MOSS 2007: Event ID: 2424 - The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

For those of you who have encountered this error, know that it is quite annoying. This is the error:

This error is basically saying that there is not enough permission for the account that is trying to access the content related to "Windows SharePoint Services Help Search".

Under the Central Administration go to Operations and then Services on Server.

In Windows SharePoint Services Help Search you'll notice 2 accounts. One being the Service Account and the other being the Content Access Account. These 2 accounts are configured at the beginning of the SharePoint installation when you define the accounts that are being used. If you look at your SQL server, you'll notice that these two accounts have identical permissions (if you haven't changed anything that is).

Because this error specifically says "content sources", the account in question will be the "Content Access Account". I've gone from giving this account read access for all content databases to even giving it owner permissions as a last resort and nothing worked.

After a bit of searching on the net, I changed the Content Access Account to use the exact same account as the Service Account and it worked. No more error message.

Now, I would love to bring this to Microsoft and ask them exactly why this works as both accounts had the same permissions in the SQL server. But knowing them they'll charge me just for asking this question. Although the problem is solved, it bothers me that I don't know exactly why it is fixed using this method. The Service Account must have some extra privileges elsewhere that I am not aware of that are different from the Content Access Account. Hopefully, I will eventually come across the answer to this. But for those of you who are encountering this same problem. Make the Service Account the Content Access Account as well and all should be good.

MOSS 2007: The trial period for this product has expired

I just had a hellish week repairing MOSS 2007. Details will follow when I have completely recuperated from the ordeal. However, I thought I'd post a little problem that I encountered with MOSS 2007 that seems to be a common bug. At first, I didn't think it was little, actually I was "sweating bullets" when I saw it because I had just successfully brought back MOSS 2007 after it was completely down. So seeing this error didn't help. In any case I saw this error message, "The trial period for this product has expired" when I was editing the master page of a SharePoint site. It would not let me check it back in, or publish it (I am running MOSS 2007 Enterprise).

So I did a bit of searching across the net and didn't have problems finding information on it in terms of people talking about it. It seems to be a problem quite a few users were facing. And what makes it even harder to diagnose is that there are multiple reasons for this error. If MOSS 2007 is installed on a DC for example, then a different fix will need to be applied. For my situation that fix did not apply because I have two-machine setup so far. One being the web front end and the other being the SQL database.

To cut a long story short, I did a repair on the MOSS 2007 web front end because I was out of options as the time it was down. So I tried many things, repair being one of them. Now apparently if you do a repair, it seems to only try and fix any damaged or corrupted files but does nothing to the registry (I'm assuming). I had to run the configuration wizard in order to fix the error for "The trial period for this product has expired". The configuration wizard basically updated the registry and all settings that seemed to have been lost during the repair. So while I am still unsure of exactly what caused it, this is my guess.

So, if you encounter this error AFTER a repair of MOSS 2007, remember to run the configuration wizard right away with all the default settings.

Automatic Logon - Windows NT / 2000 / XP

Ok, this is something that always come around once in awhile and each time it does I forget how to do it. So gonna post it so that I can check it up quickly. Basically whenever a computer reboots it'll automatically logon when it reaches to the logon screen. Simple.

To enable this function you will need to add some new values to the Registry. As always before working on the Registry make a quick backup just in case. Never hurts.

Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

1. Add/Change new string value to "Default User Name" and set it to the desired username
2. Add/Change new string value to "DefaultPassword" and set it to the password of the desired username
3. Add/Change new string value to "DefaultDomainName" and set it to the domain that the username resides in
4. Change the string value of "AutoAdminLogon" to "1" for enable automatical logon or "0" to disable it

NOTES:

1. For Windows 2000, "ForceAutoLogon" must be enabled to stop settings from being reset after reboot.
2. Password is viewable by anyone who has access to the Registry
3. Bypass auto login by holding down SHIFT during logon process
4. Automatic logon will not function properly if "DontDisplayLastUserName" is enabled

Choosing the right Firewall

I find there are quite a few people out there not too familiar with exactly what a firewall does or how to pick the best one for their situation.

Here's a nice link that talks on some points when choosing what kind of firewall to get.

http://www.windowsnetworking.com/articles_tutorials/Choosing_a_Firewall.html

ASP.NET - Placeholder web control

One way to dynamically show data one by one in a list is through the use of a placeholder. As the name suggests it is a web control that contains other web controls.

You can dynamically add other controls to the placeholder whenever needed.

ASP.NET and MS SQL Server 2005 - Bit / Boolean Type

Ok, I'm not a hardcore programmer, so today I found something that was quite wierd to me at least.

Now I have MS SQL Server 2005 as my backend database. I created a simple type with a couple fields, one being of type "bit", which can hold the values of 1, 0, or null. Since there isn't any boolean type, then this is what should be used for true and false data.

Now, I am programming in ASP.NET which communicates with the database. I was trying to do a simple INSERT command into this table and for awhile I couldn't figure out why it wasn't writing into it.

For example my SQL statement in ASP.NET could be like this:
Ex1. INSERT table1 (x1, x2, y1, y2) VALUES ('hello', 'there', True, False);

Or say I have a couple radio buttons R1 and R2 somewhere:
Ex2. INSERT table1 (x1, x2, y1, y2) VALUES ('good', 'bye', R1.Checked, R2.Checked);

In SQL Server: x1 and x2 are nchar(10), y1 and y2 are bit

Both statements did not work. If I actual values like 1 or 0, those will work.
Ex3. INSERT table1 (x1, x2, y1, y2) VALUES ('good', 'bye', 1, 0);

The only way to get Ex1 and Ex2 to work is to put bound the True or False by single quotes like a string.
Ex4. INSERT table1 (x1, x2, y1, y2) VALUES ('hello', 'there', 'True', 'False');

To me that is very confusing. But that's how SQL Server takes it.

Dreamweaver - Centering Layouts

This is quite easy to do, but was hard to find out how. If you want your website to always be centered no matter what monitored is being used. Do the following:

1. Make a new table.
[Rows = 1, Columns = 1, Width = 100%, Cell Padding = 0, Cell Spacing = 0, Border = 0]

2. Check inside the table and set: Horizontal align to "center", Verticle align to "middle"

3. Now make another table of any size inside the one you just made and it will always be centered.

MS SQL - Reseting IDENTITY value

If you want to reset your identity field to a certain number, use the following statement:

DBCC CHECKIDENT ('tablename', RESEED, new identity value)

Viewing .aspx pages in IIS 6 using ASP.NET

Ok, this was super annoying, and it showed me that I don't know jack shit about setting up ASP.NET on IIS to work properly.

The problem I was having was trying to connect to MS SQL Server 2005 using ASP.NET. This did not work as I was getting HTTP Error Code 403. This pretty much means that you lack the permission to access whatever you are trying to access. In this case, I had created an .aspx file that will access SQL Server.

So after fiddling around for like an hour I tried accessing .aspx files in IIS first. Sure enough, I got an error. This time a bit more specific. HTTP Error 403.1 - Forbidden: Execute access is denied. After another hour of searching for an answer as to why my asp.net pages won't display, I finally found the answer, which made me feel really stupid.

In anycase, ASP.NET pages are a scripting language, they run code in the background that "talks" to the backend servers. Now, by default, all websites created in IIS having the scripting permissions taken off for security purposes. Well, that's the problem right there. Turn this option on and you are set.

Go to "Properties" of the website in question, click on the "Home Directory" tab, and change the option "Execute permissions" to "Scripts only" or "Scripts and Executables".

What a waste of time! Definitely feel dumb today.

Rebuilding a Windows 2003 Server Domain Controller from scratch

I couldn't find any advice or help on this particular topic, even though I was pretty sure I knew how to do it. The task was to reinstall a domain controller with it being the only domain controller in the domain. Meaning that when it goes down, there will be no authentication between computers in the network.

The obvious way would be to install another DC so that it can be up while the other is down. But for this situation, another computer is out of the question. So the best way to do this is to completely remove the hard drive and put in a brand new one and install a fresh new version of the OS. After the OS has been installed and updated, perform a dcpromo and make all settings exactly the same as the old DC.

Adobe Flash - Nested communication

When working with Adobe Flash, communicating with various movie clips and swf files can be a pretty stressing.

