Tag Archives: MS20331

MS20331 Core Solutions of Microsoft SharePoint Server 2013 Training – Day 5

Yesterday was 5th and last day of 5 day SharePoint training I attend. I’m posting my crude notes from this training with intent to review and transform them into more meaningful/readable posts later.\n\nLast day covered backup and restore, logs and NLB (we added 4th VM and tested basic NLB scenario).\n\nSearch Service application settings.\n\nContent Sources. Indexing file share.\n\nTarget server with share with Manage auditing and security logs right for crawl service account.\n\nSP backup.\n\nService Application – SQL Service DB\nServer/Farm – SQL DB SharePoint_Config\nWeb App – SQL DB\nSite Collection\nSite\nLibrary\nFolder\nDocument\n\nGranular/Item level backup without SQL restore. Recycle bin – Site level and below. 2×30 days. Recucle bin can restore sub-sites.\n\n2 levels.\nSite Settings > Site Collection Administration > Recycle Bin\n\nEnable / Disable Recycle Bin on Site Collection level.\n\nBackup settings – in CA > Backup and Restore. Granular backup available in GUI but granular restore requires\n\nImport-SPWeb (imports web, list or library\nRestore-SpSite (restores a site collection), riquires SA rights on SQL server level (a bit too much of rights I guess :))\n\nBack up web App – database backup doesn’t include settings (IIS etc.)\n\nBackup-SPFarm – cretes back up of an individual db, Web application, or the entire farm.\n\nBest way to entire Web app is backing upp SQL DB. Especially because of ability to Restore data from an unattached database in SP.\n\nhttps://technet.microsoft.com/en-us/library/cc262410.aspx\n\nLoad balancing / SP farms\n\nAdding additional SP server to Farm. Now you need that passphrase you specified when installing first SP server.\n\nNLB options: DNS roundrobin or SP configuration\nAdd NLB feature on Windows Server\n\nSQL Server Mirroring / Always On (Mirroring will be predominantly used, clustering support disontinued)\n\nMonitoring\n\ncorrleation ID useful for searching details in logs\n\nLog files location:\nC:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions12LOGS\n\nULS Log Viewer\nhttps://ulsviewer.codeplex.com/\nULS Viewer\nhttp://www.microsoft.com/en-us/download/details.aspx?id=44020\nWSP file can include: features, WFs, …\n\nSP branding requires CSS knowledge.

MS20331 Core Solutions of Microsoft SharePoint Server 2013 Training – Day 4

\n\nWe gradually reaching end of this 5 day course and day 4 was focused on User Profile Service and Search. Those are two big features, especially search. Though from indexing flow and search sub-components architecture it is normal full fledged search and my previous experience with Autonomy IDOL was somewhat handy for understanding this.\n\nService applications were introduced in Microsoft SharePoint Server 2010, replacing the Shared Service Provider architecture of Microsoft Office SharePointServer 2007. Service applications provide a flexible design for delivering services, such as Managed Metadata or PerformancePoint, to users who need them.Microsoft SharePoint Server 2013 includes more than 20 services, some of which are new to this version, whereas others are enhanced.In planning and configuring service applications, it is important that you understand the dependencies, resource usage, and business requirements for each.\n\nSharing, or federation, of service applications covered in more detail in course 20332B: Advanced Solutions of Microsoft SharePoint Server 2013.\n\nKey components and topologies for SharePoint Server 2013 service application architecture Provision and manage SharePoint 2013 service applications.\n\nThe service application architecture was introduced in Microsoft SharePoint Server 2010, replacing the Shared Service Provider (SSP) model of Microsoft Office SharePoint Server 2007. The architecture remains consistent in SharePoint 2013, with the addition of new service applications.The advantage of service applications over the SSP is that services are more granular and can be deployed only to web applications that require the functionality that individual services offer. This offers greater design flexibility for the management of resources and functionality.Describe the function of service application instances and service application dependencies.\n\nDescribe some of the key options for service application topology design.Explain how to map business requirements to service application design.\n\nSP Features work on 4 different levels: subsite, collection, farm, web app. Some basic feature can be enabled independently on any levels, other have dependencies.\n\n
\n\nyou should find “SharePoint Server Publishing Infrastructure” under\n\n”Site settings” > “Site Collection Administration” > “Site collection features”\n\nyou wont find it under site feature\n\nor you can access it through this link :\n

https://{sharepoint server}/_layouts/15/ManageFeatures.aspx?Scope=Site for Site scope features\nhttp://server/site/siteCollection/_layouts/ManageFeatures.aspx for Web scoped features\n
\n\nArchitecture Picture\n\nhttp://sharepoint.stackexchange.com/questions/52248/why-does-my-feature-appear-in-the-site-collection\n\n

