Tuesday, October 11, 2011

MOSS 2007, WSS 3.0 Service Pack 3 (SP3)

announced the release of service pack 3 for MOSS and WSS 3.0.

They will make the SP3 available for download in Q4 of 2011. That is a huge relief. I was going to start applying the cumulative patches. Now I will just wait for the SP3 to made available.

You can refer to their blog for details:

Wednesday, October 13, 2010

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms

I was installing SharePoint 2010 Foundation on a Win 2008 server SP2 (NOT R2) and got the following error when I ran the config wizard:

Failed to create the configuration database.
An exception of type System.InvalidOperationException was thrown. Additional exception information: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.SHA256Managed..ctor()
at Microsoft.SharePoint.UserCode.SPSolutionValidatorCollection.ComputeHash()
at Microsoft.SharePoint.Administration.SPUserCodeService.UpdateValidatorsHash()
at Microsoft.SharePoint.Administration.SPPersistedChildCollection`1.Add(T newObj, Boolean ensure)
at Microsoft.SharePoint.Administration.SPPersistedChildCollection`1.Add(T newObj)
at Microsoft.SharePoint.UserCode.SPSolutionValidatorCollection.Insert(SPSolutionValidator validator, Int32 index)
at Microsoft.SharePoint.UserCode.SPSolutionValidatorCollection.Add(SPSolutionValidator validator)
at Microsoft.SharePoint.Administration.SPUserCodeService.Update()
at Microsoft.SharePoint.Administration.SPPersistedChildCollection`1.Add(T newObj, Boolean ensure)
at Microsoft.SharePoint.Administration.SPPersistedChildCollection`1.Ensure(T newObj)
at Microsoft.SharePoint.Administration.SPUserCodeService.EnsureService(SPFarm farm, Boolean upgrading)
at Microsoft.SharePoint.Administration.SPFarm.CreateBasicServices(SqlConnectionStringBuilder administrationContentDatabase, IdentityType identityType, String farmUser, SecureString farmPassword)
at Microsoft.SharePoint.Administration.SPFarm.Create(SqlConnectionStringBuilder configurationDatabase, SqlConnectionStringBuilder administrationContentDatabase, IdentityType identityType, String farmUser, SecureString farmPassword, SecureString masterPassphrase)
at Microsoft.SharePoint.Administration.SPFarm.Create(SqlConnectionStringBuilder configurationDatabase, SqlConnectionStringBuilder administrationContentDatabase, String farmUser, SecureString farmPassword, SecureString masterPassphrase)
at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()
at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()
at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()

I checked out few blogs and KB articles, but was not able to resolve the issue.

In my case

1.) The FIPS settings was already disabled in local security policy settings.

2.) The accounts had required access to the hive, inetpub and all the other folders.

3.) We didn't have access to change the machine.config files.

After running the process monitor tool as the config wizard was running, we found that there were other Reg Keys that were showing up in the procmon logs.

On further analysis we found that there are FIPS related keys in three locations

1.)HKLM\SYSTEM\ControlSet001\Control\LSA\FipsAlgorithm

2.)HKLM\SYSTEM\ControlSet002\Control\LSA\FipsAlgorithm

3.)HKLM\SYSTEM\CurrentControlSet\Control\LSA\FipsAlgorithm

Only the 3rd key had the value as 0 i.e. disabled, but the other two had values as 1 i.e. enabled. I changed the values to 0 for the other two and then ran the PSCONFIG again. This time the installation was successfully completed. ISSUE RESOLVED.

Tuesday, September 14, 2010

SharePoint 2010 Installation Error - FIPS cryptographic algorithm

*****************************************************************************************
UPDATE October 13th, 2010- ISSUE RESOLVED- I had to make changes to few more reg keys!
Details are available here

*****************************************************************************************************************************



I was installing SharePoint 2010 Foundation in standalone mode on a Win 2008 server SP2 (NOT R2) and got the following error when I ran the config wizard.

Failed to create the configuration database.

An exception of type System.InvalidOperationException was thrown. Additional exception information: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

I checked out few blogs, but was not able to resolve the issue.

