Posts by weskroesbergen

Sharepoint 2010 UPS/FIM Error

Posted by Wes Kroesbergen on Aug 28, 2011 in General, Technology | 0 comments

Stumbled across an interesting issue the other day while provisioning a brand new Sharepoint 2010 SP1 install on a fully patched Windows Server 2008 R2 box. Everytime we tried to run User Profile Sync, it would fail with the error below being registered in the FIM console.

extension-dll-exception

Cause

Figured out that the error is happening due to .Net Framework 4 being installed, and FIM attempting to use .Net 4 instead of .Net Framework 2. This is a new issue that occurred in the June 2011 CU for Sharepoint 2010, and unbeknownst to us, the June CU was re-released to fix it. We were still utilizing the original June CU.

Resolution

This issue can be fixed by either installing the latest version of June CU, or by following the steps below.

1. Open

   C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Bin\miiserver.exe.config

   for editing.
2. Locate the below section:
   
   

   <startup useLegacyV2RuntimeActivationPolicy="true">
     <supportedRuntime version="v4.0.30319"></supportedRuntime>
     <supportedRuntime version="v2.0.50727"></supportedRuntime>
   </startup>

3. Delete or comment out the reference for the .NET v4 version. Like this:
   
   

   <startup useLegacyV2RuntimeActivationPolicy="true">
     <!-- <supportedRuntime version="v4.0.30319"></supportedRuntime> -–>
     <supportedRuntime version="v2.0.50727"></supportedRuntime>
   </startup>

   or
   
   

   <startup useLegacyV2RuntimeActivationPolicy="true">
       <supportedRuntime version="v2.0.50727"></supportedRuntime> 
   </startup>

4. Restart the two FIM services in the services console.
5. Run the sync again.

Configuring SP2010 User Profile Sync Connections

Posted by Wes Kroesbergen on Aug 20, 2011 in General, Technology | 0 comments

Stumbled across an interesting issue/fix the other day. We have a Sharepoint 2010 RTM development farm that gives us grief every once in a while during reconfiguration of User Profile Sync. When trying to connect to AD during initial configuration, it would sometimes timeout and throw an error, and other times return the query right away. I discovered that after importing the root CA’s certificate into the Trust Centre, the LDAP queries to our Server 2008 R2 DC would return right away. I checked all the GPO’s, and none of them were misconfigured in regards to LDAP signing requirements. Perhaps this is an error in SP2010 RTM that has been fixed in a later version of Sharepoint? I will have to do some testing with our SP2010 SP1 farm.

Notes on SCCM 2007 R3/FEP 2010

Posted by Wes Kroesbergen on Mar 19, 2011 in Technology | 2 comments

This is a just a summary of troubleshooting notes from the installation and initial configuration of SCCM 2007 R3. SCCM 2007 R3 is quite possibly the worst install procedure I’ve ever experienced, starting right from initial download of the software. SCCM 2007 R3 ships in two ISO’s, a 1.4GB file, and a second 25MB file. The first large download contains SCCM 2007 SP2… the second contains R3. In order to apply R3 to your SCCM install, there is an interim hotfix that must be applied first. A completely horrendous affair all-in-all.

SMS_MP_Control_Manager errors:

Navigate to %windir%\\System32\\inetsrv\\config\\schema, take ownership of webdav_schema.xml,  remove the readonly attributes, and edit them to these:

attribute name=”allowAnonymousPropfind” type=”bool” defaultValue=”true”
attribute name=”allowInfinitePropfindDepth” type=”bool” defaultValue=”true”
attribute name=”allowCustomProperties” type=”bool” defaultValue=”false”

If issues, still exist, and your authoring rules are correct, try removing WebDAV, rebooting, re-installing WebDAV.

Clients not talking to server:

• Is the client push installing? If not, check WMI is enabled on the client firewalls
• Are site boundaries defined?
• Is the install flag cleared?
• Is a sitecode defined in your AD schema? If so, are the clients picking it up? Sometimes your clients may appear to have a site code assigned (from the SCCM console), double-check on your client machines to be sure they are actually picking it up. If this has occurred, please see the following note.
• Are you using a GPO with the Configuration Manager ADM template to control the site code? If so, be aware that it works by applying a registry key (also considered a preference, so it’s stickied unless you explicitly define a removal policy for it). This registry key defaults to an x86 portion of the registry. The actual key for an x64 machine is located elsewhere, and needs to be defined in the following key:

‘HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\SMS\\Mobile Client\\AssignedSiteCode’

I recommend pushing this registry key out by GPP in one of your GPOs, and then initiating a re-install of the SCCM client on the machines affected.

WSUS MP issues:

1. Remove WSUS, delete the existing database.
2. Remove WSUS component from SCCM.
3. Reboot server. Re-add the WSUS role. You may have to manually download WSUS with SP2 from Microsoft Download Center if you are encountering errors re-adding the role. Do NOT configure the WSUS role when re-adding.
4. Re-install WSUS component in SCCM.

Forefront Endpoint Protection 2010 installation on SCCM failing:

When installing FEP2010 on SCCM, you may be hit with an error just before installation completion that ‘Setup was unable to create unknown machines. 0×80070003‘, and/or that sms_def.mof couldn’t be updated. This occurs because the FEP2010 setup is looking for the x86 Program Files directory for one of the last steps, and not using the default Program Files directory on an x64 machine.   To resolve the first error, do the following:

1. Manually create this folder structure:  Program Files (x86)\\Microsoft Configuration Manager\\inboxes\\auth\\ddm.box  (give folder same ACL’s as is on existing installed directory)
2. Run R2 setup again. When install completes, copy the two DDR’s from the C:\\Program Files (x86)\\Microsoft Configuration Manager\\inboxes\\auth\\ddm.box and place them it into the “C:\\Program Files\\Microsoft Configuration Manager\\inboxes\\auth\\ddm.box” (where SCCM is actually installed):
3. Once the DDR’s processed the R2 installation should succeed.

To resolve the error about sms_def.mof not updating, do the following:

1. Manually create C:\\Program Files (x86)\\Microsoft Configuration Manager\\inboxes\\auth\\clifiles.src\\hinv
2. Copy C:\\Program Files\\Microsoft Configuration Manager\\inboxes\\auth\\clifiles.src\\hinv\\sms_def.mof to the folder you just created
3. Re-run FEP2010 setup and then copy C:\\Program Files (x86)\\Microsoft Configuration Manager\\inboxes\\auth\\clifiles.src\\hinv\\sms_def.mof back to the original Program Files path.

SCVMM 2008 R2 Network Library Issues

Posted by Wes Kroesbergen on Mar 13, 2011 in Technology | 0 comments

This past week I encountered an interesting permission issue while adding a software share to a library in SCVMM. What made this issue interesting was that there was already a share from this particular server added to the library. Network sharing permissions appeared to be set the same on both the existing network share and the share I was trying to add as a library to SCVMM. I could browse the share manually, but attempting to add to SCVMM spat back an access denied error. So I checked the local NTFS permissions. Everyone had Read permissions, the SCVMM server computer account had Full Control, System had Full Control, and Domain Administrators had Full Control, so there didn’t appear to be anything wrong with the permissions.

On the existing SCVMM share, I noticed that it had the local Users and Administrators groups added to the NTFS permissions. After adding both these to the ACL on the share I was trying to add, SCVMM was able to add the share. I’m assuming this is related to how the SCVMM agent operates.

So, if you’re having issues adding a network share to an SCVMM library, check the local NTFS ACL, and try adding the local Users and Administrators group to the folder.

Thoughts on Apple’s iPad 2 event

Posted by Wes Kroesbergen on Mar 2, 2011 in Technology | 0 comments

I think Apple designed the iPad 2 to target the reading consumer. The thinness and apparent feel (as well as the new cover) strike me as targeting the magazine feel.

I could be wrong, but it looks like they’re enabling home WiFi streaming via Home Sharing in iOS 4.3 and iTunes. This is something I’m definitely excited about.

Watching some of the Engadget videos I must say the new device looks fast as hell. I didn’t think they could make iPad 1 look slow, but watching those videos I get the feeling that my iPad lacks some of the power and speed of the new ones, particularly in regards to real-time media editing in the Photo Booth application.

Speaking of movie editing, it looks like they’re really targeting home media production with this new device. Those new movie/audio apps, the HDMI out, and AirPlay turn iPad into a powerhouse for media generation.

I appreciate and agree with Steve’s comment near the end. “Our competitors are looking at this like it’s the next PC market. That is not the right approach to this. These are post-PC devices that need to be easier to use than a PC, more intuitive.” An important distinction in mentality I think. The PC market was for reasonably tech-savvy people, or people with reasonably tech-savvy relatives. The tablet/post-PC market is a new generation, one where anyone can pick one up and being computing. There’s no fear of technology, just something that stimulates curiosity.

Those are my thoughts for now. I won’t buy one now as the only benefit I get is the new form factor and Facetime communication. The speed is not something I need at this point since I don’t produce home movies or audio. However, while it’s not a jaw-dropping new product, it is definitely a quality upgrade to the product line.