SharePoint 2010 Beta – User Profile Service Application

There already exists a lot of installation guides for SharePoint 2010 Beta. So I won’t write a new one I just want to share some informations how to get some components up and running.

I had the most troubles with the User Profile Service Application. This Service Application sucks data from a User Directories (Active Directory, LDAP, BDC) and provides this informations within SharePoint. You’ll need this user profile data for example for the MySites to show the organization structure, phone numbers and so on.

I assume you already created a User Profile Service Application inside the Central Administration. I will just enlist the troubles I had to get It up and running with the solution which worked for me.

Background-Information: The profile synchronization task is done Microsoft FIM 2010 (Forefront Identity Management).

If the User Profile Service Application Proxy hangs at state “Starting” (Central Admin) and both FIM-Services (services.msc -> Forefront Identity Manager Service and Forefront Identity Manager Synchronization Service) are not started too or have strange or no service accounts entered try the following:

1. First of all: If not already done, install the WCF Hotfix KB976462: http://support.microsoft.com/kb/976462/en-us If you build your farm without this hotfix and the services still don’t start you may have to recreate your Farm (I had this case)
2. Is the service account a local admin?
3. Is there a Windows-Userprofile created for this service account? (Just logon with the service account)

If the FIM Services are running fine (Forefront Identity Manager Service, Forefront Identity Manager Synchronization Service) and both Service Applications are up (User Profile Service Application and User Profile Service Application Proxy) you’re one step closer to success

First of all: Don’t panic when you realize that you can’t edit or delete Synchronization Connections. It IS possible to edit and delete them, but not inside Central Admin (remember, it’s a Beta)

Because the synchronization is handled by FIM it’s the easiest to use its management tools. Run the “Synchronization Service Manager” (“%programfiles%\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe”). Within the tab “Management Agents” you should find three Agents

• ILMMA
• MOSS-<Name of your User Profile Service Application>
• MOSSAD-<Name of your synchronization connection> (If you haven’t created one stop reading and proceed afterwards here)

You can also switch to the “Operations”-Tab. There you’ll find a history of ran jobs and what they did.

Something like that would be our goal:

I think the most information in the screenshot is self-explaining. Basically it’s tell us that a DS_FULLIMPORT ran from Management Agent “MOSSAD-CONNECTION”. It added 11190 AD-Objects to a local “staging area”. If something is wrong you’ll find the information here or on the Management Agents Tab.

In my case the first error was an “Access Denied”. This was because I forgot to grant “Replicating Directory Changes” to the service account. See http://technet.microsoft.com/en-us/library/ee721049(office.14).aspx and http://technet.microsoft.com/en-us/library/ee721049(office.14).aspx

After the change was made I’ve got just success from the tasks, but every import just returned two objects. Hmm. The properties from the “MOSSAD-<CONNNAME>” gave the reason. So right click on this Management Agent -> Properties and switch to “Configure Directory Partition”. There you’ll find your chosen Domain to sync from. Just hit “Containers” and check if the desired OU’s are selected. The selection box inside Central Admin is a little bit “tricky”. In my case the selection of the Domain wasn’t recursive.

Every Management Agent has multiple “Run Profiles” defined. You’ll find them with a right click on the Management Agent -> “Configure Run Profiles”.

MOSSAD-<CONNAME> => Connects to AD
MOSS-<Name of Service Application> => Connects to the User Profile Webservice (http://hostname:port/_vti_bin/ProfileImportExportService.asmx?ApplicationID=<APPID>)
ILMMA => Connects to the Farm Sync-DB

For a Full AD-Import the following Tasks (Management Agent – Run Profile) are running:

1. MOSSAD-<CONNNAME> – DS_FULLIMPORT
2. MOSS-<Name of Service Application> – MOSS_FULLIMPORT
3. MOSSAD-<CONNNAME> – DS_FULLSYNC
4. MOSS-<Name of Service Application> – MOSS_FULLSYNC
5. MOSS-<Name of Service Application> – MOSS_EXPORT
6. MOSSAD-<CONNAME> – DS_EXPORT

I’m not sure what every task exactly does. For my understanding it’s something like:

1. Get all AD objects (with a subset of properties) and load them to the temporary staging area in Memory (Connector Space)
2. Get all Sharepoint-User Profile Data from the Webservice and load them to the temporary staging area in Memory (Connector Space)
3. Syncing all new or updated objects (with the configured attributes) from AD Connector Space to the FIM Metaverse (Farm Sync DB)
4. Syncing all new or updated objects (with the configured attributes) from MOSS Connector Space to the FIM Metaverse (Farm Sync DB)
5. Push the new or updated data back from the FIM Metaverse to the MOSS Webservice
6. Push any changes back to AD (strange?!)

I have no experience with FIM, but that’s a short info I’ve got from Help

Basically if all Tasks ran successful you should have your profiles now available in Central Admin. Easy, isn’t it

BTW: If you accidentally created Synchronization Connections within Central Admin you can delete them with the FIM Synchronization Service Manager. Just delete the unnecessary “MOSSAD-<Name” Management Agents and they will disappear in MOSS as well.

Hope this post was a little helpful. Please let me know if it’s too short or not understandable

Here you’ll find additional informations:
http://technet.microsoft.com/en-us/library/ee721049(office.14).aspx

http://blogs.msdn.com/alimaz/archive/2009/11/09/configuring-user-profile-service-application-in-sharepoint-server-2010.aspx

http://blogs.msdn.com/sharepoint/archive/2009/11/18/path-to-user-profile-synchronization-success-in-sharepoint-2010-beta.aspx

http://blogs.msdn.com/opal/archive/2009/11/19/user-profile-sync-setup-in-sharepoint-server-2010-beta.aspx

http://sharepoint.mindsharpblogs.com/Kathy/Lists/Categories/Category.aspx?Name=SharePoint%20Server%202010

Windows Storage Server 2008 – Default Password

As MSDN or Technet Subscriber you have the possibility to download and Install-DVD for Windows Storage Server 2008. Normally it will be shipped just by OEM’s. So when you want to play around with it like me, for example to use it as an iSCSI-Target for a Cluster-Lab you’ll be surprised that the installation finish without asking for a Administrator password. It just stops at the logon window.

The default Administrator password is “wSS2008!” (without the quotes).

So have fun with it

Everything in Sync – Microsoft Live Mesh

I think the most people know the problem of sharing data between different machines. I had this problem especially with my favorites from Internet Explorer. I wanted to have the same favs on my personal as on my business machine. A direct sync was no option because of security and specially (Green IT *es*) because I don’t want to have my machine at home running all the time. So I tried sync via FTP to one of my Linux Root-Servers. It worked, but it wasn’t the experience I wanted to have. So Microsoft made my life easier and launched Live Mesh (Beta) couple of months ago.

In short words, with Live Mesh you can sync directories to their Live Mesh Service. After the files are uploaded automatically you can access them with any Web browser or, of course, on any other computer where Live Mesh is installed and the desired directory is synced.

You’ll find a complete feature list at https://www.mesh.com/Welcome/features/features.aspx

Some of the main features are:

• Share files/folders across multiple computers
  
• Access you’re shared files with a Browser
  
• Connect to other machines with remote desktop
  
• Invite other people to participate in your Mesh and share files with them.
  

The needed steps to get started are very easy:

First you have to sign in at www.mesh.com with your Windows Live-ID.

There you have a few options. You can directly access your online storage (5GB) with “Connect”, or if you want to add a Client just hit the Big Plus-Icon “Add Device”. Choose your OS and “Install”. I’ve tested it on Vista x32, Windows 7 x64, XP x32, W2008 x64 without problems.

After running the downloaded LiveMesh.exe you see that the installation is running at the right down corner of your desktop. This just takes a few moments.

After installation succeeds (hopefully) the Sign in screen pops up. I think I don’t have to explain the possible options I always choose to save my password and to sign in automatically because I want that the directories I choose to sync (will be a later step) are automatically updated.

Now you have to name the computer you’re on for Live Mesh. This is just the name you’ll see this machine in Live Mesh. You’re machine isn’t renamed, so Don’t Panic

During the installation you screen was flickering shortly. That’s because an additional ‘virtual’ graphics card named “Live Mesh Remote Desktop Mirror Driver” was installed. As the name let assume it’s for connecting with Remote Desktop to you Online Mesh-Computers.

