Microsoft KB Archive/202618

= Site Server Personalization & Membership (P&M) Readme =

Article ID: 202618

Article Last Modified on 2/20/2000

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition

-



This article was previously published under Q202618



SUMMARY
The "More Information" section of this article contains a copy of the information in the Readme_pm.htm file included with Microsoft Site Server 3.0.



MORE INFORMATION
Following are the contents of the Readme file as it shipped with the products listed above. It has not been edited by the Microsoft Developer Support Knowledge Base editing team.

Personalization & Membership (P&M) Readme
This readme contains important, late-breaking information about Personalization & Membership (P&M). For additional late-breaking information, instructions on contacting Microsoft for product support, and for information about the Microsoft Site Server version 3.0 documentation, please read the Site Server 3.0 Readme.

This readme file contains information on the following topics:

General P&M Issues

Membership Directory Issues

Rule Builder and Rule Manager Issues

Active User Object (AUO) Issues

LDAP Service Issues

Authentication Issues

Direct Mail Issues

Sample Personalization Site and Membership Pages

General P&M Issues
Using P&M on an Alpha-based Computer

The following features are not supported on computers with Alpha-based microprocessors:

P&M Design-time Controls (DTCs)

Rule Manager

Microsoft Visual InterDev version 1.0

Creating Membership Servers on Alpha-based Computers

On Alpha-based computers that do not have IPX installed, Web-based Administration (WebAdmin) may not be able to create a new secondary Active User Object (AUO) Provider due to the Active Directory Service Interfaces (ADSI) layer being unable to find Nwprovau.dll. To work around this problem, delete the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\NDS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\NWCOMPAT

If you install IPX later, you will have to recreate these keys by reinstalling ADSI. To reinstall ADSI, run the program \Support\Ads\Alpha\Ads.exe located on the Site Server installation compact disc.

Creating Membership Server Instances Using the Command-line Interface

When using the command-line interface to create a Membership Server instance in Windows NT Authentication mode, if the instance does not include an LDAP Service you must specify the LDAP Service that the instance will use. In particular, you must type the actual computer name instead of using the term localhost if you want to use an LDAP Service on the local computer. In the following example, an instance with no LDAP Service is created to use the LDAP Service at port 1002 on computer ServerName1:

pmadmin create instance /ldap:n /ldapserver:ServerName1 /ldapport:1002

Default SSL Port Assignments

When you create a new Membership Server instance, the default Lightweight Directory Access Protocol (LDAP) Secure Sockets Layer (SSL) port assignment is 636 + the instance ID. After the instance is created, if the assignment conflicts with a port number you are already using for any service you can change the port assignment by typing the following at the command prompt in the C:\Microsoft Site Server\Bin\P&M directory:

For the Site Server LDAP Service:

pmadmin set ldap /ldapsslport:PortNum

For the Site Server Authentication Service:

pmadmin set authsvc /ldapsslport:PortNum

Computer Names With German-Language Windows NT Server

ADSI, which is used by the Site Server LDAP Service, does not support lower-case characters with umlauts in computer names under German-language Microsoft Windows NT Server. To avoid problems, do either of the following:

- Do not use umlauts in computer names.

- Use uppercase in scripts and in Membership Directory Manager (MDM) when referring to computer names.

SSL Encryption Not Fully Supported on French Versions of Windows NT

SSL encryption does not work on French versions of Windows NT with the LDAP protocol. This prevents you from using SSL with server software such as the Site Server LDAP Service on a computer with the French version of Windows NT. You also cannot connect an LDAP client (such as MDM) on a computer running the French version of Windows NT to a server that is secured using SSL. (Note that SSL encryption does work on French versions of Windows NT with the HTTP protocol.)

SMTP Server Required for Membership Server "Complete Configuration" Option

In order to use the Complete Configuration option of the New Membership Server Wizard, you must have an SMTP server available for configuring the Message Builder Service. If you do not have an SMTP server, choose the Custom Configuration option and clear the Message Builder Service check box.

MMC Administration Requires Installation of the P&M Tools

On a computer using the Site Server Tools setup, the P&M Tools must be installed in order for the MMC snap-ins for Membership Directory Manager and Personalization & Membership to work. The P&M tools are installed by default; do not clear this selection if you want to administer P&M using MMC from this computer.

Mapping an Application Server to a Membership Server

The P&M System Reference topic "P&M Administrative Groups" states that you must be a member of the Windows NT local Administrators group to map an Application server to a Membership Server instance. Some Application servers (such as Microsoft Commercial Internet System (MCIS) Mail and MCIS News) do not have this requirement.

Importing User Records from P&M into the Analysis Database

For information about importing a large number of user records from P&M into the Analysis database, please see http://www.microsoft.com/siteserver/update/

DCOM Error in Event Log is Benign

You may encounter the following error in the Windows NT Event Log:

DCOM got error "An instance of the service is already running. " attempting to start the service IISADMIN with arguments "" in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}.

This error represents a transient condition and can safely be ignored.

P&M Authoring Tools Do Not Work With SSL

The P&M authoring tools, including Rule Manager and the Membership DTCs, will not work with a Web server that is configured to use SSL. (Note that the Web pages and rules generated by these tools will work correctly against such a secured Web server.) Perform your site development against a Web server that does not require SSL, and then move the developed files to the secured server for publication. Tools such as Site Server Content Deployment are designed to support this type of site development process.

Using the P&M Web Developer's Tutorial

The P&M Web Developer's Tutorial in the Site Server documentation contains a number of errors. Please see http://www.microsoft.com/siteserver/update/ for a revised version.

Configuring Authentication Service to Connect to Invalid LDAP Port Can Cause Authentication Service Tab to Disappear

If you use P&M Service Administration from MMC to configure the Authentication Service to connect to a port assigned to a service that is not a Site Server LDAP Service, or to an SSL port other than 636 for a Site Server LDAP Service, the Authentication Service for this instance will become unusable and the Authentication Service tab will disappear. To restore the Authentication Service tab, type the following at the command prompt from the C:\Microsoft Site Server\Bin\P&M directory:

pmadmin set authsvc /id:instanceNum /security:1

where instanceNum is the instance number of the Membership Server. If you do not know the instance number, type the following at the command prompt to see a list of instances:

pmadmin list instance

After restoring the tab, correct the port assignment so that it refers to a valid LDAP Service port.

Membership Directory Issues
Fix Directory Command Fails if .mdb Database File In Use

The Fix Directory command (P&M command-line interface) fails if the .mdb database file is in use and is not immediately released. If this occurs, stop the LDAP Service instance for that Membership Directory by typing the following at the command prompt in the C:\Microsoft Site Server\Bin\P&M directory:

pmadmin stop ldap /id:InstanceNum

where InstanceNum is the instance number of the LDAP Service. Wait two minutes before retrying the Fix Directory command. After the Fix Directory command completes, restart the LDAP Service instance.

Performance Consequences of Truncating SQL Server Logs on Checkpoint

The online documentation recommends using the SQL Server Truncate Logs on Checkpoint setting. Truncating logs is an administrative convenience because it prevents the logs from filling up. (If the logs fill up, the system stops.) However, due to performance considerations, truncating is appropriate only for test sites or very small production sites. Truncating logs for a high-volume site is a resource-intensive operation that can cause serious performance degradation and, in some cases, the failure (due to timeout) of SQL Server requests and the LDAP Service requests that depend on them.

Sites that do not truncate logs should back them up and reset them daily so that the logs do not run out of disk space. It is generally recommended that the log device size be in the range of 20-50% of the data device size, depending on the Add and Modify transaction rates for the database. The logs should also be included in your backup strategy. Backing up the database can take a long time; because of this, most sites back up the logs daily and back up the entire database at less frequent intervals.

Limitations on Data Export to Analysis

Certain limitations apply to data exported from the Membership Directory to Analysis. No more than 50 user attributes can be exported.

New Attributes Not Immediately Visible in Tools

After you create a new attribute in the Membership Directory schema, it is not immediately visible in the Insert Property DTC, the Membership Attribute DTC, or Rule Manager. To see the new attribute, restart the tool (Visual InterDev, Microsoft FrontPage 98, or Rule Manager).

