Thursday, 8 November 2012

[SP2010] - Configuring Kerberos Authentication for BI

In this post I will take you through the steps of configuring Kerberos authentication for SharePoint 2010 Business Intelligence.  Now I know that alot of people out there get stomach cramps when you here the word "Kerberos", but I can assure you that it is really not that bad.  Follow the steps in this article and you should have your environment ready in no time.

My post will cover Kerberos setup for a Small SharePoint 2010 farm using SQL Server Reporting Services 2012 (SSRS 2012) as an example.


High level requirements:
Step 1:  Enable Kerberos Authentication on your SharePoint Web Application
Step 2:  Create SPNs for your Web Application Application Pool Account
Step 3:  Create SPN for  Reporting Services Service Application Application Pool Account
Step 4:  Create SPNs for SQL Server Database Engine service account
Step 5:  Configure delegation on Web Application Application Pool Account
Step 6:  Configure delegation on Reporting Services Service Application Pool Account
Step 7:  Configure Claims To Windows Token Service delegation
Step 8:  Configure Claims To Windows Token Service delegation
--------------------------------------------------------------------------------------------------------------------------

Step 1:   Enable Kerberos Authentication on your SharePoint Web Application

  • Open Central Admin, select "Manage Web Application" under the "Manage Web Applications" section.
  • Select your web application and click the Authentication Providers button in the Ribbon

  • Select the default zone
  • Change the IIS Authentication settings as per the screen shot below and save
  • Start the Claims to Windows Token Service in Central Administration if it is not running!

Step 2:  Create SPNs for you Web Application Application Pool Account

In this step we are going to create SPNs on the Application Pool account (identity)  for the Web Application's host name.
  • On your domain controller, open command prompt and use the commands below:
          SetSPN -S http/gsp2010webf1 gdom\svc_sp_ap
          SetSPN -S http/gsp2010webf1.gdom.local gdom\svc_sp_ap
     
Note!  All SharePoint Server web application, regardless of the port number, use the following SPN format:
  • HTTP/<DNS HOST name>
  • HTTP/<DNS FQDN>
Step 3: Create SPN for Reporting Services Service Application Application Pool Account

In this step we create a dummy SPN for the SSRS Service Application's Applicatoin Pool account.  This is required so that SharePoint can delegate authentication from the Web Application to the SSRS Service Application.

  • On your domain controller, open command prompt and use the commands below:
          SetSPN -S sp/rs gdom\svc_sql_ssrs

Note!  In this example I use sp/rs, but this can be anything as this is a dummy SPN.

Step 4: Create SPNs for SQL Server Database Engine service account
          
In this step we create SPNs on the SQL Database Engine service account (identity).  This is required to setup contrained delegation for the SSRS Service Application to SQL Server.

  • On your domain controller, open command prompt and use the commands below:
          SetSPN -S MSSQLSvc/gsqlf1:1433 gdom\svc_sql_dbe
          SetSPN -S MSSQLSvc/gsqlf1.gdom.local:1433 gdom\svc_sql_dbe

 Step 5:  Configure delegation on Web Application Application Pool Account

In this step we configure delegation on the Web Application Application Pool account.  This account needs to be able to delegate to the SPN that we have created for the SSRS application pool in step 3.

  • On your domain controller, open Active Directory Users and Computers
  • Open your SharePoint App Pool account's properties
  • Select "Trust this user for delgation to specified services only" (Constrained Delegation)
  • Select "User any authentication protocol"
  • Click add and search for the SSRS service account
  • Select the SPN that was created for the account and add it.


 Step 6:  Configure delegation on Reporting Services Service Application Pool Account

In this step we configure delegation on the SharePoint SSRS Application Pool account.  This account needs to be able to delegate to the SPN that we have created for the SQL Server database engine (DBE) service account in step 4.

  • On your domain controller, open Active Directory Users and Computers
  • Open your SSRS Application Pool account's properties
  • Select the Delegation Tab
  • Select "Trust this user for delgation to specified services only" (Constrained Delegation)
  • Select "User any authentication protocol"
  • Click add and search for the SQL DBE service account
  • Select the SPN that was created for the account and add it.



