André Krijnen


Kerberos, Reporting Services and SharePoint Integrated http 401: Unauthorized

by on Apr.06, 2011, under Active directory, Kerberos, Reporting Services, SharePoint 2010

When it comes to Reporting Services integrated with SharePoint it is difficult to solve problems when you don’t know where to start. Alot of people having issues when solving problems, or configuring Kerberos that way that Windows Integrated security is working properly.

At my work I’ve been at different customers, and still having some problems when it comes to Kerberos, why? Because every environment is different, every server is different, and when it comes to Reporting Services integrated with SharePoint it is some times a hell to fix issues.

So I’ve done multiple integrations with Reporting Services and SharePoint, and yet I know alot about Kerberos. Setting up delegations between App Pools and SSRS, SSRS and SSAS, SSAS and MSSQL, SSRS and MSSQL.

So I’ve ran last monday in a problem with SharePoint and Reporting Services, and why I did I ran into it? Simply, not every environment is configured properly when it comes to DNS, AD, etc.

So I’ve used Fiddler, DelegConfig v1, DelegConfig v2 Beta, ProcessMonitor, but yet I couldn’t figure it out. Even with HTTP streaming, etc I couldn’t see any information. The only thing I could see that was every time I tried I was succesfully logon.

Everytime I get with the integration was the following error: The request failed with HTTP status 401: Unauthorized

Probably everyone that has configured SSRS with SharePoint has seen this error in his life, right? Well If you hit google or bing for it, it will always show Reporting Services Add-In SharePoint. Yes, this is the one everyone is talking about.

Well I used all the tooling a SharePoint dude has to know. But yet I didn’t receive any request on the server running SSRS, and you know why? Because somebody forget to add the http:///ReportServer to the Intranet list. Yet, I added the server to the Intranet list, it solved the problem. Do not add it to the Trusted Sites, because It won’t do anything.

4 Comments :, , , , , , more...

Windows Server 2008 R2 with WSS 3.0 Error 10016: DCOM IIS WAMReg admin service

by on Feb.20, 2010, under MOSS, Software, Windows Server 2008, WSS

Well it was the first time I did a deployment of WSS 3.0 on Windows Server 2008 R2 at a customer… the installation went very well I could say but yet I found out that I had a strange DCOM error. Not the DCOM error I would suspect…

Type: Error
Source: DCOM
Category: None
Event ID: 10016
The application-specific permissions settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1} to the user DomainName\UserName SID {61738644-F196-11D0-9953-00C04FD919C1}. This security permission can be modified using the Component Services administration tool.

So after searching on I found out that this has the do with the DCOM IIS WAMReg admin service. Normally you would say that this has to do with the location activation of the DCOM service. But when I found out that the DCOM service couldn’t be changed I had to figure out that I had to change some settings. I knew that you can activitate the DCOM service, but Microsoft had to change this DCOM service with the new release of Windows Server 2008 R2. On BING I found out that someone had this error.

So check the blog of Wictor Wilen It saves you a lot of time to figure it out.

2 Comments :, , , , , , , , , more...

MOSS 2007 / MSS 2010 virtualization problems.

by on Jan.20, 2010, under Virtualization

In the last couple of years I installed alot of different farms for SPS2003, MOSS 2007 and yet I started with the installation of MSS 2010.
Most organizations started using Virtualization software like VMWare ESX of other virtualization software. As far as I know I had to most problems with MOSS 2007 on virtual boxes. The most problems where database servers or badly configured boxes.

When you’re using SQL Server or other database server you’ll will see that when they are bad configured your farm is performing very very bad. Why?

One of the biggest reasons is that when you’re running a database direct on a Virtual Hard Drive it will not perform as well. Why? Mostly the vhd’s are using the same LUN on a SAN or physical disk. The best option here is to use pass-through disk to a LUN on a SAN.

Second when you’re running a DB server on a Virtual Box and you allocate shared memory and shared CPU’s it will also cost performance. This is also for MOSS or SP2010. You should use one-on-one CPU. So if you need 4 virtual CPU’s you’ll also need 4 cores and not sockets. For another example check your NUMA(Non Uniform Memory Access).

If you have a virtualbox with 8 cores and 32 GB of memory then your NUMA is 4 GB. So you can maximum allocate 4 GB of memory to a virtual server. If you allocate more memory it can cost your performance.

