Recently, a customer indexer server suffered a crash and had to be rebuilt. I went to SSP admin settings page and changed the indexer and all went well. However, when i went to the central admin site i received "Attempted to read or write to protected memory". I did alot of research on the problem but did not find anyone that had the problem on the search settings page. Mostly, alot of memory errors where related to a hotfix for .net but not for browsing to a particular page. Because it was production and time was of the essence, i started the crawl using stsadm utility.
Update: I could browse to the pages underneath search settings, for instance the _layouts/listcontentsources.aspx so i sort of left the problem alone until i could come up with a good solution (it wasn't affecting anything). However, after installing SP1 for sharePoint, I am happy to report the problem went away. I didn't see this as a reported fix in the issues list but it must be an undocumented fix.
Wednesday, May 7, 2008
Wednesday, April 16, 2008
Load Balancing and SharePoint
Recently, I across a problem with my sites at a client's site. A load balancer was added into the farm on two FE W's. The my site and portal site were separate web applications but shared different host headers on different ports. The portal (kerberos enabled) work perfectly. However, my sites returned page cannot be found error.
I resolved the error by creating a new ip for mysites in dns and then adding that new ip to the load balancer with a new host header. In addition, the iis website had to be deleted and re extended using the new host header.
Although i am still trying to figure out why the hardware load balancer was dropping the port, it is always best practice to use different host headers for different web applications for various reason including kerberos authentication.
I resolved the error by creating a new ip for mysites in dns and then adding that new ip to the load balancer with a new host header. In addition, the iis website had to be deleted and re extended using the new host header.
Although i am still trying to figure out why the hardware load balancer was dropping the port, it is always best practice to use different host headers for different web applications for various reason including kerberos authentication.
Tuesday, April 8, 2008
Weird Permission Errors Inside of Navigation Settings
I was on a clients SharePoint farm and few days and a developer sent me an email saying he was getting prompted for credentials on the site navigation settings page on a non root sub site. Turns out, when you went to any site navigation settings page of any new or existing site collection, you were prompted for each picture and links inside of the navigation box. After some playing around with various settings inside of SharePoint, I decided it had to be something wrong outside of SharePoint Settings.
The resolution ended up to redo the directory security of the web application inside of IIS manager and apply it down the tree to each one of your front end web servers. In our case, we had the web application with Integrated Windows Authentication with no anonymous access. Once I changed this setting, everything worked no problem and users where not prompted for credentials. Also, in our case, we could always get to the site navigation setting page in the root site collection.
The resolution ended up to redo the directory security of the web application inside of IIS manager and apply it down the tree to each one of your front end web servers. In our case, we had the web application with Integrated Windows Authentication with no anonymous access. Once I changed this setting, everything worked no problem and users where not prompted for credentials. Also, in our case, we could always get to the site navigation setting page in the root site collection.
Monday, March 31, 2008
Kerberos Configuration for RSS feeds
When testing the default rss viewer on Moss, remember some key things. First, if you have anonoymous access turned on, the user will see the rss feed regardless whether coming in NTLM or Kerberos. For kerberos feeds to work correctly with anonoymous access turned off, the user must come in as kerberos and have permission to the feed. If the user does not have permission to the feed, they will receive "the user does not support authenicated feeds" which is also the same error a user will receive if they come into the SharePoint site using NTLM.
One of the big gotchas is that if you a behind a proxy server, you will need to modify the web.config file in order to fill in the proxy server name. Otherwise, the rss won't work becase the credentials are not being passed for the user.
Great links for setting up Kerberos:
http://blogs.msdn.com/martinkearn/archive/2007/04/23/configuring-kerberos-for-sharepoint-2007-part-1-base-configuration-for-sharepoint.aspx
http://blogs.msdn.com/martinkearn/archive/2007/04/27/configuring-kerberos-for-sharepoint-2007-part-2-excel-services-and-sql-analysis-services.aspx
http://technet.microsoft.com/en-us/library/cc263449.aspx
One of the big gotchas is that if you a behind a proxy server, you will need to modify the web.config file in order to fill in the proxy server name. Otherwise, the rss won't work becase the credentials are not being passed for the user.
Great links for setting up Kerberos:
http://blogs.msdn.com/martinkearn/archive/2007/04/23/configuring-kerberos-for-sharepoint-2007-part-1-base-configuration-for-sharepoint.aspx
http://blogs.msdn.com/martinkearn/archive/2007/04/27/configuring-kerberos-for-sharepoint-2007-part-2-excel-services-and-sql-analysis-services.aspx
http://technet.microsoft.com/en-us/library/cc263449.aspx
Thursday, March 13, 2008
Subscribe to:
Posts (Atom)
