A follow-up from last week's post about the release of SP2 for Office and SharePoint 2010: The updates from the June Cumulative Update (KB 2855357) will not install on SP2. The August Cumulative Update will be the first to do so. However, the June Cumulative Update includes some changes that are not available in SP2. If you need those changes, and SP2 is already deployed, you will need to wait until the August Cumulative Update is released and install it to get the changes from June. If the updates from June are already deployed but SP2 is not, our recommendation is to wait until August is available and then install the updates from August and SP2 in any order.

Posted @http://social.technet.microsoft.com/wiki/contents/articles/20100.default-site-templates-in-sharepoint-server-2010.aspx

There is no direct approach/method to upgrade from WSS 2.0 to SharePoint 2013. The changes between versions are too great, and the hardware requirements differ so much between versions that a direct, in-place upgrade is not possible or supported. You can, however, perform a series of database attach upgrades to first upgrade your content to Windows SharePoint Services 3.0 to Microsoft Office SharePoint Server 2007 to SharePoint Server 2010 and then to SharePoint Server 2013.

Supported Upgrade Sequence

To upgrade your content across these versions, follow these steps.

The supported and tested upgrade path is Windows SharePoint Services 2.0 to Windows SharePoint Services 3.0 to Microsoft Office SharePoint Server 2007 to SharePoint Server 2010 and then SharePoint Server 2013.

1. First upgrade: Upgrade the content to WSS 3.0
   
   This upgrade method will ensure the required upgraders are run as intended. One of the most common applications of this upgrade method is an in-place upgrade of Windows SharePoint Services 2.0 to Windows SharePoint Services 3.0 followed by the installation of Microsoft Office SharePoint Server 2007 over the Windows SharePoint Services 3.0 installation.
   
   
   • Download the prescan.exe tool and run it on the SharePoint site
   • Check that there are 0 errors and check that the bit flag value on the database for the web site in the table sites is updated.
   • Check for the SQL server having WSS 2.0 sites, stop the services and move the database files over to the new SQL server
   • Run the Products and technologies wizard on the WSS 3.0 environment
   • Create a new web app on port 80 (or a random port)
   • Once the web app is up, detach the content database from Central Admin, Application Management, Manage Content Databases page
   • Attach the restored WSS 2.0 db to the web app in WSS 3.0 and then run the following command to upgrade the database from WSS 2.0 to WSS 3.0

   Stsadm -o addcontentdb -url http://webappUrl -databasename <restoredfromWSSv2> –databaseserver <WSSv3_SQLSvr>

   • Wait for the operation to complete.
   • Once completed, browse to the web app and verify that the sites are browse able.
     
2. Second upgrade: Upgrade the content to Microsoft Office SharePoint Server 2007
   
   
   You can install MOSS 2007 over the Windows SharePoint Services 3.0 installation.
   
3. Third upgrade: Upgrade the content to SharePoint Server 2010 Products
   
   
   • Use SQL Server to make a backup of the content databases on the Windows SharePoint Services 3.0 or Office SharePoint Server 2007 farm, restore the backups to the SharePoint Foundation 2010 or SharePoint Server 2010 farm, and then take the old farm offline.
   • Attach the copies of the content databases to the SharePoint Foundation 2010 or SharePoint Server 2010 farm and upgrade them (optionally, you can upgrade them in parallel).
   • Verify that the content was upgraded and that the SharePoint Foundation 2010 or SharePoint Server 2010 farm is working correctly.
     
4. Fourth upgrade: Upgrade the content to SharePoint Server 2013 Products
   
   
   • Use SQL Server to make a backup of the content databases on the SharePoint Foundation 2010 or SharePoint Server 2010 farm, and then restore them to the SharePoint Foundation 2013 or SharePoint Server 2013 farm.
   • Attach the copies of the content databases to the SharePoint Foundation 2013 or SharePoint Server 2013 farm and upgrade them (optionally, you can upgrade them in parallel).
   • Verify that the content was upgraded and that the SharePoint Foundation 2013 or SharePoint Server 2013 farm is working correctly.
   • Upgrade the site collections.

More Information

• Don't be afraid of Prescan - Part 1
• Your Friend Prescan.exe - How to Get it & What it Does - Part 2
• Overview on pre upgrade scanner

What does Prescan do and what does it touch in the database?

PRESCAN.EXE will report on common issues that will result in a failed upgrade; therefore, running PRESCAN.EXE, addressing reported issues, and resolving those issues, and re-running PRESCAN.EXE to verify those fixes is a best practice when planning a Microsoft Office SharePoint Server 2007/Windows SharePoint Services 3.0 upgrade.

It parses and saves List definitions with the associated Lists. SharePoint Portal Server 2003 Service Pack 2 already incorporates this feature whenever a list is modified; however, this process should be completed for all Lists, so prescan calls the SharePoint Portal Server 2003 Service Pack 2 method to persist that data.

1. Tp_fields column in the lists table to persist the list schema. This is to facilitate v2->v3 list upgrade
2. Bitflags column in the sites table to indicate a site collection has been scanned.

Flips the bitflags field in the sites table in the content database to 262144 if it is ready to be upgraded.

• Understanding PRESCAN.EXE Errors
• You receive an error message when you run the pre-upgrade scan tool (Prescan.exe) to scan Windows SharePoint Services 2.0 sites before you upgrade to Windows SharePoint Services 3.0

• WSS 2.0 to 3.0 Upgrade Toolkit for Windows SharePoint Services Sites and Templates Guide
• Utility Spotlight - Upgrade Toolkit for SharePoint Sites and Templates
• Microsoft Press: Upgrading from Microsoft SharePoint Portal Server 2003
• White paper: Upgrading Large Microsoft Office SharePoint Portal Server 2003 Intranet Portals to Microsoft Office SharePoint Server 2007

• Upgrade examples: Upgrading three common customizations

If you have extensively customized your Microsoft Office SharePoint Portal Server 2003 sites (by using Microsoft Office FrontPage 2003), you need to determine how you want to handle your customized sites when you upgrade. Your approach will vary based on the extent of the customizations, the complexity of your site, and your goals for upgrading.

• Upgrading from SharePoint Portal Server 2003 to SharePoint 2010 Part 1
• Upgrading from SharePoint Portal Server 2003 to SharePoint 2010 Part 2
• Upgrade from Windows SharePoint Services 2.0 to SharePoint Foundation 2010
• Upgrade from Office SharePoint Server 2007 or Windows SharePoint Services 3.0 to SharePoint Server 2013 or SharePoint Foundation 2013

E-mail is an integral part of any SharePoint installation as it is the backbone of communication with in a SharePoint farm and its users. Needless to say, it becomes imperative for any SharePoint administrator to know the basics of configuring the SharePoint environments to send and receive emails.

Dave Coleman (Microsoft MVP) has an excellent series of blog posts which provide step-by-step instructions to setup incoming and outgoing email. You can access it here.   

Issue

In Microsoft SharePoint Foundation 2010 or Microsoft SharePoint Server 2010, you see the following error getting logged in the Application Event Log:

Log Name       :  Application

Source           :  Microsoft-SharePoint Products-SharePoint Foundation

Event ID         :  8311

Task Category :  Topology

Level              :  Error

Description      : 

An operation failed because the following certificate has validation errors:\n\n Subject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US \n Issuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: 7884622F8B800E7AFAAFD3DDF98BE8AC96D4F952\n\n

Errors:\n\n The root of the certificate chain is not a trusted root authority.

Additionally, other areas such as search, claims authentication also do not function correctly.

