get around this limitation without using the corporate domain or else promoting the server to a domain controller.
 
Windows PowerShell is your friend, New-SPConfigurationDatabase allows you to specify none domain credentials for the farm.
 
To execute this command launch the SharePoint 2010 management shell (in the same location as the central admin link) and simply type the command at the cursor and press enter.
 
CreateNewFarm
 
The beauty of the Windows PowerShell approach is you get prompted for the missing command line attributes instead of the rather horrible error dialog that PSConfig throws at you
 
After this completes you will find in SQL a new configuration database and an admin content database (unfortunately the GUID is back but that can be fixed if necessary)
 
Next the simplest way to complete the installation is revery back to PSConfigUI as you now are starting with the server already joined to the farm.
 
 
 
Follow the wizard through the same options as you had with SharePoint 2007 and complete the installation/configuration with the following screen
 
 
Clicking Fiinish launches the central admin website and after agreeing to report back customer experiences to Microsoft (or not) you get your first look at SharePoint 2010 central admin and the configuration wizards.
 
 
So wizard - or - manual configuration. That's a subject for another post so come back for more...
 
 
 
 
Posted at 4:36 PM by Neil 'The Doc' Hodgkinson | Category: SharePoint 2010; PowerShell; Administration; Central Administration | Permalink | Email this Post | Comments (6)

4/29/2009

A Common Alternate Access Mapping (AAM) Mistake Revisited....
 

question often asked when exposing an internal site out to the Internet is, "why do I have to extend my original web app into  a new zone with an intermediary internal URL to publish to a public URL, can't I simply add a public URL to a new zone for the already existing web app?"

 

The answer is no as described in mistake #3 in the Plan alternate access mappings article.

 

In short, if a web application was created with a host header then IIS will only listen on that host header and the request for the new URL will never get to SharePoint. The recommended approach would be to make the web application listen on a different URL by extending the web application into a different zone which creates a second IIS site and provides the opportunity to configure a host header for the extended site to listen on (this would form the internal URL, and a public URL in the same zone should be defined). 

 

Although technically speaking, if a host header wasn't defined when the web application was originally created, and IIS was blindly listening on port 80 this wouldn't be a problem and we could simply add a public URL in the same zone as the original web application.....so we may believe.....

 

Whilst a fellow PFE was onsite with a customer, some strange behaviour in SharePoint  was experienced.

 

The customer was reporting that even though they had multiple web applications serving content and that all the web applications were hosted under their own application pools, only one w3wp.exe process was on each of their web front end servers.

 

We had initially thought that this was because of their AAM configuration, as they had entries pointing to specific servers. In other words, we thought we would find that only certain servers would have multiple w3wp.exe processes as the AAM redirected the users to a specific server and not to NLB.

 

However, after digging into AAM, DNS name resolution, application pool configuration and so on, it turns out that in fact, only one w3wp.exe process was serving content for all the web applications in the environment.

 

The following diagram explains the configuration of web applications, worker processes, AAMs and Content DBs in the environment:

 

 

The problem was that although users were hitting content hosted on WEB APPLICATION 2 we could only see 1 w3wp.exe process with PID (6148). That worker process corresponded to WEB APPLICATION 1, not WEB APPLICATION 2 – Don’t get me wrong, users were requesting data from WEB APPLICATION 1, but they were also requesting data from CONTENT DB 2 which was attached to WEB APPLICATION 2.

 

Long story short, it turns out that the AAM mapping for WEB APPLICATION 2 (INTERNET ZONE) was created in the AAM page. They never extended the web application to use the loadbalancedurl2.net address. They just created the new zone via AAM page. Because it was never extended, when the client resolved the loadbalancedurl2.net address from WEB APPLICATION 2, the address was resolved to their WFEs IP address, but IIS would accept the request via the website on PORT 80 (http://loadbalancedurl2.net:80) – which corresponds to WEB APPLICATION 1. This essentially meant that WEB APPLICATION 1, listening on port 80 was accepting all requests from users that used the load balanced URLs for all the web applications in the environment.

 

 

 

WSS_Content2 is only actually served thanks to the absence of host header on WEB APPLICATION 1 thus permitting PID 6148 to receive all incoming requests on port 80 and route as “best effort”. And as you may have guessed by now, this only works because both web applications are using an application pool with the same login.  If each web application’s application pool had a unique login, then WEB APPLICATION 1 would not be able to access the content database for WEB APPLICATION 2 and vice versa.

 

As outlined in the second paragraph of this post, the proposed resolution and recommended approach would be to have an extension of each of the applications into another zone, ideally  having hostheader mapped to public url (or whatever it might be http://mossserver:85 in this case), if the reverse proxy device exposing the web application is NOT forwarding the host header. This will isolate user / proxy traffic on a specific process and no longer serve the multiple Content DBs through the  single web application.

 

Many thanks to Leandro Iacono for the useful customer example.

Posted at 1:14 AM by samhassa | Category: Administration; Authentication; Central Administration; Configuration; General; IIS; Permissions; Security; Troubleshooting | Permalink | Email this Post | Comments (0)

12/30/2008

Awesome article on Central Admin High Availability and Security - too good to miss
We try to keep our material on this blog as original as possible but sometime a post comes along elsewhere that is simply too good not to mention.
 
Spence Harbar has posted on Central Admin high availability, load balancing, security and other recommendations. If you want something good to read in the new year make this your first port of call.
 
 
Happy holidays everyone.
 
Posted at 4:42 PM by Neil Hodgkinson | Category: Configuration; Central Administration | Permalink | Email this Post | Comments (0)

10/21/2008

Running Central Admin on Multiple Servers within a Farm

One of the best practices that the Premier Field Engineering (PFE) team always recommend is to run the Central Administration Web application on multiple servers (at least 2) within the farm. Then if anything happens to one of the servers hosting Central Administration you can still manage MOSS 2007 - the alternative is provision and configure Central Administration on an existing server using stsadm - not a good situation to be in, especially if you desperately need access!

 

Whilst this is fairly easy to setup either during the Post Setup Configuration GUI, via the command line and even via Central Admin itself (targeted at other servers within the farm though obviously) customers often run into issues when trying to access the second instance of Central Administration.

For example my farm includes three servers:

·         Server1 – Web Front End

·         Server2 – Web Front End

·         Server3 – Application

 

When I originally created the farm I configured Server1 to host Central Administration (this was the first server that was built) I then built Server2 and choose to host Central Administration on this server too. It was decided that Server3 would be completely dedicated as an application server so Central Administration was not provisioned on this server.

 

If I look in IIS Manager on Server1 I can see a Web site for Central Administration, listening on port 40000 with no host header, therefore available via the URL http://server1:40000

 

If I look in IIS Manager on Server2 I can also see an identical Web site listening on the same port, therefore available via http://server2:40000  

 

If I then launch Internet Explorer from my desktop and browse to http://server1:40000 Central Administration is displayed within my browser and I can configure MOSS 2007 as I please!

 

Now one day I decide that I don’t want to access Central Admin on server1 and would prefer to use server2, so I type http://server2:40000 in my browser and connect to the site – but wait a minute it has redirected me to http://server1:40000 this isn’t very good, what would I do If server1 was unavailable and I needed to access Central Administration!

 

The behavior that you are seeing is expected and is the default behavior; with a minor configuration change to Alternate Access Mappings (AAM) you can configure Central Administration to be available on both URLs without it doing the pesky re-direct J

 

To accomplish this you will need to Launch Central Administration and select the Operations tab, then select Alternate Access Mappings from within the Global Configuration section.

 

In the top right there is an option for Alternate Access Collection, select this and choose the Central Administration Web application.

 

In my example I then see the following:

 

 

 

As you can see server2 has an entry within the Internal URL section but not within the Public URL for Zone. I won’t bore you with the technicalities of AAM, if you are interested you may find the following useful - http://technet.microsoft.com/en-us/library/cc263521.aspx

 

To get this to work as expected we need to add a public URL entry for server 2; this can be done as follows:

 

1.       Select Edit Public URLs

2.       Add an entry for server 2 – I generally use the Intranet zone and then click Save

 

 

3.       Alternate Access Mapping should now look as follows

You should now be able to access Central Administration on server1 and server2. One thing to note is that the link within the Start Menu to Central Administration will always point to the first server that Central Administration was installed on, which is the server that was used to create the farm (in my case server1) although this can be changed via the registry.

Brendan Griffin

Posted at 9:01 AM by Brendan Griffin | Category: Configuration; Central Administration | Permalink | Email this Post | Comments (0)

 Error
Web Part Error: A Web Part or Web Form Control on this Page cannot be displayed or imported. The type could not be found or it is not registered as safe.

Error Details:
[UnsafeControlException: A Web Part or Web Form Control on this Page cannot be displayed or imported. The type could not be found or it is not registered as safe.]
  at Microsoft.SharePoint.ApplicationRuntime.SafeControls.GetTypeFromGuid(Guid guid)
  at Microsoft.SharePoint.WebPartPages.SPWebPartManager.CreateWebPartsFromRowSetData(Boolean onlyInitializeClosedWebParts)