Category Archives: Applications

The apps we use day in and day out.

SharePoint Crawling User Profiles (SPS3://) – Access Denied w/o HTTP

I stumbled across an interesting issue with People Search in SharePoint 2016. I was attempting to crawl the user profile store with URL: sps3://server-name and getting Access Denied in the crawl log. I checked the Administrators for the User Profile Service in Manage Service Applications and confirmed my default content access account (crawl account) had access to Retrieve People Data for Search Crawlers (see here).

Looking at the ULS I noticed errors about missing Alternate Access Mappings for an HTTP address, before seeing the Access Denied error. This caught my eye because I’ve configured my collaboration web application and my-site host as HTTPS.
For kicks, I added an IIS binding for HTTP://SERVER-NAME and added an AAM for the server name on HTTP, alongside my HTTPS FQDN. Lo-and-behold, after starting a full crawl the log reported successes for people data.

So, it appears that SharePoint takes the URL sps3://server-name and converts it to http://server-name to make some determination of access to the User Profile store. I’m not sure why this is the case (not yet anyway).

Lesson learned (for now): make sure SharePoint’s default content access account can access the same domain URL on HTTP as that of the SPS3 protocol. As mentioned at the top of this post, I found this out on SharePoint 2016, and I need to test to see if the results are the same on SharePoint 2013.

[Update 5/13/2016]: Turns out I should read the TechNet articles carefully. The following article indicates using sps3s://mysite-url, which then works correctly.

https://technet.microsoft.com/en-us/library/hh582311.aspx?f=255&MSPPError=-2147217396

Apple Music, iTunes Match, iCloud Music, yada, yada, yada

With Apple’s recent roll out of Apple Music it’s generated a lot of confusion from consumers. I’ve lost count on the the number of blog posts I read that attempt to explain the nuances between Apple Music, iTunes Match, and iCloud Music Library.The following article is a good read…

http://www.imore.com/itunes-match

So, why am I added the the list of blog posts on this subject? More for my own sanity, but also to provide my own perception of these Apple services and what they mean to consumers.

Apple Music

If you’ve used Spotify, Beats Music, Xbox Music, or any one of the myriad of streaming music services, Apple Music should come as no surprise. AM is a streaming music service that allows consumers to stream any music available in Apple’s iTunes music store to Apple devices. Apple will soon offer the service to Android consumers.

Similar to it’s competitors, AM is available to consumers for the monthly fee. $9.99 (in the US, other countries have different prices) for an individual account and $14.99 for a family plan.

The idea of AM is that you can listen to music anywhere you have Internet, or download music for offline listening, create playlists in the iOS music app and within iTunes on the Mac. Siri understands requests to play a particular genre, artist, track, album, or year of music, which my children love in the car. What makes AM appealing (to me at least) is the ability to listen to AM music songs alongside my purchased music songs in the same playlist on all my Apple devices. AM standing alone makes perfect sense, but it’s the existence of other Apple music services that’s causing some confusion. Read on…

iTunes Match

iTunes match was revolutionary when Apple first introduced it. Previously, service providers, like Google, had the ability to upload your music to cloud servers to allow streaming on the go. The majority of us settled for carrying around iPods with large storage or a subset of our music library on what storage we had available on a portable device. I remember the painful experience of keeping copies of my music library on multiple Apple devices and Windows PCs so I could listen to the same music in the office, at home, and on the bus. Google music required I use their HTML5 player, and I didn’t like that.  iTunes Match changed everything for me.

iTunes Match is a service costing $25 per year, allowing iTunes to scan your media library (on a Mac or PC) and match songs found in the iTunes Music Store. Matched songs are then available to consumers to play on any iOS device and within iTunes on the Mac and PC as long as you have an Internet connection. Even though an original song exists on your Mac at home, you can play the same song on your office Windows PC (using iTunes) or on your iPhone via the music app. What about those eclectic songs that you own that do not reside in the iTunes Music Store? Simple, iTunes uploads them to some private space in Apple’s cloud so you can download and play them on other devices.

iTunes Match is different to Apple Music in many ways, but predominantly:

  • iTunes Match only matches music you already own, whereas AM allows you access to all music in the iTunes Music store.
  • iTunes and the iOS music app downloads matched songs in full, before allowing you to play them (at least that was the way it was before iTunes 12.2 and iOS 8.4).
  • Apple Music streams songs in the same way that Pandora and Spotify do.
  • Apple Music tracks are DRM encoded, iTunes Matched songs are not.

Now that Apple Music is here, do I need iTunes Match? This is a question asked by many, and the answer isn’t simply yes or no. It really depends on your intent to own your own music or not. If you’re paying for AM each month and do not plan on cancelling the service any time soon, there is no good reason to pay the yearly iTunes Match fee in addition. As long as you keep up with your AM subscription, all songs in your music library will remain as long as they’re available in the iTunes Music Store. I cannot say for certain, but I have to believe that when my iTunes Match subscription ends, all those previously “matched” songs will either remain as such, or convert to “Apple Music” songs. We’ll find out soon as AM subscriptions gain longevity and iTunes Match subscriptions lapse.

BTW, it’s worth my mentioning that signing up for Apple Music will not cancel your iTunes Match subscription. I had to cancel mine manually via my account page – see instructions here.

If you’re an iTunes Match subscriber and have decided to take advantage of Apple Music 3 months free trial, and are not sure you plan on subscribing to AM full time, I recommend you do not let your iTunes Match subscription lapse. Assuming you have your original non-DRM files downloaded somewhere in iTunes, you can always go back to the yearly $25 model and continue to match those songs you own. Those AM songs you don’t own will stop working because of Apple Music DRM. As long as your Match subscription is active you should be able to continue listening to the music you do own on all Apple devices. On the other hand, cancelling both AM and iTunes match means you’ll lose all cloud music access and can only play songs which you have stored locally and DRM-free.

Now, if you’re diligent (read: anal), like me, you’ll most likely have a tidy back up of all your original ripped music (from CDs you own, right?). In the event that both your Apple Music and iTunes Match subscriptions lapse, you should be able to go back to the originals.

Some took the brave step of deleting their originals after signing up with iTunes Match. Some haven’t paid much attention and their library consists of both locally downloaded songs as well as cloud only matched songs (especially if you haven’t played them recently). Those with multiple devices may have local music on one device and not another – it’s hard to tell. My recommendation is to backup any and all locally downloaded songs, via iTunes, while you’re still subscribed to iTunes Match. This way you’ll at least have music you own DRM-free somewhere. Those AM music tracks that you never purchased will disappear (and not play if you have a local DRM copy available).

iCloud Music Library

I left the best to last… if you’ve signed up to use Apple Music, iTunes probably (should have) gave you the option to switch over to iCloud Music Library. Here is another helpful link. What’s this, a third service from Apple for music? Sort of…

The best way to get this mismatch of Apple Music Services straight in your head is to consider Apple Music and iTunes Match as “services” and iCloud Music Library as a freebie add-on for AM subscribers. After all, AM and iTunes Match are paid subscription services in their own right, which you can opt in or out. iCloud Music Library is an extra feature available to those signed up with Apple Music.

iCloud ML is exactly what the name says it is – it’s your iTunes Music Library stored in the cloud. Long-time users of iTunes Match are probably screaming at this blog post and saying that is what they’ve been using all along and they’re partially right. iCloud ML aims to replicate your iTunes Music Library across all Apple devices and include match, non-matched, and Apple Music songs in all playlists. iTunes Match would not sync playlists that contained non-matched and non-uploaded songs. Personally, I think Apple took this feature from iTunes Match and made it available to AM subscribers so AM subscribers could cancel iTunes Match without losing non-matched local music in the cloud.

Unfortunately, iCloud ML has gotten bad press since the roll out of Apple Music. If you look at the slew of complaints since the roll out of iOS 8.4 and iTunes 12.2, most are about iCloud ML and not the actual AM service. From what I can tell, people migrating from other music streaming services to AM continued their life without issue (except for recreating their favorite playlists in the new AM service). However, those that manage their own Matched music libraries in iTunes were very upset when iCloud ML started monkeying with their music libraries. There were lots of complaints of missing songs, missing artwork, incorrect song metadata, changes to the playlist not replicating to all devices… the list goes on. Apple recently pushed an update to iTunes – 12.2.1 to address an issue where Apple classified matched songs as DRM Apple Music songs in version 12.2.

