In my current client engagement I've been working on a MySite implementation, so naturally I've had to mess with the Shared Services Provider quite a bit.  For reasons unknown to me, the SSP/MySites got messed up and I had to delete them.  The problem was that you can't easily delete a SSP from the central admin, so once again STSADM to the rescue....

stsadm -o deletessp -title <YourSSPTitleHere> -force

The key here is -force, depending on the situation, if you don't add -force, your SSP won't be fully deleted.


I've set up FBA (Forms Based Authentication) on a SharePoint site a few other times, but never on Mysites.  Typically I follow Dan Attis's blog posting, which covers setting up FBA.  Dan also has another great post about setting up FBA with MySites.  Basically since MySites is tied to the Shared Service Provider, you have to setup FBA on both the SSP, and the site that hosts MySites.  I followed Dan's steps to the T but still ran into some issues.  Once I converted the SSP fully over to FBA, I wasn't able to get into all parts for configuring MySites that I needed, I would get errors telling me I didn't have permission.  What gives?  I followed Dan's steps, added an FBA account as an admin in the site, why would I be getting these errors?

So I backed out setting my SSP to FBA and set it back to Windows Auth and started taking a look at the permissions.  Everything looked fine.  Then I stumbled across the problem.  When your in your SSP and go to MySite Permissions, below is a screenshot of what a typical SSP MySite Permissions looks like.  Notice how you don't see your FBA admin account anywhere. 

image

So I added my FBA account and gave it the same permissions as my Windows Auth Admin account, switched my SSP back to FBA and viola!  I was able to now fully administer the SSP with my FBA admin account.  Notice how the spadmin account has the same permissions as my Windows Auth account.

image

 

Another thing to not here is the "everyone" group.  Dan talks about making this group in his posting, and it especially comes in handy when you want to do straight FBA with MySites.  I created the Everyone group and gave it the same permissions as the "NT Authority\Authenticated Users", which makes sense that you have to do this.  If you DIDN'T have an everyone group (or at least a group of users that COULD create MySites), you'd have no way for a FBA user to automagically create their mysite.  So by adding an "everyone" group and mimicing the "NT Authority\Authenticated Users" group, you now allow any authenticated FBA user to be able to create their MySite.

 

Here are the 2 links to Dan Attis's FBA walkthroughs.  They really are great resources and I can't thank Dan enough for posting them and helping everyone out most likely pulling his hair out discovering the secret of the SharePoint FBA.

Dan Attis's 2 part posting about FBA Part 1 : http://devcow.com/blogs/jdattis/archive/2007/02/23/Office-SharePoint-Server-2007-Forms-Based-Authentication-FBA-Walkthrough-Part-1.aspx

Dan Attis's 2 part posting about FBA Part 2 : http://devcow.com/blogs/jdattis/archive/2007/03/01/Office-SharePoint-Server-2007-Forms-Based-Authentication-FBA-w-MySites-Walkthrough-Part-2.aspx


Recently in a SharePoint project I ran into a bunch of problems with a faulty installation.  I've blogged about a few problems I've had with it, but most recently I ran into a problem where the Search box on all my sites just disappeared.  I was at a loss as to how it happened, it was there one day, and gone the next.  I narrowed it down to the fact that I had been messing with the SSP recently.  Turns out that the user I specified in the SSP to connect to the database didn't have permissions on the database itself.  I gave the user permissions on the database server and after that, the search box reappeared on all my sites.


Posted in: Sharepoint  Tags: , ,
Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

© Copyright 2017 Tony Testa's World