Scenario:
You have MOSS connected with a Domain, some users does not have "email" field filled in AD, you add it later, wait MOSS to sync with AD.
Some site collections does not see the email field, while other could.
this is because the sync happens for each Site Collection in your Farm.
To solve this issue run the following comands:
stsadm -o sync deleteolddatabases
stsadm -o sync - IgnoreIsActive 1
Then follow this procedure to clear the file system cache on all servers in the server farm on which the Windows SharePoint Services Timer service is running:
- Stop the Timer service. To do this, follow these steps:
- Click Start, point to Administrative Tools, and then click Services.
- Right-click Windows SharePoint Services Timer, and then click Stop.
- Close the Services console.
- On the computer that is running Microsoft Office SharePoint Server 2007 and on which the Central Administration site is hosted, click Start, click Run, type explorer, and then press ENTER.
- In Windows Explorer, locate and then double-click the following folder:
Drive:\Documents and Settings\All Users\Application Data\Microsoft\SharePoint\Config\GUID
Notes
- Back up the Cache.ini file.
- Delete all the XML configuration files in the GUID folder. Do this so that you can verify that the GUID folder is replaced by new XML configuration files when the cache is rebuilt.
Note When you empty the configuration cache in the GUID folder, make sure that you do not delete the GUID folder and the Cache.ini file that is located in the GUID folder.
- Double-click the Cache.ini file.
- On the Edit menu, click Select All.
- On the Edit menu, click Delete.
- Type 1, and then click Save on the File menu.
- On the File menu, click Exit.
- Start the Timer service. To do this, follow these steps:
- Click Start, point to Administrative Tools, and then click Services.
- Right-click Windows SharePoint Services Timer, and then click Start.
- Close the Services console.
Note The file system cache is re-created after you perform this procedure. Make sure that you perform this procedure on all servers in the server farm.
- Make sure that the Cache.ini file in the GUID folder now contains its previous value. For example, make sure that the value of the Cache.ini file is not 1.
- Click Start, point to Programs, point to Administrative Tools, and then click SharePoint 3.0 Central Administration.
- Click the Operations tab, and then click Timer job status under Global Configuration.
- In the list of timer jobs, verify that the status of the Config Refresh entry is Succeeded.
- On the File menu, click Close.
Questo problema mi ha fatto perdere un bel po' di tempo, alla fine la soluzione era pià semplice del previsto!
Scenario:
Infrastruttura OCS con MTLS, client esterni ed interni, nel dominio e fuori dominio, una CA interna per i certificati
Problema:
I client OCS fuori dal dominio presentano l'errore impossibile scaricare la rubrica
Soluzione:
Questo problema è dovuto a due aspetti principali: Il certificato della CA, le impostazioni di Internet Explorer.
Per risolverlo assicurarsi di ottenere il certificato della CA e di metterlo nella autorità di certificazioni attendibili (Trusted Root Certification Authorities) per fare ciò durante l'import del certificato è necessario scegliere manualmente la location dove metterlo.
Fatto ciò provate dalla rete interna a fare il browse del webserver della CA, non dovreste ottenere alcun warning.
Ora aprite internet explorer strumenti opzioni internet -->security-->intranet
Cliccate su siti --> avanzate
Assicurarsi di mettere nei siti il dominio della CA di cui abbiamo fatto precedentemente il browsing:
http://*.mydomain.com
https://*.mydomain.com
Eseguire nuovamente il browse all'URL della ca e notare in basso che la zona sia intranet
Aprire nuovamente IE-->strumenti-->opzioni internet-->avanzate
Scorrere la lista fino alla sezione security e togliere il flag da Verifica Revoca dei certificati server.
Chiudere il client OCS e IE
Riaprire
Ora l'address bok di OCS dovrebbe funzionare.
Sharepoint searched and opened document are in read mode only and the edit button does not appear
This issue makes me crazy for about one week... then today I fixed the problem! It's not a sharepoint configuration problem, but an internet explorer 7 security issue!
Off course! Why I did not think for this early?!?
So, to fix it add the following registry key to your windows registry:
HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Internet\OpenDocumentsReadWriteWhileBrowsing = 1
It is the correct key if you have Microsoft Office 2007, if you have a different Office installation take a look to the following document where is indicated the same registry key for Office 2003 and Office XP.
http://support.microsoft.com/kb/870853/en-us
You have installed a single Hyper-V server with some virtual machines and you want to complety snapshot them using Microsoft System Center Data Protection Manager 2007 (only with SP1) while they are running?
No problem, with DPM 2007 SP1 you can do it; but if you try to create a new protection group and add the dpm server itself to backup the vms you cannot select them... why?
Unofortunately by now there is no documentation about this procedure (you can retrieve only some white paper about dpm integration with virtual server 2005), so why you cannot backup the dpm server itself?
Try to execute this script using the following DPM Management Shell command and you will discover that all will work fine:
Set-DMGlobalProperty –AllowLocalDataProtection $true [-DPMServerName]
Off course, you can disable it using the $false parameter (Microsoft will tell you they do not support this kind of choise... but... it works :-P)
Architettura Laboratorio
Il laboratorio è stato realizzato con gli stessi dispositivi del laboratorio utilizzato per le PVLAN: Switch Cisco 4507 connesso ad un Firewall Juniper SSG5 che funge da default gateway.
Configurazione VLAN
VLAN 400 VLAN di test
Porte 4/1: Firewall 0/0 (default gateway) 10.10.10.1
Port 4/2: Server1 (10.10.10.2/24 – GW: 10.10.10.1)
Port 4/3: Server 2 (10.10.10.3/24 - GW: 10.10.10.1)
Port 4/4: Server3 (10.10.10.4/24 – GW: 10.10.10.1)
Passi per la configurazione:
La configurazione prevede la creazione di due access-list, una a livello di mac address (opzionale) ed una per regolare il traffico IP.
Le access-list vengono poi associate ad una vlan map, che viene applicata ad una VLAN.
MAC-ACL
Mac access-list extended mac-acl-400
Permit host 0017.cbe1.10c0 any
Permit any host 0017.cbe1.10c0
L’access list creata consente a tutti gli host di contattare il default gateway.
IP ACL
Access-list 101 permit ip any host 172.26.6.91
Access-list 101 permit ip host 172.26.6.91 any
!---- Host abilitati tra loro es:
access-list 101 permit ip host 172.26.6.90 host 172.26.100.37
access-list 101 permit ip host 172.26.100.37 host 172.26.6.90
!---
Access-list 101 deny ip 172.26.0.0 0.0.255.255 172.26.0.0 0.0.255.255
Access-list 101 permit ip any any
Creazione VLAN 400 e access-map
VLAN 400
Name test test-mac-acl
Nota: opzionale filtro per MAC
Vlan access-map Map-vlan-400 10
Action forward
Match mac addresses mac-acl-400
Vlan access-map map-vlan-400 20
Action forward
Match ip addresses 101
Vlan access-map Map-vlan-400 30
Action drop
Applicazione VLAN filter
Vlan filter map-vlan-400 vlan-list 400
Configurazione Extended ACL
La creazione di una extended ACL consente di gestire in modo più comodo le varie regole, oltre che a determinare per IP e per porta:
Ip Access-list extended DMZ-FILTER
Permit ip host 172.26.6.91 any
Permit ip any host 172.26.6.91
Vlan access-map map-vlan-400 20
Match ip addresses DMZ-FILTER
Action forward
Note:
Dalle configurazioni realizzate risulta molto più semplice ed efficiente utilizzare le VLAN ACL rispetto alle private VLAN, in quanto non implicano modifiche alla struttura attuale, sono relativamente semplici da implementare ed offrono una buona flessibilità.