Bonjour tout le monde !

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!

Publicités
Publié dans Non classé | 1 commentaire

Configure Office SharePoint Server Search Service Settings

2 options: Use all web front end computers for crawling Use a dedicated web front end computer for crawling Be careful, if you use only one webserver, do not check the option : dedicated server In Central Administration > Operations > Services on Server > Office SharePoint Server Search Service Settings, you may select one Web Front End (WFE) as the only one used by the index server during crawls. This sounds like a fine option when you have multiple WFEs in production and you want to reserve one for the index server to crawl so that the overhead is limited to one server. In a small farm, one would not normally change from the default selection above. However, on our small farm someone selected the second option and indexing failed. Error messages begin to appear in the crawl logs. When we pinged the sites to see if they were reachable from the index server, strange IP addresses responded. Since these addresses were not in DNS, we examined the HOSTS file. This revealed a undocumented SharePoint Search process. What happened, you ask? First, let’s discuss the logic. If you have multiple WFEs and you want to dedicate one of them for crawling, obviously the index server must be able to find the appropriate web sites on the dedicated WFE because the UI only specifies the farm member name. One might think that it would simply use DNS. However, DNS will resolve the target web sites to the production addresses. So a process was added to modify the HOSTS file on the index server which adds an entry for each web site to be crawled using the IP address of the WFE selected. The entries will look like this: 10.16.x.x admincompanion.mindsharp.com # Added by Office SharePoint Server Search (1/18/2007 12:43 PM). With this entry in place, the index server knows how to reach the sites on the dedicated server. However, depending upon how you have the WFE configured, this may break the crawling process! Obviously if the entry is incorrect, the crawler cannot find the site to crawl and you will see error messages in the logs saying the site is unavailable. After three attempts, it is removed from the list. If you remove the entries from the HOSTS file manually, they will be back in just a few minutes. If you correct them, your entries will be removed and replaced with the original entries. The process does not overwrite entries for non-SharePoint sites. Why might the entries be incorrect, you ask? Well, empirical tests show that the address selected by the process is the first address displayed on the first NIC displayed when you do an IPCONFIG /ALL. Also, there is one entry for each site listed in a crawl rule. Remove the site from the list and the HOSTS entry will magically disappear. Our WFEs have more than one NIC so that SQL traffic has its own uncongested pathway. Also, the front facing NIC has multiple addresses with many of them bound to SSL web sites. In our case, the first NIC was the one on the network to the SQL server and the index server could not reach that isolated network. By renaming the NICs so that the order was changed, the process selected the first address displayed on another NIC. However, that did not solve the issue because the address selected many of the sites were using SSL with bound IP addresses plus the address selected was bound to a non-SharePoint site so none of the host header sites were listening on that address. The index server could not find the web sites. So, this “feature” would be a wonderful “solution”, IF : The WFE only has one network interface. The one network interface only has one IP address or at least does not have any IP addressed bound to a particular web site. The WFE only hosts SharePoint sites which are all using [All unassigned] and host headers . We have forwarded information for a Design Change Request. However, until there is a UI to select the IP address that the process uses in its entries and/or a UI to disable this process so that manual updates to the HOSTS file will remain, you may want to consider your WFE design before making the decision to dedicate a WFE for indexing. But the real solution is. . . If you want your index server to crawl a particular WFE, leave the default setting alone and modify the HOSTS file yourself. This way you can direct it to hit one server for some sites and another for others.
Publié dans Microsoft - MOSS 2007 | Laisser un commentaire

Installation MOSS 2007 sp2

(available : in http://www.microsoft.com/downloads/details.aspx?FamilyId=2E6E5A9C-EBF6-4F7F-8467-F4DE6BD6B831&displaylang=en since 30.12.2009 Be careful, before to proceed to the installation, activate web role To prevent this from happening in the first place, add the Web Server role before installing SharePoint and the updates will be applied correctly Having followed the instructions listed on TechNet for a Windows 2008 deployment using a slipstreamed installation source, the following error was encountered when attempting to create a Publishing site collection: The Office SharePoint Server Standard Web application features feature must be activated at the web application level before this feature can be activated. Looking at the version number reported by Central Administration and that shown for Microsoft.SharePoint.Portal.dll it was clear that the SP2 update had not been correctly applied; the dll was reporting the original version number whereas Central Administration reported the correct version number for SP2. This was confirmed when running the stand-alone SP2 update packages; the update package for WSS 3.0 claimed that the update had already been applied but the Office SharePoint Server update package did not detect that SP2 had already been applied. Re-applying the SP2 update for Office SharePoint Server fixed the problem quoted above. To prevent this from happening in the first place, add the Web Server role before installing SharePoint and the updates will be applied correctly. see: http://oidatsmyleg.wordpress.com/2009/09/21/add-web-server-role-before-installing-sharepoint/ 1) Install MOSS 2007 with SP2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=2e6e5a9c-ebf6-4f7f-8467-f4de6bd6b831&displaylang=en) Languages packs for every language you want to install in this order ( for example french ; packages x32bits) 1. WSS3 Language Pack – Module linguistique pour Windows SharePoint Services 3.0 (SharePointLanguagePack.exe) 2. WSS3 SP2 – wssv3lpsp2-kb953338-x86-fullfile-fr-fr.exe 3. MOSS language Pack (ServerLanguagePack.img) 4. MOSS SP2 language pack (officeserverlp2007sp2-kb953334-x86-fullfile-fr-fr.exe) + CumulativeUpdateAprilMOSS2007 – 379581_intl_i386_zip http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=968850 – 381035_intl_i386_zip http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=968851
Publié dans Microsoft - MOSS 2007 | Laisser un commentaire