\nSharePoint health analyzer – can report on missing service dependencies\nState Service Service Application – can be configured with PS only.\n\n[code language=”powershell”]\n#Uncomment the line below if you running this not in SP Management shell\n#Add-PSSnapin Microsoft.SharePoint.PowerShell\n$stateName = “State Service”\n$stateDBName = “State_Service”\n$stateDB = New-SPStateServiceDatabase -Name $stateDBName\n$state = New-SPStateServiceApplication -Name $stateName -Database $stateDB\nNew-SPStateServiceApplicationProxy -Name ”$stateName Proxy” -ServiceApplication $state –DefaultProxyGroup\n[/code]\n\n

SP User Profile Service (UPS)
Provides the ability to create and administer user profiles that can be accessed from multiple sites and farms.
The User Profile Service is a service application in Microsoft SharePoint Server 2013 that provides a central location for configuring and managing the keyelements of personalization settings. The User Profile Service holds the settings for the following features:
\n\nUser profiles. A user profile stores detailed information about the user in the form of properties. You can manage and display all of the properties that are related to each user.\n\nProfile synchronization. You can synchronize user profile information that the User Profile Service stores with external directory services such as Active Directory Domain Services. A user profile can incorporate data from more than one source. Youcan schedule synchronization depending on how often you expect the relevant information to change.\n\nAudiences. Audiences enable you to target content to users based on their jobs or tasks. You can define an audience by membership in a SharePoint group ordistribution list, by the organizational reporting structure, or by the public properties in user profiles.\n\nMy Site Host. My Site Host is a dedicated site for hosting My Site websites. You must provision a My Site Host before you can deploy the social features ofSharePoint 2013.\n\nMy Site website. Each user in your organization who has a synchronized user profile can have a personal site. Users can store documents, manage the contentof their My Site website, and share content with others. The My Site content storage is also referred to as SkyDrive@<companyname>.\n\nSocial tags and notes. Users can add social tags to documents, to other SharePoint items, and to other objects, such as external webpages and blog posts. Userscan also create notes on any SharePoint page. Administrators can delete all tags for employees when they leave the company or remove a tag that they do notwant.\n\nUser personalization permissions. You can use permissions settings within the User Profile Service application to control which users can edit profiles, usepersonal sites, and use tags and notes.\n\n
\n\nYou cannot access the Manage Profile Service page until an instance of a User Profile Service application exists and the associated services are started. You canuse the SharePoint Central Administration website in addition to Windows PowerShell to create and manage User Profile Service applications and other serviceapplications for non-hosted environments. You can also delegate management of a User Profile Service application to someone who does not have permissionsto manage other services or settings contained in Central Administration.\n\n
My Sites. Microsoft push for replacing it with Yammer, but this met certain resistance as Yammer is purely cloud thing whereas My Sites local/on-prem (loads of companies are still not ready to embrace cloud 🙂 ).
People Search.
Org Chart.
SQL Database Profiles.
Start 2 services: User Profile Service, User Profile Synchronization Service.
Create User Profile Service Application and 3 databases
Create separate site collection (optional) – as we need to have separate Web App, because we enabling auto creation of sites for users.
UPS sync with AD DS.
Special account – should have rights to replicate AD data (should be granted BOTH in ADUC and ADSI EDIT) on domain level (ADUC > Domain Properties > Security Tab > Grant Replicating Directory Changes)
SP Search Service
Changed significantly in SP 2013. Full text content search and attribute search.
Multiple content/index supported (mirror/stripe)
Configuring search:
Backup search service application:

MS20331 Core Solutions of Microsoft SharePoint Server 2013 Training – Day 3

Third day of the training was mainly about SharePoint cache and configuring SharePoint services.


Documents in libraries an elements in lists.
Libraries and Lists.
Child sites.
Site Collection. Defines web path and creates Root Site. Has own DB (could be separate)
Web Application. SQL DB – one per web app.
Path Based and Host Named site collections (russian):
Block file upload by extension (check extensions only) – CA > Manage Web Applications > Select Application > Click “Blocked File Types” on Ribbon
Big files upload settings. CA > Manage Web Applications > Select Application >  General Settings button on the ribbon > Maximum Upload Size (default 250 MB). For list items web.config
Both of aforementioned settings go to web config?
To create test files fsutil can be used:
fsutil file create new <filename> <lenght>
SP cold start issue. Warm up scripts.
Fiddler to test difference with and without warm up scripts
SP can be configured for anonymous access:
1. Enable anonymous access on Web App level. CA > Manage Web Applications > Authentication Providers button on the ribbon (verify in IIS)
SP Site Permissions Management.
1. Site Permissions.
Around 50 individual permissions for certain actions
Permission levels (groups of individual permissions) – Visitors, Participants, Owners etc. New levels can be created.
Permissins can be assigned to AD user account (or other user account) or AD groups or alternatively SP groups can be created (valod on site collection leve;)
Whichever method, or methods, you use to authorize user access to SharePoint objects in your environment, it is independent of the userauthentication mechanism you use because SharePoint 2013 converts all authenticated users into a SharePoint User object (SPUser).
Permissions inheritance/level: Site Collections, Sub Site, Libraries, Elements
Best practice – move on site collection level all content which should be accessible for all
In case you forgot how to create sites/subsites:
Revoke/deny access for particular user – Policy for Web Application
SP cache to alleviate load on SQL, network and SP app servers. Caching removes/minimizes queries to SQL.
If misconfigured caching can lead to perfrormance degradation. Mostly cach is disabled by default.
4 types of cache:
1. Blob cache (stores JS, CSS and pictures on WFE). Each WFE has its own BLOB cache. Cache penalty – 1st query is slower when using cache. If file accessible anonymously it speed things up as there is no neeed to check permissions. BLOB cache optimized for sites anonymous. Extra RAM consumption – extra 800 bytes per file (for index)
BLOB cache configuration: change web.config, BlobCache settings – location, file types, max size in GB
2. Output cache. Requires activation of SP Publishing Feature. Only Publishing pages go into this cache. Being stored in RAM. If disabled constant stream of F5 page refresh request may lead to significant load on SP server. Cache handling: TTL OR Cache being discarded if content changed on site. Each page takes 2x page size + 32 KB in RAM.
You can create cache profiles. E.g. for static content (like final version of article) set TTL, for changing change check.
Create Publishing site and enable SIte Output cache in Site Settings.
3. Object cache. Enabled by default and can not be disabled (navigation, search query box), but has to be configured (you may see warning event about this upon each IIS startup – event ID 7363). Configured after starting “Share Point Publishing Feature”
\n\nOpen a shell

Execute the following commands:\n\n[code language=”powershell”] \n#1\n$wcm = Get-SPWebApplication -Identity http://[webappurl/] \n#2\n$wcm.Properties["portalsuperuseraccount"] = “DOMAINsp_superuser”\n#3\n$wcm.Properties["portalsuperreaderaccount"] = “DOMAINsp_superreader”\n[/code]\n\n

SharePoint 2010: Event ID: 7362: The super user account utilized by the cache is not configured:
4. Distributed cache. Introduced in SP2013. Aka App Fabric Cache. Enabled by default and can be turned off. By default can use 10% of RAM.

