SQL Server Connection Error 18452 Caused by “User must change password at next login” setting

Situation:

  • In an isolated dev environment set up to enable Kerberos in SharePoint 2007 and SQL Server 2005, a single VM Server for the DC, one for the SQL Server and one for the SharePoint Web Front End, developers were unable to create custom databases in the SQL Server instance and use SQL Server local logins to connect to those databases with ODBC.
  • Tests with generic UDL shortcuts (ODBC) failed with the error “Login failed for user “<username>”. The user is not associated with a trusted SQL Server connection.” upon clicking “Test Connection” button.

Carried out the following tests:

  • Made sure we had the right password for the testing account. If needed, can change passwords this way.
  • Made sure that the Database instance was set to support both SQL Server and Windows Integrated Authentication (this is what the majority of Google hits for this problem suggested).
  • Checked some Registry settings:
  • Made sure that SQL @@servername was correct (select @@servername executed as a query helps with this. Google can help provide more details).
  • Checked SQL Logs for more information (found Error 18452 after each connection failure)
  • The term “trusted connection” suggested that the issue might be with Kerberos even though we were using local accounts, so I also checked for the “Integrated Security” connection string value per discussion here.
  • Finally went through the UDL shortcut configuration again, and found an interesting phenomenon. If you click the “Test Connection” button you get the generic trusted connection error. But, if you click the drop-down list for selecting the database you want to connect to, you get a very applicable error message.

The fix for this problem is to go back into the SQL Server Management Studio, edit the properties for the local user and first enable “Enforce Password Policy” for the user, THEN uncheck all of the options including “Enforce password expiration” AND “User must change password at next login”.

Getting WebDAV to work for Windows Network Providers against SharePoint 2007

The picture is not entirely complete here, but I made a lot of progress with this as an open (now closed) troubleshooting ticket with Microsoft.

The short summary is that using a Microsoft whitepaper (linked to below), I could get Windows XP SP2 workstations to work properly opening an Explorer View to a SharePoint 2007 farm’s document library, I had a bunch of other problems to surmount when trying to get a Windows Server 2003 SP2 system to do the same. The rest of this post is about other methods for troubleshooting and fixing the situation.

Continue reading Getting WebDAV to work for Windows Network Providers against SharePoint 2007

Kerberos and SharePoint 2007 notes

Recently we had cause to do a whole lot of research ourselves and end up calling Microsoft to get our implementation vetted and troubleshot (it was not working – all or almost all connections that should have been Kerberos connections were degrading back to NTLM).

Here are the salient notes and facts about troubleshooting and achieving the ultimate goal (having Kerberos working with our systems).

Best Bets and an unhelpful error

I don’t like to do exactly the same blog entry that someone else did, but the other blog entry was from 2007 and I just encountered the problem myself. Thank g-d for Google.

Anyhow, if you have a web application with no site at the root managed path, adding a best bet to a site collection on some other managed path will pop up a window that says,

Error

The search service is currently offline. Visit the Services on Server page in SharePoint Central Administration to verify whether the service is enabled. This might also be because an indexer move is in progress.

The way to fix it is to create a site collection at the root managed path. Or probably upgrade to SP1.

Yes, I know the error is completely unhelpful. I found it so as well.

MOSS 2007 – Setting up a Search Center as a subsite to a Team Site-based Site Collection

Creating a Search Center as a subsite Search Center for a Team Site site collection didn’t seem to create or properly hook up a People Search Results page within that Search Center for the People Search Scope. Doing a People search after having ONLY created a Search Center and set the Site Collection to use it for “richer results” comes up with an HTTP 404 error on the People Search results page.

Here’s how to create that full functional pipeline WITHOUT SharePoint Designer (to create the people search results page where SharePoint’s expecting it to be), thank you very much.

This may help you with defining additional site scopes and dedicated landing pages for their results too, assuming you also have a Search Center deployed.

WARNING: If you do this, you will end up renaming the Home tab in your horizontal nav bar to whatever your top level site’s name is, and the only way to get it back (short of SharePoint Designer) will be to disable the Office SharePoint Server Publishing Infrastructure feature at the Site Collection level. This may be okay with you and your users or not, depending on how much tweaking you intend to do through that feature/interface.

  1. (Optional) Create Site Collection with Team Site top level site. Do this if you just want to proof it out. Otherwise, if you already have a site collection you want to do this with, start at steps 2 or 3 below, depending on what you’re starting with.
    1. Do this operation in the Application Management tab of Central Administration.
    2. Under the SharePoint Site Management section, click the “Create site collection” link and follow the prompts from there.
  2. (Optional) Create Search Center Subsite (w/o Tabs). This assumes you haven’t already got a Search Center subsite or site collection to work with.
    1. Do this operation within the top level site you just created. This may work in other contexts too, but I have not tested those.
    2. Choose the “Search Center” option under the Enterprise tab when choosing a site definition.
    3. I chose not to list the subsite in the Quick Launch, but I did choose to list it in horizontal navigation and to use the parent site’s horizontal navigation. If you choose different settings, know these may affect your site collection’s behavior.
  3. Assign Search Center as Search Center target for top level site.
    1. Do this operation within the top level site you just created.
    2. Go to Site Actions -> Site Settings, then click Search settings under the Site Collection Administration section all the way to the right.
    3. Provide the path starting with the end of the FQDN to the search center’s simple URL (e.g. if the top level site iat http://example.com/sites/tls/sc, then input /sites/tls/sc into the textbox.
    4. Click OK button.
  4. NOTE: If you’re starting with the same assumptions I am and you test the People search scope now, you should receive a 404 error, regardless of whether your crawls are working. This indicates the lack of a proper results web part page for the results to go into.
  5. Enable Office SharePoint Server Publishing Infrastructure Feature and Office SharePoint Search Web Parts Feature (not entirely sure this is required) on Site Collection.  (Enabling the first feature here will change your Home Tab in horizontal navigation to the Top Level site name.)
    1. From top level site, choose Site Actions -> Site Settings.
    2. In Site Collection Administration section, click the “Site collection features” link.
    3. Click “Activate” button to right of Office SharePoint Server Publishing Infrastructure Feature item.
    4. Click “Activate” button to right of Office SharePoint Server Search Web Parts Feature item.
  6. (Optional) If you don’t want the potentially confusing changes to the Site Actions menu to impact the top level site, immediately disable the Office SharePoint Server Publishing Feature on the top level site.
    1. In the top level site, go to Site Actions->Site Settings->Modify All Site Settings.
    2. Under the Site Administration (NOT the Site Collection Administration) section, click the “Site Features” link.
    3. Click the “Deactivate” button to the right of the Office SharePoint Server Publishing Feature item.
  7. (Optional) Enable Office SharePoint Server Publishing Feature on Search Center Site. You may not have to do this, as it may be auto-enabled when the Site Collection Features are enabled. An easy way to tell whether this feature is activated on a site or subsite is by looking at the Site Actions menu. If it’s just 2 or 3 items (depending on the page you access it from): Create, sometimes Edit Page, and Site Settings, then you know this feature is not enabled. If instead it’s a huge menu with multiple fly-out submenus, then you know the feature is already enabled on that site.
    1. Go to Search Center site.
    2. Click Site Actions -> Site Settings and in Site Administration section, click Site features link.
    3. Click “Activate” button to right of Office SharePoint Server Publishing Feature.
  8. Create new page in Search Center for People Search Results.
    1. Click Site Actions -> Create Page
    2. Create a page called peoplesearchresults.aspx. Save it where the dialogue lets you save it. Probably Pages/*.aspx.
    3. Choose the “(Welcome Page) Blank Web Part Page” Page Layout.
    4. Click “Create” button.
  9. Add appropriate People Search result web parts to new page.
    1. On created page, if not already in page edit mode, choose Site Actions -> Edit Page
    2. Add appropriate web parts, put them on the page in appropriate places and modify their web part settings to suit. I chose:
      • Header: People Search Box
      • Center: Search Statistics, Search Paging [1], Search High Confidence Results, People Search Core Results, Search Paging [2]
      • Center Right: Search Best Bets
    3. Click Publish button to finalize edits to web part page.
  10. Edit Search Scopes on Site Collection.
    1. Go to your top level site.
    2. Choose Site Actions -> Site Settings.
    3. In the Site Collection Administration section, click “Search scopes” link.
  11. Copy “People” Search Scope (default) to a copy for the Site Collection.
    1. Use drop-down menu on “People” Search Scope and choose “Make Copy”
  12. Edit the “Copy of People” Search Scope to set proper results page URL and change name (can’t just be “People” as that name’s already taken).
    1. Use drop-down menu on Copy of People and choose “Edit Properties”.
    2. Click “Change scope settings” link on next page.
    3. Change Title to something descriptive that isn’t “People”.
    4. Enable or Disable the Display groups you want for this scope.
    5. Specify the target results page you just created. Start relative url at the search center’s root. So if, for example, the search center is at http://example.com/sites/tls/sc/ and your results page ias at http://example.com/sites/tls/sc/Pages/peoplesearchresults.aspx, use the value “/Pages/peoplesearchresults.aspx” in the Target results page textbox.
    6. Click the “OK” button.
  13. Remove default “People” Search Scope from Site’s selectable scopes.
    1. Go to the Search Scopes settings page in the top level site (Site Actions -> Site Settings -> Site Collection Administration -> Search Scopes)
    2. If you’re using default Display Groups, you should have “Search Dropdown” and “Advanced Search”
    3. For each display group click the hyperlinked name of the group in the grey bar, labelled “Display Group” (e.g. for Search Dropdown, click the hyperlinked Search Dropdown in the phrase “Display Group: Search Dropdown (3)” (or some other number) in the grey title bar just above the list of scopes active for that display group).
    4. In the Edit Scope Display group page, uncheck the Display checkbox to the left of the People scope name.
    5. Click the OK button.
    6. Repeat this for any other applicable Display Group you have in Search Scopes.
  14. Let your crawls happen. The settings you made won’t be reflected in your sites until after the next crawl. If you have access to the SSP, you can reinitiate crawls to try to rush the process and make it happen immediately.
  15. Retest. Hopefully you’re all hooked up now.
  16. If everything is hooked up and you don’t want the publishing infrastructure and you want your Home tab back, you can now disable the Site Collection feature.
    1. Go to your top level site. Go to site settings (Site Actions -> Site Settings).
    2. Under the Site Collection Administration section, click the “Site collection features” link.
    3. Click the “Deactivate” button to the right of the Office SharePoint Server Publishing Infrastructure Feature.

If not, don’t come crying to me!

Actually, I’ll be happy to try to help, but keep in mind that I don’t have a lot of spare time.

Global Navigation changed after enabling Publishing Infrastructure

So before I enabled the Publishing Infrastructure feature, the top nav bar tabs showed the leftmost tab reading “Home”. After enabling it and later disabling it, the leftmost tab read as the site title (as set in the site settings). Great but all my functional tests are written to search for the tab reading “Home”. So I tried to edit that Global Navigation header in the Navigation settings in Site settings and the Edit… option is not available for that heading.

Seems I need to change the site title or hack the navbar in a combination of SharePoint UI and SharePoint Designer (not my first choice).

Oversetting Upload Size Limits in Windows SharePoint Services 2003 – BAD

We set our upload size limit to 40,000 megabytes on our Virtual Server settings.

You access this setting in Windows SharePoint Services Central Administration -> Configure Virtual Server Settings -> [Select Virtual Server] -> Virtual server general settings -> the setting is in Maximum Upload Size. (default is 50 megabytes)

This was very bad. Apparently if the setting is set too high, it’s essentially interpreted to be zero by the application.

Once this happened, not only did we get the upload size error, “The form submission could not be processed because it exceeded the maximum length allowed by the Web administrator.” for any size file, but also, we got the Explorer View error, “Explorer View requires Internet Explorer 5.0 or greater and Web Folders.”

A better really huge setting that ended up working for us was 10,000 megabytes.

Enabling the KPI Lists feature in SharePoint 2007

I had to blog around to find this. I had a site collection that didn’t have the KPI list available under custom lists, and I wanted to enable it.

Blogs/forum posts:

Required:

  • SharePoint Server 2007 Enterprise
  • Enable Enterprise Features in Central Administration (Operations Tab)
  • Enable Features on Existing Sites in Central Administration (Operations Tab)
  • Enable Enterprise Features on the Site Collection where you want the KPIs (Site Collection Administration)

Now you can find the KPI List as one of the options under Create -> Custom Lists in your site.

Images:

Central Administration, Operations Tab, Upgrade and Migration section
Figure 1 - Central Administration, Operations Tab, Upgrade and Migration section

Figure 2 - Site Collection Site Settings, Site Collection Administration section, Site collection features link.
Figure 2 - Site Collection Site Settings, Site Collection Administration section, Site collection features link.

Figure 3 - Site Settings, Site Collection Features page, with Office SharePoint Server Enterprise Site Collection Feature enabled.
Figure 3 - Site Settings, Site Collection Features page, with Office SharePoint Server Enterprise Site Collection Feature enabled.

DCOM 10016 errors

Because my systems admin reminded me while cleaning out the logs for our new load test environment, here’s how you can fix them on your WSS box.

This is something an old colleague and I found out in October of last year, found on a blog entry from Søren Nielsen from April of last year.

It involves fixing your Component Services configuration on the offending server, but it’s not too hard.