Creating a broadly compatible, modern SSL certificate with Active Directory Certificate Services

After recently hitting the default two year expiration point with our SharePoint development environment’s AD CS-issued SSL certificates, I set about updating that environment with a new five year template. I took this opportunity to see if I could make it as good as possible without breaking compatibility with anything. I will discuss some of these compatibility issues along the way. I will also make the certificate exportable, make sure it’s using the SHA256 hash (SHA1 will be deprecated in the near future), change the Certificate Authority (CA) configuration so that HTTP Distribution Points will be contactable from “outside the network”, and set permissions on the template in a way that it will be generally usable.

Steve Peschka tackled some of these basics about 18 months ago, but as he notes, his posts covers the simplest updates you can make. I think a few other options are worth considering. I don’t pretend to know all that there is to know about Active Directory Certificate Services (AD CS), or PKI in general, but I do think we can advance considerably beyond the default with a few changes. This is not a well-documented subject, so I hope to pull a few disparate resources together and propose an improved template. If you think anything here can be improved further, please post in the comments and I’ll try to incorporate that feedback.

Continue reading “Creating a broadly compatible, modern SSL certificate with Active Directory Certificate Services”

Editing the Host Name field for wildcard SSL certificate bindings in IIS 7

Not only is this the thing that I always forget, it’s the thing that I’ve just learned I didn’t really understand. My colleague Ben just absolutely pwned me about an SSL certificate’s “Friendly Name” field and how it’s used when editing SSL binding in IIS. I was certain that Friendly Name couldn’t possibly be related to getting an editable host name field when you bind multiple Web Applications on the same IP address (assuming you have a wildcard certificate to handle this multiplicity). How it works with SAN certificates I don’t really know, but that’s a topic for another post. At any rate, in this case, I was bashing my head because I couldn’t get an editable Host Name field for my newly-extended Web Application:

Continue reading “Editing the Host Name field for wildcard SSL certificate bindings in IIS 7”

DCOM Security for SharePoint Administrators

In a server administrator’s never-ending battle with log clutter, DCOM errors have proven to be some of the most persistent and poorly-understood events – especially with SharePoint. Our community has been building up remedial practices for the most common of these errors, but changes to the number and complexity of these fixes over the last few years call for a deeper look at what we’re changing, and the effects of these changes beyond a reduction in red and yellow icons in the event logs. In this post I’ll talk about some of the fundamental concepts from a Systems dude’s perspective and along the way I hope to convey a better understanding of Windows itself.

Continue reading “DCOM Security for SharePoint Administrators”

Bit Rate Throttling Fix Released

A couple of weeks ago I posted information about a Fix For Bit Rate Throttling W3WP Crashes in SharePoint 2010. A few hours ago, Jack Freelander from IIS.NET announced that IIS Media Services 4.0 has been released, including this fix. This is just a quick post to update that the fix has passed Beta, in case anyone was waiting on the final release before diving in.

I still have yet to find the time to test this myself, but I’d be very keen to hear about your experiences – good or bad. Failing that, I hope to get back to this in the next couple of weeks.

Fix For Bit Rate Throttling W3WP Crashes

Over the Summer, we dove deep in to SharePoint 2010 for WCM when we re-launched our corporate website. As I mentioned the other day, I spent a decent amount of time looking at caching and some of the new supporting technologies, like Bit Rate Throttling, an IIS.NET extension to IIS 7.x – part of the IIS Media Services 3.0. package that also includes Smooth Streaming. Bit Rate Throttling is like when you watch a YouTube clip and it only buffers a short time in advance of what you’re watching, also known as Progressive Download. In Microsoft’s words, Bit Rate Throttling is…

“…an IIS 7.0 extension that meters the download speeds of media file types and data between a server and a client computer. The encoded bit rates of media file types such as Windows Media Video (WMV), MPEG-4 (MP4), and Adobe Flash Video, are automatically detected, and the rate at which those files are delivered to the client over HTTP are controlled according to the Bit Rate Throttling configuration.”

