More Adventures with SharePoint

October 18, 2010

Got into the office this morning and the SharePoint site was running but had an issue with saving, checking-in, and publishing pages.

“The trial period for this product has expired.”

“Options: Exit without saving.”

Which is disconcerting when trying to prepare some new pages that people want to use.

Next step was to check the SharePoint Central Admin site on the server. Hmmm… 503 error….

I then checked IIS site and it was running, but a check of the Application Pool setup showed that the CA app pool was not.

Checked the login and the password was being rejected.

Changed the password for the service account to what I thought it should be (based on a standard structure of passwords for service accounts for SP) and still could not get to the Central Admin.

I was then prompted by a colleague to check what else might be using the old password as it appeared the account was locked out. So I checked and there were 3 services running as well, SharePoint Timer Service which would be polling constantly and locking up the account. Stopping those allowed a password reset to work and then I could get to Central Admin again.

So now to the expired licence and in the Services for the Farm it was clear that the trial had expired which was odd as we have and used an Enterprise licence. But as it unfolded the installation of Service Pack 2 for SharePoint back in April was the culprit as it reset the licences, incorrectly, to a 180 day trial and that expired all over the weekend.

Downloaded the appropriate patch and installed to our staging environment and all worked smoothly. I then tried on the live and got a failure when entering the licence key. The Convert Licence option failed.

Two interesting points were that the Expired message on the edited pages was gone after the patch was installed, but while Central Admin still reported an expired licence. Second the failure message was apparently indicating that becuase I had not restarted the Timer Service (see above) it could not complete. Once I restarted the Timer Service with the correct password Central Admin reported that the licences were now correct. So I guess the application of the licence was successful just not the whole process.

Just as a last observation why are the error logs for SharePoint buried so damn deep in the file structure? In any case

c:program filescommon filesmicrosoft sharedweb server extensions12logs

Linux ntpd, ntp, ntpdate not updating

October 11, 2010

One server did not want to update it’s time and it was 12 minutes adrift of the other servers that I run. This is on an older Redhat linux installation and not my usual flavours of SME Server and Debian.

I messed around for a while ending up with the following:

[user@server]# ntpdate -v -b au.pool.ntp.org
11 Oct 08:32:47 ntpdate[27088]: ntpdate 4.1.2@1.892 Tue Feb 24 06:32:26 EST 2004 (1)
11 Oct 08:32:47 ntpdate[27088]: the NTP socket is in use, exiting

At the very start I had tried to run ntpdate and it advised that the socket was in use. This is correct if ntpd the daemon is running which it was.

[user@server]# date
Mon Oct 11 08:32:58 EST 2010
[user@server]# ntpdate -v -b 127.0.0.1
11 Oct 08:33:18 ntpdate[27102]: ntpdate 4.1.2@1.892 Tue Feb 24 06:32:26 EST 2004 (1)
11 Oct 08:33:18 ntpdate[27102]: the NTP socket is in use, exiting

So i checked the date and it was still 12 minutes out. Which said that ntpd was not updating for whatever reason as according to my reading of the options it should.

[user@server]#
[user@server]# /etc/init.d/ntpd stop
ntpd: Removing firewall opening for 0.pool.ntp.org port 123iptables: Bad rule (does a matching rule exist in that chain?)
[FAILED]
ntpd: Removing firewall opening for 1.pool.ntp.org port 123iptables: Bad rule (does a matching rule exist in that chain?)
[FAILED]
ntpd: Removing firewall opening for 2.pool.ntp.org port 123[ OK ]
ntpd: Removing firewall opening for 3.pool.ntp.org port 123iptables: Bad rule (does a matching rule exist in that chain?)
[FAILED]
Shutting down ntpd: [ OK ]

Next I played with stopping ntpd and found that I got firewall errors, but worked out that was because I had modified /etc/ntp.conf to look at different servers in the pool.ntp.org range prior to the shutdown so the firewall rules that it was expecting to find did not exist. Doing it again showed not such errors.

