Wahid's Blog

The 4th release of the Microsoft SharePoint Administration Toolkit is now available for download and includes improvements in the SharePoint Diagnostics Tool (SPDiag), a new Permissions Reporting Tool, a new bulk Quota processing tool, in addition to the Security Configuration Wizard Manifests.

To learn more about improvements about this release see the SharePoint Team Blog.

I figured I’d list some other tools that I think are also useful for diagnostics:

• SharePoint Test Data Population Tool: This is a capacity planning and performance testing tool that populates data for testing SharePoint deployments.
• Governance and Manageability: CodePlex site that provides small sample governance tools that will help in the management and control aspects of WSS 3.0 and SharePoint Server Deployments. One of my favorites is the Site Life Cycle Management Tool.
• Gary LaPointe’s STSADM Extensions: A solution package that extends STSADM with a load of useful commands. Gary’s blog also has PowerShell cmdlets and other automation tools for SharePoint.
• SharePoint 2007 Features: Another CodePlex project that has Features to address deficiencies in SharePoint 2007 or add new capabilities. There are a handful of features that are useful.
• SharePoint Manager 2007: This is a SharePoint object model explorer. It enables you to browse every site on the local farm and view every property. It also enables you to change the properties.

Please comment if you think of other tools that belong on that list.

How do you explain SharePoint to non-technical users? Microsoft created a video called SharePoint in Plan English. Embedded here:

This is a great example on how SharePoint can improve business processes. See the announcement on the SharePoint Team Blog.

My friend John Miller saw a podcast he thought I’d be interested in (I was) and sent me the link. This made me think of other podcasts that I listen to. Here’s a list of podcasts that I subscribe to:

The MOSS Show by Hilton Giesenow (6 podcasts)
SharePoint Pod Show by Rob Foster, Nick Swan, and Brett Lonsdale (29 podcasts)
MOSS Gone Wild by Justin Jackson, Todd Kitta (5 podcasts)
Social Media Talk by Mike Ganotti

Also, here’s some other SharePoint podcasts that I found on the interweb:

SharePoint Online Podcast by Erik Gun (1)
SharePoint Start and Learn by Richard Harbridge (1)
SharePoint for Project Management at ThePMPodcast (1)
How BestBuy.com uses SharePoint for Business Process Automation with Sarah Haase (1)

If anyone else has more, send me the links! I commute an hour or more to work each day and some of these are great to listen to while I’m driving. They are all informative and great quality.

I was tackling this error today on my farm. When attempting to open Central Admin, I would get this error: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

The event logs had an Event ID 8214 but the error was unknown so I couldn’t find any information about it. Searches on the net weren’t helpful, they just talk about authentication problems. I wasn’t sure if the Event ID was even related but I think it was.

I edited the web.config of the Central Admin site and set <customErrors mode=”Off”> but it didn’t help, I got the error above or sometimes a blank page when loading Central Admin. The key was to also set <CallStack=”true”> in the web.config.

I was able to get the Central Admin to finally load after changing a couple registry settings. First, I saw a HKLM\SYSTEM\CurrentControlSet\Control key called “fipsalgorithmpolicy” which was set to 0. Hmm, that’s good. Some more research pointed me to a sub-key called FIPSAlgorithmPolicy. There was a DWORD value called “Enabled” and this was set to 1. Changing it to 0 (zero) and performing an IISRESET allowed me to open Central Admin.

Great, but not great. My network has a policy (Group Policy setting) to turn this on. “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” is set to enabled. So, this isn’t a permanent solution.

I found this blog post called Aggregated Intelligence: FIPS validated cryptographic algorithms in .NET which suggested adding another line in my web.config <enforcefipspolicy enabled=”false” >. For the record, that did nothing for me, I don’t know why.

Anyway, I was pretty sure that this was a best practice, especially in Department of Defense (DoD) where I’ve spent most of my time working. It’s maybe even a requirement. I started looking at IIS and the Web Site Settings for Central Admin. In Windows 2008, it defaults to the “Features” view. In there, I checked each of the icons. Inside “Machine Key” I noticed that the algorithm was set to SHA1 (or was it AES). In any case, I changed it to TripleDES, performed an IISRESET /NOFORCE and everything worked! I’ll have to verify some of this tomorrow but hopefully this post gives some useful troubleshooting steps.

KB811833 talks about enabling FIPS compliant algorithms, its titled: The effects of enabling the “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” security setting in Windows XP and in later versions of Windows

Someone called me recently stating that their SharePoint farm had expired, it was a shock to them because they had installed it with the correct key. Some digging revealed that there was a post-SP2 bug. There’s a hotfix (32-bit / x64) available as well and that sent me down a path of identifying what level of SharePoint I was running. There was a great post by Penny Coventry that I used to refer but it hadn’t been updated. After some more searching and clicking around, I finally found it. Here is the blog post: How to find the level of SharePoint you are running on Penny’s new blog.

