Integrating Project Server with your SharePoint Farm

This topic has been coming up quite a bit for me recently, specifically the integration of Project Server with an existing SharePoint 2007 farm. I happen to have a strong opinion about it; whenever possible keep Project Server in a separate farm from that of your Portal, Intranet, and Extranet sites. Clearly, I cant make this recommendation for every scenario… but I do believe it’ll apply the vast majority of the time. If for whatever reason you can’t have more than one farm (it may very well be out of your hands), I will include some tips or best practices to help keep your farm in harmony.

Why separate farms? While Project Server relies heavily on SharePoint for the vast majority of its features (quite the understatement); Project Server environments are generally used very different from how Portals, Intranets, Extranets, and ECM environments are used. Having them on different environments allows for easier maintenance of one without impacting the other; this is particularly important with upgrades.

So how does integrating Project Server with the farm hosting your other environments affect it? For starters, if you are planning on upgrading either your standard SharePoint or Project Server sites; you cant really upgrade either without upgrading the farm… and since all are sharing the same farm, your not really left with much of a choice, unless you split them out while performing the upgrade… and now you’ll have 2 projects on your hand.

Also keep in mind that the user base will be completely different, as will be the stakeholders, and any project sponsors; as such, any SharePoint related initiatives of one group will have to be coordinated with the others. You’ll also likely have separate SLAs and governance for each environment.

If you only have one farm available, there are a couple of things you can do to help:

1. Keep the Project Server (PWA and Workspace Sites) in their own separate web applications. This setup will lend itself for an easier migration to a separate farm if an upgrade or separation is ever required, and allows for better segregation of both administrative and maintenance tasks.

2. Having a dedicated WFE (Web Front End) for your Project Server sites will help improve performance.

del.icio.us Tags: SharePoint,Project Server,Best Practices,Design,Planning

Technorati Tags: SharePoint,Project Server,Best Practices,Design,Planning

Retrieve the IUSR (Anonymous) password using the IIS Resource Kit Metabase Explorer

Just recently, while troubleshooting an 401 Unauthorized error on an FBA site in SharePoint, I discovered that someone accidentally changed the password of the IUSR account (IIS Anonymous User) on one the IIS Web Sites.

The error in the browser was "HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials." I've blogged about this sort of error before, and there can be many culprits. But having gone over the scenarios I know of that might cause this with no luck, I decided to look at the Event Viewer Security logs.

I quickly discovered a series of Failure Audits with event IDs 680, 529, 539. Event ID 529 was the one that caught my attention:

Logon Failure:
     Reason:        Unknown user name or bad password
     User Name:    IUSR_...

The problem was very apparent; there was an issue with the credentials being supplied by the IUSR account. I tested with another number of sites non of which generated the error, so it was definitely isolated to this particular web application (IIS Web Site). I verified the User Account and it was fine, so it had to be the password. I searched the web for a way to retrieve the IUSR account password and everything seemed to indicate that I should use the adsutil.vbs script (which works well, just remember to change "IsSecureProperty = True" with "IsSecureProperty = False".) But I also saw a comment referencing the "Metabase Explorer"; very cool.. something that would let me browse through the IIS Metabase.

I downloaded and installed the IIS Resource Kit and used it to retrieve the password of the IUSR account (IIS Anonymous User.)

After installing the IIS Resource Kit, follow these steps to retrieve the IUSR password using the Metabase Explorer:

1. Open the IIS Metabase Explorer by going to Start > All Programs > IIS Resources > Metabase Explorer > Metabase Explorer
   
2. Go to the "View" menu and click on "Secured Data"  (this will make sure the password is not displayed as asterisks) and Inherited Data (this will display any data that the web site is inheriting from the default)
   
    
   
3. Expand the W3SVC Branch
4. Expand the Branch of an IIS site that is running anonymous access
   
   
   Note: To determine the ID of the IIS Site; select the "Web Sites" node in IIS and look for the Identifier column in the right pane.
    
   
5. Select the "Root" node and look for the AnonymousUserPass property in the right pane.
    

Technorati Tags: IIS,Metabase,IUSR,Troubleshooting,Administration

del.icio.us Tags: IIS,Metabase,IUSR,Troubleshooting,Administration

Stopping and Restarting WSS 3.0 and Microsoft Office SharePoint 2007 (MOSS)

There isn't much information out there on the subject (at least not much that I've been able to find, and/or consider reliable.) The following steps describe my preferred approach to stop Windows SharePoint Services 3.0 and Microsoft Office SharePoint 2007 (MOSS) in most typical farm environments. It is based on Microsoft's recommended approach for moving SharePoint related databases.

1. Shut Down the World Wide Web Publishing Service in the front-end servers to prevent any users from accessing content. You may want to consider Quiescing the farm.
   
2. In the Services snap-in on the server(s) running Central Administration, stop the following services:

   Microsoft Single Sign-On service (MOSS only)

   Office Document Conversions Launcher service  (MOSS only)

   Office Document Conversions Load Balancer service (MOSS only)

   Office SharePoint Server Search service (MOSS only)

   Windows SharePoint Services Administration service

   Windows SharePoint Services Search service

   Windows SharePoint Services Timer service

   Windows SharePoint Services Tracing service

   Windows SharePoint Services VSS Writer service
   

3. On the server(s) running Central Administration, stop Internet Information Services by opening the command prompt and running iisreset /stop

If restarting the farm, restart the Server Running Central Administration first followed by any application servers and finally the web front end servers.

Please note that the approach may vary from farm to farm based on how its configured, for example: if the Central Administration server is also an application server or front end server, if there are any third party tools or services running on the server, or if the Shared Service Provider is being consumed by any other farms.

References:

Move all databases (Windows SharePoint Services 3.0)
Move all databases (Office SharePoint Server 2007)

del.icio.us Tags: MOSS,WSS,Maintenance,Administration

Technorati Tags: MOSS,WSS,Maintenance,Administration