Office 365 ProPlus Administrator Series: Office 365 ProPlus Security Considerations

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. Office 365 ProPlus changes the security and data management story from securing end points and activities on the end point to decisions for securely accessing data. In order to enable users to switch from one device to another and resume working with their content, it means that either they log into a remotely hosted environment or that endpoints have access to remotely-stored documents. Office 365 ProPlus optimizes for the best experiences on devices while also providing rich browser-based experiences with Office Web Apps. In either constellation, Office 365 ProPlus does not use a Remote Desktop Protocol-based architecture where the user logs into a remote system and views that from the endpoint. Files and content will move to the consuming device whether viewed through a browser or with rich clients, so securing access to files is a key consideration. If your organization is not quite ready to move email or file storage workloads to Office 365 Enterprise services – with Exchange and SharePoint functionality available – then Office 365 ProPlus may be the best fit because your email services and files will be stored on your premises. The only data Office 365 ProPlus will need to store in the cloud are User Principle Names and related minimum user attributes for handling activation and roaming settings information (primarily HTTP links to files and custom dictionary entries).  Everything else in that case remains in your infrastructure using traditional data management and access models. Securing the Service Some of the primary vectors for Office 365 security have been discussed in this series as they relate to authentication and authorization to Office 365 services and which services are permitted as save-to or open-from locations. For the latter configuration, Office 365 ProPlus and Office Professional Plus 2013 may be managed by new Group Policy settings to optionally restrict storage to SkyDrive or third party cloud storage locations. You may also limit sign-in credentials to Organizational IDs and disable sign-in to personal IDs or disable sign-in altogether. Disabling sign-in completely applies best to Office Professional Plus 2013 installs of Office, where activation is performed via Key Management Service (KMS) or Multiple Activation Key (MAK). Access to files and services may be augmented by Rights Management Services and/or multifactor authentication used in conjunction with Active Directory Federation Services to provide secure authentication and authorization to your organization’s files. Securing Clients Office 365 ProPlus includes enterprise-class security controls and fully-supports Group Policy configuration management. Additional features carried over from Office 2010 include Protected View, Data Execution Prevention (DEP) support, trust locations and documents, Office file validation and file block and ActiveX Kill Bit. For many organizations, the default security settings for Office 365 ProPlus are suitable and for those of you with highly locked-down environments, Group Policy enables thousands of settings via ADMX administration templates to fine-tune Office settings to fit your needs. Securing Office on Demand and Web Apps Office on Demand is a new delivery model allowing users to stream complete Office applications from a SkyDrive Pro location. It enables users to get quick access to Office applications and their files on essentially any Windows 7 or newer PC with an Internet connection – and without ActiveX controls disabled by the admin. But what does this mean for the files accessed via these unmanaged or non-owned PCs? Because the user in this case has access to SkyDrive Pro from the unmanaged PC, Office on Demand works to provide an excellent viewing and editing experience. If that user elects to download a copy and view it in Notepad or a browser, the file has already made it to the local hard drive of the computer. While Office on Demand does enable a more compelling user experience in this case, it doesn’t diminish security if those files were already accessible from that unmanaged computer. Much more to come This post only scratches the surface of security considerations scoped to the client and essentially was written to answer a few very frequently-asked questions I get when presenting Office 365 ProPlus to large organizations. Check out the  Security overview for Office 2013 Preview on TechNet for further information on product and service security as it relates to Office Professional Plus 2013 and Office 365 ProPlus. Also be sure to download the Office 2013 Preview Administrative Template files (ADMX/ADML) for Group Policy management.

Requuirements and security considerations for SkyDrive Pro

Here’s some basic information you’ll want to have if you want to support SkyDrive Pro libraries and Sync services in your organization. If you just want to get your bearings around SkyDrive Pro, you can start here: https://office.microsoft.com/en-us/sharepoint-server-help/what-is-skydrive-pro-HA102822076.aspx   Regarding SkyDrive Pro prerequisite software and services: To support SkyDrive Pro libraries in your organization, the latest SharePoint or Office 365 personal sites (also known as My Sites) need to be deployed in your organization, and the user profile service needs to be running. This is because social features, such as sharing documents, depend on personal sites and user profiles. To support Sync in SkyDrive Pro (the ability to synchronize SkyDrive Pro documents with local desktops), make sure that either Office 2013 (Standard or Professional) or an Office 365 subscription that includes the Office 2013 applications is running on Windows 7 or Windows 8 client devices.  Regarding security concerns: SkyDrive Pro client exchanges with SharePoint sites rely on synchronization protocol and external mechanisms for security, such as those provided by VPNs or Secure Socket Layer (SSL) technology. SkyDrive Pro data is not encrypted over the network when the SkyDrive Pro client talks to SharePoint (which is required to support SkyDrive Pro), unless the transport protocol is being used for server communication is through https (which uses SSL or Transport Layer Security – TLS). Server administrators can configure SSL encryption for data sent over the network between the SkyDrive Pro and the SharePoint servers. On-disk data can be encrypted using the Windows BitLocker Drive Encryption. For more information see ‘BitLocker Drive Encryption’ at https://go.microsoft.com/fwlink/p/?LinkId=163122 . Note: SSL is recommended for SharePoint connections from outside a corporate domain. If you’re using Active Directory, you can configure the following Group Policy setting: Sync Only On Domain Network: Requires a Secure Socket Layer (SSL) connection for SkyDrive Pro clients trying connect to SharePoint Server 2013 (or SharePoint 2010) from outside the organization’s intranet. In addition, you can secure the SharePoint site from unauthorized access by setting access control lists appropriately. For guidance about how to set access control for users to synchronize with SharePoint libraries and lists, see ‘Overview of site permissions in SharePoint 2013’ at  https://technet.microsoft.com/en-us/library/jj219771.aspx .

