“Create or Extend Web Application" link missing in Central Admin

Here is a strange one for you – I was setting up a new virtual machine today. I went with 64-bit Windows 2008 R2, SQL 2008 and MOSS 2007 patched up to the April 2009 cumulative updates (12.0.0.6318)

Everything had gone pretty smooth until I went in to create a new Web Application in Central Admin. Lo-and-behold, the link was missing. Hmm, seen this one before, so I got out my favourite search engine and found a recommendation to run Internet Explorer with admin permissions. This seems to have fixed most peoples problems, but not mine.

After a number of futile attempts I noticed that the computer date format was mm-dd-yy. I’m in Australia, so I prefer dd-mm-yy. I updated the Format and Current Location regional settings via the control panel and I kid you not, this fixed it!

Trust me, I understand if you are sceptical, I still don’t understand how this would affect the visibility of certain links in Central Admin. I would be curious to hear if anyone else experiences the same problem and resolution.

SQL Service not starting – error codes 17182, 17826, 17120

I had a very frustrating issue with a WSS environment recently. This was a single server deployment, using WSS, the Windows Internal Database (a special edition of SQL Express 2005). Things had been going well until one day the Windows Internal Database service stopped working. Browsing to the web site would result in a "Cannot connect to the configuration database" message.

Trying to restart the Windows Internal Database service failed. The event logs on the server had error codes 17182, 17826 and 17120. The details of these errors were missing from the logs, but I was able to track them down by going to the Windows Internal Database logs at C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\log:

2009-10-21 10:54:21.10 Server Error: 17182, Severity: 16, State: 1.
2009-10-21 10:54:21.10 Server TDSSNIClient initialization failed with error 0x5, status code 0x90.
2009-10-21 10:54:21.10 Server Error: 17182, Severity: 16, State: 1.
2009-10-21 10:54:21.10 Server TDSSNIClient initialization failed with error 0x5, status code 0x1.
2009-10-21 10:54:21.10 Server Error: 17826, Severity: 18, State: 3.
2009-10-21 10:54:21.10 Server Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
2009-10-21 10:54:21.10 Server Error: 17120, Severity: 16, State: 1.
2009-10-21 10:54:21.10 Server SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

Doing searches on the interweb suggested that I re-install SQL Server, as there may be corruption in the registry. Since I was dealing with the Windows Internal database, I didn't really have the option to re-install just that component. Some newsgroup posts suggested looking at what registry entries the database server was trying to access.

My Windows Internal Database was running as the Network Service account. As a quick test, I added this account to the Local Administrators group. I was then able to restart the Windows Internal Database service. This confirmed that my issue was related to permissions. It is definitely not a good idea to give Network Service this level of permissions, so I took it out of the Local Administrators group and moved on to the next stage.

I downloaded Process Monitor from Microsoft. This tool replaces the old RegMon and FileMon utilities. I configured it to filter for Registry events with a Result of ACCESS DENIED. I then tried to restart the Windows Internal Database Service via the Service Manager console. Sure enough, I found that the Network Service account was being denied access to HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MICROSOFT##SSEE\MSSQLServer\SuperSocketNetLib. Why did it no longer have access to this? I have no idea. My suspicion is a Windows Update modified permissions, but I can never prove that in a court of law.

I dropped into RegEdit and granted my Network Service account full control to this registry location. I then restarted my Windows Internal Database service and everything worked perfectly.

SharePoint 2010 Extravaganza

The SharePoint 2010 parties are starting already. Here is an announcement from the Sydney Business and Technology Users Group:

A huge night covering Microsoft’s SharePoint 2010.

Prepare for 2 hours of in-depth SharePoint 2010 and Office 2010 goodness.

Presented by Kathy Hughes (SharePoint MVP), Aaron Saikovski (Senior Consultant with Microsoft Services Australia) and Alistair Speirs (Microsoft Technical Specialist), with a panel question session at the end to ask your questions.

If you can’t make the SharePoint Conference in Vegas (USA) this October, then all is not lost! We are pleased to announce this SharePoint Server 2010 Extravaganza evening.

Whether you’re a seasoned SharePoint Server 2007 user or new to SharePoint, you’ll have the opportunity to learn about some of the new features in 2010 and also to ask questions.

