Office 2007 Beta 2 Technical Refresh (B2TR) and the “The file is not available.” error.

After I applied the Technical Refresh updates to my Office 2007 Beta 2 installs, I started getting this error whenever I tried to open a file with an Office 2007 application (either by double-clicking within the Windows Explorer file list, or by opening the file from within the application):

The file Testing.docx is not available.

So I asked Uncles Google and Live and came up with the comments to Jensen Harris’ blog post about Office 2007 Beta 2 Technical Refresh. In it, a Phil Wright asks about this very same problem. In a comment immediately following is the answer. Apparently the Norton Antivirus Office Plugin is interfering, returning an error code on document scan, which Office then interprets as a virus detection. To fix it you can try to update Norton via Norton’s LiveUpdate (I tried, to no effect), or you can reduce your system’s overall security by disabling the Norton Office plugin. Instructions for older versions of Norton are available in Microsoft KB 329820. In Norton Internet Security 2006 (my version), I opened the Norton status window, then chose Options -> Norton Antivirus, and among the tabs found an option to disable the Office plugin.
This worked fine for me.

Office 2007 Beta 2 Reinstall Troubles

Somehow, while uninstalling and reinstalling various bits of Office 2003 and Office 2007 (license/product key management – I am now entirely converted over to my workplace’s Office 2003 Enterprise licenses – this enables me to run my workplace’s Infopath), I have managed to screw up my ability to install Office 2007 Beta 2 and Office 2007 Beta 2 TR2.

Error Screenshot
The error reads:

Microsoft Office Professional Plus 2007 (Beta) encountered an error during setup.
Error 2711: An internal error has occurred. (GraphicsFiltersCDRFilesIntl_1033 )

This error happened while trying to reinstall/uninstall any of the Beta 2 Office 2007 products.

Asking Uncles Google and Live, I found an interesting pointer.

I’ll quote these sources entirely, since the cached article may or may not work in the long term:

  1. From Sue Mosher – Outlook MVP:
    She quotes an article I couldn’t get to come up, but here’s the quote from her in full:
    New information from the Readme at http://officebeta.iponet.net/en-us/products/FX101517941033.aspx#1:Setup fails with Error 2711. An internal error has occurred. (FeatureName)This is usually caused by having a previous or newer version of an Office12 product installed on the machine. Ensure all builds of Office12 products that do not match the build numebr of the product being installed are removed from the machine then attempt the install again.In some cases it has been found that if a newer build has been run over an older build, that after removal of the older builds there is still data remaining in the registry and the MsoCache from the older build. If this is the case follow these steps to clear out the information:1. Open regedit
    2. Browse to HKLM\Software\Microsoft\Office\Delivery\SourceEngine\Downloads
    3. Remove any key that ends in 0FF1CE}
    4. Open C:\MsoCache\All Users
    5. Delete any folder that ends in 0FF1CE}-C
  2. Not finding this information particularly helpful, and reading onward, finding that others didn’t necessarily find it helpful, I moved on, and found this:
    From LelandBartlett:Hi,I had the same error: Error 2711 GraphicsFiltersCDRFilesIntl_1033 when i tried to reinstall office 2007 Beta 2. I did all the recommendations above, plus maybe even more, but still no luck. I have this shareware program; CCLeanup, it has a tool section which is similar to Windows Add/Remove programs; however, even though I removed office 2007, there were 4 programs relating to office 2007 which did not show up in the windows add/remove programs. Three were related to language proofing (3 seperate languages), the other was a MUI for office 2007 beta. I noticed OneNote had it’s own install of a MUI. I ran the uninstall tool with CCLeanup, got rid of each of the four, just rand MS Office 2007 Professional Plus Beta 2 install, it now went in fine.

The tool’s name turns out to be CCleaner, and I checked around with various spyware/malware lists to make reasonably sure it really is free and ad-free (the Wikipedia article on Spyware is a good starting place if you’re doing your own research about programs that might be or you suspect might be adware/spyware). It looks good.

Also? It worked. Do as LelandBartlett says and you should be able to reinstall Office 2007 Beta 2 should you need to. Uninstall everything you can the conventional way, then use CCleaner to uninstall the last 4 components that Microsoft apparently forgot about.

What is wrong with you Microsoft Only people? – Checksum utilities for verifying large files

So today I am downloading the 2007 Office Beta 2 installs (and whoever heard of paying $1.50 for 5 download tries? I sort of understand, but if it were really just covering bandwidth fees, I should think it would be a lot lower). I note that the download listings/product key e-mails do not come with checksums for these large files.

The files are all in the 75 MiB – 250 MiB range. In UNIX-land, people would as part of the normal posting process just provide checksums. But in Windows-land apparently this is not done. Why not?

Checksums are extremely useful for making sure that the bits you expected to transfer over the network are the ones you got. You can see that this would be useful for both file content verification in the sense of “did I lose any bits along the way that would corrupt my install and can I know it before trying to install and have it fail?” But it’s also useful in the sense of making sure that the bits you want me to download are the same ones I want to get, and assuring that no 3rd party attackers did a man-in-the-middle attack, substituting trojan horses and other nasty things into the install instead. Okay, granted, private key encryption technology would be better than a simple checksum, but a checksum would still be better than nothing, which is what I get when I pay $1.50 to download the damned things.

With that in mind, let me introduce you to NullRiver’s winMd5Sum. This is a free and easy to use utility that allows you to create MD5 checksums on files and also to compare pre-generated checksums to the ones you generate on your end to check the download. Go use it. You’ll like it. While you’re at it, tell your download hosts (Microsoft too, please) that you’d like it if they’d start using it or some similar process to help you verify your large file downloads.

For posterity, I’m going to post the MD5 checksums I’ve got so far for my Office 2007 Beta 2 downloads (from Microsoft via the License Technology Group) [This assumes that each binary isn’t especially constructed for each product key – I guess we’ll see]:

  • Microsoft Office Forms Server 2007 – OFS32-EN.IMG – 14,796,544 bytes – MD5: 4ba65c890b6c86158666b41c3652d2bb
  • Microsoft Office Groove 2007 – OG-EN.EXE – 220,111,048 bytes – MD5: ba497c8610ae774b4f3af92755e83bf7 [Works fine]
  • Microsoft Office OneNote 2007 – OON-EN.EXE – 231,814,328 bytes – MD5: 95750f6b8c48c602b39c4b1271913398 [Works fine]
  • Microsoft Office Outlook 2007 with Business Contact Manager – BCM-EN.EXE – 252,769,672 bytes – MD5: 9cb44475cfbbbebb7c84eced9ef6e437 [Works fine]
  • Microsoft Office Professional Plus 2007 – OPPLUS-EN.EXE – 461,881,224 bytes – MD5: 7fc65a38b6bd9dce0563afea2c5b9a93 [Works fine]
  • Microsoft Office Project Professional 2007 – OPP-EN.EXE – 210,237,736 bytes – MD5: 50c1f917637de95c9aa72114e6385acb [Works fine]
  • Microsoft Office SharePoint Designer 2007 – SPD-EN.EXE – 236,994,544 bytes – MD5: 94fe6551b52ef1d38556d76677966073 [Works fine]
  • Microsoft Office SharePoint Server 2007 – Enterprise – SPS32-EN.IMG – 308,555,776 bytes – MD5: 0db4750dd73faca499fc5df95c7f63b3
  • Microsoft Office SharePoint Server 2007 for Search – OSS-EN.IMG – 231,387,136 bytes – MD5: c1c2b5ed9c0a31c48fb59afe3fb29919
  • Microsoft Office Visio Professional 2007 – OVP-EN.EXE – 293,966,312 bytes – MD5: 4259e1f323509e8392143e20416490f5 [Works fine]
  • Microsoft Windows SharePoint Services [v3] – SharePoint_setup.exe – 78,849,224 bytes – MD5: 51cd9f824bb5b6bfc90b96f0de956a1b

This is the complete list of the downloads I paid for.

Also, FYI, here is the link for the Beta 2 Technical Refresh download.

Here’s the file info for that download:

  • Microsoft Office 2007 Beta Two Technical Refresh – office2007b2tr-kb000000-fullfile-en-us.exe – 518,733,856 bytes – MD5: 9ad077c27fb279516b8636e43c3e0463 [Works fine]

I haven’t verified that all of these files work, but I have verified that the total file size is the same as was originally reported when I initiated the download, which is as close as you can get without MD5 or other checksum tools. I’ll note by striking the item out if for some reason the download is corrupt. Also, when I say [Works fine], I mean that it installed fine with all options installed to run on the drive. I won’t say that the actual programs installed worked fine, as they are in Beta.

Server Accounts, Changing them, Permissions Issues – Followup

In my previous post (opens in new window), I said I’d let you know how it went. Turns out for various reasons we didn’t get around to testing my assertions until this morning.

It went fine. I was right about what was broken and what needed fixing. The implementation of the fix and the continued procedure to change the rest of the service accounts in the QA lab went off without a hitch, so soon, we get to do it Production too.

Product Testimony – Acronis TrueImage 9.x

I don’t do Product plugs/testimonies for kickback, but only because/when products seem to truly deserve accolades.

Anyway, the version of Acronis TrueImage that I own is the Home version, but based on that, I’d definitely consider it for enterprise use too.

TrueImage is a disk imaging tool, and item-by-item recovery tool as well. You can back up an entire partition to a compressed archive and later, if you wish, mount the archive as a logical device, browse it and restore only what you wish. It features data verification, partition information restores, etc. It seems also to handle backup/restore cycles to disparate sizes (including downsizing, assuming the target device has enough room for the actual storage required by the files in the archive) gracefully and well.

Like any utility of this nature, you’re probably not going to use it day to day unless restoring disk images is 25% or more of your job description, but it’s very useful to have when you need it, and a good all-around way to keep a backup of, say, your system drive on, say, an external USB drive, in case you need it.

Since it also does both Full and Incremental operations, you can conceivably update your backups as often as once a day or more often.

This would even, with some training and relatively clueful users, be a good way to manage data/system recovery on a per-user basis, I think.

I’m very happy with it.

Database Migration breaks WSS/SQL Server Full Text Search

So here’s a little-known issue with SharePoint and Full Text Search:

On Joel Oleson’s blog (if you don’t know who this guy is and you’re in SharePoint Operations, find out quickly. Aside from Bill English [the man, his blog], he’s the other Man in SharePoint Managment/Operations – both of these guys regularly present at TechEd conventions), I found a blog entry about how, if your Full Text Search (that’s the one that works in Windows SharePoint Services, and is provided through the back-end SQL Server) isn’t working, and you migrated the database from a different server, the reason would be, possibly/probably, that you migrated the database from a different server.

Yes, I mean either with SPSBackup.exe (which should be your friend by now if you’ve been doing a lot of this and you want to keep the SharePoint Portal Search Index between migrations) or normal SQL Backup/Restore and file operations.

So anyway, there are a couple of stored procedures in the blog you should use to restore your Full Text Search. As far as I can tell, these are either SQL standard stored procedures, or, more likely, SharePoint-installed stored procedures.

Also, rather like part of my previous blog entry, the fix is essentially “turn it off, turn it on”, with some curve-balls in there if things don’t go as expected. It turned out to be thorough enough for us, so maybe it’ll be thorough enough for you.

Since I had to puzzle the blog entry out a little bit, I’ll write what I understood of how to do this here.

  1. Mr. Oleson recommends restarting your SQL Services, but we didn’t find this completely necessary.
  2. Run the following stored procedure: exec proc_DisableFullTextSearch
    1. If you get an error about there not being a Full Text Catalog, then run the following in SQL Query Analyzer and start Step 2 again:

      USE [databasename]
      sp_fulltext_database enable

      Where [databasename] is the name of the _SITE database you’re having the issue with. [But don’t actually type the [] brackets in there or your geek compatriots will laugh at you.]

  3. Run the following stored procedure: exec proc_EnableFullTextSearch

So that should be it. The procedure, as I said, is mostly just turn off, turn on again.

Full Text Search and Account Permissions

This is a more extended writeup of running Windows SharePoint Services 2003 and SQL Full Text Search on a Database box where Local Administrators (BUILTIN\Administrators) don’t have System Admin access in SQL Server 2000. (I mentioned this briefly in the Changing SharePoint Service Accounts article.)

Essentially, you’ll run up against this security policy requirement in some environments. It’s a sensible policy to make in situations/operations where the Local Administrators (of whom many are also Domain Administrators) are folks who are different from the folks who own, run and are responsible for the SQL Servers.

Part of the motivation for this separation is, of course, political. In some organizations you’ll find that folks in one team don’t want to share permissions/rights with other teams who aren’t directly responsible for the upkeep or maintenance of the bit of the sandbox they have dominion over.

The Sensible Computer Security Policy reason is the principle of Least Privileges. When the question, “Do these people/does this group need permissions to this resource?” is answered “No.”, then the principle of Least Privileges dictates that they not be given the access they don’t need. This Security Principle falls under the overall category of Risk Management. The fewer potential risks (i.e. fewer accounts sitting around waiting to be hacked that have permissions they don’t necessarily need), the fewer potential security vulnerabilities sit around waiting to be exploited by Joe Q. Attacker.

It should be noted that in the annals of computer attackers, the long-neglected account that just happens to be a local or domain administrator and just happens to have a really easy to guess password is the holy grail, and almost every computer system has at least one. So do what you can to manage your risks and reduce the number of holy grails that attackers can use to compromise your system.

Anyway, so for whatever reasons, you’ve decided that you wish to implement the policy that Local Administrators on the SQL Server are not allowed to be System Administrators (aka sa) within the SQL Server/Application itself. Note that while it appears that Microsoft “supports” this configuration, it’s not specifically allowed for in Microsoft’s relevant Knowledge Base articles, so if you do go this way, be on the lookout for potential complications. See that other article I mentioned and linked to above for an example of an unexpected consequence.

If you remove BUILTIN\Administrators from your SharePoint 2003 server’s SQL Server Logins, or remove the sa permissions from that group, you will hose up your Full Text Search in SQL Server, which of course (say it with me) will screw up your Full Text Search in your Windows SharePoint Services 2003 sites. (Because Windows SharePoint Services 2003 uses SQL Full Text Search to do its searching.)

How do you fix this?

According to KB Article 317746, if you don’t wish to add BUILTIN\Administrators back to the SQL Server Logins, you still have an out. You must:

  • Add the System Administrators Server Role to the account you are using as the Service Account for SQL Server.
  • Add the Local System account (NT AUTHORITY\System) to the SQL Server Logins.
  • Add the System Administrators Server Role to the Local System account (NT AUTHORITY\System).

You should not have to restart SQL Server after making this change. But you may also need to fix Full Text Search for other reasons, which I will elucidate in a (shortly to follow) article.

Old Security Articles

It’s on my professional site (where my resume would be if I were looking hard for another job), but I wrote a bunch of articles (Security notes, Best Practices, etc.) for Adobe, back before it was Adobe, and before even it was Macromedia, but when it was Allaire, and I was Product Security Manager/Security Response Team Coordinator there.

It was a nice job. Had some drawbacks in that QA/Security reported to Marketing on the Organizational Chart instead of, you know, IT, but it was a good job

I note, looking at these articles now, that the ones that are still credited to me (I wrote a number of security advisories that I’ll try to find too) are credited to me as a Consultant, though at the time I was a salaried employee with the title “Product Security Manager” or “Security Response Team Coordinator” instead. I am still a bit more pleased with being credited as a consultant. It is a title not undeserved.

Anyway, if you want to look at the old writing (from 2001/2002), here are the links (these open in your same window):

Here is a sampling of the Security Bulletins I wrote (None of them are credited) or significantly updated (I was there from 2001 – 2002):

Making Office document open in Office App instead of in an Office ActiveX Control in IE

I just wrote up this little Frequently Asked Question at work:

Assumptions:
  • You have Microsoft Office 2003 installed.
  • You are working with Windows XP Professional as your Operating System.
This is a setting that needs to be made/verified in your Windows settings.
To set the documents to open in their appropriate application:
  1. Open My Computer on your Desktop.
  2. Choose the Tools menu item, then choose Folder Options….
  3. In the Folder Options popup window, choose the File Types tab.
  4. In the Registered File Types list box, choose the file extensions for the application file types you’re interested in verifying/changing (i.e. DOC for Word, XLS for Excel, PPT for PowerPoint, etc.). Once the proper file type is selected, click the Advanced button.
  5. In the Edit File Type pop-up window, uncheck the Browse in same window checkbox.
  6. Click the OK button in the Edit file Type pop-up window.
  7. Click the Close button in the Folder Options pop-up window.

You’re done!

So the flip side is that if you want the document to open up in IE, you check the Browse in same window checkbox.

Sometimes this setting does/does not work. I’m still working on that bit, but also waiting to hear from the users a bit more about the versions of Office/OS they’re working with.