Skip to content

Central IL SharePoint Users Group

On Wednesday I had the pleasure of speaking at the inaugural Central Illinois SharePoint Users Group in Springfield. I did a topic called “Do You Know SharePoint.” The deck is built around the idea that there are tons of things about SharePoint that most folks don’t know. We talked about Content Types, Word, and QuickParts (get users to enter metadata without knowing it) and globally deployed site templates – and why they can be valuable sometimes.

With 35 people in attendance for an initial meeting the group is off to a great start. If you’re interested in sponsoring or participating contact Darrin Bishop for more details.

Windows 7, Windows Server 2008 R2, NAS, Samba, NTLMv2, 1326, and Why can’t I get in?

Sometimes my past comes back to haunt me. You see many moons ago in a land far away I wanted to learn about Linux. So I setup a server and ran it. I got to learn all about Samba and the ability to make Linux disks look like they were coming from a Windows file server. Back then I can loosely remember this problem with NTLM and NTLMv2. Windows in whatever flavor that it was didn’t want to talk to Samba unless you hacked the registry. This particular fact was something that I let get buried over by new facts about SharePoint. However, that came back and bit me.

What some folks know is that many of the Network Attached Storage (NAS) devices, particularly on the low to middle of the market, actually run Samba underneath. Such is the case with the Thecus 5200Pro that I have here. I recently installed Windows 7 RC and the Windows Server 2008 R2 RC. Everything was going relatively well and then I realized that neither of them could see my NAS. That’s bad. After some digging I started thinking about Samba because Thecus mentioned that their latest firmware upgrades the Samba version (to a well and truly out of date version of Samba). A bit of digging lead me to a message from Jim Pinkerton where he lays out the details of the issues related to connecting to Samba from Windows. If you want the cliff notes version, you need to set HKLM\System\CurrentControlSet\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 0.

What was my NAS doing when I tried to connect? Bad username or password. (Logon error 1326) Why? Because it didn’t/doesn’t understand NTLMv2 – and Windows was requiring it.

Honestly, I’m going to be very interested to see where this goes. I’m quite curious to see if all of the vendors using Samba for their NAS devices will support Samba.org to get the extra code in it to support all of the things in Jim’s message – or if the project will slowly die because of a lack of support. In the mean time, I’m being a little less secure than I want to be.

Don’t use LocalHost when Developing for SharePoint

In a recent situation with a client I was called into look at some problems that they were having making some web service calls and through a discussion I realized that the URL for the web service was hard coded to use localhost. On the surface this doesn’t look like a problem. You know that localhost will resolve and it will point back to the same server. So what’s wrong?

Well, SharePoint, because of its centralized management of multiple servers in a farm, by default uses host headers to determine which web application that a request should be routed to. A typical SharePoint server farm will have a few web applications (at least the main web application, central administration and a shared services provider.) So what happens when you hardcode a reference to localhost?

Well, on a local development server where there’s really only one web site on port 80 and someone has gone in and manually added an entry into IIS to accept all requests on port 80 — without requiring a host header or requiring local host — everything works magically. However, when you get to a controlled environment which has multiple applications and the IIS entry hasn’t been changed bad things start to happen.

First, the request isn’t answered so someone adds allowing all requests without a matching host header entry to go to the web site. That makes the request physically go to the same server. However, doing this can make authentication information break.

So the second problem that’s seen is that when you try to use the default network credential cache it doesn’t work for the web service. This will either be the NTLM double hop issue or an issue with Kerberos and the application pool being trusted for delegation. Let’s deal with the first situation with NTLM. Essentially for security concerns the credentials supplied by the user on one server can’t be supplied by that server to a second server. I.e. we can’t get off the same box with the credentials. I know you’re saying that localhost isn’t leaving the same box. However, from the perspective of Windows — it might. You see localhost isn’t really that special. It just happens that it’s defined in the hosts file. Other than that it could be some other computer. (In fact you can map localhost to something other than the local computer if you want to — but I wouldn’t advise it.) What Windows sees is a request coming in on one URL (servera, for instance) and leaving on another. that’s a double hop and it’s blocked for NTLM traffic.

If you’re using Kerberos and you’re seeing problems it may be because the application pool account isn’t trusted for delegation (in other words, it’s not allowed to wrap credentials and send them on.) It’s easy enough to trust the account for delegation — but this creates a pretty large exposure area for that account and isn’t generally something that should be the first choice.

So what’s the answer? Simply, pick off the fully qualified host name off the current request and then manipulate the path to get to your web service. If you do this you stay on the same box (in the same application pool/application domain in most cases). This eliminates the double hop issue and substantially reduces the ways that Windows can get generally upset with your application from a security perspective.

So don’t reference your web services via localhost — if you want things to work.

