Archive

Archive for the ‘Windows Server’ Category

Office 365 – DTD is prohibited in this document issue

April 16, 2015 1 comment

 

 

 

 Office365logo       SP2013logo

Got trouble Connection PowerShell to SharePoint online? This could be the resolution to your troubles.
I had this myself, or we had it in our Company tenant. This is what the issue was and this is how I fixed it:

When trying to connect to PowerShell for SharePoint Online, using the Connect-SPOService command, we got a error that did not tell us anything.

PS dtd error 1

The error is:
Connect-SPOService : For security reasons DTD is prohibited in this document. To enable DTD processing set DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader.Create method.

Well, its almost a joke right…
When searching the web for information on this particular, I struck zero…all I could find related to the ISP and the default search provider something. I quickly dismissed them as unrelated.
Then after some time had passed, I found a similar issue, this seemed related and it was a connectivity issue same as mine (If I still had the link I would give credit to where credit is due). This fellow had resolved the issue by adding a missing DNS record.
This made me think, since our tenant has existed since way Before Office 365 existed (BPOS) perheps we were also missing some of the required DNS records?
I checked with my collegues, and apparently we were missing the record as well.

So, if you ever see or get the ‘DTD prohibited’ issue, remember to check the DNS for the following record:

Type: CNAME
Alias: MSOID
Target: clientconfig.microsoftonline-p.net
Info: Used by Office 365 to direct authentication to the correct identity platform More Information

After I added this to DNS, Connect-SPOService works just fine!

SPO-Connect

 

Microsoft’s official explaination on the DNS record:
What’s the purpose of the additional Office 365 CNAME record?

When you run a client application that works with Office 365 such as Lync, Outlook, Windows PowerShell or Microsoft Azure Active Directory Sync tool, your credentials must be authenticated. Office 365 uses a CNAME record to point to the correct authentication endpoint for your location, which ensures rapid authentication response times.If this CNAME record is missing for your domain, these applications will use a default authentication endpoint in the United States, which means authentication might be slower. If this CNAME record isn’t configured properly, for example, if you have a typo in the Points to address, these applications won’t be able to authenticate.

If Office 365 manages your domain’s DNS records,, Office 365 sets up this CNAME record for you.

If you are managing DNS records for your domain at your DNS host, to create this record, you create this record yourself by following the instructions for your DNS host.

 

References and Credits
Nope, not this time…Credits & many thanks to To all of you.

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Advertisements

Loopback Check configuration Tool released – free download

December 12, 2013 1 comment

Win2012  logo  SharePoint2013Logo70x338

Hi All.

It is here! Free for all! DOWNLOAD

I am happy to announce that the Loopback Check Tool has finally been made available at Codeplex – https://loopbackchecktool.codeplex.com
No more last minute t-shooting the loopback check and ending up disabling it, trying to find the KB or a decent blog post on how to do it.

This Tool takes care of it all for you. Download the exe, put it on your servers, run it to configure the Loopback Check feature simple and easy.

Its simple.
Its small (21kb zipped)
Only click and make it happen
No installation, one single exe that works on most Windows Servers (and clients)
Disable the Loopback check completely (Not recommended)
Enable or Disable the Loopback Check function
Enable it and add excluded URLs (Recommended, now easy to do)

This is a preview image of what the tool looks like

Form

The tool works fine on:

Windows Server 2012
Windows Server 2012 R2
Windows Server 2008 R2
Windows Server 2008
Windows 7
Windows 8
Windows 8.1
And probably a few more…

References:

You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or a later version
http://support.microsoft.com/kb/896861/en-us

A quick guide to configuring the Loopback check
https://blog.blksthl.com/2013/05/07/a-quick-guide-to-configuring-the-loopback-check/

DisableLoopbackCheck & SharePoint: What every admin and developer should know.
http://www.harbar.net/archive/2009/07/02/disableloopbackcheck-amp-sharepoint-what-every-admin-and-developer-should-know.aspx

Thanks to:

Herakles and Gutke!

