Early Bird Tickets available for NZ and AUS SharePoint Conferences

I’m already looking forward to these events, so I’m happy to mention that there are now early bird passes available for both events, at the early bird prices (NZ – 650.00 and AUS -725.00) for the two day event. These will go fast and are limited to the first 250 people registering. You can also get a great discount if you have 5 or more people register.

See http://www.sharepointconference.com.aufor the 2012 Australian SharePoint Conference, which is in Melbourne March 20/21

See http://www.sharepointconference.co.nz for the 2012 New Zealand SharePoint Conference, which is in Auckland 28/29 March.

After an AWESOME planning weekend, with the organiser team on the Gold Coast earlier in December, we have an agenda up on the sites. This will be improved in the next few weeks, but gives you a taste of what is to come! FIVE tracks this year, as we introduce a new track – “Office, Productivity and BI” – lots of great sessions in there.

The Voice of a Customer track has changed names to “Case Studies” – and as it aptly describes, will be a collection of Customer stories – these are shorter 25 min sessions, which means we will have 20 Stories to share!

We have more great technical content for both Developers and IT Pros…and speakers from the USA, UK, Canada, India, New Zealand and Australia. More details will come throughout January…

IN addition to the two days packed with informative sessions, and lots of learning, you can also register for one (or many) of the GTTP (Get to the Point!) half day workshops. There is a selection of around 12 different topics, for all levels – and two full day workshops also. Check out the site for more details.

Resolving a HTTP/1.1 200 OK Server: Microsoft-IIS/7.5 Error with a SharePoint 2010 Web Application

This error stopped me in my tracks for a couple of hours, while just editing IIS bindings and Alternate Access Mappings my site stopped responding entirely.

Instead of displaying a lovely site, my browser just displayed a blank error message.   Turning off Friendly Error messages I found the following error message displayed :

HTTP/1.1 200 OK Server: Microsoft-IIS/7.5 Date: Tue, 10 Aug 2010 03:19:45 GMT Connection: close

Unfortunately this error is not as helpful as you would think.  The only time I’ve seen similar errors with SharePoint were with 404 errors, usually because a Web Application existed, but a Site Collection did not.

I also noticed quite a few of these errors in the event log :

Unknown SQL Exception -1 occurred. Additional error information from SQL Server is included below.
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 – Error Locating Server/Instance Specified)

Again this was not helpful, as I had other Web Applications on the same servers, which had no problem connecting at all!

Out of some desperation I decided to try detaching and reattaching the content database for the Web Application, and Voila!  The site came back online.   I do not have any idea why this was actually happening, however I’m putting it up here in case someone else comes across it.

Enabling or Disabling Claims Based Authentication

If you have already provisioned a Web Application then it may not be immediately obvious how to change the authentication over to Claims (or revert back to Classic) as this cannot be done within the GUI and can only be done within PowerShell.

Note : To do this you will need to load PowerShell and the SharePoint 2010 snap-in.

To Enable Claims :

$webApp = Get-SPWebApplication "http://webapplicationurl"
$webApp.UseClaimsAuthentication = 1;

And to revert back to Classic mode authentication just change the 1 to a 0 :

$webApp = Get-SPWebApplication "http://webapplicationurl"
$webApp.UseClaimsAuthentication = 0;

Fairly easy, but not immediately obvious 🙂

Australian SharePoint Conference Wrap Up

The Australian SharePoint Conference finished up yesterday evening. It was a fantastic couple of days immersed in all things SharePoint as well as getting a chance to hang out again with a bunch of the Australian SharePoint community members, and of course share a few drinks with them 🙂

I was able to present my session on one of everybody’s favourite topics – Content Deployment!

Content Deployment Bootcamp
Content Deployment is one of the final frontiers where SharePoint administrators fear to tread. Mark will explore Content Deployment from its origins to what to expect with SharePoint 2010 and covers his experiences when using content deployment in production environments, including tips and tricks to get your content deployment running smoothly, and how to keep it that way!