\n\n[code language=”powershell”]\n#Check distibuted cache status on node:\nUse-CacheCluster</div>\nGet-CacheHost\n#Check cache host config:\nGet-CacheHostConfig SERVERNAME 22233</div>\n[/code]\n\n

LowWatermark: Percentage of memory usage (from Size) when *expired* items are removed (evicted) from cache if expiration is enabled.
HighWatermark: Percentage of memory usage (from Size) when *all* items may be removed (evicted) from cache if eviction is enabled.
You may verify your cache using Performance Console on SP Server (perfmon) – report view and cache counters
SharePoint 2010 cache overview document from MS (no Distributed Cache coverage due to obvious reasons):
Use iisreset /noforce to avoid cache index corruption
Related links:
SharePoint 2013 + Distributed Cache (AppFabric) Troubleshooting
SP Services
CA > Manage Services on server
A few services can be Started and Stopped without extra configuring, those run on WFE
Other – Application Services
What Service?
Where it will be run?
Service Application
Example – configuring Excel Services
For Excel Services managed account you have to grant SPAccess right on content DB in SQL.
You also have to make sure that service not only created but also binded to site (CA > Application Management > Service Application sections > Service Application Associations)
Proxy Group
When you create a service application in SharePoint 2013, a service application connection is created. A service application connection is also referred to as an application proxy. A service application connection associates the service application to Web applications via membership in a service application connection group (also referred to as application proxy group).
SP Admin Site becomes hidden in IIS if service stopped
Get-SPServiceInstance | Where-Object {$_.TypeName -eq “Central Administration”} | Start-SPServiceInstance -Verbose

MS20331 Core Solutions of Microsoft SharePoint Server 2013 Training – Day 2

To bind this day content to exam objectives it was continuation of discussion of SP topology, but now with focus on design of logical architecture, whereas first day covered physical architecture and touched (just a bit) on information architecture.

Run CA As Administrator (there is some issues because of UAC, as some menu items will be missing, like Manage Services on server in System Settings section) when UAC is enabled.
SP configuration: 1. Create sites. 2. Set up and configure services. You need create sites first, as you need them to test services.
Create Web Application in SP.
Manage Web Application > Create New
Host Header, SSL optional
Kerberos (requires extra setup, allows for delegation, faster in large networks)
Basic (passwords sent in plain text)
Forms Based Authentication FBA (Exchange Web Access, external source for authentication date, e.g. SQL)
Claims Based (mainly for Internet portals – external providers like LiveId etc.)
Public URL (name + port)
Application pool name (just a name, make it nice and descriptive)
By default one DB per SP Web Application, but individual DBs can be created for each site collection (via PS)
It will create new site in IIS (host header, port – default HTTP/HTTPS or custom), setup authentication and create application pool (dedicated w3wp.exe process) and its service account (domain user is required for Kerberos, which won’t work if local account is being used)
With each application SP creates content DB on SQL
Site Collection: defines/contains templates, root site (template, administrators, quotas)
Site Collections can share one web app – managed path is used for differentiation (http://myportal/collection1 etc.)
Register account for portal-pool
CA > Security > Configure managed accounts
Despite the same name it doesn’t use the same Managed Service account functionality built-in into Windows Server, this one is separate thing for the same purpose
Once Web Application created we can start with site collection creation and first one will be top level site. Sub sites can be created (forum etc.)
Application Management > Manage Content Databases
Sites > Lists/Libraries
When you create new empty DB next collection will use it.
Upload file and check in content DB:

\n\n[code language=”sql”]\nSELECT * FROM dbo.AllDocs\nWHERE leafname=’%docname%’\n[/code]\n\n

CA > Application Management > View all site collections – to see database name for sites
SP Management Shell get-pssnapin

\n\n[code language=”powershell” light=”true”]\nadd-pssnapin Microsoft.SharePoint.PoweShell\n[/code]\n\n

To manage SP via PS you have to add your account to SP shell administrators (even if you already have farm admin rights)

\n\n[code language=”powershell”]\n#this command requires rights on SQL\nAdd-SPShellAdmin -username domainuser -database %ID%\n[/code]\n\n

List all site collections with databases:
Get-SPWebApplication | get-spsite | format-table hostname,url,contentdatabase -AutoSize > C:1.txt

\n\n[code language=”powershell”]\n# 1) Create web application\n# 2) Create managed paths\n# 3) Create number of site collections\n#1\nnew-spwebapplication -name "Contoso Internet WebApp" -port 80 -HostHeader sharepoint.contoso.com -URL "http://www.contoso.com" -ApplicationPoool "ContosoAppPool" -ApplicationPoolAccount("DOMAINjdoe") `\n-DatabaseName WSS_Content_Contoso\n#2\n$sites = 1..10\nForeach ($i in $sites)\n{\nNew-SPManagedPath "site$i" -WebApplication "http://sharepoint.itband.ru" – Explicit\n}\n#3\nForeach ($i in $sites)\n{\nNew-SPsite -name "Student Portal $i" -URL "http://sharepoint.itband.ru/site$i" `\n-Template "STS#0" -owneralias "itbandsp_install"\n}\n[/code]\n\n

Use klist to see if you have ticket to access SP (should contain user name and servername), if no ticket then kerberos is not in use
Configuring Kerberos:
DC setspn -S HTTP/portal.itband.ru itbandportal-pool
This can be done via editing Attribute of portal-pool account (DSA, user properties Attribute Editor tab then check servicePrincipalName attribute)
On SP server computer object enable delegation
Once done CA > Application Management, select application, click Authentication Providers on ribbon
Use klist command to verify or Even Viewer event ID 4624
SharePoint 2010 Kerberos configuration guide:
SSL Setup
Install CA
Allow enroll/write on Web Server template for Authenticated Users, gpupdate
Request web certificate, fill in Type CN=portal.domain.ru
Alternative Name DNS=portal.domain.ru
On IIS add HTTPS binding for site
In CA add HTTPS entry in Alternate Access Mappings
HTTP URL Rewrite
WebApp can have 5 zones/names. Manage WebApp Extend. When you click OK in extend window don’t hurry to click around – it doesn’t give you any indication of work in progress and window also stays active, but you just have to vait. Pool stays the same.
Alternatively you may use DNS + IIS Bindings + SP CA Alternate Access Mappings
Extend allows for different authentication etc. All site settings.

MS20331 Core Solutions of Microsoft SharePoint Server 2013 Training – Day 1

Today was first day of 5 days SharePoint 2013 training for me. As you may expect first day of this training dealt with what SharePoint is (including use cases, planning and architecture) and we also went through 3 tier SharePoint 2013 SP1 farm installation.
I’m posting crude notes from day 1 with intent to trim them later 🙂
\n\nSites: Internet/Intranet/B2B. Portals = Data + Services’SQL DB actual storage of documentClient: IE/other browser.\n\n
\n\nCollaboration. Versioning. Approvals. Notifications.\n\nContent storage: Files (any)/ Data in Tables (Calendar events, Tasks, Any Web Tables, Polls, Surveys)\n\nPortals VS Sites\n\nPortal – data + services (e.g. Yandex – search engine, mail, marker, maps, traffic data)\n\nSP Services:\nSearch (content indexing, including data external to SP like files on file servers) – has to be configured first\nUser Profiles Service – stores data about users. Sub components: Profiles (photo, details etc.), My Sites (site for each user where he has full access); potentially may be substituted with Yammer\nInfoPath Services – for creation of InfoPath forms on SP for data collection etc. (InfoPath is still alive and kicking 🙂 )\nExcel Services – BA services, tooks Excel documents stored on SP and use them as a data source on SP pages\nMMS – Managed Metadata Services – for building taxonomies across site collections\ns\nBCS – Business Connectivity Services (DBs as data sources)\n\nEDMS. SP is not a DMS OOB. SP includes workflows (SP designer allow codeless creation of workflows)\n\nSP 2013 introduced forms for collaboration (community sites, forums)\n\nSP could be development platform\n\nTypical SP usecases: 1) Corporate DropBox 2) Requests system (SP sites + InfoPath or other forms) 3) EDMS 4) External/Public portal/site (expensive, requires heavy customization)\n\nSP imlementation development options: 1) No coding, only GUI tools – allows for easy migrations/upgrades to new SP versions. Painless. Supported. 2) Custom development – migration is a pain, potential loss of what you built. Your deployment evolves into “sepatate branch”\n\nSP team (ideal scenario 🙂 ): 1. SA (back end, architecture planning) 2. DBA (SP stores all its data in SQL) 3. Developer (ASP.NET/VS/DOT.NET) – optional if codebased SP development required. 4. Developer/Designer (SP Designer/Infopath Designer/Report Builder) 5. Designer (design site templates) 6. Site Administrator (end-user SP features exert which has company BP)\n\nSP Farm – group of SP servers with shared configuration DB (SharePoint_Config) which serves your sites and runs SP services\n\nSharePoint_Config DB stores SP farm config.\n\nSP farm can comprise out of 1 to N servers\n\nSP 2013 Foundation – no services (only search and BCS), can be downloaded free from MS site\nSP 2013 Standard (no BA services – Excel, Performance Point)\nSP 2013 Enterprise\n\nStd/Ent – the same distributive, feature set defined by key\n\nWithin 1 farm different editions of SP can be used\n\nEditions comparison:\n\n
SP servers:
WFE (Web Front End) – IIS – receives/returns clients queries
DB server (content databases, SharePoint_Config) – stores data
App Server – runs SP services – processes client queries
Production minimum: 2 servers WFE + APP & DB
Defining number of servers for SP farm. Factor in:
1) Number of employees
2) RPS (Requests per second) – difficult to quantify exactly in advance, some formulas available
3) Percentage of simultaneously working users
4) Quotien of peak load (typically value of 2 is used)
5) Average number of requests from user per day
Evaluation of content DBs size
CDB size = ((DxV)xS) + (10Kbx(L+(VxD)))
Microsoft suggested farm topologies:
1 Server – WFE+APP+SQL on one box, less that 100 users or evaluation
2 tier farm – WFE+APP & SQL up to 10 000 users
3 tier farm – WFE & APP & DB
next different varieties of scaling out
Virtualization consodirations:
– spread extra servers on different hypervisor hosts
– don’t use snapshots in production (performance hit, potential data loss due to corruption of one VHD in the chain of snaphots)
– avoid dynamic memory, SP tends to hog it all/max limit
– multiple CPU settins, N of vCPUs should not be more than twice of N of real cores on virtualization hosts
– no thin provisioning, only fixed disks
SQL clustering (mirroring/AlwaysOn)
Office Web App (OWA) – separate product
IOPS min 0.25 per GB of DB, recommended 2 IOPS per GB
Soft limit 200GB / hard limit 4 TB for content DBs. Soft limit in place because of serviceabilty – back up/restore, maintenance time will be too long for big DBs
For SP farm diagrams package for Visio is available:
sharepoint visio stensils 2013s
Accounts for SP
SQL Server support: Server 2008 SP1 and beyond
.NET 3.5 installation from local source for SQL:
dism /online /enable-feature /all /featurename:netfx3 /source:d:sourcessxs /limitaccess
Minimum SQL components:
Database Engine and data files, Replication, Full-Text Search, and Data Quality Services\nClient Components (other than SQL Server Books Online components and Integration Services tools)\nSQL Management Studio
Use named instances for convenience
Named instance uses random TCP port (see SQL Server Configuration Manager)
Alias os strongly recommended for flexibility (SQL sever change)
c:windowssystem32cliconfg on SP server – create alias
3 rules:
Random instance port
Program instance exe
UDP 1434 SQL Server Browser
MAXDOP=1 is required for SP farm install (when you do an install with full rights installer sets it to 1, if no rights – install fails)
SP install:
1. Prerequisites install (IIS + Components)
2. SP installation (extraction)
3. Language packs/updates installation
4. Farm creation wizard
SP prerequisites script (useful when SP server has no access to Internet)
No WCF 5.6 which is required for SP2013 SP1 and App Fabric CU
SP distrib contain folder prerequisiteinstallerfiles
Never choise stand-alone for prod install, as it will install local SQL and you won’t be able to add more servers into farm
SP product configuration wizard
SP DB access account – sp_farm (farm account, used for Windows Timer Service, CA and User Profile service)
passphrase – used when adding servers to domain and also for encryption SP service passwords, could be changed by farm administrator in CA
IE loopback check issue – when you unable to access sites from SP server, solution regedit:

\n\n[code language=”powershell” light=”true”]\nNew-ItemProperty HKLM:SystemCurrentControlSetControlLsa -Name &quot;DisableLoopbackCheck&quot; -Value &quot;1&quot; -PropertyType dword\n[/code]\n