To clarify – you do not need to switch over to iCloud Music Library if you’re an Apple Music subscriber. In fact, if you’re untrusting of Apple’s recent roll out, then I’d recommend not opting into iCloud ML. In this case, you’ll be able to listen to AM songs on all your devices and see AM playlists, but your local music will remain local. I still have time left with my iTunes Match subscription so cannot determine if opting out of iCloud ML will eradicate my “matched” tracks if I have AM turned on without an iTunes Match subscription active.

I took the plunge with iCloud ML and made sure I had a back up of my original MP3 and AAC files. I came from an iTunes Match subscription, which I cancelled the automated billing shortly after taking the plunge with AM. I’m curious to see what will happen to my “matched” songs once my iTunes Match subscription lapses – hopefully they’ll stay DRM-free, but I’m not too bothered knowing I have my originals and plan on staying with AM for the immediate future.

Something I found out of late, and I’m not sure if Apple is addressing it, is that iCloud ML and Apple Music appear to impose request throttling. In non-techie terms – iTunes and iOS can make a finite number of calls to the AM and iCloud ML servers within a period of time (I’m not sure how many requests or the window of time). This, like most web services, prevents denial of service attacks by malicious applications flooding a service with too many requests. The upshot of this is that I found I hit the throttle limit easily when making mass changes to my iTunes Music Library with iCloud ML enabled. I spent an hour “loving” tracks in my library so that AM would produce better curated playlists and recommendations, after which I’d lose connectivity to AM and iCloud ML. It was quite frustrating.

Summary

To summarize… Apple Music and iTunes Match are two different Apple Cloud services. You do not necessarily need iTunes Match if you’re an AM subscriber, but might want to go back to Match if you cancel your AM subscription – in which case keep back ups of your original and matched DRM-free downloads.

iCloud Music Library is a bit of a cluster-**** at the moment and it appears that Apple is making strives to fix it. iCloud ML works for me (after hours of tinkering) but if you’re proud of the many hours invested in your iTunes Music Library, you may not want to let iCloud ML run rampant over it just yet.

Bulk Check In for SP2010 Files with No Version Info

SharePoint best practice is to disable “require check in” on document libraries before doing a large bulk import of documents. I received an email from a customer last week, who had not followed this best practice and had over 35,000 documents checked out, which no one but he could see.

Unlike checked out documents with previous check in version(s), a newly uploaded document is not visible by anyone but the person who uploaded the file, even administrators. Fortunately, SharePoint provides a way for an admin to take ownership of these documents via “Manage checked out documents” in the library settings. However, when dealing with a document count that exceeds the default threshold of 10,000, SharePoint returns an error. Temporarily increasing the threshold gets around the error, but then the user interface becomes intolerably slow.

Even after taking ownership, then there’s the task of bulk check in, which is again, a slow process via the UI for large item count document libraries. What I wanted was a PowerShell script to both take ownership of the documents and then check them in. Below is the server-side script I created….

Note: I had to use server-side and not client-side PowerShell because CSOM does not expose checked out files method. The script was tested on SharePoint 2010.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue;

function BulkCheckIn {
param([Microsoft.SharePoint.SPFolder]$folder);
$folder.Files | ? { $_.CheckOutStatus -ine "None" } | % {
Write-Host $_.ServerRelativeUrl;
$_.CheckIn("Initial check in", [Microsoft.SharePoint.SPCheckinType]::MajorCheckIn);
}
$folder.SubFolders | % { BulkCheckIn -folder $_; }
}

$site = Get-SPSite http://mysitecollection/;
$web = $site.OpenWeb('subsite/subsite');
$lib = $web.Lists['Documents'];
$lib.CheckedOutFiles | % {
Write-Host "Processing $($_.Url)";
$_.TakeOverCheckOut();
}
BulkCheckIn -folder $lib.RootFolder;

SharePoint 2013 List Item Save Timeout

I received a report from a colleague today that he was getting timeout errors after clicking the save button on a list item edit form. Initial testing of web head performance showed no issues and the ULS log only reported timing out during the save.

Taking a deeper look, we established that the list in question had a custom 2013 workflow attached – aha! At the same time, OOTB publish workflows were taking longer than usual to complete.

Next step, we checked on the Workflow Manager log in the event view on each of the machines in our Workflow Manager farm. Lo and behold, we found a critical issue with connecting to the Service Bus on one of the servers. Turned out that all three service bus services were stopped. In checking the other two servers in the Workflow Manager quorum, they too showed stopped SB services.