Microsoft Project Online frequently asked questions #ProjectOnline #Office365

Following the recent worldwide Project Ignite tour my colleague Jan Kalis organized as well as presentations at events like SharePoint Conference 2012 last week, please find below a summary of frequently asked questions (FAQs) about Microsoft Project Online I have been asked by customers and partners. Before I start please note that this is a journey and I’m sure you have plenty more questions and yes we will have plenty more answers and content to help you understand the value of Project Online and how it can bring value to your organization. Also please note that the 8 questions below are not sorted in any specific order, and yes if you have additional questions please leverage the Project Online forum on TechNet . Delivers full Project Portfolio Management (PPM) in the cloud Yes Microsoft Project Online delivers full project portfolio management capabilities in the Office 365 cloud. Project Online delivers all key scenarios/functionality expected from a PPM solution such as demand management , resource management, financial management, time management, collaboration & social, etc. As mentioned during the Ignite tour the product team only built and shipped one product called Project Server 2013 which gets delivered in different channels like online in Office 365 or on-premise like TechNet & MSDN subscribers. So yes there is full PPM functional feature parity in Online and on-premise whether you want to be firing on all 12 cylinders with a maturity level 3 or if you are just starting with a PPM system. We are also working on document that will be published on TechNet that describes some of the technical differences. Achieve on-premise to Online migration A very common request from many customers, how can I move to Project Online from my existing PPM system whether it’s an older version of Project Server or whether it’s from a online competitor? Again we will provide guidance, but at a high level you can either do it manually once depending on the amount of data, or you can automate the process using third party tools such as: FluentPro Cloud Migrator Pro ( Want to test-drive Project Online? How to migrate data from on-premises to Online? ); please also remember that you will also have to migrate the SharePoint content to SharePoint Online (plenty of tools available today to help you achieve this, BING them!). Connect Online to on-premise Line Of Business Apps Moving to Project Online does not isolate you from your mission critical on-premise line of business applications such as an ERP, CRM, ticketing, etc. SharePoint Online and Project Online provide a very rich extensibility model to help you connect the two world regardless of your needs. It could as simple as leveraging existing API such as OData or CSOM, or you could leverage Business Connectivity Services for instance. We are working on whitepaper that will get published early next year that will demonstrate the integration (how to push data from on-premise to Online and how to retrieve data on-premise from Online) and provide starting points to enable it. Track using ODATA and customize using CSOM In an Online world we cannot give you direct database access for obvious security reasons! and hence the protocol/mechanism to access all your beloved PPM data (yes including timephased data) is via the OData protocol. To build apps and do any custom code the API of choice is CSOM, please check the Project & SharePoint Software Development Kit (SDK) on MSDN to learn about each. Preview is for temporary use only (see Preview FAQ ) The preview has been available since July 16th 2012, when Steve Ballmer disclosed the new version of Microsoft Office (which Project desktop, Project Server and Project Online is part of!). The Preview is free but it’s for temporary use only until the commercial service is available, you read the Preview FAQ and navigate to the very end which says: “the Preview will expire approximately 60 days after the next version of Office becomes available in your market. As the date approaches, you will receive notifications in the Office applications alerting you to the pending expiration. Once the Preview has expired, the applications enter read-only mode, which means that you can view or print documents only, it isn’t possible to create new documents, edit, or save them. You must uninstall the Preview version of Office before installing a newer version of Office.” So yes, please kick the tires, try it out, check out some some of the cool new scenario and features (I love this one …: Microsoft Project Online on Xbox ) but please remember that at the end of the Preview all the data will be lost unless you save it locally. With that in mind and specially with a PPM system, a lot of learning and processes needs to be put in place before a production rollout, so treat this as a free proof of concepts environment! Office 365 is an evergreen service. Customers need to stay current What started with a Preview in our Office 365 worldwide data centers (aka a beta/pre-released version of Project Server 2013), and since the RTM announcement last month and the availability of the products on TechNet/MSDN/Volume Licensing/Trials, the online service has been updated with the RTM products during the past month. So yes it’s a Preview offer but with the latest version of the product! Yes we are still all learning and we are continuously updating the services until it’s ready for general availability (GA). So back to my point earlier, please try it out because it contains the latest fit and polish not to mention the latest bug fixes. In the end, one of the key value of online is that it will always have the latest and greatest version of Microsoft’s PPM, and that includes Exchange, Lync, SharePoint, Office, hence think of the “evergreen PPM”! Azure VM (IaaS) vs. Project Online (SaaS) Azure Virtual Machine (VM) which a preview was disclosed last May, is an upcoming offer from the Windows Azure team which will give you the ability to purchase CPU, memory, and storage in the cloud to run your application in a virtualized environment such as  SharePoint and Project Server for instance. As announced last may, SharePoint 2010 is supported on Azure VM (see SharePoint Deployment on Windows Azure Virtual Machines ), and yes Project Server 2010 will also be supported initially and later 2013 will be. The question one need to think about is whether to go with Infrastructure as a service (IaaS) or other options such as software as a service (SaaS) or partner hosted or on-premise. Bottom line, Microsoft PPM is about choice and we will provide plenty of options to deploy and use it! Again we are working on a white paper and guidance on these options and how they can fulfill your needs today and tomorrow. Use the Project Online Forum and Wiki for Questions & Answers As mentioned at the beginning of this post, I’ve only covered a few question above and I’m sure you have a few more based on some the answers provided above and also based on other Project Online questions you might have so from this point forward I want you to start leveraging the following resources to get answers: Project Online forum , yes it’s monitored by Microsoft product experts, by Microsoft support personnel, by Microsoft Project MVPs and many others so don’t be shy, it’s free! Project Online Preview Wiki Portal , going forward our wiki will get richer and richer with key service information. Other valuable Microsoft Online resources : Steve Ballmer’s letter on October 9, 2012:  TO OUR SHAREHOLDERS, CUSTOMERS, PARTNERS AND EMPLOYEES Global Foundation Services (and their blog ) Office 365 Trust Center (check out the industry standards for instance) Service Updates for Office 365 for enterprises (check out monthly updates)

SharePoint Online: PDF in-browser viewing & MP4 file streaming

We are very excited to announce two compelling updates for SharePoint Online. The service will support in-browser viewing of PDF files and improved streaming of MP4 video files . We received a lot of feedback noting PDF viewing was limited while a number of customers expressed that they did not want PDF files to be downloadable to user’s desktops. In addition, users found that some MP4 files were being downloaded in full before playback would begin. What will this update mean to the user? A PDF document stored in a SharePoint Online library it will simply launch within their Internet browser. This too applies to PDFs embedded as attachments within list items. Note: Users are required to have Adobe Reader on their machines to ensure the proper browser plug-in is available: https://get.adobe.com/reader . Note: In some isolated instances, you may encounter an error when trying to open a PDF document in your Internet browser. If this happens, please try disabling the Adobe ActiveX plugin by going to  Settings > Manage add-ons , highlight the Adobe PDF Link Helper add-on from the list of add-ons, and then click Disable . An MP4 video file stored in a SharePoint Online library will begin streaming much faster without downloading the full file first. We are at the tail end of rolling out the most recent SharePoint Online service update. The PDF adjustment will soon be a notable experience enhancement for all SharePoint Online customers across all Office 365 plans and offerings. The same applies to MP4 files stored in SharePoint Online – let the streaming begin! Microsoft expects to complete this service update rollout worldwide by the end of September 2012. We continue to improve the experience while maintaining the level of security you expect from Office 365. Thank you for your patience and actionable feedback. SharePoint Online progressively evolves each quarter. At its core, the service is driven by AND adapts to the preferences of how users use it every day. Please keep it coming. You can read about this and all of the latest features and innovation on the Office 365 Service Update wiki . Thanks, The SharePoint Online Team

Project Server 2010: Duplicated Outlook tasks after Exchange Sync–June CU

Thought it worth explaining some of the intricacies of the June 2012 Cumulative Update packages, especially for those of you waiting for the fix for the Exchange Sync issue where you see duplicated tasks in Outlook, or are having problems with editing categories in PWA if you have renamed projects in your archive.  Maicco e-mailed asking about the Exchange fix – and thanks for bringing this to my attention.  These two fixes were delivered in the June Cumulative Update cycle, but were not in the ‘default’ Project Server only package https://support.microsoft.com/kb/2598375 , but had their own hotfix – https://support.microsoft.com/kb/2598376 . Issues that this hotfix package fixes Consider the following scenario: You create a user account in Project Web Access (PWA), and you enable Exchange Synchronization for the user account. You create a new plan that contains many tasks in Project 2010. You assign the user account to all the tasks. You save and then publish the plan in Project Server 2010. You log on to the mailbox of the user account that you created to see whether the task list is synchronized. In this scenario, duplicate tasks are created in the task list in Microsoft Outlook. You cannot edit security categories that contain more than 1000 projects when one or more projects in the security categories are archived and then renamed. Just to add to the confusion this hotfix doesn’t explicitly say that it includes the 2598375 fixes – but it does.  The reason for the split is that these two fixes needed some globalization changes – which you can see from the full description (Description of the Project Server 2010 hotfix package (Pjsrvwfe-x-none.msp, Pjsrvmui-x-none.msp): June 26, 2012) where MUI is Multilingual User Interface.  The file list also lists all of the language files. The complete Project Server 2010 June 2012 Cumulative Update package – https://support.microsoft.com/kb/2598355 – does include everything, and the KB does list both of the KB’s mentioned above.  This hopefully clarifies things and explains what the two KBs listed in the full package article are all about. Thanks again Maicco, and in future I’ll keep my eye out for these split CU packages and we will add more details to the notification mail (and I’ll also add an update to the current posting).

