Monday, September 12, 2011

SP1 and June CU installed

Always a challenge to install service packs, and today (after having a snapshot of my new SP installation) I installed, in the following order:
SP Foundation SP1, reboot
SP Server SP1, reboot
Run Config wizard, reboot
Restart USP - worked (but you need to have the farm admin account in Local Admins group)
New snapshot
CU for Foundation, reboot
CU for Server, reboot
Run config wizard
Config wizard failed
Powershell and force upgrade
Config wizard successful
USP - failed to start the service
Knew it!
Found that the FIM (Forefront Identity Manager) groups locally were empty
Added the farm admin account to those groups
Now the USP started
Could run the full sync again
Imported all profiles and imported the AD pictures (thumbnailPhoto property) as well, nice!
Will try to remove the farm account from the local admin group tomorrow and run a full sync
Then find out which of the FIM groups the farm account needs to stay in, one by one
New snapshot
Not too bad.

Unattended service account

I have setup a new SP 2010 server farm this week, and it all went very well actually. But if you use the correct account settings and configure most of the things manually (like the dreaded UPS) then everything should work just fine. There are some messages in the Health Analyzer that needs to be taken care of though, unless you've done this a couple of times. You'll learn :) One of them is if you create some of the service applications that are dependent on the Secure Store, for instance Performance Point or Visio. Then you need to setup an unattended service account.

The warning in Health Analyzer:

If you click on that warning, the following message is displayed:

Go to your Service applications, click on "Secure store service":

You'll get a message saying that you have to generate a key:

Look in the ribbon right above the message, and you have a button called "Generate new key":

You are prompted to enter a passphrase (this will be used for adding new secure store service servers or if you need to restore this service):

Then you are told that there are no target applications in this service, no shit! Let's create one then :)
Click on "New" in the ribbon:

Now add the name of your target app id, for instance "Visio" or maybe the name of your external data source, add a Display name, contact email, target application type (which decides HOW your users should authenticate - as them selves or as a group, I selected "individual") and then just click "Next":

Add the account name and password that connects to the external source. The "masked" means if you wish to mask the characters, and of course we want that for the passwords. Click "Next":

Add the adminstrators of this target application and you are done!
But, later you also need to "Set" the credentials of the users who should have access to this secure store:

Thursday, September 1, 2011

Passed exam 70-667!

I am proud to announce that I passed exam 70-667, configuring SharePoint 2010. Which gives an MCTS title. It was not so hard, some questions were really easy actually. But of course, when you have worked with a product since 2003, you should know some stuff about it!!