Category: Infrastructure

Categories
Azure Infrastructure Office 365

Azure: Setting up a custom domain for Office 365 by way of Azure Active Directory

If you’re like me, sometimes you like to do things a little more efficiently and elegantly through PowerShell or through the Azure portal when it deals with the underlying infrastructure that’s associated with an Office 365 tenant. If you’re using Office 365 you’ve established a tenant with a .onmicrosoft.com name.  Reminder PSA: You can’t change your tenant name after you’ve created it – at least not right now.  But you can mask it using custom DNS names.

If you’re a little leery of Azure, then perhaps this will help to peel back the onion and bring tears of happiness to your face.

Step 0 – realize what you’re doing 🙂 and also that you probably want to make certain that you have permission to use the domain name that you’re setting up on the Office 365 / Azure instance that you’re going to perform these configuration changes on. Note that if you’re using a domain name already for something else that it might be wise to create a subdomain to tinker with rather than making “adjustments” to the main domain that you’ve got (e.g. something.danusher.com rather than danusher.com).

Step 1 – Head on over to your Office 365 admin portal (https://portal.office.com/adminportal/) and go to the bottom left corner to expand the “Admin Centers” section and click on “Azure Active Directory” (https://aad.portal.azure.com/binarybrewery.onmicrosoft.com). This will launch you to your Azure Active Directory admin center within Azure (alternatively, you can go to portal.azure.com and click on Azure Active Directory from the left most blade to open these settings).

Step 2 – Expand “Azure Active Directory” from the left most blade and then select “Custom domain names” from the blade that appears. This will list out the default tenant name that you have with your Office 365 tenant that was built out with your tenant when it was provisioned.

Screenshot 2018-03-27 21.52.54.png

Step 3 – Add a custom domain by typing in the name of the domain and then determining if you want to use a TXT record or an MX record to verify that you own the domain. If you’re not familiar with how to edit your TXT or MX records, Microsoft has some handy documentation on this over on the Office 365 support documents – https://support.office.com/en-us/article/gather-the-information-you-need-to-create-office-365-dns-records-77f90d4a-dc7f-4f09-8972-c1b03ea85a67

Screenshot 2018-03-27 21.57.20.png

Step 4 – Wait a while. Or as Spence would say while provisioning your User Profile Application, get a cuppa coffee.  DNS sometimes can take a while to provision.

Screenshot 2018-03-27 21.58.58.png

Sadly there are no exciting fireworks through the Azure Portal when you verify ownership of a domain.Screenshot 2018-03-27 22.31.19.png

Just a quick toast that briefly appears in the upper right hand corner of the Azure Portal.

Step 5 – Determine whether you just want to setup Azure AD Connect to get started with Directory and Password Synchronization, or go back to the Office 365 portal and setup the remaining DNS entries to be able to fully recognize the capabilities of Office 365. Nevertheless, you’ll see this screen within Azure upon completion of domain verification.

Screenshot 2018-03-27 22.14.05.png

Back in the Office 365 Admin Center however, you’ll notice that the domain says that it’s still being setup.

Screenshot 2018-03-27 22.34.09.pngStep 6 – Complete the setup of the domain by clicking on the line item associated with the domain name that has been verified by Microsoft Azure.

If I point my name servers from this domain through my registrar to be managed by Microsoft’s name servers, a lot of things just go away as Microsoft manages the domain for me at that point. If I however want to perform these configurations on my own as I have a complex DNS environment, I can do so by adding the values similar to these (fairly standard where you simply replace “potatoe-cloud” with your DNS name)word:

screenshot-2018-03-27-22-35-13.png

After you’ve updated your DNS within your registrar, you’ll see something like this if you happen to have an incorrect record…

Screenshot 2018-03-27 22.48.11.png

In my case I accidentally had an extra character in there – simple cut and paste error. 😐

After making my corrections and verifying settings I received a nice note that all was configured and ready to go.

Screenshot 2018-03-27 22.54.53.png

From there, any new user I create within Office 365 will make use of the @potatoe.cloud domain name rather than the Tenant name.

Congrats on having your Office 365 email accounts now masked as well as user login’s. I’d recommend learning how to setup and use Azure AD Connect so that you’re able to move forward with having your domain identities provisioned with Office 365 / Azure Active Directory to enhance your end user’s experience.

Remember – DNS isn’t that difficult. But it’s easy to mess up and also then make things more difficult.

Categories
Azure Infrastructure

ARM Template Reference Now Available

If you’ve been tracking Microsoft’s Azure cloud offering over the past few years you’ve probably noticed that there have been a few (hundred) changes during that time period. And by hundred, I mean multiple hundreds. . .

One of those changes was to transition from the Azure Service Management interfaces to the Azure Resource Management template model. This methodology has made the development of complete environments through Infrastructure as Code significantly more manageable through resource groups using templates that can be spun up and torn down on demand.

Recently Microsoft released their Azure Resource Manager template reference which guides you from nothing to environment in a pretty rapid fashion. If you’re familiar with Infrastructure as Code using JSON notation then this will be incredibly familiar to you and you may even find yourself liking it.

https://azure.microsoft.com/en-us/blog/azure-resource-manager-template-reference-now-available/

Categories
Infrastructure

Windows Management Framework 4.0 Released

Just a heads up that the Windows Management Framework version 4.0 has been released.

If you remember the past year or so that it wasn’t until Service Pack 2 was released for SharePoint 2010 that you were able to use Windows Management Framework 3.0 with the application server. In similar fashion, version 4 is not compatible with a boat load of applications (Exchange 2013, SharePoint 2013, SharePoint 2010).

So before you get excited and run out and install it to start taking advantage of some of the improvements in Windows Remote Management, be mindful that it will break your applications.

http://www.microsoft.com/en-us/download/details.aspx?id=40855

Uncertain as to when we’ll see fixes to allow for compatibility with all of these application servers…

Check out the snazzy System Requirements tab:
Windows Management Framework 4.0

Categories
Infrastructure

Blocking the installation of SharePoint 2013…

Recently I came across a thread on SPYAM regarding whether it’s possible to block SharePoint 2013 installations using group policy or through the registry.

Sure enough it’s possible to use the SharePoint 2010 installation blocking technique for SharePoint 2013 with a minor modification. Rather than having the Registry Key be for 14.0, just modify it to be 15.0.

So the key that end up implementing either through Group Policy, Power Shell or Registry key setting is:

HKLMSOFTWAREPoliciesMicrosoftShared ToolsWeb Server Extensions15.0SharePoint

With a DWORD Value of ‘DisableInstall’ with a property value of 1.

Sure you can still install the pre-reqs for 2013, but when you attempt to install the actual SharePoint 2013 binary, this is what you end up with:

SharePoint2013-BlockInstall

Time to pick up that VOIP handset and call the administrator about the GPO that seems to be pushed to my server and why I should be allowed to be moved to another OU that has a different domain linked policy. 🙂

Categories
Documentation Infrastructure

Docs: Upgrading to SharePoint Server 2010 v3 Released

Similar to other documents, Microsoft has released a second update this month pertaining to Upgrading to SharePoint 2010. Similar to other docs, no change log is included with the document – break out your compare documents to find out the differences.

The document is available in two flavours, doc and pdf and available here for download:

Upgrading to SharePoint 2010 – Version 3, Released 17 January 2001

Categories
Documentation Infrastructure

Docs: Group Policy for Microsoft Office 2010 – Update v2

In case you downloaded the Group Policy for Microsoft Office 2010 earlier this month, Microsoft has updated the documentation, still available in your favorite three flavours of doc, pdf and xps.

Group Policy for Microsoft Office 2010 Version 2, released on 17 January 2011

Unfortunately a change log page is not included within the document, thereby preventing us from knowing exactly what changed.

Categories
Documentation Infrastructure Networking

SharePoint Products and Technologies Protocol Documentation Update

For those of you that are working with integrating SharePoint with other technologies or just plumb curious as to the interfaces and technical specifications to take into account while developing solutions, best check out the 186 MB of SharePoint Products and Technologies Protocol Documentation that was recently updated and re-released. The original documentation was released back in July 2010.

Quick access here:

Microsoft SharePoint Products and Technologies Protocol Documentation – (1/10/11 v1.11)

Categories
Infrastructure System Administration

December 2010 Cumulative Updates for SharePoint

This one goes out to my friend and SharePoint colleague, Mark Rackley, also known to many of you as @MRackley. Gotta help my Dev friends that wonder at times why the underlying infrastructure doesn’t work properly – hopefully these bits will help.

Seem like you just got the good bits for the October 2010 Cumulative Update for SharePoint 2010? Just like that *snap* the December 2010 Cumulative Update is available.

The cumulative updates contain several fixes that go across the entirety of the platform from REST to Search to e-mail notifications that should be sent to task assignee’s.

Information Articles for December 2010 Cumulative Updates:

SharePoint Foundation Server 2010 – http://support.microsoft.com/kb/2459108
SharePoint Server 2010 – http://support.microsoft.com/kb/2459257
Project Server 2010 – http://support.microsoft.com/kb/2459258

Windows SharePoint Services v3 – http://support.microsoft.com/kb/2458606
Microsoft Office SharePoint Server 2007 – http://support.microsoft.com/kb/2458605

Full server downloads from the automated hotfix system available at:

SharePoint Foundation Server 2010 (x64 – 50.5 MB) – http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2459125
SharePoint Server 2010 (x64 – 325 MB) – http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2459257
Project Server 2010 (x64 – 330 MB) – http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2459258

Windows SharePoint Services v3 (x86 – 29.5 MB, x64 – 33.4 MB) – http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2458606
Microsoft Office SharePoint Server 2010 (x86 – 63.7 MB, x64 – 60.5 MB) http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2458605

Please be aware that there are some known issues with the SharePoint 2010 Cumulative Updates which may incur issues with some functionality, namely this:

Important notes about the cumulative update package

  • The Microsoft Office 2010 hotfixes are now multilingual. This cumulative update package contains updates for all languages.
  • This cumulative update package includes all the server component packages. Additionally, this cumulative update package updates only those components that are installed on the system.

Known issue 1
Consider the following scenario:

  • You install the Cumulative Update in this KB article on a SharePoint 2010 server.
  • You restart the server as it prompts you at the end of the installation.
  • You run the Psconfig.exe tool after the server restarts.

In this scenario, you see an error page when you access the Manage User Profile page in Central Administration.

Workaround

To work around this issue, follow these steps:

  1. Open the Central Administration page.
  2. Click Manage Services on the Server link.
  3. Find the User Profile Synchronization service, and then restart the service on the Server.aspx page.
  4. Perform iisreset after the service restarts successfully.

Known issue 2

2490381 (http://support.microsoft.com/kb/2490381/ ) You cannot create an AD DS synchronization connection that has multiple domains selected after you install the Cumulative Update in either KB 2459257 or KB 2459258

(Reference: http://support.microsoft.com/kb/2459257)

As always, be sure to install cumulative updates in a testing environment prior to implementation on a production system.

Lastly remember that for SharePoint 2010, you only need to download the patch for the product you’re working with whereas with Microsoft Office SharePoint Server 2007 you’ll need both the WSS v3 patch and the MOSS 2007 patch.

Categories
Infrastructure Troubleshooting

Surrounding Infrastructure–the bane of the IT Pro Detective Work…

We’ve all been there, we get a call from our client, customer, project manager or colleague at 630 in the morning stating that the portal is down. Typically this is done in such a manner that involves a terse conversation asking how long you’ve known the system was down and when you were going to alert other folks… Granted dependent on the systems monitoring software in your system you may or may not have received an alert.  In my case you’re dreaming of a white sandy beach and wondering why there’s a ringing noise coming from the handle of Patron in your hand.