A New SQL Server–and some different cube building errors

At SP1 Project Server 2010 and SharePoint introduced support for SQL Server 2012.  I had a question posted on some issues a customer had hit – so I thought I’d set my server up for building an OLAP cube against SQL Server 2012 – just to see if I could.  I already knew I’d need to set up a few things – but as I wanted to see errors I just went for it – and started with a PWA instance that built successfully against my SQL Server 2008 R2 Analysis Services machine.  My Project Server databases were also in this SQL Server 2008 R2 server – so that would add some other interesting things to consider.  I should also point out that my SQL Server 2012 was sitting on a Windows Server 2012 RC machine – so not a supported scenario currently – but I like to live on the edge (I know – I should get a life instead…) Just to recap what goes on when we request to build a cube, which will help you understand where the errors might be coming from – and there may well be other errors you could see if things are configured differently to my scenario. A Cube Build request goes on the Project Server queue The details of the requested configuration are picked up – and the application server contacts the Analysis Services server (firewall permitting) with the cube details.  Also the account running the queue service will need the right permissions to do this – needs to be added as server administrator on Analysis Server Once the Analysis Services server has the cube details then it will know where to get the data from (Reporting DB) so makes a connection. A couple of points here – if you are using an alias for the database server from your Project Server farm then this is the server name passed to AS – so it will also need to know what the alias refers to.  This is true even if the AS machine is also the DB Server.  And the account running Analysis Services needs data reader access to the reporting DB. So I’ve done none of that preliminary setup, so I’m expecting some errors.  The first however, was unexpected: Error 1. [7/3/2012 7:00 AM] Failed to build the OLAP cubes. Error: Failed to connect to the Analysis Services server . Error: Deserialization failed: Requested value ‘EnterpriseCore64’ was not found. This was reported by the cube build – I’ll add the ULS and Event Log errors at the foot of the posting for the search engines to digest – and talking of search engines a quick Bing gave me the answer to this first issue – SQL Server 2012 Cumulative Update 1, which contains the fix described here – https://support.microsoft.com/kb/2683293 – Error message when you use AMO to connect to SQL Server 2012 Analysis Services: “Deserialization failed: Requested value ‘ ‘ was not found”.  The ServerEdition could be one of EnterpriseCore64 (as mine was) EnterpriseCore BusinessIntelligence64 BusinessIntelligence The Cumulative Update itself can be found at https://support.microsoft.com/kb/2679368 – Cumulative update package 1 for SQL Server 2012. Installed the CU and moved on… Error 2. [7/3/2012 7:50 AM] Failed to build the OLAP cubes. Error: Failed to process the Analysis Services database Test2012 on the server. Error: Errors in the back-end database access module. The provider ‘SQLNCLI10’ is not registered. The following system error occurred:  Class not registered Errors in the high-level relational engine. A connection could not be made to the data source with the DataSourceID of ‘Project Reporting data source’, Name of ‘Project Reporting data source’. Errors in the OLAP storage engine: An error occurred while the dimension, with the ID of ‘Resource Type’, Name of ‘Resource Type’ was being processed. Errors in the back-end database access module. The provider ‘SQLNCLI10’ is not registered. The following system error occurred:  Class not registered Errors in the high-level relational engine. A connection could not be made to the data source with the DataSourceID of ‘Project Reporting data source’, Name of ‘Project Reporting data source’. Errors in the OLAP storage engine: An error occurred while the dimension, with the ID of ‘Timesheet Status’, Name of ‘Timesheet Status’ was being processed. Server: The current operation was cancelled because another operation in the transaction failed. Errors in the back-end database access module. The provider ‘SQLNCLI10’ is not registered. The following system error occurred:  Class not registered Errors in the high-level relational engine. A connection could not be made to the data source with the DataSourceID of ‘Project Reporting data source’, Name of ‘Project Reporting data source’. Errors in the OLAP storage engine: An error occurred while the dimension, with the ID of ‘Timesheet Period Status’, Name of ‘Timesheet Period Status’ was being processed. This is very similar to an error you would see even before 2012, and refers to the Native Client for SQL Server SQNCLI10 – not being registered.  This is where we need to be very specific – and the version of the native client is related to our client application code that is requesting the build than either the Analysis Services or the SQL Server version.  Regardless of if you are running 2005 or 2008 or 2012 (or anywhere in between) you will need to have the 2008 Native Client installed from here – https://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=8824 – Microsoft SQL Server 2008 Feature Pack, October 2008 – and specifically the sqlncli.msi which is about half way down the page – and the direct link to the X64 package is here .  Also note that this is referring to the build FROM the Analysis Services server – and it is complaining about the Native Client being missing from there – which it needs to connect to my database server (which happens to be 2008 R2 – but that is irrelevant).  If you look on the AS server you will see that the structure of the cube has been created – so we successfully connected to the server, but it could go off to the database server to get the data.  In a fresh install against SQL Server 2012 you would also need to add the Native Client to the application server – but as it is one of the SharePoint pre-reqs this is normally taken care of.  To confirm the native client requirement you can also look at the Connection string already created on the AS Server as part of the Project Reporting data source – Provider= SQLNCLI10 ;Data Source= ;Initial Catalog=ProjectServer_Reporting;Integrated Security=SSPI;Persist Security Info=False.  I have seen some workarounds described suggesting changing the Provider here – and that would work if you were to rebuild from AS it would get over-written at the next build.  Added the Native Client to my Analysis Services 2012 machine and continued… Error 3 [7/3/2012 8:33 AM] Failed to build the OLAP cubes. Error: Failed to process the Analysis Services database Test2012 on the server. Error: Internal error: The operation terminated unsuccessfully. Server: The current operation was cancelled because another operation in the transaction failed. OLE DB error: OLE DB or ODBC error: Login failed for user ‘DOMAIN $’.; 28000. Errors in the high-level relational engine. A connection could not be made to the data source with the DataSourceID of ‘Project Reporting data source’, Name of ‘Project Reporting data source’. Errors in the OLAP storage engine: An error occurred while the dimension, with the ID of ‘Task List’, Name of ‘Task List’ was being processed. Errors in the OLAP storage engine: An error occurred while the ‘Start Date’ attribute of the ‘Task List’ dimension from the ‘BriSmith2012’ database was being processed…. This error was longer – just repeated for different attributes of the dimension.  The key to this is the Login Failed – and in this case it refers to a machine name (the $ on the end) as my Analysis Services is running as NT ServiceMSSQLServerOLAPService So the connection is via the machine name.  Added the DOMAIN $ as a Login on the Databse Server with db_datareader role membership to my ProjectServer_Reporting database and continued.  If your Analysis Services is runni