It basically saves you bandwidth by only transferring what you’ve watched plus a small, configurable buffer. Think about each user that starts watching a ten minute video but only watches one minute. In that time, they may have downloaded five minutes of content – quadrupling the bandwidth consumption unnecessarily. Bit Rate Throttling shares some user experience characteristics with Streaming Media, but it works on a normal web server over HTTP. It’s really quite a simple tool and I won’t devote space here to explaining it when the IIS.NET site already has some great content, including a brief introductory video. Definitely check it out.

So why am I writing about it?

Continue reading “Fix For Bit Rate Throttling W3WP Crashes”

Scheduled Sitemap Generation for SharePoint 2010 Websites

As promised in my SharePoint 2010 SEO Analysis with the IIS SEO Toolkit post, while the IIS.NET SEO Toolkit does an excellent job of generating an initial sitemap and providing a nice GUI for ad hoc updates, it does not offer any obvious scheduling mechanism to ensure that your sitemap stays current with the changing content in your CMS. Thankfully, my colleague Glyn Clough whipped up some PowerShell to produce a full sitemap for your web application based on Jie Li’s initial script, which was scoped at the root web. Running this as a Windows scheduled task will get you a very up-to-date sitemap for all sites in your web application with very little on-going maintenance. Nice one Glyn!

SharePoint 2010 SEO Analysis with the IIS SEO Toolkit

The IIS.NET Search Engine Optimization (SEO) Toolkit provides a powerful analysis tool that can generate reports for web editors and can automatically generate sitemaps and robots.txt files as well. These reports not only provide insight in to page rank improvements but also help content editors identify missing/duplicate content and find broken links. This post provides an overview of how the tools can be used by content editors or web managers who do not have access to the server infrastructure and what you can expect to see when running an SEO Analysis against an out of the box SharePoint 2010 Publishing site. I will also review the server tools that generate sitemaps and robots.txt files.

Installing the SEO Toolkit

Although Remote Server Administration Tools can be installed on Windows Vista and Windows 7, I have produced the directions below on my Windows Server 2008 R2 desktop. The instructions should be fundamentally the same for any OS once IIS Manager is available locally, however it is installed. To be crystal clear, the SEO Toolkit can be used by anyone with Windows Vista, Windows 7, Windows Server 2008 or Windows Server 2008 R2. It is not a requirement to have access to the web server and it is not necessary to install IIS locally.

Continue reading “SharePoint 2010 SEO Analysis with the IIS SEO Toolkit”

SharePoint Redirections

In the lead-up to our SharePoint 2010 website launch I’ve been doing a fair amount of research in to the SEO Tools that work with SharePoint. We’ve been looking at automatic/scheduled generation of sitemaps, robots.txt management and conversion of 302 (temporary) to 301 (permanent) redirects. There are a couple of approaches to tackling the first two issues, which I’ll discuss in my next post, but this last issue is more peculiar to SharePoint, as you will have noticed if you’ve ever looked at Fiddler when you browse to the root of a path. For instance, if I browse to the root of my http://publishing/ publishing site I will be automatically redirected to http://publishing/Pages/default.aspx. On a blank site template I would be redirected from http://blank/ to http://blank/default.aspx. In each case SharePoint issues a 302 temporary redirect from the root of the path to the default page. This is not optimal for search on the internet, so many people have tried to rewrite the URL using the IIS URL Rewrite module. Unfortunately, “rewrites” are not supported with SharePoint but I have never seen this explained clearly. To clarify, this is what we’re talking about:

Continue reading “SharePoint Redirections”

SharePoint 2007 administration part III: web application administration

This is the third post in a six-part series on SharePoint 2007 administrative commands. The first part was an overview and the second covered Farm administration. This part covers web application administration, which is carried out in SharePoint Central Administration. These administrative functions are carried out by farm administrators, but scoped at the application level rather than across the entire farm. Continue reading “SharePoint 2007 administration part III: web application administration”