PKI Microsoft – Generate a wildcard certificate and store it in a pkcs#12 format

PKCS #12 1.0 Personal Information Exchange Syntax Standard Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. PFX is a predecessor to PKCS#12. This container format can contain multiple embedded objects, e.g. multiple certificates. Usually protected/encrypted with a password. PKCS #7 1.5 Cryptographic Message Syntax Standard See RFC 2315. Used to sign and/or encrypt messages under a PKI. Used also for certificate dissemination (for instance as a response to a PKCS#10 message). Formed the basis for S/MIME, which is as of 2009[update] based on RFC 3852, an updated Cryptographic Message Syntax Standard (CMS). Often used for single sign-on. First Step – Microsoft PKI – Active Directory Certificate Services (Role windows 2008) Add role Active Directory Certificate Services on Server AD check role service : Certification authority Certification Athority Web Enrollment Choose entreprise CA choose Root CA choose Create a new private key Let default settings: cryptographic provider – RSA#Microsoft Software Key Storage Provider – 2048 Common name for the CA: (Domainename-Servername-CA) aurum-LORSRV102-CA Validity period . 5 years finish ——————————————————————– Control the good execution: go to active directory services – warning: you will find the description of the command: cmd prompt certutil -viewstore "ldap:///CN=aurum-LORSRV102-CA,CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=aurum,DC=com?cACertificate?base?objectClass=certificationAuthority" go to¦ administrative tools – Certification authority ——————————————————————- Step 2 : generate the wildcard certificate: go to IIS Manager – menu (option) Server certificates wildcar certificate: "*.aurum.com"

To Generate and Submit the Certificate Signing Request (CSR): Click the Start menu and select Administrative Tools. Start Internet Services Manager and click the Server Name. In the center section, double click on the Server Certificates button in the Security section. From the Actions menu click Create Certificate Request. This will open the Request Certificate wizard. Enter your Distinguished Name field information. The following characters cannot be used: < > ~ ! @ # $ % ^ * / \ ( ) ?. This includes commas. Distinguished Name Fields: Organization: The name under which your business is legally registered. The listed organization must be the legal registrant of the domain name in the certificate request. If you are enrolling as an individual, please enter the certificate requestor’s name in the "Organization" field, and the DBA (doing business as) name in the "Organizational Unit" field. Organizational Unit: Optional. Use this field to differentiate between divisions within an organization. For example, "Engineering" or "Human Resources." If applicable, you may enter the DBA (doing business as) name in this field. Common Name: The Common Name is the fully-qualified domain name – or URL – for which you plan to use your certificate, e.g., the area of your site you wish customers to connect to using SSL. For example, an SSL certificate issued for "www.yourcompanyname.com" will not be valid for "secure.yourcompanyname.com." If the Web address to be used for SSL is "secure.yourcompanyname.com," ensure that the common name submitted in the CSR is "secure.yourcompanyname.com." If you are requesting a Wildcard certificate, please add an asterisk (*) on the left side of the Common Name (e.g., "*.domainnamegoes.com" or "www*.domainnamegoeshere.com"). This will secure all subdomains of the Common Name. Country: The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered. State/Province: Name of state or province where your organization is located. Please enter the full name. Do not abbreviate. City/Locality: Name of the city in which your organization is registered/located. Please spell out the name of the city. Do not abbreviate. Click Next. In the Cryptographic Service Provider Properties window, select Microsoft RSA SChannel Cryptographic Provider; then select the bit length (2048 is the minimum). Click Next. Enter a path and file name for the CSR and click Finish. Open the generated CSR file; then, using a plain-text editor, such as Windows Notepad, copy and paste the CSR into our online enrollment form. Cryptographic provider: Microsoft RSA Schannel…. Bit length : 2048 name for certificate request: c:\wcert\certificate_request ————————————————————————- Step 3 : request the certificate go to site: http://aurum.com/certsrv/ or https://aurum.com/certsrv/ (with self signed certificate) Microsoft Active Directory Certificate Services — aurum-LORSRV102-CA request a certificate submit an a Or, submit an advanced certificate request. Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file. use the field: Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7 to put the txt of the previous request: —–BEGIN NEW CERTIFICATE REQUEST—– MIICsTCCAmsCAQAwZzELMAkGA1UEBhMCQ0gxETAPBgNVBAgMCGZyaWJvdXJnMQ8w DQYDVQQHDAZuZXlydXoxDjAMBgNVBAoMBWF1cnVtMQ4wDAYDVQQLDAVnZXZlcjEU MBIGA1UEAwwLKi5hdXJ1bS5jb20wTDANBgkqhkiG9w0BAQEFAAM7ADA4AjEA048l Mi098xBpiDrIAQAn6MEjDG6mFi5a2knJqtrZ2S8fvUGfCEIMTb3p3d1gIMLFAgMB AAGgggGtMBoGCisGAQQBgjcNAgMxDBYKNi4xLjc2MDAuMjBJBgkrBgEEAYI3FRQx PDA6AgEFDBNMT1JTUlYxMDIuYXVydW0uY29tDBNBVVJVTVxBZG1pbmlzdHJhdG9y DAtJbmV0TWdyLmV4ZTByBgorBgEEAYI3DQICMWQwYgIBAR5aAE0AaQBjAHIAbwBz AG8AZgB0ACAAUgBTAEEAIABTAEMAaABhAG4AbgBlAGwAIABDAHIAeQBwAHQAbwBn AHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByAwEAMIHPBgkqhkiG9w0BCQ4x gcEwgb4wDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMHgGCSqG SIb3DQEJDwRrMGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDALBglg hkgBZQMEASowCwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUw BwYFKw4DAgcwCgYIKoZIhvcNAwcwHQYDVR0OBBYEFKgNS31JFtJzQdr6LpkSz+aY NbrFMA0GCSqGSIb3DQEBBQUAAzEAn+nf0gZov77j5QuAINi5BVLI00v4aAuYBJAp Sv+zesF8gWwC2zA0Ga5i2Z5hpa8b —–END NEW CERTIFICATE REQUEST—– certificate template. web server download certificate chain: certnew.cer & certnew.p7b ————————————————————————

