Restricting access to mysites in SharePoint

You may come accross the requirment where you would want only certain group of people to be able to create my sites. This is possible by modifying permissions on Shared Services Provider, to do so follow these steps

1. Logon to Central Admin
2. Click on the Shared Services Provider that hosts my sites
3. Click on "Personalization services permissions" under the group "User Profiles and My Sites"
4. Click on the group "NT AUTHORITY\Authenticated Users" if it exists in that list and untick the option "Create Personal Site" and click save.
5. Using the menu on the permissions page, add the SharePoint group that you want to give permissions to
6. Click on the Group that you just added and select the permissions "Create Personal Site" and jobs done!

Modify Web Part Properties window very small

When editing a SharePoint publishing page or my site page and if the "modify shared web part" window appears very small or not visible then the short cut fix is to set the below style in your css file that is referenced from your Master Page

#MSO_tblPageBody {
height:600px !important;
}

The Trial Period for this product has expired - SharePoint 2007

I recently copied a Virtual Hard Disk from my Colleague and when I tried to create a new Publishing site, I got the error message "The trial period for this product has expired". I checked the licence tab in Central Admin and found that it said it was a enterprise licence.

On further investigation I found out that the service account used for the web application where I was trying to create a publishing site was using the "Network Service" account, on changing this to an account that was a member of the local administrator's group (since this was a development VM loaded on my laptop) the error message vanished, how strange!

SharePoint Search Error - failed due to the following error: 800703fa.

When I tried to edit my User Profiles and Properties page in my Shared Services Providor, I saw the error below

"An error occured while accessing the SQL Server database or the Office SharePoint Server Search Service. If this is the first time you have seen this messag, try again later. If this problem persists, contact your administrator"

On clicking on the Search Settings in the SSP, I got the error below, and the same error repeated in the event log..
Retrieving the COM class factory for component with CLSID {BDEADEE2-C265-11D0-BCED-00A0C90AB50F} failed due to the following error: 800703fa.

Also no search results were being returned.

We were running MOSS 2007 on Windows Server 2008 R2. The solutions was to reset IIS! No idea why I had this problem and how it solved but didnt have the time to investigate it that day!

One Way Trust in SharePoint , People Picker and Profiles

We had a scenario where SharePoint was installed on Domain A and the users whom accessed SharePoint where from Domain B.

This will work most of the time until you start doing things like People Picker in SharePoint and configuring profiles, my sites etc.

There is some more work for that to happen as listed below

1. To get people picker working correctly for users from other domains you need to run the syntax stsadm -o setproperty -pn peoplepicker-searchadforests -pv domain:domain1.com;domain:domain2.com,domain2\user,password –url https://sharepoint.domain1.com (good guide on this http://www.gk.id.au/2009/04/people-picker-sharepoint-and-forest.html)

2. To greet people from the one-way trust domain by name in SharePoint and to enable creating my sites for the other domain users , you would need to import the profiles of the users from the second domain. You need to do this by going to shared services providor - User Profile and Properties - Configure Profile Import (at the bottom of the page)

Once on that page, choose custom source and create a new source for the AD (example of syntax to use for the custom source can be found here or just google http://miss-sharepoint.blogspot.com/2008/04/custom-source-in-profile-import.html)

3. If you also want the one-way trust users to have their own "my site" then you need to change the app pool account that your my sites web application uses to an account from "Domain B". This is because since it is a one-way trus between
Domain A <- B, a domain account in A will not be able to talk to B but in order for my sites to work, my sites app pool accountconnects to the domain where the user is from to get the information related to the user but it will work the other way round because B has a one way trust with A.

So create a domain user account in Domain B and through Central Admin update the App Pool account that my sites uses to the Domain B account.

Finally add that app pool account into the farms administrator's group to complete the process.

The trial period for this product has expired. Kwizcom

We had a strange problem where certain users were seeing the Kwizcom "trial period for this product has expired" message whereas it was working for others, obviously we had the full licence and had activated it when this occured.

On investigation we found out that our Alternate Access Mappings in SharePoint was not setup correctly i.e. we have multiple WFE's but in AAM we did not have entries for all the WFE's as internal url's and also our public url was not in the Intranet Zone and this for some reason had caused Kwizcom web part to show as though this message!

System.Security.Cryptography.CryptographicException: The system cannot find the file specified

When working with Geneva and SharePoint and if you get the error System.Security.Cyptography.CryptographicException: the system cannot find the file specified, the fix is to run the command below where "AppPoolName" is the name of the app pool under which the SharePoint Web App runs

appcmd set apppool "AppPoolName" -processModel.loadUserProfile:true

appcmd can be found at %systemroot%\system32\inetsrv\ directory

My Site - There has been an error creating the personal site.

If you recieve the error "There has been an error creating the personal site. Contact your site administrator for more information" and you have users from multiple domains or one-way trusted domains then you need to add the application pool that the Mysites web application runs under into the farm administrators group.