IIS ‘Service Unavailable’ KB973917 broke my SharePoint sites Windows Server 2003

I have this morning been looking into an issue with a clients SharePoint farm failing to load pages displaying ‘service unavailable’ when attempting to browse to the site.

Looking into event viewer I was receiving events as shown below:

Event Type: Error
Event Source: W3SVC
Event Category: None
Event ID: 1002
Date: 09/12/2009
Time: 14:26:07
User: N/A
Application pool 'SharePoint Central Administration v3' is being automatically disabled due to a series of failures in the process(es) serving that application pool.

Initially I thought that passwords had become corrupt and ran the stsadm commands to refresh the passwords with no joy following article http://support.microsoft.com/kb/934838.

Looking back through the logs I found that 9 windows updates had been applied on a schedule. I removed all 9 updates rebooted and my SharePoint farm was back up and running :)

By process of elimination I found that the ‘KB973917 - Update that implements Extended Protection for Authentication in Internet Information Services (IIS) ’http://support.microsoft.com/?kbid=973917 was the cause of the problem.

Using add/remove programs I was able to remove the update reboot the server and all working fine. I also changed the clients settings to not download updates on the production environment (as show below).


The moral of the story here is to have test environments where patches are tested before applying to production environments.

***Update 10/12/09 - Fix***

Thanks to Jimmie from the Microsoft (Jimmie if you’re on Twitter let me know your id) who commented on my blog, the fix is as follows:

The issue is not due to the hotfix directly but simply that the server running IIS was not service packed to SP2 successfully. A scenario for this happening could be if the the server was service packed before the IIS components were installed. When installing the IIS components if the source i386 folder is not the latest this could present you with older DLL’s and in this case this conflicts with the hotfix which only works against the latest service pack 2 DLL’s.

To resolve this issue install the hotfix followed by a re-service pack of the server to service pack 2. This will update all the core IIS DLL’s to the relevant levels. To confirm this navigate to %systemroot%\system32\inetsrv and check that a DLL for example IISADMIN.DLL should be at build (3759 – Service Pack 2). This should now work avoiding incompatibilities between DLL’s.

Hope this is of some use to you!

***Update 11/01/10***

Following a recent Tweet noticed that this also causes an issue on Windows 2008 See Todd Klindt’s blog on this. Currently no fix for this one though!

Microsoft TechEd 2009 Experience / Thoughts / Feedback (Non Technical) #TEE09

I was going to send some feedback to TechEd direct and thought I’d blog on it instead so here’s my experience of TechEd 2009.

TechEd 2009 was my first and my overall experience was pretty good. A big thank you to Berlin for a fantastic location for the event, I really enjoyed my Berlin experience and would not hesitate going back.

There was a great party on the Tuesday and Thursday evening after the sessions where everyone could relax and enjoy a German beer or two!

The sessions were well presented in most cases, although the interactive theatres suffered from too much noise from the TLC area which sometimes was a little distracting for both presenters and delegates.

I followed the SharePoint 2010 track fairly closely and as this was in demand some of my points reflect the experiences I had following this track so I’m not saying the whole event had these issues:

  • I missed 2 key sessions I penned in on the schedule ironically one of them being the SharePoint 2010 overview (the main session to kick off my week) was one of them. Both sessions were way oversubscribed for the size of the rooms. There were certainly bigger rooms at the venue which could have housed these..
  • Having missed a couple of key sessions my time in between was spent literally making sure i could get into each session so I'd end up 15-20 minutes early so not having much chance to enjoy the free beverages on offer.
  • Where I had planned lunchtime sessions these started 20 minutes after the morning session and with the food hall 10 minutes away then the lunch rush there was no chance of getting back so a couple of occasions i had to skip lunch (I probably needed it!)

Suggestions for next years TechEd:

  • With lunch sessions it would have been ideal if there was packed lunches available as I found no time for lunch on a couple of occasions
  • Networking area flags – A good idea would be to have some of the main countries flags so that you could identify people from your own country, this is not just because of the language issue but so you can identify people who may have worked in similar types of organisations as yourself e.g. local authorities
  • Session booking system to commit your schedule booking so if you do turn up 5 minutes before the sessions started you are guaranteed a seat, possibly using your barcode to swipe in.
  • The event was huge and there may be people you have worked with who you haven't seen for a while who may be sitting on the same session – perhaps before each session starts the projector scrolls a list of people who have registered to attended the session, this would give people the opportunity to see who they could possibly try and network with and who's attending the event.
  • Wireless – or lack of! Could hardly get on wireless and reliability was pretty poor this really needs addressing for the next event!
  • AND MOST IMPORTANTLY - As I heard of previous TechEd’s there was parties hosted by each country however this year there wasn't one :o( this was a shame and these should be brought back!

To conclude I would certainly go again as the main reason for attending was for the technical sessions and my ultimate aim was achieved.

How to Change Portal Site Connection for all new Mysites created in MOSS 2007

Quite a common request when working with Mysites is how do you change the Portal Site Connection so that new Mysites can navigate back to the portal.

There is an easy way to change this setting globally so each new Mysite user does not have to manually change this.

I couldn’t find a way to do this from the SSP and following a bit of testing discovered that if you navigate to the root of Mysites web app and add to the end of the url _layouts/portal.aspx (e.g. http://mysites/_layouts/portal.aspx) and select Portal Site Connection


From here enter the portal connection details and this will then apply to all new Mysites created, unfortunately this does not apply to existing sites so make sure you apply this setting early to avoid either creating a custom feature or many support calls.

I’ll be at Microsoft Tech Ed 2009, Berlin #TEE09

image I’m attending Microsoft Tech Ed 2009, Berlin. Hopefully I’ll have plenty to blog about on and after the event and will also be tweeting whilst I'm there. You can follow me on Twitter @paulgrimley

Might see you there!

Extracting SharePoint 2007 document libraries from SQL databases - no installation required

To cut a long story short a client recently ran into difficulties attempting to restore a document library. The following code was developed for a specific scenario where a document library had disappeared from a specific site and not showing in the recycle bin (Recycle bin worked fine on testing). I’m not sure as to how this document library has disappeared without being captured but it has!

I was against installing a full blown trial install on the SharePoint servers just to recover a single document and in this specific case there was only one environment available and time was of short supply. Appreciating a dev and test environment is the best way to work unfortunately this was unavailable and the data could not be removed from site (for obvious security reasons) to another farm to explore.

Before I supply the code I need to thank Neil Hodgkinson (Microsoft) and James Orton (Tesl) for their assistance in creating this script.

All my tests carried out have been run on a SQL VM ( see disclaimer below) however in theory you should be able to run this remotely from a desktop pc assuming the logged on user has the relevant rights to access SQL and firewall permits.

Download the script. You will need to edit the code to rename a few properties.

Server = "server" - enter the name and instance of the SQL server
database = "Moss_Content" - enter the name of the database you wish to recover the document library from (You can use SharePoint Central Admin to determine which content databases are assigned to which Web App)
location = "documents" – enter the name of the document library you wish to recover so for example this document library is called documents at the root of the site collection e.g. http://sharepoint /documents
outputPath = "c:\docs\" – This folder needs to be created prior to running the script otherwise it will fail!

Feel free to develop the code further but please do share and leave me a comment on this blog post if you do.

Further development suggestions:

  • Add a menu to navigate options
  • Output a list of all document libraries available to extract data from
  • Following on from the previous suggestion list all documents in a document library
  • Extract individual documents option (assuming the location and name of the document is known)

I hope this is of some use to you, although I would hope if you are reading this you a revisiting your backup strategy!

Disclaimer: The code provided in this blog is in no way supported by Microsoft or myself and should not be performed on production SharePoint SQL Databases. This operation should be carried out as a last resort and a backup and recovery strategy should be your method to restore data. Ensure this is performed on a test environment by using a copy of your data and discarding of the database after carrying out this operation.

Bypassing ISA 2006 HTTPS redirection rule with HTTP vulnerability publishing SharePoint and OWA - Fix

It was recently pointed out to me that when a user attempts to log onto a SharePoint extranet published web site through ISA they can replace HTTPS in the header with HTTP and user credentials could potentially be sent over the web unencrypted.

For example if a user connects to the site entering http://sharepoint.extranet.com and is redirected to https://sharepoint.extranet.com/cookieauth.dll?<parameters> then the user manually modifies the URL back to HTTP e.g. http://sharepoint.extranet.com/cookieauth.dll?<parameters>.

