Archives For Microsoft

DCPROMO demote error on Domain Controller

Sep 28, 2009

On trying to remove a old server from the directory (2003 server in a 2003 forest) I received this error

Failed to configure the service NETLOGON as requested “the wait operation timed out.”

DC demote error

The root problem was that this domain controller had a DNS entry to another domain controller that no longer existed.  It was trying to contact it but couldn’t.  Removing that entry and running dcpromo.exe again solved it.

In Microsoft, Solution Writeups, Tech , , , , , ,
permalink

Another reason SharePoint could prompt for authentication on anonymous sites

Aug 1, 2009

I see a lot of people saying they are getting auth prompts for public anonymous content on SharePoint sites.  Once you have anonymous enabled in Central Admin and in the site collection, you’d expect it to be all good right?

I discovered one more resaon beyond the obvious permissions problems.  If you put a graphic or something embded in a page, then publish that page but NOT the embeded object (i.e. it’s still draft or unapproved) you’ll get an auth prompt when the page loads.

On a busy (lots of stuff) page it can be tough to find what’s the issue.  The quickest way I’ve found to discover the problem (99% of time an image) is to cancel out of auth prompts, then look for broken stuff on the page.  An image you can right click the broken icon and find the location of it… then jump to that library and check the file.  My bet is it’s never been published.

In Microsoft, Networking and Security , , , , ,
permalink

SharePoint Sites Unavailable From Localhost

Jul 31, 2009

Also seen as:

  • search is running but no results returned
  • search errors in event log (can’t access content, etc.)
  • you can access sites fine from other boxes but not from the local server
  • only seems to happen for URL’s (http://sitename1, http://sitename2) that are different then the host name (http://servername).

Problem:

Windows Server 2003 SP2 and newer (Windows Server 2008) have a Anti Denial Of Service feature that prevents the server from accessing itself via different names (that’s the simple answer).

Fix (assuming you want to keep your custom URL’s):

  • Set a registry value to turn off this security feature (I still don’t understand the specific type of attack that it’s preventing)
  • Set a registry value to a list of all the cname’s your server goes by.

Further Info:

Rant:

In the KB Microsoft basically says “don’t turn it all off unless your lame”, so your left with “edit the registry every time you add a website”.  This is a cumbersome workaround for something that happens out of the box default.  Most SharePoint boxes will want more then one web site name and best practice says to NOT make production sites the server name. IMO SharePoint should be updating the reg key itself and keep in sync with the host headers created/managed by central admin. Or, the localhost loopback “new feature” should be looking at iis host headers and allowing them.

In Microsoft, Networking and Security , , , ,
permalink