CAUSE

This problem occurs when an administrator deletes the "local" trust relationship of the farm from the "Security" section of the Central Administration web site (Central Administration > Security > Manage Trust)

RESOLUTION

It looks like the root certificate for STS is missing from the SharePoint certificate store. As a result, claims authentication in the environment may totally broken. You will need to export the certificate from the certificate store on the local computer and add it to the SharePoint certificate store. Use the certificate thumb print from the event log to locate the certificate that needs to be added.

In order to resolve this problem, the local trust relationship has to be created. This can be done using PowerShell commands or from the Central Admin site.

PowerShell

$rootCert = (Get-SPCertificateAuthority).RootCertificate

New-SPTrustedRootAuthority -Name "localNew" -Certificate $rootCert

After running the above commands, perform an IISReset on all servers in the farm.

Alternate Method (Central Administration site)

1. Export the certificate from the Computer’s certificate store 

1. Log on to the SharePoint server where you are seeing the certificate errors
2. Open Start à Run, type in “mmc”  and hit “Ok”
3. From the file menu, choose “Add/Remove Snap-in”
4. Double click “Certificates”

1. Select “Computer account” and walk through the rest of the wizard. Make sure you select “Local Computer”

1. Hit Finish and then “OK”

1. Go to “Certificates” à SharePoint à Certificates

1. Double click on each of the three certificates and look at their thumbprint (details tab). If the thumb print of the certificate matches the thumb print from the event log, this is the certificate you want to export
2. Export the certificate (right click, All Tasks à Export). Leave all default options selected and save it to the desktop.

 

2.  Add the certificate to the SharePoint certificate store

          

1. Go to Central Admin à Security à Manage Trust.

1. Click on “New”.

1. Specify any appropriate name, and select the certificate you exported earlier.
2. Click OK.

After running the above commands, perform an IISReset on all servers in the farm.

The steps included in this post are:

1. Configure SQL for membership store
2. Create a new Web Application with 'Claims-based authentication'
3. Modify the Web.config files
         a. Configure the web.config of the web application to use ASP.Net membership provider
           b.  Configure Central Admin to use the ASP.Net membership provider
           c.  Configure the Security Token Service (STS) application)
4. Add A User Policy
5. Login
   

• For the purpose of this article, I have used the following configuration:

Web Application Name     -  SharePoint – SQLMemberWeb80
Web app URL                      -  http://SQLMemberWeb 
Membership Provider       -  SQL-Membership
Role Manager                     -  SQL-RoleManager
SQL Instance Name           -  Skylark
Connection String name  -  SQLConnString
ASP Net DB                         -  SQL-Auth

1. Create a database for ASP.Net Membership and Role Provider
   
   
   1. Microsoft ships providers that work with a SQL Server database. There is a tool called “aspnet_regsql” that can be used to configure a database to use ASP.NET application services. This is located at ‘C:\Windows\Microsoft.NET\Framework\v2.0.50727’.
      Here are the steps:
      
      • Browse to "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727".
      • Used the command 'aspnet_regsql' to launch the ASP.NET SQL Server Setup Wizard.
      • Choose 'Configure SQL Server for application services' (the default choice) on the 'Select a Setup Option' screen and click Next.
      • You can choose an existing database to add the membership elements to, or you can type in a new name and the database will be created for you.
      • Specify the SQL Server name (Instance Name), database name to create (in this case, it is 'SQL-Auth’).

             

   • Wait for the database to be created successfully.
   
   
2. Create a new Web Application with 'Claims-based authentication'
   
   Create a new web application and configure it for Mixed-mode (Windows + SQL authentication) authentication.

   Provisioning a Claims based web application using UI

   1. From the Central Administration (CA) site, go to 'Application Management'.
   2. Click on 'Manage Web Applications' link.
   3. From the Ribbon, click on the ’New’ button to create a new web application.
      
      
      
   4. Make sure to select the 'Claims Based Authentication’

   5. In the Authentication Type section, select Enable Windows Authentication and select NTLM or Kerberos.
   6. In the Authentication Type section, select “Enable Forms Based Authentication (FBA)'”.
   7. Enter in the ASP.NET Membership provider and Role manager name as 'SQL-membership' and 'SQL-Rolemanager'
       respectively.

           

   8. Click on “OK” button to create the web application.

   Enable Claims-based authentication on an existing web application

   When you provision a web application in SharePoint 2010, you get an option to enable Claims-based authentication. However, after the provisioning, there is no option in the GUI to turn it on. This is where PowerShell comes in. We can update the authentication method from classic to claims-based authentication using the lines below:

   $WebApp = Get-SPWebApplication"http://WebAppURL"
   $WebApp.UserClaimsAuthentication = "True"
   $WebApp.Update()

3.   Modify the Web.config files (Forms Web Application, Central Admin and Security Token 
      Service)

• Modify web.config of FBA web application
  
  Add connection String:    

         

           Connection String has to be added after</SharePoint> but before the<system.web> element.

           Add membership Provider and Role Manager:

               

• Modify web.config of the Central Administration web application.
  
  Add connection String:

                      

•  Add membership Provider and Role Manager:

• Modify web.config of Security Token Service (STS)
  
  Note: You can locate the STS web.config from %Programfiles%\common files\Microsoft Shared\web server extensions\14\WebServices\SecurityToken 

             Add connection String:

            

            Add membership Provider and Role Manager:

          

          The preceding entry has to be added before the </configuration> element. Save and close the Web.Config file.

        After adding the preceding entry, save and close the Web.Config file.

• If this does not work, changed the web.config of the STS as follows:

•  Save and close the Web.Config file.

4.    Add A User Policy

          In case you have already created the users, you can add them to the web application. If not, we need to create the users who will be a
          part of the membership database.

          To begin, we will create the connection string and the providers (Role Provider and Membership Provider). Here are the steps:
          

• Open Internet Information Services (IIS) manager on the server

• Expand the 'Sites' node and select the SharePoint Central Administration v4 site. 

• On the Home Page, the two main options that we need are "Connection Strings" and "Providers" as highlighted below:

             

• Open the Connection Strings Page.

• Under Actions menu on the right, select Add.. to create a new connection string. 

• Provide the details for the membership database for the new connection string

            
 

         Add a Role Provider

• Highlight the web application in IIS.

• Set feature to .NET Roles

• Click Add… in the Actions pane to add a new role provider.

• Name it 'SQL-Rolemanager'

           

          Add a Membership Provider

• Highlight the web application in IIS.

• Set feature to .NET Users.

• Click Add..in the Actions pane to add a new membership provider

• Name it 'SQL-Membership'

           

          Add Users to the Web Application

• Open Internet Information Services (IIS) manager on the server

• Expand the 'Sites' node and select the newly created web application

• Create some users by using the '.Net Users' feature.

• When prompted with an error stating the feature cannot be used because the default provider is not a trusted provider, click OK.

• In the Actions pane, click Set Default Provider.

• In the Edit .NET Users Settings dialog box, note that the default provider configured in SharePoint Server 2010 is "i". In the Default Provider list, click SQL-Membership, and then click OK.

• In the Actions pane, click Add..

• When prompted with an error stating the default .NET Roles provider does not exist, click OK.
• In the Add .NET User dialog:
            
  • On the .NET User Account Details page, type the appropriate values in the User Name, E-mail, Password, Confirm Password, Question, and Answer boxes, and then click Next.
  • On the .NET User Roles page, click Finish.

• I named the user as 'SQLFBAUser1' and then added it to the 'SQL-Rolemanager' role provider.

• In the Actions pane, click Set Default Provider..

• In the Edit .NET Users Settings dialog box, in the Default Provider list, click 'i', and then click OK.

• Coming back to adding the users to the web application, browse to 'Central Administration - Applications Management - ManageWeb Applications' page.  and click the 'SharePoint - SQLMemberWeb80' item.

• Click on 'User Policy' in the ribbon to bring up the User Policy dialog.

• Click on the 'Add Users' link.

            

• You are then asked what zone to configure users for, choose “Default” and click Next.

• Even if we enter a part of the user name, we should see a few suggestions in the people picker as below:

            

• Alternatively, click on 'Browse' (the Address book icon) which will bring up the people picker.

• This has a new interface and it allows you to search in one dialog and show matches from ALL of the directories you have configured. Type in a partial name like NT login name or account name (use whatever nomenclature you prefer here) and click the search button. You will see something like the following, showing our Forms Auth user and the user in the active directory (if there is a corresponding account)

           

• You can also enter a user name like 'SQLFBAUser' which is limited to being a .Net user.

• Click on the find button and the user name should resolve.

            

• Choose the required permissions for the user and hit Finish.

That’s it!!

• Now that we have specified the permissions on the web application, go ahead and browse to the site as http://SQLMemberWeb.

• You should get an initial prompt to choose the kind of authentication method you want to use to access the site (i.e.) between Windows Authentication (NTLM) and/or Forms-based Authentication (ASP.NET Membership).

        

• Choosing Windows Authentication will use the credentials of the currently logged on user for authentication.

• When we choose 'Forms Authentication' from the drop down, the page posts back with a standard forms login page.
• Enter the credentials of the user to which you granted the Full Control user policy and you should log into the site.

           

• You are now logged into your site as SPUser, with site administrator privileges (note the 'Site Actions' menu contains privileged capabilities).

Wrap up

• Create the database using 'aspnet_regsql'
• Add users and roles using the Web Site Administration Tool
• Add connection strings in the web.config for:
                  
  • Your web application
  • Central Administration
  • Security Token Service Application
    
• Add membership and role providers for:
        
  • Your web application
  • Central Administration
  • Security Token Service Application
    
• Edit web.config for Central Administration
  
  • Set the default provider for roles as AspNetWindowsTokenRoleProvider
  • Set the default provider for membership as your new membership provider
  • Add the PeoplePickerWildcards entry
    
• Edit web.config for the Secure Token Service Application

                         -   Set the default provider for roles as your provider.
                         -    Set the default provider for membership as your provider

• Add the FBA administration user to Central Administration.

Manage Users

In order to manage users in the SQL DB,  you can access the users that are in the database from SharePoint and grant them permissions, but you cannot actually add roles or users to the SQL DB.

Here are a few other options which I thought could act as pointers:

1.  Use the IIS manager

• Open IIS manager on the server
• Expand the 'Sites' node and highlight the site that has been enabled with mixed-mode authentication (NTLM and SQL provider)
• In the right-hand pane, click on '.Net Users' and we will receive the following error:

This feature cannot be used because the default provider type could not be determined to check whether it is a trusted provider.

You can use this feature only when the default provider is a trusted provider. If you are a server administrator, you can make a provider a trusted provider by adding the provider type to the trusted providers list in the Administration.config file. The provider has to be strongly typed and added to the GAC (Global Assembly Cache).

• This is expected as the default provider set in the web.config is "i" and it not added as a Trusted provider

• This is specified in the "Administration.config" file located in "C:\Windows\System32\inetsrv\Config\".

• The provider can be added to the trusted assemblies by adding the following line to your <trustedProviders> section in the 'Administration.config' file
  
  <add type=”Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” />

In order to use IIS Manager to manage your SQL users, you need to set the default provider to your Forms provider, like 'SQLMembership'. In order for it to work, we need to set it to the SharePoint claims provider.  Go back to '.NET Users' and reset the default provider to “i” which is for the Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider

You should also check the default Role Provider for the web application and ensure that is set to “c”.  If this is set to the SQL provider that you created, you will get an unexpected error after you logon like 'Access Denied', unable to login to the site etc.

As mentioned earlier, this is a glitch/a caveat in IIS 7.

Workaround

You could work around this by creating another IIS web site, configure the same way you did for SharePoint – FBA (or whichever site you are using), and use that for managing users.

• You can add a new user to the ASP.NET Membership database by clicking on Add… on the Actions pane.

• Select a User, Email, and Password.

• If you have not configured the password rules, you may see an error message as follows:

• Go back to the .NET Users Providers module from the IIS Manager console, and click on the 'Collections' button under
  Misc. -> Provider Specific Settings.

• Change the configuration of the Provider setting like 'enablePasswordReset', 'requireQuestionAndAnswer' etc..

2.  Membership Seeder

To create users and groups, manage passwords, etc. for forms-based authentication (FBA), you will need a tool to manage that information. Use the Membership Seeder tool. You can use it as-is for simple user and role management, or you can use the source code as basis for creating your own tool.

It allows you to create individual users or a batch of users (for scenarios such as testing). You can change passwords, delete users, and set their email addresses at account creation time. For roles, you can create and enumerate roles, add and remove users from roles (either individually or in batch), and enumerate the list of users in each role. Membership Seeder should work with any ASP.NET Membership and Role provider, so it’s valuable for testing the functionality of custom built providers as well.

The next few screenshots will illustrate how to add some users and groups that you can use for testing your FBA implementation. Here is a screenshot of the application:

The first time you run the Membership Seeder application, click on the Configure… button.  This brings up a dialog where you enter the name of the SQL Server that your SQL membership database is hosted.  After you enter that information and save your changes, you need to restart the Membership Seeder application so that it will use the new server name.

NOTE: You can also manually change the settings for both the connection string as well as the provider that is used by editing the MembershipSeeder.exe config file.

To create a batch of new users for testing purposes, type a value in the User Prefix edit field, type the password you want each user to have in the Password edit field, then select the number of users you want to create in the # of Users field.  When you click the Create button it will create users where the user name is the value of the User Prefix field with an incrementing number added to the end.  For example, if the User Prefix field is "user" and # of Users is 2, then two users will be created and named "user1" and "user2".  If you only want to add a single user and not add the numeric value to the end of the user name then check the "Only create or delete 1 user; don't use the # of Users field" checkbox.  Deleting users works in a similar manner as creating users.

3.  CreateUser wizard

You can make a page with the createuserwizard for user addition and there is definitely a lot that you can do with the basic wizards, but it may help, as most likely if you are using this form of authentication, users will be registering themselves for the site anyway.  This wizard is a basic template for registration for your users.

4. Using Visual Studio

You can use Visual studio to open the web site that SharePoint created and go to the website menu, then ASP.NET Configuration and create more users/roles as we did with the first one. For more information on this, please visit:

• Use Web Site Administration Tool in Visual Studio: http://blogs.msdn.com/b/sridhara/archive/2010/01/15/setup-claims-using-aspnetsqlmembershipprovider.aspx
• Using the Web Site Administration Tool to Add Users: http://blogs.msdn.com/b/kaevans/archive/2010/07/09/sql-server-provider-for-claims-based-authentication-in-sharepoint-2010.aspx

Additional Information

• Implementing a Membership Provider - http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
• Introduction to Membership (MSDN) - http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx (A great introductory material on ASP.NET Membership basics)
• A free 23-minute video explaining ASP.NET Membership: Understanding ASP.NET Memberships -   
  http://www.asp.net/security/videos/understanding-aspnet-memberships
• Configure FBA in SP 2010 - http://blogs.technet.com/b/mahesm/archive/2010/04/07/configure-forms-based-authentication-fba-with-sharepoint-2010.aspx
• Setting up FBA Claims in SharePoint 2010 with Active Directory Membership Provider:    http://blogs.msdn.com/b/sridhara/archive/2010/01/07/setting-up-fba-claims-in-sharepoint-2010-with-active-directory-membership-provider.aspx

In MOSS 2007, we’re used to seeing a link in a drop-down box at the top right of our SharePoint sites, called My Links. At first glance, it seems that this functionality has been removed from SharePoint 2010. It’s still there, sort of.

There are MY LINKS in SharePoint 2010, but sort of HIDDEN.

Libraries

In a library, go to the Library tab in the ribbon.  Click the ‘Connect to Office’ button.  This is the interface to add or remove a link to the library to the list of “My Links”, as well as to manage this list of links.

When you click ‘Add to SharePoint Sites’, this library is not only added to your own personal list of links, but it is added to all of your Office suite of applications, on the “Open” and “Save As” screens. 

When you click Manage SharePoint Sites, the following screen is displayed, with a list of your whole list of links.

My Site

Go to your ‘My Site’ and click on ‘My Content’ at the top.  Click Site Actions, Edit Page, and click to Add a Web Part.  In the Recommended Items category of Web parts category, click to add the 'My Links' web part to the page. Right click on the My Links web part title, and copy that URL to the clipboard. It will be something like /_layouts/MyQuickLinks.aspx">http://<MySiteURL>/_layouts/MyQuickLinks.aspx 

Now, if you want the ‘My Links’ link to be more obvious and accessible, there is a way though it is not the same as in SharePoint 2007.  It entails adding My Links to the Personalization Site Links in the User Profile Service Application.

1. In Central Administration, click Manage Service Applications.
2. Click the User Profile Service Application.
3. Click Configure Personalization Site under 'My Site Settings'
4. Click New Link.
5. Your URL will look something like that.  In this scenario, I have a web app just for my sites.  Fill in an owner because that field is required. Leaving the Audience field blank means that this link will be shown to everyone.

Now, when users are on their My Site, My Profile, My Content, they will see this:

The control was removed from the Master Page, though the ‘My Quick Links’ management page still exists. Upgraded User Profiles will find the My Links on this page and have the option to turn the links into Notes/Tags. I believe that the thinking is to "Upgrade" my links to Social Data.

I think this is an imperfect solution though, since My Links are a "permanent" list, where Tags/Notes are more "temporal" in that they roll from Month to Month in the user’s personal content.

In 2007, the control was “~/_ControlTemplates/MyLinks.ascx". It is in the same location in SP 2010.

The control in the file which renders the 'my links' in 2007 is

<SPSWC: MyLinksMenuControl id ="MyLinksMenu" runat ="server"/>, if you whack it on a 2010 masterpage/page layout, it renders differently and provides different menu options than it does in 2007. If you reflect the 2007 and 2010 dll's it resides in (Microsoft.SharePoint.Portal.WebControls) you'll find that they've changed the implementation.

After you apply the October2010 Cumulative Update for SharePoint Server 2010 (14.0.6112.5000), the profile picture import can run into some issues.

1. Profile picture is not imported or updated after running a full synchronization.

The ULS logs will show the following entry:

SavePictureToLibrary: Error processing the photo URL picture_GUID.jpg for user 1: System.UriFormatException: Invalid URI: The hostname could not be parsed. at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind) at System.Uri.CreateUri(Uri baseUri, String relativeUri, Boolean dontEscape) at System.Uri..ctor(Uri baseUri, String relativeUri) at Microsoft.SharePoint.WebPartPages.Utility.CanonicalizeFullOrRelativeUrlCore(String fullOrRelativeUrl, Boolean includeQueryString, Boolean& isFullUrl) at Microsoft.SharePoint.SPWeb.GetList(String strUrl) at Microsoft.Office.Server.UserProfiles.UserProfileGlobal.LoadPictureLibrary(SPWeb rootWeb, ProfileType profileType) at Microsoft.Office.Server.UserProfiles.UserProfileGlobal.GetOrCreatePictureFolder(UserProfileManager userProfileManager) at Microsoft.Office.Server.UserProfiles.UserProfileGlobal.SaveImportedPictureToLibrary(UserProfileManager userProfileManager, Int64 recordId, Byte[] binaryPicture)

      2.    Additionally, the PowerShell command 'Update-SPProfilePhotoStore' to fix the existing pictures and library also fails.

Here's the command that is run to fix the issue with existing pictures:

  Update-SPProfilePhotoStore -CreateThumbnailsForImportedPhotos 1 -MySiteHostLocation http://mysite

However, it fails with an error that looks something like this:

Update-SPProfilePhotoStore : The pipeline has been stopped
At line:1 char:27
+ Update-SPProfilePhotoStore <<<< -CreateThumbnailsForImportedPhotos $true -MySiteHostLocation "http://<MySiteURL> "
+ CategoryInfo : InvalidData: (Microsoft.Offic...ofilePhotoStore:SPCmdletUserProfilePhotoStore) [Update-SPProfilePhotoStore], PipelineStoppedException
+ FullyQualifiedErrorId : Microsoft.Office.Server.UserProfiles.PowerShell.SPCmdletUserProfilePhotoStore

Update-SPProfilePhotoStore : Invalid URI: The hostname could not be parsed.
At line:1 char:27
+ Update-SPProfilePhotoStore <<<< -CreateThumbnailsForImportedPhotos $true -MySiteHostLocation "http://<MySiteURL> "
+ CategoryInfo : ObjectNotFound: (:) [Update-SPProfilePhotoStore], UriFormatException
+ FullyQualifiedErrorId : Microsoft.Office.Server.UserProfiles.PowerShell.SPCmdletUserProfilePhotoStore

So far, the issue seems to be limited to environments where the my site is hosted on a root site collection ('/').

In order to fix this, follow the steps listed below:

• Create new site collection under the root of MySite web and specify the new URL in MySite host settings under the User profile Service Application settings
• Access the MySite and you should be directed to the new URL for my site.
• Upload a picture on to your profile page and it should be successful.
• You should be able to run the 'Update-SPProfilePhotoStore' PowerShell command to fix the existing pictures and libraries. 

Update

The December 2011 CU should do the trick. Here are the links: 

KB.2597058  -  SharePoint Foundation 2010

KB.2597014 -  SharePoint Server 2010

The build number  of the cumulative update package is 14.0.6114.5000

 After you install this hotfix, you must restart the User Profile Synchronization Service for profile synchronization to function correctly.

 Apply the update and the PowerShell script should work again.

In SharePoint Server 2010, the profile synchronization database keeps growing after each sync. This seems to be expected behavior at the time of writing this post.

If you review the Database Types and Descriptions (http://technet.microsoft.com/en-us/library/cc678868.aspx) article on TechNet, it states the following for general size and growth factors:
“Medium to large. Growth factors include the number of users and groups, and the ratio of users to groups.”

However, it does not state that the database will grow forever with no cleanup process that will clean up the database.

One workaround would be to delete your UPA (keeping the Social and Profile DB) and recreate the UPA with a new Sync DB once a month, thus not allowing the sync DB to grow too large.

• Reset profile synchronization database

The User Profile Synchronization database serves as a staging area for user profile information. User Profile information that is stored in the profile store and synchronization database is consumed by the User Profile service. By following the below steps, you can safely reset a User Profile Synchronization database without losing information in the profile store.

A few things to be careful about before you do this:

1. Make screenshots of all settings (i.e. database names, My Site host location, etc.).
2. Back up the User Profile service application. For more information, see Back up a service application (SharePoint Server 2010)
3. If you are using the My Site cleanup timer job, you must DISABLE it before you reset the synchronization database. Otherwise, the job will delete all user profiles and My Sites from the farm. For information about this timer job, see the Timer job reference (SharePoint Server 2010). For information about the Windows PowerShell cmdlets that you use to enable and disable this timer job, see Timer jobs cmdlets (SharePoint Server 2010).
4. Any custom properties that have been mapped to the user profile attributes will be lost.

