Jack's space

SharePoint 2007 migration from 32bit to 64bit servers

Posted on April 6, 2011 by jlinssen

Some time ago we mgirated a client site from windows server 2003 32bit servers with SharePoint 2007 to Server 2008 R2 with SharePoint 2007 and everything looked fine but ofcourse there was functionality what wasn’t tested thoroughly.

This blog is about 1 of the issues we found which started with a missing DLL and later became a 32bit/64bit issue. So it all started with :

Could not load file or assembly ‘ABCpdf, Version=6.0.0.9, Culture=neutral, PublicKeyToken=a7a0b3f5184f2169′ or one of its dependencies. The system cannot find the file specified.

ok, we are missing an assembly this should be simple to solve, we looked on the original servers and found the installation package, installed it and tried again:

Unable to load DLL ‘ABCpdfCE6.dll’: The specified module could not be found. (Exception from HRESULT: 0x8007007E)

Well, the DLL was installed succesfully in the GAC but still no go, we found the DLL in c:\windows\syswow64 instead of system32 so we tried to move it to system32 which resulted in :

An attempt was made to load a program with an incorrect format. (Exception from HRESULT: 0x8007000B)

with other words, this DLL could not be used in the current environment. Time to go the site of the developers of the software.. we found that there were newer releases of the software, there was a version 7 and even a version 8. We’ve downloaded the version 7 for x64 systems and installed it.
Now we have 2 entries in the gac

First we remove the old software to make sure there are no conflicts.
Use an administrator commandprompt to remove the file from the gac (gacutil) also delete it from the system32 directory.

ok, result of all these actions :
Unable to load DLL ‘ABCpdfCE6.dll’: The specified module could not be found. (Exception from HRESULT: 0x8007007E)

Seems we where back to square one… but then (again) Ruud Heemskerk came to the rescue with the following solution:

</system.web>
   <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
       <dependentAssembly>       
         <assemblyIdentity name="ABCpdf" publicKeyToken="a7a0b3f5184f2169"/>       
         <bindingRedirect oldVersion="6.0.0.9" newVersion="7.0.3.9"/>     
       </dependentAssembly>

so every request for the 6.0.0.9 DLL will be send to the new version of the DLL, I never knew about this functionality but if you look in the web.config then microsoft does the same for it’s 2003 version (11.0) of the SharePoint DLL’s !!

I hope this helps others who need to migrate 32bit servers to 64bit servers.

Posted in SharePoint 2007 | Leave a comment

SharePoint 2010 User Profile Images

Posted on October 2, 2010 by jlinssen

This blog describes code that you can use to upload a collection of images from a directory to the SharePoint 2010 MySite Host and also set the pictureURL to the right location.

[Update 1 November 2011]
The code below does not work anymore as there where changes in the object model since Service Pack 1. I found a powershell script which does the same only on a supported way.

“http://get-spscripts.com/2010_12_01_archive.html” it’s the blog of Phill Childs which has also many more very interesting blogposts!

The code is based on the code from Peter Holpar The only things that we (Ruud Heemskerk (http://ruudheemskerk.net/ and I) have changed :

- You can use commandline parameters to specify the location of the mysite host and the location of the pictures
- It uses the correct Localisation because we noticed that when the mysitehost was deployed in a different language, the code from Peter Holpar did not work correctly.
- It uploads all images in a directory.

So to make a long story short, here’s the working code :


using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Drawing;
using System.Reflection;
using Microsoft.SharePoint;
using Microsoft.SharePoint.WebControls;
using System.IO;
using Microsoft.Office.Server.UserProfiles;
using Microsoft.SharePoint.Portal.WebControls;
using System.Web;
using System.Threading;
using System.Globalization;

namespace UploadProfileImage
{
class Program
{
private static string domainName = string.Empty;

static void Main(string[] args)
{
string[] Arguments;
Arguments = args;

string MySiteHostUrl = string.Empty;
string PhotoUrl = string.Empty;

if (ParamsOk(Arguments))
{
MySiteHostUrl = Arguments[0];
PhotoUrl = Arguments[1];
}
else ShowUsage();