If your using VLAN’s and you have multiple Virtual Switches ensure that your MOSS or SP2010 environment is using the same Virtual Switch. If the latency is higher then 1ms your performance will drop. MOSS and SP2010 will only have a good performance with a very low latency.

Also if you’re running an AD server and this server is also running poorly your SharePoint environment will also perform poorly. SharePoint authenticates alot.

Most hardware performance issues are written above. Look at it when you’re making SharePoint environment virtualized. 80% of the problems are the DB server of the Indexing Server of your SharePoint environment.

Leave a Comment :, , , , , , , , more...

how to exclude paths in your #sharepoint farm

by on Jul.03, 2009, under blog

Allright let’s get started. Because a normal SharePoint farm will not allow you to request pages with logged in on your website. This is because MOSS will intercept every page you will ask even when you are using an Web Application. In WSS 2.0 and SPS 2003 you had to the possibility to exclude certain paths from being captured by SPS or WSS.

Well in SharePoint 2007 you can’t make an exclusion in Central Administration, but you can do it by manual. How to do this is easy or not, but it’s possible. You can’t access pages directly in a Web Application, but you can create a Virtual Directory. Still when you access this virtual directory, SharePoint won’t allow you to access this virtual directory.

Now we have to do it another way. Let’s modify the web.config of your Web Application.

this is probably how your section will look like:

  1. <httpHandlers>
  2.       <remove verb="GET,HEAD,POST" path="*" />
  3.       <add verb="GET,HEAD,POST" path="*" type="Microsoft.SharePoint.ApplicationRuntime.SPHttpHandler, Microsoft.SharePoint, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
  4.       <add verb="OPTIONS,PROPFIND,PUT,LOCK,UNLOCK,MOVE,COPY,GETLIB,PROPPATCH,MKCOL,DELETE,(GETSOURCE),(HEADSOURCE),(POSTSOURCE)" path="*" type="Microsoft.SharePoint.ApplicationRuntime.SPHttpHandler, Microsoft.SharePoint, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
  5.       <add verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  6.     </httpHandlers>

modify it to this:

  1. <httpHandlers>
  2. <!–      <remove verb="GET,HEAD,POST" path="*" />
  3. –>
  4.       <add verb="*" path="*.aspx" type="System.Web.UI.PageHandlerFactory, System.Web, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  5.       <add path="trace.axd" verb="*" type="System.Web.Handlers.TraceHandler" validate="True" />
  6.       <add path="WebResource.axd" verb="GET" type="System.Web.Handlers.AssemblyResourceLoader" validate="True" />  
  7.       <add verb="GET,HEAD,POST" path="*" type="Microsoft.SharePoint.ApplicationRuntime.SPHttpHandler, Microsoft.SharePoint, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
  8.       <add verb="OPTIONS,PROPFIND,PUT,LOCK,UNLOCK,MOVE,COPY,GETLIB,PROPPATCH,MKCOL,DELETE,(GETSOURCE),(HEADSOURCE),(POSTSOURCE)" path="*" type="Microsoft.SharePoint.ApplicationRuntime.SPHttpHandler, Microsoft.SharePoint, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
  9.       <add verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  10.     </httpHandlers>

Change the trust level:

  1. <trust level="Full" originUrl="" />

Ensure that your virtual directory has it’s own web.config. Without an own web.config it will inherit from your web.config in your website (of course your web.config of your web application).

Leave a Comment :, , , , , , , , , , , , more...

MOSS 2007 with something else

by on Jun.25, 2009, under blog

The situation is following.

I have a page located in the /_Layouts/ dir. This page is the CustomLogin page and validates two ways. The first way is by a post to a security validation with a token.

  1. <form name="LoginForm" action="<% =requestURL %>" method="post" enctype="application/x-www-form-urlencoded" id="LoginForm">

When we hit the submit button it should post data to this validation server and returns data formatted in the header.

The problem is that the posted data is not submitted, because for someone reason MOSS blocks it.

This validation server has it’s own SSL certificate and the MOSS site has it’s own SSL certificate.

Leave a Comment :, , , , , , more...

SharePoint sites using hostnames (HOSTS) with IE (IE6/7/8) have logon failures

by on Jun.17, 2009, under MOSS, Software

SharePoint sites using hostnames (HOSTS) with Internet Explorer 8 (IE8) have logon failures

I like to use beta programs. You can see what new functionality will be available before the product is released. But using betas of Internet Explorer is something i have a lot of bad experiences with. Currently we got a report on one of our websites that it had some problems running under Internet Explorer 8. Ofcourse i checked this in my virtual machine by installing the released version of Internet Explorer 6/7/8.

For some reason i was not able to access my SharePoint websites anymore. It kept me asking for my login over and over again. Doing some googling i found out that this issue was also under the beta release and that there is a solution. Keep in mind that this issue is still present in the released version.

It seems that Internet Explorer 8 does a loopback check. This causes SharePoint sites using hostnames (in your HOSTS file) with a logon to have logon failures.I like to use the HOSTS file, because you do not have to use specific port numbers for running your websites. Als for doing demos on events and at customers it looks better.

There are two solutions for the problem. This one i think is the best and less work:

1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. Right-click Lsa, point to New, and then click DWORD Value.
4. Type DisableLoopbackCheck, and then press ENTER.
5. Right-click DisableLoopbackCheck, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Quit Registry Editor, and then restart your computer. (it seems that this was not needed on my virtual machine).

For more information:

Leave a Comment :, , , , , , , , , more...

https doesn’t redirect to http in document library MOSS 2007

by on Dec.30, 2008, under MOSS

For a company I work for we have an different kind of situation regards the SharePoint site. We have a DMZ with all the webservers we need. We also got a small MOSS 2007 farm where the company hosts his two SharePoint sites. Both sites are on the same farm and on the intranet it works perfectly.

On of these sites is hosted normally on the http port, and the other on is hosted as an extranet application on the https port. The site hosted on the public http port is good, and doesn’t show any problems.

The certificate for the private site is at the reverse proxy server, although it is also a kind of firewall. We used the technet documentation for implementation (link). We did use the Alternative Access Mappings and we did redirect our https port(proxy) to the http port(Site farm).

Everything works perfectly, except for the Document Library. Normal documents can be opened without any problems, but when you want to access a folder in the document library we got a permission denied error from the proxy server. Why you may ask? Well the document library has folders and show all http:// instead of https://. So it redirects from an secure site into a insecure site were the port is blocked on the DNS.

So we maybe thought that this was related to the firewall instead of SharePoint, well forget that. The problem resists in the Document Library and nothing else. Now we contact Microsoft for this issue, but the problem is that Microsoft has only helpdesk people with knowledge of SharePoint or ISA Server. Microsoft helpdesk wants to relate the problem to the firewall instead of their own product, and I can’t blame them, because it’s their product. Well I’m not happy at all with this, because we won’t change anything in the firewall. We tried everything there is needed to work.

The company were I work for doesn’t have this problem to Exchange Server 2003, and this is the same kind of product, and they have the exact same rules and same implementation… Probably this a bug (or feature) and they can’t solve it… maybe later on…

Well I will keep you informed… when I have a solution my blog will keep you informed about it…

3 Comments :, , , , , , , , , , , , more...

My SharePoint-Sites doesn’t update

by on Jan.30, 2008, under MOSS

I discovered a problem with the My SharePoint-Sites. Someone at the company I work for discovered that he had alot of sites in his SharePoint-Sites webpart at his My Site. So that shouldn’t be a problem I thought. Well it was…

I deleted a subsite of our company intranet, because we decided that the site needed his own dns and database, because it was growing to large. After two weeks we found out that the SharePoint-Sites didn’t update and when we hitted on of these sites we got an error. So, I thought it was maybe a My Site related issue. I deleted his My Site, because it didn’t have alot of information on and added his My Site to new.

Still the same problems came forward, so I decided to hit for it. Well maybe I didn’t seek good enough, but maybe it was related to the search engine. So I decided to reset all the crawled content. After an hour I checked back on the My Site, but still the same problem exists.

Allright, so I decided to look in the help of the stsadm utility. Things that could help I sought on Well after a couple of searches I found out the following command:

stsadm -o sync -deleteolddatabases 0

In the ssp database you have the table ’sitesynch’ and holds the information for all synchronized information over your SharePoint sites and My Sites. This article mentioned also that sometimes the synchronization table isn’t sychronized. Well after an hour I checked back at the My Site and saw that the SharePoint-Sites didn’t appear anymore.

The job related to this is the â œProfile Synchronizationâ timer job

Leave a Comment :, , , , , , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!


A few highly recommended websites...