Jack of all that is Microsoft, Master of None

July 24, 2008

Got Long MOSS Service Account Names?

Are you planning on creating and using some long-named MOSS service accounts?  Maybe something like TestMOSSMySiteAdmin01 or TestMOSSSSPAppPool01?  Well if you do, then take note – I’ve had two separate occasions where I have an AD account with more than 20 characters as the username, and MOSS isn’t happy about it.  I ran across this a while ago at a client site and thought it was something wrong with their environment, and let it slide… but my buddy and fellow B&R colleague Mr. Bob Fox ran into this yesterday, and was quite surprised that this happens.

So here’s the deal…

You’ve got your account, ‘TestMOSSMySiteAdmin01’ – you go and create it in Active Directory, typically by just specifying the Full Name & User Logon Name, and your screen looks something like this:

 

 

 

 

 

 

 

 

 

 

 

 

 

Notice a couple of things here:

§  The user logon name is exactly what I want – the full account name.

§  But the ‘User Logon Name (per-Windows 2000) has been truncated by one character (character #21)

So now we hop over to our MOSS environment, as we want to bring up a new Web Application for our MySites, and use this account.  We run through the typical web app setup, and specify the full username:

 

 

 

 

 

But when we submit this information, we get a username/password combination error:

 

 

Event thought I’ve entered everything correctly. 

So after ripping my hair out, this is where the Active Directory account’s User logon name (pre-Windows 2000) comes into play.  From what I can tell, this is what MOSS is using when you input a username – so in this case, I have to truncate the name of my service account in the web application setup form:

 

Notice that I had to cut off the last number – to match what AD was showing.  Now, when I submit this, my web application gets created properly.  And to verify that it took the shortened name, I open up IIS, and voila – using the truncated account logon name:

 

 

 

And while I’m running Server 2008 with IIS7, I have confirmed this is the same on Server 2003 with IIS6. 

So in the end, the moral of the blog post is that whenever you can, keep your service account names to under 20 characters.  If you can’t beware of this issue.

-Chris

Technorati Tags:
, , , ,

May 9, 2008

WSS Navigation – Flyouts, Security Trimming & Custom Nav Items

I’ve been working with a client on a WSS site deployment, and one of our big sticking points has been with the out-of-the-box WSS navigation. The client set the following requirements for the navigation:

  1. Must be security trimmed – so if you don’t have access to a site, you don’t see it in the nav
  2. Must allow for the addition of custom navigation items
  3. Must have flyouts (drop-downs) that go at least 2 or 3 levels deep

Out of the box, we get #1 & #2, but since we’re not using MOSS, we can’t just modify the master page to get #3 to work.  That’s where my buddy the SharePoint Cowboy, Eric Shupps, found a nice way to add the drop-down menus to WSS.  The problem is that this approach switches the data source, and you lose the ability to specify what appears in the navigation.  So while you gain #3, you lose #2.  Talk about one step ahead, one step back.

So after some trial and error, some searching and enlisting the help of Josh Carlisle for a few lines of code, I have a solution…

The solution involves the following:

  1. Creating a WSS list that will manage you navigation.
  2. Implementing the Cascading Navigation web part from CodePlex.
  3. Adding a couple lines to your master page.
  4. Go wild!

So, in detail, here is what you need to do:

#1 – Setup your Navigation List

 The first thing you will want to do is create your navigation list.  It should be a Custom List, and I named mine ‘WSSNavigation’, but feel free to call yours whatever you would like.  I also do not display mine in the Quick Launch.  Once the base custom list is created, then create the following fields:

Note that for Item Level, your choices should only be Level 1, Level 2 or Level 3 (include spaces).

And for Display0 (make sure there is a zero!) the choices should be Yes or No.  Do not use a Yes/No field.

Now, go ahead and add a temporary line or two into the list.  Make sure that your Link ID is unique for each line… think of it as your primary key for each navigation item (it should just be an incrememental number… start at 1 and keep incrementing).  And if there is no parent of the item you are adding, keep that field blank.

#2 – Install the Navigation

Download the Cascading Nav WSP from CodePlex here:

http://www.codeplex.com/sharepointnavigation/Release/ProjectReleases.aspx?ReleaseId=9461

Install & deploy the solution package as you normally would.  Then, dump the web part on to a page & in the web part Miscellaneous properties, put in the name of the SharePoint list holding the navigation information under the Admin List field.  In my case above, I would input WSSNavigation.

If the navigation renders properly, then you are good to move on to step 3.  If it doesn’t, make sure you’ve put the in the correct name of the navigation list, and that each of the fields is set up properly. 

#3 – Modify the Master Page

So you’ve got the navigation working inside of a site in a web part zone – great.  Now, let’s replace the not so great out-of-the-box nav with our really cool nav.  Crack open the master page for the site, and insert the following line under the other lines that look the same (they will be at the top of the page and start with <%@ Register TagPrefix=):

<%@ Register TagPrefix=”customnav” assembly=”CascadingNav, Version=1.0.0.0, Culture=neutral, PublicKeyToken=9f4da00116c38ec5″ namespace=”CascadingNav”  %>

 Then, let’s get rid of the old navigation by commenting it out.  Look for the following:

<asp:ContentPlaceHolder id=”PlaceHolderHorizontalNav” runat=”server”>
 <SharePoint:AspMenu
   ID=”TopNavigationMenu”
   Runat=”server”
   DataSourceID=”topSiteMap”
   EnableViewState=”false”
   AccessKey=”<%$Resources:wss,navigation_accesskey%>”
   Orientation=”Horizontal”
   StaticDisplayLevels=”2″
   MaximumDynamicDisplayLevels=”2″
   DynamicHorizontalOffset=”0″
   StaticPopoutImageUrl=”/_layouts/images/menudark.gif”
   StaticPopoutImageTextFormatString=””
   DynamicHoverStyle-BackColor=”#CBE3F0″
   SkipLinkText=””
   StaticSubMenuIndent=”0″
   CssClass=”ms-topNavContainer”>
  <StaticMenuStyle/>
  <StaticMenuItemStyle CssClass=”ms-topnav” ItemSpacing=”0px”/>
  <StaticSelectedStyle CssClass=”ms-topnavselected” />
  <StaticHoverStyle CssClass=”ms-topNavHover” />
  <DynamicMenuStyle  BackColor=”#F2F3F4″ BorderColor=”#A7B4CE” BorderWidth=”1px”/>
  <DynamicMenuItemStyle CssClass=”ms-topNavFlyOuts”/>
  <DynamicHoverStyle CssClass=”ms-topNavFlyOutsHover”/>
  <DynamicSelectedStyle CssClass=”ms-topNavFlyOutsSelected”/>
 </SharePoint:AspMenu>

Just before it, add <!- – Hide the original horizontal nav

and after it, add – ->

Then, on the next line after the line where you put the – ->, put in the following:

<customnav:CascadingNav runat=”server” id=”customNav” Set_AdminList=”WSSNavigation” __WebPartId=”{89DFF3CB-0E4A-4623-B69B-DFB818FBF6DB}”/>

Note that under Set_AdminList= make sure you input the name of your WSS List you created in Step 1 here.

#4 – Go Wild & Create your Menu

Your site should now be rendering the menu along with the navigational elements specified in the list.  Now, head back over to your list and build out your navigation.  As you add items to the list, your navigation will be updated, so you can quickly check and make sure things are looking good.  And remember – since the navigational items are essentially list items, you can set permissions on them individually.  Therefore, you can hide links from users that shouldn’t see them.

Enjoy,
Chris

 Technorati Tags:
, , , , ,

July 11, 2006

Rights Management Services: Remote Access Quick Notes

Filed under: Microsoft Office, Rights Management Services, RMS, Security — cregan @ 3:12 am

Last week, before I took some time off, I setup Windows Rights Management Services (RMS) with the Information Rights Management (IRM) Client on my local PC for B&R. Since my laptop does not belong to the B&R domain, I couldn’t just click on the Permissions button in Word/Excel/PowerPoint/Outlook… if I did, I would just be presented with the option to use my Passport account… but I had to be able to create & consume rights-protected B&R documents on my laptop when traveling.  So in a nutshell, here is a very brief rundown on how I got this functioning:

  1. Before setting up RMS, setup the IIS web site that will be utilized for clients connecting to RMS.  Make sure of the following:

    1. Assign the site a static IP address.

    2. If needed, add in the host header (if using the IP for more than one site)

    3. Directory Security – Integrated Windows Authentication

    4. Install your SSL Certificate before configuring RMS.

    5. Setup DNS within your environment so that internal users are forwarded to the site (ex. rms.domain.com) – add an A record to point rms to the IP address of the site.

    6. Setup your external DNS now as well.

    7. Open up port 443 on your firewall and forward it to the IP address.

    8. TEST NOW – make sure (After DNS has propagated) that externally you can hit the dns name of the site (rms.company.com) and you are prompted to input login credentials. Also make sure this works internally.

  2. Provision RMS on the web site you setup. Walk through the setup and keep in mind:

    1. When specifying the Extranet Cluster URL – specify HTTPS & the Fully-Qualified Domain Name… DO NOT use the server name here. Otherwise you can run into serious problems migrating in the future.

    2. Use a domain account as the service account – not a local system account.

  3. Register your service connection point after provisioning is successful.  Note that the SCP should be similar to https://rms.company.com/_wmcs/Certification/Certification.asmx.

  4. You’re then basically setup. If you have a system on the domain, open up an Office Application & attempt to utilize RMS.  It should find the server and allow you to encrypt the document.

  5. For any non-domain / external users.  Before they use RMS for the first time, two additions need to be made to their registry settings (make sure the RMS client is installed first, then make these registry additions):

    1. HKLM\Software\Microsoft\Office\11.0\Common\DRM\
      Create a new String Value called CorpCertificationServer and make the value point to: https://rms.company.com/_wmcs/Certification.
       
    2. HKLM\Software\Microsoft\Office\11.0\Common\DRM\
      Create a new String Value called CorpLicenseServer and make the value point to: https://rms.companyname.com/_wmcs/Licensing.
  6. Then open up an Office Application and click on the RMS button.  You should then be presented with login credentials.  Enter the domain\username & password, and you should be rolling.  Note: if you receive any error messages after clicking on the RMS button, check that you specified the correct URL.  Also – if you are installing RMS & utilizing SQL Server 2005 – you must perform the fix in this KB Article, otherwise it will error out.
  7. If you have any questions / issues / errors, let me know!

One other quick thing to note… when you are on the ‘Windows RMS Administration’ page and you click on ‘Administer RMS on this web site’ – it probably won’t load – and if you notice the URL, it will be http://localhost/_wmcs/Admin/default.aspx or something like that.  Note that all you need to do is replace localhost with the DNS name you gave the site (rms.companyname.com or whatever), then you can access the admin page.

Enjoy RMS and the great security it offers!

Blog at WordPress.com.