Alexander’s Blog

When I am teaching classes, my students sometimes ask me questions about licensing for various Microsoft products. Back in the NT days, it was relatively easy to tell students how the licensing worked because there were only a few options. In recent years, it seems easier to get a PhD in Nuclear Physics then to try and understand licensing for Microsoft products. In fact, the licensing has become so complicated to understand that I doubt if even Microsoft sales people have all the answers to our questions.

Luckily, Microsoft has this Volume Licensing portal which is very helpful. Microsoft deserves credit for creating this Web site full of useful information. Consider it a Microsoft licensing encyclopedia. Besides other great information, it also includes an online Microsoft Licensing Advisor (MLA). This advisor is a wizard that walks you through your particular scenario and gives you a quote.

SharePoint Licensing

SharePoint licensing is a bit more complicated because it involves Windows Server and SQL Server in addition to SharePoint Server. If you are looking for SharePoint licensing, this SharePoint Licensing Q&A is a great resource.

Another good resource for SharePoint is a third-party tool called SharePoint Price Calculator from Bamboo Solutions. This is not a licensing tool but it helps you figure out the total cost of SharePoint and its related products, such as Windows Server 2008 and SQL Server 2008.

SharePoint 2010 can be used to set up intranet, extranet, and Internet sites.

Intranet sites are licensed using a Server/CAL (Client Access License) model. SharePoint Server 2010 is required for each running instance of the software, and CALs are required for each person or device accessing a SharePoint Server.

Extranet and Internet sites are licensed using a Server-only model—no CALs are required.

Here are some additional details from Microsoft’s Web site.

SharePoint Server 2010: Intranet Scenarios

Client Access License

The Standard CAL delivers the core capabilities of SharePoint 2010:

• Sites: A Single Infrastructure for All Your Business Web Sites
• Communities: An Integrated Collaboration Platform
• Content: ECM for the Masses
• Search: Relevance, Refinement, and People (excludes FAST Search)
• Composites: Do-It-Yourself Business Solutions (excludes Access Services and InfoPath Services)

For more details on the specific features in the Standard CAL, see Edition Comparison.

Enterprise Client Access License

The Enterprise CAL delivers the full capabilities of SharePoint 2010:

• Sites: A Single Infrastructure for All Your Business Web Sites
• Communities: An Integrated Collaboration Platform
• Content: ECM for the Masses
• Search: Relevance, Refinement, and People includes FAST Search)
• Composites: Do-It-Yourself Business Solutions (includes Access Services and InfoPath Services)
• Insights: BI for Everyone (includes PerformancePoint Services, Excel Services, and Visio Services)

Note that the Enterprise CAL is additive: To access the Enterprise edition features, a person/device must have both the Standard CAL and Enterprise CAL. For more details on the specific features in the Enterprise CAL, see Edition Comparison.

SharePoint Server 2010: Internet/Extranet Scenarios

SharePoint Server 2010 for Internet Sites, Standard

SharePoint for Internet Sites, Standard, delivers the core capabilities of the SharePoint 2010 Standard CAL for use on an Internet or extranet site. This server license is designed for small and mid-sized companies, and deployment is limited to a single domain and related subdomains. A domain is a combination of a public domain (such as .com, .net, .org) and a second-level, proprietary domain (such as MyCompany, MyOrganization, MyClub). Examples of valid domains are MyCompany.com, MyOrganization.net, and MyClub.org. Subdomains are any URL prefixes to the left of the second-level domains.

SharePoint Server 2010 for Internet Sites, Enterprise

SharePoint for Internet Sites, Enterprise, delivers the full capabilities of the SharePoint 2010 Enterprise CAL for use on an Internet or extranet site. This server license also includes the rights to FAST Search for use in Internet or extranet scenarios. You can deploy a single server license of SharePoint Server 2010 for Internet Sites, Enterprise, as a SharePoint server or a FAST Search server—but not both concurrently.

If you don’t find answers to all your questions on Microsoft’s Web site, you can contact Microsoft in United States at 800-426-9400. In Canada, contract Microsoft representative at 877-568-2495.

Summary of Resources

1. Volume Licensing Portal
2. Microsoft Licensing Advisor
3. SharePoint Licensing Resources
4. SharePoint Licensing Q&A
5. SharePoint Price Calculator

If you are having problems installing Service Pack or software updates on Windows Server 2008 R2, Windows 7 or Windows Vista you are not alone. There are lots of people facing the same issue, including me, and hopefully this article will be helpful in understanding and solving the problem. I should point out that I have encountered this problem of installing Service Pack 1 (SP1) on numerous servers (all new installation) as well as existing Windows 7 client. The focus of this article is on Windows Server 2008 R2 but you can apply the same techniques on Windows 7 and Windows Vista.