ng under some other credentials then you may need to enter these rather than a machine name. [7/3/2012 9:03 AM] Cube build request completed successfully. In my installation I didn’t hit any permissions issues regarding the AS administrator, or any firewall issues – just because my server and domain setup was already taking care of these potential problems – your mileage may vary. Overall, apart from the 1st error these are very similar, if not identical, to problems you could run into with any version of SQL Server – but hopefully a worthwhile reminder of the cube building process and the components and permissions it relies on.  Only Bing and any other search engine needs to read on from here… Logs. Error 1 ULS Logs – a string of errors here – the first few were Medium, then a couple of criticals – I’ve just posted a couple – these should contain anything worth finding on a search.: 07/03/2012 07:00:21.46    Microsoft.Office.Project.Server (0x27B4)    0x2834    Project Server    Analysis Cube Building    myne    Medium    PWA: /PWA”> https:// /PWA , ServiceApp:Project Server Service Application, User:DOMAINUser, PSI: Error generating Project Server cubes. Error: ‘Failed to connect to the Analysis Services server . Error: Deserialization failed: Requested value ‘EnterpriseCore64′ was not found.’    4c420a8a-c27c-47b8-88c9-46baaf8ab1ec 07/03/2012 07:00:21.47    Microsoft.Office.Project.Server (0x27B4)    0x2834    Project Server    Analysis Cube Building    8swo    Medium    PWA: /PWA”> https:// /PWA , ServiceApp:Project Server Service Application, User:DOMAINUser, PSI: [CBS] Status message: ProjectServer BuildOlapCubes failed with exception: Microsoft.Office.Project.PI.CBSCommon.CBSProcessException: Failed to connect to the Analysis Services server brismith12-15. Error: Deserialization failed: Requested value ‘EnterpriseCore64’ was not found. —> Microsoft.AnalysisServices.XmlSerializationException: Deserialization failed: Requested value ‘EnterpriseCore64’ was not found. —> System.ArgumentException: Requested value ‘EnterpriseCore64’ was not found.     at System.Enum.Parse(Type enumType, String value, Boolean ignoreCase)     at Microsoft.AnalysisServices.DesignXmlReader.ReadPrimitive(Type type, XmlAttributes attributes)     … 07/03/2012 07:00:21.47    Microsoft.Office.Project.Server (0x27B4)    0x2834    Project Server    Analysis Cube Building    8icz    Critical    Standard Information:PSI Entry Point:   Project User: DOMAIINUser  Correlation Id: 4c420a8a-c27c-47b8-88c9-46baaf8ab1ec  PWA Site URL: /PWA”> https:// /PWA   SSP Name: Project Server Service Application  PSError: CBSASConnectionFailure (17003) Cube build failed to connect to the Analysis Services server. Verify the data source connection is valid. Error: Setting UID=19d8edf4-019c-437a-a435-2fd160b71592 ASServerName= ASDBName=Test2012 ASExtraNetAddress= RangeChoice=0 PastNum=1 PastUnit=0 NextNum=1 NextUnit=0 FromDate=07/02/2012 06:55:08 ToDate=07/02/2012 06:55:08 HighPriority=True    4c420a8a-c27c-47b8-88c9-46baaf8ab1ec The Application Event Log just shows a pretty generic Cube Building failure message. Source:        Microsoft-SharePoint Products-Project Server Date:          7/3/2012 7:00:21 AM Event ID:      7682 Task Category: Analysis Cube Building Level:         Error PSError: CBSASConnectionFailure (17003) Cube build failed to connect to the Analysis Services server. Verify the data source connection is valid. Error: Setting UID=19d8edf4-019c-437a-a435-2fd160b71592 ASServerName= ASDBName=Test2012 ASExtraNetAddress= RangeChoice=0 PastNum=1 PastUnit=0 NextNum=1 NextUnit=0 FromDate=07/02/2012 06:55:08 ToDate=07/02/2012 06:55:08 HighPriority=True Event Xml: Error 2 ULS logs – plenty of errors here, mostly saying the same thing – so I’ll just post the critical one: 07/03/2012 07:49:52.90    Microsoft.Office.Project.Server (0x27B4)    0x12A4    Project Server    Analysis Cube Building    8icz    Critical    Standard Information:PSI Entry Point:   Project User: DOMAINUser  Correlation Id: 5984d4c1-558e-4bb2-9373-68053f894a7d  PWA Site URL: /PWA”> https:// /PWA   SSP Name: Project Server Service Application  PSError: CBSOlapProcessingFailure (17004) Cube build failed during an OLAP Processing operation. CBS queued message: Setting UID=19d8edf4-019c-437a-a435-2fd160b71592 ASServerName= ASDBName=Test2012 ASExtraNetAddress= RangeChoice=0 PastNum=1 PastUnit=0 NextNum=1 NextUnit=0 FromDate=07/02/2012 06:55:08 ToDate=07/02/2012 06:55:08 HighPriority=True. Error: Failed to process the Analysis Services database BriSmith2012 on the brismith12-15 server. Error: Errors in the back-end database access module. The provider ‘SQLNCLI10’ is not registered. The following system error occurred:  Class not registered  Errors in the high-level relational engine. A connection could not be made to the data source with the DataSourceID of ‘Project Reporting data source’, Name of ‘Project Reporting data source’. Errors in the OLAP storage engine: An error occurred while the dimension, with the ID of ‘Resource Type’, Name of ‘Resource Type’ was being processed. Errors in the back-end database access module. The provider ‘SQLNCLI10’ is not registered. The following system error occurred:  Class not registered  Errors in the high-level relational engine. A connection could not be made to the data source with the DataSourceID of ‘Project Reporting data source’, Name of ‘Project Reporting data source’. Errors in the OLAP storage engine: An error occurred while the dimension, with the ID of ‘Timesheet Status’, Name of ‘Timesheet Status’ was being processed. Server: The current operation was cancelled because another operation in the transaction failed. Errors in the back-end database access module. The provider ‘SQLNCLI10’ is not registered. The following system error occurred:  Class not registered  Errors in the high-level relational engine. A connection could not be made to the data source with the DataSourceID of ‘Project Reporting data source’, Name of ‘Project Reporting data source’. Errors in the OLAP storage engine: An error occurred while the dimension, with the ID of ‘Timesheet Period Status’, Name of ‘Timesheet Period Status’ was being processed.    5984d4c1-558e-4bb2-9373-68053f894a7d The Event Log entry was very similar – Source: Project Server  Event ID was 7691 and Task Category Analysis Cube Building, followed by a generic Queue failure Event ID 7704. Error 3 Here is the critical one from the ULS logs: 07/03/2012 08:32:44.12    Microsoft.Office.Project.Server (0x27B4)    0x2CF4    Project Server    Analysis Cube Building    8icz    Critical    Standard Information:PSI Entry Point:   Project User: DOMAINUser  Correlation Id: fdf04238-ff5a-4153-baca-723f634011cd  PWA Site URL: /brismith8100/PWA”> https:// /PWA   SSP Name: Project Server Service Application  PSError: CBSOlapProcessingFailure (17004) Cube build failed during an OLAP Processing operation. CBS queued message: Setting UID=19d8edf4-019c-437a-a435-2fd160b71592 ASServerName= ASDBName=Test2012 ASExtraNetAddress= RangeChoice=0 PastNum=1 PastUnit=0 NextNum=1 NextUnit=0 FromDate=07/02/2012 06:55:08 ToDate=07/02/2012 06:55:08 HighPriority=True. Error: Failed to process the Analysis Services database Test2012 on the server. Error: Internal error: The operation terminated unsuccessfully. Server: The current operation was cancelled because another operation in the transaction failed. OLE DB error: OLE DB or ODBC error: Login failed for user DOMAINSMachineName$’.; 28000. Errors in the high-level relational engine. A connection could not be made to the data source with the DataSourceID of ‘Project Reporting data source’, Name of ‘Project Reporting data source’. Errors in the OLAP storage engine: An error occurred while the dimension, with the ID of ‘Task List’, Name of ‘Task List’ was being processed. …. Event log same as before the – Source: Project Server Event ID was 7691 and Task Category Analysis Cube Building, followed by a g
eneric Queue failure Event ID 7704.