The session went quite well and I had a great amount of participation from the Audience, including giving away four hand made pens that I made myself, these seemed to be fairly well received and I like to think they were a unique touch.

Slides from my session are available here : http://www.slideshare.net/markrhodes/content-deployment-bootcamp

I was also really fortunate to participate in the “Ask the Experts” session with Elaine Van Bergen, Todd Bleeker, Arpan Shah and Paul Swider.  This was a great way to finish off the conference as we were able to have a good time answering questions as well as giving a few laughs to the audience.

I was also able to participate in an excellent podcast by Jeremy Thake which will be available fairly soon on http://www.sharepointdevwiki.com. The podcast was on the topic of “Sandbox Solutions” and was moderated by Jeremy and included myself, Arpan Shah, Todd Bleeker and Paul Swider.  I will post the link as soon as it is published.

**Update** – Podcast available at http://www.sharepointdevwiki.com/display/SPPodCasts/2010/06/18/SPWebCast+018+-+Sandboxed+Solutions+interview+with+Arpan+Shah,+Todd+Bleeker,+Paul+Swider+and+Mark+Rhodes

The conference itself was incredibly well organized and I think has set the bar in what to expect from these events within Australia.  Huge thanks to Debbie Ireland, Mark Orange, James Milne, Kathy Hughes and Brendan Law, as well as the crew at http://spevents.co.nz/default.aspx for such a great time.

I also promised to provide the links for my resources for my session, so here they are :

Stefan Gossner : http://blogs.technet.com/b/stefan_gossner

Spencer Harbar : http://www.harbar.net

Maxime Bombardier : http://blogs.msdn.com/b/maximeb/

Content Deployment Wizard : http://spdeploymentwizard.codeplex.com/

Microsoft Content Deployment Poster : http://www.microsoft.com/downloads/details.aspx?FamilyID=de010583-e5fe-4c4b-a633-e57312336aef&displaylang=en

Publishing Service Applications between SharePoint 2010 Farms ? Part 2

Foreword : Huge thanks to Todd Klindt for sending me a sneak preview chapter of his and Shane Young’s new book.  Their chapter on Service Applications helped me to work through and figure out why this process was not initially working for me as it is extremely finicky and will fail if the ordering of these items is incorrect.

In Part 1 I discussed how to create a trust between farms, establish permissions, publish a service application and finally consume it from a remote farm all through

PowerShell, well mostly through PowerShell. So there are a few downsides with that, sure its easy and repeatable but to a lot of people it is not terribly friendly.  There is also the fact that while it works, in situations where there are issues PowerShell will smile and let you continue blindly down the path while you might not realise that the end process is going to fail.

So with all of that in mind, how do we publish Service Applications between SharePoint 2010 farms in Central Administration”  Well not all of it can be done easily through Central Administration.

The first few steps “exporting the certificates” still need to be done in PowerShell.

1. Export and copy all certificates between Farms

First off, lets do steps 1-5 from Part 1 (https://mrhodes.net/2010/05/19/publishing-service-applications-between-sharepoint-2010-farms-part-1-8/)

This should get us to the point where all certificates have been exported and are ready to be imported on their respective servers.

2. Import root certificate from PROVIDER to CONSUMER

On the CONSUMER farm:

Open up Central Administration, and browse to “Security” then click on “Manage Trust”

Click “New” on the ribbon.

A new screen should pop up labelled “Establish Trust Relationship”.  Put in the name.  I generally use “PROVIDER [FARM NAME]” to denote a certificate imported from a PROVIDER farm, and vice versa for CONSUMER.

Next click “Browse” and select the “Provider-root.cer” file that was exported to c:certificates

Do not tick the box for “Provide Trust Relationship” or upload another cert as this is all you need on the consumer farm.

Click “OK” and you should now have a new Consumer trust established.

2. Import Root and STS certificates from CONSUMER to PROVIDER

On the PROVIDER farm:

As per the previous steps open up Central Administration, and browse to “Security” then click on “Manage Trust”, then click “New” on the ribbon.

The “Establish Trust Relationship” screen should appear.  Put in the name, this time lead with “CONSUMER [FARM NAME]”

Next click “Browse” and select the “Consumer-root.cer” file that was exported to c:certificates.

Under “Token Issuer Description” put in a description such as “CONSUMER [FARMNAME] STS”

Tick the box for “Provide Trust Relationship” and click “Browse” to upload the “Consumer-STS.cer” from c:certificates

Click “OK”

You should now have a new trust appearing on your provider.

Note : On a farm providing services, the trust will be labelled as “Trusted Service Provider” and on a farm consuming services, the trust will be labelled as “Trusted Service Consumer”.  Please note that this denotes the trust itself, not the certificates or the farm, hence why the naming may seem confusing.

3.  Establish Consumer Farm permissions on Provider Farm

At this point we really need to return to PowerShell to do steps 10 and 11 from the previous blog post.  It is a bit annoying, but unfortunately I don’t know of any way to establish the permissions, or even retrieve the farm ID from Central Administration.

4. Check that the permissions have been established.

On the provider farm you can check to ensure the permissions have been granted successfully by loading up Central Administration and going to “Manage Service Applications”.

Click on “Application Discovery and Load Balancer Service Application” and click “Permissions” from the ribbon.

Your farm GUID should be listed in here with full permissions.

5. Publish a Service Application

On your Provider Farm :

Browse to Service Applications, select the application you wish to publish and click “Publish” on the ribbon.

Then select the connection type, check the checkbox “Publish this service application to other farms” and be sure to copy out your Published URL to your clipboard.

6. Connect to a Service Application

On your CONSUMER farm:

Open Central Administration and browse to “Manage Service Applications”

Click on “Connect” from the ribbon and select the appropriate Service Application Proxy Type.

Paste in the URL you copied in the last step from the Provider’s Farm and Click “OK”

After a few seconds it should come back with the below screen.  Select the application and click “OK”

Choose an appropriate name and click “OK”

Congratulations, your service application is connected.  Click “OK”

7. Connected Service Application Properties

Now select your new service application and click “Properties” from the ribbon.

You should see a screen that depending on the service application will allow you some degree of customization.   For example,this is for a Managed Metadata Service Connection :

If you can see this screen and edit the properties then you can be fairly confident the connection has worked successfully!

I personally find that the easiest way to do this on a repeatable basis is via PowerShell, however in almost all situations I will use Step 7 from this post to connect as it is just easier, and if for some reason it fails then it will actually tell you.

While none of these steps is especially difficult, putting them together in a cohesive order that works every time took a bit of juggling.  I hope these posts have been helpful.

Publishing Service Applications between SharePoint 2010 Farms – Part 1

Foreword : This post has been updated as while it did appear to be working successfully was actually not.  Huge thanks to Todd Klindt for sending me a sneak preview chapter of his and Shane Young?s new book.  Their chapter on Service Applications helped me to work through and figure out why this process was not working for me as it is extremely finicky and will fail if the ordering of these items is incorrect.

I have spent some time recently trying to publish service applications between two different SharePoint 2010 farms.  There is a fairly detailed guide on how to accomplish this over on technet at http://technet.microsoft.com/en-us/library/ff621100.aspx however it seems the articles are incorrect or at least they did not work as expected for me.

I noticed a few problems immediately, one of them being that at least one command is no longer available in the RTM version of SharePoint 2010, this aside it was fairly easy to figure out the replacement commands.  However not just the commands are an issue here, it seems as though the entire process is incomplete.

After spending a lot of time tweaking and investigating how the actual process is meant to work, I found that the problem lay in trust between the farms, In order to consume a service from a remote farm, both farms must have their root certificates installed on each other, and the Consumer farm must have its Secure Token Service certificate installed onto the Providers farm.

Here is my guide on how to publish service applications between farms via PowerShell :

Note : In order to keep things simple, the PROVIDER farm is the Green Powershell Window.  The CONSUMER  farm is the Blue PowerShell Window.

1. On a server in both farms make a directory called certificates on C: – this is just to keep the certificates in one place.

2. Export root certificate from CONSUMER

$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export(“Cert”) | Set-Content c:\certificates\consumer-root.cer -encoding byte

(See Screenshot below)

3. Export STS Certificate from CONSUMER

$stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
$stsCert.Export(“Cert”) | Set-Content c:\certificates\consumer-sts.cer -encoding byte

** Note : You might notice that I am checking out to make sure the $rootCert and $stsCert variables contain the certificate.  I’ve had it not work a few times, so just like to double check prior to exporting a null variable, which will working quite successfully until you try to find the .cer file.

4. Export root certificate from PROVIDER

$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export(“Cert”) | Set-Content c:\certificates\provider-root.cer -encoding byte

5. Copy certificates between farms

Copy the contents of the c:certificates directory to the other farms.  I don’t think I need to tell you how to do this 🙂

6. Import root certificate from PROVIDER to CONSUMER

$trustedRootCert = Get-PFXCertificate c:\certificates\provider-root.cer
New-SPTrustedRootAuthority “PROVIDER <FARM NAME>” -Certificate $trustedRootCert

7. Import root certificate from CONSUMER to PROVIDER

$trustedRootCert = Get-PFXCertificate c:\certificates\consumer-root.cer
New-SPTrustedRootAuthority “CONSUMER <FARM NAME>” -Certificate $trustedRootCert

8. Import STS certificate from CONSUMER to PROVIDER

$stsCert = Get-PFXCertificate c:\certificates\consumer-sts.cer
New-SPTrustedServiceTokenIssuer “CONSUMER <FARM NAME>” -Certificate $stsCert

9. Publish Service Application

The easiest way to do this is through Central Administration, as it will allow you to select HTTP or HTTPS, as well as and paste the appropriate URI to connect to the topology application.  This URI is a really really long one, make sure you copy the whole thing!

Browse to Service Applications, select the application you wish to publish and click “Publish” on the ribbon.

Then select the connection type, check the checkbox “Publish this service application to other farms” and copy out your Published URL.

10.  Retrieve Farm ID from Consumer Farm


This will retrieve the GUID of the Consuming Farm.  Keep this for the next step.

11.  Grant Consumer Farm permissions

Note : This step was sourced from http://harbar.net/archive/2010/05/03/service-application-federation-with-sharepoint-2010.aspx – Huge thanks to Spencer as it helped me to get through the exact error listed on his post.

$security = Get-SPTopologyServiceApplication | Get-SPServiceApplicationSecurity
$claimProvider = (Get-SPClaimProvider System).ClaimProvider
$principal = New-SPClaimsPrincipal -ClaimType
http://schemas.microsoft.com/sharepoint/2009/08/claims/farmid -ClaimProvider $claimProvider -ClaimValue <farmid>
Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights “Full Control”
Get-SPTopologyServiceApplication | Set-SPServiceApplicationSecurity -ObjectSecurity $security

12.  Check Load Balancer Permissions

You can check to ensure the permissions have been granted successfully by loading up Central Administration on your provider farm, going to ?Manage Service Applications?.

Click on ?Application Discovery and Load Balancer Service Application? and click ?Permissions? from the ribbon.

Your farm GUID should be listed in here with full permissions.

13. Connect to Service Application

Note : I would highly recommend performing this step via Central Administration unless you have done this more than once.  Doing this step via PowerShell can result in no error messages, however the connection may not be established correctly.  Using Central Administration ensures that a error message will be given on failure.  Please see Step 7 of Part 2 of this series for information on how to do this.

New-SPMetadataServiceApplicationProxy -Name “<FARM NAME> Managed Metadata” -Uri “<Insert Service Topology Uri from step 8.>”

Note : This last step will vary based on the service application you wish to publish.  The command should stay in the format “New-SP<ServiceName>ApplicationProxy” and the parameters may vary (some use URL, some use URI)

There we have it!  We have succesfully published a Service Application from one farm to another

In Part 2 I will show you how to do this via Central Administration for the folks who prefer a GUI.