[[ Note: I’ve framed this in the perspective of SharePoint, however, if you’re calling yourself in any application you should do it from the URL the user used when you can. ]]

Article: Creating Your SharePoint Governance Plan

It’s been a while since I’ve written an article but this one at IntranetJournal.com is designed to help people understand the process I go through to work with folks on developing and maintaining a governance plan. It begins:

“One of the most common questions that I get from prospects as I’m talking to them about the creation of a governance plan and process is what does it look like. In other words, there are materials available which describe what should be in a governance plan but there isn’t a ton of guidance on what the process of creating a governance plan and process are.

Unlike a few years ago you now have sample governance plans you can look at, there are articles describing the kinds of things that you need to make sure are in a governance document, and a governance resource center on TechNet.

The goal of this article is something slightly different. The other resources available describe what to create, in this article I’ll focus on the process for creating the plan based on the engagements I’ve been a part of. Rather than a specific step-by-step process, what appears here is a rough framework that you can and should tailor to your unique situation. In the following you’ll also find some insight as to the psychology of putting a plan together as well as the aspects of how we as humans learn and process information.”

The full text is available on our gifts page: Creating your SharePoint Governance Plan

InfoPath Pick Lists and Other

Recently I was trying to build an InfoPath form — with the help of a form designer – -and we stumbled across a pattern that might be obvious for some, but it involves using multiple controls connected to the same spot in the in the data source. For instance, let’s say that you have a city field but you want to help the users fill out the popular cities — but new cities and towns are popping up so you don’t want to have to have an up to date list. So you can do something like this:

You have a drop down list for the cities you know — if they start typing InfoPath will start to locate the city. If they don’t find what they want, they can select an entry from the list, OTHER (Specify). This (because of conditional formatting) will reveal the text box — which is connected to the same spot in the data source. So here’s what happens when they select OTHER (Specify). When they select it the secondary textbox shows up. When they type the value in and exit the field the property is copied into the data source and the conditional formatting for the text field will hide it again (since it doesn’t say OTHER (Specify) any longer). And the drop down list will show the new value.

There is a problem with this approach. It only works for drop down lists that are based on a secondary data source not those where the values have been entered directly into the control. However, worst case you can base the drop down list on an embedded resource.

Why We Build WSPs and Option Explicit

Recently I got called in to look at something by a client and in a part of the process it became apparent that the developer hadn’t created a SharePoint Solution (WSP) to deploy the solution. That and the lack of a centralized Visual Studio project made the problem really hard to find. The conversations were effectively … “Well, we’re going to do that when we’re ready to deploy it.”

This whole thing reminded me vividly of a conversation I had with a developer of mine that happened nearly ten years ago. At the time ASP was the name of the game. It was a huge jump forward from trying to write web applications with CGI-BIN. The problem with ASP pages is that they used VBScript for their development language. VBScript was/is a bad language. It was hard to debug and had all sorts of odd side-effects that you had to learn to expect. One of the really challenging things with VBScript is that by default it allows you to just use variables — they don’t have to be declared. This sounds like a great timesaving features. You don’t have to write the code to declare the variables.

In reality this is a pretty pesky thing. What happens is that you mistype a letter in a long variable name and they don’t see it. When the code EXPECTS that a previous line set a value and it doesn’t happen weird/bad things happen. This particular developer called me over from time-to-time to help him look at problems in his code — I was happy to do it. However, after about the fourth time I had found the issue was that he mistyped a variable name, I was tired of explaining how important it was to use Option Explicit. Option Explicit was a command you could put at the top of your file and among other things it would require variable declarations. The result is that if you do mistype a variable it will generate an error.

His response was that he added Option Explicit at the end of the process — before he turns the code over. Here’s the problem with that thinking — you don’t add Option Explicit because you want to, because it’s a requirement, or because you feel like it. You add Option Explicit at the top of ASP files because it makes your life easier. It saves you hours of debugging on weird issues because a variable name was mistyped. I should say that I did get to the point that where I told him if I ever found another piece of code that didn’t have it — I’d fire him on the spot no matter what. That was finally effective at getting him to help himself. I didn’t end up firing him he left on his own.

Why did this come up? Well, because we build WSPs not because it’s easy. We build WSPs because it MAKES OUR LIFE EASIER. In this situation the problem was that the particular thing showed up in one environment but not in another. That screams to me that there was some sort of a deployment error. If we had a WSP we could have tested it in a few minutes on a blank virtual machine. (Of course the problem wouldn’t have happened in the first place if the deployments were consistent.)

So the next time you’re wondering whether you should start building WSPs at the start of your project — help yourself out and do it. (Repeating for effect… Build WSPs EVERY time.)

Do you know how to leak an exception in SharePoint?

I’ve mentioned a few times that I’m participating in the patterns and practices SharePoint Guidance advisory board. One of the things I raised with regards to exception handling was that some exceptions leak past your try-catch blocks. Does anyone have scenarios they can share where this happens? I know it does it but it’s been so long that I don’t remember the exact circumstances. My email is [email protected].

SharePoint Saturday, Chicago Edition June 13, 2009

I call Chicago my second home. It’s a three hour drive up I65 but it still feels like a second home. I have family there and I seem to get there at least once a quarter. That’s why I’m happy that SharePoint Saturday : Chicago Edition is scheduled for June 13, 2009. Having participated peripherally in the planning process, I know that there are a ton of great speakers that are going to be there including my fellow MVPs Asif Rehmani, Darrin Bishop, Leonard Mwangi, Paul Schaeflein, and Todd Klindt. But wait, there’s more. (Said in my best late night infomercial voice.) Some of my SharePoint buddies, Chris Geier, Coskun Cavusoglu, Mark Miller, Michael Blumenthal, and Tony Lanni will also be there speaking.

I can honestly say that I’m expecting that this will be the best free SharePoint event in the US this year. If you’re within driving distance of Chicago … you want to make a point to make it to the event.

TechEd Online: SharePoint

You may have already seen the SharePoint development panel that several of us (Scot Hiller, Maurice Prather, Todd Baginski, Andrew Connell, Eric Shupps, Todd Bleeker, Matthew McDermott) did at TechEd North America 2009 in Los Angeles, CA. It was a great discussion about software development for SharePoint (48 minutes).

I also sat down with David Hill from the patterns & practices group to talk about the work they’re doing on version 2 of the SPG. It’s 9 minutes.

Of course there’s a ton of SharePoint related content at the conference this week — but most of that requires that you registered for the conference.

Using Word QuickParts to Enter Metadata for SharePoint

For a few years now, I’ve been talking about a technique that everyone can leverage to get metadata into SharePoint — without the users having to do something different than they normally would. I’ve talked about the general principles in the whitepaper I wrote for Microsoft “Managing Enterprise Metadata with Content Types.” That whitepaper is focused on understanding how SharePoint’s search features can be activated for use with the metadata that users enter — and it walks you through a step-by-step process for creating a word document that uses quick parts to enter metadata. For those of you that haven’t seen it, a quick part in Word sits on the surface of the document. When a user enters information into the document, the information is copied into the properties by Word. When the user isn’t hovering over the content, you can’t even tell that the text isn’t just normal text in the document. Take a look at the following which has four QuickParts on it. I’ve clicked in the one for First Name:

The net-net is that this is a quick way to convert a paper form put together in Word into a “smart form” that can be used online.

I’m often asked why I’m not talking about InfoPath. There are a few reasons, not the least of which are the issues with getting InfoPath to play nice with my content types on SharePoint. However, the other reality is that not everyone can use InfoPath. Either it’s not installed, licensed, or it’s not licensed for Forms Services on SharePoint. The final reason is because most folks know that InfoPath is SUPPOSED to handle data. It’s assumed that you can copy properties to SharePoint and back. InfoPath is much more powerful and is essential when you need a one-to-many relationship in the data. Forms like expense forms are much better in InfoPath than Word. However, there are a ton of forms, like vacation requests, which don’t need the one-to-many relationships that InfoPath would provide. It’s easier to teach end users one (or two) new things about Word documents and get forms than trying to push them into a new forms technology.

Historically, the problem with using Word documents has been that the techniques outlined in the whitepaper was only shown through the UI. I hadn’t shown how to bundle the work that was done in the Web UI into a deployable content type via a WSP package. I first started demoing this at TechEd EMEA November 2008, however, the approach I was using had a problem. You still had to upload the template after deploying the content type because of a defect (confirmed) in SharePoint. The short is that SharePoint was mangling the document when the content type was associated. However, with the help of some friends in customer support we’ve got a work around.

Typically when I’m creating content types from content types I’ve developed in the UI, I use Andrew Connell’s WCM STSADM command extensions and then strip a few things. His tools extract the exact XML in the definition of a site column. This includes the attributes for Version, StaticName, and SourceID. These aren’t attributes that should typically be set. Version isn’t supported at all, StaticName is only for the office clients, and SourceId is supposed to be set by the framework to the feature that created the field. SourceId is supposed to help you work back to the feature that created the fields. Well, as it turns out if you set this field to be the same as the sourceId for the fields that you added in via the UI, SharePoint doesn’t mangle the document template. (So leave the sourceId in — for this case only).

With this new piece of data you can create the form in the UI using the method in the whitepaper, extract the site columns and content type, create a feature for the site columns and content type, create a feature to deploy the template, and deploy them in a WSP.

There is one remaining issue. One of the things designed to help users enter metadata gets in the way. The Document Information Panel (DIP) is designed to help users remember to enter metadata. It is displayed when the user creates a new instance of a document. There isn’t a way to suppress this out of the box. Even if you go in and set a macro on the template to hide the DIP it won’t work — because the DIP is loaded asynchronously and is displayed after the AutoNew macro in Word. I believe it should be possible to create a DIP that does nothing but close itself, however, I’ve not had a chance to test it. For now, I’ve just been telling people to close the DIP manually. The DIP can definitely take up some screen real estate if you don’t.

If someone develops a technique for creating a DIP that closes itself send me an email and I’ll link to it from here.

Recent Posts

Public Speaking