Step 4 : Import certificate : go to IIS manger ¦action¦ complete certificate request ¦ browse the c:\wcert\certnew.cer ———————————————————————– Step 5 : generate pkcs#12 format go to mmc console menu start¦ mmc menu file ¦ add sna-In ¦ certificates ¦ computer account ¦ Once the certificate has been issued and installed on the requesting computer, open the Certificates MMC focused on the local computer store, locate the issued certificate and then export it in PKCS12 format. I believe that you can use OpenSSL to convert the P12 to PEM if need be

Publié dans Microsoft - Server Roles | Laisser un commentaire

Important Path for Microsoft & useful cmd

Common cmd for AD-DNS ipconfig /registerdns to Control DNS settings nslookup display DNS cache ipconfig /displaydns ipconfig /flushdns for Admin Directory diagnostic dcdiag.exe IIS Web server: restart Web server iisreset MOSS 2007 Major File (Host) for MOSS search services (see: Configure Office SharePoint Server Search Service Settings) C:\Windows\System32\drivers\etc Sharepoint directory: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12 SQL Server Express 2008 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA SQL server 2008 datafiles: C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\DATA Import your datafile (.mdf, .ldf) in folder C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\DATA Open SQL Server Management Studion: right click auf Database ¦ attach DB ¦ browse for the new stored .mdf file
Publié dans Configuration - machine | Laisser un commentaire

Connection to SQL Server Azure with SQL Server management studio

(to get the graphic interface – you need sql server 2008 R2) open sql server management studion ¦ cancel login ¦ open new query ¦ give the parameters: Servername: ServerOfAzure.database.windows.net Login: azureLogin Passwort: azurePwd by Option: azureDatabaseName The port 1433 must be open (Firewall setting) On the server: 1. Open the Windows Firewall with Advanced Security 2. Right Click on inbound rules and select New Rule 3. Create a Port Rule, Click Next 4. Choose TCP rule and choose ports 1433, 1444. Click Next. 5. Choose Allow the connection. Click Next. 6. Choose the correct profile. By default all of them are on, but you might choose only to let domain machines access SQL… Click Next 7. Specify a Name and a Description for the Inbound Rule. Click Finish 8. Your rule should be created The firewall rule by the azure server must accept your private Home IP range Azure firewall settings: Your Private IP (if you have only dynamic IP address, you can completely open the azure firewall rule – it’s not recommended – open range 0.0.0.0 – 255.255.255.255, you can test the connection) Migration DB Use export utility:
Publié dans Non classé | Laisser un commentaire

How host names are resolved with a DNS server

1.When a user enters a host name or a fully qualified domain name (FQDN), host name resolution is initially attempted through the HOSTS file. 2.If the host name could not be resolved to an IP address through the HOSTS file name resolution method, the DNS server is used. 3.The request is transmitted to the DNS server to perform a lookup of the name in its database, to resolve it to an IP address. 4.The DNS server resolves the host name to IP address. 5.The hardware address is obtained next. 6.If the destination host is located on the local network, the hardware address is obtained from the ARP cache, or via broadcasting of the IP address
Publié dans Configuration - machine | Laisser un commentaire