These were the blogs/links I referred to:

Amol's blog:

http://sharepointknowledgebase.blogspot.com/2009/04/this-implementation-is-not-part-of.html,

this pointed me to this KB article http://support.microsoft.com/kb/911722. The KB article talks about adding a section to your web.config, but in my case, the central admin site is also still not created so there is no web.config.

I also referred to another link which suggested to disable the FIPS compliance related Local security policy, but in my case it was already disabled.

I will troubleshoot this further and keep updating this post.


Update Oct 11th,2010.

We re-imaged our virtual server, basically got a new server and tried again, same problem again.

I have posted a question in technet

http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/81e1b564-c722-4aea-b7a1-788ff35e055d

*****************************************************************************************
UPDATE October 13th, 2010- ISSUE RESOLVED- I had to make changes to few more reg keys!
Details are available here

*****************************************************************************************************************************

Tuesday, August 31, 2010

SharePoint Item Level Permission


I am working on a requirement to secure a SharePoint list item and when I was reading about it on MSDN for the first time, I got very confused because of the class names associated with SharePoint security. SO I thought let me post a very basic article explaining how to change item level permission.

From the SharePoint UI this can be done by breaking the permission inheritance at item level and then by changing everybody's permission to read only. Go to Item Level Permission>Actions>Edit Permissions>Break Inheritance>Select all the user groups/users and give them the required permissions, in my case I am giving them read access, so that no one can change the list item once it has been submitted.


So how to change list level permission programmatically? Well, we need to make use of object model and this is one way of doing it.

The basics for getting permissions programmatically right are RoleAssignment and RoleDefinition. Users, User Groups are synonymous to RoleAssignments in the object model and permissions (Read, contribute, Owner etc) are synonymous to RoleDefinition.

So let's get started

1.) Break Inheritance
SPItemObject.BreakRoleInheritance(false);
The parameter false indicates that after breaking inheritance don’t copy any of the users from the list level, if you select true then users will get copied over to the item level.

2.) I selected false in first step because I don’t want to copy the users directly from the list level.
I will loop through all the users and user groups at the list level and add them with only read access to item. Here is the code for that, I was using this from inside a workflow, that why you see workflowProperties, workflowProperties.Item is just a SPListItem object.

//create a roledefinition for read access
SPRoleDefinition oRoleDefinition_Read = workflowProperties.Web.RoleDefinitions["Read"];
//loop through the user and groups at list level
foreach (SPRoleAssignment oRoleAssignment in workflowProperties.List.RoleAssignments)
{
//Remove all definitions(permissions)associated with the Role Assigments(Users and group)
oRoleAssignment.RoleDefinitionBindings.RemoveAll();
//Add the read only definition to role assignment
oRoleAssignment.RoleDefinitionBindings.Add(oRoleDefinition_Read);
//bind the the new role assignment to the item.
workflowProperties.Item.RoleAssignments.Add(oRoleAssignment);
}
3.) Then update the item and you are done.


We are using SharePoint WSS 3.0, MS SQL 2008, and Visual Studio 2005.

Monday, June 15, 2009

Anonymous access for a list

I was trying to enable anonymous access for a SharePoint survey list but was not able to allow anonymous users to edit/add list items. Later I found that it was because I had selected an option in my list which allowed users to see only the items created by them. This post talks about how I enabled anonymous access and then troubleshooted this problem.

I had followed these steps to resolve the issue:


1.) Navigated to CA ->Application Management ->Authentication Providers

Enabled anonymous access in the right zone.

2.) Went to the site were my survey list is and navigated to
Site Settings-> Advanced Permissions->Settings>Anonymous Access
selected the option List and Libraries


3.) Then I navigated to my Survey List->Settings->Permission for the List->Actions Edit permission, broke the inheritance, then navigated to Settings->Anonymous Access

But the Anonymous user options were greyed out.

So I verified all the above steps again .But found no mistakes.

Then I went to Survey List -> Settings -> Advanced Settings


Since I selected the option which allows users to view only their response, the anonymous user options in the list setting was greyed out. Once I changed this option to "All Responses", I was able to check the appropriate box in the survey list anonymous settings page.