This is obviously a security vulnerability and Microsoft have published a KB article (958607) describing how to resolve this which can be seen here.

If you have Exchange or SharePoint published via ISA 2006 I would strongly suggest either applying the ISA hot fix or workaround to resolve this.

Removing IIS 5 / 6 / 7 Server Header from SharePoint Installations

*** UPDATE 03/04/2012 ***

I’ve recently had a couple of interesting comments relating to this post and felt its worth updating my blog to make you aware of the impact of changing the settings I discuss below.

Firstly it is worth mentioning that the initial reason for blogging on this was due to a clients penetration test highlighting this security vulnerability and therefore it is still a valid consideration however the impact of making this change means that you will break SharePoint search and therefore thanks to Anthony Casillas and Iain Wyatt’s comments I have highlighted this as part of the post below.

*** UPDATE END ***

Here is a guide to remove IIS server header Server: Microsoft-IIS/6.0 from IIS to stop your browser detecting the web server SharePoint is running on. This can be particularly useful if you are externally publishing SharePoint or other IIS .NET applications and want to reduce the information to your backend servers information.


Without additional configuration you can identify what platform IIS is running on using a simple tool to view the http headers.

If you download and install a tool such as ieHTTPHeaders from here. From Internet Explorer enable the tool from ‘Tools->Display ieHTTPHeaders’. Load the homepage of SharePoint and you will notice that amongst the many headers and requests you will notice something similar to the below:

Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

How to remove these from IIS

NOTE: Before editing any settings to allow search to function it is required that you configure the default zone with these headers untouched and modify extended (AAM) SharePoint sites.

The last two lines can simply be removed from IIS by editing the properties of the web site under the custom HTTP headers section as shown below, noting this is IIS 6 but the same applies to IIS 7.


To remove the header Server: Microsoft-IIS/6.0 from IIS this requires a little more config!

Firstly you need to download URLScan (at the time of writing this is version 3.1) from Microsoft here. This is basically an ISAPI filter that needs to be applied to the website you wish to remove the headers from, making sure that if you have extended a SharePoint web app you assign the ISAPI filter to the correct one (i.e. the one created for external access).

Install URLScan, then from the same web app select ISAPI Filters tab and select add navigating to C:\windows\system32\inetsrv\urlscan and add urlscan.dll (IIS 7 may do this for you).

Then edit the urlscan.ini line

RemoveServerHeader=1           ; If 1, remove the 'Server' header from
                                              ; response.  The default is 0.

Save the file and check the HTTP headers using ieHTTPHeaders and you should now not see the these headers when loading pages.

Feel free to leave a comment if you have any thoughts.

Windows Live Spaces and Twitter Counter

Useful Blog on adding TwitterCounter to Windows Live Space. Many Thanks to Paul Galvin for putting this together for me.


Windows Live Spaces and Twitter Counter

I was DM’d a message from twitter today and thought I’d blog the answer.

The question is: “Hey Paul, quick one for you,how did you get the twitter counter into your live space as the script code is blocked when saved Thx”

I did this by adding a custom html widget to my live spaces page and using the little code snippet:

<a href="http://twittercounter.com/?username=pagalvin"   

   title="TwitterCounter for @pagalvin">   

   <img src="http://twittercounter.com/counter/?username=pagalvin"     




        alt="TwitterCounter for @pagalvin">




This uses a version of the twitter counter widget interface that gets past the windows live censor thing that we all hate so much and wish would get a bad case of poison ivy.


Subscribe to my blog.

Follow me on Twitter at http://www.twitter.com/pagalvin

Technorati Tags:

Redirecting SharePoint Websites from Port 80 to 443 using IIS 6 and no code!

Here’s a quick guide to redirect SharePoint websites from port 80 to 443 SSL without code.

Before you start you need to make sure that the host header for port 80 is not already assigned to the SharePoint Web App. If it is just edit the hostname and just call it something like ‘notused’ – kind of gives you a clue when other administrators log on that this is not in use.

Next step is to do is create an IIS web site using the IIS mmc and not through SharePoint. Lets say that the SharePoint site is called ‘sharepoint’ enter the details as shown below changing the IP address you have assigned for the sharepoint DNS record.


Once you have created the Web Application right click on it and select properties. Navigate to the home directory tab


Change ‘The content for this resource should come from:’ to A redirection to a URL


Enter the url https://sharepoint (Noting https) and check the box The exact URL entered above and click ok.

You now have a redirection from http to https!

Excluding items (Document Libraries, Lists, Items etc) from SharePoint scopes

There’s a great article that can be found here listing the different types of contentclass that can be removed from SharePoint scopes. Basically adding these with exclude option will stop such things as lists appearing in search results.

Simply modify the search scopes in the SSP by clicking new rule. Note that on this demo I am using ‘all sites’ scope (I’m being lazy) however I would advise for live environments creating a separate scope and editing the properties of this.


On the new rule select the following properties


and click ok!

This will now remove document library’s from appearing in search results but still display documents within – no re-crawl is required as this configuration is applied at the scope level and not at the content source level.

Further contentclass properties can be found on Jeremy Jameson’s blog.

Cannot login to SharePoint Central Administration Event Code: 4007 - URL authorization failed for the request – Overwriting the SharePoint 12 Hive Problem!

I recently had an issue where users who were added to the Farm administrators group could not log into SharePoint Central Administration.
If the below does not resolve your issue please see my other blog which has the same symptoms (Do read this linked entry before discarding).
After lots of digging around I found that this was due to the web.config in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\ADMIN.
The web.config shown below shows the issue:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <compilation batch="false" />
    <customErrors mode="On" />
    <httpRuntime executionTimeout="1200" />
      <allow roles="BUILTIN\Administrators" />
      <allow roles="EXTRANET\WSS_ADMIN_WPG" />
      <deny users="*" />
  <location path="vsgeneralsettings.aspx">
      <httpRuntime executionTimeout="3600" />
  <location path="targetwebapplication.aspx">
      <httpRuntime executionTimeout="3600" />
  <location path="configureupgradedatabases.aspx">
      <httpRuntime executionTimeout="3600" />
I noticed that ‘EXTRANET’ was the name of the old server and the new server was called for example ‘SERVER1’ (noting that this is the name of the local server and not the domain name so this will differ on each server in the farm).
I updated the line with the following:
      <allow roles="SERVER1\WSS_ADMIN_WPG" />
I carried out an IISRESET and farm administrators could now log onto SharePoint Central Administration.
Credit to MVP Andreas Stenhall’s blog which helped me track down this issue.

Errors after installing Infrastructure update for MOSS 2007

I've ran into this issue a couple of time when installing service pack updates and on both occasions found Akifs blog below so felt it was worth a mention, details of the specific issue can be seen below:


Errors after installing Infrastructure update for MOSS 2007
During last month, I applied Infrastructure udate of SharePoint 2007 in my development envrionment and everything was working like a charm. So I decided to apply the same fix in my production environment this week.

Here I will like to mention one thing. I started this project as migration one where we were supposed to migrate MOSS 2007 + Windows 2003 environment to MOSS 2007 SP1 + Windows 2008 environment. So it was basically a restored farm.

After applying the Infrastructure upgrade, I started facing the issues:

"The resource object with key 'S2SearchAdminDashboard_Title' was not found" for Search Administration site


"The resource object with key 'S2LeftNav_Administration' was not found" for other search links.

After searching a while on Google, I was able to find the solution. Solution is quite simple. Sort all files within App_GlobalResources folder based on the date in the development environment where everything was working fine. Copy files which were modified on 3/25/2008. These will be the most new ones. Copy them over to the SSP virtual directory of your troubling farm within the same App_GlobalResources folder. These files are:

and sps.resx

Then if you will try, you will get the following error:

Could not find the sitemap node with URL '/SearchAdministration.aspx'.

Now this time, copy layouts.sitemap file which will be the most latest modified file within _app_bin folder from the development environment to production environment. As soon as that was copied over, the search administration page appeared fine.

Cannot Edit Content Source Schedule in SharePoint receiving error ‘Access is denied’ KB926959

I have experienced this issue on a few occasions now so thought it was worth a mention.

Following best practices and creating accounts with least privileges in SharePoint may lead to an issue when you attempt to edit the SharePoint content source and my have an error displayed stating access is denied.

This is because the SharePoint Worker Process Group account (WSS_WPG) does not have permissions to the c:\windows\tasks folder.

