Exporting a SSL certificate as a PFX will allow it to be imported on any other server running Windows or Linux. To export a certificate using Windows: 

1)Click Start.

2)Click Run.

3)Type “mmc” without quotes.

4)Press Enter.

A box will come up.

5) Click File.

6) Click Add/Remove Snap-in.

7) Click the Add button.

8) Scroll down till you find the container that says Certificates.

9) Highlight Certificates and press add.

10) Click on Computer Account then Next.

11) Select local computer then finish.

12) Click close on the box below it.

13) Click Ok.

Certificates (Local Computer) should now be seen under the Console root.  Expand certificates and then expand personal. Locate the certificate that will be exported.

14) Right click on the certificate and go to all tasks export.

15) Click next.

16) Select Personal Information Exchange, Include all certificates in path, and enable strong protection.

17) Enter a password (you will need this to do the import).

18) Save it to wherever.

19) Then close out of everything and copy the file to the other server. Importing is different depending on the Operating System and other factors. For windows the above steps can be used to Import a certificate.

Thanks to a recent customer I have a new troubleshooting tidbit for SharePoint 2010′s people picker. Thanks to Microsoft and a fellow technician for the help with this. If the People picker returns a call back error when searching for accounts in a remote domain in a one way trust take the following steps:

1. Ensure that the AD trust is working correctly. This can be done in Active Directory Domains and Trust on the Domain Controller.

2. The Farm Account should be a member of the local machine’s administrator group.

3. On the “HKLM\Software\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure” registry key ensure the following permissions are in place and are being inherited in the sub-keys

          * WSS_WPG Read permission
          * WSS_Admin_WPG Full Control
          * WSS_RESTRICTED_WPG_V4 Full Control

4. Get and copy the peoplepicker-searchadforests property value via stsadm command:
stsadm -o getproperty -url <URL> -pn peoplepicker-searchadforests

5. Clear the peoplepicker-searchadforests property value via stsadm command:
stsadm -o setproperty -url <URL> -pn peoplepicker-searchadforests -pv “”

6. Rerun the password encrypt command with different password:
stsadm -o setapppassword -password <NewPassword>
NewPassword can be anything you want.

7. Set the peoplepicker-searchadforests property value via stsadm command:
stsadm -o setproperty -url <URL> -pn peoplepicker-searchadforests -pv “domain:domain.local;domain:domain2.local,domain\username,password”

There are two pieces that need to be in place for this to work. The first is a NAT rule that tells the ASA where the traffic needs to go. The second is an ACL rule that allows traffic to pass through the firewall. The steps contained in this post were done using ASDM 6.0.

To get started Launch ASDM and sign in.

• From the ASDM Home screen click Configuration.

• Click Firewall.

• Click NAT Rules.

The wording of the menu is somewhat confusing, but we need to add a Static NAT rule on the inside interface.

• Click Add and choose Add Static NAT Rule.

• The Original Interface should be set to Outside and the Source should be set to the IP of the device that you will be RDPing to.

• The Translated Interface should also be set to Outside and to Use Interface IP Address.

• To accommodate RDP Enable Port Address Translation for TCP and set the Original Port and Translated Port to 3389, unless you have modified RDP to run on an alternative port, which I recommend.

• Be sure to save and write to running-configuration.

Here is a screenshot of what it should look like:

Now that NAT is taken care of, we need to add a firewall rule to permit the traffic.

• From the ASDM Home Screen click Configuration.

• Click Firewall

• Click Access Rules

• Click Add Access Rule

• The Interface needs to be set to Outside

• The Action should be Permit

• For source you have some choices. You can either let the source be any IP on the internet or a certain sub-set of IP addresses. The latter is considered more secure, but for this example I will assume you are a road warrior and need access from any IP address. In this case set Source to any.

• Destination should be Outside.

• Service should be tcp/3389. It will only be different if you have changed your RDP port on the Server.

• You can choose to add a description like “Remote Desktop rule.”

• You can also choose to enable logging on the rule.

• Be sure to save and write to running-configuration.

Here is a screenshot of what it should look like:

I’ve been working with profiles in SharePoint recently and thought I would share some notes:

In MOSS 2007 there are two profiles for users:

The WSS profile is stored in the content database.

The MOSS profile is stored in the SSP.

Profile data is imported to the content database only the first time a user logs in. Any additions to Active Directory such as an email address made after the initial user login will not be imported by default.

The MOSS profile (if it exists) prevents the WSS profile from being edited.

By default imports from Active Directory are not setup. This can be done in the SSP. On a configured schedule, SharePoint will pull data from AD into the MOSS profile. A timer job will update the WSS profile from the data imported into the MOSS profile. It’s important to note, that unlike SharePoint 2010, MOSS 2007 can only import data from AD, so changes made to the user profile in SharePoint will not be exported to Active Directory.

In SharePoint 2010 (Standard or Enterprise) parts of profile data can be either set to imporr or export, but not both. By default everything is set to import. If a field needs to be exported, then the setting for the value will need to be removed, and created from scratch.

I had previously installed SharePoint with Office Web Apps using an Enterprise license, but for whatever reason the customer decided to go with a Standard license instead. I uninstalled SP, but then when attempting to reinstall, this error came up: “The install in progress conflicts with a previously installed Microsoft Office 2010 Server product.”

Here are the things I had to do to get it to go away:

1) Uninstall Office Web Apps
2) Reboot
3) Backup the registry.
4) Go into the registry to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and run a search for “Office Web” and “Sharepoint” delete any keys found.
5) Reboot

I was then able to install SharePoint again.

Later after talking with a colluge he offered this advice:

Find the UninstallString value and copy out the data by double-clicking or right-clicking and selecting Modify. Open a command prompt as Administrator and paste the value for each key you find. This will force Windows to run an Uninstall instead of ripping out the key manually.

Installing Office Web Apps on SharePoint 2010

 
Activity 1: Obtain the Media

The best bet is to do a search to find the latest version. Here is a link to the current one:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=27d81b1c-18ae-4983-8e1c-224bb747eb99&displaylang=en 

Activity 2: Evaluate the State of SharePoint
Step 1) If this is an existing SharePoint 2010 installation, delete the existing Excel Service.
 1) Open Central Administration.
 2) Click Application Management.
 3) Under Service Applications, click Manage Service Applications.
 4) Click in the blank area to the right of the Excel Services Application to highlight it.
 5) Choose Delete from the Ribbion.
               
Step 2) Give your service application pool account Full Control of C:\Windows\Temp
 
Step 3) Ensure your service application pool account has db_owner on the content databases in SQL.
 1) Start SQL Server Management Studio
 2) Expand Security -> Logins
 3) Locate the service application pool user and right-click to get to Properties.
 4) Select User Mapping
 5) Find the Content Databases. Typically they are WSS_Something_Content
 6) Click the CheckBox next to each one and Check db_owner under roler membership.
 
Step 4) Ensure your SharePoint Farm account has db_owner on the PerformancePoint Service database
 1) Start SQL Server Management Studio
 2) Expand Security -> Logins
 3) Locate the farm account user and right-click to get to Properties.
 4) Select User Mapping
 5) Find the PerformancePoint Service Databases. Typically it is named PerformacePoint Service_GUID
 6) Click the CheckBox next to each one and Check db_owner under roler membership.
 
 
Activity 3: Run Setup
Step 1) Run Office Web Apps Setup.exe
 
Step 2) Enter the product key.
 
Step 3) The installation will run and then ask you to run the SharePoint product configuration wizard. Launch the Config wizard located at Start -> Programs -> Microsoft SharePoint 2010 Products -> SharePoint 2010 Products Configuration Wizard and let it run.
 
Activity 4: Start Services
Step 1) Open Central Administration. If you are asked to run the configuration wizard select No, I will configure everything myself.

Step 2) Click Application Management.

Step 3) Click Manage Services on Server.

Step 4) Start the Word Viewing Service and PowerPoint Service.
 
Activity 5: Provision Service Applications
Step 1) Click Application Management.

Step 2) Click Manage service applications.

Step 3) Click New and select Word Viewing Service.

Step 4) Give the service a name like Word Viewing Service.

Step 5) Click Use existing application pool and select “SharePoint Web Services” from the drop down.

Step 6) Click Ok

Step 7) Repeat this process for PowerPoint, and Excel.

Step 8) Run an IISRESET.
 
Activity 6: Enable Office Web Apps Site Feature
Step 1) Browse to the site collection in Internet Explorer.

Step 2) Site Actions -> Site Settings -> Site Collection Administration -> Site collection features.

Step 3) Click Activate next to Office Web Apps.
 
If server is a Active Directory domain controller:
Please do note that Office Web Apps is not supported on a DC. So this configuration should be avoided if possible. 
 
If the server is a DC an additional script needs to be run to active the features. Open the SharePoint 2010 power shell and run the following script:
 
$e = Get-SPServiceApplication | where {$_.TypeName.Equals(“Word Viewing Service Application”)}
$e.WordServerIsSandboxed = $false
$e.WordServerIsSandboxed

#(Please use the below script for PowerPointServiceApplication – You need to enter “Y” for the answer of each cmd)
Get-SPPowerPointServiceApplication | Set-SPPowerPointServiceApplication -EnableSandboxedViewing $false
Get-SPPowerPointServiceApplication | Set-SPPowerPointServiceApplication -EnableSandboxedEditing $false
 
(OPTIONAL) Found this on a blog while troubleshooting, unfortinuately I no longer have the direct link, but I have never had to use it. It may come in handy:
In the server’s c:\windows\system32\inetsrv\config\applicationHost.config
Add the line below in the end of the dynamicTypes.
<add mimeType=”application/zip” enabled=”false” />
 
After the above is done run IISRESET.

It’s been a while since my last server related post, or any post for that matter. I’ve been trying to dive deeper into the world of SharePoint. I like the interface in 2010 much more than WSS 3. It just makes more sense to me.

The Problem:
There is a custom web service sitting inside a Web Application. This service listens for SOAP calls to be sent to it. When the call is received, it’s supposed to return one of about a dozen lists based on the information it received. The service, however, returned an error saying WSS Document service error: The request failed with HTTP status 401: Unauthorized.

Troubleshooting:
The first thing I did was launch Central Admin and set Diagnostic Logging to verbose. This is a practice I encourage, just don’t leave them that way when you’re done or it will likely fill the drive. I also set up Failed Request Tracing in IIS 7. It was set to catch anything that resulted in a 401. Next, I went to the Application and launched the process that initiated the SOAP calls four or five times in a row, noting the time. This was done so if there was a pattern, it would be more apparent.  After a review of the logs I began to see: PermissionMask check Failed. This error is contextual to the application so it basically means the user the application is running as is not authorized.

Moving to the IIS trace log, about midway down it revealed the user account that was trying to make the call. With this information, it was easy to go back to SharePoint and give the user proper permissions to the page.

I think Jobs and crew nailed it with the new Apple TV. During his conference, he talked about people not wanting to manage content. I can’t agree more. The only content I want to manage is my photos, and music. Lightroom does an awesome job with the photos, practically without me, and iTunes for the most part covers my music management needs. To go a step further though, I don’t want to own any movie or TV content. Physical DvD’s take up way to much space, and there pretty expensive. Downloaded movies from iTunes take up hard drive space. Sure space is cheap, but I can count the number of movies I’ve watched more than once on one hand. So what’s the point in having them lying around being dust magnets, or stealing drive space I can use for photos or gaming? There really isn’t for me. That’s probably why I love having Netflix. Apple’s streaming service is a huge win for me.

How big of a pack rat am I? Apparently a pretty big one. See proof below:

Floppy Internals

That’s right those are the insides of 3.5 floppy disks. Thirteen of them!! What the hell am I doing with this junk? The disk were in fact intact, but I decided to take them out to destroy them. At least they were not the 5.25 disks. Thankfully I’ve rid myself of those a good time ago. Take a good look kids. If you were born after 2004 it’s likely you have never seen or will ever see the internals of a floppy disk. There gone just like VHS tapes. And don’t get me started on Betamax. I don’t have one. I did own an 8track for like 6 months though, which is probably worse. Kind of crazy what you find stashed away in bins and drawers. They severed their purpose, and for that I salute this only technology, but out with the old..

Decided to give the app a go. It’s very easy to use. Just feed it the URL, Username, and Password of your blog and it’s ready.  It can also support multiple WordPress blogs which is nice if you manage more than one. Clicking on the blog name will give you three tabs. One for comments, another for posts, and one for pages. Clicking on a comment will take you to a sub-screen that will let you mark the comment as spam or approve it. The posts will allow you to view all your current posts as well as make new ones. The posting mechanism is pretty simple. If your using an advanced theme none of your custom title’s or metadata will be accessible, but it does allow you to add a picture, a tag, and a category. You can either upload the post as a draft or straight to published.

Typing a long post on your phone is probably not the best choice. I would use it for quick ideas or drafts notes, but I can’t imagine doing something large on it. Still it’s a nice concept. I can see it’s usefulness for comment control and uploading a picture from the phone. For those functions I’ll probably keep it around.