Win2012  logo  SharePoint2013Logo70x338

___________________________________________________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

A quick-guide to setting up OWA with SharePoint 2013 – start to finish

October 15, 2013 9 comments

Future and existing Office Web Apps – OWA Lovers!
😁
This time, I just found that a quick guide like this was something that I needed myself, and since I could not find anything that was short and compact enough, I made my own guide…
This Little guide is completely based on the TechNet articles mentioned in the references section, but this is nontheless a lot shorter and easier to follow.

Oakwood_clockx

The old Clock at Oakwood station



Click your OWA task of choice:
Step 1
Prepare a 2008 R2 Server to run OWA
Prepare a 2012 Server to run OWA
Step 2
Install Office Web Apps Server
Step 3
Deploy a single-server Office Web Apps Server farm that uses HTTPS
Step 4
Configure SharePoint to use OWA over https (recommended)
Configure SharePoint to use OWA over http
Additional
Disconnect SharePoint from OWA farm
Configure the Default open behavior for documents
Credits and References




Prepare a 2008 R2 server to run Office Web Apps Server

1. Install the following software (Minimum required):

2. Import the server module
(In a PowerShell prompt running as administrator and with the SharePoint snapin loaded)
Import-Module ServerManager

3. Add the required Features and Roles by running this command:
Add-WindowsFeature Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-App-Dev,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,Web-Security,Web-Windows-Auth,Web-Filtering,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Console,Ink-Handwriting,IH-Ink-Support

4. Restart the server if prompted when the command finishes.

5. Done

TechNet Reference
Back to menu




Prepare a 2012 server to run Office Web Apps Server

1. In a PowerShell prompt running as administrator, add the required Features and Roles by running this command:
Add-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Static-Content,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,InkandHandwritingServices

2. Done

TechNet Reference
Back to menu



Install Office Web Apps Server
1. Download Office Web Apps Server from the Microsoft Download Center (Link).

2. Run Setup and walk through the steps in the wizard.
Windows Server 2012, open the .img file directly and run Setup.exe
Windows Server 2008 R2 SP1, use any program that can mount or extract .img files. Then run Setup.exe

3. Download and install the Office Web Apps Server update KB2810007.

TechNet Reference
Back to menu



Deploy a single-server Office Web Apps Server farm that uses HTTPS

If components of the .NET Framework 3.5 were installed and then removed, you might see “500 Web Service Exceptions” or “500.21 – Internal Server Error” messages when you run OfficeWebApps cmdlets. To fix this, run the following sample commands from an elevated command prompt to clean up settings that could prevent Office Web Apps Server from functioning correctly:
In Windows Server 2008 R2:
%systemroot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -iru
iisreset /restart /noforce
In Windows Server 2012:
dism /online /enable-feature /featurename:IIS-ASPNET45

1. Create the Office Web Apps Server farm

New-OfficeWebAppsFarm -InternalUrl <InternalURL> -ExternalUrl <ExternalURL> -CertificateName <CertificateName> -EditingEnabled

<InternalURL> FQDN name of the server that runs Office Web Apps Server
<ExternalURL> FQDN name that can be accessed on the Internet
<CertificateName> Is the friendly name of the https/SSL certificate used
-EditingEnabled, optional and is added to enable editing in Office Web Apps

2. Verify that the Office Web Apps Server farm was created successfully

Go to the https://internal.url.com/hosting/discovery
If you see a (WOPI)-discovery XML file in your web browser then all is good.

Depending on the security settings of your web browser, you might see a message that prompts you to select Show all content before the contents of the discovery XML file are displayed.

3. Done

TechNet Reference
Back to menu



Configure SharePoint to use OWA over https (recommended)
(In a PowerShell prompt running as administrator and with the SharePoint snapin loaded)

The Web Application to be used must be configured to use Claims as authentication method, else OWA will not work.

1. Create new binding:
New-SPWOPIBinding -ServerName <WacServerName>
(<WacServerName> must be the FQDN internal URL)

2. Verify current zone:
Get-SPWOPIZone

3. Change to internal-https if it is set to http:
Set-SPWOPIZone –zone “internal-https

4. Verify https:
Get-SPWOPIZone

5. Verify functionality in a document library (Not using the system account, appearing as sharepoint\system)
Click on the ‘Three dots’ after a documents name and see if you get a preview, if you do, its all good!