It took me three full days to find a solution that worked for me. Needless to say I was searching the Web all this time and trying various solutions but some worked and others didn’t. Unlike the old Windows NT days when the patches were considered a risky business, for the past decade or so Microsoft has done a great job to make the updates and security patches fairly reliable. It’s a daunting task to deal with a gazillion updates on various systems and gain the confidence of consumers. Microsoft gained enough of my confidence that I have been configuring all my computers, including servers, to download and install the Windows Update automatically. Even though I have occasionally encountered a few crashes, overall I have been fairly satisfied with the automatic Windows Update service. Well, lately things have not been so rosy. Windows Updates are causing more problems more frequently and therefore starting this year I decided to manually update my computers because of the fear of system crashes and other unexpected results. Microsoft has confirmed my fears of Windows Update by releasing a patch to fix the patches. The patch is called Windows System Update Readiness Tool, essentially a bug fix that fixes other bug fixes. But these days vendors don’t use the term bugs any more because that is admitting that there was a problem with the software in the first place. Instead they refer to them as “patches”, “updates”, “repairs”, “fixes”, and now there is a new term “tool.” Well, you tell me which one sounds better Windows System Update Readiness Tool or Windows Update Bug Fix? Exactly my point!

Microsoft is aware that even the Windows System Update Readiness Tool may not fix the Windows Update problems with Windows Server 2008 R2 and therefore they have posted an article on TechNet for advanced diagnosing and fixing servicing corruption. The article is listed under the Troubleshooting section as Known Issues with Windows Server 2008 R2. So now we know that Microsoft is aware of this issue and have released a bug fix for the bug fixes and also admitted that the bug fix for the bug fixes may not work and therefore we may need to rely on some advance diagnostics to fix the problems with the corruption in Windows servicing store (more on this servicing store in a minute).

Let’s get back to the problem of installing SP1. As I indicated earlier, lately I have been having lots of issues with installing Windows Server 2008 R2 SP1 on several servers. As far as I recall, I have experienced this issue mostly on new server installations. The problem is that the service pack hangs after a minute or so and the installation fails. After spending a lot of time I finally narrowed the problem down to one particular update (KB2620704). I installed all the updates on my new servers (92 to be exact) and then installed KB2620704 that was causing problems. On some servers KB2620704 failed while on others I was able to install it successfully. However, even after I was able to install all the updates, including KB2620704, I still wasn’t able to install SP1. In addition, I was not able to install SharePoint Server 2010 on one of the servers because when I tried to install the software prerequisites it failed.

At one point Windows Update offered me a new update called System Update Readiness Tool for Windows Server 2008 R2 x64 Edition (KB 947821) [August 2011].

According to Microsoft:

“This tool is being offered because an inconsistency was found in the Windows servicing store which may prevent the successful installation of future updates, service packs, and software. This tool checks your computer for such inconsistencies and tries to resolve issues if found.”

In case you are wondering about the Windows Servicing Store, it’s a component that is required to successfully install the service packs.

There is something very interesting in the above screenshot. Notice that the last update on the list Windows Server 2008 R2 Service Pack 1 x64 Edition (KB976932) is only 13.6MB. If you download SP1 from Microsoft here, the size is 903.2MB. The interesting part was that I was working on several newly installed servers and only one of them showed SP1 as 13.6MB. All the other servers listed KB976932 as 95.5MB – 892.6MB, as shown in the screenshot below.

After installing KB947821 I was still not able to installSP1. I went to the SUR log to see what’s going on. See this article for more information.

%windir%\logs\cbs\checksur.log

I noticed the log pointed to the KB2620704 which I knew was a problem right from the start. On the server where I was able to install KB2620704 everything was fine but on the server where I wasn’t able to install SP1 I knew I had to install KB2620704. I was left with only 2 updates (KB2620704 & the SP1 update KB976932) so I unchecked KB976932 and tried to install KB2620704 but it failed with the error Code 800F0818.

Now you may get lucky after installing KB2620704 but I wasn’t. Here’s what I did next. Per TechNet article Advanced guidelines for diagnosing and fixing servicing corruption I looked at the two files listed at the end of the checksur.log.

servicing\packages\Package_for_KB2620704_SP1~31bf3856ad364e35~amd64~~6.1.1.0.mum
servicing\packages\Package_for_KB2620704_SP1~31bf3856ad364e35~amd64~~6.1.1.0.cat

Next I started cmd.exe as an administrator and backed up the two files as a precaution.

copy %windir%\servicing\packages\Package_for_KB2620704_SP1~31bf3856ad364e35~amd64~~6.1.1.0.mum c:\temp

copy %windir%\servicing\packages\Package_for_KB2620704_SP1~31bf3856ad364e35~amd64~~6.1.1.0.cat c:\temp

Then I took ownership of these files so I can copy these files from another server.

takeown /f %windir%\servicing\packages\Package_for_KB2620704_SP1~31bf3856ad364e35~amd64~~6.1.1.0.mum

takeown /f %windir%\servicing\packages\Package_for_KB2620704_SP1~31bf3856ad364e35~amd64~~6.1.1.0.cat

Next I used icacls to grant administrators permissions to overwrite the files.

icacls %windir%\servicing\packages\Package_for_KB2620704_SP1~31bf3856ad364e35~amd64~~6.1.1.0.mum /grant administrators:F

icacls %windir%\servicing\packages\Package_for_KB2620704_SP1~31bf3856ad364e35~amd64~~6.1.1.0.cat /grant administrators:F

Finally, I logged out and then logged back in so I can copy the two files from another server where I was able to successfully install KB2620704 to the server. Even though I was logged in with a domain account that was a member of the local administrators group the permission to copy the files was denied. I went to Windows\servicing\packages folder in Windows Explorer and gave my domain account  full-control permissions to the packages folder. I removed this permission after I was able to copy the two files. I ran the update for KB 2620704 and it was finally successful.

I then tried to install SP1 (KB976932) again. By that time I knew all these KB article numbers better than my address and phone number. Fortunately, this time it worked and I was able to install SP1 on my Windows Server 2008 R2. It only took about 40 hours in three days. Piece of cake!

SharePoint Server 2010 Installation

The rest of the article only applies to you if you are installing SharePoint Server 2010 on a new server. Once the service pack was installed, I should be able to install SharePoint, right? Wrong! This time the software prerequisites tool was able to install a couple of prerequisites, including the Web Server (IIS) Role, but was unable to install the hotfix KB976462.

Okay, no problem. I downloaded the hotfix KB976462 for my x64 system (Windows6.1-KB976462-v2-x64.msu) from here and tried to run it but got an error “The update is not applicable to your computer.” Here’s how I worked around that hurdle. I followed the instructions in yet another KB article KB934307.

1. I created a folder C:\KB976462 and downloaded the file Windows6.1-KB976462-v2-x64.msu into that folder.
2. I created a folder C:\TEMP.
3. I opened command prompt as an administrator and ran the following command to expand the MSU file to the temp folder which resulted in 4 files in the TEMP folder.
   expand -f:* “C:\KB976462\Windows6.1-KB976462-v2-x64.msu” C:\TEMP
4. Then I ran the following command.
   pkgmgr.exe /n:c:\temp\Windows6.1-KB976462-v2-x64.xml
   You will not see any message after you run this command successfully. Just wait a minute or so until the command prompt is returned and that’s how you will know if the command was successfully executed. The only time you will see a message is if something went wrong.
5. Next I double-clicked the Windows6.1-KB976462-v2-x64.msu file in the C:\KB976462 folder where I originally downloaded it. I got a pop up message that “The update is not applicable to your computer.” This is the same message I received when I had double-clicked the file the first time. By the way, some people have reported that they get the message that the patch is already installed.
   NOTE: Regardless of what message you see, you should simply ignore it and go to the next step and you will be a happy camper.
6. I ignored the notice and ran the SharePoint software prerequisites tool again. This time everything worked and I was able to install the software prerequisites.
   
7. I deleted both the C:\KB976462 and the C:\TEMP folders.
8. I rebooted the server. Even though I had not received any notices or warnings that I need to restart the server, when I tried to install SharePoint the wizard indicated that I must reboot first before proceeding to install SharePoint.
9. After the reboot I continued on with SharePoint Server 2010 installation without a hitch.

References

Here are the download links for Windows System Update Readiness Tool for Windows Server 2008 R2, Windows 7 and Windows Vista (KB947821).

System Update Readiness Tool for Windows Server 2008 R2 x64 Edition (KB947821) [August 2011] 315.6MB

System Update Readiness Tool for Windows 7 106.6MB

System Update Readiness Tool for Windows Vista 121.8MB

Here’s another related article KB947366 that might also help.

KB947366: How to troubleshoot Windows Vista and Windows Server 2008 service pack installation issues

A hotfix for the.NET Framework 3.5 Service Pack 1 is available for Windows 7 and for Windows Server 2008 R2 as a prerequisite for Microsoft Office SharePoint Server 2010.

KB976462: Prerequisite hotfix for Microsoft Office SharePoint Server 2010

This is the hotfix mentioned in the above link. It’s called SharePoint Shared Services Roll-up for Windows Server 2008 R2. Instead of going through all the hoops, you can download this hotfix from the following link.

KB976462: Download link for the prerequisite SharePoint Shared Services Roll-up

And finally here’s an article which describes the Windows Update Stand-alone Installer. I was able to use the information in this article to get over the last hurdle.

KB934307: Description of the Windows Update Stand-alone Installer (Wusa.exe) and of.msu files in Windows Vista, Windows 7, Windows Server 2008 and in Windows Server 2008 R2

Problem: You try to set up an alert in SharePoint 2010 and get the following error.

You do not have an e-mail address.

Alert has been created successfully but you will not receive notifications until valid e-mail or mobile address has been provided in your profile.

Solution: You need to make sure that your profile has an e-mail address. For example, if you are logging in as the Administrator account and it doesn’t have an e-mail account configured you will get the above error. If you logon with another account that has an e-mail account you will not receive the above error.

1. Go to My Settings in the Open Menu box (sometimes referred to as Welcome box) on the top right hand corner of the page.

   

2. Is your work e-mail missing?

   
   

3. If the Work e-mail is missing, go to Active Directory and enter an e-mail address for the user’s account. You may have to create a mailbox for the user in your SMTP server if a mailbox didn’t exist before.

   

4. In Central Administration go to Manage service applications, click the User Profile Service Application hyperlink, select Start Profile Synchronization, and select Full Synchronization option.NOTE: Make sure that the account you are synchronizing is in a container that has been configured to synchronize. For example, the Administrator account by default is in the Users container which is not usually configured for synchronization. You can select an individual account within a container or OU for synchronization if necessary.
   
5. After the synchronization is complete, logoff and then logon again as the user account.
6. Verify that the work e-mail address for the user is available, as mentioned in Step 2 above.
7. If the work e-mail is listed then the account should be able to create alerts without any errors.

Microsoft Office SharePoint Server (MOSS) 2007 has a feature called ViewFormPagesLockdown, or some people simply refer to it as the SharePoint lockdown feature. Fortunately, the feature also works with SharePoint Server 2010.

The lockdown feature is useful if you have a site collection that is configured for Anonymous access on a Publishing site and you want to lock it down so Anonymous users don’t have access to the Forms page (e.g. http://ServerName/Pages/Forms/AllItems.aspx). You might also be able to take advantage of this feature in another way. For example, if you ever run into an issue on a Publishing Portal configured for Anonymous access where users are unable to post comments (which are stored in a List) on a blog site then the lockdown feature can be disabled, which will result in allowing Anonymous users to post comments. Normally, people won’t have problem posting comments on a blog site unless it is a Publishing site, in which case they will get a prompt to enter user credentials. In such a scenario you can disable the lockdown feature.

NOTE: By default, all publishing sites have the ViewFormPagesLockdown feature enabled.

You can either use stsadm.exe or PowerShell to enable this feature. I prefer to use PowerShell. If you want more detailed information on how to use stsadm.exe, Microsoft’s Tyler Butler has documented it here for MOSS 2007.

With PowerShell, you can easily enable to disable this feature. Here are the instructions.

1. If you are unsure whether the lockdown is enabled, use the following PowerShell command to find out the answer.
   get-spfeature -site SiteCollectionURL
   e.g. get-spfeature -site http://www.winnetusergroup.com

   

2. Look at all the features listed and see if ViewFormPagesLockdown is enabled. If you see it listed then it is enabled, otherwise ViewFormPagesLockdown is disabled.
3. The lockdown feature can be enabled or disabled. To enable it first run the following command.
   $lockdown = get-spfeature viewformpageslockdown
4. Now execute the following command to enable it.
   enable-spfeature $lockdown -url SiteCollectionURL
   e.g. enable-spfeature $lockdown -url http://www.winnetusergroup.com

   
   
   NOTE: To disable the lockdown feature replace the word enable with disable. For example:
   disable-spfeature $lockdown -url SiteCollectionURL

5. At this point you can verify that the feature is enabled by running the following command. Look for the ViewFormPagesLockdown entry in the list. If it exists, the lockdown feature is enabled.

   
   
   

6. According to Microsoft, if Anonymous Access is configured for the site then you need to first disable it and then re-enable it. To enable/disable Anonymous Access in SharePoint Server 2010 go to Site Actions, Site Permissions and click Anonymous Access icon on the ribbon.

Today I noticed the following error when I tried to create a new library in SharePoint 2010. I am running SharePoint Server 2010 and was using IE9 on my Windows 7 Ultimate x64 client.

Error: An unhandled exception occurred in the Silverlight Application

Here’s how I was able to resolve the problem.

1. Go to Central Administration site.
2. Go to Manage Web Applications in Application Management section.
3. Highlight your Web application and select General Settings from the General Settings drop-down box.
4. Turn on the Web Page Security Validation. The Web Page Security Validation establishes an amount of time after which the user is required to retry the operation. By default it is set to on and the expiration time is 30 minutes. I don’t recall turning it off on my Web application but somehow it was set to off. I looked at all the other Web applications and discovered that it was set to on. It might be some kind of bug in SharePoint but because I haven’t done any research on this issue I can’t say for sure.

   

5. Now you should be able to create new libraries.

There is no need to restart any services, browser, or your computer. Your change should take effect immediately.