The LandPhil be honest, be honorable, be kind, be compassionate, and work hard.

December 29, 2010

SharePoint: Disaster Recovery Managed Accounts

Filed under: SharePoint — phil @ 7:20 am

So I’m setting up our DR farm here and I had an epiphany while I was doing the configuration. I’d mimicked all of the settings of the production farm including using managed accounts… the same managed accounts. I was about halfway through when I realized that would probably be a bad idea. Since the two farms would want to change the passwords 1) at the same time (remember I said I was mimicking the settings) and 2) to different things.

So I backed out and got a different set of service accounts to use as managed accounts. In trying to remove the old service accounts from the managed accounts console, I kept running into errors. Turns out you have to disable the auto password changing first, then remove the account. Pretty obvious, actually, but thought I’d share. Point. Heh.

Edit:  We actually ended up not using the password changing policies of the managed accounts.  Preferring to instead keep the accounts all on the same password change schedule.

December 21, 2010

PowerShell: Why can’t I sign scripts

Filed under: PowerShell — phil @ 7:48 am

This was an entertaining problem and I have to share.  First off, most people just disable script signing in PowerShell.  It’s just the way of the world.  Since I’m the one “in charge” for this project, I decided that I don’t want to disable script signing.  The first question I had for our AD folks was whether or not we were running a CA and if I could get permission for a code-signing certificate.  After a few back and forths it was determined that we do not have a CA (at least not one in the domain), so I decided I’d just sign them locally.  There are many resources out there for doing this, so I won’t reiterate here.  Suffice to say, you need to install the .NET Framework SDK and run makecert to first create a CA on your machine and then to issue yourself a certificate.

So, I’d gotten to that point, I had a certificate, I had a script, I was ready to go.  So I ran:

Set-AuthenticodeSignature test.ps1 @(Get-ChildItem cert:\CurrentUser\My -codesigning)[0]

…and received an unknown error.  I poked around and found that a lot of people had this problem.  It turns out that when you save a script file using the new PowerShell 2.0 ISE, it saves it encoded as UCS-2 Big Endian.  The code-signing engine only recognizes UTF-8.  In order to get around this, you must open your script file in notepad and re-save it so that it’s encoded in UTF-8.  (Or in my case, I opened it in NotePad++ and changed the encoding.)  Good job, Microsoft.

SharePoint: Installation fails

Filed under: SharePoint — phil @ 7:48 am

Recently, we had a lot of problems with the SharePoint 2010 install executable failing.  The exact error that we would get was “A system restart from a previous installation or update is pending.  Restart your computer and run setup to continue.”  We’d rebuild our virtual servers and test the installer and it would work, but then the next day it would fail.  Or sometimes it would fail that first time.  We were very confused.

The answer was hinted at here: SharePoint 2010 Installation.   There was a registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations
that had information in it.  The solution above suggested that you change the key name from PendingFileRenameOperations to PendingFileRenameOperations2.  That’s sloppy, in my not so humble opinion.

Now, the other folks had tried this solution in the past, with limited or no results.  The trick here was to figure out WHY that key had data in it.  Previously, they would do what the article suggested and the key would just be remade and refilled with information, stalling the installer again.  Being a sysadmin, I wanted to know what and why that key existed to begin with.  It was a short trip as it turns out.

The enterprise here installs a client on every machine to do data collection for inventory and software metrics.  The client is the Scalable Software, Inc Survey client.  That client locks a specific file and for whatever reason, throws it into that key.  Once we’d put that together, it was a simple matter of stopping the SSI Survey Client service, setting the service start to manual, and then rebooting the server.  After multiple servers, we confirmed that this was indeed the cause, and the solution.

So, the moral of the story is:  Don’t just delete registry keys and hope for the best.  Try and figure out what exactly is going on, because often times it’s easier to solve the why than the what.

SharePoint: Where to find things

Filed under: Links,SharePoint — phil @ 7:47 am

One of the first things I attempted to find was a forum or a mailing list that had a discourse of SharePoint related trials and tribulations.  I’ve been on the ActiveDir mailing list for many years now, and there is, daily, a wealth of information being shared by pros and novices alike.  I was hoping I could find something similar.  So far, no luck in the mailing list department.  Perhaps that will be something that I address in the future.  For now, however, I have found a lot of good blogs and websites of folks sharing the information I was looking for in a different format.

Word on the street is that SharePoint Joel is the world’s leading expert on SharePoint.  This is all hearsay, at least from my perspective, but what I’ve gleaned from his website so far has been invaluable.  Recently, he has indicated that he’ll be switching his blog over to things more personal and if you’re looking for SharePoint related topics, the new mecca can be found here:  I’ll be watching both sites for now.

Learning SharePoint 2010

Filed under: SharePoint — phil @ 7:46 am

Let’s start with a background.

I went to school for physics.  I discovered that I hated advanced mathematics.  I switched to computer science.  All of you in the know, stop laughing.

After school, I took a job as a systems administrator at a college.  Well, at a university.  Well, at a very good university.  I was a fresh out, and they asked me questions like, “Do you know Windows?”  And being that I’d built my own computers and installed Windows 95/98, and had logged in a few times to an NT domain, I said, “Of course!  I’m a windows expert!”

I believed that for all of about 4 hours my first day.

What I discovered very quickly is that I didn’t know anything about Windows.  What I did know was how to install a workstation operating system and software.  What I did know (but I didn’t realize then) was how to troubleshoot problems with the operating system and software.  What I know now (that I only realized fairly recently) is that the ability to troubleshoot, to see problems in an environment (ANY environment), identify them, categorize them, research them, and solve them… THAT is a skill.  One that far too few people actually have (but often claim they do).

But I’m not here to toot my own horn.  The opposite, in fact.  I want to paint a picture here for you, the reader, so that you understand where I’m coming from before you walk down the SharePoint path with me.  I have 10 years of Microsoft Windows and Active Directory experience.  I’ve built and upgraded and migrated Windows NT/2000/2003/2008 domains.  I’ve created robust group policy schemes.  I’ve deployed software.  I’ve dinked around on Cisco networking equipment.  I’ve imaged hundreds of computers.  I am capable of troubleshooting any of those systems.  I installed SharePoint 3.0.  Once.  And then never really used it.  Now you have the background.

I am now, currently, a SharePoint Administrator.  I interviewed for the position and told them, up front, that 1) I didn’t know anything about SharePoint, and 2) I didn’t think that would be a problem.  I have learned a great deal more about SharePoint in the last week than I knew a month ago, and a month ago, I’d learned a great deal more than I’d known initially.

This blog will hopefully outline my trials and tribulations, my goofs and gaffs, and my successes as I build out the SharePoint infrastructure here.  I’m not sure how anonymous this will remain, but for now, I’ll leave specifics out.

Powered by WordPress