February 9th, 2010
by Tristan Watkins
I’ve recently been involved in MOSS 2007 farm topology discussions with a client that was interested in using the Split back-to-back topology. After a lengthy troubleshooting and escalation process we’ve identified some problems with this TechNet extranet farm topology guidance in conjunction with Microsoft Tier 2 support. In short, the TechNet document identifies some supported topologies that span domains, but this incident has raised questions about:
- The acceptable placement of server roles in those topologies.
- Supported domain trust directions.
- Alternate Access Mappings requirements.
- Picking people from other domains.
This is an account of the relevant issues and the steps that we took to reach our conclusions. read more »
Authentication, Consultancy and Design, SharePoint | 
3 Comments »
January 18th, 2010
by Tristan Watkins
We’ve identified that the user profile import in the SharePoint 2010 public beta can’t handle hyphens in domain names. The import will succeed but the portion of the domain name preceding the hyphen will get trimmed. When a user logs on a new profile is created but it is orphaned from the imported data. In principal we’ve been able to work around this by migrating the user profiles with STSADM (thanks to my colleague Martin Hatch for the suggestion) but we haven’t put this approach to the test over a sufficient period of time to be able to recommend it firmly yet. We also don’t have a mechanism for triggering the update for newly-imported users but it shouldn’t be rocket science to come up with a solution to that problem for the duration of the beta.
Microsoft have confirmed this is a problem in the SharePoint 2010 public beta and that a fix will be included in the next release. Their response was on a closed beta forum, so I can’t include that detail here, but this is my description from MSDN: read more »
SharePoint | 1 Comment »
September 30th, 2009
by Tristan Watkins
Gary Lapointe recently released a custom STSADM command for setting the BackConnectionHostNames registry key. The relevant Microsoft KB article recommends specifying each host header with the BackConnectionHostNames key rather than disabling the loopback check, as this check is a valuable security fix. As Gary Lapointe mentions, Spencer Harbar put together some thorough background information on the roots of the fix. Without this command, setup and maintenance can be a bit of a hassle if you have lots of SharePoint applications or lots of Alternate Access Mappings (or if any of this information changes with any regularity). These registry changes need to be made on each web server for any sites with host headers. This includes Central Administration if it’s not configured on <servername:port>. So this could get quite laborious if the farm is fairly large. The UpdateFarm parameter may be particularly helpful in this regard.
Security, SharePoint, Windows | No Comments »