Project Server 2007: Reporting (Project Publish) queue job fails to complete

This is an issue that several of my readers raised in response to the posting about the orphan baseline posting a few weeks ago, and we know that this is something that more and more customers are now hitting.  The problem was introduced with the February 2012 Cumulative Update for Project Server 2007, and was also present in the April CU too – so if you have installed either of these and have started seeing Reporting (Project Publish) queue job fails to complete then read on. The symptoms are that a project will successfully save and publish, but the Reporting (Project Publish) job will fail to complete, and the error will look something like this (truncated – but the ReportingProjectChangeMessageFailed piece will be repeated based on your queue setting for the retry limit. Error summary/areas: Reporting message processor failed ReportingProjectChangeMessageFailed Queue GeneralQueueJobFailed Error details:                                 The issue occurs because we are missing a NULL check when accessing the task baseline cost – so if it is NULL we get the “Object reference not set to an instance of an object” message.  We are working on a hotfix to correct this behavior, but we also have a workaround that can provide some immediate relief.  This is a macro that can be run on affected project and will set a zero (non-NULL) assignment baseline fixed cost in place of the NULL we are tripping up on.  Below is the macro code that will need to be added to Project in the macro editor, and executed against the plan.  DISCLAIMER: As with any macro code you should review and understand exactly what this code is doing and that you are comfortable to run this on your own plans (and read the disclaimer) – and should also execute this in a test environment first.  It would also be good practice to take an Administrative Backup in your production system to ensure you have good backup copies of your plans (in addition to any normal SQL Server backup).  Also worth mentioning at this point that you should really have the number of project administrative backups set to give you several versions of your plan (Project Retention Policy (versions) – under Server Settings, Database Administration, Schedule Backup. ‘DISCLAIMER OF WARRANTY ‘ ‘THIS FIX CODE IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. ‘MICROSOFT FURTHER DISCLAIMS ALL IMPLIED WARRANTIES INCLUDING WITHOUT ‘LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR OF FITNESS ‘FOR A PARTICULAR PURPOSE. THE ENTIRE RISK ARISING OUT OF THE USE OR ‘PERFORMANCE OF THE CODE REMAINS WITH YOU. ‘ ‘IN NO EVENT SHALL MICROSOFT OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES ‘WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF ‘BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, ‘OR OTHER PECUNIARY LOSS) ARISING OUT OF THE USE OF OR INABILITY TO USE ‘THIS MACRO, EVEN IF MICROSOFT HAS BEEN ADVISED OF THE POSSIBILITY OF ‘SUCH DAMAGES. BECAUSE SOME STATES DO NOT ALLOW THE EXCLUSION OR ‘LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ‘ABOVE LIMITATION MAY NOT APPLY TO YOU.   ‘This macro attempts to work around the reporting publish failure that occurs when there are tasks ‘with baselines and where the BaselineCost contour is NULL. The symptoms that you see in the queue ‘for the “Reporting (Project Publish)” job has details similar to: ‘ ‘ ‘ ‘This code simply walks through the tasks in the tasks in the project and if there are ‘baseline(s) set, then the code sets a time scaled baseline cost = 0 on the day prior to ‘where the baseline start is scheduled.  This sets the baseline contour so that the ‘”Object reference not set to an instance of an object” problem can be overcome during the ‘reporting publish job. Sub FixPublish() Dim t As Tasks Dim tsv As TimeScaleValues Dim i As Long Dim bCalc As Boolean On Error Resume Next ‘get the current application calculation state bCalc = Application.Calculation ‘set calculation to manual (helps with performance while the code runs) Application.Calculation = pjManual Set t = ActiveProject.Tasks ‘walk through the tasks in the project. If a task as a baseline(s) then set a timescaled baselinecost = 0 For i = 1 To t.Count     If Not t(i) Is Nothing Then         If t(i).BaselineStart “NA” Then             Set tsv = t(i).TimeScaleData(t(i).BaselineStart – 1, t(i).BaselineStart – 1, pjTaskTimescaledBaselineCost, pjTimescaleDays)             If tsv(1).Value = “” Then                 tsv(1).Value = 0             End If         End If         If t(i).Baseline1Start “NA” Then             Set tsv = t(i).TimeScaleData(t(i).Baseline1Start – 1, t(i).Baseline1Start – 1, pjTaskTimescaledBaseline1Cost, pjTimescaleDays)             If tsv(1).Value = “” Then                 tsv(1).Value = 0             End If         End If         If t(i).Baseline2Start “NA” Then             Set tsv = t(i).TimeScaleData(t(i).Baseline2Start – 1, t(i).Baseline2Start – 1, pjTaskTimescaledBaseline2Cost, pjTimescaleDays)             If tsv(1).Value = “” Then                 tsv(1).Value = 0             End If         End If         If t(i).Baseline3Start “NA” Then             Set tsv = t(i).TimeScaleData(t(i).Baseline3Start – 1, t(i).Baseline3Start – 1, pjTaskTimescaledBaseline3Cost, pjTimescaleDays)             If tsv(1).Value = “” Then                 tsv(1).Value = 0             End If         End If         If t(i).Baseline4Start “NA” Then             Set tsv = t(i).TimeScaleData(t(i).Baseline4Start – 1, t(i).Baseline4Start – 1, pjTaskTimescaledBaseline4Cost, pjTimescaleDays)             If tsv(1).Value = “” Then                 tsv(1).Value = 0             End If         End If         If t(i).Baseline5Start “NA” Then             Set tsv = t(i).TimeScaleData(t(i).Baseline5Start – 1, t(i).Baseline5Start – 1, pjTaskTimescaledBaseline5Cost, pjTimescaleDays)             If tsv(1).Value = “” Then                 tsv(1).Value = 0             End If         End If         If t(i).Baseline6Start “NA” Then             Set tsv = t(i).TimeScaleData(t(i).Baseline6Start – 1, t(i).Baseline6Start – 1, pjTaskTimescaledBaseline6Cost, pjTimescaleDays)             If tsv(1).Value = “” Then                 tsv(1).Value = 0             End If         End If         If t(i).Baseline7Start “NA” Then             Set tsv = t(i).TimeScaleData(t(i).Baseline7Start – 1, t(i).Baseline7Start – 1, pjTaskTimescaledBaseline7Cost, pjTimescaleDays)             If tsv(1).Value = “” Then                 tsv(1).Value = 0             End If         End If         If t(i).Baseline8Start “NA” Then             Set tsv = t(i).TimeScaleData(t(i).Baseline8Start – 1, t(i).Baseline8Start – 1, pjTaskTimescaledBaseline8Cost, pjTimescaleDays)             If tsv(1).Value = “” Then                 tsv(1).Value = 0             End If         End If         If t(i).Baseline9Start “NA” Then             Set tsv = t(i).TimeScaleData(t(i).Baseline9Start – 1, t(i).Baseline9Start – 1, pjTaskTimescaledBaseline9Cost, pjTimescaleDays)             If tsv(1).Value = “” Then                 tsv(1).Value = 0             End If         End If         If t(i).Baseline10Start “NA” Then             Set tsv = t(i).TimeScaleData(t(i).Baseline10Start – 1, t(i).Baseline10Start – 1, pjTaskTimescaledBaseline10Cost, pjTimescaleDays)             If tsv(1).Value = “” Then                 tsv(1).Value = 0             End If         End If     End If Next ‘fix the project summary task With Activ
eProject.ProjectSummaryTask     If .BaselineStart “NA” Then         Set tsv = .TimeScaleData(.BaselineStart – 1, .BaselineStart – 1, pjTaskTimescaledBaselineCost, pjTimescaleDays)         If tsv(1).Value = “” Then             tsv(1).Value = 0         End If     End If     If .Baseline1Start “NA” Then         Set tsv = .TimeScaleData(.Baseline1Start – 1, .Baseline1Start – 1, pjTaskTimescaledBaseline1Cost, pjTimescaleDays)         If tsv(1).Value = “” Then             tsv(1).Value = 0         End If     End If     If .Baseline2Start “NA” Then         Set tsv = .TimeScaleData(.Baseline2Start – 1, .Baseline2Start – 1, pjTaskTimescaledBaseline2Cost, pjTimescaleDays)         If tsv(1).Value = “” Then             tsv(1).Value = 0         End If     End If     If .Baseline3Start “NA” Then         Set tsv = .TimeScaleData(.Baseline3Start – 1, .Baseline3Start – 1, pjTaskTimescaledBaseline3Cost, pjTimescaleDays)         If tsv(1).Value = “” Then             tsv(1).Value = 0         End If     End If     If .Baseline4Start “NA” Then         Set tsv = .TimeScaleData(.Baseline4Start – 1, .Baseline4Start – 1, pjTaskTimescaledBaseline4Cost, pjTimescaleDays)         If tsv(1).Value = “” Then             tsv(1).Value = 0         End If     End If     If .Baseline5Start “NA” Then         Set tsv = .TimeScaleData(.Baseline5Start – 1, .Baseline5Start – 1, pjTaskTimescaledBaseline5Cost, pjTimescaleDays)         If tsv(1).Value = “” Then             tsv(1).Value = 0         End If     End If     If .Baseline6Start “NA” Then         Set tsv = .TimeScaleData(.Baseline6Start – 1, .Baseline6Start – 1, pjTaskTimescaledBaseline6Cost, pjTimescaleDays)         If tsv(1).Value = “” Then             tsv(1).Value = 0         End If     End If     If .Baseline7Start “NA” Then         Set tsv = .TimeScaleData(.Baseline7Start – 1, .Baseline7Start – 1, pjTaskTimescaledBaseline7Cost, pjTimescaleDays)         If tsv(1).Value = “” Then             tsv(1).Value = 0         End If     End If     If .Baseline8Start “NA” Then         Set tsv = .TimeScaleData(.Baseline8Start – 1, .Baseline8Start – 1, pjTaskTimescaledBaseline8Cost, pjTimescaleDays)         If tsv(1).Value = “” Then             tsv(1).Value = 0         End If     End If     If .Baseline9Start “NA” Then         Set tsv = .TimeScaleData(.Baseline9Start – 1, .Baseline9Start – 1, pjTaskTimescaledBaseline9Cost, pjTimescaleDays)         If tsv(1).Value = “” Then             tsv(1).Value = 0         End If     End If     If .Baseline10Start “NA” Then         Set tsv = .TimeScaleData(.Baseline10Start – 1, .Baseline10Start – 1, pjTaskTimescaledBaseline10Cost, pjTimescaleDays)         If tsv(1).Value = “” Then             tsv(1).Value = 0         End If     End If End With             ‘set the application calculation state back the way it was Application.Calculation = bCalc             End Sub To use this macro you can follow these steps: 1. Open Project Professional 2007 and connect to your server instance having the problem. 2. Go to Tools > Macro > Security . 3. Note the Security Level . 4. Set Security Level to Low or Medium .  This will allow the macro to run. 5. Go to Tools, Macro, Visual Basic Editor (or alt+F11) 6. Copy the text from the macro above, from the first line of the disclaimer to the End sub line 7. Double click ThisProject in the Visual Basic Editor, and paste in the macro to the window that opens (probably titled Project1 – ThisProject(Code) 8. Save this plan as a file if you need to use again, as FixPublishError.mpp, and return to the normal Microsoft Project view (Alt+F11) 9. Open the plan whose Reporting (Project Publish) job fails. 10. Go to Tools > Macro > Macros… 11. Select the FixPublishError.mpp!FixPublish macro. 12. Click Run . It will take a few seconds to a minute for the macro to run. 13. Save and publish the plan. 14. Monitor the queue by going to PWA > Personal Settings > My queued jobs. 15. Confirm that the jobs related to your plan complete successfully. 16. Reset Security Level to what is was before changing it to Low. There is one condition that currently isn’t resolved by the macro, and that relates to hitting the NULL value for any ghost tasks you might have in your plan (these can exist due to dependencies on tasks from other plans).  It is possible that this will be resolved if the source project has already been fixed up – we are still reviewing this. Thanks to Adrian for the fix up macro, Sriram for helping get this blog post out and for DFS and Christoph for the posts on my blog raising the issue. Sorry for the inconvenience this issue has caused you, and I will update this post as we get more information regarding a more permanent fix. Finally here are some lines from the ULS logs that relate to this problem – just to ensure that the search engines have something to digest and to help those searching on these terms. 05/23/2012 10:38:09.29    Microsoft.Office.Project.Server (0x0AE4)    0x0EE8    Project Server    Project Server Reporting    9e09    High    PWA:https://servername/PWA, SSP:SharedServices1, User: DOMAINUser, PSI:   [RDS] ReportProjectPublishMessage for project 0b9e52ec-6bb6-4ca3-823b-d7561d821d1c failed. Error: System.NullReferenceException: Object reference not set to an instance of an object.     at Microsoft.Office.Project.DataEdit.Reporting.ReportingData.GetTaskBaselineCoreTimephasedDataSet(BaselineEntity[] baselineEntityArray, Int32 nIntervalLengthMinutes)     at Microsoft.Office.Project.Server.DataAccessLayer.ReportingProjectDal.TransferTimephasedData[T](Guid projectUID, TimephasedTransferInfo transferInfo, ReportingData timephasedReportingData, ProcessSourceData`1 processSourceData, GenerateTimephasedDataSet`1 generateTimephasedData, Int32 pageSize, LogStatsMethod logStats)     at Microsoft.Office.Project.Server.DataAccessLayer.ReportingProjectDal.UpdateTasksTimephasedData(Guid projectUID, ReportingProjectData projectData, ReportingData timephasedReportingData, Int32 pageSize, String& transferPhase, LogStatsMethod logProjStats)     at Microsoft.Office.Project.Server.BusinessLayer.ReportingLayer.ProjectPublishMessageProcessor.SaveProjectTimephaseData(String& transferPhase)     at Microsoft.Office.Project.Server.BusinessLayer.ReportingLayer.ProjectPublishMessageProcessor.runRDSTransformation(ReportProjectPublishMessageEx projectChangeMessage). Phase: SetAssignmentBaselineTimephasedFixedCost    3ff34f2c-815e-4f95-9798-7f17dc5737db 05/23/2012 10:38:09.29    Microsoft.Office.Project.Server (0x0AE4)    0x0EE8    Project Server    Project Server Reporting    9e05    Critical    Standard Information:PSI Entry Point:   Project User: DomainUser Correlation Id: 3ff34f2c-815e-4f95-9798-7f17dc5737db  PWA Site URL: https://servername/PWA  SSP Name: SharedServices1  PSError: ReportingProjectChangeMessageFailed (24006) RDS: The request to synchronize change(s) to project Project UID=’0b9e52ec-6bb6-4ca3-823b-d7561d821d1c’. PublishType=’ProjectPublish’ failed.  Message: ‘ReportingProjectChangeMessageFailed’  Error:Object reference not set to an instance of an object.    3ff34f2c-815e-4f95-9798-7f17dc5737db 05/23/2012 10:38:10.30    Microsoft.Office.Project.Server (0x0AE4)    0x0D18    Project Server    Project Server Queue    7h5x    Medium    PWA:https://servername/PWA, SSP:SharedServices1, User: DOMAINSSPAdmin, PSI:   [QUEUE] ProjectQ: Group  d4364343-3402-45ef-afd0-f84c8834e5d3 type = ReportingProjectPublish aborted at Message 1    e45e8c63-38fa-49d8-9555-710851b22c90

