Friday, February 25, 2011

Kerberos for SharePoint 2010

Just reading this excellent white paper http://technet.microsoft.com/en-us/library/ff829837.aspx
and want to be sure that I have the main points clearly in mind. My previous blog on Kerberos is here. http://software-smith.blogspot.com/2010/02/using-kerberos-with-moss-2007-and.html

1. Service Apps only use C2WTS if incoming auth is classic or Windows claims.
2. Reporting Services is not claims aware, needs classic Kerberos as does RSS viewer with authenticated feed.
3. When C2WTS with Kerberos, must use constrained delegation. eg. Excel, PerfomancePoint, InfoPath, Visio services. All require C2WTS with Kerberos. Cannot cross domain boundaries.
4. Basic delegation: BDC, Access, Reporting, Project. Can cross domain boundaries, no protocol transition.
5. According to the documentation PowerPivot is claims aware and does not need delegation. It uses C2WTS to get Windows Identity to connect to AS Vertipaq. On refresh Vertipaq/PP service uses SSS and NTLM to connect to data source, there would only be a need for Kerberos if this SQL was linked to a second SQL server. PowerPivot refresh and data collection requires classic authentication. I think the statement that PowerPivot is claims aware is wrong.
6. In multihop scenarios, cannot change from Constrained to Basic delegation.
7. SharePoint does not support Kernel mode authentication.
8. Cross forest Kerberos delegation is not possible, even with trusts.



Friday, February 18, 2011

SharePoint Myths

Myth 1. It takes 3 synchs for a profile deletion to work. See the mythbuster here.
Myth 2. You cannot use SharePoint for good looking internet sites. See some of the sites here.
Do you have a SharePoint myth you would like to see busted? Please send an email to the address here.

Monday, February 14, 2011

SharePoint 2010 Mirroring and Log Shipping

All databases can be mirrored for high availability except:
WebAnalyticsServiceApplication_StagingDB_
User Profile Service Application_SyncDB_
User Profile Service Application_SocialDB_
FASTSearchAdminDatabase
Reporting Services databases.

The only databases that can be logged shipped or use async mirroring:
WSS_Content
WSS_UsageApplication (not recommended)
Secure_Store_Service_DB_
All ProjectServer DBs if all db logs are synched
DefaultPowerPivotServiceApplicationDB (SQL server only)

This is according to this TechNet article updated July 29, 2010.

Another TechNet article also updated July 29, 2010 indicates that the following databases can also be log shipped:

Application_Registry_server_DB_
Managed Metadata Service_
PerformancePoint Service Application_
WebAnalyticsServiceApplication_StagingDB_
WebAnalyticsServiceApplication_ReportingDB_
User Profile Service Application_SocialDB_

Technically, I would concur with extending this list to include these.

With thanks to C. Liu

Saturday, February 5, 2011

CQWP (Content Query Web Part) and Dynamic Filtering

Basically you can use the token PageFieldValue to use a value on the current page layout. This works if it is a Managed MetaData field. Similarly you can use the PageQueryString to add a value to use in the query. A good example of using these values is here.

CQWP (Content Query Web Part) and Common View Fields

SharePoint 2010 exposes the Common View fields on the web part tool pane. Hence it is no longer necessary to export the web part, edit these fields and reimport. The documentation should be updated to reflect this.