My guess is that IT had rolled out a patch for Service Bus and not checked to see if the services restarted on each affected server. I believe Microsoft recently released a patch for Service Bus, which may or may not require a server reboot, which could account for the services having stopped and not restarted (expected after a reboot).

So, there you have it, if you come across these symptoms, check your workflow.

Yammer Integrated with Office 365

Yammer has become the popular social network for the workplace. Yammer provides a discrete network for organizations looking to engage in social network activity without giving employee participants free reign to network with individuals outside their organization, such as with twitter and Facebook.
Many organizations have moved their SharePoint farms to Office 365 – SharePoint Online. The cloud provides an attractive alternative to self-hosting expensive SharePoint infrastructure on premises. The latest wave of SharePoint Online – wave 15 – includes the Newsfeed and social networking capabilities, consistent with on premises SharePoint 2013.
The baked-in social capabilities of SharePoint 2013/Wave 15 are pretty awesome, and with the proliferation of the SharePoint Newsfeed app for Windows Phone, Android, and iOS, SharePoint social networking is becoming as ubiquitous as Facebook and Twitter in the mobile-sphere. However, Microsoft has not ignored those organizations that went the Yammer route and use SharePoint Online, as Yammer now integrates with SharePoint Online.
If you log into your SharePoint Online administration portal within your Office 365 tenant and click the settings link, you should see the Yammer integration option at the top of the page. Toggling the Enterprise Social Collaboration from Newsfeed (default) to Yammer, takes about 30 minutes to take effect, after which time users of SharePoint Online see the Newsfeed link replaced with a link to Yammer in the top navigation.

Presently, the integration with Yammer is very loose. The Yammer link in the top navigation redirects users to the www.yammer.com home page, where users can sign-in. Your Organization’s Yammer feed is not yet integrated into your SharePoint Online My Site, and the default Newsfeed remains in place. However, this is just the first phase of roll-out, and Microsoft promises single-sign-on and Yammer feeds integrated into the SharePoint Online user interface in the coming months.

For those that cannot wait, there is a free app that will render Yammer feeds within the SharePoint Online UI, which administrators can download and install from the SharePoint App Store.

My organization – Planet Technologies – uses Yammer (we’re a social bunch), so I am quite excited for the next phase of Yammer integration, which will bring Yammer and SharePoint Online together seamlessly.

SharePoint Authentication and Session Management

What is authentication?

1. A security measure designed to protect a communications system against acceptance of a fraudulent transmission or simulation by establishing the validity of a transmission, message, or originator.
2. A means of identifying individuals and verifying their eligibility to receive specific categories of information.

Authentication is essentially the process of validating a user is who they say they are, such that they can gain access to a system – in this context, the system is SharePoint. Authentication is not authorization, which is the process in determine if a known user is permitted access to certain data in the system, after successful authentication.

SharePoint, much like any content management system, relies on user authentication to provide user access to secured content. Pre-SharePoint 2010, SharePoint relied on NTLM, Kerberos, or basic (forms-based) authentication protocols (their discussion out of scope of this text). SharePoint 2010 introduced Claims-based-Authentication (CBA), also present in SharePoint 2013. CBA consists of authentication abstraction, using a Secure Token Service (STS), and identification of users with multiple attributes –claims – not just the traditional username and password pair.

A Secure Token Service implements open standards. A typical STS implementation communicates over HTTPS, and packages user identity information (claim data) via signed and encrypted XML – Secure Assertion Markup Language (SAML). Examples of STS implementations are the STS engine in SharePoint 2010/2013, ADFS, and third party applications build using the Windows Identity Framework.

SharePoint Session Management

A user session in SharePoint 2010/2013 is the time in which a user is logged into SharePoint without needing to re-authenticate. SharePoint, like most secure systems, implements limited lifespan sessions – i.e. users may authentication with a SharePoint system, but they’re not authenticated with the system indefinitely. The length of user sessions falls under the control of session management, configured for each SharePoint Web Application.

SharePoint handles session management differently, depending on the authentication method in play (Kerberos, NTLM, CBA, Forms, etc.). This article discusses how SharePoint works with Active Directory Federated Services (ADFS) – an STS – to maintain abstracted user authentication and user session lifetime. The following is a sequence diagram of the default authentication and session creation process in SharePoint 2010/2013 when using CBA with ADFS.

The following is a summary of the authentication process, shown in the sequence diagram.

  1. A user requests a page in SharePoint from their browser this might be the home page of the site.
  2. SharePoint captures the request and determines that no valid session exists, by the absence of the FEDAUTH cookie.
  3. SharePoint redirects the user to the internal STS – this is important because the internal STS handles all authentication requests for SharePoint and is the core of the CBA implementation in SharePoint 2010/2013.
  4. Since we have configured SharePoint to use ADFS as a trusted login provider, the internal STS redirects the user to the ADFS login page.
  5. ADFS acquires credentials and authenticates the user.
  6. ADFS creates a SAML token, containing the user’s claims, as encrypted and signed.
  7. ADFS posts the SAML token to the internal SharePoint STS.
  8. The Internal STS saves the SAML token in the SAML Token Cache.
  9. SharePoint creates the FEDAUTH cookie, which contains a reference to the SAML token in the cache.
  10. The Internal STS redirects the user back to SharePoint, and then back to the original requested page.

Session Lifetime

The lifetime of a SharePoint session, when using ADFS, is the topic of much confusion. Ultimately, SharePoint determines whether a user has a current session by the presence of the FEDAUTH cookie. The default behavior of SharePoint is to store this persistent cookie on the user’s disk, with fixed expiration date. Before sending a new FEDAUTH cookie back to the user’s browser, SharePoint calculates the expiration of the cookie with the following formula:

SAML Token Lifetime – Logon Token Cache Expiration Window

The above values are important since they govern the overall lifetime of the FEDAUTH cookie, and hence the session lifetime. The following table describes each value and its source:

Configuration Value Description
SAML Token Lifetime This value, in minutes, is provided by the token issuer – ADFS. In the case of ADFS, each Relying Party configuration (one for each instance of SharePoint farm) has this value as part of the configuration.By default, SharePoint sets the session lifetime the same as this SAML token lifetime.

You can change this value using PowerShell and the ADFS command: Set-ADFSRelyingPartyTrust.

E.g.

Add-PSSnapin Microsoft.ADFS.PowerShell

Set-AdfsRelyingPartyTrust –TargetName “Relying Party Name” –TokenLifeTime 10

Logon Token Cache Expiration Window This value, in minutes, is provided by SharePoint STS and governs how long the SAML token remains active in the cache, and therefore how long the associated user session remains alive. For example, if ADFS sets the SAML Token Lifetime to 10 minutes and this value is set in the STS as 2 minutes then the overall SharePoint session lifespan is 8 minutes.

E.g.

$ap = Get-SPSecurityTokenServiceConfig

$ap.LogonTokenCacheExpirationWindow = (New-TimeSpan -minutes 2)

$ap.Update();

IIsreset

Sliding Session

A siding session is one where the session expiration time changes as a user interacts with the system. By default, SharePoint 2010/2013 does not offer sliding sessions. Each new session expires on a fixed time, based on the aforementioned formula, earlier in this text.

Use of a sliding session does not mean that we must compromise security. Should a user become inactive, a sliding session will timeout just as the fixed session, the main difference that a user can extend a sliding session with continued use of the SharePoint system.

Creation of sliding session requires configuration of the Relying Party in ADFS and the SharePoint Logon Token Cache Expiration. The following PowerShell configures the Relying Party to 60 minutes, which is the absolute maximum time that a session remains active should the user become inactive:

Add-PSSnapin Microsoft.ADFS.PowerShell
Set-AdfsRelyingPartyTrust –TargetName “Relying Party Name” –TokenLifeTime 60

The following PowerShell sets the Logon Token Cache Expiration in SharePoint STS, which forces the sliding session lifetime to 20 minutes.

$ap = Get-SPSecurityTokenServiceConfig
$ap.LogonTokenCacheExpirationWindow = (New-TimeSpan -minutes 40)
$ap.Update();
IIsreset

The above settings are only part of the solution. On their own we have a fixed session duration of 20 minutes, determined by the earlier mentioned formula subtracting the logon token cache expiration from the RP token lifetime. To make sure the session renews with continued activity, we must refresh the session (and FEDAUTH cookie), which we can achieve with an HTTP module. The following code is an excerpt to refresh the session with each HTTP request.

Persistent verses Session Cookies

By default, SharePoint stores the authentication/session (FEDAUTH) cookie as a persistent cookie on disk. This allows the user to close and reopen their browser and access SharePoint without having to re-authenticate. This behavior is not always desirable.

Fortunately, we can ask SharePoint to use in-memory cookies (session cookies) for the authentication (FEDAUTH) cookie, as follows:

$sts = Get-SPSecurityTokenServiceConfig
$sts.UseSessionCookies = $true
$sts.Update()
iisreset

Configuring SharePoint 2013 for Windows Azure Workflow

SharePoint 2013 now abstracts workflow processing to the cloud – using Windows Azure Workflow (WAW). SharePoint still maintains the legacy workflow engine, as part of the .NET Framework 3.5.1, to enable execution of SharePoint 2010 workflows. However, SharePoint 2013 does not install WAW by default. The following steps detail additional configuration.

1. Ensure you are not installing on a domain controller – WAW integration does not work with SharePoint 2013 running on a single server domain controller

2. Create an account in your domain for WAW

3. Add this account to the local administrators group on the SharePoint server and grant log on locally permissions

4. Ensure the SQL server accepts connections via TCP/IP – use the SQL Server Configuration Manager tool

5. Provide the WAW account access to SQL Server, include create database permissions (or you could grant administrative permissions if you are brave)

6. Log onto the SharePoint server as that account

7. Install Workflow Beta 1.0 (http://technet.microsoft.com/en-us/library/jj193478), using the Web Platform Installer

8. After installation, you should see the WAW Configuration Wizard

9. Click to create a new farm, using custom settings

10. Configure databases and click the Test Connection button for each

11. Make sure the WAW service account is correct – use the fully qualified domain name (FQDN), by default it prepopulates the textbox with a non-FQDN

12. Provide certificate generation keys

13. Leave the ports as default

14. Check the checkbox to allow management over HTTP (if you choose to use HTTPS you will need to establish trust between SharePoint and WAW using a trusted certificate)

15. Click the next button to move onto configuring the service bus

16. Complete similar steps for database, service account, and certificates settings as you did above

17. Again, leave the ports as default

18. Review the summary page, then click the tick button to complete the configuration

19. Wait for the configuration to complete – this might take a little time

20. After WAW configuration completes, run the following PowerShell command:

Register-SPWorkflowService –SPSite "http://{sitecollectionurl}" –WorkflowHostUri "http://{workflowserve}:12291" –AllowOAuthHttp

21. Assuming no errors, you have now configured WAW in SharePoint 2013 for your site collection

More information on installing and configuring WAW is available at the following URL: http://technet.microsoft.com/en-us/library/jj658588%28v=office.15%29

The context has expired and can no longer be used

I routinely see this error when working with SharePoint 2013 in my development environment. This problem is more frequent when I restore earlier snapshots of my SP2013 server.

SharePoint spits out this error when the local server time is out of sync. To remedy this issue, try one of the following:

  1. Update the date and time on the SharePoint Server
  2. Disable security context check for the web application, as follows
  1. Go to central administration
  2. Go to  "Application management section
  3. Go to "Web Application General Settings"
  4. Go to "Web page Security validation"  disable this option.

SharePoint 2013 Managed Navigation

After much awaited anticipation, SharePoint 2013 now offers custom navigation of sites via the Managed Metadata Term Store. SharePoint 2010 introduced managed metadata for tagging purposes, with hierarchical terms. This same hierarchical infrastructure bodes well for site navigation, which is also hierarchical. I often hear the word “taxonomy” said a lot, pertaining to both tagging taxonomy and site structure, which just speaks to the fact that the Managed Metadata Term Store is great for managing custom navigation.

Prior to SharePoint 2013, custom navigation typically involved some custom component, to read navigation structure from either a list, XML file, or some other hierarchical node store. The out-of-the-box offering provided very little in the way of custom navigation – just the ability to include headers and links at each site level. The main issue with the out-of-the-box offering is that it was limited in the number of nested navigation nodes, without adhering to the actual structure of sites and sub-sites in the collection. Despite typical site navigation following site structure, content owners should have the ability to store their content (sites and pages) in any structure and the navigation look completely different. Content storage and structure suits how content owners maintain content, and navigation is about how end users access content, and the two may look very different. Managed Metadata Navigation finally allows content owners to create an independent navigation structure to that of their content model.

