Disable Loopback Check

Disclaimer: DO NOT DO THIS IN PRODUCTION … period.  Why? The loopback check is a security feature that is designed to help prevent reflection attacks on your computer/server.  As such, it is designed to fail fail authentication if the FQDN or the custom host header that you use does not match the local computer name.

So once upon a time (several times a year at least), you decide to build a new clean virtual machine to code on, you make it pristine with every patch, service pack, cumulative update, and the latest development tools.  It is pure awesomeness.  You build your web application with your dev site collection. You open a browser to it, and boom … you get prompted for credentials.  Alright!!!! It is alive.  You login … and you login again, and again.  Uh, what just happened; Nada … a white freaking page of nothingness.  If you use fiddler (or your tool of choice) to see the response, you will notice a “HTTP 401.1 – Unauthorized: Logon Failed”.  You can try again, but are logging in just fine.  You are being denied.

Long story short, you have been denied by the Loopback check feature which has been around since Windows 2003 (SP1) and Windows XP (SP2).  A very very long time.  The loopback check is a security feature that is designed to help prevent reflection attacks on your computer/server.  Unless you create web applications starting with the local computer name, you will be denied. That is why Central Administration works fine (unless you decided to give it a FQDN).  There are to solutions explained here (and all over the place on the web): https://support.microsoft.com/en-us/kb/896861

Here is a tool that implements the recommended approach (method 1):

https://loopbackchecktool.codeplex.com/

or visit my buddy’s blog @ http://blogs.technet.com/b/sharepoint_foxhole/archive/2010/06/21/disableloopbackcheck-lets-do-it-the-right-way.aspx

Here is the simple powershell command (method 2):

New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name “DisableLoopbackCheck” -Value “1” -PropertyType dword

The powershell approach is obviously the easy route.  I do encourage that you eventually look at the tool as this will be a better and safer long term approach.  For the curious, even in production, you shouldn’t have to do this in production at all.  You can diagnose just fine without it … log into to production for diagnostics should not be your first course of action.  If you have to do this, remove it after doing diagnostics … better yet, before you log off.

SharePoint Saturday Utah

SharePoint Saturday Utah has begun with a great crowd. I presented my session “Unlock your Big Data with Analytics and BI on Office 365” which is a Level 200 class. In my session I discuss how companies have huge amounts of data waiting to be explored. With Azure HDInsights (Microsoft’s Hadoop cluster solution in partnership with Nortonworks) you can realize the value of your data. With Microsoft Excel 2013 and Office 365, you have a complete platform for BI solutions and services. PowerPivot, Power View, Power Query, Power Map and Power BI Sites empowers users analyze and make decisions using structured and unstructured data.
Attendee Takeaways:
1. Learn to setup and configure HDInsights on Microsoft Azure.
2. Understand how to use Excel for BI capabilities.
3. Build a BI Dashboard in Office365.

Find the slide deck here:

and the code demo and sample here:

http://tweetsentiment.azurewebsites.net/

https://azure.microsoft.com/en-us/documentation/articles/hdinsight-hbase-analyze-twitter-sentiment/

https://azure.microsoft.com/en-us/documentation/articles/hdinsight-hbase-tutorial-get-started/

Finding duplicate values in a SQL table

Even though this is simple, I keep needing this every once in a while. This is for SQL Server.

To Find the list of fields for which there are duplicates (or multiple records), use:

SELECT [field1],[field2],[field3], count(*) as DUPE_COUNT INTO #DupeList FROM table_name GROUP BY [field1],[field2],[field3] HAVING count(*) > 1

Now to see the dupes:

SELECT * FROM #DupeList

Now, I prepare my delete … and verify I see only what I want to clean up:

SELECT * FROM table_name
WHERE [field1] in (SELECT [field1] FROM #DupeList)
ORDER BY [field1],[field2][field3]

Here we delete the dupes … be sure the query matches the select query to not delete unexpected data/values: (I commented this deliberated to avoid accidents)

–Clean up duplicate
–DELETE FROM table_name WHERE [field1] in (SELECT [field1] FROM #DupeList)

And we always clean up temp tables:

–Clean up the temp table
DROP TABLE #DupeList

For more details:
http://support.microsoft.com/kb/139444

Change the global SharePoint 2013 Label

Hi All,

Something I find very useful when working with clients is to help them distinguish each environment between development (DEV), testing (TEST), Staging (STAGE) and Production (PROD). Some clients may have even more environments.  Lets take a look at the change in the UI first…

This is the Out of the Box label (Before):

SharePoint Label Out of the Box

 

This is the customized label (After):

SharePoint Label modified

 

So how do we do it, we use PowerShell to change the label at the web application level:

Add-PSSnapin *share*
$webapp = Get-SPWebApplication http://bcdevsp2013
$webapp.SuiteBarBrandingElementHtml = “SharePoint DEV”;
$webapp.Update();

I hope this comes in handy.  It is a subtle thing, but very helpful throughout the application lifecycle.

Cheers,

Brian

PS – Happy New Years to everyone.

Add Farm Administrator via Powershell

I cant say how many times I’ve had to add myself or another account as a Farm Administrator, and I keep misplacing my scripts.  So lets try my blog, and now it helpful to everyone 🙂

Adding a user to the “Farm Administrators” group effectively will add you to the local machine group WSS_ADMIN_WPG on every server of the SharePoint farm and assigns the SharePoint_Shell_Access role in the SharePoint Configuration database and the Central Administration database.

#################################################
# Add a new Farm Administrator
#################################################
Add-PSSnapin *SharePoint* -erroraction SilentlyContinue
Write-Host
$newFarmAdmin = Read-Host -Prompt 'Enter the new Farm Administrator (i.e. DOMAIN\Username): '
Write-Host
$webApp = Get-SPWebApplication -IncludeCentralAdministration | where-object {$_.DisplayName -eq "SharePoint Central Administration v4"}
$site = $webApp.Sites[0];
$Web = $site.RootWeb;
$farmAdministrators = $web.SiteGroups["Farm Administrators"];
try {
   $farmAdministrators.AddUser($newFarmAdmin, "", $newFarmAdmin, "");
   $contentDB = Get-SPContentDatabase -WebApplication $webApp
   Add-SPShellAdmin -Database $contentDB -Username $newFarmAdmin
   Write-Host "Completed Succesfully!"
} catch {
   Write-Host 'Error: Failed to add user.' -ForegroundColor Red
   Write-Host ('Reason: ' + $_)  -ForegroundColor Red
}
$web.Dispose();
$site.Dispose();

Cheers!