Showing posts from May, 2010

2nd Commerce Server User Group Meeting - Commerce Server Staging

Great user group meeting. Especially enjoyed the practical tone of the questions.
Here are the links I mentioned in my talk: Using SQL instead of Access command line Developing with the Staging API Creating log files
We will have the next meeting on November 5, subject will be CS and SharePoint 2010.

Sychronizing SharePoint Profiles with Active Directory

There are a lot of urban myths about importing profiles from AD, particularly on some blogs where it is claimed that deleted users are only erased from SharePoint on the third try.
Here are the steps when a user is deleted from Active Directory:
1. When the profiles are synchronized with Active Directory, the bDeleted flag is set to true in the SSP's UserProfile_Full table. Full description is here:
2. Every hour the MySiteCleanup job runs. If bDeleted is true the job deletes the profile from UserProfile_Full table and adds it to the deleted users. The manager gets a email and ownership of the MySite.
3. Every five minutes each Content DataBase sychronizes its UserInfo table with the SSP. This is the Quick Profile Synchronization (WSSSweepSynch).
4. Every hour there is a complete synchronization Profile Sychronization (WSSProfileSych). This is bidirectional, in the up direction the Profil…

Recipe:RSS Viewer in MOSS 2007

1. To add a feed for a list or document library.Go to list, actions, rss feed. Save address. Go to page, add web part, copy address into url.
2. To set refresh for rss feed. Site collection rss settings. Settings for web part. But...refresh is hard coded at 60 minutes!
Kerberos Authentication, needed even if sql on same box.
Add the following registry value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Registry Value: LogLevel Value Type: REG_DWORD Value Data: 0x1
But you will get some false errors.
Kerbtray gives the tickets for the current logged in user only. See great blog.
When cross forest trust, make sure that forest and domains are 2003 level, otherwise will only have external trusts which will not use kerberos. Make sure the web site is trusted site to see RSS feed.

Recipe: Using Kerberos with MOSS 2007 and Windows 2003

1. SPN for SQL Install ADSIEdit on DC from W2003 Support Tools. Change SPN of SQL Service Account to: MSSQLSvc/
MSDN also says add not just FQDN but NetBIOS name also: MSSQLSvc/sql1:1433 Don't understand why this is necessary. If the SQL is on the same machine as MOSS Kerberos will not be used. Ditto named pipes are used. See blog. You can also check your work by using the SetSPN -L SQLService From the the W2003 Resource kit you can use Klist and Kerbtray To list or purge the Tickets use Klist tickets or Klist purge.
2. SPN for Central Admin Add SPNs to Central Admin App Pool Identity. HTTP/moss01:12345 HTTP/moss01.litware:12345 Change Central Admin to negotiate Use this link to get to stsadm stsadm -o authentication -url http://moss01:12345 -type windows -usewindowsintegrated Browse to site.
If you get following error Logon Failure: Reason:Unknown user name or bad password User Name: Domain: Logon Type:3 Logon Process:Kerberos Authentication Package:Kerberos Workstation Name:- Caller U…