Baltimore SharePoint Users Group - Worst Practices and Administrative Blunders
-
Upload
dan-usher -
Category
Technology
-
view
856 -
download
0
description
Transcript of Baltimore SharePoint Users Group - Worst Practices and Administrative Blunders
#BaltSharePoint #ShareWurst
SharePoint Worst PracticesBlunders We’ve Made Along the Way…
Scott HoagDan Usher
#BaltSharePoint #ShareWurst
who am I?
Infrastructure Consultant with Applied Information Sciences8 years of experience with the SharePoint platform from MCMS 2002 through 2013 todayA lowly developer…They let me build things…
#BaltSharePoint #ShareWurst
who’s that other guy?
Lead Associate at Booz Allen Hamilton8 years of experience with SharePoint going back to adventures with STS 2001 and SPS 2003 to the presentFollows the SharePoint Credo - ADIDASAll Day I Dream About SharePointEnjoys discussions about Claims AuthZ, SmartCard AuthN, Drumming Rudiments & the Big Bang TheoryFascinated by Radio Lab
DanUsher
usher
#BaltSharePoint #ShareWurst
about you
#BaltSharePoint #ShareWurst
rules of the road
Phones silenced, phasers set to stun
Ask questions
#BaltSharePoint #ShareWurst
what this talk is about…
Avoiding ending your day like this…
#BaltSharePoint #ShareWurst
technical challengesAuthentication and AuthorizationExternal Accessibility and ExtranetsSystem Scalability and CachingSearchUsability / Client IntegrationUser Interface Design and BrandingApplication Lifecycle ManagementMigration ChallengesNew Capabilities IntroducedTraining3rd Party Products and Integrated SystemsVariations and Multi-Lingual
#BaltSharePoint #ShareWurst
business challenges
System AdoptionDesign of SystemAccessibility of SystemLack of FeaturesLack of Federation
Business Process ManagementResource Availability and TrainingMulti-Generational Culture DifferencesHosting Solutions – To the Cloud?Mobile, Disconnected and Distributed WorkforcesIT Shops disconnected from Business Users
#BaltSharePoint #ShareWurst
social challenges
What is ‘Social’?Disabling or not planning for OOTB functionality of MySites, Audiences, etc.Information SilosLack of / Too much GovernanceNo planning for structured metadataNot leveraging folksonomy, ratings, etc.Lack of Directory Structure Impacts
Active Directory information (Manager, Reports, etc)Findability of sites, communities and documents
#BaltSharePoint #ShareWurst
external influences
#BaltSharePoint #ShareWurst
typical coding practices
#BaltSharePoint #ShareWurst
more development disasters
Features, Web Part Packs, Solution PackagesScoping of SolutionsSolution Behavior (bin / GAC / Sandbox)Install, Deploy, Retract, Remove
Knowing the differences between a site definition, a web template, and a master page… Branding mattersLack of Documentation
Requirements, Design, Implementation
Disposing of Objects Properly
#BaltSharePoint #ShareWurst
enterprise infrastructure processes
IT Governance & Service Level AgreementCapacity PlanningSystem MaintenanceDisaster RecoveryContinuity of Operations
RTO / RPO / RLO
Sourc
e:
Sean M
cDonough @
spm
cdonough
#BaltSharePoint #ShareWurst
operations and maintenance
Scheduled and Emergency/Unscheduled Maintenance TimeDeploying code without testing in a staging environmentLack of regression pathDisaster RecoveryBusiness Continuity of Operations
#BaltSharePoint #ShareWurst
misconceptions and gotchas
Disaster Recovery “Oops”Recovering across DomainsConsolidating and Migrating
Build NumbersWorkflow History
GovernanceSocial
#BaltSharePoint #ShareWurst
#BaltSharePoint #ShareWurst
site collection issues
#BaltSharePoint #ShareWurst
creating orphans
IIS reset solves all qualmsor so we’d like to think…
During backup of a site collectionThe backup is now invalid
During a restore of a site collectionThe restore will have portions of the site collection and associated webs restored (maybe)
#BaltSharePoint #ShareWurst
permissions management
Removing the SharePoint group that you gave Full Control…Removing yourself from the SharePoint group that has Full Control…
#BaltSharePoint #ShareWurst
publish and approvepublish
I updated myMaster PagePage LayoutStyle Sheetor a number of other assets
And no one can see my changes!
#BaltSharePoint #ShareWurst
the recycle bin
The common misconceptionsThe (cold) truth
“Regardless of whether or not an item is sent to the users' Recycle Bin or to the Site Collection Recycle Bin, items are deleted automatically after the number of days that the server administrator specified in Central Administration.”
Manage the Recycle Bin of a site (Office.com)
#BaltSharePoint #ShareWurst
testing workflows as a deity
Declarative Workflows set to start when an item is created or changed will not execute when logged in as the System Account.Pro Tip: Email-enabled lists will not auto start workflows either, unless…
stsadm –o setproperty –pn declarativeworkflowautostartonemailenabled –pv true
will fix this
declarativeworkflowautostartonemailenabled (Property Reference)
#BaltSharePoint #ShareWurst
deleting the wrong item
I see a hidden Forms folder when using Explorer View. I think I should delete some things in it!
#BaltSharePoint #ShareWurst
tune your analytics
By default, you get 25 months(!!) of analytics dataMicrosoft’s guidance for capacity planning in regards to web analytics isn’t pretty.