Membership Directories Should Have Distinct Root Names

In installations with multiple Membership Directories, make sure no two Membership Directory root names (o=DirectoryName values) are the same. This will avoid the possibility that the ADSI layer will return cached data from the wrong Membership Directory to a Web site.

Membership Directory ACLs In Windows NT Authentication Mode

Under Windows NT Authentication, use Windows NT domain accounts and groups, not local accounts and groups, if you want to be able to do either or both of the following:

- Manage Membership Directory access control lists (ACLs) remotely.

- Connect multiple LDAP Services to the same Membership Directory.

Each LDAP Service computer must have at least a one-way trust relationship with the Windows NT domain where the accounts and groups (security principals) reside. The computer where you run MDM must also have at least a one-way trust relationship with the Windows NT domain where the security principals reside, so that it can resolve the Windows NT Security IDs (SIDs).

If you use local accounts and groups, it is not possible to view or change them from a remote computer. For example, if you are using MDM on computer A to manage a Membership Directory whose LDAP Service is located on computer B, you will not be able to see or use any Windows NT groups or accounts that are local to computer B; to do so would require using MDM locally at computer B. Access control entries (ACEs) containing security principals that are local to computer B are displayed by MDM at computer A as account unknown.

If you create ACEs with security principals that are local to a particular computer (call it computer X), those users will never be able to authenticate against an LDAP Service (for the same Membership Directory) that runs on a different computer, because that LDAP Service will not have access to the Windows NT Server directory database of computer X. If you use local accounts and groups, users will only be able to authenticate against an LDAP Service with accounts that are local to the computer where that LDAP Service is running.

Membership Directory Names Cannot Contain Apostrophes

When creating a new Membership Server instance with a new Membership Directory, do not use the apostrophe (') character in the Membership Directory Name. Using an apostrophe will result in failure to create the Membership Directory and the Membership Server instance.

Rule Builder and Rule Manager Issues
Rule Manager Not Immediately Available After Computer Restart

After the Application server computer is restarted, the CPU may initially be busy indexing for the Search feature or Index Server. Rule Manager is unable to access the server during this time. Start Microsoft Windows NT Task Manager and then click the Performance tab to observe CPU utilization. Wait until the CPU utilization drops to normal levels before trying Rule Manager again.

Name of Content Matching Rule Fragment is Misleading

The content selection fragment "where content property matches user property" does an exact match instead of a substring match.

Improving the Performance of Rule Sets

You can improve the performance of rule-set processing by caching a connection to the content source across multiple scripts. To do this, create a Global.asa file in the root directory of your application. See the IIS documentation for information on how to do this; IIS includes a default Global.asa file that you can copy to your application root. You must then edit the Global.asa file that you created, adding an Application_OnStart function and adding the following script to that function:

 Sub Application_OnStart Dim SSPMSearchConn, SSPMIndexConn set SSPMSearchConn = Server.CreateObject("ADODB.Connection.1.5") SSPMSearchConn.ConnectionString = "provider=MSSearchSQL;" SSPMSearchConn.Open set Application("ADO Site Server Search Connection") = SSPMSearchConn set SSPMIndexConn = Server.CreateObject("ADODB.Connection.1.5") SSPMIndexConn.ConnectionString = "provider=MSIDXS;" SSPMIndexConn.Open set Application("ADO Index Server Connection") = SSPMIndexConn End Sub 

This sample code shows how to create a connection for both Search and Index Server. If you do not need both, you can omit the corresponding portion of the code.

You must also modify the Microsoft ActiveX Data Object (ADO) to support multiple simultaneous connections. You can do this by executing the program \Program Files\Common Files\System\Ado\Adofre15.reg. After you run Adofre15.reg, you must stop and restart the World Wide Web Publishing Service and other services that depend on ADO, including any of the following that are configured at your installation: IIS Admin, FTP Publishing, SMTP, Site Server LDAP Service, Site Server Authentication Service, and Site Server Message Builder Service.