100 hours of free Microsoft PPM Content from customers, partners, MVPs and Microsoft!

Following yesterday’s announcement on the main Microsoft Project blog: Microsoft Project Conference 2012 Session Recordings Are Live! please find below the full list of sessions (by code, presenter’s company and title). I have also attached an Excel spreadsheet with this list to this post (navigate to the end). Grab you favorite beverage and snacks and enjoy the shows! PS: there are four outstanding recordings we are still in the process of publishing and I will update this list once they are live. PC200, AMD Corp,Detangling project demand, resource supply and capacity with Project Server PC201, AXTEL, X-treme EPMO:   Creating the Enterprise Project Management Office and Culture at AXTEL PC202, Exxaro, Exxaro Resource: Project 2010 Case Study in Mining Industry PC203, Kemira Oyj, Rapid Implementation of the Microsoft PPM solution and SAP-integration in a global Chemical company PC204, Marquette University, Project and Project Portfolio Management that Works PC205, Pioneer Hybred, Doing More with Less: Effective Capacity Planning and Reporting PC206, Shire, Microsoft Project replaces Primavera:   Why Shire made the switch and trusts Microsoft Project Server 2010 to manage $300M PC207, U.S. Environmental Protection Agency, EPM@EPA: Accelerating Maturity in the Cloud PC208, Verizon Communications, How Verizon saved millions with Microsoft PPM: Turning data into useful information PC210, Project Step by Step, Care and Feeding of the Zealots: Why Project users are disproportionately invested in their product, and how you can help spread the love PC211, Applepark Ltd, Project Server REAL LIFE (not Second Life!) customer case studies PC212, Advisicon, Landing Strategy in 3 Steps PC213, BrightWork, The Phoenix Shoot Out – Which is the best solution for Project Management – Excel or SharePoint or Project Desktop or Project Server? PC214, FOXit (Pty) LTD, Extending PPM to more than project and portfolio management, operationalize your business PC215, Innovative-e, Deliver SharePoint Success: Key Steps to Reap The Business Benefits PC216, Novant Health, Portfolio Management – Just what the Doctor Ordered PC217, SharkPro Software, Microsoft PPM Total Cost and Benefit Workshop – Finding YOUR ROI PC218, SharkPro Software, Moving on Up!   Migrating from other PPM tools to Microsoft Project Server 2010 PC219, The Project Group, 10 “Golden Rules” to work with Microsoft Project! PC220, The Project Group, Leveraging Microsoft PPM for Capital Project Management within the Utility and Construction Industries PC221, Tribridge, Achieve Complete Project Cost Planning & Insight: Integrating Microsoft Project Server 2010 with financial systems like Dynamics AX PC222, UMT, Quickly Build Governance Workflows & Effectively Control Financials with UMT Project Essentials Pro   PC223, UMT, Gartner Perspectives – Going Beyond PPM – Effectively Manage Your Entire IT Portfolio Decisions with Project Server 2010 PC224, SBS Group, The Integration of ProjectManagement and Project Accounting with Dynamics SL PC226, Gartner, The Gartner perspective: PPM Industry Trends and Adoption Best Practices PC227, Microsoft, The 411 on Office 365 PC228, Microsoft, Cloud Bursting Techniques with SharePoint Online PC229, Microsoft, Microsoft Project 2010 Desktop Overview PC230, Microsoft, Microsoft Project Server 2010 Overview PC231, Microsoft, Tracking a Microsoft Project Release Using Project PC232, Microsoft, Microsoft Project 2010 Desktop Reporting Overview PC233, Jornata, Critical Success Factors for a Successful SharePoint Deployment PC234, Jornata, Managing and Finding Content in SharePoint 2010 PC235, LehnertCS, LLC, A Successful implementation with Microsoft Project Server is more than technical? PC236, msProjectExperts, Microsoft Project 2010 Mania PC237, Projectum, Manage your resources without Excel – yes it is possible! PC238, The Versatile Company, Modeling Traditional, Serial and SCRUM Techniques in Project 2010 PC239, Innovative-e, Leveraging Project 2010 with Office 365 for Project Management Success PC240, PlanFurther LLC, The painters, the policemen and the Pope… understanding task movement in   Microsoft Project 2010 PC241, PMP Specialists, Resource Management – Putting the Puzzle Pieces Together! PC242, PTC, Maximize Visibility & Accountability in New Product Development Portfolios PC300, Ameren, YOU CAN DO IT: How to Implement Project 2010 Server Yourself (with Little or NO Consulting $$) PC301, ARM, 8 Billion Reasons why ARM chose ProjectServer 2010 PC302, AT&T Business Services, Pearls and Pitfalls – Realizing Real Business Benefits with Microsoft Project Server and SharePoint PC303, Microsoft, Leverage the capabilities of SharePoint to light up Microsoft Project Server PC304, Ingersoll-Rand, Across Divisions, IT, Engineering and the World; a true Enterprise-wide PPM client case study with Ingersoll Rand PC305, WilmerHale, Critical Chain Project Management using Microsoft Project Professional 2010 and Prochain: Implementing Project Portfolio Management PC307, Microsoft, Lessons learned implementing Enterprise Innovation Programs PC308, Bogdanov & Associates, Delivering Microsoft EPM Success: Essential Steps to Map People, Process and Tools PC309, Campana & Schott, 3 steps to cut the Gordian knot in resource management PC310, Campana & Schott, Deliver successful program results in matrix organizations PC311, Expit, Bridging Project Management and IT Service Management domains using Microsoft Project Professional 2010 PC312, msProjectExperts, Implementing PMI’s Practice Standard for Scheduling in Microsoft Project PC313, Pcubed, Project Scheduling Revisited: Performance Tuning Your Scheduling Practices PC314, Revlon, Practical TFS and Project Server integration in mid size enterprise PC315, Meijer, Journey from 2007 to 2010 PC316, Microsoft, Migration Best practices from Project Server previous versions PC317, Microsoft, Everything you want to know about designing and implementing Project Server Security Model PC318, Microsoft, Take Control of the Timesheet and Tasks Updates in your Project Server 2010 Environment PC319, Microsoft, Best Practices Troubleshooting Project 2010 Deployments – Part 1 PC320, Microsoft, Getting up to speed with Project2010 Extensibility PC321, Microsoft, Exploring Project Server Technical Content PC322, Advisicon, Integrating Data from External LOB Systems (SAP, ClickSoft, etc.) for Strategic Resource Planning & Forecasting PC323, PMO Logistics Inc., Everything You Wanted To Know About Administering Project Server 2010 But Were Afraid To Ask PC324, Corporate Project Solutions, Integrating SharePoint and Project Server 2010 – Deployment Approaches, Integration Options and making the most of the SharePoint Enterprise Features. PC325, FluentPro, Project Server 2010 configuration management, migration, merge and documenting PC327, Project Hosts, Going online with PPM — what you need to know PC328, Microsoft, Project Server and Dynamics AX – Completing the Lifecycle from Project Estimation to Revenue Recognition PC329, Microsoft, Take Your Project Reporting To The Next Level: Dashboards And Other Tools PC330, SOLVIN, Breaking the Boundaries of Time Tracking in Project Server: TrackTimesheet a seamlessly integrated extension for time reporting PC331, msProjectExperts, Tips, Tricks, and Best Practices for Using Project Server 2010 PC332, Nintex, Building advanced Project Server workflows with Nintex Workflow for Project Server PC333, ProjectPro Corporation, Critical Path 2.0 PC334, UMT, Turning Project Data into Real World Reports: An Overview of Business Intelligence Options PC335, UMT, Unleashing the Value of Earned Value: Applying Schedule and Cost Controls to Measure ProjectPerformance PC336, Advisicon, Making the Most of Project Professional When Managing Multiple Projects PC337, Agora Consulting Partners, Be Loved By Your Development Teams: Using the Team Foundation Server – Project Server Connector PC338, SharePoint911, SharePoint Governance isn’t just for Grandma PC339, EPM Architects, Managing Resource Supply and Demand with Microsoft Project Server 2010 PC341, QuantumPM, Plannin
g Innovation Adoption with IPM : Tips for a Successful Pilot PC342, Milestone Consulting Group, YJTJ (Your Job Tool’s Job)™ – Working in Concert with Microsoft Project PC343, Symnoian, LLC, Closing the Status Loop with Windows 8 Metro and Project Server’s Task Update Feature PC349, Microsoft, Best Practices Troubleshooting Project 2010 Deployments – Part 2 PC400, Allianz Life, Bean Counting in the Cloud: Merging hosted EPM and internal GL data to optimize financial reporting. PC401, Ubisoft, Tracking Historical Project Activity Data using the Microsoft Business Intelligence Suite PC402, DeltaBahn, Planning and Executing a Multi-Instance, Multi-Version Project Server Migration PC403, Milestone Consulting Group, Extending and Customizing the Project Server 2010 Timesheet to Drive Adoption and Achieve Business Results

Using the updated ChangeXML utility for Statusing

The Statusing methods in the Project Server Interface (PSI) in Microsoft Project Server 2010 enable one user to read, submit, and update assignment and task status for another user, without resorting to impersonation. In the Project Server 2007 SDK, the How to: Generate ChangeXML for Statusing Updates article shows how to generate the changeXml parameter for the UpdateStatus method, validate the XML, and use the ReadStatus and SubmitStatus methods. The Project 2007 SDK download includes the complete Visual Studio 2005 solution for the ChangeXML utility. However, the ChangeXML utility could only update status for the current user. The ChangeXML utility  is now updated for Project Server 2010, in the attached ChangeXMLUtility.zip file. With it, you can generate the changeXml parameter and update status for the current user or for another user. To update status for another user, the utility uses the ReadStatusForResource and UpdateStatusForResource methods. In addition, the utility checks whether the current user has the global StatusBrokerPermission security permission, adds the ResID attribute to the changeXml parameter, and validates the XML against the updated ChangeList.xsd schema in Project Server 2010. For more information about the ChangeList.xsd schema, see Introduction to the ChangeList Schema and Statusing ChangeXML . Note : The ChangeXML utility is designed for use only on a test installation of Project Server 2010, as an example of a programming utility for statusing. It should not be used on a production installation. The updated ChangeXML utility also has several other changes. The previous version uses the ASMX interface, which was the only choice available for Project Server 2007. In the updated version, you can choose to proghrammatically initialize the WCF interface of the PSI by entering the Project Web App URL, or by using the WCF endpoint values in the app.config file. In the following screenshot, the login is automatic if you use the app.config value.         Note : To use the app.config file, change the URL to the value for your PWA instance, for each PSI service endpoint. In the main window, after you log on Project Server, choose Build Change XML .         You can choose to update the status of available assignments for the current user, or – if you have the StatusBrokerPermission – you can choose another user and update assignments for that user. In the following screenshot, the update is for another user. The Items available for update list shows the Project name : Task name : User name values for each item. You can choose to update assignment values or task values for that assignment. The Generate a Change dialog box shows different controls in the Update section, depending on what kind of update you choose. For example, if you choose to update an assignment custom field, you can choose the custom field and the lookup table value, if the custom field uses a lookup table.         When you choose Update XML , the tool generates the changeXml parameter value, as follows:         Following is the changeXml parameter value in the case shown, for updating the Health assignment custom field. Note that the XML value includes the ResID attribute for the Assn element. Late You can clear the Run Update check box to just validate the changeXml parameter. For example, manually change one of the elements, attributes, or values in the XML, and see if it still validates. Or, you can check Run Update to validate and run the change. When the change is completed, try opening the project in Project Professional. If you are the project manager, you are prompted to review the status change in PWA. If you accept the change in PWA, to see the change, open the project in Project Professional. For example, if you changed the Health assignment custom field, go the the Task Usage view, and then add the Health field to the view.         After you save and publish the project, you can also see the change in the Reporting database. For example, run the following query in SQL Server Management Studio for the RDB: SELECT TOP 1000 [AssignmentUID] , [ResourceUID] , [Health_T] FROM [ProjectServer_Reporting].[dbo].[MSP_EpmAssignment_UserView] Find the correct assignment and resource GUIDs in the Results pane: The ChangeXML utility is useful for creating and testing values of the changeXml parameter for the UpdateStatus method, where you can create and test changes for the current user and for other Project Server 2010 users.  —Jim Corbin

