SharePoint and FIPS Exceptions

A couple of weeks ago, I started a "Greenfield" implementation of SharePoint 2013 for a client. This organization has SharePoint 2003, 2007, 2010 already existing in their environment, so I ignorantly figured that the installation should go pretty smoothly.
All of the SharePoint and SQL bits installed correctly, however when trying to provision Central Administration, I ran into an issue where I was not able to create the config database:

What is FIPS?

FIPS stands for the Federal Information Processing Standards, and is used for the standardization of information, such as FIPS 10-4 for Country Codes or FIPS 5-2 for State Codes. However my problem is with FIPS 140-2, the Security Requirements for Cryptography which states:

This Federal Information Processing Standard (140-2) specifies the security requirements that will be satisfied by a cryptographic module, providing four increasing, qualitative levels intended to cover a wide range of potential applications and environments. The areas covered, related to the secure design and implementation of a cryptographic module, include specification; ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks. [Supersedes FIPS 140-1 (January 11, 1994): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=917970]

http://www.nist.gov/manuscript-publication-search.cfm?pub_id=902003

In essence, FIPS 140-2 is a standard that can be tested against and certified so that the server is hardened up to a government standard. Currently, the US is not the only government that uses the FIPS standard for server hardening. The FIPS Local/Group Security Policy Flag can be found here:

FIPS and SharePoint

There are a couple of problems with using SharePoint on a FIPS enabled server. SharePoint Server uses MD5 for computing hash values (not for security purposes) which is an unapproved algorithm. According to Microsoft (https://technet.microsoft.com/en-us/library/cc750357.aspx) Schannel Security Package is forced to negotiate sessions using TLS1.0. And the following supported Cipher Suites are disabled:

• TLS_RSA_WITH_RC4_128_SHA
• TLS_RSA_WITH_RC4_128_MD5
• SSL_CK_RC4_128_WITH_MD5
• SSL_CK_DES_192_EDE3_CBC_WITH_MD5
• TLS_RSA_WITH_NULL_MD5
• TLS_RSA_WITH_NULL_SHA

If you want to read up more, here are some good posts:

• Don’t Even Bother Trying to Enforce FIPSAlgorithmPolicy on SharePoint 2010 Servers
• FIPS 140 Validation
• FIPS PUB 140-2- Security Requirements for Cryptographic Modules
• Why We’re Not Recommending “FIPS Mode” Anymore

What's Next?

Disabling FIPS is easy, however a larger discussion needs to be had. Is FIPS set at the GPO level or is it part of the image that was provisioned and FIPS was enabled by default? Will the security team come after you if you disable it without their knowledge? Why do they have FIPS enabled, and what are they trying to accomplish with FIPS? All of these questions will need to be answered before changing your server settings.

Fixing FIPS with PowerShell

This is how I reset the FIPS Algorithm Policy so that I could get Central Administration provisioned. Remember that FIPS will need to be disabled on all of your SharePoint Servers.

$sets = @("CurrentControlSet","ControlSet001","ControlSet002")
foreach ($set in $sets) {
    $path = "HKLM:\SYSTEM\$set\Control\LSA\FipsAlgorithmPolicy"
    if ((Get-ItemProperty -Path $path).Enabled -ne 0) {
        Set-ItemProperty -Path $path -Name "Enabled" -Value "0"
        Write-Host("Set $path Enabled to 0")
    }
}

PowerShell for SharePoint in O365- Getting Started

Getting PowerShell for SharePoint Online up and running is relatively easy, however, you might have to download a couple of things. And if you are new to PowerShell, you could be wondering what can you actually do once you have the SharePoint Online Management Shell installed? So here is a beginners guide on how to get things started on your local machine.

1) Make sure that you have installed Windows PowerShell 3.0. If you do not have PowerShell 3.0, you will need to download the Windows Management Framework 3.0
2) You will need to install the SharePoint Online Management Shell, which can be downloaded from the Microsoft Download Center
3) Run PowerShell, Windows PowerShell, the new SharePoint Online Management Shell or the Windows Integrated Scripting Environment (ISE).
As seen in Figure 1, you can find your new Shell by searching for it. However which ever tool you decide to run, PowerShell, ISE or the Online Shell, you will need to run it as an Administrator. If you do not, you will receive an error, as seen in Figure 2.

Figure 1: Searching for the new Online Management Shell

Figure 2: You will need to Run As Administrator to avoid this error

If you take a close look at the error in Figure 2, notice the Import-Module cmdlet that is used to import the Microsoft.Online.SharePoint.PowerShell module. The cmdlet is using the "DisableNameChecking" parameter; this is because of the use of non-standard verbs. In Figure 3, you can see that the "Upgrade-SPOSite" would be the non-standard verb. You can view the imported cmdlets (verb-noun) by running:

Import-Module Microsoft.Online.SharePoint.Powershell -Verbose

Figure 3: Shows the non-standard verb

In my Windows 8 deployment, the module was automatically added, as seen in Figure 4.

Figure 4: Using ISE, you can verify installation by looking in the Modules drop-down.

One of the great features of running ISE is that users are able to see all the commands available to them. Figure 5 shows all of the commands (verb-noun) available for the Microsoft.Online.SharePoint.PowerShell module.

Figure 5: A list of all available cmdlets for the Online module

4) To be able to start using PowerShell online, you will need to connect to the admin site of your tenant.

Connect-SPOService -Url https://yourTenant-admin.sharepoint.com -Credential username@yourTenant.com

5) Once you are connected, take it for a test drive!

Get-SPOUser -Site https://yourTenant.sharepoint.com

In Figure 6, you can see the results and some interesting accounts used by O365 to help manage your site.


Figure 6: The returned results from the Get-SPOUser cmdlet.

Another benefit of using ISE over just the Management Shell,  is that the Commands tab within ISE will actually help me create my script by showing me the required and available parameters to fill out, as seen in Figure 7.

Figure 7: ISE will show you the parameters available and will insert the command into the Script Pane.

ISE also uses Intellisense, as seen in Figure 8.

Figure 8: Shows the Intellisense parameters available for the Connect-SPOService cmdlet.

If you are still a bit timid to start writing your own commands, an excellent reference for helping you to create PowerShell commands, is Bill Baer's online Windows PowerShell for SharePoint Command Builder. You can download the instruction guide or you can go straight to the command builder website and start creating.

Update: 08/09/2013: Cleaned up verbiage due to late night blog posting...

SharePoint, IIS, 503 errors and GPOs

One of the great things about my job is that I get to spend a bunch of time solving puzzles and fixing peoples' problems. I get to install SQL Server and SharePoint in existing, well established Federal environments. Incase you are unaware, in a segregated, secured environment, such as a Federal Agency, the left hand does not always talk to the right hand. The DNS team works apart from the Exchange Team, who works apart from the AD team, who is isolated from Network Ops team, who works independently from the firewall team, and so forth. Getting things accomplished in such an arena, can be challenging, and usually involves a vertical assent and decent approach, meaning I talk to my counterpart, they talk to their boss, who talks to, for example the AD Team's boss, and then my service accounts get created.
Scenario
I was working with a group out of Alaska and Seattle, WA, to get a SharePoint 2010 Enterprise environment with SQL Server 2008R2 up and running after the group finished a domain migration.
SQL Issues
As with any SharePoint Farm installation, I installed SQL first. Everything seemed to have installed correctly, however after reboot, the SQL Server instance and the SQL Agent instance would not fire up, as seen in Figure 1.

Figure 1: Showing the stopped SQL Server and SQL Agent accounts.
In the process of troubleshooting, I opened up the service instance for the SQL Server Service and verified that the password was correct. As seen in Figure 2, after entering the account password, I was greeted with a message.

Figure 2: Shows that after entering the account password, that the account has been granted the Log On As A Service right.
This pointed me in the right direction for the first problem in this environment. The service accounts that were created in Active Directory (AD) had a GPO rule that new accounts could not Log On As A Service. The new accounts were put into a new Security Group, ran a gpupdate /force (http://technet.microsoft.com/en-us/library/bb490983.aspx), rebooted the server and SQL was now able to be rebooted successfully and have the service instances come up running!
SharePoint Issues
Unfortunately, placing all the service accounts into the new Security Group did not stop all the issues within the Farm. SharePoint installed correctly, and Central Administration(CA) provisioned and started correctly, however, after rebooting the server, I would receive a 503 error when trying to get to CA. Typically you would receive a 503 error when the Application Pool Account for your site has been stopped. After manually starting the account and clicking on the CA link, I would get a 503 error and my Application Pool Accounts would be stopped again, as seen in Figure 3.