Step 7:  Configure Claims To Windows Token Service delegation

SharePoint internally uses claims authentication when "talking" to it's respective databases.  The Claims to Windows Token Service (C2WTS) is reponsible for converting Claims to a Windows token so that we can talk to SQL.

By default, this account run as a Local System account.  To setup delegation for your C2WTS you can either change this account to a domain service account and delegate to SQL from that account, or you can setup your delegation on the machine name that the C2TWS service is running on. In my example I've configured delegation on the machine name to reduce the admin overhead of managing another service account for SharePoint.
 
  • On your domain controller, open Active Directory Users and Computers
  • Under Computers, open your SharePoint server running the C2WTS
  • Select the Delegation Tab
  • Select "Trust this user for delgation to specified services only" (Constrained Delegation)
  • Select "User any authentication protocol"
  • Click add and search for the SQL DBE service account
  • Select the SPN that was created for the account and add it.


Step 8:  Grant SSRS Application Pool account access to Content Database

A required step in configuring SharePoint Server 2010 Office Web Applications is allowing the web application’s service account access to the content databases for a given web application.

Run the PowerShell commands below to give your SSRS account access to the Content DB:


$w = Get-SPWebApplication -Identity http://gsp2010webf1
$w.GrantAccessToProcessIdentity("gdom\svc_sql_ssrs")

 Note!  Change the above URL and service account as configured on your environment.

Thursday, 4 October 2012

[SP 2010] - Change Navigation Editing and Sorting limit

By default when you navigate to Site Settings -> Navigation Settings you would find that SharePoint only show the first 50 items (pages) in the Navigation Editing and Sorting.  When you have more than 50 pages in the Pages library these pages will not show up under the Navigation Editing and Sorting section, hence you wouln't be able to add them to the Quick Launch navigation.


In order to show all items in your Pages library in the "Navigation Editing and Sorting" navigation pane, you would need to make a slight change to your web.config file on each Web Front-End server in your farm.

Step 1:  Open your web.config file and search for "CurrentNavSiteMapProvider"

Step 2: Add the DynamicChildLimit=”0” property to this tag as in the code snippet below

 <add name="CurrentNavSiteMapProvider" description="CMS provider for Current navigation" type="Microsoft.SharePoint.Publishing.Navigation.PortalSiteMapProvider, Microsoft.SharePoint.Publishing, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" NavigationType="Current" EncodeOutput="true" DynamicChildLimit="0" />  

Once you have saved your web.config file you should see all your pages in the "Navigation Editing and Sorting" navigation pane.

Tuesday, 2 October 2012

[SP2010] - Term store management link missing

When you create a new Site Collection using the "Blank Template" you would find that the "Term store management" link is missing under the Site Administration settings:



Run this STSADM command below to activate this hidden Site Collection feature to display the missing "Term store management link" on your site settings page.

 stsadm -o activatefeature -id "73EF14B1-13A9-416b-A9B5-ECECA2B0604C" -url http://yoursiteurl/yoursitecollection -force  

Once you have activated this feature you should see the link under Site Administration as below.

Thursday, 27 September 2012

[SP2010] - Add the Profile Status Notes Control to Master Page

The My Profile Status Notes control that is found on the My Profile page (person.aspx) can easily be added to your custom Master Page using SharePoint Designer 2010.


In my example below I have added the Status Control to the header section on my custom Master Page, but this can also be added to any Page Layout that you use on your site. 


The Status Control is a Server Control that needs to be registered on your Master Page before you can use the control.  Once registered you can add the control tag to your Master Page and use the CSS to style the default look and feel of the Status Control if you wish.  Follow the instructions below to implement this functionaly:

1. Open your site in SharePoint Designer 2010 and edit your Master Page in Advanced Mode.


2. Add the sample code below to the top of your Master Page to register the Server Control.


 <%@ Register Tagprefix="SPSWC" Namespace="Microsoft.SharePoint.Portal.WebControls" Assembly="Microsoft.SharePoint.Portal, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>  


3.  Add the Status Notes Control tag to your Master Page.

 <SPSWC:StatusNotesControl runat="server"/>  


4. Save the  CSS styles below in a .css file and store it in your Style Library. Once done, reference the CSS file used by your site by navigating to Site Settings - > Master page.


Note that a reference can also be added to your Master Page in SharePoint Designer to reference the CSS file.

Tuesday, 25 September 2012

[SP2010] - Image Rotator Web Part that links to a SharePoint Picture Library

If you have used the OOTB SharePoint Image Rotator (Picture Library Slideshow ) web part then I'm sure you will agree that there is room for improvement.  I've taken some time to build an alternative easy to use jQuery slideshow web part that can be used on any page in your SharePoint site.  This solution reads images from a SharePoint Picture Library and transition through them using the jQuery slider plugin.


This code is easy to use, but if you're looking for a more scalable and robust solution then I suggest you look at building and packaging a solution using Visual Studio.

NB!  Ensure that your SharePoint Server Publishing Infrastructure Site Collection feature is enabled on your site.  By activating this, SharePoint will create the Style Library that we will use to store our JavaScript files.

Step 1:  Copy jQuery and CSS files to Site Collection Style Library
Step 2:  Add JavaScript reference and CSS reference to Site MasterPage
Step 3:  Create Picture Library
Step 4:  Add Content Editor web part to SharePoint page

-------------------------------------------------------------------------------------------------------------------

Step 1:  Copy jQuery and CSS files to Site Collection Style Library
  • Click here to download the jQuery slider plugin file (slides.min.jquery.js)
  • Click here to download the CSS Stylesheet (jslider.css)
  • Open your site in SharePoint Designer 2010 and navigate to your Style Library
  • Copy the CSS file to the root Style Library folder
  • Create a new folder called js in the root Style Library folder
 

  • Copy the download jquery plugin and paste it into the created js folder


Step 2: Add JavaScript reference and CSS reference to Site MasterPage

  • In SharePoint Designer 2010, Check Out your Master Page and edit the file in Advanced Mode

  • Add the code below just above the closing </head> tag

 <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js" type="text/javascript"></script>
  
 <script src="../../Style Library/js/slides.min.jquery.js" type="text/javascript"></script>
  
 <link rel="stylesheet" type="text/css" href="../../Style%20Library/jslider.css"/>
  

  • Ensure that your can access all the files referenced in the code and save all changes.
Step 3: Create Picture Library

  • Create a Picture Library called SlideShow on the root site of your Site Collection
  • Upload sample images and give each image a Title value
Step 4:  Add Content Editor web part to SharePoint page

  • Add a Content Editor web part to your SharePoint Page
  • Click on the "Click here to add new content" text to show the web part options in the Ribbon
  • On the Ribbon, select the HTML button in the Markup section as shown below


  • Paste the code below in the HTML Source Modal dialogue window and click OK. (download file here)