6. Done

TechNet Reference
Back to menu



Configure SharePoint to use OWA over http
(In a PowerShell prompt running as administrator and with the SharePoint snapin loaded)

The Web Application to be used must be configured to use Claims as authentication method, else OWA will not work.

1. Create new binding:
New-SPWOPIBinding -ServerName -AllowHTTP
( must be the FQDN internal URL)

2. Verify current zone:
Get-SPWOPIZone

3. Change to internal-http:
Set-SPWOPIZone –zone “internal-http”

4. Verify http:
Get-SPWOPIZone

5. Check AllowoverHttp setting:
(Get-SPSecurityTokenServiceConfig).AllowOAuthOverHttp

6. Set AllowOAuthOverHttp to True.
$config = (Get-SPSecurityTokenServiceConfig)
$config.AllowOAuthOverHttp = $true
$config.Update()

7. Verify change:
(Get-SPSecurityTokenServiceConfig).AllowOAuthOverHttp

8. Verify functionality in a document library (Not using the system account, appearing as sharepoint\system)
Click on the ‘Three dots’ after a documents name and see if you get a preview, if you do, its all good!

9. Done

TechNet Reference
Back to menu



Disconnect SharePoint from OWA farm
(In a PowerShell prompt running as administrator and with the SharePoint snapin loaded)

1. Remove the binding
Remove-SPWOPIBinding –All:$true

2. Done

TechNet Reference
Back to menu



Configure the Default open behavior for documents

1. On a per farm level: Adjust the default open behavior on a per-file-type basis by using the New-SPWOPIBinding and Set-SPWOPIBinding Windows PowerShell cmdlets.

2. On a per Site Collection level by activating the ‘Open Documents in Client Applications by Default’ site Collection feature.

3. On a per Document library level using the Library setting – Advanced setting – ‘Default open behavior for browser-enabled documents’

4. Done

TechNet Reference
Back to menu




References:

Deploy Office Web Apps Server
http://technet.microsoft.com/en-us/library/jj219455.aspx

Configure SharePoint 2013 to use Office Web Apps
http://technet.microsoft.com/en-us/library/ff431687.aspx

Configure the default open behavior for browser-enabled documents (Office Web Apps when used with SharePoint 2013)
http://technet.microsoft.com/en-us/library/ee837425.aspx

Set-SPWOPIBinding
http://technet.microsoft.com/en-us/library/jj219454.aspx

Plan Office Web Apps (Used with SharePoint 2013)
http://technet.microsoft.com/en-us/library/ff431682.aspx

SharePoint authentication requirements for Office Web Apps
http://technet.microsoft.com/en-us/library/ff431682.aspx#authentication

Configuring Office Web Apps in SharePoint 2013 (Steve Peschka – Microsoft)
http://blogs.technet.com/b/speschka/archive/2012/07/23/configuring-office-web-apps-in-sharepoint-2013.aspx

Enabling Licensing and Editing for Office Web Apps in SharePoint 2013 (Steve Peschka – Microsoft)
http://blogs.technet.com/b/speschka/archive/2012/12/31/enabling-licensing-and-editing-for-office-web-apps-in-sharepoint-2013.aspx

Thanks to:

Mattias Gutke! All the time dude!
Ankie D – a great customer who has forced me to learn more on OWA
Stefan K – Another customer who made me refresh my knowledge
Steve Peschka, he wrote the original guide…see ref section


___________________________________________________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Move your SharePoint IIS sites from the systemdrive(C:)

August 31, 2013 3 comments

Move your SharePoint IIS sites from the systemdrive(C:)
or avoid putting them there in the first Place.

Lionx

Do you see the lion that is totally in the wrong Place…or is it the Jeeps that are…?

Deal fellow SharePointlovers!

This time, I’ll try to show you how to avoid the messed up situation most SharePoint installations are in, with everything on the systemdrive, or C:
Now, us people have over time been better and better at one thing, we understand that the logfiles should not be located on the systemdrive, so we have learned over time to move the ULS log and the Usage and Health log from C:, some have even been clever enough to move even the IIS log from C:

But, what do we still always, always, always, find installed on C:?… … …yes, C:\inetpub!