[user@server]# /etc/init.d/ntpd start
ntpd: Opening firewall for input from 0.pool.ntp.org port 1[ OK ]
ntpd: Opening firewall for input from 1.pool.ntp.org port 1[ OK ]
ntpd: Opening firewall for input from 2.pool.ntp.org port 1[ OK ]
ntpd: Opening firewall for input from 3.pool.ntp.org port 1[ OK ]
Starting ntpd: [ OK ]
[user@server]# date
Mon Oct 11 08:35:14 EST 2010
[user@server]# /etc/init.d/ntpd stop
ntpd: Removing firewall opening for 0.pool.ntp.org port 123[ OK ]
ntpd: Removing firewall opening for 1.pool.ntp.org port 123[ OK ]
ntpd: Removing firewall opening for 2.pool.ntp.org port 123[ OK ]
ntpd: Removing firewall opening for 3.pool.ntp.org port 123[ OK ]
Shutting down ntpd: [ OK ]

Having stopped ntpd I then ran ntpdate successfully and restarted ntpd.

[user@server]# ntpdate -v -b 127.0.0.1
11 Oct 08:35:51 ntpdate[27201]: ntpdate 4.1.2@1.892 Tue Feb 24 06:32:26 EST 2004 (1)
11 Oct 08:35:55 ntpdate[27201]: no server suitable for synchronization found
[user@server]# ntpdate -v -b au.pool.ntp.org
11 Oct 08:36:03 ntpdate[27215]: ntpdate 4.1.2@1.892 Tue Feb 24 06:32:26 EST 2004 (1)
11 Oct 08:48:05 ntpdate[27215]: step time server 220.233.79.177 offset 721.705455 sec
[user@server]#

Has this fixed it ? Don’t know but I think the issue was that the servers that were listed in ntp.conf were incorrect. I have changed them now to a more appropriate au.pool.ntp.org selection and I’ll monitor the time over the next week or two.

SME Server open_basedir for Pear extensions

September 13, 2010

Following on from my run in with the open_basedir process for the /tmp folder during a setup of SugarCRM on SME Server.

I today discovered that SugarCRM wants to use some PEAR extensions and that we again failed on the open_basedir option.

So following that earlier process I now have added

/usr/share/pear:/usr/share/pear-addons

to the open_basedir string in the http conf for the ibays.

SME Server httpd.conf open_basedir path to include /tmp

September 12, 2010

Working with SugarCRM at the moment with a dev install on my SME Server 8.0b5 in an ibay.

Trying to upload some updates using the SugarCRM admin tool Upgrade Wizard but I kept getting an error stating that ‘Missing a Temporary Folder’. Which is kind of cryptic and Sugar could do well to include the missing folder name that it thinks it needs as that would shorten the research process.

Anywho, the issue can be tracked in the appropriate meesages file, /var/log/messages in the case of SME Server.

The log indicates that Sugar is wanting access to the /tmp directory for the upload and that this directory is outside the open_basedir restrictions that SME Server configures for iBays.

The quick steps for this are:

server#mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
server#cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
server#cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/95AddType00PHP2ibays .
server#mcedit 95AddType00PHP2ibays

I use mcedit for editing, but you might be a vi guru, just substitute mcedit for your favourite editor.
Once you are editing the file look for the output line near the end, it should look like this

my $basedir = $ibay->prop(‘PHPBaseDir’)
|| (“/home/e-smith/files/ibays/” . $ibay->key . “/”);
$OUT .= ” php_admin_value open_basedir $basedirn”;
$OUT .= “n”;

and you need to modify the first .OUT line to include the /tmp directory

my $basedir = $ibay->prop(‘PHPBaseDir’)
|| (“/home/e-smith/files/ibays/” . $ibay->key . “/”);
$OUT .= ” php_admin_value open_basedir $basedir:/tmpn”;
$OUT .= “n”;

Save that file and rebuild the template, restart apache and the uploads should now be ok. Note that this modification does apply this to ALL iBays. Which suits me.

server#/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
server#apachectl restart

and that is done.

Tonys Tech Blog

Just another day in the IT trenches