For nested SWF files, it goes as follows:

1. First SWF (level 0) loads another SWF file into a different level using either loadMovie or loadMovieClip function.

2. The loaded SWF file can then refer to the first SWF by referring to it through "_level0"

For nested movie clips, _root, _parent, this, "instance name of movie clip" can all be used.

_root refers to main timeline
_parent refers to the calling movie clip

Network Detection Methods

Been awhile since my last post, been caught up with a million things here and there.

Recently I have been trying to figure out a way to detect on a network when certain devices are actively connected to the network. Reason for this is when users need to know when a certain devices is sending and receiving data (especially when we are talking about mission-critical devices - such as metal detection, programmable ovens, etc). Nothing is worse when a user "thinks" that the device is sending data only to find out that it didn't and must redo the entire job again. This not only wastes time, but obviously wastes money.

All this is assuming that the device being used has an internal ethernet adapter or is using wireless.

FREEping is a free software that pings any IP and keeps track of it through time. By pinging a certain device at regular intervals you will know whether or not the device is connected or not. Users can simply view the monitor and know right away. I'm sure there is other ping software out there, but this one does the job well enough.

Another solution which is better is to have some sort of LED light on the outside of the device indicating the connection is good, but of course this usually has to be custom implemented if it wasn't already built-in to the device to begin with, which equals more money. But is a better indicator.

Either way, both solutions work fine and I can finally get this little issue out of the way.

Server Room - Temperature & Humidity

Well, thought I'd talk about this a little bit since this is something that isn't very clear cut. While temperature and humidity levels can vary among all server rooms depending on the number of servers there are, other hardware, type of room, size of room, location of room, etc. Most people aren't sure what the ideal temperature and humidity levels should be to properly cool their equipment.

I can say that from my experience it varies a lot, but there are general guidelines to follow. Most of the IT community (from talking with individuals in the field and through sources on the Internet) agree that the server room should not exceed roughly around 28 degrees Celsius in general. I think that's way too high in my opinion, 28 degrees in a room is pretty warm!

I've had the server room hit 26-27 degrees before and to me it was really warm. APC wrote a white paper to give their general guidelines (http://www.apcmedia.com/salestools/VAVR-5UDSLG_R2_EN.pdf). They say around 22-24 degrees Celsius is adequate with about 35%-50% humidity. Sun Microsystems in a articles (which I cannot find anymore) suggested around 21-23 degree Celsius for temperature.

From what I've read and heard so far and my own opinion on the matter, "normal" server rooms should have temperature of about 19-23 degrees Celsius and about 30%-50% humidity.
Minimum temperature I would say don't go below 16 degrees Celsius and for maximum temperature don't go above 25 degrees Celsius.

Server rooms should always be "cool" and "dry", but not "too cold" or "too dry". Anyway, that's my thoughts on that.

Microsoft Surface

I have to admit when I saw this I was impressed. Although this is something you've seen in movies and what not, to actually see this coming to home use very soon is exciting. Technology is just great (when it works that is). The possibilities for this type of technology are endless, a computable surface table, awesome.

Take a look at the site:
http://www.microsoft.com/surface/

Check out "The Possibilities", that's amazing!

Metal Gear Solid 4 Gameplay Revealed!

The only thing I can say about after watching this is I wish I didn't watch it. It is so sick that I can't wait now. Damn it! Thanks a lot Kojima-san! >.<

Sysvol

Many people may overlook this very important folder. By default, Windows 2003 Server gives "authenticated users" full control of this folder. Patches will automatically adjust the security settings to accommodate for it, but you can easily do it yourself after installation of a new 2003 server machine.

The System Volume (Sysvol) is a shared directory that stores the server copy of the domain's public files that must be shared for common access and replication throughout a domain. The Sysvol folder on a domain controller contains the following items:

• Net Logon shares. These typically host logon scripts and policy objects for network client computers.
• User logon scripts for domains where the administrator uses Active Directory Users and Computers.
• Windows Group Policy.
• File replication service (FRS) staging folder and files that must be available and synchronized between domain controllers.
• File system junctions.

Best Practices for Sysvol Maintenance
http://support.microsoft.com/kb/324175

Authenticated Users Group Has Too Many Permissions to the SYSVOL Network Share
http://support.microsoft.com/kb/812538

Group Policy - Notes

Workstations check with Active Directory every 60 to 120 minutes to see if there are any new policies. If there are, then the workstations apply them - both user and machine policies.

If you are using group policies, local policy is always processed before site, domain, or OU group policies

Policies are reapplied every 90 minutes, with a 30-minute "randomization" to keep the domain controller from getting hit by many computers at once

Policies on DCs are refreshed every 5 minutes

Order in which policies are applied: local > site > domain > OU
If multiple GPOs attempt to set a setting to conflicting values, the GPO with the highest precedence sets the setting

GPO-links that are enforced cannot be blocked from the parent container

---------------------------------------------------

Managing inheritence of Group Policy:
http://technet2.microsoft.com/windowsserver/en/library/212eb1fd-11f4-465f-b243-73e542d06b2c1033.mspx?mfr=true

Referenced from "Mastering Windows Server 2003" by Mark Minasi

Best Ending in Gaming History

I thought I'd post this clip to give tribute to the best videogame ending in history (IMO of course).
The story, the characters, the music, all top notch. By far, the most emotional ending out there to date.

Dictionaries all over there world should change their definition of "patriotism" to:
Boss from Metal Gear Solid 3.

Great game.

MGS4 - The End of a Masterpiece

After 20 years, it finally looks like the Metal Gear Saga will be coming to an end. I can't wait to see how everything unfolds.

Props and hats off to Kojima for being one of the few out there to show a sense of honour in a money driven world.

Killzone 2 - OMFG!

I have to admit that this is not the same quality as back in E3 2005, but that's because Sony didn't want to say it really was pre-rendered. But now in E3 2007, they show a trailer with live in-game graphics. Quality might not be the same, but it still looks damn good. Definitely made me drool a bit.

My Site in MOSS 2007 Open to All!

I'm not sure what the developers were thinking over at MS when they programmed this, but the fact that anyone (in the same domain or access to the SharePoint Server) can view everything in any user's My Site website is quite sad.

For example, I can go into a colleagues site and view everything. Unless specific permissions were set up, it is all open.

The default security setting is "NT AUTHORITY/Authenicated Users".

So word of advice to anyone using My Site, you'll want to change your security settings right away.

Configuring SSO in MOSS 2007

Here is another thing that took me a long time to figure out. This was never mentionned in any books or was there any information available online.

When configuring SSO (Single Sign-On) for MOSS 2007, it is best to create a separate account to run this service.

Under Operations > Manage Settings for Single Sign-On > Manage Server Settings you put in all the accounts that will run this service. After all correct information is put in and you are sure all the accounts have been created and setup properly, clicking OK should finish it off. But nope, it keeps giving you an error message saying it cannot use the account or something along those lines. I can't remember exactly. But the key here is when you press OK, you can see the browser tries to connect to http://localhost/something/soemthing/

Unless you set http://localhost as one of your trusted sites in your Internet browser, it will keep giving you that message until you do.

Amazing, how no books or any material online could be found on this.

Tip:
When configuring an account for SSO, it is best to you a security group when entering it in. This makes things much more flexible. Create an SSO admin account and make that account a member of the SSO Administrators for example.

Using LDAP to Import User Profiles into MOSS 2007

This simple task turned out to be extremely annoying. Apparently LDAP (Lightweight Directory Access Protocol) is not universal. There are multiple languages for LDAP. For example, I create a simple query using LDAP in Active Directory to retrieve all the users from a particular group in a particular OU. Works in the Active Directory test, so thinking it works fine there and the fact it is Microsoft, that copy and paste would do just fine.

Nope.

Something that should only have taken a couple minutes, ended up taking me many hours. The frustration was just irritating. In any case, here is an example of an LDAP filter that works in MOSS 2007 that retrieves all the users in the "SharePoint Users" security group.

Search Base:
DC=,DC=com

User Filter:
(&(objectCategory=Person)(objectClass=user)(memberOf=CN=SharePoint Users,OU=Information Technology,DC=,DC=com)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Kerberos Implementation for MOSS 2007

This is something that took me quite awhile to figure out and implement. I decided to do this right from the start as I was building and implementing MOSS 2007. It is better to deal with this at the start then later on as you may encounter more headaches, and also you don't pose the risk of running into problems where there will be downtime for users.