 <div id='container'>  
 <div id='example'>  
 <div id='slides'>  
 <div class='slides_container'>  
 </div>  
 <a href='#' class='prev'><img src='/Style Library/Images/jslides/arrow-prev.png' width='24' height='43' alt='Arrow Prev'/></a>  
 <a href='#' class='next'><img src='/Style Library/Images/jslides/arrow-next.png' width='24' height='43' alt='Arrow Next'/></a>  
 </div>  
 <img src='/Style Library/Images/jslides/example-frame.png' width='739' height='341' alt='Example Frame' id='frame'/>  
 </div>  
 </div>  
 <script type="text/javascript">  
 $(function(){  
 function GetAllImages()   
 {  
      var soapEnv = "<soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/'><soapenv:Body><GetListItems xmlns='http://schemas.microsoft.com/sharepoint/soap/'>";  
   //The name of the image library is called 'SlideShow'. Replace the name below with the name of your image library  
  soapEnv += "<listName>SlideShow</listName>";  
   soapEnv += "<query><Query><OrderBy Override='TRUE'><FieldRef Name='Created' Ascending='FALSE' /></OrderBy></Query></query>";  
   soapEnv += "<viewFields><ViewFields><FieldRef Name='Title'/><FieldRef Name='ows_FileLeafRef'/><FieldRef Name='Description'/></ViewFields></viewFields><rowLimit></rowLimit>";  
   soapEnv += "</GetListItems></soapenv:Body></soapenv:Envelope>";  
 var port = window.location.port;  
 if (port.length <= 0)  
  port = "";   
 else  
  port = ":"+port;  
 var webservice = window.location.protocol+"//"+window.location.hostname+port+L_Menu_BaseUrl+"/_vti_bin/lists.asmx";  
   $.ajax({  
     url: webservice,  
     type: "POST",  
     dataType: "xml",  
     data: soapEnv,  
     complete: processQueryResults,  
     contentType: "text/xml; charset=utf-8",  
      error: function(xhr) {  
     alert('Error! Status = ' + xhr.status);}  
   });  
 }  
 function processQueryResults(xData, status)  
 {  
 var port = window.location.port;  
 if (port.length <= 0)  
  port = "";  
 else  
  port = ":"+port;  
 //Change the below to point to your image library  
 var imageURL = window.location.protocol+"//"+window.location.hostname+port+L_Menu_BaseUrl+"/SlideShow/";  
 var itemURL = window.location.protocol+"//"+window.location.hostname+port+L_Menu_BaseUrl+"/SlideShow/Forms/DispForm.aspx?ID=";  
 $(".slides_container").html("")  
 $(xData.responseXML).find("z\\:row").each(function() {  
  var title = $(this).attr("ows_Title");  
  var desc = $(this).attr("ows_Description");  
  var imageLink = imageURL+$(this).attr("ows_FileLeafRef").substring($(this).attr("ows_FileLeafRef").indexOf('#')+1);   
  var itemLink = itemURL+$(this).attr("ows_ID");  
  var liHtml = "<div class='slide'><img width='570' border='0' height='270' src='" + imageLink +"'/><div class='caption' style:'botton:0'><p>" + title + "</p></div></div>";  
      $(".slides_container").append(liHtml);  
   });  
 $('#slides').slides({  
           preload: true,  
           preloadImage: 'http://demo/Style Library/Images/jslides/loading.gif',  
           play: 5000,  
           pause: 2500,  
           hoverPause: true,  
           animationStart: function(current){  
                $('.caption').animate({  
                bottom:-35  
                },100);  
                if (window.console && console.log) {  
                     // example return of current slide number  
                     console.log('animationStart on slide: ', current);  
                };  
           },  
           animationComplete: function(current){  
                $('.caption').animate({  
                     bottom:0  
                },200);  
                if (window.console && console.log) {  
                     // example return of current slide number  
                     console.log('animationComplete on slide: ', current);  
                };  
           },  
           slidesLoaded: function() {  
                $('.caption').animate({  
                     bottom:0  
                },200);  
           }  
      });     
 }  
 GetAllImages();  
 });  
 </script>  

Tuesday, 18 September 2012

[SP2010] - Rating Timer Jobs

Once you have enabled "Rating" on a list or library users have the ability to rate items as shown below:


It is important to note that the average rating calculation (gold stars) for a rated item doesn't calculate immediately once been rated by a user.  SharePoint has two Timer Jobs that are responsible for calculating that average and are set to run once every hour by default:

 


User Profile Service Application - Social Data Maintenance Job  - Aggregates social tags and ratings and cleans the social data change log.

User Profile Service Application - Social Rating Synchorization Job - Synchronizes rating values between the social database and content database.

Timer job reference: http://technet.microsoft.com/en-us/library/cc678870.aspx

Change the scheduled time for both these Timer Jobs in Central Administration if you would like to  speed up the rating process.


[SP2010] - Rating settings - missing link

You create a new Blank Site Collection successfully from Central Admin and configure a custom list or library only to find that the "Rating settings" link is missing on the List Settings page.

The hidden feature isn't stapled to the OOTB Blank Site Template (Site Definition) and will thus not be activated when creating a new site collection from this template.

No need to worry! Just activate the hidden Ratings feature using this simple PowerShell command and you are ready to Rate your site content:

enable-spfeature -identity 915c240e-a6cc-49b8-8b2c-0bff8b553ed3 -url http://[sitecollectionurl]

After the feature has been activate you will see the "Rating settings" link as below: