KB: SharePoint Search Service cannot crawl user profile

Error in Application event log:

The start address sps3://nsppweb-sspt91 cannot be crawled.

Context: Application ‘Search_Service_Application’, Catalog ‘Portal_Content’

Details:
Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has “Full Read” permissions on the SharePoint Web Application being crawled. (0x80041205)

Cause:
The search service account does not have “Retrieve People Data for Search Crawlers” permission in the User Profile Service Application.

Resolution:
See http://www.thesanitypoint.com/archive/2010/05/27/successful-sharepoint-2010-people-search.aspx

KB: Import SharePoint User Profile Pictures from Active Directory “thumbnailPhoto” attribute

Step 1) Add new import mapping for Active Directory thumbnailPhoto attribute to Picture profile property
Step 2) Start full user profile sync
Step 3) Run SharePoint PowerShell command as the User Profile Service Application account (IMPORTANT! otherwise it will end up with “Update-SPProfilePhotoStore : Object reference not set to an instance of an object” error.)

Update-SPProfilePhotoStore -CreateThumbnailsForImportedPhotos 1 -MySiteHostLocation
http://hostname/my

Will I get a better Silverlight Organization Browser?

SharePoint 2010 has new structure called Organization Profile which answers the need for a real org chart in enterprises – group people by department, division and team hierarchies rather than just the reporting manager. (see http://alberto.casu.it/technology/sharepoint-2010-organization-profiles/)

Everything looks impressive except no out of the box UI in RTM is utilizing this…

The OOTB Silverlight Organization Browser webpart calls https://server/MY/_vti_bin/SilverlightProfileService.json/GetUserSLProfileData to get the user profile data which utilize the Microsoft.Office.Server.UserProfiles.SilverlightProfileService in Microsoft.Sharepoint.Portal.dll

<%@ WebService Language=”c#” Class=”Microsoft.Office.Server.UserProfiles.SilverlightProfileService, Microsoft.Sharepoint.Portal, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” %>

The Microsoft.Office.Server.UserProfiles.SilverlightProfileService.GetUserPLProfileData is fairly simple which takes AccountNames and returns SLProfileData object. The Silverlight webpart will then do subsequent calls to GetUserSLProfileData to get the parent and siblings profile details in the same way.

A high chance that we can write our own SilverlightProfileService to return organization profile also.

And interesting enough, the GetOrganizationSLProfileData is actually there! Looks like the developers are too busy to finish it before shipping the RTM.

clip_image002

KB: ForeFront UAG returns “An unknown error occurred while processing the certificate” error when the backend application server SSL certificate fails CRL check

UAG willl validate backend application server’s SSL certificate and the error may happens with self signing certificate for testing purpose.

Solution:
1) Use certificate which can pass CRL validation
2) Disable CRL check by changing the following registry key in UAG HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\Von\URLFilter\Comm\SSL
Change “ValidateRwsCertCRL” from 1 to 0

What you can do with the TMG that installed with UAG?

ForeFront TMG is installed together with UAG to support certain UAG functionalities but it’s not intended to be used as a full product TMG. Good to know what are the supported usages of the TMG running on UAG.

From: http://technet.microsoft.com/en-us/library/ee522953.aspx 

Forefront TMG running on Forefront UAG

By default, Forefront Threat Management Gateway (TMG) is installing during Forefront Unified Access Gateway (UAG) Setup. Forefront TMG is installed as a complete product, and is not modified to run on a Forefront UAG server.

Forefront UAG uses Forefront TMG, as follows:

  • Forefront TMG acts as a firewall, protecting the Forefront UAG server.
  • Forefront UAG uses Forefront TMG infrastructure and functionality in some deployment and monitoring scenarios.

Although you can configure Forefront TMG running on Forefront UAG using the Forefront TMG Management console, Forefront TMG is intended for use of the Forefront UAG infrastructure only. Specifically, the following is not supported:

  • Forefront TMG is installed automatically during Forefront UAG Setup, and removed automatically if Forefront UAG is uninstalled. Installing and uninstalling only Forefront TMG is not supported.
  • Forefront TMG as a forward proxy for outbound Internet access.
  • Forefront TMG application publishing, except for the publishing scenarios listed in the Supported Forefront TMG configurations section that follows.
  • Forefront TMG as a site-to-site VPN.
  • Forefront TMG as an intrusion protection system.
  • Forefront TMG as a network perimeter firewall. Forefront TMG running on Forefront UAG is only intended to protect the Forefront UAG local host server.
  • Publishing Forefront TMG via Forefront UAG.
  • Any other scenarios not specifically listed in the Supported Forefront TMG configurations section below.

Supported Forefront TMG configurations

You can use Forefront TMG running on the Forefront UAG server, as follows:

  • Creating access rules using the Forefront TMG Management console, for the purpose of limiting users, groups, and networks for granular access when deploying Forefront UAG for VPN remote network access.
  • Monitoring with the Forefront TMG Management console.
  • Limiting users, groups, sources and destinations on Forefront TMG system policy rules, with the purpose of enabling access to corporate servers and remote management to and from the Forefront UAG local host server.
  • You can publish the following applications via Forefront TMG:
    • Exchange SMTP/SMTPS
    • Exchange POP3/POP3S
    • Exchange IMAP/IMAPS
    • Office Communications Server (OCS)—Only Communicator Web Access should be published using Forefront UAG. Other OCS features should be published using the Forefront TMG console running on the Forefront UAG server.