You’re main entry point to Live Mesh will be in the taskbar. Moving with the mouse over it or left clicking it will open the following window. There you’ll get an overview with all devices which are participate in you mesh currently. In my case this are my home PC with Win7RTM (Hans-PC), my Samsung Q1 UPMC (Q1-PORTABLE), the Demo-VM (WXP-DEMO1) I’ve installed it make the screenshots and Live Desktop (the online store). The “Connect to device” links are for the Remote Desktop Connection to Online Mesh-Computers.

If you already made folders in your Live Mesh Desktop shortcuts for these folders are created automatically on the desktop. You see some of my synced one’s at the screenshot above at the left side.

So start syncing an existing folder with this new computer just right click on the desired folder and choose “Sync with this computer …”, what a surprise

The now opened window should be self-explaining as well. I’ve choose my IE Favorites as example.

Any question? I would say no. (But yes in the dialog box)

The sync is started immediately. You’ll notice that because the chosen folder is filled up with your files/folders and because your Windows Explorer is extend with an sidebar when browsing to that directory. When expanding the new sidebar you see again all the connected devices and in this particular case that my WXP-DEMO1-Machine is synching down data from Live Mesh. BTW: Don’t want to read any comments that 364KB of Favorites are too much

Adding a new folder is even easier. Just right click it and choose “Add folder to Live Mesh…” and give it a name. That’s it

For the other buttons just explore you’re new Mesh. So you have a News section where you see which files where added/deleted recently.

With the Live Mesh Desktop (the Webinterface) you can do some additional things. One of the coolest I think is to Invite other people to one of your folders. So you can share data between different computers and also with other people.

Just open the Live Mesh Desktop, open the folder you want to share. Then choose “Members” and click “Invite”.

When sharing a folder with other people you can also post news so the other people know what’s going on

So, that’s it

 You will find more detailed information at www.mesh.com or on http://en.wikipedia.org/wiki/Live_Mesh

I hope I was able to explain the functionality of Live Mesh a little bit. In my opinion it’s the easiest way to share files across multiple computers and also with other people. I also think that 5GB of free space is enough. For my purpose it’s more than enough so far. I know there are also other solutions for the same tasks out there. One of the coolest one is Microsoft Groove 2007 (resp. Microsoft SharePoint Workspace 2010). I’ll write a post about that later on. But Groove is much more complex and also a whole collaboration solution with much more features (sharing Sharepoint Lists, creating own Forms/Lists, create a shared ‘Whiteboard’ and so on….). There are a lot of other advantages and disadvantages comparing Live Mesh with Groove.

Furthermore Live Mesh is for free

I use Live Mesh now since almost a year or so (can’t remember exactly) for syncing my Internet Explorer Favorites, my OneNote Notebooks (a post about will follow as well), some Temporary Documents and I also using it as “backup” for my personal documents and pictures.

So install it, try it and I’m pretty sure you’ll love it shortly

MCTS 70-642 passed :)

After being an MCSA 2000 since 5 years and no additional certification in the meantime i decided that it’s more an overdue to do something again in this direction. So i made today my first exam in the new Windows Server 2008 World. First step was the 70-642 Exam. As ‘human’ readable: Windows Server 2008 Network Infrastructure, Configuring

But of course, that was just the first step. My goal is of course the MCITP (Microsoft Certified IT Professional) for W2008. Currently i can’t say which exact track i will choose. But the next exam will be the 70-640 (Windows Server 2008 Active Directory, Configuring).

For all those which are interested in my ‘training methods’. Hmm, it’s quite boring: Lot of reading (in official MS-Press and others), playing around in VM-Labs and that’s it

So, the last comment before i’ll go to bed: In my opinion the exams are much more harder than to the glory W2000-Times. But that’s a good way. Now you really have to understand that stuff. I don’t think boot camps or such ‘1-week-crash-course’ are the right way. Because maybe you’ll pass the exam, but when you never really understood that material, you won’t be successful in your job when you have to use the knowledge. I’m a fan of reading, trying, understanding Just my 2 cents.

Wish you a good night

BTW: This was the first blog-post with MS Word 2007. Cool stuff

Get current authentication provider

SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id=@@spid

This command should return NTLM or Kerberos