Wednesday, 14 August 2013

Change Authentication Provider from NTLM to Kerberos of SharePoint Web Application by Powershell of exisiting web applicaiton:


Get-SPWebApplication "http://webapplication" | Set-SPWebApplication –Zone "default" -AuthenticationMethod "Kerberos"

 

Wednesday, 24 July 2013

SSRS integration mode in SharePoint for new web application.


Once you configured SSRS with integration mode. If you create new web application and want to use SSRS there. Every time you have to go to SharePoint Central admin and in general Setting you have to activate feature from there (for new site collection under new web application). We understand we can go to site collection level and activate Reporting feature from there. But also need to require to go central admin and from SharePoint Central Admin > General Application Settings > click Reporting Services Integration you have to activate feature from as well. Why this is require. Because if you see after doing central admin steps if you notice it will show following message.

 Access for SSRS service account to farm successfully added.

 





 

But one thing will always come in mind. Why every time needs to go there and do centraladmin activity every time. If we want to do for only new web app. Its true. You can do for new web application for following Power shell command. In this way it will not impact other web applications which are running previously.

Powershell command is:

              $SPSite= this is thesite collection url where you want to give access to SSRS service account.

                $webapp = Get-SPWebApplication $SPSite
$ApplicationAccount = Service Account of SSRS.

                $webapp.GrantAccessToProcessIdentity($ApplicationAccount)

 

 

Other way:

You can follow other way is go to central admin and select Web application from application management and add Service account with FULL Rights under user policy setting.

 

Tuesday, 23 July 2013

Kerberos Authentication Setup in SharePoint Environment



Kerberos Authentication Setup at Small SharePoint Farm
Kerberos setup is really easy. Once you will know what is happening in every step you can easily Setup Kerberos authentication without any problem. Here I am taking a small SharePoint environment having 1 APP server, 1 WEB Server, 1 SQL Server.

SharePoint Farm Topology:

1 APP Server: eg: app.domain.com
1 WEB Server: eg: web.domain.com
1 SQL Server: eg: sql.domain.com
SQL service is running with : domain\sqlservice
1 Central Admin: http://app:8888.domain.com
1 Web application (host header): http://testapp.domain.com
http://testapp.domain.com is running with app pool with domain account: domain\apppool
*Here no service is running with computer account so we don’t need to computer account delegation.

End Result:

Setup Kerberos Authentication only for web application (Not for central admin, in some scenario its require but here I am not mentioning that)

Major Steps:

1. Create SPN for app pool account.
2. Create SPN for SQL server service account.
3. Trust for delegation of app pool account.
4. Central admin go to web properties and as per zone set Negotiate authentication for web applciaiton.
Create SPN for app pool account.
Application (http://testapp.domain.com) is running with domain\apppool account. So we have to create SPN for application pool account. Syntax as below:
App Pool Account: domain\apppool
Application: http://testapp.domain.com
SPN:
You can use Power shell, adsi edit or Command Prompt to create these SPNs.
HTTP/testapp.domain.com domain\apppool
(*If you are using port no. Then you can use syntax: HTTP/servername.domain.com:portno domain\apppool eg: HTTP/webapp1:4444 domain\weapppool1 and HTTP/webapp1.domain.com:4444 domain\webapppool1 . It is best practice if you create both spn with server name and fully qualified name.)
Create SPN for SQL server service account:
Check SQL service running with which account at my example it is running with domain\sqlservice.
SPNs
Setspn –S MSSQLSvc/ sql.domain.com domain\sqlservice
Setspn –S MSSQLSvc/ sql.domain.com domain:1433 domain\sqlservice
(*Default port of SQL is 1433, if you have different port no. Then modified accordingly)

Trust for delegation of app pool account:
Once you create SPN for any account Delegation Tab will activate at account properties:
Trust delegation for app pool account domain\apppool
Go to active directory and make following changes for domain\apppool account.
Under Delegation Tab:
Select Trust this user for delegation to any service (Kerberos only)
Central admin go to web properties and as per zone set Negotiate authentication for web application:
Login to central admin.
Go to Web application properties and set Negotiate authentication for web application (http://testapp.domain.com)
Kerberos Setup has been done.

Testing:
You can use fiddler or other Kerberos Tester tool. But best way is login to eventvwr of web server and under security you can see Kerberos authentication will display for user login.

Monday, 28 January 2013

Sign in as a different user in share point 2013

Sign in as a different user in share point 2013







Solution: 


Open welcome.ascx  from \15\TEMPLATE\CONTROLTEMPLATES\Welcome.ascx

Add following code there.

<SharePoint:MenuItemTemplate runat="server" ID="ID_LoginAsDifferentUser"
 Text="<%$Resources:wss,personalactions_loginasdifferentuser%>"
 Description="<%$Resources:wss,personalactions_loginasdifferentuserdescription%>"
 MenuGroupId="100"
 Sequence="100"
 UseShortId="true"
 />

Save and trying to browse the site again.

Here you can see.......


*Please note it will impact whole farm, so if you need this for every where then only go with this one.



Thanks.

Saturday, 26 January 2013

SharePoint 2013: This SQL Server instance does not have the required "max degree of parallelism" setting of 1

SharePoint 2013: This SQL Server instance does not have the required "max degree of parallelism"  setting of 1

At the Time of Configuration wizard or by power-shell you can get following error, If you are configuring least account permission.

Error:

New-SPConfigurationDatabase : This SQL Server instance does not have the required "max degree of parallelism"
setting of 1. Database provisioning operations will continue to fail if "max degree of parallelism" is not set 1....



What is Parallelism and what is the Role?


This option sets the maximum number of processors SQL Server can use for one query. If SQL Server has to bring back a lot of data (lots of rows) for a query it sometimes makes sense to break the query down into a number of smaller queries, each query returning a subset of the total rows. This way SQL Server can make use of more than processor and hence on multi processor boxes it can potentially return a lot of rows more quickly, for a given query, than it can on a single processor box.

Reason of the error:

The default setting for this in SQL is 0 and FOr SharePoint 2010 its doesnt need to change.

But In SharePoint 2013 you need to do change it to 1 . Then only you can create config database and installation will complete.



Resolution:

1. Login to SQL Server by using Management Studio.

2. Right click on the SQL Service Instance and select Properties

3  Under Advanced, locate Max Degree of Parallelism under the Parallelism section and switch the settings from 0 to 1.




4. CLick Ok and re run the wizard.

Please note at the time of getting error the config DB will create, So once you are going to run the wizard /powershell after fixing the Parallelism issue dont forget to delete old config DB which were created at the time of error. Other wise you will get the error.


You can say some time you dont get error this, it happens because from which account you running the wizard if that is having sys admin rights on SQL server then at time of configuration it automatically change the settings and switch to 1 , but once you follow proper permission level of accounts then you will get this error.

Friday, 25 January 2013

STSADM COMMANDS in SharePoint 2013.

Hi,

If you want to RUN stsadm.exe commands in SharePoint 2013.

You can do by following ways:

By command prompt/powershell redirect to 15 Hive folder :

PS C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\BIN>

Or

add  following module:

Add-PSSnapin Microsoft.SharePoint.Powershell -EA 0

And Start using stsadm command :):):)

Regards
Gyan Shukla

Wednesday, 23 January 2013

SharePoint 2010/2013 Multi-Tenancy: Delete an existing tenant and create a new tenant and assigned same OU

Delete an existing tenant and create a new tenant and assign same OU:


Delete tenant means delete subscription ID from farm. In share Point 2010 Every Tenant is having its own unique subscription ID.

Its quite difficult to remove connection between Subscription ID and OU.On this I did some R&D and found that if you remove subscription ID from farm all connection to OU will not deleted means some entries still present in related DBs. So until you remove all the entries from share Point DBs you cant use same OU for different tenant/subscription ID. Microsoft never advise to make changes in DB directly, but I did that and it was successful. If you don't want to get this process I have a new trick to do this.

*Don't delete Subscription ID

*Just delete all the site collection present in this.

* Assign this subscription ID to new tenant.

In this way You can easily assign subscription ID to new teanant with same OU connection.


Scripts are as below:

// This will give you all subscription ID
$sub = get-spsitesubscription

//Dont use this command:

remove-spsitesubscription -identity "$sub"

//Delete all the site collection manually from centraladmin or use powershell command related to subscription ID

Try the folowing ps script to create new Tenant and can use original ( previous) OU:

Add-PSSnapin Microsoft.SharePoint.Powershell -EA 0

//Note down your scubscription ID which you want to use and we will use later in the script.


Add-PSSnapin Microsoft.SharePoint.Powershell -EA 0

# farm details - update to reflect environment
$customerName = "<OU Name>"
$customerTenantAdmin = "<OU Admin with domain>"   
$ouName= "<OU Name>"
$fullOUPath = 'OU=<OU PATH>,OU=<OU PATH>,DC=<Domain Name>,DC=<Domain Name>'
$fullTenantURL = "http://<testsiteurl>"
$customerFeatures = $customfeature
$hostingMainURL = "http://<HostingWebApplicationURL>"
$upaProxyName = "<User Profile Proxy> Farm Tenant User Profile Service Proxy"
$mmsProxyName = "<User MetaData Proxy> Farm Tenant Managed Metadata Service Proxy"

# feature packs - update after creating them
$foundationFeatures = "479a3211-b2c8-4efd-b09e-a11194c8ef79"
$standardFeatures = "400e72d3-7a97-4e28-8a9a-ac0f6ffba4e6"
$enterpriseFeatures = "0da79437-5735-4550-b4b1-2f9608ecb328"
$customfeature="0da79437-5735-4550-b4b1-2f9608ecb328"
$a = Read-Host "Have you added the user running this script to *permissions* on the UPA?"
    $webApp = Get-SPWebApplication $hostingMainURL
    # create new Site Subscription
    Write-Host "Creating Site Subcription..."
    //$sub = New-SPSiteSubscription
$sub = "<use the existing old Subscription ID here>"


    # assign feature pack and configure the OU to use in the People Picker for the Subscription
    Write-Host "Assiging Feature Pack and configuring People Picker..."
   
    Set-SPSiteSubscriptionConfig –id $sub -FeaturePack $enterpriseFeatures -UserAccountDirectoryPath $fullOUPath


function ProvisionTenant($enterpriseFeatures,$customerName, $customerTenantAdmin, $customerFeatures, $hostingMainURL, $upaProxyName, $mmsProxyName, $foundationFeatures, $ouName, $fullTenantURL, $fullOUPath, $webApp, $sub)
{
    Write-Host "Provisioning Tenant..."
    Write-Host "Name: $customerName"
    Write-Host "Admin: $customerTenantAdmin"


   
    $a = Read-Host "Are Details ok ?"

    # grab the web app


    # create the "main" member site (we need a site at the root to use Host Headers and Managed Paths in the following cmdlets)
    Write-Host "Creating Root Site..."
    New-SPSite -url "$fullTenantURL" -SiteSubscription $sub -HostHeaderWebApplication $webApp -owneralias $customerTenantAdmin -template BLANKINTERNETCONTAINER#0

    # create Tenant Admin site
    Write-Host "Creating Tenant Admin site..."
    New-SPSite -url "$fullTenantURL/admin" -SiteSubscription $sub -HostHeaderWebApplication $webApp -owneralias $customerTenantAdmin -template tenantadmin#0 -AdministrationSiteType TenantAdministration

    # everything else needs standard
    if (!($customerFeatures -eq $foundationFeatures))
    {
        Write-Host "Tenant has SharePoint Server features"
        # create a mysite host
        Write-Host "Creating My Site Host..."
        New-SPSite -url "$fullTenantURL/mysites" -SiteSubscription $sub -HostHeaderWebApplication $webApp -owneralias $customerTenantAdmin -template SPSMSITEHOST#0

        # configure the MySites host, MySites path, Naming Resolution and Profile Sync OU for the Subscription
        Write-Host "Configuring Tenant Profile Config..."
        $upaProxy = Get-SPServiceApplicationProxy | where-object {$_.DisplayName -eq $upaProxyName}
    $upaProxy
        SET-SPSiteSubscriptionProfileConfig -id $sub -SynchronizationOU $ouName -MySiteHostLocation "$fullTenantURL/mysites" -MySiteManagedPath "/mysites/personal" -SiteNamingConflictResolution "None" -ProfileServiceApplicationProxy $upaProxy

        # create a site for the Content Type Gallery
        Write-Host "Creating Content Type Gallery..."
        New-SPSite -url "$fullTenantURL/cthub" -SiteSubscription $sub -HostHeaderWebApplication $webApp -owneralias $customerTenantAdmin -template sts#0

        # configure the Content Type Gallery for the Subscription
        Write-Host "Configuring Tenant Content Type Gallery..."
        $mmsProxy = Get-SPServiceApplicationProxy | where-object {$_.DisplayName -eq $mmsProxyName}
    $mmsProxy
        # ContentTypeHub feature activation may fail - if so activate manually
        Set-SPSiteSubscriptionMetadataConfig -identity $sub -serviceProxy $mmsProxy -huburi "$fullTenantURL/cthub" -SyndicationErrorReportEnabled
        Write-Host "Activating Content Type Hub..."
        Enable-SPFeature -Identity ContentTypeHub -url "$fullTenantURL/cthub"
       
       
    }


    #Set-SPSiteSubscriptionEdiscoveryHub - create an ediscovery hub, requires site - -SearchScope 1 - all of the sub
   
    Write-Host "Tenant Provisioned!"
    return $sub

}

*You require SharePoint 2010 SP1 because SET-Sitesubscription powershell command run only SharePoint 2010 SP1 and later version.  

You can also use same concept for SharePoint 2013 :)  it works with that too...

Sunday, 20 January 2013

Anonymous Access issue for form Pages in SharePoint.


 

 Problem: After setting Anonymous access on entire site, why form pages (like custom views etc) still needs credentials to access them?




Solution: 



Default behavior of anonymous setting, once we enable anonymous access to site level anonymous permission mask sets on entire site. Under this mask only following permission properties covers.



ViewListItems, ViewVersions, Open, ViewPages, UseClientIntegration






Here you can see there is no permission properties related to form pages (views). So I have set the properties by PowerShell commands.

 
 New property requires to solve the issue :
ViewListItems, ViewVersions, ViewFormPages, Open, ViewPages, UseClientIntegration 

Commands:

$web = Get-SPWeb https://XXXXX.com
$web.AnonymousPermMask64
ViewListItems, ViewVersions, Open, ViewPages, UseClientIntegration
$web.AnonymousState = [Microsoft.SharePoint.SPWeb+WebAnonymousState]::Enabled
$web.AnonymousPermMask64 = "ViewListItems, ViewVersions, ViewFormPages, Open, ViewPages, UseClientIntegration"
$web.update()


Regards
Gyan Shukla