To summarize for MOSS 2007/WSS 3.0:

Using SharePoint Central Administration Web site SharePoint HTML Site Settings admin pages will show the following version numbers:

12.0.0.6510 MOSS 2007¹ or WSS 3.0 SP2 + June 09 cumulative Update (KB971538 + KB971537)
12.0.0.6504 MOSS 2007¹ or WSS 3.0 SP2 + April 09 cumulative Update (KB968850 + KB968851)
12.0.0.6421 MOSS 2007¹ or WSS 3.0 SP2 (KB953338 + KB953334)
[Updated 1st Aug 09: SP2 download now includes the hotfix (KB971620) that corrects the activation issue; more information on the Microsoft SharePoint team blog]
12.0.0.6341 MOSS 2007¹ or WSS 3.0 February 09 cumulative Update (KB961755 + KB961756)
12.0.0.6335 MOSS 2007¹ or WSS 3.0 December 08 cumulative Update (KB960010 + KB960011)
12.0.0.6331 MOSS 2007¹ or WSS 3.0 October 08 cumulative Update (KB957691 + KB957693,KB958567 and KB958569)
12.0.0.6327 MOSS 2007¹ or WSS 3.0 August 08 cumulative update (KB956056 & KB956057)
12.0.0.6318 MOSS 2007¹ or WSS 3.0 Infrastructure Update (KB951695 & KB951297)
12.0.0.6303 MOSS 2007¹ or WSS 3.0 post-SP1 hotfix (KB948945)
12.0.0.6301 MOSS 2007¹ or WSS 3.0 post-SP1 hotfix (KB941274)
12.0.0.6300 MOSS 2007¹ or WSS 3.0 post-SP1 hotfix (KB941422)
12.0.0.6219 MOSS 2007¹ or WSS 3.0 SP1
12.0.0.6039 MOSS 2007¹ or WSS 3.0 October public update
12.0.0.6036 MOSS 2007¹ or WSS 3.0 August 24, 07 hotfix package
12.0.0.4518 MOSS 2007¹ or WSS 3.0 RTM
12.0.0.4407 MOSS 2007¹ or WSS 3.0 Beta 2 TR
12.0.0.4017 MOSS 2007¹ or WSS 3.0 Beta 2
12.0.0.3111 Office 12 (PDC image – pre-beta) – This version of Office does not have a support link in the Add/Remove programs dialog box.

¹To confirm that a particular service pack/hotfix is install on SharePoint Server you must either check the version numbers of specific dlls as specified in the related Microsoft Knowledge Based article or:

Watch the Updates Resource Center for SharePoint Products and Technologies for the next update.

I had this problem that I first noticed when a users profile picture was not being updated. He had updated his pic on his MySite but it would not appear on “People and Groups” inside the top level Site Collection.

The next day I attempted to back up (using Central Admin) my farm and it just sat there at initializing. I checked the timer jobs and noticed that nothing had run since this was installed. A quick search on Bing and Google suggested clearing the cache. That didn’t work for me, but in summary, I’ll repost from here:

1. Stop the Timer service. To do this, follow these steps:
Click Start, point to Administrative Tools, and then click Services.
Right-click Windows SharePoint Services Timer, and then click Stop.

2. Clear the cache. To do this, follow these steps:
Open the following folder: %ALLUSERSPROFILE% \Application Data\Microsoft\SharePoint\Config\
Open the cache.ini file and change the value to 1. Save the change and close the cache.ini file.

3. Delete or move all of the XML files.

4. Start the Timer service. To do this, follow these steps:
Click Start, point to Administrative Tools, and then click Services.
Right-click Windows SharePoint Services Timer, and then click Start.

OK, so that may work for some people. Just a note, on Windows Server 2008 (my deployment) the location for step 2 is actually:

C:\ProgramData\Microsoft\SharePoint\Config\

As I said though, that didn’t work. There were no event log errors and nothing obvious in the ULS (honestly didn’t look that hard), I was pulling my hair out. Well, I found out that the password for the farm account had been changed. Apparently, after changing it, no one ran the STSADM command:

stsadm -o updatefarmcredentials -userlogin DOMAIN\UserName -password NewPassword

I found that on a blog post by Ricardo Costa. He had a link to Microsoft’s KB article KB934838: How to change service accounts and service account passwords in SharePoint Server 2007 and in Windows SharePoint Services 3.0
Isn’t that a nice title?

That didn’t entirely fix my problem still. The backup did run, so I’m happy for now but there are alot of errors.

While I’m on the subject of changing passwords, I am seeing many organizations (like DoD or non-profits) enforcing 90 day password changes. I think if you followed Microsofts Best Practices for service accounts (Plan for administrative and service accounts), that should suffice. Changed service account passwords are a hassle!