MOSS 2007 server farm architecture links

All in all, it looks like MOSS 2007 server farms consist of:

  1. Front End Web Servers – (low storage, hosting IIS, SharePoint and any custom web parts/custom site definitions/templates – this is a guess)
  2. Application Servers – (high storage, hosing IIS, SharePoint and indexes for search – again a guess)
  3. Database Server – (hosting the content and configuration databases)

Sounds like MOSS 2007 is in general way more flexible and configurable in Server Farms than SPS 2003 (with its three major themes of “supported configurations”).

Don’t miss all the planning you should be doing vis a vis Server Farm Architecture as you design your environments:
Planning worksheets for Office SharePoint Server 2007

Also, the configurations of the Shared Service Provider(s) give you a lot of flexibility.

Unfortunately, it looks like most of the Technet articles are still TBD (to be written), but I found one that was decent:
Determine hardware and software requirements (Office SharePoint Server)

Also, my Systems Engineer homie at my workplace sent me a lot of very interesting seeming audio-briefing links:
TechNet Events: Supporting Materials

Creating new My Site hosts for MOSS 2007

If you should happen to recreate your SSP or your MySite host in MOSS 2007, you may find that the wizard that helped you out the first time with properly configuring your MySites host may have flown the coop and you’re left at sea about how to proceed. I know I was.

On trying to create a new My Site (for a user that doesn’t already have one), typical error messages will tell you that Self-Service Site Creation is disabled, or that there was an error in creating your personal site. Both error messages will entreat you to contact your administrator.

Here’s the full scoop on creating a My Site host in MOSS 2007 by hand from the ground up (i.e. at Web application creation on up):

Prepare new web application to take up My Site host duties:

  1. Create a new web application (e.g. http://mossdev1:25000/)
  2. Inspect Managed Paths for the new web application. You should already have:
    1. (root) - Explicit inclusion
    2. sites - Wildcard inclusion
  3. Delete managed paths:
    1. sites - Wildcard inclusion
  4. Create managed paths:
    1. personal - Wildcard inclusion
    2. mysite - Explicit inclusion
  5. End state for managed paths should be:
    1. (root) - Explicit inclusion (thanks to imsaurabh for catching this!)
    2. personal - Wildcard inclusion
    3. mysite - Explicit inclusion
  6. Create a site collection at /mysite/ managed path. This will use a My Site Host template:
    1. Choose correct web application (e.g. http://mossdev1:25000/)
    2. Title: My Site Host (doesn’t matter, really)
    3. URL: http://mossdev1:25000/mysite (no fill-in because path is explicit in managed paths)
    4. Template: Enterprise (tab) -> My Site Host
    5. Specify primary and secondary administrators.
    6. Click OK.
  7. Create a blank site collection at the / managed path to enable self-service site creation:
    1. Choose correct web application (e.g. http://mossdev1:25000/)
    2. Title: Blank site (doesn’t matter, really)
    3. URL: http://mossdev1:25000/ (no fill-in because path is explicit in managed paths)
    4. Template: Collaboration (tab) -> Blank Site
    5. Specify primary and secondary administrators.
    6. Click OK.
  8. Enable Self-Service Management. Choose from Application Management -> Application Security.

Now that you’ve created the host, here’s how to make sure it works properly in the SSP’s My Site Settings:

  1. Navigate to My Site Settings (go to your SSP’s admin pages, it’s the 3rd link in the 1st section).
    1. For form’s sake, inspect the Preferred Search Center entry. This URL should end in /SearchCenter/Pages/.
    2. Set Personal Site Services to http://mossdev1:25000/mysite/. Note that this points to the URL for the explicit inclusion path and My Site Host Template site collection you created above.
    3. Set Personal site Location into just personal. Note that this points to the URL (after SharePoint puts context to it) for the Wildcard inclusion managed path you created above.
    4. Choose the 2nd Site Naming Format: User name (resolve conflicts by using domain_username).
    5. Enable Allow user to choose the language of their personal site.
    6. Disable My Site to support global deployments.
    7. Default Reader Site Group: NT AUTHORITY\authenticated users.

Now try to navigate to your MySite link and you should be golden. Creation should go just fine.

Good luck!


I’m doing research today to answer multiple questions.


  1. I recreated my MOSS 2007 SSP a while back and now MySite creations aren’t working for anyone. It’s not working exactly like the discussion at Technet Forums. Still researching this one.
  2. On a related note, I need to nail down exactly how to create personalized MySite services scoped to a particular web application on the MOSS 2007 farm. No articles yet.
  3. How do we federate/rollup content (if possible, what’s best practice?) from multiple sites? Client has security policies that require internet/extranet servers/farms be separate from intranet servers/farms, but they also have a requirement (it’s thankfully more of a “nice to have”, since even they are not sure it’s possible) to make it so that a single user doesn’t have to go to multiple sites to see all of their content, especially their personalized content. I’m aware that this is possible in many ways in SharePoint, but not sure if any implementation is ideal. The first really helpful link I’ve found along these lines of thinking is Joel Oleson’s blog entry about managing Global and Multifarm deployments. Another good one from Mr. Oleson. I’m reading it right now.
  4. I have to do some research on the best ways to integrate outside LDAP, AD and custom-schema organizational directories for user information into MOSS 2007. No links there yet.
  5. I need to get on the stick and do Workflows in VS 2005 against WSS 3.0/MOSS 2007. I did try SharePoint Designer for my needs and while it does address most of them, one thing I couldn’t figure out how to do was to make a workflow that publishes documents across sites (up, down, sideways, between sites, subsites and unrelated sites). All I could figure out how to do was publish from one document library to another in the same site. There are other options:
    1. Major/Minor versions in Document Libraries: Probably the most elegant of the solutions, since it’s already built-in to SharePoint 2007, the major down-side is that this may be too complicated a new feature for users to learn given that check in/check out is already foreign to them (unless they’re developers). I know the pat answer is learn, but honestly that doesn’t cut any ice with client-focused business analysts. They have a point. The “learn” answer just offloads the effort on another group: either training or support. Not everyone is as technically focused as implementors are. Not everyone wants to learn a new feature every version upgrade just to do their jobs right.
    2. The Send-To->Other Location option on document libraries’ documents works just fine with Firefox 2.0 but barfs completely with IE7. See my discussion of it on the Microsoft Newsgroups (I think you’ll need a passport identity – alternate link via Google Groups) for more information. It’s possible I’ll call MS support about this, but only if the client says it’s critical path and means it. It’s too risky to burn a support call on a bug. I wish MS really provided other meaningful ways of reporting bugs.
  6. I also need to find out whether the helpful Weather and other free, useful, fuzzy good feelings web parts exist any more, like they do in SPS 2003. Weather’s a big request these days. If they’re a download/install I need to do that. No research here yet either.
  7. Finally, I asserted to a friend/co-worker a few days ago that from a programmer’s perspective, I can’t see why Perfmon would, as his manager asserted, bring a server to its knees. Given that in the programming I’ve done that does create Perfmon counter objects, I never check to see if any monitors are running, I just throw the stats over the wall for the OS to do with it as it will. The guy’s job would be made so much simpler if his manager relaxed about this, and I simply don’t have the resources myself to do the exhaustive system profiling and performance monitoring this might take to convince anyone. So maybe someone else has. No research here yet.

So what do you think? Do I have enough to do?

Miscellaneous research points from this morning

Simple read-write connection of a database table (non-SharePoint) to a DataView Web Part in MOSS 2007

Test this out/play with it in a test area. Don’t do this in production. Duh.


  • SQL Server 2005
  • SharePoint v3 (I don’t honestly know, but I think just WSS 3.0 w/o MOSS 2007)
  • SharePoint Designer 2007
  • A SQL account with db_datareader and db_datawriter permissions on the database in question, and the account’s password
  • A table in the database with a primary key
  • Sufficient SharePoint rights to use SharePoint Designer to create DataViews on Web Part Pages somewhere

(Italics are steps added after MS Support helped me out with this.)

  1. Make sure you have the SQL account name and password at the ready (for this example, account is sqlmossupdatetest)
  2. Make sure you know the SQL Server name/instance name (if any – for this example, the server name is DEV1 and the instance name is MOSS)
  3. Make sure that the table in the database has an autoincrementing primary key (Column settings for this are related to Identity properties w/in SQL Management Studio).
  4. Create a new Web Part Page in one of your document libraries. Exit Edit Mode.
  5. Open the site where your Web Part Page resides in SharePoint Designer 2007.
  6. Next, open up the Web Part Page you just created by browsing to it and double-clicking it in SharePoint Designer.
  7. In SharePoint Designer’s default upper right toolbox pane, choose the Data Source Library tab.
  8. Under the Database Connections group, click the link for Connect to a database…
  9. Click the Configure Database Connection… button.
  10. In the server name textbox, type the server name, or server name\instance name if you’ve got an instance name (i.e. in my case, it was DEV1\MOSS).
  11. Keep Microsoft .NET Framework Data Provider for SQL Server for the Provder Name.
  12. For Authentication choose (not very secure) the first radio button, Save this username and password in the data connection, and enter the username and password you have in the Database.
  13. Click Next. If you get an alert about how other authors can see the user/password information, click OK.
  14. Choose the proper Database and Table for your Data View.
  15. Click Finish. Then click OK.
  16. Click and drag the new Database Connection to a Web Part Zone in your Web Part Page.
  17. Use the right menu-arrow on the Data View Web Part to bring up the menu items for the web part and choose Edit Columns… .
  18. Remove the Identity/PK column from the Display section. Click OK. 
  19. Use the right menu-arrow on the Data View Web Part to bring up the various menu items for the web part and choose Data View Properties… .
  20. Choose the Editing tab and enable the checkboxes for Show edit item links, Show delete item links & Show insert item links.
  21. Save the page in SharePoint Designer and click Yes if prompted about changing the site definition.
  22. Close SharePoint Designer and refresh the Web Part Page in IE. Be sure to populate your ID field with a unique value. Obviously this cries out for more work to actually dynamically create a unique key, etc.

Update: Oddly enough, while T-SQL INSERTs & DELETEs seem to work, UPDATEs don’t, so I’m now digging further and seeing whether I can write custom SQL in the connection definition to do the UPDATE properly.

Update 2: A support ticket (via my employer, a Microsoft Gold Manged Regional Partner) has been opened about the UPDATEs issue. I’ll report back when we have a fix.

Update 3: The support issue is closed. The issue with updates was caused by trying to edit the PK value. To keep the web part from trying to edit/update the PK value, you remove it from sight and then it doesn’t bother with trying to change it on update, so the update is successful. I added a couple of steps to the procedure to do that. Also, I forgot to say that I brought up the question of documentation for custom SQL and apparently there is no such documentation currently at MS for the Parameters features.

Getting MOSS 2007 RTM Backup to work when your SQL Database is one you don’t control

In this post I will be somewhat generic about my machine names and account names. This is partly to keep me in form and not thinking too specifically about my special situation and partly for security reasons. I don’t believe in security through obscurity but I also don’t believe in making it extra easy for an attacker to get the first steps of the puzzle for free.

Configuration of my MOSS 2007 RTM install in development:

  • 1 Server that serves all databases to all development environments (Call it SQLDEV1).
    • I have a specific instance (Call it MOSD) in which I can put all my various MOSS databases and my domain user account (Call it DOMAIN\myuser) is a security admin and dbcreator in the Server.
    • Since I used my domain user account (DOMAIN\myuser) to give all the various configuration services and app pools and datbases an ID during initial setup/configuration of MOSS 2007, I (DOMAIN\myuser) am also dbo on all the MOSS databases in the instance.
    • Additionally, it should be noted that on SQLDEV1, the MSSQLSERVER service is running as one domain user account (Call it DOMAIN\dbuser1), and the instance (MOSD) is running as another (Call it DOMAIN\dbuser2).
  • 1 Server that has all the MOSS 2007/.NET 2.0/.NET 3.0 WFX installs (Call it MOSSDEV1).
    • On this machine, my user account (DOMAIN\myuser) is a local administrator. I also have some additional rights that allow me to log into the machine remotely with a terminal services client.
    • It was a precondition to my getting these rights that I set up the MOSS 2007 install so that all configuration aspects that required local admin access be set up with my domain account’s ID (DOMAIN\myuser). I know this isn’t ideal in some respects, but it seems to work okay in this development environment. This will be the main factor in making this blog entry not be entirely helpful in debugging YOUR configuration problem, but I hope it’ll help anyway.

With no additional special steps, I couldn’t get MOSS 2007’s Operations interface to successfully back up the Farm (via the Central Administration: http://your_server:your_port/_admin/Backup.aspx). I kept getting some progress, but each and every actual site collection failed with a failure message ending in “Operating system error 5(Access is denied.). BACKUP DATABASE is terminating abnormally.” [It should be noted that I was previously getting an error 3, which appeared to be tied to using a non-UNC path in the Backup Location field.]

The steps necessary for me to get it all working were:

  1. Create a shared folder on the system for where you want the backups to go. (i.e. \\MOSSDEV1\Farm Backups\).
  2. Add full control permissions to this share for all three accounts: The service account for MSSQLSERVER on the database server (DOMAIN\dbuser1), the service account for the database instance hosting the content/configuration databases (DOMAIN\dbuser2) and the service account running the MOSS 2007 application pool (my guess of the most likely suspect in this operation – DOMAIN\myuser).
  3. Use the share name you created in the Backup Location text box in the 2nd step of the Backup configuration in Central Administration (i.e. \\MOSSDEV1\Farm Backups\)

I had been using the Admin’s traditional UNC path (i.e. \\MOSSDEV1\d$\Farm Backups\) without explicitly sharing a folder, but that tripped me up, because the SQL Server service account IDs were not Local Admins on the MOSS 2007 box (i.e. MOSSDEV1).
Also it took a bit of digging and asking my DBAs about the service account identities for the SQL Server.

My main reference is about SQL Server Backup in the Microsoft KB #255235.

Updated older MOSS 2007 Beta2TR Install article

After finally managing the install and setup correctly in my own deployment last week, I just updated the article on this blog with the newest information I needed to completely the install properly and make everything ship-shape (or close enough for jazz).

I have been negligent – bullet updates, but I’ll get around to the major stuff later

Since I fully expect next month to be a slow month, I should be able to catch up a little.


  • I am installing the Release bits of Microsoft Office 2007. I don’t know if I’ve already plugged CCleaner but I’m doing so again. I needed it because Office 2007 Beta 2 Technical Refresh didn’t uninstall entirely cleanly. An add-on I’d installed after the original install had to be manually removed, but it didn’t show up in my Add/Remove Programs, so CCleaner was instrumental in my being able to find an uninstall the bugger so I could go ahead with the install of the Release version.
  • It turns out that the extended problems I had properly creating the Shared Service Provider portion of MOSS 2007 were due to two factors:
    • I had neglected to complete the MOSS 2007 Beta 2 TR install properly. I’ll go back to that article and add the details in, but instead of running the configuration wizard right away, I should instead have uninstalled Windows Workflow Framework from Add/Remove Programs, installed the .NET 3.0 Framework RC bits and then run the connfiguration wizard.
    • I wasn’t thinking about permissions and rights properly so was creating the app pool for the Web Application that was to support the SSP with Network Service as the ID, which of course has a different PID/GUID on each machine so wasn’t mapping to the Network Service ID on the database server (2-server setup). What I should have done was create the app pool with a domain account ID that had sufficient perms on both boxes and on the SQL Server itself. It never ceases to amaze me how my mind will just drop stuff. This stuff holds for SharePoint 2003 too and I know that cold, but I just didn’t make the leap to apply it to my knowledge of MOSS 2007. Duh.
  • So I need to blog permissions articles that have been popping up on Technet/MSDN lately.
  • I also need to update on my/my company’s progress in fixing (or trying to fix) the Full Text Search in our production deployment of SharePoint 2003. Client still not interested in calling Microsoft Product Support Services. Now it looks like it might have to do with the Cluster configuration and the FTDATA folder. If it isn’t that, not only am I, but my company is tapped out and it is totally time to stop playing political games and djust call Microsoft PSS.
  • There are some links I found to training materials that I’ll also blog (I’ve been doing research on behalf of my client’s Training department).
  • I’ll be working on customizing my company’s portal soon, and doing a little mini-app with a guy based in the Richmond office, so we’ll see how well the development/customization process on MOSS 2007 collaborates. More updates there, hopefully by next week.

Anyway, been terribly busy, too busy, perhaps, to blog, but I’ll try to return to it, because taking notes is important to me, and putting it here means I can find it whereever I have Net access, and maybe it’ll help out other folks too.

Search Link Salad

Stuff for me to remember based on current research (more about searching in WSS 2003, but am finding links related to future configurations of SPS2003 or MOSS 2007 search):

Some documents are not returned in the search results when you use the Advanced Search feature in SharePoint Portal Server 2003 to search for content that has a custom property

How to determine if Windows SharePoint Services or if FrontPage Server Extensions is in use in IIS

MOSS 2007 Beta 2 Technical Refresh Install – Slipstreaming the Technical Refresh and by the way, you’ll be needing these exact .NET/WWFX installs too

Okay, so Wednesday and Thursday were my days for installing MOSS 2007 Beta2TR on our pilot servers.

I followed Steve Smith’s excellent PDF-based instructions for “slipstreaming” the Technical Refresh updates into the normal install files for MOSS 2007 Beta 2, and then prepared a DVD-ROM with those files and the .NET 3.0 CTP release, which I’d mistakenly thought were the right .NET framework and Windows Workflow Framework installs to carry out before installing MOSS 2007 Beta 2 TR.

It turned out the .NET 3.0 CTP release was the wrong choice.

What you really need are the .NET 2.0 Redistributable Framework (x86 or x64) and the appropriate install for Microsoft® Windows® Workflow Foundation Runtime Components Beta 2.2 and Visual Studio® 2005 Extensions for Windows Workflow Foundation Beta 2.2 (you choose x86 or x64 near the bottom of the web page). I found this out in the comments to this post on the A Marvellous Point blog.

With these pre-installed, the MOSS 2007 Beta 2 with slipstreamed Technical Refresh went perfectly, but I must admit I’m not done with the configuration portion of the work. Lord willing, that’s coming on Tuesday.

Update (11/27/2006)
I know that the Release bits will be out soon, but this may help folks still trying to install the Beta (which I think is still good until February 2007, if I remember correctly).

So it turns out that the 3.0 .NET framework (workflow) was the right choice, but I applied it too soon.

The best URL for the proper install procedure that I could find was on Technet, and it was hard to read and puzzle out, so here’s the read I give it. This series of steps ended up working for my MOSS 2007 Beta 2 Technical Refresh Install entirely:

The other gotcha I’ve already mentioned but it would be wise to keep an eye out for is that if you are running SQL Server on another box, then the same advice for SPS 2003 holds here, which is that your SharePoint Service accounts should be domain accounts, as should be the Identities you run your Web Applications, since you need to grant that account access on the SQL Server. Remember, kids, that the Network Service account has a different, unique, random PID on each server, so you can’t expect a Network Service on one server to authenticate correctly on another.