Nevertheless, once you get down to details though, I know that for me, I tend to find myself investigating such outage issues by looking in a few different buckets or areas first – all of which tend to deal with other systems that SharePoint relies on…

1 – Network Systems – did a network administrator change the VLAN or network route that the SharePoint products and technologies platform rides on top of to something that passes directly into a firewall that drops every frame trying to pass through? did a cable get gnawed through by an animal? did someone unplug the RJ45 altogether leaving your system not responding at all?

2 – DNS – is there a Domain Name Service issue where the names are no longer resolving properly? did someone remove a CNAME or A Record? did the MX record somehow get munged due to policy causing incoming e-mail to cease operating? did someone forget to renew your DNS record altogether? are your SSL certs invalid now because the CA chain is broken somehow thanks to DNS resolution (what’s that, you can’t access the CRL?)…

3 – Storage Fabric Operations – is there a problem with the storage fabric that’s hosting your SQL content databases? did someone cut the fiber inadvertently or blow away your storage zone? Or did a disk controller pass away in the night, overworked by backups? All fun things that are a ton of fun to explain… “It’s not the SharePoint platform, it’s just the storage where all of the databases that power the content seem to be gone…”

4 – Active Directory – did the service accounts running the SharePoint platform suddenly get changed such that their passwords expire after being told they were set never to expire? the accounts themselves are expired somehow? they were enabled for smartcard interactive login (which effectively scrambles the password to 256 random bits)? the service principal name (SPN) associated with a URI for Kerberos to work was removed?

5 – Group Policy – did the Network administrator controlling all of the domain policy suddenly get a zero day exploit update tossed on their plate that’s rated “Critical” by an Information Awareness Manager or Information Systems Security Officer? Did they push the patch without alerting you the IT Pro that’s watching over the health and welfare of your system? Or did someone perhaps just remove different policies assigned to OUs and decide to make an über-policy that trumps everything without checking what the RSOP was?

Rather than drone on regarding several other buckets I check, I’d say that on average those are the five that I check first… More often than not I find that the 5th is typically what happens where the resultant set of policy sets a policy such that either client systems accessing the SharePoint portal are no longer capable of integrating as they were meant to (“Hey where’d my SharePoint Sites in Word go?”) or such that the Windows Server operating system hosting SharePoint now has a setting that causes certain components to cease to operate (always fun when a network admin changes a system to disable loopback checking in turn killing search crawling, right?).

Fear not though, Microsoft has a tool out there in the Azure cloud to assist with tracking down the Global Policy Object that is causing your system grief – Global Policy Search.  It’s available at: http://gps.cloudapp.net/

This is definitely one of my favorite cloud apps out there that assists in quick and easy searchable and filterable results to track down the GPO that’s the troublemaker to remediate issues.  Give it a spin around the block and you’ll find that it’s quite helpful to have in your back pocket.

Categories
Infrastructure

EBS Hotfix for SharePoint 2010

So somehow I missed a tweet from Rob D’Oria, but apparently there’s an External BLOB Storage (EBS) hotfix that is necessary for SharePoint 2010 environments using EBS that was released back on September 7, 2010 with KB number 2398734.  The hotfix was primarily built to address the following EBS issues:

A customized external binary large object (BLOB) storage provider (EBS Provider) crashes the worker process (W3wp.exe) when you perform one of the following actions:

– You upload a file through the Windows Explorer view or through the Microsoft FrontPage remote procedure call (RPC).
– You upload files by using the Multi-File upload control.
– You create a publishing site.

The hotfix also addresses a scheduled password change process issue:

The scheduled password-change process fails when you try to use the automatic password change feature for a SharePoint farm service account. This issue occurs when the service account is not a member of the local Administrators group in Windows.

After installing the hotfix, be sure to run the SharePoint Configuration Wizard to ensure that it is absorbed into the rich ether of your SharePoint fiber. Smile

And on a side note, this hotfix does not seem to be a part of the October 2010 Cumulative Updates for either SharePoint Foundation Server or SharePoint Server.

Thanks again to Rob for the tip!