Author Archives: Xerox

SharePoint 2013 – Active Directory Security Groups do not work

September 2, 2013 8:29 AM / Leave a Comment /

Last week we created a new Site Collection and published it to our company. We added an active directory universal security group to our visitor group in Sharepoint.

After some time the first users complaint that they have no access to the site collection. Really strange was that all users without sid history had no problem.

Finally we found this article: KB2722087

“Each SharePoint service application must run the C2WTS locally. The C2WTS does not open any ports and cannot be accessed by a remote caller. Further, the C2WTS service configuration file must be configured to specifically trust the local calling client identity.”

Its mandatory that the Claims2WinowsTokenService runs on ALL WebFrontends and Backend Servers! (don’t think its necessary on real Backend Server without user interfaces like search server)

 

 

Posted in: SharePoint / Tagged: , , , ,

Secure OfficeWebApps Farm with “FarmOU” Setting

August 23, 2013 3:19 PM / 4 Comments /

As Microsoft describes on TechNet you can prevent other OfficeWebAppsHosts from joining your Farm when the computer account isn’t located in the correct active directory OU.

http://technet.microsoft.com/library/jj219442.aspx

FarmOU Optional System.String Specifies the name of the Active Directory organizational unit (OU) that servers must be a member of to join the Office Web Apps Server farm. Use this parameter to prevent unauthorized servers (that is, servers that are not in the OU) from joining an Office Web Apps Server farm.

But how to apply this setting? As using the DN of the OU does not work you need to use the Canonical Name of the OU. If your machines are located in CONTOSO.COM/Computers/OfficeServer/SERVERNAME1 you need to use the following command:

Set-OfficeWebAppsFarm -FarmOU “Computers/OfficeServer”

To check the setting:

Get-OfficeWebAppsFarm

FarmOU should display the ldap path of the OU.

FarmOU                            : ldap://OU=OfficeServer,OU=Computers

 

Posted in: OfficeWebApps, SharePoint / Tagged: ,