Archive for May, 2007

Indexing external content with a case sensitive URL

29 May 2007 Leave a comment

There is currently a bug in MOSS 2007 search that automatically converts any URLs entered to lower-case.

We had a site hosted on a UNIX server that had a case sensitive URL, so when I entered MOSS 2007 converted it to and then tried to crawl this URL, but UNIX would return a “page could not be found” error.

Microsoft provided us with a hotfix for this, so if you have the same problem I suggest you raise a support request. 🙂

Categories: Uncategorized Tags:

Using the BDC to populate user profiles from a SQL Server database – Part One

15 May 2007 3 comments

I’m going to post a few articles about the process I went through to get this implemented.

There are a few things that aren’t documented that I wanted to catch in these posts, to prevent any further hair loss in the Sharepoint world.

In this first post I will detail how to install and configure SSO. You will only need to configure SSO if you are using SQL authentication to connect to SQL Server.

Initial Setup

I used multiple service accounts for my MOSS 2007 farm, to prevent a single point of failure. It can make installation a little more complex, but will provide a stable environment in the long run.

Below is a brief overview of the accounts that are needed for the SSO installation and configuration (For full details on all the accounts needed for a MOSS 2007 installation have a look here


Used to run installs, you should use this account to log-on to your servers. It should be a local administrator of all your servers and have system administrator rights to the database.


Used as the application pool for Central Administration and the process account for the Sharepoint Services Timer service. This account needs to a members of Logins, Dbcreator, Security Admin and DBO (for each database) roles

mossuser-SSPAppPool, mossuser-PortalAppPool, mossuser-OtherWebAppPool

All accounts that are used for web application pools will need to be able to administer SSO, this can be achieved by adding them to the mossgroup-SSOAdmin group.


This account is used to run the SSO Service, it will need to be a local administrator of the master key server and have security  administrator rights to the database*


This group should be added to the “Farm administrator’s group” and should have the the mossuser-SSO account as a member. (It’s worth while adding all users that need to administer the farm to this group for ease of management)


This group is used for the “Single Sign-On Administrator Account” and “Enterprise Application Definition Administrator Account” settings in “Manage Server Settings for Single Sign-On” page. This will need to have the following accounts as members; mossuser-FarmAdmin, mossuser-SSO, mossuser-Setup, mossuser-SSPAppPool, mossuser-PortalAppPool, mossuser-OtherWebAppPool.

Depending on how you manage your MOSS 2007 environment I would also add the mossgroup-FarmAdmin as a member, this means that all Farm administrators will also be able to administer SSO

*If you are unable to give your SSO account security administrator rights on your database then you will need to do the following

  • On a server that has MOSS 2007 installed, navigate to “C:\Program Files\Common Files\Microsoft Shared\Microsoft Office 12 Single Sign-on” and locate the sso_schema.sql file and take a copy.

  • Open up “Microsoft SQL Server Management Studio” and connect to your database server.

  • Create a database called SSO

  • Put the mossuser-SSO in the dbo role for this database

  • Make sure you have SSO selected as the database and then open the copied sso_schema.sql file.

  • Run the script


Configure the SSO Service

Locate the “Microsoft Single Sign-on Service” in Services

 SSO Service

Right click on the service and select properties

On the “Log On” tab, select “This account” and enter the mossuser-SSO as the user in the format of Domain\User

SSO Service Props 

Click the Apply button and then OK

Restart this service

Update the service account through Central Administration


I haven’t seen this documented anywhere, but you need to do this otherwise you will get the following error message when trying to configure SSO. This is only applicable if you are using multiple service accounts, if you are using one account that has local administrator rights and system administrator rights on the database this doesn’t occur

You do not have the rights to perfrom this action

In the event log the following error is logged

User DOMAIN\ mossuser-Setup failed to configure the single sign-on server. The error returned was 0x800708ad. Verify this account has sufficient permissions and try again.

Go to the Central Administration site

In the Central Administration site, go to “Operations” and under “Security Configuration”, click on “Service accounts”

Select the “Windows Service” option and in the drop down, select “Single Sign-on Service”Select the “Configurable” option and enter the mossuser-SSO user and password

 Service Account

Click OK

Secondly if you get this error message

Failed to connect to the database server. Verify connectivity and rights for the configuration account and try again.

You need to follow these instruction from the following MS KB article:

Configure the SSO Server

In the Central Administration site, go to “Operations” and under “Security Configuration”, click on “Manage settings for single sign-on” and then “Manage server settings”.

Enter DOMAIN\mossgroup-SSOAdmin for the “Single Sign-On Administrator Account” in the “Account name” box

Enter DOMAIN\mossgroup-SSOAdmin for the “Enterprise Application Definition Administrator Account” in the “Account name” box

Enter the database server name and the SSO database name for the “Database Settings” in the “Server name”  and “Database name” boxes

Click OK

Click on “Manage encryption key” and then click on the “Create Encryption Key” (You can also backup your encryption key here if you need to)

Go back to the “Manage Single Sign-On” screen

Click on “Manage settings for enterprise application definitions”

Click on “New Item”

Enter a display name for the application in the “Display Name” box

Enter an application name for the application in the “Application name” box (You will use this name as the reference later on so  I would make it small and easy to remember)

In the “Field 1: Display Name” , enter “User ID” and set “Mask” to “No”

In the “Field 2: Display Name”, enter “Password” and set “Mask” to “Yes”

Click OK

 SSO App Admin

Return back to the “Manage Single Sign-On” screen

Click “Manage account information for enterprise application definitions”

Enter the SQL account name in the “User ID” field

Enter the password for the SQL account in the “Password” field

Click OK

SSO App Def


This is another task that I haven’t seen documented that needs to be done every time you create an encryption key

Go to the Central Administration site

Under “Upgrade and Migration”, click “Enable features on existing sites”

Check “Enable all sites in this installation to use the following set of features” and click on OK. I think this must send out the new encryption key to the existing sites.

So I’m hoping now that you have SSO up and running!

In Part Two I will detail how to set up the BDC.


Categories: Uncategorized Tags: , ,

SSO Configuration

8 May 2007 1 comment

If you are getting errors when trying to configure SSO in MOSS 2007, something we discovered that solved this that is worth trying

·         In Central Administration go to Operations·         Under Secuirty Configuration, click on Service Accounts·         Select “Windows service” option and then “Single Sign-on service” in the corresponding dropdown·         Enter in the service account username and password·         Click OKEven though we had set this up through the “Services” console, doing this through the central administration screen fixed the problem.

Some of the errors we were getting was “Login failed for user: domain\user” in the event logs

Categories: Uncategorized Tags:

application.master – why oh why

2 May 2007 Leave a comment

I just can’t understand why the Sharepoint team have done this.

My client asked for a number of templates which each had to be styled differently, no problems I said I’ll use master pages, that’s what they’re for.

 Now I have to explain to my client why some of their pages are different…

 I would urge everyone to press Microsoft as much as possible to update this in a further release

Categories: Uncategorized Tags:

PSCONFIG configdb parameters

1 May 2007 5 comments

I don’t know if anyone else has experienced this, but the Microsoft documentation provides this as an example for the above command

Psconfig –cmd configdb –create –server servername –database databasename –user username –password userpassword –admincontentdatabase databasename

I tried running this and kept getting the following error

The -create command is invalid

This drove me made until I removed the “-” from the beginning of the create parameter and then I got the following error

The -server command is invalid

My amazing mind realized that a pattern was emerging and I went ahead and removed all the dashes from the parameters to end up with the following command.

Psconfig –cmd configdb create server servername database databasename user username password userpassword admincontentdatabase databasename

Hey Presto my “SharePoint Products and Technologies Configuration Wizard” began chugging away

Categories: Uncategorized Tags: