André Krijnen

Author Archive

Claims to Windows Token Service (c2wts) problems

by on Aug.12, 2010, under .NET4.0, c2wts, Excel Services, SharePoint 2010, Windows Server 2008

Not alot of people had these issues regarding the Claims to Windows Token Service, but I had some problems with it. For some reason on Windows Server 2008 with Service Pack 2 and all prerequisites installed except voor KB971831-x64 HotFix voor WCF c2wts couldn’t be started. In the event viewer and in the ULS logs I had alot of messages that it takes too long to start te service.

Also when I browsed to the http:///SecurityTokenServiceApplication/SecurityToken.svc I had an internal server error. So I knew that were some problems. I did also knew that I couldn’t install the KB article voor WCF. So I knew that this could cause the issues regarding the c2wts service.

For some reason or another it tries to make a connection to the outside world(internet) from the Service Application in order to get the ssl certificate, but this isn’t possible when you are at a production network of a cliënt. So I checked the config file of the SecurityToken.svc and I found out that there is a .NET framework 4.0 mentioned in it. So I downloaded the .NET Framework 4.0 and installed it on the production servers hosting SharePoint.

After installation it worked without any problems. I don’t know what fixes it, but it okay, because know we can use Excel Services as it should be.

1 Comment more...

Service principal names, kerberos, IIS 7.0 and error 401: The requested resource requires user authentication

by on Aug.07, 2010, under Internet Information Services, SharePoint 2010, Software, Windows Server 2008

The last couple of days I was working at a customer where Kerberos was needed for SharePoint 2010. Of course I started to set the different Service Principal Names for my App Pool accounts, farm accounts, machines, etc. Not to hard to do it, but I ran everytime in a 401 error: The requsted resources requires user authentication.
Strange I thought, but yet I sended the Domain Administrator more commando’s and it didn’t help. So I checked everything, checked for duplicates, etc. Still I ran into these errors.

After some search I found out that there are some problems with IIS 7.0 regarding Kerberos, and I needed to configure the applicationHost.config to solve these issues with Kerberos. enabled the kernel activation mode, etc. But, it didn’t make any difference, rebooted several times, removed the Kernel Activation Mode and removed again the changed on the applicationHost.config.

I knew that we’ve made C-Name records and it gave me a wonderfull idea to change the C-Name records to A records. These changes where applied, and wow, in less time as expected I opened IE and opened the different web apps. In less then a second the page was displayed from my web app. When you run in these problems, change your C-Name record to A-record and it will fix all your problems with SPN’s, Kerberos and IIS 7.0

2 Comments :, , , , , , , , , more...

Powershell on Windows 7

by on Aug.02, 2010, under Powershell

I didn’t know that standard Windows 7 has Powershell installed. When I started powershell I noticed the V1 version in the menu bar, but this is not the real version. I didn’t know that until I did:

Get-Host

It shows the following information:

Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS C:\Users\> get-host

Name : ConsoleHost
Version : 2.0
InstanceId : 880b266d-2931-4ff5-9ba8-181e3ecc5ab3
UI : System.Management.Automation.Internal.Host.InternalHostUserInterface
CurrentCulture : nl-NL
CurrentUICulture : en-US
PrivateData : Microsoft.PowerShell.ConsoleHost+ConsoleColorProxy
IsRunspacePushed : False
Runspace : System.Management.Automation.Runspaces.LocalRunspace

Leave a Comment :, , , more...

User Profile Synchronization and the errors, a different approach.

by on Jul.26, 2010, under Active directory, ForeFront Identity Manager, SharePoint 2010, SharePoint Foundation, sql server, User Profile Services, Visual Studio 2010

When I started to work with SharePoint 2010 I’ve noticed that there are alot of issues regarding the User Profile Synchronization. Alot of people mentioned the following event viewer problems:

Microsoft.ResourceManagement.ServiceHealthSource
Event ID: 22
Level: Error

The Forefront Identity Manager Service cannot connect to the SQL Database Server.

The SQL Server could not be contacted. The connection failure may be due to a network failure, firewall configuration error, or other connection issue. Additionally, the SQL Server connection information could be configured incorrectly.

Verify that the SQL Server is reachable from the Forefront Identity Manager Service computer. Ensure that SQL Server is running, that the network connection is active, and that the firewall is configured properly. Last, verify the connection information has been configured properly. This configuration is stored in the Windows Registry.

ILM Web Service Configuration
Event ID: 234
Level: Warning

ILM Certificate could not be created: netsh http error:netsh http add urlacl url=http://+:5726/ user=MSSDEVIA\MSSFARM sddl=D:(A;;GA;;;S-1-5-21-3647457175-3930976156-3381717532-1106)

ForeFront Identity Manager
Event ID: 3
Level: Error

.Net SqlClient Data Provider: System.Data.SqlClient.SqlException: Cannot open database “User Profile Service Application_SyncDB_1d4b979635654411b18ce834c5c0a76a” requested by the login. The login failed.
Login failed for user ‘MSSDEVIA\mssfarm’.
at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException)
at Microsoft.ResourceManagement.Data.DatabaseConnection.Open(SqlConnection connection)
at Microsoft.ResourceManagement.Data.DatabaseConnection.Open(DataStore store)
at Microsoft.ResourceManagement.Data.TransactionAndConnectionScope..ctor(Boolean createTransaction, IsolationLevel isolationLevel, DataStore dataStore)
at Microsoft.ResourceManagement.Data.TransactionAndConnectionScope..ctor(Boolean createTransaction)
at Microsoft.ResourceManagement.Data.DataAccess.RegisterService(String hostName)
at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.RegisterService(String hostName)
at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.Initialize()
at Microsoft.ResourceManagement.WebServices.ResourceManagementServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses)
at Microsoft.ResourceManagement.WindowsHostService.OnStart(String[] args)

ForeFront Identity Manager
Event ID: 3
Level: Error

.Net SqlClient Data Provider: System.Data.SqlClient.SqlException: HostId is not registered
at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException)
at Microsoft.ResourceManagement.Data.DataAccess.RetrieveWorkflowDataForHostActivator(Int16 hostId, Int16 pingIntervalSecs, Int32 activeHostedWorkflowDefinitionsSequenceNumber, Int16 workflowControlMessagesMaxPerMinute, Int16 requestRecoveryMaxPerMinute, Int16 requestCleanupMaxPerMinute, Boolean runRequestRecoveryScan, Boolean& doPolicyApplicationDispatch, ReadOnlyCollection`1& activeHostedWorkflowDefinitions, ReadOnlyCollection`1& workflowControlMessages, List`1& requestsToRedispatch)
at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.RetrieveWorkflowDataForHostActivator()
at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.ActivateHosts(Object source, ElapsedEventArgs e)

Of course I’ve watched the different blog posts from different MVP’s and others. But there still seems to be alot of different issues regarding the UPS of SharePoint 2010. Yet, I’ve found out that there are more issues as they speak of.
In my case the scenario was alot different then rights on the local machine or on the domain. The users had all the rights to perform Replicate Directory Changes on the domain, and yet I’ve had these errors.

I’d Visual Studio 2010 installed and it came up with the Jit-In-Time debugger with errors.

An unhandled exception (‘System.ServiceModel.ProtocolException’) occurred in OWSTIMER.exe [5630]

Application Error
Event ID: 1000
Level: Error

Faulting Application name: OWSTIMER.exe, version: 14.0.4762.1000, time stamp: 0x4bad920c
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 04xa5bdfe0
Exception code: 0xe0434f4d
Fault offset: 0x000000000aa7d
Faulting Process id: 0xa58
Faulting application start time: 0x01cb2cacfed18e83
Faulting application path: C:\Program Files\Common Files\Microsoft shared\Web Server Extensions\14\Bin\OWSTIMER.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report id: f3b92d5f-98a3-11df-b4fd-000c29240fea

So, I’ve opened a new instance of Visual Studio 2010 Debugger, and it came up that the internal Proxy Server needed authentication. I did get a 407: Proxy Authentication Required.

If you think you’ve done everything to the different blog posts you’ve writtend, and you can’t find any issues, it can be that something else blocking your way to use the different SharePoint Application Services.

MS is not helping you with these kind of issues, but when you need some help, try to use Visual Studio on your application server, or server that is going to host the UPS service to identify which errors it comes up with.

If you can’t use Visual Studio because it’s a production environment, try to get a test environment in the same environment your production environment is in, and install there Visual Studio.

1 Comment :, , , , , , , , , , , , , , , , , more...

DirSync for BPOS: Set-CoexistingConfiguration Error

by on Mar.06, 2010, under Active directory, BPOS

For the first time I’ve met the error ‘Set-CoexistingConfiguration’ with BPOS DirSync. What happend you think?

Well I’ve did all the planning and configuration of the Active Directory at a customer for using Directory Synchronization with BPOS. But the customer had a Parent-Child domain configuration, so this was new for me using DirSync.

I ran the configuration with our normal domain admin account and with the made account above. Both running into the Set-CoexistingConfiguration error. When I use the ADInsight tool supplied by Sysinternals I see the follow data:

ConfigWizard.exe:0212 modify _sa_adsync ..local: 1 mods 2/0 ctrls CONSTRAINT_VIOLATION 1.488ms

You would say there is an error using the DirSync or a configuration problem on the machine. So we’ve checked everything. We could do everything with the account supplied with the setup, but yet we found out that wasn’t enough.

So we used another account that was made at both domains. So the parent-child had the same account. Yet we thought that couldn’t work, but it did some how. I’ve talked with the experts at Microsoft regarding these problems, but even they didn’t know what this error was. So also Microsoft we’ll be checking what this means.

Leave a Comment :, , , , , , , more...

Windows Server 2008 R2 with WSS 3.0 Error 10016: DCOM IIS WAMReg admin service

by on Feb.20, 2010, under MOSS, Software, Windows Server 2008, WSS

Well it was the first time I did a deployment of WSS 3.0 on Windows Server 2008 R2 at a customer… the installation went very well I could say but yet I found out that I had a strange DCOM error. Not the DCOM error I would suspect…

Type: Error
Source: DCOM
Category: None
Event ID: 10016
Description:
The application-specific permissions settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1} to the user DomainName\UserName SID {61738644-F196-11D0-9953-00C04FD919C1}. This security permission can be modified using the Component Services administration tool.

So after searching on BING.com I found out that this has the do with the DCOM IIS WAMReg admin service. Normally you would say that this has to do with the location activation of the DCOM service. But when I found out that the DCOM service couldn’t be changed I had to figure out that I had to change some settings. I knew that you can activitate the DCOM service, but Microsoft had to change this DCOM service with the new release of Windows Server 2008 R2. On BING I found out that someone had this error.

So check the blog of Wictor Wilen It saves you a lot of time to figure it out.

2 Comments :, , , , , , , , , more...

Unable to cast object of type ‘Microsoft.SqlServer.Management.Smo.SimpleObjectKey’

by on Feb.03, 2010, under Software, sql server

Today I was doing some tasks on SQL Server 2005 with SP2. I had some problems with adding jobs and getting the following error message:

Unable to cast object of type ‘Microsoft.SqlServer.Management.Smo.SimpleObjectKey’ to type ‘Microsoft.SqlServer.Management.Smo.Agent.JobObjectKey’.

The issue was using client tools without SP2. You can’t add jobs to a SQL Server 2005 with SP2 with SQL Server 2005 RTM Client Tools.

Leave a Comment :, , , , , more...

MOSS 2007 / MSS 2010 virtualization problems.

by on Jan.20, 2010, under Virtualization

In the last couple of years I installed alot of different farms for SPS2003, MOSS 2007 and yet I started with the installation of MSS 2010.
Most organizations started using Virtualization software like VMWare ESX of other virtualization software. As far as I know I had to most problems with MOSS 2007 on virtual boxes. The most problems where database servers or badly configured boxes.

When you’re using SQL Server or other database server you’ll will see that when they are bad configured your farm is performing very very bad. Why?

One of the biggest reasons is that when you’re running a database direct on a Virtual Hard Drive it will not perform as well. Why? Mostly the vhd’s are using the same LUN on a SAN or physical disk. The best option here is to use pass-through disk to a LUN on a SAN.

Second when you’re running a DB server on a Virtual Box and you allocate shared memory and shared CPU’s it will also cost performance. This is also for MOSS or SP2010. You should use one-on-one CPU. So if you need 4 virtual CPU’s you’ll also need 4 cores and not sockets. For another example check your NUMA(Non Uniform Memory Access).

If you have a virtualbox with 8 cores and 32 GB of memory then your NUMA is 4 GB. So you can maximum allocate 4 GB of memory to a virtual server. If you allocate more memory it can cost your performance.

If your using VLAN’s and you have multiple Virtual Switches ensure that your MOSS or SP2010 environment is using the same Virtual Switch. If the latency is higher then 1ms your performance will drop. MOSS and SP2010 will only have a good performance with a very low latency.

Also if you’re running an AD server and this server is also running poorly your SharePoint environment will also perform poorly. SharePoint authenticates alot.

Most hardware performance issues are written above. Look at it when you’re making SharePoint environment virtualized. 80% of the problems are the DB server of the Indexing Server of your SharePoint environment.

Leave a Comment :, , , , , , , , more...

MSS 2010 / .NET 3.5 / Farm

by on Dec.12, 2009, under blog

Well I installed a complete new infrastructure to test the first beta of Microsoft SharePoint Server 2010. So configured a SQL Server 2008 R2 CTP with Windows Server 2008 R2 EE on Hyper-V.

Everything done. And let’s play with MSS 2010. Well I was happy to say that I had the option of installing a farm. Well when the installation was running I could say I was disappointed by the fact that SQL Server 2008 was installed on the APP server. So I concluded that the first installation I had no choice that SQL Server was running on the same machine.

The second conclusion is the unforsaken Ribbon of Office 2007. You have alot more options, but if you can say that everything will be worked out better? Well I can say that MOSS 2007 was allready full with bugs with the initial RTM release, and how many bugs can we have with MSS 2010? Well hopefully not that much like MOSS 2007 RTM, because we can wait again for along time to see the first SP. The naming of WSS to Foundation isn’t not too bad, but if you can say if it is a Foundation?

The next thing is the fact that not ASP.NET 4.0 Beta 2 is used by MSS 2010. So we’re going not upwards, but standing still with the same framework. Also noticed that you have to
use some regfixes to fix some bugs for MSS 2010. Too bad!

First conclusion:

MSS 2010 is alot faster.
MSS 2010 has .NET Framework 2.0/3.5 and not .NET 4.0
Beta and farm installation is too bad.
MSS 2010 has alot of new features and options (also Lotes Notes included).

And yet more to come.

Leave a Comment :, , , more...

Windows 7 Installation

by on Oct.12, 2009, under Hardware, maintenance, Software

Well finally I had the time to make a clean install for Windows 7 Ultimate x64.

It took me 1,5 half hour to be up and running again… that means Install Windows 7, full updates, Office 2007 Ultimate and MSN to work with.
Well that wasn’t to hard, except for the Realtek RTL8111 drivers for my LAN. The drivers supplied by Microsoft Update ruined the LAN connection, so I had to download new drivers from Realtek by itself.

After that I was happy that I finally installed it 🙂

Update: 10/15/2009 12:16 AM

So the first important things I’ve noticed is:

  • Network connections are stable, and no disconnected FTP transfers
  • System is not slow when going out of sleep mode
  • VMWare workstation seems to working better
  • When doing multiple processes like decompressing (WinRar) and opening a Solution with Visual Studio 2008 doesn’t cause any lack on WinRar
  • No unresponsive mouse when updating(installing) Windows patches and what so ever
  • Java seems not using big amounts of memory like in Windows Vista
  • Now let’s keep playing with Windows 7.

    Owwh yeah my system configuration:

    CPU: AMD Phenom II X4 940
    Mainboard: Gigagyte GA-MA790GP-DS4H RF3
    Memory: OCZ DDR2-800 Reaper 4x2GB CL4 OCZ2RPR800C44GK
    Graphics cards: 2xSapphire 4850 1GB
    Disk config: 3x320gb RAID 5 for OS
    Disk config 2: 3x1TB RAID 5 for DATA
    Sound: Soundblaster 2 Audigy 24bit Advanced
    Screens: 2x IIyama 26″

    Leave a Comment :, more...

    Looking for something?

    Use the form below to search the site:

    Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

    Blogroll

    A few highly recommended websites...