Kerberos and SharePoint 2007 notes

Recently we had cause to do a whole lot of research ourselves and end up calling Microsoft to get our implementation vetted and troubleshot (it was not working – all or almost all connections that should have been Kerberos connections were degrading back to NTLM).

Here are the salient notes and facts about troubleshooting and achieving the ultimate goal (having Kerberos working with our systems).

Generic List View Web Parts missing the View Selector drop-down – mitigation strategies

Had a user who accidentally (I assume, since he seems to think it’s because of  an operation I did well before that that was unrelated – see previous post) deleted the automatically created List View Web Part in the AllItems.aspx page.

Now he wants the full toolbar and the View Selector drop-down.

Well and good, but how?

I see two possible approaches.

  1. If the list is small and customizations relatively few, note the URL of the list and any customizations, save off content. Delete list. Start over, re-upload the content after the recreation. Don’t forget to create initially with whatever end of the URL you want for the list, then rename after the list is created at that URL.
  2. If the list is larger or customizations greater, do some fiddling with SharePoint Designer 2007, Datasheet View and XSLT.
  3. There is no third thing.

I don’t see any good ways of doing this in the UI only without just recreating the list entirely.

Anyone else have any good ideas?

Wrangling interesting InfoPath 2003 vs 2007 issues with arcane XPath statements

We have a form at work where the XPath current() function isn’t working properly. It’s supposed to be essentially a pointer to your current execution context, so in InfoPath in general it’s great for finding your way sort of recursively up and out of your current context to sibling controls (for harvesting lookup values, etc.). When it works.

Read on for more details.

Continue reading Wrangling interesting InfoPath 2003 vs 2007 issues with arcane XPath statements

Creating and Administering Site Themes in SPS2003/WSS 2.0

This is probably more for posterity than anything else, as most folks should have been using SharePoint 2003 technologies for almost a year.

But my work site uses 2003 still, with an upgrade coming up in the next few months.

Recently I had to fix some site-wide site templates that had some issues with unghosted and non-functional pages. I’ll look a little into what we think generated the problem, what doing it the “right way” looks like, and how to administer, manage and deploy site themes.

What are site themes? How do they compare to site definitions?

In contrast to site templates, which are a mixture of HTML, ASP.NET and CAML and are difficult to customize and troubleshoot owing to there not being any meaningful testing or debugging configuration, or meaningful development environment – if you decide to go into site definition-land, prepare to use a lot of text editors, lots of incremental testing, and lots of prayer (or whatever substitutes in your life), site templates are actually pretty easy to generate. You use a mixture of the in-SharePoint GUI, themes (which you may have had to generate the hard way) and FrontPage 2003 to create site templates out of a test or design site (you can even use a live site, but it can be more confusing to get it right that way), then use the SharePoint GUI to generate the site template, which then shows up in the site collection site template gallery.

When you’re satisfied with your site template, you can download the *.stp file from the site template gallery and begin to deploy it to other SharePoint site collections via either the global site template gallery (administered with the stsadm.exe utility) or a site collection’s site template gallery (via uploads/deletions through the SharePoint GUI).

If on the other hand you decide to create your own site definitions, you do get slightly better performance, the possibility of creating truly novel sites (site templates, on the other hand, must be based on pre-existing site definitions, most of which are created by either Microsoft or by really big-time development houses that are leveraging SharePoint for the functionality) that do cool things not possible with out of the box site definitions. The problem is that there’s no meaningful development environment for site definitions. In 2005, some of the TechEd presenters got almost cussed out for this failing. I’ve worked with site definitions myself, and let’s just say they’re not for the faint of heart. I worked for 2 weeks on a site definition pilot and I was barely done in time, even though the overall changes to standard definitions we were seeking were really minor. There is no debugging, no testing environment. You just use a VPC running SharePoint and deploy your changes to that and hope they worked, test by creating a new site based on the site definition and cross your fingers and hold your breath. A single error of certain kinds of syntax can keep the entire site from working properly. It can even be difficult to delete a site based on a non-functional site definition.

I’d recommend sticking with site templates if at all possible. They’re saner and easier to work with.

If you feel you must work with site definitions, feel free with my blessing (just don’t ask me to help you). Good starting points: 1, 2, 3, 4.

Things to know

Here’s a list of concepts to be familiar with before you start:

  • The difference between site templates ans site definitions, above.
  • Ghosting and unghosting – Ghosted pages are ones that have not been edited and saved in FrontPage. If you edit a page and save it, even if no changes were made, in FrontPage, you immediately unghost it. This makes maintenance tricky – all look and feel customizations need to be made separately to unghosted pages – and also cuts down performance – each unghosted page is rendered separately from ghosted pages, which get performance bonuses from being based on standard pages from site templates or site definitions.
  • GhostHunter, part of the Web Part Toolkit from BlueDog Limited, helps you identify unghosted pages and reset them to ghosted status (losing any specific look & feel customizations possibly made to the page via FrontPage)
  • FrontPage 2003 – be well enough acquainted with FrontPage that you know how to use it to edit Web Parts and other smart parts in SharePoint without saving changes to the page (and unghosting it, causing problems outlined above).

Doing the Dirty Deed

So you want to make a clean, unadulterated, properly ghosted Site Template?

The process requires careful movement, solid thinking, and not clicking any buttons without really thinking about what you’re doing.

What kinds of changes can you make?

Any kinds of changes that are available with site themes (good links: 1, 2), i.e.:

  • Colors – overall site color themes
  • Graphics, including banners at the top and sides of the page
  • Text font, size, color, placement

Additionally, site templates allow you to customize the behavior of default lists as well as the default lists that any site based on them starts with, including:

  • For any list: Default content, default columns, column defintiions, security, URL/path information, view, any other list setting available through “Modify settings and columns”
  • Lists’ appearance in the quick launch area
  • Upper banner navigation
  • Web Part Page libraries and Web Part Pages and their layouts
  • Default look and feel of default.aspx, not the layout of the web part page, but the web parts that are on it, and how they’re configured, including the default view into any list the list view web parts might point to

The only real trick to any of this is keeping in mind where each setting is, and how to go in and set those settings without messing with the proper ghosting of the pages in the template-creation site.

So, to start I make sure I have the right admin permissions to do what I need, then I usually pick whatever standard site definition is the closest match to the behavior of the site I want. If the site definition has been previously locked of out of display in my dev environment, I get my admin to unlock it in WEBTEMP.XML (a little more about that here, though this is for 2007). I then create a new site, usually in a specially designated site collection for building templates, using that site definition to create the site.

My company already put a bunch of time into properly creating some branded site themes for each of our operating companies, so I make sure those are installed in our dev environment, and I go ahead and apply it to the newly-create site. Then I go about primarily using the raw SharePoint GUI to make the site look as close as possible to what I want it to look like. The only things I generally don’t do in the GUI are editing the horizontal nav bar and potentially also editing the Quick Launch bar (these are for later with FrontPage 2003). So examples of changes here that I sometimes do are:

  • Delete the default Shared Documents document library, recreate one initially named “docs” so that’ll be the URL/path name, then go back and rename it to “Shared Documents”, do any tweaking necessary to columns and create a few useful, typical views based on some metadata or another.
  • Delete the default Issues list, and rename it for a better URL/path name. Add/subtract/edit metadata/columns as needed. Create an initial issue as a sample.
  • Edit the shared view of default.aspx and remove the default Windows SharePoint Services image web part entirely. Insert a Content Editor Web Part with some Javascript that overrides the horizontal nav bar with new text/links and hides the Site Settings behind some other web part page.

When going ahead and using FrontPage 2003, I open, for instance, the site and then default.aspx (make sure editing is enabled in ONET.XML). ONCE default.aspx is open, DO NOT CLICK SAVE or in any way save from this view. When you are done with changes here, just close the page without saving. It’s trippy, I know, but if you don’t do this right, you have to go back and use ghost hunter to undo your unghosting, which is a pain. Anyway, once FrontPage has opened default.aspx, just right-click and choose to edit properties of the various navbars you wish to edit. Use the in-FrontPage GUI to make the changes, click Apply and OK as needed, but DO NOT CLICK SAVE. Once this part is done, close FrontPage to deny yourself the temptation of clicking save.

If you do make a mistake and do click save, you can install the Web Part Toolkit from Blue Dog and then use the GhostHunter Web Part to find and reset any unghosted pages. I’ll defer to the developers’ documentation here for how to do that.

Now that, finally, your site looks exactly like it should, you save it as a template. To do that, go to Site Settings, then Go to Site Administration, and finally Save site as template. If you created any custom content while creating your template site, you need to save that to the template as well. Follow the prompts and your site will be saved to the site collection template gallery (a link will be provided). Follow that link and administer the template’s name there, download a copy as an *.stp file that can be copied to other SharePoint Farms (as long as the destination has the site definition you used to create the template, and the theme you used to create the graphical changes). You can also delete the template from the site collection site template gallery if you like.

If you want to deploy this to a virtual server’s site template gallery (and not have to deploy to every single site collection you may have, which could be quite a few), you can use the stsadm -o addtemplate and stsadm -o deletetemplate to add and subtract, and stsadm -o enumtemplates to list them. You can do this on any SharePoint farm server where SharePoint is installed, so Search, Index and Web Front End servers work. The changes you make affect the whole farm, but only go into effect on an iisreset. So you can single one server out in the farm, use host files to make sure you test against it, deploy your changes and test against that site after issuing an iisreset there, then do iisreset on the rest of the farm servers when you’re satisfied your deployment worked.

A word of warning: The list of active templates is displayed to uses and to the stsadm -o enumtemplates in the order they were added, so if you want the templates to display alphabetically, you need copies of all of the templates that are deployed, plus the one(s) you are deploying, and you need to add them in alphabetical order, by template title. There is no other way to sort them. We ended up writing a couple of utilities to do this. You could script such a thing, maybe working against an XML file that keeps track of site template titles, descriptions and template file names, with the cscript Windows Scripting Host and Javascript, or really handily in PowerShell, if you can install .NET 2.0 on your front end web servers.

Related Resources

Here are some related resources:


Feel free to leave questions in the comments!


I’m doing research today to answer multiple questions.


  1. I recreated my MOSS 2007 SSP a while back and now MySite creations aren’t working for anyone. It’s not working exactly like the discussion at Technet Forums. Still researching this one.
  2. On a related note, I need to nail down exactly how to create personalized MySite services scoped to a particular web application on the MOSS 2007 farm. No articles yet.
  3. How do we federate/rollup content (if possible, what’s best practice?) from multiple sites? Client has security policies that require internet/extranet servers/farms be separate from intranet servers/farms, but they also have a requirement (it’s thankfully more of a “nice to have”, since even they are not sure it’s possible) to make it so that a single user doesn’t have to go to multiple sites to see all of their content, especially their personalized content. I’m aware that this is possible in many ways in SharePoint, but not sure if any implementation is ideal. The first really helpful link I’ve found along these lines of thinking is Joel Oleson’s blog entry about managing Global and Multifarm deployments. Another good one from Mr. Oleson. I’m reading it right now.
  4. I have to do some research on the best ways to integrate outside LDAP, AD and custom-schema organizational directories for user information into MOSS 2007. No links there yet.
  5. I need to get on the stick and do Workflows in VS 2005 against WSS 3.0/MOSS 2007. I did try SharePoint Designer for my needs and while it does address most of them, one thing I couldn’t figure out how to do was to make a workflow that publishes documents across sites (up, down, sideways, between sites, subsites and unrelated sites). All I could figure out how to do was publish from one document library to another in the same site. There are other options:
    1. Major/Minor versions in Document Libraries: Probably the most elegant of the solutions, since it’s already built-in to SharePoint 2007, the major down-side is that this may be too complicated a new feature for users to learn given that check in/check out is already foreign to them (unless they’re developers). I know the pat answer is learn, but honestly that doesn’t cut any ice with client-focused business analysts. They have a point. The “learn” answer just offloads the effort on another group: either training or support. Not everyone is as technically focused as implementors are. Not everyone wants to learn a new feature every version upgrade just to do their jobs right.
    2. The Send-To->Other Location option on document libraries’ documents works just fine with Firefox 2.0 but barfs completely with IE7. See my discussion of it on the Microsoft Newsgroups (I think you’ll need a passport identity – alternate link via Google Groups) for more information. It’s possible I’ll call MS support about this, but only if the client says it’s critical path and means it. It’s too risky to burn a support call on a bug. I wish MS really provided other meaningful ways of reporting bugs.
  6. I also need to find out whether the helpful Weather and other free, useful, fuzzy good feelings web parts exist any more, like they do in SPS 2003. Weather’s a big request these days. If they’re a download/install I need to do that. No research here yet either.
  7. Finally, I asserted to a friend/co-worker a few days ago that from a programmer’s perspective, I can’t see why Perfmon would, as his manager asserted, bring a server to its knees. Given that in the programming I’ve done that does create Perfmon counter objects, I never check to see if any monitors are running, I just throw the stats over the wall for the OS to do with it as it will. The guy’s job would be made so much simpler if his manager relaxed about this, and I simply don’t have the resources myself to do the exhaustive system profiling and performance monitoring this might take to convince anyone. So maybe someone else has. No research here yet.

So what do you think? Do I have enough to do?

Installing .NET 3.0 on a balky workstation

So if you keep trying to install .NET 3.0 and keep getting an error during install (and looking at the Error Log link in the failure message refers to the Windows Communication Framework being missing), go look for a file named something like “dd_dotnetfx3install.txt” in your %temp% directory (in my case, that was at C:\Documents and Settings\[username]\Local Settings\Temp, but just open a command shell and type “echo %temp%” to find out what it is for your system/login). If THAT log shows something like:

[02/02/07,12:55:41] WapUI: ***ERRORLOG EVENT*** : DepCheck indicates Windows Communication Foundation is not installed.
[02/02/07,12:55:41] WapUI: Return for Windows Presentation Foundation indicates a successful installation. DepCheck indicates the component is installed.
[02/02/07,12:55:41] WapUI: Return for Windows Workflow Foundation indicates a successful installation. DepCheck indicates the component is installed.

Then you need to restart your workstation in Diagnostic mode with minimal services and then try the install. It should work.

Details are here in an obscure Microsoft forums post. The method I used, transcribed for your pleasure is as follows:

  1. Set your system to start in diagnostic mode with some additional services:
    1. Click Start, then Run..., then type msconfig. Click OK.
    2. Click the radio button to start your machine in Diagnostic Startup.
    3. Click the Services tab and enable the checkbox to the left of “Windows Installer“, “Plug and Play” and “System Restore“.
    4. Click OK. Authorize your system to restart.
  2. In Diagnostic Mode, do the .NET Framework 3.0 install:
    1. When your system restarts, click OK to acknowledge the msconfig popup warning and set the msconfig window aside (or close it and call it back later to set you system to boot normally).
    2. Now install the .NET 3.0 Framework. Install should go off without a hitch.
  3. Put your system back into Normal startup:
    1. When the installation is complete, recall or get back the msconfig window and set your workstation to Normal startup. Click OK.
    2. Authorize your system to restart.

You’re done!

IE 7’s friendly HTTP messages are unfriendly if you want IIS To do custom error messages

So IE7, by default, overrides Web Servers’ custom error messages with very helpful “friendly” reinterpretations of error messages. To turn these off through the UI, go to Internet Options -> Advanced, and disable “Show friendly HTTP error messages”.

Thanks, Microsoft!

Also found at: HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Friendly http errors (according to the Vista GP excel spreadsheet)

Miscellaneous research points from this morning

I have been negligent – bullet updates, but I’ll get around to the major stuff later

Since I fully expect next month to be a slow month, I should be able to catch up a little.


  • I am installing the Release bits of Microsoft Office 2007. I don’t know if I’ve already plugged CCleaner but I’m doing so again. I needed it because Office 2007 Beta 2 Technical Refresh didn’t uninstall entirely cleanly. An add-on I’d installed after the original install had to be manually removed, but it didn’t show up in my Add/Remove Programs, so CCleaner was instrumental in my being able to find an uninstall the bugger so I could go ahead with the install of the Release version.
  • It turns out that the extended problems I had properly creating the Shared Service Provider portion of MOSS 2007 were due to two factors:
    • I had neglected to complete the MOSS 2007 Beta 2 TR install properly. I’ll go back to that article and add the details in, but instead of running the configuration wizard right away, I should instead have uninstalled Windows Workflow Framework from Add/Remove Programs, installed the .NET 3.0 Framework RC bits and then run the connfiguration wizard.
    • I wasn’t thinking about permissions and rights properly so was creating the app pool for the Web Application that was to support the SSP with Network Service as the ID, which of course has a different PID/GUID on each machine so wasn’t mapping to the Network Service ID on the database server (2-server setup). What I should have done was create the app pool with a domain account ID that had sufficient perms on both boxes and on the SQL Server itself. It never ceases to amaze me how my mind will just drop stuff. This stuff holds for SharePoint 2003 too and I know that cold, but I just didn’t make the leap to apply it to my knowledge of MOSS 2007. Duh.
  • So I need to blog permissions articles that have been popping up on Technet/MSDN lately.
  • I also need to update on my/my company’s progress in fixing (or trying to fix) the Full Text Search in our production deployment of SharePoint 2003. Client still not interested in calling Microsoft Product Support Services. Now it looks like it might have to do with the Cluster configuration and the FTDATA folder. If it isn’t that, not only am I, but my company is tapped out and it is totally time to stop playing political games and djust call Microsoft PSS.
  • There are some links I found to training materials that I’ll also blog (I’ve been doing research on behalf of my client’s Training department).
  • I’ll be working on customizing my company’s portal soon, and doing a little mini-app with a guy based in the Richmond office, so we’ll see how well the development/customization process on MOSS 2007 collaborates. More updates there, hopefully by next week.

Anyway, been terribly busy, too busy, perhaps, to blog, but I’ll try to return to it, because taking notes is important to me, and putting it here means I can find it whereever I have Net access, and maybe it’ll help out other folks too.