Paul Liebrand’s Weblog

Welcome to my blog mainly about SharePoint

HTTP Error 401.1 Accessing SharePoint from server

If you receive the following error message when you attempt to access your SharePoint site from the server itself,

"HTTP 401.1 – Unauthorized: Access is denied due to invalid credentials”

your environment most likely had Microsoft Security Update 957097 (MS08-068) installed.

You can refer to the KB article 896861 to resolve the issue. It is highly recommended you pick method 1 over method 2 when making this change in a production environment.

July 9, 2009 Posted by | Uncategorized | Leave a comment

SharePoint 2007 Flaw with Profile Imports and My Sites

Wow! What an interesting morning. I arrived at work today to discover that all our “My Site” profile information (and related information) has been deleted from our environment.

I figured out what happened and thought I would share my findings with the community (I’ll most likely be opening a support case with Microsoft to try get this resolved).

Situation

Our environment performed an incremental profile import at 11pm last night. However, at the time the import process began the domain controller we have specified in our profile import connections setting was unavailable.

At this point, SharePoint flagged all the profile accounts in the database to be deleted. I verified this by looking at the bDeleted column in the dbo.UserProfile view in the Shared Services Provider database – all the values were set to “1”.

Then at 12:00 am (midnight) the My Site Cleanup Job timer job ran. According to Microsoft TechNet’s SharePoint Timer job reference (Office SharePoint Server) page, it states the purpose of My Site Cleanup Job is:

“When a user is deleted, starts a workflow on that user’s My Site. The default behavior is to send an e-mail message to the manager with a link to the deleted user’s site. The e-mail message contains a request to the manager to move any documents or data that the manager wants to preserve, because the site might be deleted in the future.”

Please note that this job runs Hourly.

What this page fails to mention is it also wipes out all profile specific data. Not only does it wipe out all profile data (stuff not imported from AD); it also deletes any user Quick Links, Colleague Tracker, Profile Picture, etc.

At least the users documents, etc are safe – but what a pain!

In the ULS, I was seeing the following error message:

“Domain {0} cannot be found.”

Followed by:

“MySiteCleanup: Unable to change owner of MySite for user profile because the new owner was not specified.”

Conclusion

It seems to be a major flaw with this process if SharePoint flags everyone to be deleted simply because the domain controller used for the profile imports is unavailable (for whatever the reason is).

Now domain controllers are rarely unavailable but you should at least be aware of this flaw and plan accordingly.

I am just thankful I did not have the “Site use confirmation and deletion” options enable to automatically delete dead webs. Would have completely ruined my day.

By the way, this environment is running version 12.0.0.6504 (which is the Approval 2009 Cumulative Update).

July 1, 2009 Posted by | SharePoint | , , , | 3 Comments