Figure 3: After browsing through the IIS sites, the Application Pools would stop.
Which brought up the following in the error logs:
Log Name:      System
Source:        Microsoft-Windows-WAS
Date:          6/28/2013 7:40:21 AM
Event ID:      5021
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      
Description:
The identity of application pool SharePoint Central Administration v4 is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request.  If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.
Event Xml: (removed)
Pretty nice to actually get a message that means something for once. But which account needs the Batch Login Rights? This is Federal Environment, I just cannot ask for all of my accounts to be put into a different GPO. After reading this article on IIS 6 http://technet.microsoft.com/en-us/library/cc179801.aspx and this article that has the same issue,

http://talesfromitside.wordpress.com/2011/12/06/log-on-as-a-batch-job-permissions-removed/

, I was a little bit closer. Finally I read this KB article from Microsoft that really solved the problem:

http://support.microsoft.com/kb/981949 (see Figure 4)

Figure 4: Shows the default permissions and user rights for IIS 7.0, IIS 7.5, and IIS 8.0
So, after having the security policy modified to allow the IIS_IUSRS to Log On As A Batch Job, we ran a gpupdate /force, rebooted the server and the IIS Application Pool was able to stay up and running after trying to access Central Administration.

Update 12/29/2014
Recently, while working with a customer, I ran into interesting issue with my content service account (eg: spContent). I was able to provision my farm, create all of my service accounts, and create my Web Application and Site Collection. I was able to open Central Administration, however, when I tried to browse to the Site Collection URL, I would receive an error.

It was a bit odd that everything else worked, but the web page would not render.
Now, I was in an environment known for having issues with GPO and had a bunch of devices in the background doing all kinds of packet inspection, so I was a bit hesitant as to what could be the error.
Luckily I did find a very helpful blog post: SharePoint 2013: An exception occurred when trying to establish endpoint for context: Could not load file or assembly...
This article basically asks to make sure that Impersonate a client at authentication has local rights.

Summary

Make sure your Service Accounts can Log On As A Service and that your IIS_IUSRS are allowed to Log On As A Batch Job. You might need to have the Impersonate a client at authentication has local rights as well.
Make sure that you do an iisreset after you push your GPO updates (or reboot the server(s)).

Determine Max Users From Requests Per Second (RPS)

While doing some work for a client the other day, I needed to reverse engineer how many users can their farm handle based on the results from a Visual Studio Load Test. Determining the requests per second that the users will generate is easy once you plug in the required information based off of the end users' usage profiles.

Great!  According to the spreadsheet, their web server needs to be able to handle around 208 requests per second.  But if you run a load test on their farm, and you are given an Avg RPS, how many people can your farm handle based off the give utilization statistics?  This was a bit harder to figure out, but eventually I got there.  After plugging in the actual Avg RPS that the farm could handle while the hardware was still in it's "Green Zone" was 11.  When you put that into the spreadsheet, the number of Total Users that should access their environment should be less than 1,320.



You can download the spreadsheet from here: http://sdrv.ms/Xp7Sq0

Using PowerShell to Export Your .WSP Packages

During your upgrade from SharePoint 2010 to SharePoint Server 2013, we will need to make sure that we have all of the appropriate versions of our deployed WSP files.  If you have ever been a guest (consultant) on another farm, and your client has not been able to maintain a valid history of deployments, you could really run into a big upgrade problem.  Luckily for us, Shane Young, with help from Todd Klindt, wrote up a nice blog post on how to export and import your farm solutions using PowerShell called Using PowerShell to export all solutions from your SharePoint 2010 farm and other fun

I am only really worried about the extract portion of the blog, and have modified the script a bit to fit how I run my scripts.

#Get Backup Path
$bkdir = read-host("Enter Folder Location") # Get Backup Path!

# Set Backup Path if you want to hard code your path
#$bkdir = "\\serverName\Shared\Temp" (optional "C:\Temp")

# Verify folder exists
if ((test-path $bkdir) -eq $false ) # Verify folder else create it...
  {
     [IO.Directory]::CreateDirectory($bkdir) 
  }

# Add Snapin
Add-PSSnapin Microsoft.SharePoint.PowerShell -EA 0 

(Get-SPFarm).Solutions | ForEach-Object{$var = $bkdir + "\" + $_.Name; $_.SolutionFile.SaveAs($var)}

Thanks Shane for making life less stressful!

Microsoft SharePoint 2013 Upgrade Planning Template

I have modified the Microsoft Template, and you can find a copy of my upgrade template here: http://sdrv.ms/VqNni7

Getting Your SharePoint Farm Information

As we prepare our upgrade strategy for SharePoint Server 2013, one of the major requirements is documentation of our existing SharePoint 2010 environment.  This is also a good script to run when first getting your hands on an unknown farm.  This should save you a bunch of documentation time.
<Lecture>
In theory, you should be reviewing the output documentation of your environment on a weekly basis.  You could even go as far as importing the results into SQL, and tracking your growth and changes of your SharePoint Farm with SSRS.
</Lecture>
This script will create a folder, go through your farm, and create the appropriate .csv file as long as you have the appropriate permissions to run the script and you have permissions to access the data.

There are several blog posts on how to take all the .csv files and merge them into one .xlsx file.  Here are a couple that I found useful.  You will notice that they call the ComObject Excel.Application, so if you do not have Excel installed or the appropriate Office System Driver Connectivity Components installed, you will get an error.

This post by Jeff Hicks was very informational about how to get everything working:

http://www.petri.co.il/export-to-excel-with-powershell.htm

This page actually has a .ps1 for you to download, but in the Q&A section, imfrancisd has a script that works very nicely as well.

Update (01/10/2012)
Added -Limit All
Update (10/30/2014)
Added a check to see if Backup location ends with "\"
Added URL to Sandbox Solution location for output
Added site structure output for entire farm
Added Disposal of objects
Update (10/21/2015)
Moved Script to Gist
Fixed error in Get Features section thanks to Matthew Bramer (@ionline247)
Cleaned up Get Site Structure section to get ALL webs within each Site Collection by Web Application.

SPSRED: Upgrading your SharePoint and SQL Environments

I was fortunate enough to have scheduled the end of a client engagement to coincide with the start of SharePoint Saturday Redmond.  When I had submitted the topic, I was kind of hoping to not have it selected, as there was a lot of work that would need to be done.  That being said, here is my presentation:

Here is the farm layout:

 Here is the template that I used when creating SQL Cluster and HA Group:

Here is the output file from the Test-SPContentDatabase:

All files are located here:
https://skydrive.live.com/redir?resid=8E55AA8C038225F8!4265

SPSNoLA: Augmenting User Profiles with Line of Business Data

The actual file is located here:
https://skydrive.live.com/redir.aspx?cid=8e55aa8c038225f8&resid=8E55AA8C038225F8!832&parid=root

Force .eml Files to Open in Outlook 2007

Background

Files being collected in SharePoint email enabled lists are being received as .eml files by default since SharePoint uses SMTP services for receiving email.  The problem is that people want to use Outlook, not Outlook Exprerss to view their emails, and .eml files are not native to Outlook 2007 or earlier.

Workaround

1)      Modify the client registry:

a.     Make a backup of the following eml-file registration:

                                                               i.       HKEY_CLASSES_ROOT\.eml

b.      Install appropriate eml-Outlook2007-xxx.reg file by double clicking the file.

c.       Information taken from http://www.msoutlook.info/question/354

2)      Set the .eml file default to open in Outlook 2007

a.       Right click a .eml file

b.      Open With à Choose default program…

c.       Choose Outlook.exe

                                                               i.      C:\\Program Files\Microsoft Office\Office12\Outlook.exe

3)      Modify the client registry again:

a.     Make a backup of the following registration:

                                                               i.       HKEY_CLASSES_ROOT\MIME

b.      Modify “HKEY_CLASSES_ROOT\MIME\Database\Content Type\message/rfc822”
extension=".eml"
CLSID=""

c.       Information take from:
http://social.msdn.microsoft.com/Forums/en-US/vbgeneral/thread/d94c0d4e-0d32-4648-bdd6-dc3f28bb4797/

Creating a Central Admin Desktop Shortcut Using PowerShell

While working on a deployment script, I thought it would be nice to add the Central Admin shortcut to the desktop of All Users.  You can get a lot of information from http://ss64.com/vb/shortcut.html concerning creating shortcuts, but if you want to add the shortcut for All Users:

# Add Central Admin Shortcut to All Desktops
$wshshell = New-Object -ComObject WScript.Shell
$desktop =  $wshShell.SpecialFolders.Item("AllUsersDesktop")
$lnk = $wshshell.CreateShortcut($desktop + "\SharePoint 2010 Central Administration.lnk")
$lnk.TargetPath = "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\psconfigui.exe"
$lnk.Arguments = "-cmd showcentraladmin"
$lnk.Description = "Views the Central Administration Web Application."
$lnk.IconLocation = "%SystemRoot%\Installer\{90140000-1014-0000-1000-0000000FF1CE}\shcentadm.exe"
$lnk.Save()

Deploy and Retract .wsp Files using STSADM or PowerShell

As recommended in previous posts on using STSADM; I suggest creating a .cmd file to run the scripts, and save the scripts in a folder.  I am also assuming that you have STSADM added to your variable path.  Don't forget to right click, and run as Administrator!

Deploy with STSADM:

stsadm -o addsolution -filename path\solutionName.wsp
stsadm -o deploysolution -name solutionName.wsp -immediate -allowgacdeployment -force -allcontenturls
stsadm -o execadmsvcjobs
pause
iisreset /noforce

Retract with STSADM:

stsadm -o retractsolution -name solutionName.wsp -immediate -allcontenturls
stsadm -o execadmsvcjobs
pause
stsadm -o deletesolution -name solutionName.wsp -override
pause
iisreset /noforce

Remember, to run the following commands you must have SPShellAdmin permissions (see Add-SPShellAdmin)

Add, Install, Enable, Update, Disable, Uninstall, and Remove Farm or User Solutions (SPUserSolution) with PowerShell:
1) Update lines 1-4 (and line 6 if working with sandboxed solutions).
2) Remove the pound(#) symbol of the command you want to run.

$fileLocation = "C:\Projects\Event Receiver\bin\Debug"
$wspFileName = "Event_Receiver.wsp"
$featureIdentity = "Event Receiver_Feature1"
$url = "http://pc2010.local/"
# Sandboxed Solution Upgrade Name
$toSolutionName = "Event_Receiver_v2.wsp"

Add-PSSnapin Microsoft.SharePoint.PowerShell -EA 0
$literalPath = $fileLocation + "\" + $wspFileName
Write-Host("Using WSP from: " + $literalPath)

<#
    *****************************
    *       Farm Solutions      *
    *****************************
#>

# Add WSP Solution (http://technet.microsoft.com/en-us/library/ff607552.aspx)
# Write-Host("Adding solution to Farm..."); Add-SPSolution -literalpath $literalPath

# Update Existing WSP Solution (http://technet.microsoft.com/en-us/library/ff607724.aspx)
# Write-Host("Updating solution in Farm..."); Update-SPSolution -identity $wspFileName -literalpath $literalPath -gacdeployment

# Deploy WSP solution to the Farm (http://technet.microsoft.com/en-us/library/ff607534.aspx)
# Write-Host("Deploying solution to the Farm..."); Install-SPSolution -identity $wspFileName -allwebapplications -gacdeployment -force

# Enable an installed feature at the given scope (http://technet.microsoft.com/en-us/library/ff607803.aspx)
# If the feature is a farm feature, no URL is needed
# Write-Host("Enabling Feature..."); Enable-SPFeature -identity $featureIdentity -url $url

# Disable a feature at the given scope (http://technet.microsoft.com/en-us/library/ff607879.aspx)
# If the feature is a farm feature, comment out -URL Parameter
# Write-Host("Disabling Feature..."); Disable-SPFeature -identity $featureIdentity -force -confirm:$false -url $url

# Retract WSP solution from the farm (http://technet.microsoft.com/en-us/library/ff607873.aspx)
# Write-Host("Retracting Solution from Farm..."); Uninstall-SPSolution -identity $wspFileName -confirm:$false

# Delete WSP solution from the farm (http://technet.microsoft.com/en-us/library/ff607748.aspx)
# Write-Host("Deleting solution from Farm..."); Remove-SPSolution -identity $wspFileName -force -confirm:$false

<#
    *****************************
    *       User Solutions      *
    *****************************
#>

# Add sandboxed solution to solution gallery (http://technet.microsoft.com/en-us/library/ff607715.aspx)
# Write-Host("Adding user solution to solution gallery..."); Add-SPUserSolution -LiteralPath $literalPath -Site $url

# Activate the sandboxed solution in a site collection (http://technet.microsoft.com/en-us/library/ff607653.aspx)
# Write-Host("Enabeling sandboxed solution..."); Install-SPUserSolution -identity $wspFileName -Site $url

# Upgrade EXISTING activated sandboxed solution (http://technet.microsoft.com/en-us/library/ff607902.aspx)
# Write-Host("Updating sandboxed solution..."); Update-SPUserSolution -identity $wspFileName -Site $url -ToSolution $toSolutionName

# Deactivate a sandboxed solution from site collection (http://technet.microsoft.com/en-us/library/ff607582.aspx)
# Write-Host("Retracting sandboxed solution..."); Uninstall-SPUserSolution -identity $wspFileName -Site $url -confirm:$false

# Delete a sandboxed solution from site collection (http://technet.microsoft.com/en-us/library/ff607709.aspx)
# Write-Host("Deleting sandboxed solution..."); Remove-SPUserSolution -identity $wspFileName -Site $url -confirm:$false

Update (11/2/2014)
Finally added the ability to Add, Enable, Update, Deactivate, and Remove Sandboxed Solutions (SPUserSolutions).
Added write-host output so that you know what you did...
Update (01/26/2015)
Added a closing parenthesis ")" for installing solution, and fixed some spelling errors

RSS Feeds from Google News

Sometimes the news sources you are trying to collect do not have good RSS feeds.  Especially if you are trying to collect information about a very niche subject.  Google has made it very easy to collect news to display as an RSS feed within SharePoint.
1)  Go to http://news.google.com
2)  Type in your search parameters
3)  Modify the results URL by adding "&output=rss" at the end of the URL, and go to the new URL
4)  Verify that you are indeed getting the feed.

4)  Add the RSS Viewer webpart to your page
5)  Under RSS Properties, in the RSS Feed URL, add the modified URL.

Increase Time Before Connection Timeout Between SQL and SharePoint

I have run into an issue with a couple of clients where a Connection Timeout Error occurs on either very large SSRS reports or in some custom web parts pulling data from SQL.   By default, the connection between SharePoint and your SQL servers will timeout after 120 seconds.  My current client just had me create a report that takes about 8.5 minutes to complete rendering...  oops, error!
This is how you fix the timeout issue:
1)  Go to the virtual directory for the site that is timing out.
         C:\inetpub\wwwroot\wss\VirtualDirectories\yourSite
2)  Make a backup of the web.config file.
3)  Edit the web.config file and add an httpRuntime property called "executionTimeout"

In the example below, my connection will now timeout after 5 minutes (300 seconds).

SharePoint Custom Login Error (401) Page

When dealing with lots of people logging into your SharePoint site, you will spend a lot of time answering phone calls from people with login errors. A nice and easy way to preemptively help deal with login failures is to use a custom error page.

1) Go to your IIS and look up where the custom errors are located for the site.

2) Look at the path location for the location of the error files.

3) Go to the file location,, you will want to edit the 401.htm file.

4) The last step is to modify the web.config for your SharePoint site.  You will need to add (modify) the system.webserver.
Download code here

To add custom error pages in different languages, just add the pages to the appropriate local language folder.  You can find the local language folder information here...  http://msdn.microsoft.com/en-us/library/bb266177.aspx

Running STSADM Commands

I know that everyone and their mother has an opinion about how to deal with STSADM commands, so one more opinion won't hurt.
I suggest creating a folder on the C: drive called "Scripts", to store all of the batch (.bat) and command (.cmd) files that you create/run.  It is a lot easier to edit the files in Notepad than it is to retype the whole STSADM command when you make a mistake.  Also, if you blow up your farm, you have a record of all scripts run in case you have to rebuild.
The first thing to do when creating a script for SharePoint 2007 is to add the STSADM path as the first line:
cd C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN
Then write your STSADM command(s)
The last line of your script should be:
Pause
This will allow you to see the errors or successes without the cmd window closing.
Please remember to right-click the script and Run as Administrator.

Proxy Server Settings for SharePoint 2007

We do not have any "Content" deployment people at my office so I depend mostly on RSS feeds to keep the sites updated and changing on a constant basis.
One day, our IT department put in a Proxy Server, which killed all of the RSS feeds to SharePoint. I had to update the config file so that the RSS feeds were available once again.

I used the following sites as reference...

http://geekswithblogs.net/hinshelm/archive/2007/10/24/Proxy-server-settings-for-SharePoint-2007.aspx

http://microsoft-sharepoint-services.blogspot.com/2008/12/configuring-proxy-setting-on-sharepoint.html

http://support.microsoft.com/kb/912060

You will need to put the Proxy Setting into each Virtual Directory for every site that you want to be able to access the Internet.

The main reason that I am writing about these settings is that it took me too long to figure out that the last slash in the "proxyaddress" is REQUIRED...

In Server 2008, you will find the required files here...

C:\inetpub\wwwroot\wss\VirtualDirectories\YOUR SITE NAME\web.config

Add the following to the end of the .config file:

<system.net>
  <defaultproxy>
     <proxy usesystemdefault="false" proxyaddress="http://x.x.24.45:3128/" bypassonlocal="true" />
  </defaultproxy>
</system.net>