Paul Galvin's (old) SharePoint space [SharePoint

Just another site

Category Archives: SharePoint Administration

Solution: Compiling MOSS Audience Adds No New Members

Bottom line: if you want to use a profile property in a rule for creating audiences, the property must be visible to “everyone.”

I was working with a co-worker yesterday and he was building out a MOSS audience based on a custom user profile property in MOSS.  In this case, the audience property is named “SITECD” and by convention, stores a 3 character code. He had defined the audience and a rule that said that if “SITECD equals ‘ABG’”, then include that user profile in the audience.

He set up a single user profile with that value and compiled the audience, but MOSS simply wouldn’t add that user.  I noticed that the privacy setting for that profile was set to “me only” (the most restrictive form) and I remembered reading somewhere that property profiles used in rules must be visible by “everyone”.  He made that change and that solved the problem.

The really funny thing about this is that I “remembered” reading about this.  It was nagging at me this morning for some reason and I realized that I had written a chapter in this book, MOSS Explained: An Information Worker’s Deep Dive into Microsoft Office SharePoint Server 2007, and that I covered this point in the very chapter I wrote :).  I would have thought that every word I wrote in that chapter would be seared into my memory.

Matt Morse writes this up in beautiful detail here and I referenced it in the chapter:

</end>Subscribe to my blog.

Follow me on Twitter at

Technorati Tags: ,


Fun SharePoint SSO Fact of the Day

I’ve been working with SharePoint SSO and learning as I go.  One way in which this works is that you tell SharePoint about external applications.  Users log into that application via some SharePoint function (e.g. iView web part).  The first time the user performs this action, it prompts them for the correct user id and password to use for that system.  It’s setting up a mapping between your SharePoint credentials and your credentials for that backend system.  Thereafter, the user won’t have to enter their ID when they hit up that system.

That part worked well for me.  However, it begs the question, “how does the user change that user id or password?”  The user might have made a mistake, or maybe you’re doing some testing in a dev environment and need to quickly switch between accounts.

I don’t know the answer to that, but I do know that you can go into Central Administration and manage the user’s credentials:

Central Administration –> Operations –> Manage Single Sign-On –> Manage Account Information for an Enterprise Application Definition

From there, you can specify the external application (e.g. SAP) and the account you want to delete.  You can also change the mapping.

If you know how to allow end users to directly change their credentials, kindly post a comment 🙂


Subscribe to my blog.

Follow me on Twitter at

Technorati Tags: , ,

Adventures With iView Web Parts

I needed to do some minimal proving today that iView web parts can work in my client’s environment.  I’ve never worked with this slice of SharePoint before.

Microsoft has created a very high quality white paper on this subject.

The first obstacle I had to overcome was – where is the iView web part?  For some reason, my first thought was that I’d have to download it from a site somewhere, perhaps SAP’s site.  I had 1/2 convinced myself that iView web parts might even cost extra.  Of course, they are included with MOSS (I think Enterprise; that’s what I’m using here in any event).  I’ve seen the standard “add a web part” dialog box hundreds or more times and always glossed over it.  No more!

The next obstacle is that I can’t read instructions. 

I was using the web part and kept getting this annoying message:

No SAP servers are configured for this site.  Contact your administrator to configure trusted SAP servers.

The white paper clearly says to edit a configuration file located at file “<Drive Letter:>\Program Files\Microsoft Office Servers\12.0\Config\TrustedSAPHosts.config”.  The first dozen times I looked at that, all I saw was “Program Files\…\Config” and I went straight away to the 12 hive.  Once I finally slowed down to read it, I realized my mistake and it was easy to fix. 

I continued on my merry way with SSO configuration.  It’s not all at clear to me if that worked, but that’s another story for another day.

Bottom line:

1. iView web parts are included out of the box with SharePoint (probably Enterprise).

2. The magic configuration file, “TrustedSAPHosts.config”, does not live in the 12 hive.


Subscribe to my blog.

Follow me on Twitter at


VPN Strikes Again, Slowing Me Down and Ruining My Beer

Tonight, I’m doing some hobby work with a virtual machine running on my desktop.  I’m connecting via IE on my laptop and I’m noticing horrible performance.  IE keeps freezing, especially when I access anything in the upper right hand corner that would cause a drop-down to, well, drop down.  I would click on Site Actions and things freeze up for a while.  They would freeze long enough for me to switch over to another browser window and do something else.  If I confine myself to navigating around from page to page, it’s reasonably quick, but even that feels slow.  Normally, things are very fast. 

I’ve had this happen to me before and I think that I ended up rebooting at the time.  I’m about to do that when I somehow notice I’m still VPN’d to a client from 2 days ago(!).  I disconnect and that that solves my performance problem.


Subscribe to my blog.

Technorati Tags: ,

SharePoint Performance — Quick (But Unusual) Tip

We’ve been working in a user acceptance testing (UAT) environment which, as compared to development, is dead slow.

It’s a complicated environment using FBA, SQL 2008, SSRS and extended web applications accessible over the internet using https, so it’s been hard to track down the issue.

For a previous client, we used FBA with an LDAP role provider (and membership provider).  One of my colleagues, far more clever than I, determined that the "out of the box" LDAP role provider, when used in that environment, wasn’t scaling well.  To solve this problem for that client, he implemented a nice caching scheme in a custom role provider. 

This situation seemed similar, so we looked into replicating that solution to the today’s client.  As I was debugging that, I noticed that this message would frequently appear in the System log (from Event Viewer):

A worker process with process id of ‘XXX’ serving application pool ‘Home – 80’ has requested a recycle because it reached its virtual memory limit. 

I took this to mean that the app pool was recycling far, far too often and that would explain a performance problem.

I looked at the app pool’s properties and its "Recycling" page showed that the property "Maximum virtual memory (in megabytes)" had been set to true and had been set to 5000.  That seems like enough, but I decided to unset the value and that had an immediate positive effect.  No more app pool recycling.  No more mysterious slow-downs and pauses.

I don’t really understand the underlying "stuff" that’s going on there, but clearly some kind of cause/effect thing is happening and for now, the UAT environment is usable.


Subscribe to my blog.

Technorati Tags:

Have You Performed Your Monthly Search Analysis?

It’s a good practice, probably even a Best Practice, to review your search reports once a month and look for opportunities to add best bets, tune your thesaurus and maybe even uncover some business intelligence that is otherwise hidden to management. 

It’s already the 3rd of the month.  Time’s awastin’ 🙂


Subscribe to my blog.

Technorati Tags:

Data Protection Manager: Seems Like a Great SharePoint Backup/Restore Solution

At the New Jersey SharePoint User Group meeting last night, Microsoft Sr. product specialist DuWayne Harrison presented Microsoft Data Protection Manager 2007.  DuWayne was great (and he was supported by one or two colleagues from the audience whose names I don’t recall).  You can get the presentation materials here.

Up until last night, I have never heard of DPM.

I’m not a system admin type person, so I’m writing this from SharePoint consultant’s perspective and may get some of the words wrong.  To me, DPM is a backup/restore solution for Microsoft "stuff":

  • Files
  • SQL
  • O/S
  • Virtual machines (live backup of the VM, even if the VM itself is running Unix).
  • Bare metal recovery (i.e. catastrophic hardware failure).

Beyond that stuff, which I would consider to be minimal requirements for any kind of "real" backup/restore product, DPM also has built-in intelligence for SharePoint.  It understands about server farms and lets you restore:

  • Entire databases (e.g. content, config, etc).
  • Site collections
  • Individual sites
  • Individual items (e.g. documents).

The actual restore process involves extracting the target data from the backup and save it into a "restore farm" and then from there, moving it to the production environment (or wherever you want to restore).  I think this is seamless, but there was a lot of emphasis on the need for a "restore farm".  The restore farm does not need to match the production environment in every particular (mainly in physical topology) but does need to match in terms of templates, versions, etc.

I didn’t see a full end to end demo, but DuWayne did show screen shots and some live demos.  It seems to be as good as it needs to be, at least for a moderate sized environment.

I was particularly struck by the pricing.  Obviously, don’t hold me to this, but I believe that the most expensive pricing is roughly as follows (in USD):

  • $600 for DPM itself.
  • Hardware for a DPM server (and associated stuff for media and all that).
  • $450 for each server you want to back up ("enterprise" license).

A five server farm would cost at most:

  • $600 for DPM
  • $450 x 5 servers = $2,250

Total cost in licenses: $2,850

In practice, it would be less.  You wouldn’t necessarily need to have DPM installed on each web front end, for example.  You don’t necessarily need enterprise licenses either.

The user interface is seems very simple probably would not require any special training to get up to speed.  I did ask about that specifically and there is apparently a 1.5 day class available, though it’s not obvious to me that anyone would really need to take it.

All in all, I think it’s certainly worth investigating if you’re out there looking for a data protection solution for SharePoint.


Subscribe to my blog.

Technorati Tags:


Quick Impression: System Center Capacity Planner for SharePoint

I just fired up the capacity planning tool that’s all the rage these days

I found it easy to use and quickly modeled a client environment I worked on this past summer.

With some trepidation, I pressed the final OK button and it recommended something that is pretty similar to what we gave our client (we actually threw in a second application server for future excel use).  I take that to be a good sign and increases my confidence in the tool.

It seems pretty powerful stuff a much better starting point than a blank page.

I like that lets you get into some good detail about the environment.  How many users, how you project they will use the system (publishing, collaboration, etc), branch office and connectivity / network capacity between them and the mama server.  Good stuff.

It asks broad based questions and then lets you tweak the details for a pretty granular model of your environment.

I hesitated downloading it because I have so many other things to look at it, read and try to digest.  I’m glad I did.

It’s an easy two-step process.  Download system center capacity planner and then download the SharePoint models.  It runs nicely on Windows XP.

Based on my quick impression, I don’t see how it might account for:

  • Search: Total documents, maybe types of documents, languages.
  • Excel server: how much, if at all?
  • Forms server: how much, if at all?
  • BDC: how much, if at all.

Those may be modeled and I just didn’t see them in the 10 minute review.

I will definitely use it at my next client.

If I were not a consultant and instead working for a real company :), I’d model my current environment and see how the tool’s recommended model matches up against reality.  That would be pretty neat.  It could lead to some good infrastructure discussion.


Technorati Tags:

Yet Another Network Credentials Multi-Challenge Issue and Solution

My client recently installed a magic device from Juniper that apparently replaced their old Cisco network load balancer (NLB).  At about the same time, we installed a hotfix to address a workflow problem.

A day or two later, we noticed a problem when we accessed the shared service provider (SSP).  We could get to it, but we would be challenged for a user ID and password many times on each page.  This didn’t happen with the main portal app, nor central administration.  Naturally, we didn’t know which of the two (Juniper or hotfix) would be the issue, though I strongly suspected the hotfix, figuring we had not installed it quite right.

It turned out that Juniper had some kind of compression setting.  One of the robed figures over in the network group turned that setting off.  That solved our problem.

This is not the first time that compression has been the root cause of a SharePoint problem for me.  IIS compression adversely affected a 3rd party tool from the good people at The Dot Net Factory for IE 6 browsers (IE 7 browsers worked without difficulty).

So, add "compression" to the hazards list.


Credit to:

Technorati Tags: ,