Friday, April 20, 2012

Powershell - Get-SPSite Owner, Size

Get-SPSite "url" | select url,owner,@{label="Size in GB";Expression={$}} | convertto-csv | set-content test.csv

Friday, April 13, 2012

Design Ideas - Get Latest changes from SharePoint

Requirement: Users need to know new additions, modifications or deletions within a SharePoint site collection during a time range.

Solution options:
1. Use the SharePoint Foundation change log,
2. Query the site collection using SPQuery or SPSiteDataQuery based on Created and Modified columns.

Thursday, April 5, 2012

PS2010 Solution Starter - Unauthorized 401

Couple of tools (Bulk Edit / Import) in the Project Server 2010 Solution Starter, do not work in a load balanced environment and result in 401 Unauthorized exception.

Solution: This is due to double hop issue arising out of PSI calls in the code.
Here are the various options,
1. Implement Kerberos on the farm (production solution)
2. Implement AAM to point all requests to one of the servers in the farm.
    - Set up public url in the internet zone.
    - Set up IIS bindings on all servers to point to the 1 server which will server content.
    - IIS reset

*Make sure the project web access application pool account is a project server administrator on the pwa instance.

SharePoint 2010 and Kerberos

Simple cheat sheet to enable kerberos on an existing SP2010 web application configured in Classic Mode and currently using NTLM.

Scenario: Web application host name is and is hosted over http. Pool account is domain\poolacnt

1. Check if there is a SPN existing in current forest as http\ If the spn is not setup for account domain\poolacnt then we will run into a duplication issue. Hence either the existing SPN needs to be removed or a decision needs to be made on the host name.

For W2008 Server use command setspn -q http/

2. Register SPN for pool account using setspn command

3. Configure SP Authentication Provider in central admin

4. In IIS 7 -> Web Site -> Authentication -> Windows Authentication make sure Negotiate is the first option selected. For testing purpose, remove everything from the listbox and add only Negotiate:Kerberos to the list. This will prevent NTLM fallback

5. Use Fiddler, KerbTray and Windows event logs to troubleshoot and make sure kerberos is the authentication mechanism being used.

Issues faced: Due to a duplicate SPN registered with another service account in AD the behavior I experienced was, the web site was repeatedly prompting for user credentials although the credentials were right and eventually returned HTTP 401. Once we removed the duplicate and waited for replication to complete, this issue was resolved.


Wednesday, April 4, 2012

SP2010 Managed Account 20 char limit

If you use an account which has more than 20 chars length while registering managed accounts the below error is returned,

The specified user domain\username could not be found. Some or all identity references could not be translated.