Ran into an interesting problem today. On an anonymous, public SharePoint 2013 internet site, public documents of the Office or PDF type were prompting for authentication. The PDF authentication prompt in particular puzzled me; then I remembered that the April 2013 CU for SharePoint 2013 enabled WOPI support for PDF documents. This indicated to me that I should treat them as Office documents in my troubleshooting.
There is an old SharePoint issue with ‘OpenItems’ permission not being granted to documents in sites with anonymous access turned on at the root site level. Once I realized that the PDFs were being treated the same as Office documents, I realized there was a good chance this was the cause. Three PowerShell commands later, and the issue was resolved.
You can add the required ‘OpenItems’ permission to the site as follows:
(Open the SharePoint Management Shell as the Farm Administrator)
$Web = Get-SPWeb http://www.yoursite.com
$Web.AnonymousPermMask64 = "ViewListItems, ViewVersions, Open, ViewPages, UseClientIntegration, OpenItems"
I have been intending to put together a post for sometime now on
virtualization, and how it impacts the small business market, ever
since I first obtained access to a pre-release version of Server 2012.
However, I have been so busy that I have not had the time to put one
together until now.
Virtualization has been viewed as some sort of higher-level
infrastructure component by the small business market. The assumption
is that it requires more expensive hardware and expertise to implement
and maintain, and these are costs the average small business tends to
avoid if possible. However, Windows Server 2012 has changed that
paradigm, and I’d like to talk about how I see virtualization becoming
an integral piece of small business infrastructure implementations,
and some of the approaches I’ve taken.
Virtualization is important to small businesses because it allows for
higher availability, and an abstraction of the server from the
hardware (hardware being a significant expense in this market). If the
hardware fails, the server can be spun up on another host while
budgetary constraints and/or support can be worked out. In addition,
licensing allows an increased efficiency in the hardware the business
already owns, allowing for more capabilities out of the same physical
The primary perceived barrier is cost of entry. Licensing is perceived
as being expensive, and hardware requirements for servers are
perceived to be higher than necessary. In addition, some of the more
desirable attributes of virtualization like High Availability and
Failover have required expensive shared storage units.
Windows Server 2012 addresses the cost of entry in several ways. The
first is licensing. A single license of Server 2012 Standard entitles
the owner to two virtual machines on that host. This is essentially
two workhorse servers for the price of one, plus the underlying host
OS/hypervisor for free. Server 2012 Datacenter provides unlimited VM
server OS licenses. Or perhaps a client doesn’t have Software
Assurance and/or doesn’t want to purchase new licenses; Server 2012
Hyper-V Server is free, and provides the same virtualization
capabilities as the Standard and Datacenter versions.
The second way that Windows Server 2012 addresses the cost of entry
into the virtualization market for small businesses is both the
increased performance on existing hardware (compared to Server
2008R2), but also the introduction of SMB 3.0 with application tier
share support. This means that with a Server 2012 SMB server, you can
use that SMB share as a poor man’s version of a SAN or DAS shared
storage unit. So for the cost of a few additional drives and/or a new
server, you have a storage share suitable for High Availability &
Failover Clustering, all for the cost of a few thousand versus the
$20,000-$50,000 for a SAN or DAS unit. This is a very affordable way
for the small business to get clustered file storage, and be able to
take advantage of HA & FC.
All this is great: Server 2012 is cheaper licensing-wise, I can fit
more virtual servers on one box, I can get a cheap file share and use
it for High Availability and Failover Clustering, but where does one
start taking advantage of these capabilities? I have a few thoughts
and experiences on this.
A great place to start is to capture the client’s server into a VHD
file using an excellent utility called Disk2VHD. This executable
leverages the Windows VSS writers to snapshot the hard drive as is,
and dump that snapshot into a VHD file. One thing to bear in mind is
that you will essentially be booting this server up into ‘new
hardware’. This means you will need to document the IP configuration
of the server, because it will use DHCP on ‘new’ NICs.
Once the ‘image’ of the server in question is in your virtual hard
drive, you can then enable the Hyper-V role on the server host (if
you’re running Server 2008, 2008 R2, or 2012). You might want to give
the host a new NIC IP configuration. Disconnect the host from the
virtual network, then rename the server host and disjoin it from the
domain (this leaves the entity in Active Directory). Then create a new
virtual machine in Hyper-V manager, using your newly captured VHD
file. Boot up the VM and fix the IPs. Once you validate everything is
working, uninstall unnecessary software from your new virtual host.
