Archive for May, 2010

Note to Self: The Difference between SPWeb.SiteGroups & SPWeb.Groups

May 26th, 2010 2 comments

This came up a few times and I seem to forget it after a while:

  1. SPWeb.SiteGroups: As the documentation says this gets you a collection of cross-site groups for the site collection. These groups are cross-site, because they can be used in more than one SPWeb object in the site collection.
  2. SPWeb.Groups: This returns a subset of the groups above (SPWeb.SiteGroups) that are used in the specified SPWeb object. The word “used” is important to note here. These are the groups that are referenced somewhere in the site. For example, in a securable object such as an SPList or SPListItem with broken inheritance.

So, the logical conclusion is that:  SPWeb.SiteGroups >= SPWeb.Groups.

Categories: MOSS 2007, SharePoint 2010 Tags:

Canada Security Conference-Sector 2010: I am speaking!

May 24th, 2010 No comments

I am pleased to announce that I will be speaking at the Canada’s  Security Conference-Sector 2010. The conference will be held here in Toronto from October 25 to October 27, 2010. Here is my talk: Moving to the new security model in SharePoint 2010: claims-based authentication.

You can register for Sector 2010 here.

Categories: SharePoint 2010 Tags:

Got a Problem Pairing Your iPhone with Windows 7 over Bluetooth?

May 24th, 2010 4 comments

I’ve been scratching my head for a week on a problem concerning pairing my iPhone with Windows 7 over Bluetooth.

The problem seems to be very common: I would like to enable tethering via Bluetooth (no cable) between my iPhone and my ThinkPad W700 and T61P laptops (OS: Windows 7) and I get all sorts of errors. I tried many different ways that people have recommended to solve the issues, but no dice.

Here are the different errors I got:

  • Adding the device failed because it does not support this type of authentication (Screenshot).
  • Windows can’t connect to your personal area network.Try moving your Bluetooth enabled phone from your computer, and then adding (pairing with) (Screenshot).
  • Bluetooth Peripheral Device — No driver found (Screenshot)
  • The mutual authentication between the local Blutooth adapter and a device with Bluetooth adapter address (XX:XX:XX:XX:XX:XX) failed (Screenshot).

Here is how I solved the issue:

  1. Removed the iPhone from the list of devices installed on my laptop.
  2. Connected the phone to my laptop using its USB cable <– Don’t miss this step!
  3. Turned on the Internet Tethering in the iPhone and enabled tethering over Bluetooth and USB  ( Settings>General>Network>Internet Tethering) <– Don’t miss this step either!
  4. Paired them up while the phone was still connected to the laptop through the cable.
  5. Disconnected the cable once the pairing was completed.
  6. Connected to the phone using the Access Point, as shown in the Figure below.

That’s it! It worked on both my laptops like a champ. Also, a friend of mine who has got the same issue with his HP Laptop for three months managed to solve it by following the same instructions. That being said, I’d assume it should work for some other people, too.

Happy Tethering!

Categories: General Tags:

SharePoint Administration Toolkit & GetByPrincipalId() Method Call

May 8th, 2010 1 comment

SharePoint Administration Toolkit ships with a very handy tool that’s installed at web site level (SPWeb) named Check Effective Permissions. Essentially, this tool checks to see if a SPPrincipal object has got permissions to any objects within the current web site and all the sub sites that inherit from the current site. It also provides other permission related reports such as anonymous access level or other factors that effect the level of access for the given SPPrincipal object.


Sometimes when you use the tool, it throws the “Value does not fall within the expected range” exception on SPRoleAssignmentCollection.GetByPrincipalId(Int32 principalId) method call. See the stack trace below:


Value does not fall within the expected range; at Microsoft.SharePoint.SPRoleAssignmentCollection.GetByPrincipalId(Int32 principalId)
at Microsoft.SharePoint.SPRoleAssignmentCollection.GetAssignmentByPrincipal(SPPrincipal principalToFind)
at Microsoft.Office.Server.SecurityReport.SecurityReportAccountManager.CheckPermissions(Object contextObject, String username, AclUIMode aclType)
at Microsoft.Office.Server.SecurityReport.SecurityReportAccount.BtnCheck_Click(Object sender, EventArgs e)



In our case, since the exception was only thrown for some SPPrincipal objects, I did a quick analysis and found out that if the SPPrincipal has no role assigned to it (see the figure below), it blows up the API call. I know this may sound kinda bizzare. Why do we need an SPPrincipal without having a role assgined to it? For a number of reasons. For example, you may need to create the groups in advance and assign the permissions later. Or, maybe the groups are auto-generated by an import process, but something has gone wrong when assigning the roles. As a result, some groups do not have roles assigned to them.


By the way, people have reported other similar issues on the bottom of this page.

Categories: MOSS 2007 Tags:

BI Center and Data Connection Errors When Using PerformancePoint Dashboard Designer

May 3rd, 2010 8 comments

A common way to display your BI assets in SharePoint 2010 is to use a site template called Business Intelligence Center. The Business Intelligence Center (a.k.a BI Center) is the enhanced version of the Report Center in MOSS 2007. The site template includes many of the BI capabilities that Microsoft has introduced in SharePoint Server 2010 all packaged into a single site. Although using Business Intelligence Center is not the only way to access SharePoint’s BI features,this site template can provide a central location for teams and departments within your organization to store, retrieve, and modify shared reports, dashboards, Excel workbooks and etc.

Recently, I have been busy creating and migrating some PerformancePoint dashboards to SharePoint 2010. During the migration process, I came across a couple of weird errors in the Dashboard Designer which I thought to highlight in this blog post:

Error #1) You lunch the Dashboard Designer Click-Once application and try to create a new data connection,and then you get the following error:

“The item no longer exists or you do not have permissions to view it. Additional details have been logged for your administrator”

Windows Event Viewer Log Entry: Microsoft.PerformancePoint.Scorecards.BpmException: The item ‘http://splab/BICenter/Data Connections for PerformancePoint/AdventureWorksDW_ADCube.odc’ is not a valid PerformancePoint Data Source. Check to make sure the content type of this item is correct. at Microsoft.PerformancePoint.Scorecards.Store.Dao.DataSourceSPDao.ValidateFile(SPListItem item) at Microsoft.PerformancePoint.Scorecards.Store.Dao.SPDocDao.Get(ISPFcoCache cache, Guid webSiteID, RepositoryLocation location, SPListItem item)

Cause:It turned out that prior to launching the Dashboard Designer, I had uploaded an Excel Workbook to the BI Center and the Workbook’s data connection file was added using the PerformancPoint Data Source content type. This is a normal behavior, because PerformancPoint Data Source content type is the default content type in the library. Unless you explicitly specify which content type to assign to your data connection file,the default content type will be picked up and assigned to an uploaded file. So, when Dashboard Designer is lunched from within the BI Center , first, it attempts to resolve this data connection (AdventureWorksDW_ADCube), which is obviously not a valid PerformancePoint data connection, but an *.odc file used in a published Excel Workbook.

Resolution: Edit the data connection file and assign the right content type to it, as in my case it was : Office Data Connection File.

Error #2) You launch the Dashboard Designer Click-Once application and create a new data connection.

When you specify the name of the server and after you select the database to connect to, you get the following error:

“The query could not complete because the data source “New Data Source” is not in a PerformancePoint trusted location”

Windows Event Viewer Log Entry: The query could not complete because the following items are not in a PerformancePoint trusted location: New Data Source The shared service administrator must configure the following content locations as “trusted”: The shared service administrator must configure the following data source locations as “trusted”: /BICenter/Data Connections for PerformancePoint Trusted Locations can be configured for the PerformancePoint Service Application by using PowerShell Cmdlets or through SharePoint Central Administration. PerformancePoint Services error code 22002.

Cause: The Data Connection Library in the BI Center is not added to PerformancePoint trusted locations by default.

Resolution: As indicated by the Windows log entry,you need to add the URL of the Data Connection Library to the list of trusted locations.See this page for more information.

Error #3) You launch the Dashboard Designer Click-Once application and attempt to connect to a database , but no database shows up in the Database drop-down list.

You switch to the “Use the following connection” option and you specify the following connection string:

Provider=MSOLAP.4;Integrated Security=SSPI;
Persist Security Info=True;Initial Catalog=
Adventure Works DW 2008R2;Data Source=.;
MDX Compatibility=1;Safety Options=2;
MDX Missing Member Mode=Error

And you get the following error:

The Unattended Service Account “” does not have permissions to see this data. Additional details have been logged for your computer.

Windows Event Viewer Log Entry:Microsoft.AnalysisServices.AdomdClient.AdomdErrorResponseException: Either the user, CONTOSO\ppfunattensvc, does not have access to the Adventure Works DW 2008R2 database, or the database does not exist.

Cause: PerformancePoint Unattended service account has permission to connect to the database.

Resolution: Ensure that the PerformancePoint unattended service account has permission to the SQL Server instance where the database exists or the database itself.Once the permissions are granted, the database should show up just fine in the list of available databases.

Last but certainly not least, if you are connecting up to a SSAS cube, you need to make sure the PerformancePoint unattended service has access to the cube and the underlying data warehouse.

Categories: SharePoint 2010 Tags: