SharePoint 2010 Beta – User Profile Service Application

There already exists a lot of installation guides for SharePoint 2010 Beta. So I won’t write a new one ;) I just want to share some informations how to get some components up and running.

I had the most troubles with the User Profile Service Application. This Service Application sucks data from a User Directories (Active Directory, LDAP, BDC) and provides this informations within SharePoint. You’ll need this user profile data for example for the MySites to show the organization structure, phone numbers and so on.

I assume you already created a User Profile Service Application inside the Central Administration. I will just enlist the troubles I had to get It up and running with the solution which worked for me.

Background-Information: The profile synchronization task is done Microsoft FIM 2010 (Forefront Identity Management).

If the User Profile Service Application Proxy hangs at state “Starting” (Central Admin) and both FIM-Services (services.msc -> Forefront Identity Manager Service and Forefront Identity Manager Synchronization Service) are not started too or have strange or no service accounts entered try the following:

  1. First of all: If not already done, install the WCF Hotfix KB976462: http://support.microsoft.com/kb/976462/en-us If you build your farm without this hotfix and the services still don’t start you may have to recreate your Farm (I had this case)
  2. Is the service account a local admin?
  3. Is there a Windows-Userprofile created for this service account? (Just logon with the service account)

If the FIM Services are running fine (Forefront Identity Manager Service, Forefront Identity Manager Synchronization Service) and both Service Applications are up (User Profile Service Application and User Profile Service Application Proxy) you’re one step closer to success ;)

First of all: Don’t panic when you realize that you can’t edit or delete Synchronization Connections. It IS possible to edit and delete them, but not inside Central Admin (remember, it’s a Beta)

Because the synchronization is handled by FIM it’s the easiest to use its management tools. Run the “Synchronization Service Manager” (“%programfiles%\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe”). Within the tab “Management Agents” you should find three Agents

  • ILMMA
  • MOSS-<Name of your User Profile Service Application>
  • MOSSAD-<Name of your synchronization connection> (If you haven’t created one stop reading and proceed afterwards here)

You can also switch to the “Operations”-Tab. There you’ll find a history of ran jobs and what they did.

Something like that would be our goal:

I think the most information in the screenshot is self-explaining. Basically it’s tell us that a DS_FULLIMPORT ran from Management Agent “MOSSAD-CONNECTION”. It added 11190 AD-Objects to a local “staging area”. If something is wrong you’ll find the information here or on the Management Agents Tab.

In my case the first error was an “Access Denied”. This was because I forgot to grant “Replicating Directory Changes” to the service account. See http://technet.microsoft.com/en-us/library/ee721049(office.14).aspx and http://technet.microsoft.com/en-us/library/ee721049(office.14).aspx

After the change was made I’ve got just success from the tasks, but every import just returned two objects. Hmm. The properties from the “MOSSAD-<CONNNAME>” gave the reason. So right click on this Management Agent -> Properties and switch to “Configure Directory Partition”. There you’ll find your chosen Domain to sync from. Just hit “Containers” and check if the desired OU’s are selected. The selection box inside Central Admin is a little bit “tricky”. In my case the selection of the Domain wasn’t recursive.

Every Management Agent has multiple “Run Profiles” defined. You’ll find them with a right click on the Management Agent -> “Configure Run Profiles”.

MOSSAD-<CONNAME> => Connects to AD
MOSS-<Name of Service Application> => Connects to the User Profile Webservice (http://hostname:port/_vti_bin/ProfileImportExportService.asmx?ApplicationID=<APPID>)
ILMMA => Connects to the Farm Sync-DB

For a Full AD-Import the following Tasks (Management Agent – Run Profile) are running:

  1. MOSSAD-<CONNNAME> – DS_FULLIMPORT
  2. MOSS-<Name of Service Application> – MOSS_FULLIMPORT
  3. MOSSAD-<CONNNAME> – DS_FULLSYNC
  4. MOSS-<Name of Service Application> – MOSS_FULLSYNC
  5. MOSS-<Name of Service Application> – MOSS_EXPORT
  6. MOSSAD-<CONNAME> – DS_EXPORT

I’m not sure what every task exactly does. For my understanding it’s something like:

  1. Get all AD objects (with a subset of properties) and load them to the temporary staging area in Memory (Connector Space)
  2. Get all Sharepoint-User Profile Data from the Webservice and load them to the temporary staging area in Memory (Connector Space)
  3. Syncing all new or updated objects (with the configured attributes) from AD Connector Space to the FIM Metaverse (Farm Sync DB)
  4. Syncing all new or updated objects (with the configured attributes) from MOSS Connector Space to the FIM Metaverse (Farm Sync DB)
  5. Push the new or updated data back from the FIM Metaverse to the MOSS Webservice
  6. Push any changes back to AD (strange?!)

I have no experience with FIM, but that’s a short info I’ve got from Help ;)

Basically if all Tasks ran successful you should have your profiles now available in Central Admin. Easy, isn’t it ;)

BTW: If you accidentally created Synchronization Connections within Central Admin you can delete them with the FIM Synchronization Service Manager. Just delete the unnecessary “MOSSAD-<Name” Management Agents and they will disappear in MOSS as well.

Hope this post was a little helpful. Please let me know if it’s too short or not understandable ;)

Here you’ll find additional informations:
http://technet.microsoft.com/en-us/library/ee721049(office.14).aspx

http://blogs.msdn.com/alimaz/archive/2009/11/09/configuring-user-profile-service-application-in-sharepoint-server-2010.aspx

http://blogs.msdn.com/sharepoint/archive/2009/11/18/path-to-user-profile-synchronization-success-in-sharepoint-2010-beta.aspx

http://blogs.msdn.com/opal/archive/2009/11/19/user-profile-sync-setup-in-sharepoint-server-2010-beta.aspx

http://sharepoint.mindsharpblogs.com/Kathy/Lists/Categories/Category.aspx?Name=SharePoint%20Server%202010

Tags: , ,

categories Microsoft | Hans | datetime February 25, 2010 12:56 am | comments Comments (0)

Nabaztag tells you your Nagios/Icinga status

I thought it’s a good idea to use Nabaztag also for a regular status message about the host and service state.

Based on my other script notify-by-nabaztag.php (see this post)  i’ve wrote another little PHP-Script which gets the Nagios/Icinga Status from the nagiostats/icingastats utility and use my notify-by-nabaztag.php to send out a status message. Here it is: status2nabaztag.php

There are just a few steps to get up and running:

1. Grap my notify-by-nabaztag.php and the status2nabaztag.php scripts

wget http://www.sperrgebiet.org/wp-content/uploads/2010/02/notify-by-nabaztag.txt -O /usr/local/icinga/libexec/notify-by-nabaztag.php

wget http://www.sperrgebiet.org/wp-content/uploads/2010/02/status2nabaztag.txt -O /usr/local/icinga/bin/status2nabaztag.php

2. Change, if required, paths to the binaries. Specially $stats & $php

3. Test it ;)

php /usr/local/icinga/bin/status2nabaztag.php

4. Assuming everything worked as expected you can add an entry to your crontab to regulary executes the script. I know, it would be a nicer to use the Nagios/Icinga timeperiod-definitions, but the crontab-entry is easier ;)

vim /etc/crontab

0 6-23 * * * root /usr/bin/php /usr/local/icinga/bin/status2nabaztag.php

This cron entry will executes the script every day between 6am and 11pm.

It’s just a short post, but i think the script should be self explaining too. Furthermore it’s quite late/early, so i’ll try to get some sleep because i have to get up in 3hours ;)

Hope this script is useful too. Please let me know if you have any troubles to get it running.

Remember: In god we trust, the rest we monitor :)

Tags: , ,

categories Linux | Hans | datetime February 15, 2010 4:23 am | comments Comments (1)

Nagios/Icinga meets Nabaztag

Since i have my Nabaztag-Bunny i ever wanted to use it for my Icinga notifications. I’ve found a perl script on the internet. But that one just sent out a message and not used LED flashing or ear movements also provided by the Nabaztag-API.

So I’ve wrote my own notification script in PHP. You can download it here: notify-by-nabaztag.php

You can watch a video demonstrating it in action here in the following embedded Windows Media Player or at YouTube

The script is quite simple. It’s need two arguments. The first one is the message for the TTL (text-to-speech) and the second one is the “notification type”. The notification type is either the service or host state (OK, WARNING, CRITICAL, UNKNOWN, UP, DOWN, UNREACHABLE).

Depending on the notification type the bunny is flashing in a different color and moves it’s ears to another position:

OK/UP: flashing green, ears going up
WARNING: flashing yellow, both ears are moved to the front with an angle of 45°
CRITICAL/DOWN: flashing red, ears going down
UNKNOWN/UNREACHABLE: flashing blue, one ear to the front, one to the back, each with an angle of 45°

You can configure the voice which should be used inside the script. I propose to use a US/UK one because the states are in English too. I think the script should be self-explaining. If not, just leave an comment.

When you already have Nagios/Icinga up and running you should also know how to add an new notification command. Otherwise here are the basic steps (assuming you are running Icinga within /usr/local/icinga):

1. We need php-cli installed so we can run the script on the CLI. Depending on your distro run on of the following commands

 aptitude install php-cli
or
yum install php-cli

2. Download the script to your libexec-Directory:

wget http://www.sperrgebiet.org/wp-content/uploads/2010/02/notify-by-nabaztag.txt -O /usr/local/icinga/libexec/notify-by-nabaztag.php

 

 

3. Add a host and service notification command. If you want a more detailed output just add it to the right position. You’ll find all available Macros at http://nagios.sourceforge.net/docs/3_0/macrolist.html

vim /usr/local/icinga/etc/objects/commands.cfg

# ‘notify-service-by-nabaztag’ command
define command{
command_name notify-service-by-nabaztag
command_line /usr/bin/php $USER1$/notify-by-nabaztag.php “Monitoring Notification: $NOTIFICATIONTYPE$ on $HOSTNAME$ (Hostalias is $HOSTALIAS$) with Service: $SERVICEDESC$. Current servicestate is $SERVICESTATE$” $SERVICESTATE$
}

# ‘notify-host-by-nabaztag’ command
define command{
command_name notify-host-by-nabaztag
command_line /usr/bin/php $USER1$/notify-by-nabaztag.php “Monitoring Notification: $NOTIFICATIONTYPE$ on $HOSTNAME$ (Hostalias is $HOSTALIAS$). Hoststate is $HOSTSTATE$” $HOSTSTATE$
}

4. I’ve created a new time period, because I don’t want that my bunny is talking to me during the night ;)

vim /usr/local/icinga/etc/objects/timeperiods.cfg

# ‘nabazhours’

define timeperiod{
timeperiod_name nabazhours
alias Where my nabaztag is active
monday 06:00-23:00
tuesday 06:00-23:00
wednesday 06:00-23:00
thursday 06:00-23:00
friday 06:00-23:00
saturday 08:00-23:00
sunday 08:00-23:00
}

5. After that a new contact is created which use the above added notification commands and the right time period

vim /usr/local/icinga/etc/objects/contacts.cfg

define contact{
contact_name nabaztag
use generic-contact
alias My Bunny
service_notification_commands notify-service-by-nabaztag
host_notification_commands notify-host-by-nabaztag
service_notification_period nabazhours
host_notification_period nabazhours
}

6. We should have enough time to run a config-check ;)

/usr/local/icinga/bin/icinga -v /usr/local/icinga/etc/icinga.cfg

7. When no errors or warnings appear reload Nagios/Icinga and wait till problem occur ;)

/etc/init.d/icinga reload

Hope everything works as expected and you’ll find this script useful. Have fun with Nagios/Icinga and your Bunny. J

Tags: , ,

categories Linux | Hans | datetime 1:25 am | comments Comments (3)

Windows Storage Server 2008 – Default Password

As MSDN or Technet Subscriber you have the possibility to download and Install-DVD for Windows Storage Server 2008. Normally it will be shipped just by OEM’s. So when you want to play around with it like me, for example to use it as an iSCSI-Target for a Cluster-Lab you’ll be surprised that the installation finish without asking for a Administrator password. It just stops at the logon window.

 

The default Administrator password is “wSS2008!” (without the quotes).

 

So have fun with it ;)

Tags: , , ,

categories Microsoft | Hans | datetime August 27, 2009 11:33 pm | comments Comments (1)

Everything in Sync – Microsoft Live Mesh

I think the most people know the problem of sharing data between different machines. I had this problem especially with my favorites from Internet Explorer. I wanted to have the same favs on my personal as on my business machine. A direct sync was no option because of security and specially (Green IT *es*) because I don’t want to have my machine at home running all the time. So I tried sync via FTP to one of my Linux Root-Servers. It worked, but it wasn’t the experience I wanted to have. So Microsoft made my life easier and launched Live Mesh (Beta) couple of months ago.

In short words, with Live Mesh you can sync directories to their Live Mesh Service. After the files are uploaded automatically you can access them with any Web browser or, of course, on any other computer where Live Mesh is installed and the desired directory is synced.

You’ll find a complete feature list at https://www.mesh.com/Welcome/features/features.aspx

Some of the main features are:

  • Share files/folders across multiple computers
  • Access you’re shared files with a Browser
  • Connect to other machines with remote desktop
  • Invite other people to participate in your Mesh and share files with them.

The needed steps to get started are very easy:

First you have to sign in at www.mesh.com with your Windows Live-ID.


There you have a few options. You can directly access your online storage (5GB) with “Connect”, or if you want to add a Client just hit the Big Plus-Icon “Add Device”. Choose your OS and “Install”. I’ve tested it on Vista x32, Windows 7 x64, XP x32, W2008 x64 without problems.

   
 


After running the downloaded LiveMesh.exe you see that the installation is running at the right down corner of your desktop. This just takes a few moments.


   
 

After installation succeeds (hopefully) the Sign in screen pops up. I think I don’t have to explain the possible options ;) I always choose to save my password and to sign in automatically because I want that the directories I choose to sync (will be a later step) are automatically updated.

   
 


   
 

Now you have to name the computer you’re on for Live Mesh. This is just the name you’ll see this machine in Live Mesh. You’re machine isn’t renamed, so Don’t Panic ;)

   
 


   
 

During the installation you screen was flickering shortly. That’s because an additional ‘virtual’ graphics card named “Live Mesh Remote Desktop Mirror Driver” was installed. As the name let assume it’s for connecting with Remote Desktop to you Online Mesh-Computers.


You’re main entry point to Live Mesh will be in the taskbar. Moving with the mouse over it or left clicking it will open the following window. There you’ll get an overview with all devices which are participate in you mesh currently. In my case this are my home PC with Win7RTM (Hans-PC), my Samsung Q1 UPMC (Q1-PORTABLE), the Demo-VM (WXP-DEMO1) I’ve installed it make the screenshots ;) and Live Desktop (the online store). The “Connect to device” links are for the Remote Desktop Connection to Online Mesh-Computers.


   
 

If you already made folders in your Live Mesh Desktop shortcuts for these folders are created automatically on the desktop. You see some of my synced one’s at the screenshot above at the left side.

   
 

So start syncing an existing folder with this new computer just right click on the desired folder and choose “Sync with this computer …”, what a surprise ;)

   
 

The now opened window should be self-explaining as well. I’ve choose my IE Favorites as example.


Any question? I would say no. (But yes in the dialog box) ;)


   
 

The sync is started immediately. You’ll notice that because the chosen folder is filled up with your files/folders and because your Windows Explorer is extend with an sidebar when browsing to that directory. When expanding the new sidebar you see again all the connected devices and in this particular case that my WXP-DEMO1-Machine is synching down data from Live Mesh. BTW: Don’t want to read any comments that 364KB of Favorites are too much ;)

   
 


   
 

Adding a new folder is even easier. Just right click it and choose “Add folder to Live Mesh…” and give it a name. That’s it ;)


   
 

For the other buttons just explore you’re new Mesh. So you have a News section where you see which files where added/deleted recently.

With the Live Mesh Desktop (the Webinterface) you can do some additional things. One of the coolest I think is to Invite other people to one of your folders. So you can share data between different computers and also with other people.

Just open the Live Mesh Desktop, open the folder you want to share. Then choose “Members” and click “Invite”.


When sharing a folder with other people you can also post news so the other people know what’s going on ;)

So, that’s it ;)

 You will find more detailed information at www.mesh.com or on http://en.wikipedia.org/wiki/Live_Mesh

I hope I was able to explain the functionality of Live Mesh a little bit. In my opinion it’s the easiest way to share files across multiple computers and also with other people. I also think that 5GB of free space is enough. For my purpose it’s more than enough so far. I know there are also other solutions for the same tasks out there. One of the coolest one is Microsoft Groove 2007 (resp. Microsoft SharePoint Workspace 2010). I’ll write a post about that later on. But Groove is much more complex and also a whole collaboration solution with much more features (sharing Sharepoint Lists, creating own Forms/Lists, create a shared ‘Whiteboard’ and so on….). There are a lot of other advantages and disadvantages comparing Live Mesh with Groove.

Furthermore Live Mesh is for free ;)

I use Live Mesh now since almost a year or so (can’t remember exactly) for syncing my Internet Explorer Favorites, my OneNote Notebooks (a post about will follow as well), some Temporary Documents and I also using it as “backup” for my personal documents and pictures.

So install it, try it and I’m pretty sure you’ll love it shortly ;)

   
 

   
 

   
 

   

Tags: , , , , ,

categories Microsoft | Hans | datetime August 21, 2009 7:04 pm | comments Comments (0)

ANNOholic

HeHo

A couple of days ago Anno 1404 was released. That’s the only game-series i was ever addicted to. Starting with Anno 1602 in 1999 i think that games faszinated me. I’m a friend of this kind of stratetic games. So i played a couple of hours the last days. If you like such games i can really propose it. OK, it’s not a big change since the last one, Anno 1701. But if you’re also an ANNOholic like me you must have this game :)

-Hans

anno1404

Tags:

categories Private | Hans | datetime July 21, 2009 11:45 pm | comments Comments (1)

MCTS 70-642 passed :)

After being an MCSA 2000 since 5 years and no additional certification in the meantime i decided that it’s more an overdue to do something again in this direction. So i made today my first exam in the new Windows Server 2008 World. First step was the 70-642 Exam. As ‘human’ readable: Windows Server 2008 Network Infrastructure, Configuring

But of course, that was just the first step. My goal is of course the MCITP (Microsoft Certified IT Professional) for W2008. Currently i can’t say which exact track i will choose. But the next exam will be the 70-640 (Windows Server 2008 Active Directory, Configuring).

 
 

For all those which are interested in my ‘training methods’. Hmm, it’s quite boring: Lot of reading (in official MS-Press and others), playing around in VM-Labs and that’s it :)

 
 

So, the last comment before i’ll go to bed: In my opinion the exams are much more harder than to the glory W2000-Times. But that’s a good way. Now you really have to understand that stuff. I don’t think boot camps or such ‘1-week-crash-course’ are the right way. Because maybe you’ll pass the exam, but when you never really understood that material, you won’t be successful in your job when you have to use the knowledge. I’m a fan of reading, trying, understanding :) Just my 2 cents.

Wish you a good night :)

 
 

BTW: This was the first blog-post with MS Word 2007. Cool stuff ;)

Tags: , ,

categories Microsoft, Private | Hans | datetime July 14, 2009 12:39 am | comments Comments (0)

Playing around with themes

Duppdidu.

Yep, I’m currently in one of the hardest phase. I have to choose a design for the blog. It should look nice, easy useable/readable and as customizeable as i wan’t it. So i’ll give this one (magicblue) a try. I’m looking forward that i keep it as long as possible ;)

Tags: ,

categories Misc | Hans | datetime July 3, 2009 9:48 pm | comments Comments (0)

Get current authentication provider

SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id=@@spid

 

This command should return NTLM or Kerberos

Tags: , ,

categories Microsoft | Hans | datetime July 1, 2009 1:53 am | comments Comments (0)

Automatic SSH logon

Host1:

  1. ssh-keygen
  2. No PassPhrase (so automatic logon works)
  3. Default filename and path is ok
  4. cat ~/.ssh/id_rsa.pub
  5. Copy content of id_rsa.pub

 

Host2:

  1. Create ~/.ssh
  2. Create ~/.ssh/authorized_keys
  3. Paste content of clipboard into authorized_keys

 

Both steps vice vera

 

At the first logon a warning appears that the hostkey is added

to know_hosts. Yes to proceed.

 

That’s it ;)

Tags: ,

categories Linux | Hans | datetime 1:51 am | comments Comments (0)

WordPress Themes