Do not run Adofre15.reg if you will be using ADO for retrieving content from an Access database.

ASPs Containing Rule-Set Files with VBScript Expressions that Do Not Access the AUO

When you include a rule-set file in your Active Server Page (ASP), the AUO is automatically created if either of the following conditions is true:

- Any user property is accessed by any rule fragment within the rule set.

- Any rule fragment in the rule set contains a Microsoft Visual Basic Scripting Edition (VBScript) hot phrase.

If your rule-set file contains a VBScript expression but does not access any user properties, then you can improve the performance of the ASP by commenting the lines of code in the rule-set file that create the AUO and retrieve the user's globally unique identifier (GUID). This is particularly important if rule sets that do not access user properties are used a number of times on ASPs within the site. Comment the two lines of the .prf file that create the AUO and retrieve the GUID so that they appear as shown:

...     <%REM If VarType(User) <> 9 Then Set User =       Server.CreateObject("Membership.UserObjects") REM User.Get("GUID") ...     %>

This change is recommended for performance reasons. It is required if you want to allow anonymous access to the page containing the rule set.

Active User Object (AUO) Issues
AUO Member Creation and Required Attributes

When a Membership.UserObjects object (AUO) is created, a new entry is created for the user who is currently logged on, if one does not already exist. This newly created user has the cn (common name) and GUID (globally unique identifier) attributes already set. Calling SetInfo in your script completes the creation. When additional attributes are marked as required in the member object, however, the new attributes must be set before SetInfo is called. For example, if age is a required attribute, your script should include statements such as the following: set user = Server.CreateObject("Membership.UserObjects") If IsEmpty(user.age) Then ' user is being created, so set the new required property user.age = 42 End If     ' Set other properties user.c = "U.S.A." ' Write the changes to the Membership Directory user.SetInfo

Multiple AUO Instances and Using AUO With Rule Builder

If more than one AUO instance is created on an ASP page, instances after the first will not be able to bind to the Membership Directory as the current user if Setinfo has already been called. This is because Setinfo flushes the Authentication Service cache, from which AUO retrieves the user password to be used in the bind. (This is not a problem when AUO is configured to bind using a privileged account.)

Do not create more than one AUO instance from an ASP page. If your page calls functions that need to use AUO, pass in an existing AUO instance as an argument.

Rule Builder automatically declares its own instance of AUO with the name user. If you use AUO on a page that also contains a rule, create your AUO with the name user. If you do this, your code and the code generated by Rule Builder will use the same AUO instance.

Authentication Required on ASPs that Access the AUO

When you create an ASP that uses the AUO, unless the AUO Providers are set up to use the Cookie identification path suffix, you must set an authentication method on the .asp file so that the AUO can identify the user and obtain the password.

Authentication is required for:

- Any ASP that includes a rule-set file with one or more rule fragments that contain any user attribute or any VBScript hot phrase. - Any ASP where the Insert Property DTC has been used. - Any ASP where the Membership DTCs have been used to update user records. - Any ASP where the Membership DTCs have been used to create a user account, and the registration form includes an attribute with the Vocab validation type (Site Vocabulary term). - Any ASP that you create where you instantiate and use the AUO to access the attributes of the current user.

Any authentication method can be used, including Automatic Cookie Authentication, and the user will be identified based on the information collected. For registration pages, use Automatic Cookie Authentication, since the registering user has no record in the Membership Directory that will support any other authentication method.

Configuring Additional Providers for AUO

The documentation for configuring the AUO makes the following statement in the instructions for setting up an additional provider: "If you are identifying objects in this provider by the name of an attribute defined in an existing provider, click User property. In the Alias box, type the alias of the provider containing the attribute, and then in the Property box, type the name of the attribute." However, if the existing provider is the "default" provider, you must leave the Alias field blank. Only fill in the Alias field if you want to refer to a custom provider that you have created yourself.

Creating Non-LDAP AUO Providers

The Create Provider Wizard in WebAdmin and the Provider property pages in Microsoft Management Console (MMC) allow you to specify one of three options for ADS Path Suffix. In WebAdmin they are listed as User name, Cookie, and User attribute provider. In the MMC property pages, these are listed as User name, Cookie identification, and User property. For non-LDAP providers, only the User attribute provider (WebAdmin) or User property (MMC) option is valid. Selecting a different option for a non-LDAP provider will create a provider that does not work.

Insert Attribute DTC Does Not Work with AUO Providers Using Microsoft Exchange

You can configure an AUO Provider using Microsoft Exchange as a source of user information, but the Insert Attribute DTC cannot access user attributes from this type of provider. However, you can use attributes from an Exchange provider in hand-coded scripts.

Provider with Incorrect Schema Path May Cause Dr. Watson Message

If you incorrectly state the ADSI Schema path when configuring an AUO provider, when you try to access attributes from this provider by using the Insert Attribute DTC a Dr. Watson message may be displayed. Correct the ADSI Schema path in the AUO provider configuration.

Using AUO with Cookie ADS Path Suffix

In Windows NT Authentication mode, when an LDAP-based AUO provider is set to use the Cookie or Cookie identification option for ADS Path Suffix, the first page a user comes to on the site should not use AUO. This is because the cookie identifier (GUID) is not available until the first response. (If this situation does arise, the user can click Refresh and the value becomes available.)

When working with cookies in Membership Authentication mode, it is generally best to use Automatic Cookie Authentication and set the AUO provider to use the User name suffix.

SetUserName Not Functional with Cookie ADS Path Suffix

The SetUserName call does not work with AUO providers configured to use the Cookie or Cookie identification option for ADS Path Suffix. If SetUserName functionality is required, configure the AUO provider to use the User Name option for ADS Path Suffix.

Disabling AUO Access to the Authentication Service Cache

In the Site Server Security online documentation, the topic "Understanding the AUO and the Authentication Service Cache" discusses the security and performance implications of how these P&M components work together. An optional procedure for disabling access to that cache by the AUO is incorrectly stated there and in the P&M Operations Guide topic "To configure AUO so that it cannot access the authentication Service cache." The correct procedure is as follows:


 * 1) At the command line in the C:\Microsoft Site Server\Bin\P&M directory, type the following:

PMAdmin Set Master /AUOCacheAccess:Off

2. Cause the AUO to pick up the parameter change by doing either of the following:

- Stop and restart the IIS services.

- Modify the AUO configuration (create, modify, or delete a provider).

LDAP Service Issues
Creating a Custom Error Message for Use When LDAP Service Cannot Be Accessed

When the LDAP Service configured for an Authentication Service is either not running or cannot be connected to by the Authentication Service, the Web service returns a -2146893039 (0x80090311) error ("Internal Server Error") under Distributed Password Authentication (DPA) and under Clear Text/Basic Authentication. You can create a custom error message (such as "The site is experiencing network difficulties. Please try again later.") to be sent when such an error happens. Using Internet Service Manager, open Properties for the Web site with which you want to work. On the Custom Errors tab, modify the message for the Server 500 error. Please read the IIS documentation for additional information about setting up custom error messages for HTTP errors.

LDAP Logging When Using Site Server and IIS in Different Languages

When running Site Server and IIS in different localized language versions, the LDAP logging format cannot be changed from the default IIS Logging Format to ODBC Logging Format. For example, you will experience this limitation if you are running the English-language version of Site Server with the Korean-language version of IIS.

If this limitation presents a problem, you must run Site Server and IIS in the same language. Because Site Server is localized to fewer languages than IIS, in some cases this will mean that if you require ODBC Logging Format you will need to run English Site Server with English IIS.

Performance Counter May Display Invalid Current LDAP Connection Information

When the Site Server LDAP Service has a high number of concurrent connections, it caches certain connection information for performance. Under this arrangement, the LDAP Service Connection Current performance counter, which gives the number of current connections, may display invalid information.

Authentication Issues
Required Attributes and Automatic Cookie Authentication

By default, the member object in the Membership Directory has only two required attributes: the user's common name (cn) and a globally unique identifier (GUID). These are automatically given values when the Automatic Cookie Authentication method creates new users. If you add any additional required attributes to the member object, then Automatic Cookie Authentication will fail because it cannot create new users automatically.

Authentication Methods for Directories and Their Default Pages

IIS and Site Server allow you to configure an authentication method for a directory and different authentication methods for specific files in that directory. It is important, however, not to configure different methods for a directory and its Default.asp (or Default.htm) page because they both refer to the same content. If you configure different authentication methods, the user may not be able to access the default content.

If users are denied access when they specify a URL at the site level (for example, by typing HTTP://site.domain.com), but are granted access when they explicitly request the default page (for example, by typing HTTP://site.domain.com/default.htm), make sure the configured authentication methods are the same for the root directory and its default page.

Using Client Certificate Authentication

P&M modifies the IIS metabase to ensure that the security context of a previous user under HTML Forms Authentication cannot be assumed by a subsequent user. Without this modification, there is a brief window of vulnerability while a connection is kept alive (default 60 seconds), during which another user on the same computer could inherit the connection. The fix for this vulnerability has the side-effect of disabling Client

Certificate Authentication.

To enable Client Certificate Authentication to work with Site Server while retaining the security context fix for HTML Forms Authentication, you must install IIS QFE #179148. In your Web browser, go to www.microsoft.com, and in the Contents pane under Products & Services, click Technical Support. Click Support Online, and then type 179148 as the string to search. Click Find to see the instructions for installing the QFE fix. (Note: you will see this fix described as pertaining to an issue regarding URLs with short file name equivalents, but the same fix also corrects the problem with Client Certificate Authentication.) This QFE fix will be included in a future Service Pack for IIS.

If you want to use Client Certificate Authentication before the Service Pack is available but do not want to install the QFE, you can set the IIS metabase identifier MD_Authorization_Persistence to 0 (zero). This will disable the security fix for HTML Forms Authentication. For details about working with this identifier, see the Windows NT version 4.0 Option Pack online documentation under Microsoft Internet Information Server\Programmer's Reference\IIS Administration\Metabase Identifier Reference\Web Service Identifiers. (Note: you must have installed the SDK documentation, which is not installed by default, in order to view this material.)

Authentication for Registration Scripts

Authentication on a registration script is not usually required, but for scripts created by the Membership DTCs, in one special case you must set Automatic Cookie Authentication on the script. If you are creating a user account in the Membership Directory (not updating an existing user) and if there is any attribute with the Vocab validation type (Site Vocabulary term), the script will not execute properly unless some authentication is set on it. The recommended authentication method is Automatic Cookie Authentication because by definition this user is not registered and cannot log on. If you are updating a user profile, no authentication is required, regardless of the syntax of the attributes.

Recovering Cookies for Roaming Users

When a user moves (roams) from one computer to another, or if different users log on at different times using the same browser, the GUID in a user's logon account in the Membership Directory may not match the GUID in the cookie at the current browser.

In the online documentation topic "Recovering Cookies for Roaming Users," there is a discussion of how to keep the cookies synchronized. A code sample incorrectly states how to put the GUID from the Membership Directory into the cookie at the current browser. Use the code given here instead:

<%     ' The response.buffer line MUST be the first code / HTML line on the page!!! Response.Buffer = TRUE Set UserObjects = Server.CreateObject("Membership.UserObjects") Set vusr = Server.CreateObject("Membership.verifusr") vusr.IssueCookie "SITESERVER", "GUID=" & UserObjects.Get("GUID") vusr.IssueCookie "MEMUSER", UserObjects.Get("cn") %>

You can add this code to your start page, a member logon page, or a members-only page in order to verify that users have the correct cookies when they enter your site. You should check first to see if the two GUID values are different before doing the update shown here.

Direct Mail Issues
Difficulty Stopping Mailings While Processing

At certain points during the processing of a mailing it might take a few moments before an attempt to stop a mailing takes effect. For larger mailings, you may have to wait longer before the mailing stops.

Using Direct Mailer With Multiple Web Sites

If you want to use a single Direct Mailer to send Direct Mail for multiple Web sites, you must configure Direct Mailer to use the correct List Builder Service and Message Builder Service before scheduling each mailing package. The List Builder computer is where the scheduled packages are stored, and the Message Builder computer is where the Web site (Application server) resides. The Web site is associated with a Membership Directory that contains the corresponding e-mail addresses. By default, the List Builder and Message Builder Services will be running on the same computer.

For example, to schedule two mailing packages for different Web sites:

1. Point Direct Mailer to List Builder 1 and Message Builder 1.

2. Schedule Package 1.

3. Point Direct Mailer to List Builder 2 and Message Builder 2.

4. Schedule Package 2.

Package 1 will run on Message Builder 1 (and will use those application settings) and Package 2 will run on Message Builder 2.

Scheduling Direct Mailings on a Primary or Backup Domain Controller

When the List Builder process of Direct Mail is running on a Primary Domain Controller the account used to schedule mailings must be a member of both the local Administrators and the Domain Admins groups. Otherwise, the user will have insufficient privileges to correctly schedule tasks and the mailings will never actually be run. Note: scheduling of tasks will not work correctly on a Backup Domain Controller. Use a Primary Domain Controller, standalone server, or workstation for the List Builder Service.

"User Property Is Not Set" Rule Fragment Not Effective for Multi-valued Properties

When you generate a mailing list by issuing a query against Site Server Analysis, the rule fragment "User property is not set" will not return any results when used with a multi-valued user property. To achieve the intended result, you can create and maintain a single-valued user property called userHasProperty, where Property is the name of the original multi-valued property. Set userHasProperty to True whenever a value is set for the multi-valued property; set it to False if all values are deleted. Analysis queries against this "helper" property will function correctly if the helper property is exported to Analysis.

Creating First Message Builder Instance After Stopping Services

If you delete all Message Builder instances and then stop or restart the Site Server Message Builder Service (either explicitly by using a net stop msgbldsvc or net stop iisadmin command, or by restarting the computer), Direct Mailer will be unable to configure new Message Builder instances. The situation and the recommended workaround are slightly different depending on whether you try creating a new instance by using P&M Service Administration from MMC or from the command-line interface.

- If you try to use P&M Service Administration from MMC to create a new Membership Server instance, selecting Complete configuration or selecting Custom configuration and including the Message Builder Service, during the configuration you will get an error message saying "The New Membership Server Wizard has failed to configure the Site Server Message Builder Service. Continue?" Click Yes and complete the configuration, ignoring any additional error messages. The wizard will finish without creating the instance. Restart the Message Builder Service. You can now create additional instances that will work properly.

- If you try to use the command-line interface to create a new instance, the instance will be created without a Direct Mail component, but will otherwise be completely functional. Restart the Message Builder Service, and then delete the Membership Server instance you just created. You can now create additional instances that will work properly.

To avoid this problem entirely, do not shut down the Message Builder Service with all Message Builder instances deleted.

Cannot Retrieve Mail Content Templates Across HTTP Proxy

Message Builder is not able to access mail content templates that are located across an HTTP proxy. If you want to send mailings based on such content, you will first need to copy the content onto your local area network.

Problem Sending Mail When Distribution Lists Are Empty or Contain Non-Existent Users

Sending mail to empty distribution lists, or lists that contain entries for users who do not exist in the Membership Directory can cause system degradation in memory management. Should this problem arise, it may become necessary to restart the Message Builder Service and other IIS services in order to restore system performance or function. It is recommended that you remove non-existent users from your distribution lists before sending large numbers of mailings. A tool to help you address this can be downloaded from http://www.microsoft.com/siteserver/update/. If you have an automated process for creating distribution lists, make sure that it does not create empty lists.

SAMPLE PERSONALIZATION SITE AND MEMBERSHIP PAGES
Membership sample pages and a sample Personalization site that use the P&M features of Site Server are included in Site Server version 3.0.

To view the samples, do either of the following after installation:

- Click this link: http://localhost/siteserver/samples/knowledge/membership/.

- On the Start menu point to Programs, point to Microsoft Site Server, and then click Site Server Samples. The samples page is displayed. Click P&M Sample Site.

Keywords: kbinfo KB202618

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.