‘Access is Denied’ in SharePoint 2010 on Search Service Application

After installing and configuring Search Server Express 2010 on Foundation I was unable to open the Search Service Application I had created in order to configure the crawling. To fix this problem you need to do the following.

  • Go To Central Administration
  • Under Application Management, click Manage Service Applications 
  • Highlight the Search Service Application Service that you can't get access to.
  • Click on Administrators in the ribbon
  • Add your account to the list of Administrators and then check the Full Control Check Box.
  • Click OK

Now you should be able to click on the Service Application and Administer it.

Hope this helps!

Can't log into SharePoint?

I had yet another one of those head banging on desk moments yesterday and then discovered the solution today! The problem was that I could NOT log onto SharePoint 2010 Foundation on the machine that was hosting the site (known as the WFE, the Web Front End) using the FQDN (Fully Qualified Domain Name), such as http://mydev.foobar.com. I could, however, log in just fine externally from the domain and even from a different machine in the same domain. I could also log into it on the WFE using the local machine name, like http://MyServer. No matter how hard I tried I could NOT log into the damned SharePoint site using the FQDN on the actual WFE. It prompted me for credentials which I entered correctly but it just kept prompting me.
 
I even had the network guys set up a zone on the DNS and create A Records etc. But still it wouldn't work. Not only that but the Search Engine Crawl failed for the FQDN and would only work for the Local machine name. So I went on a quest and found the answer. Rather than claim it as my own I have added the link to the article AND also added the resolution steps, just in case the article vanishes from the web! Don't you just hate it when someone posts something and all they do is say the answer is in this link, then the link is so old that it's gone! 
 
http://sharepoint.stackexchange.com/questions/5574/i-cant-login-to-sharepoint-2010-whats-wrong
For the record, this solved my issue on Windows Server 2008 R2 running SharePoint 2010. ALSO AS DC! :) For all you purists!
Disable the loopback check loadTOCNode(2, 'workaround'); Follow these steps:
1.    Click Start, click Run, type regedit, and then click OK.
2.    In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3.    Right-click Lsa, point to New, and then click DWORD Value. Type DisableLoopbackCheck, and then press ENTER.
4.    Right-click DisableLoopbackCheck, and then click Modify. In the Value data box, type 1, and then click OK.1.2.
RESTART PC!
 
This explains the reason why! http://www.harbar.net/archive/2009/07/02/disableloopbackcheck-amp-sharepoint-what-every-admin-and-developer-should-know.aspx

The OFFICIAL Microsoft KB article describes the 2 different ways to resolve this issue.
http://support.microsoft.com/kb/896861

The following is copied from the KB link above.
There are two methods to work around this issue, use one of the following methods, as appropriate for your situation.

Method 1: Specify host names (Preferred method if NTLM authentication is desired)

To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:

  1. Set the DisableStrictNameChecking registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
    281308 (http://support.microsoft.com/kb/281308/ ) Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
  2. Click Start, click Run, type regedit, and then click OK.
  3. In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  4. Right-click MSV1_0, point to New, and then click Multi-String Value.
  5. Type BackConnectionHostNames, and then press ENTER.
  6. Right-click BackConnectionHostNames, and then click Modify.
  7. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  8. Quit Registry Editor, and then restart the IISAdmin service.

Method 2: Disable the loopback check (less-recommended method)

The second method is to disable the loopback check by setting the DisableLoopbackCheck registry key.

To set the DisableLoopbackCheck registry key, follow these steps:

  1. Set the DisableStrictNameChecking registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
    281308 (http://support.microsoft.com/kb/281308/ ) Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
  2. Click Start, click Run, type regedit, and then click OK.
  3. In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  4. Right-click Lsa, point to New, and then click DWORD Value.
  5. Type DisableLoopbackCheck, and then press ENTER.
  6. Right-click DisableLoopbackCheck, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Quit Registry Editor, and then restart your computer.


I hope this helps someone out there!

SharePoint does not return any search results

If you've ever configured SharePoint search in 2007 or 2010 then you may have come across this nasty gotcha.

In the SharePoint 2010 world your results would look like this! Nothing! But you know your search engine crawls correctly because you've seen it work and there are no errors in the log!