You now have the original server running in a Hyper-V virtual
environment on the same hardware!
If a client is running an OS older than Server 2008, I recommend
installing Server 2012 Hyper-V Server into a VHD file on the hard
disk, and then proceeding through the steps I just outlined. This
enables you to run basically a ‘dual-boot’ configuration, without
wiping the disk. If worse comes to worse, you just boot back into the
disk, rather than the native boot into a VHD file for your new Hyper-V
Of course, we haven’t touched on High Availability or Failover
Clustering yet. This post is designed to whet your appetite for the
new capabilities available cheaply to small businesses. If you’re
interested in hearing more, feel free to contact Envision IT by one of
the contact methods listed of our public website at the end of this
Windows Server 2012 virtualization is a hug win for small businesses. Once a
business gets a taste of the free virtualization and HA/failover
features, it is impossible to go back to being without.
Envision IT: http://www.envisionit.comRead More
Have run into an issue with the SharePoint 2013 public beta after upgrading our Hyper-V cluster from Server 2008 R2 to Server 2012. It seems that SharePoint 2013, installed on Windows Server 2012, in a VM that is running on a Server 2012 host, will lock up if the Search Administration component is running. I believe there is some sort of CPU race condition occurring between Windows Explorer, the new Hyper-V integration components, and the Search Administration component. Disabling search crawls did not resolve the lockup issue, but pausing the Search Administration component appeared to resolve it.
To sum up, here is the scenario that I found to cause SP2013 VMs to lock up (tested on 3 different VMs):
- Virtual Host: Server 2012
- VM Operating System: Server 2012
- SharePoint 2013 Public Beta
- Search configured
Pausing the search administration service seems to resolve the lockups, but kind of defeats the purpose of having SharePoint search. This issue did not occur on a virtual host running Server 2008 R2, with Server 2012 as the client OS, SP2013 installed, and search configured.Read More
Just a quick note for those of you using Hyper-V, and attempting to use NLB. You need to turn on MAC Address spoofing capabilities on your virtual NIC for the VM. By default Hyper-V will block incoming requests to the NLB virtual MAC address, because it does not match the actual VM’s virtual NIC MAC address.Read More
Update 3: As per a reply from JBAB on the Technet thread, the problem lies with the default RDP configuration on Server 2008 R2. I had a GPO that was enabling RDP, but when the SCEP client refreshed the policy, the GPO would temporarily be disabled, dropping back down to whatever is set (do not allow) in the registry. This can be resolved by setting HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Control->Terminal Server->fDenyTSConnections to 0. I pushed this registry change out via another GPO, and haven’t seen any problems since.
Update 2: I have started this Technet Forum thread here 1.
Update 1: disabling NIS didn’t fix it.
I deployed SCCM 2012 RTM to our environment last week, after having run the RC successfully for a while. Since then, there have been a number of dropped RDP sessions to our servers. They occur at random intervals, and there are no errors reported in the event logs.
On further investigation, I discovered that the disconnects were occurring at the instant the Forefront Endpoint Protection client updated the Default Antimalware Policy. I’ve turned off the ‘Behavior Monitoring’ and ‘Protection Against Network-Based Exploits’, under the ‘Realtime Protection’ tab. Things appear to be stabilizing.
I suspect that it is the protection against network-based exploits feature (which uses the Network Inspection System) that is causing this. It’s caused me grief in the past with Forefront TMG, and doesn’t appear to be that much better in SCEP.
I encountered an issue with SCVMM 2012 RC console crashing repeatedly. After further investigation, I discovered that it had previously been configured to point to an RC install of SCOM 2012. This install had been replaced with an RTM version, and no longer had the VMM connection details on the SCOM server. Changing the VMM server hosts file to point the SCOM name to itself allowed me to open the console to reconfigure.Read More
If you, like me, have been attempting to get SCCM 2012 installed in your lab environment, you may have encountered the error ‘Failed to create machine certificate’, and been unable to proceed. In my case, I was attempting to install against a default install of SQL 2012. SQL 2012 defaults to creating local ‘Network Service’ accounts for each of the SQL service accounts. Changing the MSSQLSERVER service to run as a domain account resolved the error.Read More