Project Server 2010: Slow load times of PWA and SharePoint pages

Thanks to a couple of my European support colleagues for sharing this one, which I know could also affect many of our customers world-wide if they are running servers that are not internet connected.  Great work by Jorge Puig Altozano from our Project support team in Madrid, and special thanks (and all the credit – according to Jorge) to Hector Calvarro for the SharePoint team – also in Madrid.  If Spanish is your preferred language then read on at https://blogs.technet.com/b/elfarodeprojectserver/archive/2012/02/22/project-server-2010-elevados-tiempos-de-respuesta-al-cargar-paginas-de-sitios-pwa.aspx and also Hector’s blog at https://blogs.technet.com/b/hablamoss/ .  Although we are just talking about PWA and SharePoint here – consideration also needs to be given to other 3rd Party assemblies that may be installed too – and this could affect the loading of PDPs. On to the English description – translation thanks to Jorge, with some additional input from Catalin Olteanu from one of our partners, UMT , as they also experienced the same slow downs. We had a Project Server 2010 server, with no Internet connection, that was returning high response times when we would try to load any PWA page – slow response was seen to be due specifically to the calls to SecurityCheckUserPagePermisison, and CheckUserProjectPermissions.  We observed the information n the SharePoint Developer Dashboard, and decided to take a look at the Certificates behavior. BriSmith note – I’m sure lots of analysis went into this decision by Hector – and for anyone interested in understanding more about the problem Catalin found the lookup for www.download.windowsupdate.com from a netmon trace, and the event viewer showing a 4102, and a couple of 4107 CAPI2 errors helped join the dots… We disabled the timeouts for the certificates verification in the SharePoint server On Windows Server , this component is on by default and , whenever an application is presented with a certificate that is not present in the trusted root store, it will attempt to contact Microsoft download servers to get the latest root chain. The SharePoint OOB certificates can induce this as they are stored in a particular repository (SharePoint- Under Certificate management -Local Computer), as opposed to the trusted root. The decision not to have SharePoint code creating and installing a root cert in the Trusted Root store was taken for security reasons (ex if an application could install a certificate into the TRC store might compromise the security of the system). Can this behavior be avoided? ( ie. bypass this check for subsequent validations). Supported workarounds:     Disable automatic update of root certificates on SharePoint Servers          • Launch gpedit.msc as admin on the box          • Go to Computer Configuration –> Windows Settings -> Security settings -> Public Key Policies -> Certificate Path validation settings          • In Network retrieval tab -> Define the policy and uncheck “Automatically update certs from Microsoft root cert program”          • Run gpupdate /force for policy to take effect immediately. Additionally , the cert management plan needs to be implemented as per below article: Manage Certificate Path Validation: https://technet.microsoft.com/en-us/library/cc731638(WS.10).aspx • It is not unusual for enterprises to disable auto-root update. If they opt to do it, they will have to manage distribution of third-party roots that they need in their enterprise via group policy. • The customer  will want to monitor new releases (KB931125) quarterly and update their trust as required. Implications of disabling : There should be no specific implications to SharePoint since we are using self-signed certs and manage them ourselves . The SharePoint certs do have an expiry and we do have a health rule that watches for that IIRC and will warn the admin to update/re-roll them.  The main aspect to think through is for “other” certs used on the box (like SSL certs, certs to trust download packages or for SAFER policy etc etc) which are issues from certs chained to those in the TRC store. But note there is nothing “new” about these issues with this setting; since the boxes in question cannot access the Internet … they actually “require”  more hands on. We also got rid of the verifications for Code Access Security and some other certificates (Certificates Revocation List and Authenticode signatures) doing the following: We have to edit this file: C:WindowsMicrosoft.NETFramework64v2.0.50727CONFIGmachine.config And add/change the value:             The explanation for this key: This element was introduced in the .NET Framework version 3.5 and applies only to that version. It has no effect in later versions of the .NET Framework. The common language runtime (CLR) tries to verify the Authenticode signature at load time to create Publisher evidence for the assembly. However, by default, most applications do not need Publisher evidence. Standard CAS policy does not rely on the PublisherMembershipCondition. You should avoid the unnecessary startup cost associated with verifying the publisher signature unless your application executes on a computer with custom CAS policy, or is intending to satisfy demands for PublisherIdentityPermission in a partial-trust environment. (Demands for identity permissions always succeed in a full-trust environment.) https://msdn.microsoft.com/en-us/library/bb629393(v=vs.90).aspx If we don’t use code signed by Authenticode, and work with CLR validations, we can work with the mentioned option. This is a more detailed explanation about this: A little background – CAS is feature in .NET that allows you to have more granular control over what code can execute in your process.  Basically there are 3 parts: 1.Evidence – Information that a module/code presents to the runtime.  This can be where the module was loaded from, the hash of the binary, strong name, and importantly for this case the Authenticode signature that identifies a modules publisher. 2.Permissions Set – Group of Permissions to give code (Access to File System, Access to AD, Access to Registry) 3.Code Group – The evidence is used to provide membership in a code group.  Permission Sets are granted to a code group. So when a module loads it presents a bunch of evidence to the CLR and the CLR validates it.  One type of evidence is the “publisher” of the module.  This evidence is validated by looking at the Authenticode signature which involves a Certificate.  When validating the Certificate the OS walks the chain of Certificates and tries to download the Certificate Revocation List from a server on the internet.  This is where the slowdown occurs. A lot of servers do not have access to make calls out to internet.  It is either explicitly blocked, the server might be on a secure network, or a proxy server might require credentials to gain access to the internet.  If the DNS/network returns quickly with a failure the OS check will move on but if the DNS/network is slow or does not respond at all to the request we have to timeout.  This can occur for multiple modules because we create this evidence for each module that is loaded.  However if we have looked for a CRL and failed we will not recheck.  However different certificates have different CRLs.  For instance a VeriSign Certificate may have one CRL URL but a Microsoft Certificate will have a different one. Since this probe can slow things down it is best to just avoid the probe if you do not need it.  For .NET the only reason you would need it is if you are setting Code Access Security based on the module Publisher.  Because this can cause potential slow downs and you do not need to occur this penalty you can just disable the generation of the Publisher Evidence when your module is loaded.  To disable this use the Application configuration.  Just set the enabled property to false and you will avoid all of this. Now for ASP.NET applications it was not immediately obvious how to do this but it turns out that
you cannot add this to an applications Web.Config but you can add it to the ASPNET.CONFIG file in the Framework directory.  For other applications just add the attribute to the APP.CONFIG file. More information here: Site slowness due to SharePoint STS Certificate CRL checking https://support.microsoft.com/kb/2625048/