Work

This used to happen with MOSS 2007 on Server 2003 too, so I wasn’t that concerned… Usual process of finding the CLSID in the Registry and changing the permissions using the Component services snap-in… Or so I thought…

Fix

To Fix the regedit permission change error (cannot save, access denied)
I fixed it. I had to make Administrators the owner with regedit. this enabled me to modify/save wamreg settings.

If Windows Remote Management (WinRM) is not installed and configured, WinRM scripts do not run and the Winrm command-line tool cannot perform data operations. The Windows Remote Shell command-line tool, Winrs, and event forwarding also depend on WinRM configuration.

Click

Most of the time, servers are located inside a dedicated room, and we as an ISA Administrators are not available in that room all the time. What if ISA Server was located in another floor, or it is in a different building ? how about if we were in another country ! We can control ISA Server remotely through different ways. In this article, I will demonstrate to you how to enable remote administration of ISA Server, what rules to enable, and how to control it from a remote machine.

Click

Object Cache: The super reader account utilized by the cache does not have sufficient permissions to SharePoint databases.
To configure the account use the following command 'stsadm -o setproperty -propertyname portalsuperreaderaccount -propertyvalue account -url webappurl'. It should be configured to be an account that has Read access to the SharePoint databases.
Additional Data:
Current default super reader account: NT AUTHORITY\LOCAL SERVICE

Technet

After setting up User Profile Service Application and configuring the synchronisation connection to your active directory you receive the following error

The management agent “MOSSAD-XXX” failed on run profile “DS_FULLIMPORT” because of connectivity issues.

Additional Information
Discovery Errors : “0″
Synchronization Errors : “0″
Metaverse Retry Errors : “0″
Export Errors : “0″
Warnings : “0″

Resolution
————–

Confirm that the service account used to run Forefront Identity Manager Synchronization Service (FIMSynchronizationService) has the AD Security right of “Replicating Directory Changes” at the domain level

1.Open the Active Directory Users and Computers snap-in
2.On the View menu, click Advanced Features.
3.Right-click the domain object, such as “company.com”, and then click Properties.
4.On the Security tab, if the desired user account is not listed, click Add; if the desired user account is listed, proceed to step 7.
5.In the Select Users, Computers, or Groups dialog box, select the desired user account, and then click Add.
6.Click OK to return to the Properties dialog box.
7.Click the desired user account.
8.Click to select the Replicating Directory Changes check box from the list.
9.Click Apply, and then click OK.
10.Close the snap-in.
NOTE: Group “Domain Admins” already has the above right however if you are still seeing this issue add the service account explicitly to the AD Security

Forefront Unified Access Gateway 2010 (UAG) allows for secure publishing applications, is an SSL VPN, and perhaps the most interesting: it serves as a Direct Access server. UAG is built on the Forefront Threat Management Gateway (TMG) technology which is now undergoing Common Criteria Evaluation Assurance Level (EAL) 4 + certification and will therefore meet very stringent safety requirements that many organizations set to adopt specific type of technology.

I forbindelse med et testoppsett har jeg publisert Sharepoint 2010 ut på Internet med UAG og tenkte det kunne være greitt å beskrive de stegene jeg gjorde. In connection with a test setup, I have published SharePoint 2010 on the Internet with UAG and thought it would be fine to describe the steps I did.

Click

Assessment:

When you try to install the SQL Server Reporting Services (SSRS) Data
Connector in Microsoft Dynamics CRM 4.0, you receive the following error
message in the Environmental Diagnostic Wizard (EDW):
A Microsoft Dynamics CRM Server component is using the same account as the
instance of SQL Server Reporting Services.

CAUSE
This problem occurs because the Microsoft Dynamics CRM server and the SSRS
Web site are installed on the same computer. Therefore, the CRMAppPool
application pool and the ReportServer application pool are both running under
the network service.

RESOLUTION

To resolve this problem, create another user account to run the Microsoft
Dynamics CRM application pool. To do this, follow these steps:

1. Create a new user account in Active Directory, and then name the user
account. For example, you can name the user account as CRMAPPPool.

Notes
•Make sure that the password of this user account never expires in Active
Directory.
•Make sure that the password does not have to be changed.

2. Add the user account to the following groups:
•PrivUserGroup {GUID}
•SQLAccessGroup {GUID}
•Pre-Windows 2000 Compatible Access
•Administrators of the local Microsoft Dynamics CRM server

3. Assign ASP.NET permissions to the user account. To do this, follow these
steps:
a. At a command prompt, type C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 ,
and then press Enter.
b. Run the following command:
aspnet_regiis -ga \

Note In this command, the placeholder represents the actual
domain name. The placeholder represents the actual user account
name that you created in step 1.

4. Start the Microsoft Dynamics CRM application pool by using the user
account that you created in step 1

5. Click Start , click Run , type iisreset , and then click OK .

Follow steps below to install and configure PDF iFilter on SharePoint Server 2010 or Search Server Express 2010.

Step by Step

"The root of the certificate chain is not a trusted root authority". You look around in the certificates for the local computer and maybe even some service account and it looks like you have all your root CAs (certificate authority) in place, so why are you getting this error? Well the reason you get that is because in addition to the local certificate store, the SharePoint STS also has it's own way of keeping track.of trusted root CAs. So what you need to do is export the root CA for the certificate that is used for token signing in your STS, and use PowerShell to register it with the list of trusted CAs that SharePoint knows about.

Add the ADFS Token Signing Certificate Root Authority To SharePoint’s List of Root Authorities
Here we add the root certificate used in ADFS token signing to SharePoint’s list of trusted root certificate authorities.

1. Open the SharePoint Management Shell to run the PowerShell commands.
2. Get the ADFS root certificate:
a. $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\ADFSRoot.cer")
3. Add the certificate to the list of trusted root authorities:
a. New-SPTrustedRootAuthority -Name "ADFS Token Signing Root Authority" -Certificate $root
4. NOTE: You must do this (with a separate name for the SPTrustedRootAuthority) for EVERY certificate in the root. For example, if you use a domain certificate authority and have it issue a certificate that you use for token signing, then you must follow steps 2 and 3 for both the issued certificate as well as the root certificate.
SharePoint should now be able to decrypt tokens that come from the ADFS server.

Click

you’ve installed SharePoint 2010, you may have noticed a change in behaviour of any PDF files that you may have stored. Previously, they would open directly in the browser, but now the user is prompted to save the file to the disk. This is due to a new security feature in IE8 that SharePoint 2010 respects. In order to allow the old behaviour, you must set the browser file handling options to “permissive” as opposed to “strict”.

Click

Enabling OfficeWebApps across all the site collections (via PowerShell). I ran into unexpected errors for all my documents e.g. "Word Web App cannot open this document for viewing because of an unexpected error. To view this document, open it in Microsoft Word."

The event log showed error 3760 from SharePoint Foundation, it's was a DB access error. It turns out the application pool account running my Web Apps services was trying to connect to the Web Apps Content database. I tried adding permissions via SharePoint Central Administration but in the end I added the services account directly to the SQL database and things worked.

In order for the word web app to work, the SharePoint Service Account needed to have dbcreator privileges is SQL.

Time synchronization is an important aspect for all computers on the network. By default, the clients computers get their time from a Domain Controller and the Domain Controller gets his time from the domain’s PDC Operation Master. Therefore the PDC must synchronize his time from an external source. I the servers from the NTP Pool Project website. Before you begin, don’t forget to open the default UDP 123 port (in- and outbound) on your firewall.

LINK

get the following message when I go into User Profiles, "The search application for 'MOSS_SSP' on server OEMCHASMOS01 is not provisioned. Confirm that the Windows SharePoint Services Timer service and Windows SharePoint Services Administration service are running on the server."

Follow these "exact steps"

1. Navigate to Central admin -> operations -> Timer job definitions -> Disable the Application server administration service job.
2. Clear the sharepoint timer cache by following the steps http://blogs.msdn.com/josrod/archive/2007/12/12/clear-the-sharepoint-configuration-cache-for-timer-job-and-psconfig-errors.aspx
3.Enable the Job again.

Get-SPWebApplication | Get-SPSiteAdministration –Limit ALL | ft *

Use above command to see all variable you can use

use command below to see only the mail addresses of the Site Collections

Get-SPWebApplication | Get-SPSiteAdministration –Limit ALL |ft OwnerEmail

When configuring the User Profile Synchronization in SharePoint 2010 you might find that the User Profile Synchronization Service does not start in the Central Administration -> Services on Server and you get an error in the Windows Event Log like:

The Execute method of job definition Microsoft.Office.Server.Administration.ProfileSynchronizationSetupJob (ID 7e4cb036-298f-45b2-8b6a-4e3c2c79be0a) threw an exception. More information is included below.

An update conflict has occurred, and you must re-try this action. The object UserProfileApplication Name=User Profile Service Application was updated by DOMAIN\user, in the OWSTIMER (1532) process, on machine SP2010DEV. View the tracing log for more information about the conflict.
This happened to me and here’s what I did to get it working…

LINK