The reason why this happens is the Default URL is not the one used in the Search crawl. If you don't have this configured correctly then you'll get zero results returned. Not only that but you will see some very weird happenings. When I was playing around trying to understand the problem I did a search and frustratingly got no results so I decided to log in as a different user, and then I saw the results of the search! Wow, that was just silly, so I did another search, thinking it would now work. But no it did not. OK, I thought I would switch back to the previous user again, and guess what! Yes, I saw the results again. But then searching failed if I tried another search. It really stumped me to think that the only way to see search results was to do a search and then log in as a different users. That's what I mean about weird stuff.

The Default URL in this Alternate Access Mapping is used in the Search Configuration. So just following the configuration below is all you need to get results.

 

This is the Search Service Configuration. Putting it all together will now allow your search to work without even running a crawl! Brilliant. So I thought it would be good to blog about my experience so that others could save their sanity when I almost lost mine...Laughing

 

Classic Mode vs. Claims Based Authentication in SharePoint 2010

The following is an explanation of the 2 types of Authentication. This is well documented on the web!

Classic Mode: This is nothing but Windows Authentication. If any web application is created with Classic Mode Authentication then it cannot applicable to configure forms based authentication. That is basically it.

Claims Based: In SharePoint 2010 for a web application we can enable both windows AND forms authentication. In earlier implementation to do this, we have to create two web applications which has different zones and different authentication. But, with the new claims based authentication a single application can have the capability to configure both windows and forms under single URL. All this is possible because of the authentication framework is built on Microsoft Identify Foundation, and it uses “Geneva” framework to handle this authentication.

Convert from Classic Windows to Claims Based Authentication:  To configure a Windows Authentication application to use Forms Based Authentication then you can convert from Classic Mode to Claims Based. But, there is no UI exist for doing this conversion. The only way around is through PowerShell.

WARNING! This cannot be UNDONE!
At the PS Prompt Type the following commands and press enter after each one.

$app = get-spwebapplication "http://<your site's URL>"

$app.useclaimsauthentication = "True"

$app.Update()  Don't forget the brackets!

IMPORTANT:  If an application is created using Claims Based Authentication and if you want to convert to Classic Mode then it is not possible either through the UI or through PowerShell.

SharePoint 2010 Authentication Provider

So you want to know if that SharePoint 2010 Web Application is configured with Claims Based or Windows Authentication?

The place to do this is via Central Admin -> Application Management -> Manage Web Applications. Then click on the Web Application and click on Authentication Providers in the Ribbon under the Security Section. BUT you might find that this icon is disabled like this screen shot.

Not to worry as you can enable it using one of two methods. One is to disable UAC via Control Panel but that's not really something you want to do. The other option is to Run your Browser as an Administrator like shown here.

Now you will see that the icon in the ribbon is enabled as shown here.

Now simply click the icon and you'll see something like the following 2 screen shots.

If you want to CHANGE the authentication type then you will need to do that via Power Shell which I will explain in another post.

SQL Server Export with Column Headers

If you want to copy the contents of a Results window from inside Microsoft SQL Server Management Studio AND include the Column Headers then you need to set the following via Tools -> Options.

Query Results -> SQL Server -> Results To Grid -> Check the box next to "Include column headers when copying or saving the results".

Note that you will need to close your current session and open a new one before this change takes place.

SQL Server tables in one swoop!

This is how to list all tables in a SQL Server Database with one statement, or two.

--Tables by Rows Descending Order
SELECT sysobjects.Name,
       sysindexes.Rows
FROM   sysobjects
INNER JOIN sysindexes ON sysobjects.id = sysindexes.id
WHERE type = 'U' AND sysindexes.IndId < 2
ORDER BY sysindexes.Rows DESC

--Tables by Table Names
SELECT sysobjects.Name,
       sysindexes.Rows
FROM   sysobjects
INNER JOIN sysindexes ON sysobjects.id = sysindexes.id
WHERE type = 'U'AND sysindexes.IndId < 2
ORDER BY sysobjects.Name

Clear Project List for Visual Studio

Have you ever wanted to clear the list of Projects from the Start Page in Visual Studio? Here's how to do it.

Run --> RegEdit  and navigate to: HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\<your version>\ProjectMRUList.

Delete the entries that you don't want.

You can also remove the recent list of files by clearing entries in the HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\<your version>\FileMRUList!

One more thing to mention. If you get those annoying Project names like Project (2), Project (3) and just want to start over then you can do that be deleting the folders in My Documents\Visual Studio 2008\Projects\. Usually these folders will only contain the Soluntion (*.sln) files.

Happy Programming!
Dave