We plan on making the evening a ‘demo intensive’ and interactive one. We’ll cover several functional aspects, including operational, some developer and design/user interface.

We’ll publish further details and agenda, closer to the event. Look forward to collaborating with you on the night!

Time flies when you have daylight savings issues

If you are not keeping up-to-date with your SharePoint patches, chances are you are behind the times in more ways than one. Have you checked the timestamp on a recently created item? Is it out by an hour?

Well, there is no time like the present (plus or minus 1 hour) to start patching. If you need information on daylight savings patches for WSS you can find them at http://support.microsoft.com/gp/dst_prodlist#WSS3

Sydney SharePoint User Group session for October 2009

This month, the Sydney SharePoint User Group is going to be hosting something special for those not making their way to Vegas for the SharePoint Conference. We are going to run a joint event with the NSW Knowledge Management Forum at the Price Waterhouse Coopers building on 201 Sussex Street, Darling Park.

Normally we have a main presenter tell us about some aspect of SharePoint. This time, we are taking a leaf from the Open Spaces/World Cafe events and providing the option for you to talk to other people about topics of mutual interest. Who is going to decide these topics? Well, you are. We would like you to e-mail us your top three topic areas. We will tally the votes and kick off the night with a number of discussions on the most popular topics. You decide which one to sit in on. The topics will change based on the attendee’s preferences to make sure that no dead horses get flogged.

How do you sign up? I’m glad you asked. Because this meeting will be held at the Price Waterhouse Coopers building, any attendee must be on our door list. Simply e-mail Sydney@sharepointusers.org.au with your favourite topics and we will add you to the door list.
The meeting is on Tuesday 20 October 2009. Doors open at 5:30pm for a 6:00pm kickoff.
For more details and a list of suggested topics check out the SharePoint User Group website

Hope to see you there

August Sydney SharePoint User Group - Tuesday 17th

Don't forget, the SharePoint User Group in Sydney is meeting at 280 Pitt Street this Tuesday. This month's presentation is all about organising your company's information. Michael Moore will guide you through such scary buzz words as Taxonomy and MetaData.

I hate it when we have a "Not to be missed" session and I can't make it. This is one of those topics that you won't see covered off in Microsoft online content but is at the core of what SharePoint is aiming to achieve for businesses.

Exclude Hidden Mailboxes from User Profile Import

I never knew this before, but seemingly Exchange allows you to mark certain mailboxes as hidden. This prevents them showing up within the Global Address List when someone is doing a name lookup, for example using Outlook "Check Names" functionality.

With Microsoft Office SharePoint Server you can populate your User Profiles by importing account details from Active Directory. I always use a custom LDAP query as the source for the connection. This allows me to be more specific about which Active Directory entries to bring across to SharePoint. There is a great KB article on the Microsoft Support site on how to set this up - http://support.microsoft.com/kb/827754. This article also describes how to filters out Active Directory accounts that have been disabled.

What if you want to also exclude accounts that have been marked as Hidden within Exchange? Well, the LDAP property that you want to look at is called msExchHideFromAddressLists. This is a Boolean property, so in theory we would just include entries where this property = FALSE. It is not quite that simple though. Since this is an optional property, I suspect that it may not exist for every user object. Therefore, testing that it is FALSE will not always work. Not to worry, just test that it is not TRUE. Logically this is equivalent and it turned out to work in my environment.

This means that the User Filter value from the KB article gets updated to:

(&(objectCategory=person)(objectClass=user)( !(userAccountControl:1.2.840.113556.1.4.803:=2))(!(msExchHideFromAddressLists:=TRUE)))

But the fun doesn't end there! Both Windows SharePoint Services and Microsoft Office SharePoint Server have a People-Picker field. This is the field that you use any time you want to assign an Active Directory user to a field, such as in a Task list. Updating your User Profile query has no affect to what the People Picker returns when you perform a search. There is an STSADM command line query that does help though. Gavin Adams has a good blog post that describes this command. Here is the syntax that you can use to exclude the hidden Exchange mailbox accounts:

stsadm -o setproperty -pn peoplepicker-searchadcustomfilter -pv "(|(!(msExchHideFromAddressLists=TRUE))" -url <intranet site address>

Change the text <intranet site address> to the address of the web site. Do not include the angle brackets.