To reset profile synchronization by using Windows PowerShell:

Verify that you meet the following minimum requirements:

• See Add-SPShellAdmin.

• You must be a member of the Farm Administrators group on the computer that is running the SharePoint Central Administration Web site.

• The farm account, which is created during the SharePoint farm setup, must also be a Local Administrator on the server where the User Profile Synchronization service is deployed.

This is required to start the User Profile Synchronization service. After the User Profile Synchronization service is started you can remove the farm account from the Administrators group.

1. As a precaution, back up the User Profile service application. For more information, see Back up a service application (SharePoint Server 2010).
2. If you are using the My Site cleanup timer job, you must DISABLE it before you reset the synchronization database. Otherwise, the job will delete all user profiles and My Sites from the farm. For information about this timer job, see the Timer job reference (SharePoint Server 2010). For information about the Windows PowerShell cmdlets that you use to enable and disable this timer job, see Timer jobs cmdlets (SharePoint Server 2010).
3. On the Start menu, click All Programs.
4. Click Microsoft SharePoint 2010 Products.
5. Right-click SharePoint 2010 Management Shell and then click Run as administrator.
6. In the User Account Control dialog box, click Yes.
7. At the Windows PowerShell command prompt, type the following command to stop the SharePoint 2010 Timer service:

Net stop SPtimerv4

Copy the following code and paste it into a text editor, such as Notepad: 

   1: $SyncDB=Get-SPDatabase –Id <GUID of User Profile Sync DB>

   2: $syncdb.Unprovision()

   3: $syncdb.Status='Offline'

   4: Get-SPServiceApplication

   5: # Copy the GUID associated with the User Profile Service and paste it after "Id"in the next command

   6: $UPA = Get-SPServiceApplication –Id <GUID of User Profile Service Application>

   7: $UPA.ResetSynchronizationMachine()

   8: $UPA.ResetSynchronizationDatabase()

   9: $syncdb.Provision()

Replace the following placeholders with values where:

• <GUID of User Profile Sync DB> is the GUID of the synchronization database.

• <GUID of User Profile Service Application> is the GUID of the User Profile Service application.

For more information, see Get-SPDatabase.

Note:  This script does not show any status or progress.

1. Save the file as an ANSI-encoded text file and name the file ResetSyncDB.ps1.
2. At the Windows PowerShell change to the directory where you saved the file.
3. Type the following command:

   1: ./ResetSyncDB.ps1

1. Add the User Profile Synchronization service account (farm account) as the dbowner on the Sync DB (using SQL Server Management Studio).

Perform the following steps to check whether you have granted  the correct permissions to the database access account:

1. Connect to the computer that runs SQL Server by using an account that has Administrator permissions.
2. In SQL Server Management Studio, Object Explorer navigation pane, expand the Security node, and then expand the Logins node. The name of the database access account indicates that it is a SQL login.
3. If the account exists, in the Object Explorer navigation pane, expand the Databases node, expand the user profile Sync database node, expand the Security, and then click Roles.
4. Expand the Database Roles node, right-click db_owner role and select Properties.
5. In the Database Role Properties dialog box, check whether the database access account is in the Members of this role list. If the account is not listed, click Add.

For more information about db_owner role, please refer to the following article:

1. Database-Level Roles:                            http://technet.microsoft.com/en-us/library/ms189121.aspx
2. How to: Create a SQL Server Login:     http://go.microsoft.com/fwlink/?LinkId=211993
3. How to: Create a Database User:          http://go.microsoft.com/fwlink/?LinkId=211994 

>  At the Windows PowerShell command prompt, type the following command to start the SharePoint 2010 Timer service:

Net start SPtimerv4

• Start the Profile Synchronization service. For more information, see the Start the User Profile Synchronization service section of the "Configure profile synchronization" topic.
• After the User Profile Synchronization Service is started, reset IIS.

IISreset

For more information about how to  Reset IIS , see the Reset IIS section of the "Configure profile synchronization" topic.

Note:  After you reset IIS, pages of the Central Administration Web site will take several seconds to load.

1. Create the synchronization connections to the data sources in the Central Administration UI. For more information, see Configure connections and import data from directory services.
2. Run full user profile synchronization. For more information, see the following articles:

• Start Profile Synchronization

• Start profile synchronization manually (SharePoint Server 2010)

I would recommend a full crawl on your search service application as well to make sure all People results are accurate.

Using the Enterprise Search keyword syntax in SharePoint Server 2010, you can build a search query that uses multiple property restrictions to narrow the search focus based on the specified condition. However, SharePoint will only take the first 3 property restrictions into account irrespective of the number of property restrictions specified in the search query.

Currently, this is a known behavior. So, the next time when you build a search query, include 3 or less number of property restrictions using the search keyword syntax.

References

• Property Restriction Keyword Queries (TechNet)
• Using Operators in Keyword Queries  (TechNet)
• Property Restriction Keyword Queries (MSDN)
• Query.RowLimit Property (MSDN)

This does not state any kind of limitation on the number of property restrictions that can be present in a search query other than that the query cannot  exceed 2048 characters.

This post describes an issue with incoming e-mail to lists and document libraries after installing the April 2012 CU for SharePoint 2010.

Those of you who have installed the April 2012 CU for SharePoint Server 2010 on the farm and configured incoming emails on document libraries or lists would have encountered this issue, User sends an e-mail to a list or document library. However, the email is never delivered to the list/document library.

Here are some more details:

The e-mails are received by the SMTP Drop folder (C:\inetpub\mailroot\Drop) but they seem stuck there and are not picked up by the 'SharePoint Foundation Incoming E-Mail timer job'. Moreover, the outgoing e-mail functionality is not affected.

Additionally, you see the following information in the ULS logs on the server:

[Date and Time] OWSTIMER.EXE (0x1C64) 0x086C SharePoint Foundation E-Mail 6873 Warning An error occurred while processing the incoming e-mail file C:\inetpub\mailroot\Drop\d74cf08401cd4f3b00000005.eml. The error was: Unknown alias: Test... eda2d81c-9ac4-4cad-b50e-f84198023084

......

[Date and Time] OWSTIMER.EXE (0x1C64) 0x086C SharePoint Foundation E-Mail 0000 High E-mail cannot be delivered because site is over quota or locked for editing. Site URL: http://siteURL eda2d81c-9ac4-4cad-b50e-f84198023084

[Date and Time] OWSTIMER.EXE (0x1C64) 0x086C SharePoint Foundation E-Mail 6871 Information The Incoming E-Mail service has completed a batch. The elapsed time was 00:00:00. The service processed 10 message(s) in total. Errors occurred processing 10 message(s): Message ID: Message ID: Message ID: Message ID: Message ID: Message ID: Message ID: Message ID: Message ID: Message ID: The following aliases were unknown: test……. eda2d81c-9ac4-4cad-b50e-f84198023084

Okay. I do not recall setting any sort of quota limit in my environment so the site being locked or set to read-only should not be a cause. Anyways, I re-looked at the quota settings for the site and it was not locked. So, this message seems to be logged even when the site is not locked and there is no quota limit set.

Now I also know that the steps outlined in Configure incoming e-mail (SharePoint Foundation 2010) are right as I have configured incoming e-mails on SharePoint environments in the past without hitting any major roadblocks.

Cause

This issue was first reported in April 2012 CU (version: 14.0.6120.5000) and persists with the June 2012 CU (re-release of April CU - version: 14.0.6120.5006)

Workaround/Resolution

The workaround/resolution for this issue is to configure a simple quota limit as follows

• Browse to the SharePoint Central Administration | Application Management | Configure quotas and locks under 'Site Collections' section and select the web application to configure
• In the 'Site Quota Information' section, select “Limit site storage to a maximum of:” option, set a limit to say 10000 Mb and press OK
  
  

Once you implement these steps, all the emails which have accumulated in the SMTP folder will be processed and delivered to the destination address.

-  Happy SharePointing!

To identify the template Id of the list, navigate to the list and go to the 'All Items' view. In the browser, go to 'View - Source' and search for “ctx.listTemplate”. The ‘Pages’ Library will show – “ctx.listTemplate = 850” and the ‘Images’ library will show “ctx.listTemplate = 101”.

For other template types, you will need to look up the list ID. You can use the following PowerShell method to retrieve the information about the lists within the site

# Retrieve list templates and IDs

$SPWeb = Get-SPWeb "http://URLtotheSite"

$SPWeb.ListTemplates | Select Name, type, type_client, Description

$SPWeb.dispose()

Additionally, you can use the following SQL query to enumerate all the template IDs that are used in your site collection

-- Enumerate all the IDs that are used in your site collection

SELECT tp_Title as Title, tp_BaseType, tp_ServerTemplate as templateID, tp_Description as Description   

FROM AllLists (nolock)     

ORDER BY TemplateID, Title

The information is available in the spreadsheet at the end of this post.

To begin with, the Support for Large Files was one of the enhancements made in Windows SharePoint Services SP 1. By default, the maximum size for uploading files is set to 50 MB. The maximum file size that it can go up to is 2,047 megabytes.

Now it is obvious that any cap on the maximum file size will stop the users from trying to upload larger files (including me!). Though SharePoint is meant to handle files that are up to 2 gigs in size, it is not practically feasible and not recommended as well.

However, there are circumstances where files of much smaller size fail to upload which makes one wonder as to what could be the reason. Hence I decided to write this post for all those who have come across this issue and are looking for some options to work around it.

On a SharePoint server (WSS 3.0, MOSS 2007, SharePoint Server 2010 or SharePoint Server 2013) when we upload any document larger that 50 megs on any document library, we can encounter the following error messages

• "An unexpected error has occurred"
• "The page cannot be displayed”
• "An unknown error occurred"
• "HTTP 404 – Page Not Found”
• “Request timed Out’

If you are using explorer view, the error message would be similar to

Could not find this item --> This is no longer located \\Servername\DavWWWRoot\team. Verify the item's location and try again".

Before we begin, I would like to mention that SharePoint is not really designed to handle huge files > 300 Mb). It stores all files in the content databases and that's where these large files are going. So I strongly recommend using file shares instead.

Going ahead, this can occur due to various reasons and I have listed a few of the possible causes and the workarounds for them

WORKAROUND(s)

Method 1  Increase the maximum upload size for the web application

Note : The default max single file upload size is 50 megs by default for a web application (in IIS 6.0) and 28 megs for IIS 7.0.

1. Go to 'Start > All Programs > Administrative Tools > SharePoint Central Administration > Application Management'.
2. Under SharePoint Web Application Management, click 'Web application general settings’.
3. On the Web Application General Settings page, choose the appropriate web application.
4. Under Maximum upload size, type the file size which you want to upload and click on OK. You can specify a maximum
   file size up to 2,047 megabytes.

Note:

Any upload size which is below 50 megs is enforced directly through web app settings. Above 50 megs, you need to make a some small change to the web.config file to allow larger uploads. Repeat the steps listed below for all zones for your web app all the servers which host the web application role.

• Open the web.config from 'C:\Inetpub\wwwroot\wss\VirtualDirectories\<Virtual Directory>' folder and modify it as follows
  

<httpRuntime maxRequestLength="51200" /> with <httpRuntime executionTimeout="999999" maxRequestLength="51200"/>

• Perform an IISReset and you should be good to go.

See <httpRuntime> element in web.config for more information.   

Method 2  Increase the connection time-out setting in IIS

While uploading large files, there are chances that the request will timeout. By default, the IIS connection time-out setting is 120 seconds. Follow these steps to increase the connection time-out setting,

• Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
• Right-click the virtual server that you want to configure, and then click Properties.
• Click the Web Site tab. Under Connections, type the number of seconds that you want in the Connection time-out box,
  and then click OK.

Method 3Increase the maximum upload size in the web.config file of web application

By default, the web.config file is located in the 'C:\Inetpub\Wwwroot\Wss\Virtual Directories\<Virtual Directory>' folder. Add the following configuration to the web.config, just before the <configuration> section closes out.

Here’s a screenshot of the web.config file after the change:

This sets the value of the maxAllowedContentLength property to 52428800 (in bytes) for the web application only.

See KB944981 - You cannot upload files that are larger than 28 MB on a Windows Server 2008-based computer that is running Windows SharePoint Services 3.0.

Note:

The following information is applicable to IIS 7.0 and suggests making a change to the ‘applicationhost.config’ file which is a core configuration file for IIS. For more information, see

Error message when you visit a Web site that is hosted on a server that is running Internet Information Services 7.0: "HTTP Error 404.13 - CONTENT_LENGTH_TOO_LARGE".

The maxAllowedContentLength property specifies the maximum length of content in a request in bytes and it needs to be set on a Windows Server 2008 computer that has IIS 7.0-only installations. To change the value of the property, do the following

• Open command prompt and go to 'C:\windows\system32\inetsrv' directory
• Run the below command

appcmd set config /section:requestfiltering /requestlimits.maxallowedcontentlength:unit

where the variable "requestlimits.maxallowedcontentlength" unit specifies the maximum length of content.

For example, to specify 2000000000 as the maximum length of content, type the following at the command prompt, and then press ENTER:

appcmd set config /section:requestfiltering /requestlimits.maxallowedcontentlength:2000000000

• Perform an IISreset /noforce.

• More info is available at

• Configure Request Filters in IIS 7
• What is RequestFiltering? 

Method 4Increase the default chunk size for large files

The large-file-chunk-size property sets the amount of data that can be read from server running SQL Server at one time.

• If you have a file that is greater than your chunk size (such as 70 MB when the chunk size is set to 5 MB), the file would be read in 14 chunks (70 / 5).
• The chunk size is not related to the maximum upload file size.
• The chunk size simply specifies the amount of data that can be read from a file at one time. By default, the large-file-chunk-size property is set to 5 MB.
• Check if the 'large-file-chunk-size' property is set or not

    Stsadm -o getproperty -propertyname large-file-chunk-size

• In order to set the large–file–chunk–size property, we need to use the command line. This property is configured for a server or server farm, and cannot be configured for an individual web app server. To set this property, use the following syntax:

   Stsadm.exe –o setproperty –pn large–file–chunk–size –pv <size in bytes>

More on this command is available at Large-file-chunk-size: Stsadm property (Office SharePoint Server) 

• After making a change to this property, perform an IISreset /noforce.

See What is the maximum value one can set for the Large-file-chunk-size ?

Method 5  Add the executionTimeout value

Increase the execution timeout for the upload page (upload.aspx) to prevent timeouts on the page. The default timeout for ASP.NET 2.0 is 110 seconds, so any uploads that are taking longer than that will result in a request failure. Add the executionTimeout value to web.config in the 'C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTS' folder and the  ‘C:\Inetpub\wwwroot\wss\VirtualDirectories\<Virtual Directory>' folder.

• Navigate to 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS' folder on the SharePoint server.
• Open the 'web.config' file in notepad or any other text editor and add the executionTimeout parameter. For example, replace the value as follows

Existing code

<location path="upload.aspx">

<system.web>

<httpRuntime maxRequestLength="2097151" />

</system.web>

</location>

Replacement code

<location path="upload.aspx">

<system.web>

<httpRuntime executionTimeout="999999" maxRequestLength="2097151" />

</system.web>

</location>

• Open the 'web.config' file from the 'C:\Inetpub\wwwroot\wss\Virtual Directories\<Virtual Directory>'folder and modify it as follows
  

  Existing line :              <httpRuntime maxRequestLength="51200" />
  Replacement line :      <httpRuntime executionTimeout="999999" maxRequestLength="51200" />

Modify the web.config located in "12\CONFIG" folder

• Navigate to 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\CONFIG' folder on the SharePoint server and modify the 'maxRequestLength' property which by default is set to the following

  <httpRuntime
  maxRequestLength="51200"
  />
  

• Open the 'web.config' file in notepad or any other text editor and modify the value to match the other web.config files
• Save the file and perform an 'IISreset /noforce'.

Antivirus Exclusions

Make sure you have added Antivirus exclusions as per http://support.microsoft.com/kb/952167

ASP.Net Session State

• Open IIS manager, expand the 'Sites' node and select the SharePoint site
• Click on 'Session State' under 'Application Development' and verify that the 'Timeout' value is set to '120' minutes

You can also verify this from the web.config file

What is ASP.Net Session

ASP.NET session state enables you to store and retrieve values for a user as the user navigates the different ASP.NET pages that make up a Web application. HTTP is a stateless protocol, meaning that your Web server treats each HTTP request for a page as an independent request; by default, the server retains no knowledge of variable values used during previous requests. ASP.NET session state identifies requests received from the same browser during a limited period of time as a session, and provides the ability to persist variable values for the duration of that session.

See ASP.NET Session State for more information

Explorer view or Web client issues

While trying to use the explorer view, you may see the following error despite making the aforementioned changes

“Error 0x800700DF: The file size exceeds the limit allowed and cannot be saved” message

If this is the case then the issue is most likely caused by a local restriction set on Web Client service. By default, Web Client file size limit is set to around 47 Mb. To increase this limit:

• Click Start, click Run, type regedit, and then click OK.
• In Registry Editor, locate the following registry key
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClientParameters
• Right click on the FileSizeLimitInBytes and then click Modify.
• In the Value data box, click on Decimal, and type 4294967295 and then click OK.
• Quit Registry Editor
• Restart Web Client service from Services.msc

Large file Support Limitations

The following features do not support files larger than 50 MB

• Virus checking
• Streaming files
• Client-side restoration of smigrate backup files (limited to 2 GB). The manifest files for an smigrate backup cannot be larger than 2 GB (SPS)
• Site templates (limit of 10 MB per site template, including content).

NOTE:

• As mentioned earlier, I would like to mention that SharePoint is not really designed to handle huge files > 300 Mb). It stores all files in the content databases and that's where these large files are going. So I strongly recommend using file shares instead.
• Also be aware that increasing you upload file size to 2 GB has performance ramifications so it a user uploads a file and there is no memory available no new requests can be handled until the memory is available again.
  
  

Additional Info

• Error message when you try to upload a large file to a document library on a Windows SharePoint Services 3.0 site: "Request timed out"
• Error message when you visit a Web site that is hosted on a server that is running IIS 7.0: "HTTP Error 404.13 - CONTENT_LENGTH_TOO_LARGE"

October 2012 Cumulative Update Package for WSS 3.0 and MOSS 2007 have been released

• KB2687535 - October 2012 CU for WSS 3.0
• KB2687533 - October 2012 CU for MOSS 2007

Note This is build 12.0.6668.5000 of the cumulative update package

October 2012 Cumulative Update Package for SharePoint Foundation 2010 and SharePoint Server 2010 have been released

• October 2012 CU for SharePoint Foundation 2010
• October 2012 CU for SharePoint Server 2010

Note This is build 14.0.6129.5000 of the cumulative update package.

Important: SharePoint Server 2010 SP1 is a pre-requisite to install this CU.

After installing the updated you should run the SharePoint Config Wizard in every server of the farm.

After you install this hotfix, you must restart the User Profile Synchronization service for profile synchronization to function correctly or follow these steps:

1. Go to the Central Administration page.
2. In the System Settings section, click Manage Services.
3. In the list of services that is displayed, find the User Profile Synchronization service, and then click Stop if the status of the service is Started. As soon as the status is Stopped, click Start, and provide the credentials to start the User Profile Synchronization service.
   For more information about how to start the service, go to the "Start the User Profile Synchronization service" section of
   How to configure profile synchronization in SharePoint Server 2010 

Note: If SharePoint Server 2010 update is installed then you do not need to install the SharePoint Foundation 2010 update as it is included in the Server 2010 update.

For more information, see

• Updates for SharePoint 2010 Products   
• Updates for SharePoint Products and Technologies (WSS 3.0 and MOSS 2007)

Let’s say that you install PowerShell 3.0 by by installing the Windows Management Framework (WMF) 3.0 from

• Description of Windows Management Framework 3.0 for Windows 7 SP1 and Windows Server 2008 R2 SP1 http://support.microsoft.com/kb/2506143
• Description of Windows Management Framework 3.0 for Windows Server 2008 SP2 http://support.microsoft.com/kb/2506146

However, after you install WMF 3.0 and PowerShell, you may receive one or both of the following error messages when you start SharePoint 2010 Management Shell:

1. The local farm is not accessible. Cmdlets with FeatureDependencyId are not registered.
2. A PlatformNotSupportedException occurred while trying to acquire the local farm: System.PlatformNotSupportedException: Microsoft 
   SharePoint is not supported with version 4.0.30319.586 of the Microsoft .Net Runtime.
   at Microsoft.SharePoint.Administration.SPConfigurationDatabase.get_Farm() at Microsoft.SharePoint.Administration.SPFarm.FindLocal(SPFarm& farm, Boolean& isJoined)

Cause

How do you get around it:

• Type "PowerShell -v 2" (without quotes). This loads PowerShell version 2, and you should be able to use it for SharePoint. Just type 'Exit' to get back to PowerShell v3
• Add '-version 2.0' parameter when executing PowerShell 3.0, and SharePoint integration should work.
• Change the Target field value for SharePoint 2010 Management Shell to the following:

C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe -Version 2.0 -NoExit " & ' C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\CONFIG\POWERSHELL\Registration\\SharePoint.ps1 ' "

See KB 2796733

Note: This is not an issue with Windows PowerShell. This is an issue with the SharePoint 2010 compatibility with PowerShell 3.0.

After installing the update KB2756920 on a Windows Server 2008 R2/Windows 7 RTM  computer running SharePoint Server 2010 with previously installed hotfixes for .NET 3.5 SP1. on the server, the following exception is thrown when any WCF service is hosted on IIS using HTTPS

Server Error in ‘/SecurtyTokenServiceApplication’ Application
Method not found: ‘System.String System.ServiceModel.Activation.iis7helper.extendedprotectiondotlessspnnotenabledthrowhelper(system.object)’

An exception occurred when trying to issue security token: The requested service, 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas' could not be activated. See the server's diagnostic trace logs for more information..