To demonstrate Managed Navigation, I shall first create a hierarchy in the default term store, for our application:

  1. Open Central Administration
  2. Click the link for managed service applications
  3. Scroll down the list and click the Managed Metadata Service
  4. Click the Manage icon in the ribbon to open the Term Store editor
  5. Ensure you have permissions to edit the term store – add your username to the term store administrators field
  6. Managed navigation binds to term sets, so I created a new group for navigation and then a term set for site navigation

SharePoint creates a default term set in the Managed Metadata Term Store for your site collection; I created my own for demonstration purposes.

  1. Create a term set structure
  2. Click the Site Navigation term set
  3. In the right panel, click the tab for Intended Use
  4. Check the checkbox to enable the term set for navigation – you can also use the term set for tagging if you wish by toggling the other checkbox option
  5. Click the save button to save the changes
  6. Click the tab for term driven pages – this page shows the settings for friendly URLs for the term set (more on friendly URLs shortly)
  7. Now we are ready to configure our publishing site to use the managed navigation
  8. Open your publishing site (assuming the hosting web application uses the managed metadata service you just configured)
  9. Click the gear icon, the select the menu item for site settings
  10. Click the link for Navigation, under the Look and Feel header
  11. SharePoint displays the navigation settings page
  12. Choose the radio button option for Managed Navigation for either or both the left and global (top) navigation
  13. Scroll to the bottom of the page to the managed navigation term set section
  14. Select the term set to use for managed navigation
  15. The checkboxes below the term set browser tell SharePoint whether to populate your term set with nodes when you create new pages in the site, and whether to generate friendly URLs for new pages
  16. Click the OK button at the bottom of the page, to save your changes

managednav2013

Configuring RBS for SP2010

Following on from my previous post about list scaling and performance.  The following posts details configuration of Remote Blob Storage for SharePoint 2010 and SQL Server 2008 R2.

First download the RBS provider for SQL Server 2008 (don’t install it yet):

http://go.microsoft.com/fwlink/?LinkId=177388

Configure file stream for the SQL Server Service using the Configuration Manager:

image

Execute the following SQL queries:

EXEC sp_configure filestream_access_level, 2

RECONFIGURE

Execute the following SQL to set up a master encryption key and blob store file group:

use WSS_Content

if not exists (select * from sys.symmetric_keys where name = N'##MS_DatabaseMasterKey##')
create master key encryption by password = N'Admin Key Password !2#4'

if not exists (select groupname from sysfilegroups where 
groupname=N'RBSFilestreamProvider')alter database WSS_Content
 add filegroup RBSFilestreamProvider contains filestream
 
alter database [WSS_Content] add file (name = RBSFilestreamFile, filename = 'c:Blobstore') 
to filegroup RBSFilestreamProvider

Install the RBS provider with the following command (change DBINSTANCE to your SQL server instance):

msiexec /qn /lvx* rbs_install_log.txt /i RBS_X64.msi TRUSTSERVERCERTIFICATE=true FILEGROUP=PRIMARY DBNAME="WSS_Content" DBINSTANCE="SP2010" FILESTREAMFILEGROUP=RBSFilestreamProvider FILESTREAMSTORENAME=FilestreamProvider_1

If installing RBD on production servers, be sure to run on all WFE’s with the following command (again, change the DBINSTANCE):

msiexec /qn /lvx* rbs_install_log.txt /i RBS_X64.msi DBNAME="WSS_Content" DBINSTANCE="SP2010" ADDLOCAL=”Client,Docs,Maintainer,ServerScript,FilestreamClient,FilestreamServer”

Run the following Power Shell script from the SP2010 Management Console:

$cdb = Get-SPContentDatabase –WebApplication http://sp2010

$rbss = $cdb.RemoteBlobStorageSettings

$rbss.Installed()

$rbss.Enable()

$rbss.SetActiveProviderName($rbss.GetProviderNames()[0])

$rbss

Now create a document library in SharePoint and upload an image to it.  Next visit the c:blobstore directory and look for the GUID sub folder with recent date.  Keep drilling down until you find a file.  You should see a file with GUID name.  Drop this into IE and you should see that it is the same file you uploaded to your document library.

 

From the SharePoint 2010 book I’m reviewing