Program prog = new Program();
prog.UploadProfileImages(MySiteHostUrl, PhotoUrl);
}

static void ShowUsage()
{
Console.WriteLine("");
Console.WriteLine("Upload profile Pictures - command line Usage");
Console.WriteLine("------------------------------------------------------------------");
Console.WriteLine("uploadprofilepictures PhotoUrl");
Console.WriteLine("");
Console.WriteLine("Example : ");
Console.WriteLine("");
Console.WriteLine(@"AddFileType http://my.domain.local d:\photos");
}

static Boolean ParamsOk(string[] Parameters)
{
if (Parameters.Length == 0) return false;
else
{
if (Parameters[0].StartsWith("/")) return false;

else if (Parameters[0].StartsWith("-")) return false;

else if (Parameters[0] == "help") return false;

else if (Parameters[0] == "?") return false;

else
{
Console.Clear();
Console.ForegroundColor = ConsoleColor.White;
Console.BackgroundColor = ConsoleColor.Blue;
Console.Write(" Upload profile Images application");
Console.Write(" ");
Console.Write("Version v1.0");

Console.ForegroundColor = ConsoleColor.Cyan;
Console.BackgroundColor = 0;

Console.WriteLine();

return true;
}
}
}

private void UploadProfileImages(string url, string dirname)
{

// my site host url
using (SPSite site = new SPSite(url))
{
using (SPWeb web = site.OpenWeb())
{
int lcid = (int)web.Language;
Thread.CurrentThread.CurrentCulture = CultureInfo.GetCultureInfo(lcid);
Thread.CurrentThread.CurrentUICulture = CultureInfo.GetCultureInfo(lcid);

HttpRequest request = new HttpRequest("", web.Url, "");
HttpContext.Current = new HttpContext(request, new HttpResponse(new StringWriter()));

Console.WriteLine("Lcid = {0}", lcid);

ProfileImagePicker profileImagePicker = new ProfileImagePicker();
InitializeProfileImagePicker(profileImagePicker, web);
SPFolder subfolderForPictures = GetSubfolderForPictures(profileImagePicker);

// Be sure to reset the context for later call SPServiceContext.GetContext(SPSite).
HttpContext.Current = null;

domainName = System.Environment.GetEnvironmentVariable("USERDOMAIN");

string[] fileEntries = Directory.GetFiles(dirname);
foreach (string fileName in fileEntries)
{
if (Path.GetExtension(fileName) == ".jpg")
{
String accountName = domainName + "\\" + Path.GetFileNameWithoutExtension(fileName);
String imageFilePath = fileName;

UploadPhoto(accountName, imageFilePath, subfolderForPictures);
SetPictureUrl(accountName, subfolderForPictures);
}
}
Console.ForegroundColor = ConsoleColor.Gray;
}
}
}

private void SetPictureUrl(string accountName, SPFolder subfolderForPictures)
{
Console.WriteLine("Setting profile image for user '{0}'", accountName);

SPSite site = subfolderForPictures.ParentWeb.Site;
UserProfileManager userProfileManager = new UserProfileManager(SPServiceContext.GetContext(site));
try
{
UserProfile userProfile = userProfileManager.GetUserProfile(accountName);

string fileNameWithoutExtension = GetFileNameFromAccountName(accountName);

string pictureUrl = String.Format("{0}/{1}/{2}_MThumb.jpg", site.Url, subfolderForPictures.Url, fileNameWithoutExtension);

userProfile["PictureUrl"].Value = pictureUrl;
userProfile.Commit();
}
catch (UserNotFoundException)
{
Console.WriteLine("User not found '{0}'", accountName);
}

}

private void UploadPhoto(string accountName, string imageFilePath, SPFolder subfolderForPictures)
{
Console.WriteLine("Uploading image '{0}' for user '{1}'", imageFilePath, accountName);

if (subfolderForPictures == null)
{
Console.WriteLine("No target folder.");
}

if (!File.Exists(imageFilePath) || Path.GetExtension(imageFilePath).Equals(".gif"))
{
Console.WriteLine("File '{0}' does not exist or has invalid extension", imageFilePath);
}
else
{
string fileNameWithoutExtension = GetFileNameFromAccountName(accountName);

FileStream file = File.Open(imageFilePath, FileMode.Open);
BinaryReader reader = new BinaryReader(file);

if (subfolderForPictures != null)
{
// try casting length (long) to int
byte[] buffer = reader.ReadBytes((int)file.Length);

int largeThumbnailSize = 0x90;
int mediumThumbnailSize = 0x60;
int smallThumbnailSize = 0x20;

using (MemoryStream stream = new MemoryStream(buffer))
{
using (Bitmap bitmap = new Bitmap(stream, true))
{
CreateThumbnail(bitmap, largeThumbnailSize, largeThumbnailSize, subfolderForPictures, fileNameWithoutExtension + "_LThumb.jpg");
CreateThumbnail(bitmap, mediumThumbnailSize, mediumThumbnailSize, subfolderForPictures, fileNameWithoutExtension + "_MThumb.jpg");
CreateThumbnail(bitmap, smallThumbnailSize, smallThumbnailSize, subfolderForPictures, fileNameWithoutExtension + "_SThumb.jpg");
}
}

}
}
}

private void InitializeProfileImagePicker(ProfileImagePicker profileImagePicker, SPWeb web)
{
Type profileImagePickerType = typeof(ProfileImagePicker);

FieldInfo fi_m_objWeb = profileImagePickerType.GetField("m_objWeb", BindingFlags.NonPublic | BindingFlags.Instance);
fi_m_objWeb.SetValue(profileImagePicker, web);

MethodInfo mi_LoadPictureLibraryInternal = profileImagePickerType.GetMethod("LoadPictureLibraryInternal", BindingFlags.NonPublic | BindingFlags.Instance);
if (mi_LoadPictureLibraryInternal != null)
{
mi_LoadPictureLibraryInternal.Invoke(profileImagePicker, new object[] { });
}
}

public SPFile CreateThumbnail(Bitmap original, int idealWidth, int idealHeight, SPFolder folder, string fileName)
{
SPFile file = null;

// hack to get the Microsoft.Office.Server.UserProfiles assembly
Assembly userProfilesAssembly = typeof(UserProfile).Assembly;
// or assuming you know all the details of the assembly
// Assembly userProfilesAssembly = Assembly.Load(“Microsoft.Office.Server.UserProfiles, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c”);

// UserProfilePhotos is internal class,
// so you cannot get it directly from Visual Studio
Type userProfilePhotosType = userProfilesAssembly.GetType("Microsoft.Office.Server.UserProfiles.UserProfilePhotos");

MethodInfo mi_CreateThumbnail = userProfilePhotosType.GetMethod("CreateThumbnail", BindingFlags.NonPublic | BindingFlags.Static);
if (mi_CreateThumbnail != null)
{
file = (SPFile)mi_CreateThumbnail.Invoke(null, new object[] { original, idealWidth, idealHeight, folder, fileName });
}
else
{
Console.WriteLine("No Createthumbnail method to invoke.");
}

return file;
}

private SPFolder GetSubfolderForPictures(ProfileImagePicker profileImagePicker)
{
SPFolder folder = null;

Type profileImagePickerType = typeof(ProfileImagePicker);

MethodInfo mi_GetSubfolderForPictures = profileImagePickerType.GetMethod("GetSubfolderForPictures", BindingFlags.NonPublic | BindingFlags.Instance);
if (mi_GetSubfolderForPictures != null)
{
folder = (SPFolder)mi_GetSubfolderForPictures.Invoke(profileImagePicker, new object[] { });
}
else
{
Console.WriteLine("No method GetSubfolderForPictures to invoke.");
}

return folder;
}

private string GetFileNameFromAccountName(string accountName)
{
string result = accountName;
string charsToReplace = @"\/:*?""&lt;&gt;|";
Array.ForEach(charsToReplace.ToCharArray(), charToReplace =&gt; result = result.Replace(charToReplace, '_'));
return result;
}
}
}

We have tested this code and it is working in multiple SharePoint 2010 enviroments but ofcourse we can not be held responsible for anything… If it breaks.. You have two parts

Posted in SharePoint 2010 | Tagged SharePoint 2010, User Profiles | 6 Comments

SharePoint 2007 Forms Based Ldap Authentication

Posted on October 5, 2009 by jlinssen

There are a lot of articles about Forms Based Authentication (FBA) but somehow I did not find what I was looking for.
This article describes the changes you need to make to the web.config’s of the:

Web Application (extranet application) that will use the LDAP connection to verify users
CentralAdministration Web Application to set the Adminitrator for the Extranet Web Application through web application Policies.

The next assumption is made:

You have a web application that has been extended to the extranet zone (most suited I think)

Now I will describe 2 scenario’s

You have an existing Active Directory where you want to use a specific OU for external Users (security wise maybe not the best option but for test environments it is usable. In this scenario, your moss server is a member of this AD
You have a separate extranet Active Directory setup which you want to use only for External Users (your moss server is not a member of that AD)

Scenario 1.

In Central Administration web.config and the Extranet web.config you need to add the following Lines after

 <machineKey validationKey="..

<membership defaultProvider="LdapMembership">
     <providers>
        <add name="LdapMembership" type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
             connectionStringName="ADConnectionString"
             connectionUsername="CN=Connect, OU=Extranet, DC=domain, DC=local"
             connectionPassword="Password01"
             connectionProtection="False"             
             server="dc01.domain.local"
             port="389" useSSL="false"
             userDNAttribute="distinguishedName"
             userNameAttribute="sAMAccountName"
             userContainer="OU=Extranet,DC=Domain,DC=LOCAL"
             userObjectClass="person"
             userFilter="(|(ObjectCategory=group)(ObjectClass=person))"
             scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />
     </providers>
  </membership>
  <roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".PeopleDCRole">
    <providers>
       <add name="LdapRole" type="Microsoft.Office.Server.Security.LDAPRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
            server="dc01.domain.local"
            port="389" useSSL="false"
            connectionStringName="ADConnectionString"
            connectionUsername="CN=Connect, OU=Extranet, DC=Domain, DC=Local"
            connectionPassword="Password01"
            connectionProtection="None"             
            groupContainer="OU=Extranet,DC=DOMAIN,DC=LOCAL"
            groupNameAttribute="cn"
            groupMemberAttribute="member"
            userNameAttribute="sAMAccountName"
            dnAttribute="distinguishedName"
            groupFilter="(ObjectClass=group)" scope="Subtree">
     </providers>
</roleManager>

Further configuration will be done later in the article.

Scenario 2

In this scenario you will need to add some more configuration to the web.configs of the extranet and central admin applications:

first the connectionstring :


</SharePoint>
    <connectionStrings>
      <add name="ADConnectionString"
                connectionString=LDAP://dc01.domain.local:389
    </connectionStrings>
  <system.web>

where “dc01.domain.local” is the name of the server that is running the extranet AD. Next is the ldapmembership and RoleManager, Again after the “MachineKey” Entry” you paste this:


[sourcecode language="xml"]
 
<membership defaultProvider="LdapMembership">
       <providers>
          <add name="LdapMembership" type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0,     Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
               server="ADservername.domain.local"
               port="389"
               useSSL="false"
               userDNAttribute="distinguishedName"
               userNameAttribute="sAMAccountName"
               userContainer="OU=Extranet ,DC=Domain,DC=Local"
               userObjectClass="person"
               userFilter="(|(ObjectCategory=group)(ObjectClass=person))"
               scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />
       </providers>
    </membership>
<roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".PeopleDCRole">
       <providers>
         <add name="LdapRole" type="Microsoft.Office.Server.Security.LDAPRoleProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
              server="ADServername.domain.local"
              port="389"
              useSSL="false"
              groupContainer="OU=-Extranet,DC=Domain,DC=Local"
              groupNameAttribute="cn"
              groupMemberAttribute="member"
              userNameAttribute="sAMAccountName"
              dnAttribute="distinguishedName"
              groupFilter="(ObjectClass=group)"
              scope="Subtree" />
       </providers>
   </roleManager>

The “CN=Connect, OU=Extranet, DC=domain, DC=local” is the account it will use to bind to Active Directory on that server, this can be a normal user account. I tried using only “CN=connect, OU=Extranet” but using Network Monitor 3.3 it keeps telling me “Invalid binding credentials” so just use the complete path to the account then it will work.

Now on to the configuration of moss after you have completed scenario 1 or 2

Authentication Provider Configuration

Now as next step you need to change the authentication provider of the extranet application to Form based Authentication and use the LdapMembership and LdapRole as names for the specific providers (same as used above)

Extranet Web Application Policy

You can use Policy for web Applications to give a user from the Extranet OU full control so you can add other users to the web application with specific rights using the normal people and groups configuration. Go to the Central Administration, Application management and click on Policy for Web Application.

Choose the right web application

and click on Add,

Select the Extranet zone and click Next

Now type a user which is located in that Extranet OU and make sure that the name get’s underlined when checked.

Now you have a working FBA solution with all the known management tools and solutions that you can use to create and manage users.

Have fun!

Posted in SharePoint 2007 | Leave a comment

SharePoint 2007 Search Mysteries

Posted on October 4, 2009 by jlinssen

Today we solved a problem that “suddenly” search crawl stopped crawling In the SharePoint Search Administration crawl log the following error appeared:

the start address <http://portal.domain.org/contentdbid={f368e521-bc50-421c-9e5f-d9cec336550f}> cannot be crawled.
Context: Application ‘Search index file on the search server’, Catalog ‘Search’Details:
This item could not be crawled because the repository did not respond within the specified timeout period. Try to crawl the repository at a later time, or increase the timeout value on the Proxy and Timeout page in search administration. You might also want to crawl this repository during off-peak usage times. (0x80040d7b)

Also the following errors appeared in the ULS Log:

CSTS3Accessor::InitURLType: Return error to caller, hr=80040D7B – File:d:\office\source\search\search\gather\protocols\sts3\sts3acc.cxx Line:1567
***** Couldn’t retrieve server http://portal.domain.org policy, hr = 80040D7B – File:d:\office\source\search\search\gather\protocols\sts3\sts3util.cxx Line:558
****** Server portal.domain.org security initialization failed, hr = 80040D7B – File:d:\office\source\search\search\gather\protocols\sts3\sts3util.cxx Line:318

The site that needed to be crawled was located on another server, when we opened the website on that other server everything was fine and the site opened quickly. When we tried to open the site from the indexing server it took very long to open the website. Hosts file was okay, bindings where okay, we’ve increased the proxy timeout but all to no avail..

After trying again to open the remote website from the index server, I’ve checked the proxy settings in internet explorer and they were set to “Automatic Detect” so remembering all the issues I had with setting up Live@edu and ISA WPAD configurations, I disabled the “Automatic detect” and reopened internet explorer and browsed to the remote website. Now everything was quick and very fast! Ok, that was the right way to go..

Then I’ve changed the Automatic Proxy settings in web.config for the SSP and central admin to False and tried again to crawl, still the same issues
Now..the solution to this issue is:

runas /profile /env /user:domain\<ContentAccessAccount> “c:\program files\internet explorer\iexplore.exe”
Enter password and then go to the Tools –> Internet Options –> Connection –> Lan Settings and Remove the “Automatic detect settings”
Close Internet Explorer and start the full crawl (or incremental). This time it works!

As soon as the proxy configuration is automated, you can see issues like this so if something suddenly breaks, check in your organization if the other section didn’t change anything in the network.

Posted in SharePoint 2007 | 1 Comment

Live@edu Installation and troubleshooting guide – Part 1

Posted on October 4, 2009 by jlinssen

Introduction

The last weeks I have been busy with the awesome package Microsoft delivers to schools and Universities called Live@edu, this package contains the following components:

Administrative tools and components
Free Live Services for students
Free Live services for teachers

The first component, Administrative components, are the guidelines and the software that can be used to bring the Live services to students and teachers.
The second component, live services for students, consist of free hotmail (or outlook live). SkyDrive, workspaces and more of the Live Platform! The third component, live services for teachers, are the same services as for students but just to sure make you understand that both teachers and students are working in the same Live@edu domain so teachers can send messages to students without being afraid it’s being treated as junk mail.

This live@edu domain can be a sub domain of an existing domain (for example live.university.edu) or a new domain. Important is to know that mail for this domain needs to point to the Live Servers of Microsoft.

for more information about this package please visit the following sites:

Signing up

When you sign up for the Live@edu package, you will need to enter the information about your school and this will be verified by the live@edu support team.
After verification you can download the necessary software and request that “Single Sign On” is turned on for your domain, this will take at most 1 business week to be completed so do that as soon as possible. Also the second thing you need to request is a certificate for your live@edu domain. This is very important as this certificate will be used to authenticate the student or teacher during the SSO.

During the processing time you can download the Live@edu Single SignOn Download Package and read the documents in that package (and all the other documents on the connect site about LiveId Administration and possibilities) also download the Hotmail MAv3 Download Package in which you can find the link to the Windows Live Admin Center SDK. In this document and files you will find the methods to provision the live accounts, this out of scope for this blog maybe I’ll focus on that later if there is a need for it.

Installation

The school that I helped to deploy live@edu was using SharePoint and wanted the students to be able to login to their mailboxes without entering credentials, so we looked at various webparts that are available for SharePoint. You can find 2 webparts on codeplex. This is not a good way to start, you can better set up the SSOPortal that is in the SSO Package to be sure that that all parts in the process are working:

SSO is activated
Certificate is correct
rights have been set correctly to the certificate private key
connection from server to live servers is working fine

When all this is working and the sAMACount is connected to the LiveId, this SSOPortal will let the user request a ticket and with that ticket connect to the live services.
Also by using this SSOPortal, you can request assistance from live@edu support

Setting up the fourportal site

It’s not difficult to setup the site if you just think of it as a test to see if everything is working correctly.

First you need to create a directory under c:\inetpub\wwwroot\ssoportal
then copy the content of the fourportal directory from the sso package to the ssoportal directory you just created.
Now in IIS create a new website and point it to the ssoportal directory. Make sure the application Pool account is network service!
Use a hostheader of ssoportal for the http protocol
use hostfile or dns to point ssoportal name to this server.

You will need to change the web.config in this new website. Detailed instructions are in the Microsoft Live@Edu SSO 4.1 package but choose for scenario A (liveId equals samaccount) or B (use XMLfile lookup). I’ve used scenario B as the samaccounts where not the same as the LiveAccounts and we found out later, that when you use a specific webpart, you will need to use the Mail Attribute of an AD account to map the Live Account so scenario B comes close in this scenario.

Make sure the authentication settings on the new website are windows authentication Enabled and anonymous Disabled!

In the c:\inetpub\wwwroot\ssoportal\app_data\ directory you can find a studentlogin.xml where you can define the mapping between sAMACount and LiveId

Example:

<?xml version=”1.0″ encoding=”utf-8″ ?>
<students>
<entry windowsLiveID=”admin” sAMAccountName=”tst_admin”/>
<entry windowsLiveID=”jack.linssen” sAMAccountName=”jack”/>
</students>

Now please follow the instructions in the SSO_Webportal_MSliveEmail.docx (appendix A) to install the received certificate into the local computer certificate store. When that has been done you will need to install the winhttpcertcfg.msi which is in the Microsoft Live@Edu SSO 4.1 package and then run the SetupCert32.bat or SetupCert64.bat depending on your platform to allow network service to read the private key of the certificate.

Setting up the RPS Service

Now we need to install the RPSService which handles the Windows Live Passport tickets. The manual explains how to install it but the screenshots are a bit misleading so here are the steps you need to perform:

From a Administrator Commandprompt run the rps32.msi or rps64.msi depending on your platform
Start Installation Screen –> Click Next
License agreement screen –> click “I accept..” then click Next
Customize setup screen –> Click Next
Target Environment screen –> select Production and click Next
Configure Live Id Server Screen –> Click Next (you don’t have to enter a path)
Optional Screen –> Click Next
Second Optional Screen –> Click Next
Service Account screen –> Click Next (Use network Service)
Ready to Install screen –> Click Install
in the Completing.. screen –> Click finish
copy the RPSserver.xml to C:\Program Files\Microsoft Passport RPS\config directory

Check if the Passport RPS Service is running and then check the Windows System Eventlog if there are no errors for Source “DistributedCom” with the following (part of) text:

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{AD74AA3B-1286-4990-954B-DB2E4EEA652C}

Make sure the network service has local activation and local launch rights and Local access permissions on the dcom object rpssvc

Testing the connection

Now that we installed and configured the components we can start to test the connection. Open a web browser and go to the http://ssoportal website as configured before. You will see a screen similar to the following screen:

Click on step 1 and it should return your current windows user account:

Now step 2 is available, click on it and it needs to return the live Id which matches your windows user account as defined in studentlogin.xml

Moment of truth.. click on the button Step 4 and wait for a GREEN result

If you get a RED response then something wend wrong. The errors that I have seen are:

Private Key could not be read – make sure the account the application pool is running on has access to the certificate private key (SetupCert<platform>.bat)
also make sure that in the web.config <identity impersonate=”true” /> is changed to <identity impersonate=”False” />
407 proxy Authentication required – Make sure that in the web.config of the website <proxy autoDetect=”true” /> is changed to <proxy autoDetect=”False” />
This only occurs normally when the WPAD Configuration for ISA is defined.

So now that we have a ticket, we can click on the last step, step 5 to start a new browser and login to our live account automatically without entering a password!

In the next part of this blog I will explain how to install and configure the chisholm webpart for Live@edu

Thank you!

I would like to thank the following people from Microsoft who helped me in troubleshooting the installation and configuration:

Girish Kumar, Roshan Rajkumar, Shawn, Sai Ketha, Josh Clarke, Sophian, Prajakta Pitale and ofcourse Amit Shinde who helped me solve the last issues.
also thanks to Ruud Heemskerk and Donny van Huizen from Wortell for their assistance!

Posted in Live@edu, SharePoint 2007 | 3 Comments