To resolve this issue follow the article KB926959. The article does not state which server to apply this to so I would suggest applying this to all SharePoint servers in the farm – If anyone would like to feedback please comment. Also worth noting the WSS_WPG account is a local account and not a domain account.

Please note that on step 3 the command below may not work.

attrib –s %windir%\tasks

So before entering this command enter:

attrib +s %windir%\tasks

Then enter the first command again and that should work!

I’m not sure why this doesn’t work but I reported this to MS sometime ago.

Saving PDF files to SharePoint

When attempting to save PDF files directly into SharePoint via using web folders you will not be able to browse the SharePoint document libraries.

The reason for this is Adobe does not support saving to web dav directly and the suggested workaround is to save the file to the local pc then upload to SharePoint see article http://support.microsoft.com/kb/265867

I have managed to find an add on to Adobe which enable you to select document libraries to save to. The product is called PDF SharePoint Save and can be located here http://www.macroviewwisdom.com/Products/Pages/PDFSharePointSave.aspx

Calculated date does not trigger workflow when created using SharePoint Designer

I was recently creating an improved content review workflow using SharePoint Designer.

The scenario was that I wanted to send the author of the document an email 2 weeks before the review deadline and then another once the review date had arrived.

I setup 3 site columns:

  • AuthoredBy – People / Group
  • ReviewDate – Date and Time (Date Only)
  • ReviewDateWarning – Calculated Field of Review Date – 14 (14 days / 2 weeks)  (See below)


Once the 3 columns were created I then opened up SharePoint Designer to start creating the workflow.


At first I thought my workflow was failing (and rightly so) because my condition was set to ‘to equal’ when it should have been set to ‘to equal (ignoring time). I changed this hoping that this was the problem so now my workflow looks like this:


Still no joy! When the workflow was triggered it just stated ‘waiting for DateReviewWarning’ even though the date was set to today's date. The picture below shows that the calculation of the date review working as expected but for some reason SharePoint does not see the calculated date as a native date field. When I replaced the field with the actual DateReview field and set this to today's date the workflow worked like a dream.


Unlike most of my blogs I didn’t find a fix to this but thought it was worth sharing the frustration I had when recently trying to implement this.

I’d be interested to hear from the SharePoint community on if other have managed to work round this (and I’m sure they have!).

Office 2003 save to local drafts workaround

The following article describes a workaround to the Office 2007 save document to local drafts folder functionality being enabled when working with Office 2003.


Reading many articles on this and many people are suggesting the only way to get this functionality is by upgrading to Office 2007. To get round this Microsoft have recently made SharePoint Designer 2007 a free download. If you install this on a pc that has the Office 2003 suite installed this prompt will now be available FOR FREE!

I appreciate this is not an ideal solution for enterprise organisations however in the current economic climate this may be something that could be an option and fairly easily deployable via group policy.

Do remember though working offline on laptops that have unencrypted hard disks could put your data at risk.

Multi lookup for people selector causes field not to display in Office 2003

I created a custom field that looked up AD users. The field was assigned to a content type and was a mandatory field.

The requirement was to add multiple people to the column so i changed the column to allow multiple selections.

Once I changed this field I noticed that when creating a document and subsequently saving the document adding content type specific metadata in Office 2003 the custom lookup column was no longer available. This caused an additional problem as I could not check the document in as the mandatory custom column required entering. I had to manually edit the document properties adding the custom field data before being able to check in.

I have no problem doing this however I am a SharePoint Admin and this is an end user type activity so pretty poor user experience.

The only solution to get round this is to upgrade to Office 2007!

Microsoft SQL Server Database Maintenance for SharePoint 2007

Often overlooked when implementing SharePoint 2007 is the ongoing maintenance of the SQL Servers.

There is a great Microsoft whitepaper which can be download from http://go.microsoft.com/fwlink/?LinkId=111531&clcid=0x409.

VMware Server 2 – ‘Unknown (Inaccessible)’ virtual machines running from external hard drive

I’ve started to play around with VMware Server 2 to leverage 64bit from my CPU for virtualisation.

On a few occasions I have logged onto the VMware admin and my virtual machines show as ‘unknown (Inaccessible)’ as shown below:


I have noticed that if you don’t connect your external hard drive prior to booting the laptop you will have this issue. VMware does not seem to like plugging in the hard drive after boot up and does not detect it although the OS can happily see it and read/write to and from it.


I’m bound not to remember to insert my drive on every boot as I may not have planned to fire up the VM’s during the duration. So I have found that if you insert your external hard drive after boot and then go to services and restart the ‘VMware Host Agent’ service as shown below:


Rebooting of this service will detect your VM’s next time you log into the VMware web admin.

That saves 10 minutes closing down all my programs and rebooting (and forgetting what I was doing before rebooting :-)).

Hope that's of some use to you, please do leave a comment so I know I'm blogging about something you find useful!

I did it – 8.5 Mile Great Midlands Fun Run

imageI ran 8.5 miles in a local fun run in Sutton Coldfield. Big thanks to my running partner Paul Hughes who was a big encouragement all the way round.

I know to some this may not seem like a big feat but I’d never run this distance before. 

With temperatures averaging 25 degrees C (77 degrees Fahrenheit) it was a great day.

Not sure of my exact time however hoping it was between 1hr20 – 1hr30. Results published Friday 5th June and will be updated here.

Congratulations to my partner Sarah who raised £300 for the stroke association – a charity close to her heart after a family member recently suffered a stroke but fortunately back on the road to recovery.

More info on the Great Midlands Fun Run.

*** UPDATE 05/06/09 ***

Just got my time in @ 1hr 27mins and 18secs – just over 10 minute miles, not bad considering all I want to do was finish regardless of the time!

401 Access Denied - Unable to Search SharePoint 2007 Sites or Access certain Web Apps in MOSS Farm

Just had an issue where MOSS SSP could not search local SharePoint sites.
When attempting to try and access the url of the sites or the SSP admin site from the local server I kept receiving logon prompts even though I was logging on with the farm account. Interestingly I could logon to the SSP and sites from other servers / client pc’s with no problems.
I initially thought someone had changed the content access (crawl) account so reset this but to no avail.
After some further investigation noticed in the security event log that I was receiving access denied.
Modifying the registry using method 2 from the article below fixed this issue:

PowerShell Warmup Script for SharePoint 2007

Many of you will know that when you IISRESET a MOSS sever the first logon on to the site can take some time. SharePoint configures IIS to recycle the application pools on a nightly basis between the hours of 1 –2am (This is easily changed if these times are not convenient.

From investigation further I found a great script created by Kirk Hoffer’s – All credit goes to Kirk for this one.

You will need to download and install PowerShell on all SharePoint Server if running Windows 2003 (installed as part of Windows 2008) from here.

There's a great intro on how to run PowerShell scripts here.

From the link above basically you need to run the command in PowerShell:

Set-ExecutionPolicy RemoteSigned.

This needs to be entered only once to allow scripts to run otherwise you will receive errors when attempting to run the script.

Next step is to create a bat file to run the script after the application pool recycle nightly. Lets say 2.30.

Simply add the line:

powershell.exe c:\scripts\warmup.ps1 (assuming you placed the ps file in the scripts folder)

Create a scheduled task to run the newly created bat file and your done.

Please note that the script resets all SharePoint sites on the local server and may take time. Please test this script before adding to live environments.

Simply copy the code in the table below and name with the file extension ‘ps1’ e.g. warmup.ps1



#-Running on machine with WSS/MOSS   

#-C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN in path   



function get-webpage([string]$url,[System.Net.NetworkCredential]$cred=$null)   




    $wc = new-object net.webclient   

    if($cred -eq $null)   


         $cred = [System.Net.CredentialCache]::DefaultCredentials;   


     $wc.credentials = $cred;   

     return $wc.DownloadString($url);   



#This passes in the default credentials needed. If you need specific stuff you can use something else to   

#elevate basically the permissions. Or run this task as a user that has a Policy above all the Web Applications   

#with the correct permissions   

$cred = [System.Net.CredentialCache]::DefaultCredentials;   

#$cred = new-object System.Net.NetworkCredential("username","password","machinename")   

[xml]$x=stsadm -o enumzoneurls   

foreach ($zone in $x.ZoneUrls.Collection) {   

    [xml]$sites=stsadm -o enumsites -url $zone.Default;   

    foreach ($site in $sites.Sites.Site) {   

        write-host $site.Url;   

        $html=get-webpage -url $site.Url -cred $cred;   



Customising Microsoft ISA 2006 Forms (with Microsoft Office SharePoint Server 2007)

I noticed recently that whilst researching customising ISA forms there was very little around. I will run through a quick guide on how to create and modify a simple ISA form for use with Microsoft Office SharePoint Services 2007.

1. Locate the folder C:\Program Files\Microsoft ISA Server\CookieAuthTemplates (The drive may be different depending upon the installation).

2. Copy the folder called ‘ISA’ and rename to something relevant for example ‘Extranet’. DO NOT MODIFY THE CURRENT ISA FOLDER AS THIS IS NOT SUPPORTED BY MICROSOFT.

3. Within the newly created Extranet folder navigate to the sub folder ‘HTML’.

4. Within the folder there are a few files worth noting:

  • lgnbottom.gif, lgnleft.gif and lgnright.gif – these are images that surround the ISA form. A simple modification would be to change the colour on these to match that of your corporate branding colours.
  • lgntop.gif – This is currently the ISA banner and this is where your corporate image should be placed. Make sure the image is the correct size as the original to avoid issues rendering.
  • logon_style.css – This is the style sheet used for the logon form and this will need to be changed to the same colours used on the banner and surrounding images.
  • Located in the subfolder nls->en is a file called strings.txt. This contains the text that is displayed on the form for example you could change DOMAIN\user name: to Email:.

5. Once you have made the relevant modifications you need to apply these to the relevant site. Open ISA Server Management console and navigate to the web listener applied to the site published.

6. Navigate to the forms tab as shown below:


Check the box ‘Use customized HTML’ and enter the name of the folder you created in step 2. Notice from the drop down under ‘Display the HTML forms in this language’ there is a list of languages. If you need to modify each language you will need to modify the appropriate strings.txt file as mentioned at the end of step 4. You an also change the form at site level if you do not want to apply this to all site using the web listener.

7. Once you have changed this option make sure to apply your changes.


8. Lastly you need to restart the firewall service – MAKE SURE THIS IS PERFORMED OUT OF HOURS IF ON A PRODUCTION SERVER.


From the monitoring tab, select the tab within the main window called ‘Services’ . Right click on ‘Microsoft Firewall’ and click stop. The service status will change to stopped. Again right click and click start. You call also restart this service from within services.msc.

You should now see when you log onto your a customised login form.

Hope this is of some use.

Microsoft Confirm Service Pack 2 for Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 due for release on 28th April 2009

See link for more information:


Couple (or three) of SharePoint / WSS highlights:

  • Internet Explorer 8 has been added to the browser support matrix as level one
  • SP2 will provide support for a broader range of Web Browsers (no more info given at this stage)
  • SP2 will be the first to have a uninstall client updates through a separately downloaded tool Microsoft Service Pack Uninstall Tool for the 2007 Microsoft Office Suite

Skydrive Uploader Tool Using Windows Explorer Mapped Drives

I'm sure Microsoft are currently working on a Skydrive Uploader Tool to integrate with the OS (Feel free to let me know if you have any further information).

In the meantime I have found a great tool called 'Cloud Desktop' from Gladinet for and one of its great features is that it integrates with skydrive (amongst others) enabling you to upload documents from Windows Explorer using mapped drives.

The product is currently in beta however from my personal testing so far I have had no problems.

***Update 03/02/10***
I've since found a free product which I personally prefer to Gladinet (due to lack of support response on email to issues) which seems to do the job. The utility is called Skydrive explored and can be downloaded here.

Microsoft SBS Server 2003 Can’t connect to internet with Grisoft AVG Antivirus

I have solved a big problem where an SBS Server all of sudden in November 2008 stopped downloading AV updates and could not connect to the internet.

Since then I have been manually applying AV updates and Windows Patches (Oh Fun!) however after having time to test various things I noticed an updated version of AVG SBS Suite from V8 to V8.5. After uninstalling version AVG 8 an IE window popped up with the usual asking me why I had uninstalled the product and all of a sudden the internet was working!

To conclude all along AVG was causing the SBS server to not be able connect to the internet. From reading various forums this was due to a an issue with a AV update file but searching the Grisoft support site had no results for this behaviour.

Another problem solved!

ISA 2006 / MOSS 2007 Forms Based Authentication Issue KB973737

I have today discovered an issue with ISA 2006 SP1 using forms based authentication to log into MOSS 2007.

The issue is that if you log into MOSS successfully (using the ISA form) and lets say you accidently select ‘Sign in as Different User’ then realise you didn’t actually want to logout, then log back in as the same user you experience an issue where ISA will reply to state ‘Access Denied’. However if you strip the url and enter the url without the ISA string it will log you straight back in without prompting. I don’t see this as a security issue however it could be misleading for users.

I have tested this issue with ISA connected to the domain and ISA in its own workgroup using LDAPS and both have the same behaviour.

I’m in the process of raising this with Microsoft and will post the update here…

**UPDATE 08/04/09**

MS have confirmed they can reproduce the error I am experiencing, however I need to produce a business case as to why it should be fixed.

Ongoing..... Will keep you posted.

**UPDATE 01/06/09**

Having spent many an hour working with Microsoft providing various diagnostic logs the issue has been identified and a hotfix is currently being produced I will post the link once the hotfix has been published.

**UPDATE 18/08/09**

Microsoft have sent me the hotfix for testing and I can confirm this fixes the issue. It still takes 3 attempts to logon however this is SharePoint functionality (feature :)) and not ISA related.

The KB for the article / hotfix is KB973737 and can now be downloaded from here.

Slipstreaming Microsoft Office SharePoint Server 2007 (MOSS) Updates

To speed up your installations of MOSS there is a way to add patches, service packs and updates to the MOSS media.

Copy the MOSS media to the local hard drive for example c:\moss.

Download your updates for MOSS from the Microsoft Website.

Save each of the files to a folder for example c:\updates. On each of the files run the downloaded executable from the command prompt and enter the parameter /extract:updates.

For example: wssv3sp1-kb936988-x86-fullfile-en-us.exe /extract:updates

Links below are for x86 architecture:

The 2007 Microsoft Office Servers Service Pack 1


Windows SharePoint Services 3.0 Service Pack 1


Infrastructure Update for Microsoft Office Servers


Infrastructure Update for Windows SharePoint Services 3.0


Running the /extract parameter will create a subfolder called c:\updates\updates and add all the extracted files to this directory. Once you have extracted all files to the directory copy them to the MOSS media folder c:\moss\x86\updates folder or c:\moss\x64\updates (remembering to download the x64 patches as apposed to the x86 links provided above).

Once all the updates have been added to the folder run setup.exe and this should automatically install the updates as part of the initial install.

To check these have installed correctly after the installation has completed go to SharePoint Central Administration-Operations-Servers in farm and you will find the version number here which will be something similar to

Penny Coventry has a great blog on how to find what version of MOSS your farm you are running, see link below:


Hopefully this should save you some time!

***UPDATE 26/05/09***

Service Pack 2 has now been released and can be found at the following links:

The 2007 Microsoft Office Servers Service Pack 2


Windows SharePoint Services 3.0 Service Pack 2


From further reading there is no indication that Service Pack 2 includes the infrastructure updates so therefore download these files along with the Infrastructure Updates.

What's everyone Twittering about?

Twitter is a social networking and micro blogging site that allows users to send and receive updates (called tweets) about what they are up to. You can restrict your tweets to a circle of friends by following and being followed. More info can be found here http://en.wikipedia.org/wiki/Twitter.

I am now twittering! My username is paulgrimley (original) and you can find me at http://www.twitter.com/paulgrimley

Using Custom Domains with Live Mail – For Free

A while ago I was looking for a solution where I could maintain my own email address (name@owndomain.com) whilst offloading hosting and storage. Most services charge a monthly fee for these types of services and the web access is pretty basic and I was looking for a Outlook Web Access user experience. I stumbled across a blog (apologies I can’t find this now) where someone explained that you can forward your MX records for your owndomain.co.uk to Microsoft Live Mail (most people remember / know this as Hotmail).

The link to this service is as follows https://domains.live.com/default.aspx.

You can buy domains relatively cheaply from various ISP’s and I would recommend someone like 1and1 who provide good administration pages to maintain your domains.

Another great feature of this offering is that you can choose to open your domain so that friends and family can have email on the same domain E.g. yourfriend@owndomain.com

All credit to Microsoft as they have been adding some excellent features such as Skydrive (25GB of Free online storage) and Photo Gallery as well as adding import functionality to upload old mails from Microsoft Outlook for the Live Mail Service.