Move your SharePoint IIS sites from the systemdrive(C:)


Move your SharePoint IIS sites from the systemdrive(C:)
or avoid putting them there in the first Place.

Lionx

Do you see the lion that is totally in the wrong Place…or is it the Jeeps that are…?

Deal fellow SharePointlovers!

This time, I’ll try to show you how to avoid the messed up situation most SharePoint installations are in, with everything on the systemdrive, or C:
Now, us people have over time been better and better at one thing, we understand that the logfiles should not be located on the systemdrive, so we have learned over time to move the ULS log and the Usage and Health log from C:, some have even been clever enough to move even the IIS log from C:

But, what do we still always, always, always, find installed on C:?… … …yes, C:\inetpub!

It not very strange though, the developers of Windows Server have made a point out of not giving us an option to install inetpub on a different path, not unless you do an unattended installation or otherwise script or Control your installation. The ‘Add/Remove roles’ wizards in Server 2008, 2008R2 and 2012 all lack this option (for a reason).

BUT! This is intentially, the default inetpub location should and must be in the systemdrive, IIS is considered an operating system Component and has to be there for a number of reasons. At the end you will find a link to a KB article that explains this in more detail. Leave inetpub and its subfolders where it is!

So, why would we want to do this anyway
why move the inetpub and all of its content, or at least the separate site catalogs to a different drive?
– Separation (Performance and Security)
– Compartmentalization (Performance and Security)
Having averything on the same drive is bad for a few reasons, primarily performance and security. Perfomance since the OS is on the C drive and security because if an attacker by some means gets access to a different less secure applications sitecatalog, they also get access to the systemdrive and possible also all other webapplication sitecatalogs. Moving them to other drives, same or different, helps mitigate both possible issues.
I therefore recommend doing this:

Do your regular installation, add the Web Server role and let the inetpub folder end up on C:, like I said, no worries. Whats important for us will not be located there anyway.
Next, edit the registry to make the default location of inetpub be for example D: (unless this is were you will be putting all of your logfiles, then select a third or fourth drive)
Install the SharePoint as you would normally do, Central administration will now end up were you pointed the default location.
Create your Web Applications using the GUI or PowerShell and leave out the path, the IIS sites will be were you wanted them.

So, how do we do this in more detail? A Guide…

Configure the Web Server(s)

1. Configure the default location

On all of your web servers in the farm, and on your Central Administration server(s), edit the registry key that Controls the default location:

Start regedit by, Right clicking in the very lower left corner and you will get a list of actions, click on Run.

Reg1x

Type Regedit and click Ok.

Reg2x

Click Yes in the UAC dialog.

Reg3

In Registry Editor, we locate the following path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp

Reg4x

Reg5x

Under ‘InetStp’ we have a number of keys.

Reg6x

Locate and Edit the key PathWWWRoot from the default: (%systemdrive%)

Regbeforex

to: (D: or where you prefer to locate it, E: F: G: H:…)

Regafterx

There you go! All set, no IIS reset or restarts of any kind required.
Like said before, go on and do this on all servers that will host a webserver (WFE or CA). If you don’t, then you will have an inconsistent setup making Everything very hard to setup and t-shoot.

2. Add SharePoint
After this has been changed on all of you r web servers, you can go ahead and install the SharePoint binaries and configure your farm, The Central Administration site will now be located on the drive you have specified, it will be in the exact same path as it normally would but on a different drive. For example: ‘D:\inetpub\wwwroot\wss\VirtualDirectories\20000\’

Note that the Central Administration UI will now be default suggest a different path:

NewWeb1x

If you create a new site using PowerShell, it will also by default put it in D: even if you don’t specify any path:

New-SPWebApplication -Name TheVeryFirst -ApplicationPool SharePoint -HostHeader theveryfirst.corp.balkestahl.se -Port 80 -Url theveryfirst.corp.balkestahl.se -DatabaseServer blksthl-sql -DatabaseName SP11_Content_TheVeryFirst

As you can see, were done! 🙂

Donex

For the logfiles, I’ll make a separate post, they should also be moved, more so even than the sitefolders. Logfiles will fill up the disks, they will slow performance and maybe most importantly, they contain delicate information that you want to keep separated from the OS and IIS.

References:

Guidance for relocation of IIS 7.0 and IIS 7.5 content directories
http://support.microsoft.com/kb/2752331

Configure ULS log and Usage and Health log location
https://blog.blksthl.com/2013/06/05/configure-uls-log-and-usage-and-health-log-location/

Thanks to:

Mikael Nyström (The Deployment Bunny) – Truesec
Mattias Gutke – CAG


___________________________________________________________________________________________________

Good Luckl!!

Regards

Twitter | Technet Profile | LinkedIn

Advertisement

Configure ULS log and Usage and Health log location


SharePoint jokers!

If you left the settings in SharePoint 2013 as default when installing and configuring, then you will probably have a log path that looks like this for both the ULS log and the Usage and Health log.
C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\LOGS

If you want to change this to a new path, maybe on a different disk like D: (recommended) or on a simpler path easier to remember, use the following commands:

You will need to run the commands in a PowerShell running as administrator and you will also need to load the SharePoint snapin first, add-pssnapin.
add-pssnapin microsoft.sharepoint

For the Diagnostics log(ULS)
set-SPDiagnosticConfig -LogLocation “D:\Program Files\Common files\Microsoft shared\Web server extensions\15\LOGS”
or
set-SPDiagnosticConfig -LogLocation “D:\SharePoint Logs\ULS”

For the Usage and Health log
set-SPUsageService -UsageLogLocation “C:\Program Files\Common files\Microsoft shared\Web server extensions\15\LOGS”
or
set-SPUsageService -UsageLogLocation “D:\SharePoint Logs\Health”

set-SPDiagnosticConfig -LogLocation “C:\Program Files\Common files\Microsoft shared\Web server extensions\15\LOGS”

In my environment, the Diagnostics trace log path looks like this:
ULS2

ULS1

And for the Usage and Health log, it looks like this:

U&H2

U&H1

References:

(If the two paths Point to a different location then you may see this in your event log)
6398 – The Execute method of job definition…SPUsageImportJobDefinition

https://blog.blksthl.com/2013/05/27/6398-the-execute-method-of-job-definition-spusageimportjobdefinition/

ULS Log Viewer download
http://archive.msdn.microsoft.com/ULSViewer

Thanks to:

Ankie at my customers, who pointed out the Usage and Health log issue 6398 in the first place.


___________________________________________________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Activate selected languages on all subsites using Powershell


Hi friends.

If you ever find yourself wanting to enable a particular language or set of languages on a site Collection and all subsites, and if you do NOT want to enable all languages installed but rather Control what gets enabled? Here is a scripot that will help you.
In my own scenario I had 4 site Collections, each tageted for a different nordic country, Sweden, Norway, Finland and Denmark. So, the need is to have enabled English for all and only the countrys language for the 4 site Collections.

Looking for an existing sample code to use, I found many that were copies of the MSDN sample, this is a good piece of code but it enables all languages installed.

So, trying to find a clever way of selecting what language got enabled, I found an old script I created for the same customer, the solution was so simple it works!
While iterating thru all the installed languages, site by site, I check the displayname of the Language and add criteria fro the languages to install. Beautifully simple 🙂
There is Little difference between this and the MSDN sample code, but is was an important difference to me.

This is what I used in the end:

# Enables SELECTED installed languages for each subsite in a site collection
 $spSiteURL = http://sharepoint.balkestahl.se/sites/subsitecountry
 $spSite = Get-SPSite -Identity $spSiteURL
 foreach ($spWeb in $spSite.AllWebs)
 {
   $spWeb.IsMultilingual = $true
   $WebRegionSettings = New-Object Microsoft.SharePoint.SPRegionalSettings($spWeb)
   foreach ($language in $WebRegionSettings.InstalledLanguages)
   {
     If ($language.DisplayName -eq "English" -or $language.DisplayName -eq "Swedish")
     # Add the displayname of any langauge you have installed: -or $language.DisplayName -eq "Norwegian" -or $language.DisplayName -eq "Finnish" -or $language.DisplayName -eq "Danish"
     {
        write-host -BackgroundColor Green -ForegroundColor Black "Update -" $spWeb "site with LCID:" $language.DisplayName
        $culture = New-Object System.Globalization.CultureInfo($language.LCID)
        $spWeb.AddSupportedUICulture($Culture)
     }
     else
     {
        Write-host " Language not activated: " $language.DisplayName " on site " $spWeb.Name
     }
   }
   $spWeb.Update()
 }

This saved me hours and hours…or made it possible 🙂
The running of the script looks something like this, in my case around 3000 times for the Swedish collection, all in all, 50.000 subsites!):

Script

Before running the script, in each site, you have these settings:
(Accessed under: Site Settings/Language Settings, path: /_layouts/muisetng.aspx)
Languages1x

And what we want to do, is check the box for the selected language(s) and move on to the next.

Languages2x

When adding the criteria to the If statement, use the displaynames exactly like in the list in Site Settings/Language Settings:

LanguagesDisplayNamesx

This script saved me, I hope it can do the same for some of you.


_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

A guide to Alternate Access Mappings Basics in SharePoint 2013


LabCenter-stamp-v2

Alternate Access Mapping Basics in SharePoint 2013

(This post is in its entirety valid for SharePoint 2010 as well)

Explains how you should look at Alternate Access Mappings – left to right.
Alternate Access Mappings is something that most SharePoint engineers or administrators struggles with. More often than not, you get it right in the end but we are not really sure why it works or if it really works the way we want it to.
This, is my attempt to make it easy to understand.

IMG_0430smallframed

Note: This is part 1 in a series, the next part will show how to configure DNS and a simple scenario adding a new NetBIOS name as URL to a Web Application.
Note: For the complete guide, with DNS steps and 4 different scenarios including https, download the free Whitepaper from TechNet: The final guide to Alternate Access Mappings

In order to make AAMs simpler to understand, look at it a bit differently, start with this simple table:

Left area            Internal URL’s
Right area          Public URL’s with a zone
Middle area        Zones, is what connects Internal URL’s to Public URL’s, many to one.

Internal URL redirects or transforms to a Public URL, from left, to right. The URL on the left, is what you enter in the address field in your browser, the Public URL on the right is what you will see once there, this goes for visible and invisible links as well.
Internal URL format: Protocol + URL (+non default port)

Public URL is the address of the Web Application for one of the five zones available. The ‘Default’ must be filled out and has some special properties/uses, the other four are optional. You can only have five Public URL’s per Web Application.
This is the URL that the browser will be redirected to in the end.
Public URL format: Protocol + URL (+non default port)

Zone is a label representing a Public URL, the zone is used to ‘connect’ an Internal URL to a Public URL. The zone names has no relation what so ever with the four Internet Explorer security zones (Internet, Local Intranet, Trusted sites and Restricted sites) and could just as easily been named 1,2,3,4 and 5. A zone can also represent an authentication provider.
Zones: Default, Intranet, Internet, Custom, Extranet

Example:

AAMTable1

Note: Based on the Zone selected for every Internal URL, they will be connected to a Public URL.

From left – to right…
The zones might as well be represented by numbers:

AAMTable2

Note: Try to always use the most used URL as   the default Public URL. This is what will be used by other services, like   crawl and in certain other links.

Translated to SharePoint GUI, this same setup would look like this:

AAM1

AAM2

Note: Filtered on this Web Applications   Alternate Access Mapping Collection only.
Same Alternate Access Mappings as in the Example table above.

You will see that if you click on any of the ‘Internal URLs’ that you can select zone, and with the zone, the Public URL it will be connected to:

AAM3
In addition to the actual Alternate Access Mapping in SharePoint Central Administration, you also have to add a Binding in IIS, contrary to what many believe, except for the initial hostheader when you create the web application, SharePoint does not do that for you, so you have to do it manually.
The example above would show up in IIS Bindings like this:

AAM4

As you can see, in IIS 8.0 and Windows Server 2012, the https binding does show up as a hostname, in IIS 7.5 and Windows Server 2008 R2, the hostname is determined by the name configured in certificate used when adding that binding and hidden in this view.

That’s it! When you have configured your AAM’s and Bindings correctly, given that you have name resolution and IP addresses in order and connectivity from the client to the server(s) and all other aspects in order, you can now start to use the URL’s you want.


_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Whitepaper: The final guide to Alternate Access Mappings


This 45 page Guide is now available as a Free PDF download from Microsoft Technet Gallery.
Download : The final guide to Alternate Access Mappings

A preview of the whitepaper:


_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Whitepaper: The final guide to SharePoint 2010 Site Settings


The Guide is now available as a PDF download from Microsoft Technet Gallery.
Download : The final guide to SharePoint 2010 Site Settings

A preview of the whitepaper:


_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Whitepaper: The final Kerberos guide for SharePoint technicians


The Guide is now available as a PDF download from Microsoft Technet Gallery.
Download : The final Kerberos guide for SharePoint technicians

A preview of the whitepaper:


_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Passphrases in SharePoint- why do we bother?


You all know about the passphrase in SharePoint (2010 and later) right? You name it during farm Creation using Powershell or the Config Wizard. It must be a complicated string of characters and it has to hold a certain length (exact requirements stated below)

Do we really need it?

Since you can replace the passphrase (Change your PassPhrase using PowerShell) without having the old one, all you need is to be a member of the farm administrators SharePoint Group. So…the use of the PassPhrase is what? You don’t need to save it since all you have to do when it is required (join farm) is to change it…and if you have the passphrase, you still have to enter the farm account (Database Access Account) username and password, so you still need the permissions…

The Passphrase in SharePoint 2013 Preview is described as:
(From the ‘Deployment guide for Microsoft SharePoint 2013 Preview’)
Although a passphrase resembles a password, it is usually longer to improve security. It is used to encrypt credentials of accounts that are registered in SharePoint 2013 Preview. For example, the SharePoint 2013 Preview system account that you provide when you run the SharePoint Products Configuration Wizard. Ensure that you remember the passphrase, because you must use it every time that you add a server to the farm.

Ensure that the passphrase meets the following criteria:

  • Contains at least eight characters
  • Contains at least three of the following four character groups:
    • English uppercase characters (from A through Z)
    • English lowercase characters (from a through z)
    • Numerals (from 0 through 9)
    • Nonalphabetic characters (such as !, $, #, %)

So…now that you have read all this, do we really need it? Why bother? Is it one more layer of real security or more more layer of persieved security?

-It’s easily replaced/reset (see Change your PassPhrase using PowerShell)
-You still need the farmaccount credentials to join
-It’s seldom used and thus easily lost (in real life! yes)
-For the encryption purposes, SharePoint could use a random key that you never have to see or know about…
_________________________________________________________

Please Comment!

Regards

Twitter | Technet Profile | LinkedIn