Configuring IIS Bindings to include host headers with https on Windows Server 2008 (for SharePoint)

NOTE: We use a wildcard SSL certificate which makes our life much easier when dealing with multiple hostnames. I have not tested this approach with multiple SSL certificates for specific sites.

We’ve been reconfiguring our SharePoint 2007 farm over the past couple of days and it’s now hosted on Windows Server 2008 and using NLB (network load balancing). The load balancer has been configured with a single public IP address and all our previous DNS CNAME registrations have been replaced with hostname A registrations pointing at the address. With our previous configuration we had multiple IP addresses on the server, one for each web application. Each IIS web site was then configured with a host header and ip address to allow for secure traffic over HTTPS.

With our new configuration, I didn’t want to specify an IP address on the web site. Handily, IIS 7 makes that scenario possible (and even relatively straightforward). The only snag is that you can’t configure the necessary bindings through the IIS Manager GUI. You can do it through an xml config file, however:

  1. Look in c:\windows\system32\inetsrv\config and edit the applicationHost.config file. Make sure you take a backup first!
  2. Find the <sites> section in the file. In there you will find a <site> element for each IIS web site. Each of those has a <bindings> element with each port/protocol binding listed. Our main site looked like this:
    <bindings>
    <binding protocol=”https” bindingInformation=”*:443:” />
    </bindings>

    and we changed it to look like this:
    <bindings>
    <binding protocol=”https” bindingInformation=”*:443:myhost.mydomain.com” />
    </bindings>
  3. Repeat for each web application. If you have more than one web application on the same IP address using either http or https you need to configure a host header or you’ll have problems.
  4. Execute an iisreset.

We now have all our content web applications, the SSP and the central administration web sites all running on a single IP address, many on the same port and using SSL.

As I said at the start of this post, we use a wildcard certificate which makes my initial IIS configuration easier. I haven’t tried multiple certificates, and I’m interested to know if that works or not.

Incoming Email with SharePoint on Windows Server 2008

I’ve been meaning to write this up for a while, simply because it’s not quite as straightforward as with Server 2005.

To configure incoming email on SharePoint when running on Server 2008 you’ll need to run through the following steps:

  1. Install the SMTP feature
    Open Server Manager. Click on Features in the left hand column then click add features in the right hand pane. Tick the SMTP Server check box and click install.
  2. Configure the SMTP Service in IIS Manager (version 7)
    Start Internet Information Services (IIS) Manager from Administration tools in the Start Menu. Once open, click the name of the web server to bring up the options in the centre panel. In the centre panel, right-click SMTP E-mail and select Open Feature from the menu.
    Click the option to ‘store e-mail in pickup directory’ and set the path to be c:\inetpub\mailroot\Drop (that’s the default).
  3. Configure the SMTP Service in ISS Manager (version 7)
    Start Internet Information Services (IIS) 6.0 Manager from Administration tools in the Start Menu. Expand the server to show the SMTP service. In the ‘domains’ section, add any email domain aliases you need in there. Configure the other SMTP service settings just like you did with Server 2005.

SharePoint Service Pack 2 Pains

I finally bit the bullet and decided to upgrade our SharePoint farm yesterday. I’d been holding off for a while because of time constraints and because of a known issue with Project Server, also part of our farm.

I took careful steps to increment the farm from the SP1+Infrastructure update all the way through each CU up until the service pack. That all worked fine. It was when I tried SP2 I hit problems.

The first issue was that once I’d installed the WSS patch, the Sp2 patch refused to install. Rebooting the server then caused chaos as all my services complained that the SharePoint DB was the wrong version (too old, because I hadn’t run the config wizard yet).

Andy and I spent a long time poking the server yesterday, and spent time building virtual machines to take over the farm as well. We finally knocked it on the head just shy of midnight and left the server in the state it was, trying to start the upgrade installer.

When I got in this morning, the upgrade had installed. I’m guessing that the problems we were seeing were related to services starting and needing time to fail, and we simply hadn’t given them enough time to fail (mind you, the paranoid disk integrity check took a while…)

Much happier, I started the upgrade wizard. Which promptly failed. The logs showed the following:

[WebApplicationSequence] [ERROR] [5/27/2009 7:48:09 AM]: Action 12.0.4.0 of Microsoft.SharePoint.Portal.Upgrade.WebApplicationSequence failed.
[WebApplicationSequence] [ERROR] [5/27/2009 7:48:09 AM]: Feature '20477d83-8bdb-414e-964b-080637f7d99b' is not installed in this farm, and can not be added to this scope.
[WebApplicationSequence] [ERROR] [5/27/2009 7:48:09 AM]:    at Microsoft.SharePoint.SPFeatureCollection.AddInternal(Guid featureId, SPFeaturePropertyCollection properties, Boolean force, Boolean fMarkOnly)
   at Microsoft.SharePoint.SPFeatureCollection.Add(Guid featureId, Boolean force)
   at Microsoft.SharePoint.Portal.Upgrade.ActivatePublisingTimerJobsWebAppFeature.Upgrade()
   at Microsoft.SharePoint.Upgrade.SPActionSequence.Upgrade()
[ActivatePublisingTimerJobsWebAppFeature] [12.0.4.0] [DEBUG] [5/27/2009 7:48:09 AM]: Begin Rollback()
[ActivatePublisingTimerJobsWebAppFeature] [12.0.4.0] [DEBUG] [5/27/2009 7:48:09 AM]: End Rollback()
[ActivatePublisingTimerJobsWebAppFeature] [12.0.4.0] [DEBUG] [5/27/2009 7:48:09 AM]: Begin Dispose()
[ActivatePublisingTimerJobsWebAppFeature] [12.0.4.0] [DEBUG] [5/27/2009 7:48:09 AM]: End Dispose()
[ActivatePublisingTimerJobsWebAppFeature] [12.0.4.0] [DEBUG] [5/27/2009 7:48:09 AM]: Elapsed time: 00:00:00.0312496.

A quick dig with our old friend google turned up a couple of similar posts from Jukka on Moss and MySharePointofView so I had a look at the 12 hive and to my surprise found that there was no folder for the PublishingTimerJobs feature. I copied it from one of the new servers, already patched to SP2 and ran the command:

stsadm –o installfeature –name PublishingTimerJobs

That succeeded. I then followed with the old favourite:

psconfig –cmd upgrade –inplace b2b –force

That upgrade has just completed. No project-related errors, just success, so I add my experience to the collective.

Creating a new Virtual PC using the Virtual Windows XP Base Disk

One of the most useful elements of the Virtual Windows XP feature in Windows 7 is that the VPC is easily replicated and you can have multiple virtual machines all publishing applications which run in their own sandboxes.

  1. Create a new Virtual Machine
  2. Create a Differencing Hard Disk from the Virtual Windows XP Base
  3. Start the VM and run through the setup wizard:
    1. Accept the Licence Agreement
      image
    2. Set the keyboard and locale to your needs
      image 
    3. Give the PC a name and administrator password
      image
    4. Set the time zone
      image
    5. Wait while it configures networking…
      image
    6. … and runs through the final steps, followed by a reboot.
      image
  4. Configure the VPC for updates and user accounts:
    1. On restart, choose an option for automatic updates
      image
    2. You should now be logged in as administrator
      image 
    3. Open up Computer Management and enable the ‘User’ account, then reset the account password to something you know.
      image
      image
    4. Enable Integration Features from the VPC Tools Menu
      image
    5. Set the login account to the user account you just enabled.
    6. Accept the logon message to disconnect Administrator
      image
  5. Configure the applications on the VPC:
    1. Once you’re logged on as User, create a new shortcut in c:\documents and settings\all users\start menu and wait a few minutes.
      image
      You should see your start menu update with the new application shortcut
      image
      Each virtual machine gets a folder in your start menu beneath Windows Virtual PC and the applications on each PC appear in there.
    2. Once you’ve finished configuring your applications, log off your session on the virtual PC (don’t close the PC or shut it down)
      image
    3. Then close the VPC down from the Action menu and choose Hibernate
      image

If you now start any of the applications that have appeared in your main computer’s Start menu, the VPC will fire up in the background and you application will appear on your desktop. This is a great way to create multiple VPCs with applications that might conflict with each other.

There is a catch, however. Windows Virtual PC requires hardware virtualisation support to work. In my opinion this is a mistake. Since the virtual machines use emulated hardware rather than accessing the machine hardware like Hyper-V VMs do, I can’t see the reasoning here. Virtual PC 2007 used the hardware virtualisation if it was available but didn’t force it on you, which was the correct approach. Lots of businesses will find this technology useful, but will discover that the majority of their computers won’t be able to use it. At that point, the solution may as well not exist, and I for one hope that Microsoft change their mind about hardware virtualisation support before Windows Virtual PC ships.

NewSID fails on Windows Server 2008 R2

The title says it all. I’m currently building a virtual lab to test DirectAccess and every time I run newsid on windows server 2008 R2 the system bluescreens irrevocably on reboot. I’ve now switched to using sysprep to change the SID. Here’s hoping the sysinternals guys update what is undoubtedly one of the most useful tools around!