Adding a linux server to a windows domain

I already described in an earlier post how I added a linux server to a windows domain. Recently I added a new server to my domain, to replace my existing domain controller. As a consequence I had to update the krb5.conf file to point to the newly added server. Actually this hasn’t been to the first change in domain controllers, and usually users point out, that they cannot authenticate to subversion or apache based applications (which use kerberos authentication as well). OK, so I missed to update the krb5.conf again.

So there must be a more convenient way to configure kerberos. If only I had some way to pull the information of the current KDC from the domain-data. But wait – there is DNS. There are a couple of service-entries in DNS to point to all available kerberos servers in the domain! That sounds promising.

So I changed my krb5.conf file and added

dns_lookup_realm = yes
dns_lookup_kdc = yes

to the libdefaults section. Then I removed the realms and domain_realms section. Now all information about available KDC servers is directly pulled from DNS – sweet.

First look at Windows 8

At //build Microsoft showed the next version of Windows: Windows 8. Just after the public presentation, a developer preview is actually available for download.

So after downloading 4.8 GB you finally have a ISO image to install. Since I don’t have a spare laptop or desktop around I tried to give Windows 8 a “virutal” spin.

So I fired up my favorite VMWare Workstation, just to discover, that Windows 8 is not (yet) supported on VMWare Workstation (as of this writing I’m running version 7.1.4). As it seems VMWare Workstation 8 is supposed to support Windows 8 (actually the APIC version required by Windows 8). OK, so this doesn’t seem to work out well.

So I though – what the heck, why not give this VirtualBox a turn? A lot of people seem to work with VirtualBox, so it must be worth the effort of taking a closer look. OK, downloaded the bits and installed it on my Windows 7 host.

So let’s see how I can install Windows 8 on VirtualBox. Just create a new virtual machine, specifying it as Windows 7 64-bit and off you go. Just a short while later I’m greeted with the new Windows 8 metro design – this is smooth. Works just like a charm I must say. Should I re-consider my virtual hosting strategy?

Well, anyway. It’s about time to get a first impression of Windows 8 … so some further impressions will follow.

IIS TimeOut while debugging a SharePoint application

Who has not encounterd this problem: you’re just doing some debugging on your favorite SharePoint application and all over sudden – bam! The application pool gets recycled.


Well, the problem is the timeout associated with each application pool. When IIS detects that an application pool is not responding anymore IIS just assumes something terrible happend and recycles the application pool. But all that really happend is some plain-old-debugging.

In order to circumvent this problem you have to disable the pinging of application pools by IIS. Just open up the advanced settings of the IIS application pool and set pinging to false.


No ULS Logging in SharePoint 2010

Sometimes you encounter errors, that seem to stick around forever. I recently noticed on my SharePoint 2010 dev-machine, that the ULS doesn’t seem to be working anymore. For some strange reason the ULS is complete empty. No logmessages whatsoever. Changing the loglevel doesn’t seem to have any impact at all.

Only messages while deploying solutions from Visual Studio 2010 where showing up in the log.

Can you spot the error?

After ignoring this problem for a couple of weeks – who needs logfiles anyway, when you’re doing everyhting the perfect way! – I actually did run into a problem with a custom component and I just couldn’t figure out what’s going wrong. Having SharePoint present me a correlation-id doesn’t help at all if you have no logmessages!

The Solution!

The solution is actually quite simple, and it’s always the same cause when working with SharePoint: permissions! I get the feeling, that 90% of all errors and problems are related to permissions and security. This kinda leads me to thinking, that no two SharePoint installations are the same. When I comes down to security and permission settings all installations differ. Even if it’s just a tiny bit – this is sometimes all it needs to take a system down.

Back to my originial problem, well actually to the solution of my problem. The solution was, to add the account for application pools to the “Performance Log Users” group. So far the accounts where just a member of the “Performance Monitor Users”.

Heaven knows why and how this happened. A quick comparision with another SharePoint installation revealed, that on that machine the application pool account was just a member of the local users group. The account was not a member of any other group (WTF?).

Delete SharePoint Application Pools

Even though you deleted an application pool in IIS, sometimes SharePoint doesn’t seem to care. I recently had some trouble setting up the user profile service, and needed to delete the UPS because of some misconfiguration. When I wanted to recreate the application pool I got an error, stating the application already exists.


But what when I can’t see this app-pool in IIS? Well PowerShell to the rescue:

Remove-SPServiceApplicationPool [AppPoolName]

This is almost to easy to be true.

BTW: when deleting the UPS (the service application), the application pool does not get deleted in IIS. This is extremely ugly, especially since the app-pool name is just some guid. When re-creating the service-application using the same settings as before (especially the same app pool name), this fails, because the name of the app-pool and the corresponding guid name for IIS seems to be stored in the configuration database.

Creating new sites in a batch

During SharePoint development you just need a whole bunch of sites. Creating them just for test purpose using the central administrations seems to be to much hassle. Instead I created a little batch-file to take care of spinning up a new test-site.

Basically you just have to edit the variables at the beginning of the script. Just specify the port, the site name, title and description. The name is used to create the web-application, application pool, the database and the stuff.

When creating the new site-collection for the web-application I did not provide a template; this way I can choose a template at the first call to the newly create site.

@echo off
pushd .
    set SPLocation=%CommonProgramW6432%\Microsoft Shared\web server extensions\12
    set SPAdminTool=%SPLocation%\BIN\stsadm.exe
    set sitePort=6001
    set siteName=SampleSite
    set siteDescription=Demo a SharePoint Web-Application
    set siteTitle=Web-App Demo
echo Creating WebApplication '%siteName%' at port '%sitePort%'
"%SPAdminTool%" -o extendvs -url http://localhost:%sitePort% -owneremail me@acme.local -ownerlogin acme\me -ownername "Acme Big Boss" -databasename WSS_Content_%siteName%_%sitePort% -description "%siteDescription%" -apcreatenew -apidname "WSS_AppPool_%siteName%_%sitePort%" -apidtype NetworkService -donotcreatesite
echo Creating WebSite '%siteTitle%'
"%SPAdminTool%" -o createsite -url http://localhost:%sitePort%/ -owneremail me@acme.local -ownerlogin acme\me -ownername "Acme Big Boss" -lcid 1031 -description "%siteDescription%" -title "%siteTitle%"

SharePoint 2010 version numbers

I already created a list of version numbers for SharePoint 2007 (which seems to be a little outdated as it seems).

Well, so now I give that a new try for SharePoint 2010:

Update Name Version number
RTM (all components) 14.0.4763.1000
RTM (farm build version) 14.0.4762.1000
June 2010 CU 14.0.5114.5003
August 2010 CU 14.0.5123.5000
October 2010 CU 14.0.5128.5000
December 2010 CU 14.0.5130.5002
February 2011 CU 14.0.5136.5002
April 2011 CU 14.0.5138.5000

One Content-type, multiple templates

Let’s assume I want to store different documents in a document-library in SharePoint, based on different templates. The easiest way would be to create different content-types for each kind of document. Each content-type can have an individual template in turn.

But what if I have just one logical content-type, but I have different document templates? I could create master content-type, which holds all properties. Then I create sub content-types and assign the different templates to those. This way I can maintain the properties on the master content-type and don’t have to worry about the sub content-types.

Problem solved!

But what I actually wanted was to have dedicated links to add new documents based on a certain template to my document library. I achieved this, but I needed to created three content-types in order to do so.

A different approach.

Instead of creating different content-types with different templates, I just create two hyperlinks “create document a” and “create document b”. With a couple of lines of javascript I’m ready to go.

First of I need a document library to store my templates. In the next step I add a content editor webpart to my listview. Because I cannot add javascript code to the content editor webpart directly, I placed my code in a separate file, which I also placed in the template document library (to keep thinks simple for now). So I reference this file in the content editor webpart.

This file basically contains some javascript to add new documents based on a certain template to the library:

function NewWord()
    var strTemplate = makeAbsUrl("/Template/WordTemplate.docx");
    var strSaveLocation = makeAbsUrl("/Shared Documents");
    var strProgId = "SharePoint.OpenDocuments";
    createNewDocumentWithProgID(strTemplate, strSaveLocation, strProgId, false);
    return false;
function NewExcel()
    var strTemplate = makeAbsUrl("/Template/ExcelTemplate.xlsx");
    var strSaveLocation = makeAbsUrl("/Shared Documents");
    var strProgId = "SharePoint.OpenDocuments";
    createNewDocumentWithProgID(strTemplate, strSaveLocation, strProgId, false);
    return false;

This with some little HTML …

<span style="width: 10px; height: 10px; overflow: hidden; display: inline-block; position: relative;">
    <img style="left: 0px !important; top: -128px !important; position: absolute;" src="/_layouts/images/fgimg.png" alt=""/>
</span>&#160;<a onclick="NewWord();" href="#">New Word-Document</a>&#160;|&#160;
<span style="width: 10px; height: 10px; overflow: hidden; display: inline-block; position: relative;">
    <img style="left: 0px !important; top: -128px !important; position: absolute;" src="/_layouts/images/fgimg.png" alt=""/>
</span>&#160;<a onclick="NewExcel();" href="#">New Excel-Document</a>

… could just do.

Mass-Updating Active Directory

I just love PowerShell! Although I’m not really mature in the syntax yet, I find myself moreoften doing little things in powershell.

Today I figured, that in my previous task of creating 150 sample accounts I missed out on the email-address. So I just wrote a simple line of powershell. First off, I went to the OU just by navigating to the AD-provider cd AD: and then change to cd OU=Test,DC=demo,DC=local. That’s already cool. Then just a simple line like

dir | foreach { $x = Get-AdUser $_; $y=$x.samAccountName; Set-Aduser -identity $x -emailaddress "$y@demo.local"; }

And since I’m on a roll, I also updated the passwords for all users

Get-ADUser -Filter 'Name -like "*"' -SearchBase "OU=Acme,DC=demo,DC=local" | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "demo" -Force)