Exception occurred while connecting to WCF endpoint: System.ServiceModel.ServiceActivationException: The requested service, 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas'
could not be activated due to an exception during compilation. See the server's diagnostic trace logs for more information. Server stack trace:    
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)

Extended Stack Trace

[MissingMethodException: Method not found: 'System.String System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper(System.Object)'.]
System.ServiceModel.WasHosting.WebConfigurationManagerWrapper.BuildExtendedProtectionPolicy(ExtendedProtectionTokenChecking tokenChecking, ExtendedProtectionFlags flags, List`1 spnList) +0
System.ServiceModel.WasHosting.WebConfigurationManagerWrapper.GetExtendedProtectionPolicy(ConfigurationElement element) +362
System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.ProcessWindowsAuthentication(String siteName, String virtualPath, HostedServiceTransportSettings& transportSettings) +217
   System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.CreateTransportSettings(String relativeVirtualPath) +137
   System.ServiceModel.Activation.MetabaseSettingsIis.GetTransportSettings(String virtualPath) +203
   System.ServiceModel.Activation.MetabaseSettingsIis.GetAuthenticationSchemes(String virtualPath) +16
   System.ServiceModel.Channels.HttpChannelListener.ApplyHostedContext(VirtualPathExtension virtualPathExtension, Boolean isMetadataListener) +62
   System.ServiceModel.Channels.HttpTransportBindingElement.BuildChannelListener(BindingContext context) +158
   System.ServiceModel.Channels.BindingContext.BuildInnerChannelListener() +98
   System.ServiceModel.Channels.MessageEncodingBindingElement.InternalBuildChannelListener(BindingContext context) +98
   System.ServiceModel.Channels.BinaryMessageEncodingBindingElement.BuildChannelListener(BindingContext context) +70
   System.ServiceModel.Channels.BindingContext.BuildInnerChannelListener() +98
   System.ServiceModel.Channels.Binding.BuildChannelListener(Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, BindingParameterCollection parameters) +172
   System.ServiceModel.Description.DispatcherBuilder.MaybeCreateListener(Boolean actuallyCreate, Type[] supportedChannels, Binding binding, BindingParameterCollection parameters, Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, ServiceThrottle throttle, IChannelListener& result, Boolean supportContextSession) +400
   System.ServiceModel.Description.DispatcherBuilder.BuildChannelListener(StuffPerListenUriInfo stuff, ServiceHostBase serviceHost, Uri listenUri, ListenUriMode listenUriMode, Boolean supportContextSession, IChannelListener& result) +1070
   System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost) +2005
   System.ServiceModel.ServiceHostBase.InitializeRuntime() +60
   Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceHost.InitializeRuntime() +408
   System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) +63
   System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +560
   System.ServiceModel.HostingManager.ActivateService(String normalizedVirtualPath) +141
   System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) +683

[ServiceActivationException: The service '/SecurityTokenServiceApplication/securitytoken.svc' cannot be activated due to an exception during compilation.  The exception message is: Method not found: 'System.String System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper(System.Object)'..]
   System.ServiceModel.AsyncResult.End(IAsyncResult result) +460
   System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result) +471
   System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +101

The issue is limited to Windows Server 2008 R2/ Windows 7 RTM machines only.

The issue occurs due to previously installed hotfixes and NOT the security update KB2756920 itself.

Recommendations

• It is recommend that you Install a newer hotfix for 3.5 SP1 like http://support.microsoft.com/kb/2637518 and then install the security update. If you have already installed the security update then simply install the above hotfix.
• Another workaround would be to upgrade the machines from Windows Server 2008 R2/Windows 7 RTM to SP1.

You do not have to uninstall the security update as one of the above options will suffice the need.

MS13-004: Description of the security update for the .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2: January 8, 2013

UPDATE

The issue caused by the update KB2756920 - Security update for the .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 RTM and its solution has been documented in KB2801728 - WCF services that are hosted on IIS on Windows 7 or Windows Server 2008 R2 may receive an exception error message after you install an update for the .NET Framework 3.5 SP1 for WCF for reference.

The cause section of the KB has been updated with:

This problem occurs because the computer may have some hotfixes installed that contained only "System.ServiceModel.dll" and not "System.ServiceModel.WasHosting.dll". See the "More Information" section of the KB for a list of hotfixes that are known to contain only these files.

Also see http://social.technet.microsoft.com/forums/en-US/sharepointadminprevious/thread/903d0e22-6419-48c5-8669-a1191c841b76

# Find the template name of SharePoint site using PowerShell
$web = Get-SPweb http://SiteUrl
Write-host“Web Template:” $web.WebTemplate” | Web Template ID:” $web.WebTemplateId
$web.Dispose()

# To get a list of all web templates, use the following PowerShell code

function Get-SPWebTemplateWithId
{
     $templates = Get-SPWebTemplate | Sort-Object "Name"
     $templates | ForEach-Object {
    $templateValues = @{
     "Title" = $_.Title
     "Name" = $_.Name
     "ID" = $_.ID
     "Custom" = $_.Custom
     "LocaleId" = $_.LocaleId
      }

New-Object PSObject -Property $templateValues | Select @("Name","Title","LocaleId","Custom","ID")
      }
}

Get-SPWebTemplateWithId | Format-Table

Below is a list of the web templates and their IDs

Hope this helps.

Consider a scenario where you receive the following error when you browse to a SharePoint web app

The website declined to show this webpage
HTTP 403 
Most likely causes:
This website requires you to log in.

This issue is intermittent. Strangely, if we create a copy of the web.config file, rename the web.config file, refresh the home page, we receive an "HTTP 404 - Page Not Found" error. Rename the web.config file back and refresh the page. The site is browse able for a while before failing after some time

We see the following error in Failed Request Tracing

A procmon trace captured while accessing the web app from the server showed the following:

w3wp.exe 4180 CreateFile C:\inetpub\wwwroot\wss\VirtualDirectories\Web80.Contoso.com80\binACCESS DENIED Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\IUSR

This issue usually occurs when a request from an authenticated user without local admin rights results in a failed read of the /BIN directory by the impersonating w3wp.exe (IIS worker process for ASP.NET) process. This behavior is typically associated with lack of permissions to the temporary folder /BIN where ASP.Net assemblies are Just In Time (JIT) compiled.

Resolution

The solution is to ensure that the Authenticated Users or <SERVER NAME>\Users group (which usually contains DOMAIN\Users group) has Read & Execute, List Folder Contents and Read permissions on the /BIN folder below C:\inetpub\wwwroot\wss\VirtualDirectories\{Sitename80}. Follow the steps listed below to grant the required permissions:

• Open Windows Explorer and navigate to the /bin directory of your web application
• Right-click on the folder and click on Properties
• Go to Security tab and click on Edit
• Click on Add and add the local server group Authenticated Users or <SERVER NAME>\Users (this usually contains DOMAIN\Users group).
• Select the Read & Execute, List Folder Contents and Read permissions (if you are planning to add Everyone to the /bin folder, grant Read permissions only)
• Click OK to apply the new settings

Refresh the page and we should be able to browse to the site.

There are instances where this permission needs to be re-applied as part of every deployment and we may often find that the permissions have reset after touching the Authentication Providers settings in Central Admin.

More Information

If an administrator accesses the site/feature that caused the error, the subsequent requests from non-administrators would succeed. This behavior is typically associated with lack of permissions to the temporary folder where ASP.Net assemblies are Just In Time compiled.

The freb trace shows a 403.0 for ManagedPipelineHandler

It seems to go through quite a few ASPNet events - but happens during the ASPNetPageRender - it goes to the ASPNetPageRender Enter, then ASPNetHTTPHandler Leave.Only then does it get a 403.0 which is not an official RFC error. The first sub-status for 403 is 403.0.

Application pool in Classic or Integrated mode

1. Application Pool in Classic Mode – In this case, we can configure a Wildcard mapping for ASPNET_ISAPI.dll at the website level. That would propagate to child virtual directories. That should not need any further modifications at the virtual directory level.
2. Application Pool in Integrated Mode – In this case, all relevant virtual directories would need individual modifications. They need to be set for specific handler. E.g. ‘book’ virtual directory needs mapping for BookAPI and ‘movie’ directory would need mapping for MovieAPI.