It not very strange though, the developers of Windows Server have made a point out of not giving us an option to install inetpub on a different path, not unless you do an unattended installation or otherwise script or Control your installation. The ‘Add/Remove roles’ wizards in Server 2008, 2008R2 and 2012 all lack this option (for a reason).

BUT! This is intentially, the default inetpub location should and must be in the systemdrive, IIS is considered an operating system Component and has to be there for a number of reasons. At the end you will find a link to a KB article that explains this in more detail. Leave inetpub and its subfolders where it is!

So, why would we want to do this anyway
why move the inetpub and all of its content, or at least the separate site catalogs to a different drive?
– Separation (Performance and Security)
– Compartmentalization (Performance and Security)
Having averything on the same drive is bad for a few reasons, primarily performance and security. Perfomance since the OS is on the C drive and security because if an attacker by some means gets access to a different less secure applications sitecatalog, they also get access to the systemdrive and possible also all other webapplication sitecatalogs. Moving them to other drives, same or different, helps mitigate both possible issues.
I therefore recommend doing this:

Do your regular installation, add the Web Server role and let the inetpub folder end up on C:, like I said, no worries. Whats important for us will not be located there anyway.
Next, edit the registry to make the default location of inetpub be for example D: (unless this is were you will be putting all of your logfiles, then select a third or fourth drive)
Install the SharePoint as you would normally do, Central administration will now end up were you pointed the default location.
Create your Web Applications using the GUI or PowerShell and leave out the path, the IIS sites will be were you wanted them.

So, how do we do this in more detail? A Guide…

Configure the Web Server(s)

1. Configure the default location

On all of your web servers in the farm, and on your Central Administration server(s), edit the registry key that Controls the default location:

Start regedit by, Right clicking in the very lower left corner and you will get a list of actions, click on Run.

Reg1x

Type Regedit and click Ok.

Reg2x

Click Yes in the UAC dialog.

Reg3

In Registry Editor, we locate the following path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp

Reg4x

Reg5x

Under ‘InetStp’ we have a number of keys.

Reg6x

Locate and Edit the key PathWWWRoot from the default: (%systemdrive%)

Regbeforex

to: (D: or where you prefer to locate it, E: F: G: H:…)

Regafterx

There you go! All set, no IIS reset or restarts of any kind required.
Like said before, go on and do this on all servers that will host a webserver (WFE or CA). If you don’t, then you will have an inconsistent setup making Everything very hard to setup and t-shoot.

2. Add SharePoint
After this has been changed on all of you r web servers, you can go ahead and install the SharePoint binaries and configure your farm, The Central Administration site will now be located on the drive you have specified, it will be in the exact same path as it normally would but on a different drive. For example: ‘D:\inetpub\wwwroot\wss\VirtualDirectories\20000\’

Note that the Central Administration UI will now be default suggest a different path:

NewWeb1x

If you create a new site using PowerShell, it will also by default put it in D: even if you don’t specify any path:

New-SPWebApplication -Name TheVeryFirst -ApplicationPool SharePoint -HostHeader theveryfirst.corp.balkestahl.se -Port 80 -Url theveryfirst.corp.balkestahl.se -DatabaseServer blksthl-sql -DatabaseName SP11_Content_TheVeryFirst

As you can see, were done! 🙂

Donex

For the logfiles, I’ll make a separate post, they should also be moved, more so even than the sitefolders. Logfiles will fill up the disks, they will slow performance and maybe most importantly, they contain delicate information that you want to keep separated from the OS and IIS.

References:

Guidance for relocation of IIS 7.0 and IIS 7.5 content directories
http://support.microsoft.com/kb/2752331

Configure ULS log and Usage and Health log location
https://blog.blksthl.com/2013/06/05/configure-uls-log-and-usage-and-health-log-location/

Thanks to:

Mikael Nyström (The Deployment Bunny) – Truesec
Mattias Gutke – CAG


___________________________________________________________________________________________________

Good Luckl!!

Regards

Twitter | Technet Profile | LinkedIn