Get it all done before you roll it out. I used two sources that helped me out a bit on how to properly implement Kerberos into MOSS 2007.

Source 1:
http://blogs.msdn.com/martinkearn/archive/2007/04/23/configuring-kerberos-for-sharepoint-2007-part-1-base-configuration-for-sharepoint.aspx
http://blogs.msdn.com/martinkearn/archive/2007/04/27/configuring-kerberos-for-sharepoint-2007-part-2-excel-services-and-sql-analysis-services.aspx

Source 2:
Microsoft SharePoint: Building Office 2007 Solutions in C# 2005
Author: Scot Hillier

Remove a Meeting from a Meeting Workspace in MOSS 2007

Link: http://msdn2.microsoft.com/en-us/library/ms465611.aspx

This was another annoying thing I didn't know how to get rid of. Had to do some digging and found a solution which Microsoft provides. This fix requires Visual Studio and the creation of a console application.

Use this when you can't get rid of a particular meeting in a Meeting Workspace. For example, you have 3 meetings in a meeting workspace, each with their own dates. There is no simple way to delete one meeting unless using this method. Hopefully this will be rectified some time later. For now, check out the link above for the how-to.

Virus Scanners when they screw up MOSS

Link: http://support.microsoft.com/kb/928169

The following applies to MOSS 2007 as well. This error happened to me as well and made me crap in my pants for awhile as I was clueless as to what happened. After some time I was able to fix it.

[SYMPTOMS]

When you use Microsoft Office SharePoint Portal Server 2003 (this applies to 2007 as well) on a computer that has an antivirus scan engine installed, you may experience the following symptoms:

When you browse through the Default.aspx page, you receive one of the following error codes:

• HRESULT:0x80041050
• HRESULT:0x80041051
• HRESULT:0x80041052
• HRESULT:0x80041054

When you try to open a file from a SharePoint document library, you receive the following error message:

• http://ServerName/Sites/Site/FileName contains the following virus: The Antivirus Scanner scan engine is offline. Please try to contact the scan engine later or contact your administrator.

Additionally, you may find messages that are related to the antivirus scan engine in the Windows SharePoint Services log file. The messages resemble the following:

• 0 08/16 00:09:25 6196 #96000a: infected by "The Symantec AntiVirus Scan Engine is offline. Please try to contact the scan engine later or contact your administrator. " - DOMAIN\USER - /sites/somesite/some document.doc
• 0 08/16 00:09:25 6196 #96000a: infected by "The Symantec AntiVirus Scan Engine is offline. Please try to contact the scan engine later or contact your administrator. " - DOMAIN\USER - /sites/somesite/default.aspx

Note: The Windows SharePoint Services log file is located in the following folder: %WINDIR%\TEMP

[SOLUTION] (with my changes):

1. Use Query Analyzer to connect to the SharePoint content database.
2. Run the following query to list all the files that are affected:
   
   SELECT *
   FROM Docs
   WHERE (VirusStatus > 0) AND (VirusStatus IS NOT NULL)
   
   
3. Open your SQL Server Management Studio and go to the Content Database where the page giving you the error is located (WSS_Content database for example)
4. Create a new query and run:
   
   SELECT *
   FROM AllDocs
   WHERE (VirusStatus > 0) and (VirusStatus is not null)
   
   
5. If any records are displayed, these are the files that have been indicated by the Virus Scanner (ForeFront probably - Sigh... Microsoft, come on!) to be infected, thus it will not let you access the file. If you are certain that these files are Virus free (run a manual scan just in case) then run the following query:
   
   UPDATE AllDocs
   SET VirusStatus = null
   WHERE (VirusStatus > 0) and (VirusStatus is not null)
   
   
6. You may also want to remove the VirusInfo as well since it usually contains a message saying the file has been infected or something all those lines (it's not important to remove, but I like to restore everything back to original state), run:
   
   UPDATE AllDocs
   SET VirusInfo = null
   WHERE (VirusInfo is not null)
   
   
7. After this is done, you will be able to access the files again. You MAY have to reboot your MOSS server and SQL Server if it still does not work even though the status has been cleared.