Dataset Characteristics Value
SharePoint components 30k
Unique users 117k
Unique queries 68k
Unique assets 500k
Reporting DB data size? 200GB per day
Capacity requirements for the Web Analytics Shared Service in SharePoint Server 2010
73TB per year511TB for 7 years
#BaltSharePoint #ShareWurst
permissive file handling
Users are being prompted to download PDFsEnable permissive file handling for all files in Web Application in Central AdministrationSet specific mime types for a Web Application
> $webApp = Get-SPWebApplication("http://intranet.contoso.com")> $webApp.AllowedInlineDownloadMimeTypes.Add("application/pdf")> $webApp.Update()
#BaltSharePoint #ShareWurst
server blunders
#BaltSharePoint #ShareWurst
running in circles
You’re browsing your site from the server. Or you’re trying to get search to work. Or you’re trying to get a web service to work. Or you just want anything to work….HTTP 401.1 - Unauthorized: Logon Failed and you’ve got a FQDN on your siteKB896861 offers several options
DisableLoopbackCheck or BackConnectionHostNames
DisableLoopbackCheck & SharePoint: What every admin and developer should know
#BaltSharePoint #ShareWurst
pausing IIS
Bring up your SharePoint Products Configuration Wizard on the second screenChecking IIS to see your web applications temporarily paused
#BaltSharePoint #ShareWurst
lost passphrases
Passphrase is no longer known
Managed accounts and auto-password resetsDocument your farm
TechNetCodePlex
> $passphrase = ConvertTo-SecureString -asPlainText -Force> Set-SPPassPhrase -PassPhrase $passphrase -Confirm
#BaltSharePoint #ShareWurst
certificate revocation list
Slow (up to 60 seconds) execution of stsadm and Application Pool recycles
Enable outbound internet access to crl.microsoft.comHOSTS file redirectSet the State registry key for all users who will run a shell or application pool
Edit the machine.config for each server in your farm
<psuedocode>if (!server.HasInternetConnectivity()) {
server.DisableCRLCheck();}
</psuedocode>
Certificate Revocation List Check and SharePoint 2010 without an Internet Connection
SOFTWARE\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
#BaltSharePoint #ShareWurst
installing SharePoint
#BaltSharePoint #ShareWurst
not enough service accounts
We only have a Farm accountManaging passwords is hard
#BaltSharePoint #ShareWurst
primary service accountsAccount Purpose Requirements
SQL Server Runs SQL Server • Domain user account• No rights in SharePoint
Setup Account Installs the bits and performs initial configuration
• Domain user account• Member of Local Admins on each
server in the farm• securityadmin and dbcreator on
SQL instance
Farm Account Used for configuring and managing the farm and runs primary services (e.g. SPTimerV4)
• Domain account• Additional rights are automatically
granted as part of installation (both server and SQL)
#BaltSharePoint #ShareWurst
other service accountsAccount Purpose Requirements
MySites Application Pool
Worker process identity for MySites • Domain user account• Managed account
Content Application Pool
Worker process identity for Content web applications
• Domain user account• Managed account
Services Application Pool
Worker process identity for Service Application Pools
• Domain account• Managed account
Search Service Process
Process identity for SharePoint Foundation (Help) search service and SharePoint Search service
• Domain account• Managed account
Search Service Default Content Access
Used to crawl content specified in content sources
• Domain account
User Profile Import Account
Account used to import (and optionally export) user data from an identity store
• Domain account• Replicate Directory Changes in AD
#BaltSharePoint #ShareWurst
still more service accountsAccount Purpose Requirements
Object Cache Super User
Processes items in the object cache of a web application
• Domain user account• Managed account• Full Control User Policy on target
web application(s)
Object Cache Super Reader
Processes items in the object cache of a web application
• Domain user account• Managed account• Full Read User Policy on target web
application(s)
#BaltSharePoint #ShareWurst
running the farm configuration wizard
Don’t do it.Really, don’t do it. Your GUIDs will thank you!
#BaltSharePoint #ShareWurst
sandboxed solutions…“The sandboxed code execution request was refused because the Sandboxed Code Host Service was too busy to handle the request”
Your ports are blocked internally (TCP 32846)The UserCode Solutions service isn’t runningGPO Policy
RPC Endpoint Mapper Client AuthenticationRestrictions for Unauthenticated RPC clients
Registry Key Exists
Value set incorrectlyHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC
HKEY_USERS\AccountSID\SOFTWARE\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\SoftwarePublishing
#BaltSharePoint #ShareWurst
configuring SharePoint
#BaltSharePoint #ShareWurst
managing managed paths
Don’t create managed paths for URIs that already exist!Both sites exist, but only 1 is accessible
There are limits…
#BaltSharePoint #ShareWurst
trim your (audit) logs
MOSS 2007 audit trimming does not occur automatically
stsadm -o trimauditlog –date 20120502 –databasename SP2010_Content_TRISPUG
#BaltSharePoint #ShareWurst
trim your (audit) logs
SharePoint 2010 works a little better
#BaltSharePoint #ShareWurst
don’t forget the support mechanisms…
#BaltSharePoint #ShareWurst
service management
#BaltSharePoint #ShareWurst
service management takeaways
Determining realistic service level agreementsProviding adequate staffing to meet your end user needsKeeping the end user in mind
#BaltSharePoint #ShareWurst
questions
#BaltSharePoint #ShareWurst
contact
Scott [email protected]: @ciphertxt
Dan [email protected]: @usher