rebelpeon.com

Category: computers

  • Offline SharePoint

    I’m sure a lot of you have heard about Colligo for offline SharePoint.  Unfortunately, the SharePoint sites that I continually access where for my company have some interesting security setup and therefore I’ve never been able to get Colligo to work.  Since I had originally tried, I never really bothered to figure it out as we were told it simply wouldn’t work.

    However, when I installed Office 2010 I noticed that there was a SharePoint Workspace 2010 which does offline SharePoint too.  Since we only use MS products for security I was very optimistic about getting Offline SharePoint finally working (incredibly useful for working on flights).  Well, I attempted to use it and quickly realized it will only do offline SharePoint for SharePoint 2010.  Unfortunately we were still on 2007.

    Fast forward through a bit of searching, and I ran across a nice KB article that explains how to sync a SharePoint 2007 site with SharePoint Workspace 2010 using groove.  I don’t really care how it works, as long as I can have offline editing and syncing.  Yay!

  • More CSS Fun

    As I am sure you gathered from other recent posts, we are using (read: testing) CSS for a lot of stuff.  Well, we found out a beautiful new issue when creating and editing projects from the command line. 

    When you look at MSDN about adding a filter to a Project, you are presented with the following syntax:

    /Filter “+text1.txt -*.exe -dir1 +…*.jpg”

    Needless to say, that is not correct.  For AddProj, they syntax has to be correct, but for EditProj, syntax is a lot more lax (the below is the syntax for EditProj).  Regardless, everything in the quotes is incorrect.  Instead a filter should look like the following:

    Filter=+“text.txt” -”*.exe” -“dir1” +”…*.jpg”

    They are either updating the MSDN article or creating a KB article about this.

  • Windows Home Server

    With the release of Power Pack 3 for Windows Home Server, I have been thinking about trying it out.  Having an MSDN subscription and a virtual machine host made this quite a bit easier, as I didn’t need to purchase any additional hardware to use it. 

    Prior to installing WHS, I had a Windows 2008 virtual machine that I installed all my stuff on and had shares.  It definitely worked, but some of the cool features of WHS kept me wanting to move in that direction.  Things like automated backups of client machines, a console, better managed and accessible shares, and Media Center tie-ins (I have a Win7 virtual machine as a Media Center and an Xbox 360 as the extender).  All in all, I think it is definitely going to be a move in the right direction, but that doesn’t mean there weren’t issues getting there.  I am going to outline a bunch of them here in the hopes that others can find comfort in the work I have done to resolve them.

    1. Installation – As I mentioned before, I was installing it to a virtual machine.  No big deal right?  Wrong.  My virtual machine host does not have a keyboard, monitor, or mouse hooked up to it normally.  I just have it sitting in the closet chugging a long.  The downside to that is when I am building a new virtual machine, it had better not need the mouse until I can directly connect to the machine or install the integration drivers.  This is because in Hyper-V when you are using Remote Desktop to manage the host, until you are able to install the drivers, you have no mouse.  Well, sadly, with the MSDN version (not sure about pressed CDs), the tabs are not correct with the EULA Accept page.  There is no way for you to accept the EULA to progress through the installation.  Boo.  That means I had to drag a monitor, keyboard, and mouse into the closet to get things working.  It just seems silly that this is an issue for something that is meant to run headless anyways (obviously not during the installation, but still).
    2. Domain Membership – Do not add the WHS machine to a domain.  I know you want to if you are running a domain at home, but don’t, just don’t.  I really wanted to run it as a domain member too, but there are just too many issues, and tricks MS has done to make it not worth your while.  Things such as the machine powering down every 48 hours when it is a member (annoying at best), to the console crashing after adding domain members to the local windows home group manually.  While I know you can work around most of these things (except for the console crashing), what benefit are you really getting?  Just leave it as a member of a workgroup.
    3. Firewall Rules – Much like domain membership, the best answer here is just to turn off the Windows Firewall on the box.  I am not sure if it was because it updated to Windows 2003 SP2 which enabled it by default after the base install or what, but there was nothing but headaches with the Windows Firewall enabled.  Some of the more quality examples were:
      • The website you are supposed to access resides on ports 55000/56000.  That was not allowed in the rules by default.
      • When setting up the Media Center connector, it uses DCOM to connect.  DCOM typically uses a random list of high ports (1024-65535) to do its bidding.  Granted, you can change the ports to only use a few, neither of which is added into the firewall rules.

      Just silly stuff like that, which take awhile to troubleshoot, when they don’t need to.  Turn it off.

    4. Carbonite Online Backup – This is the current beast I am dealing with and it is a fun one.  Carbonite works exactly how I want it to, and I have been using it on my Windows 2008 machine to do online backups for over a year now.  It works.  It isn’t fast, but it works.  Moving it to WHS has been a fun test of intelligence.  In my setup I had 2 drives, one was 80GB (the minimum to get it setup because I just wanted to play at first) and one 800GB.  Everything works great, except for Carbonite.  For the time being, I just wanted to backup the data in some of the shares.  No problem, right?  Just point it to where the share is located on disk (D:sharessharename) and we are good to go.  Wrong!  WHS has a special drive configuration that allows you to simply add drives whenever and whatever size and it will automatically add that space to your shares.  It does this via junctions, tombstone files, and a service that manages where all the files are stored.  I won’t delve into it here, but you can read all about it yourself.  Basically the files in your share are elaborate shortcuts to the actual files, which are spread across all your drives, and then the files are managed by the service, and then could move every hour.  So, when you point Carbonite to D:sharessharename, you are effectively backing up the shortcuts.  Instead you need to point it to the junction point and all the files there (these are hidden system files) at C:fsDE.  As I mentioned, these files are always moving around though based on the service.  Therefore, the only way for Carbonite to work correctly on a WHS is if you have a single large drive, which is exactly what I am going to do.  As soon as you add another one, files could get moved, and your backups will not be complete.
    5. Protocol Mismatch – For the longest time I was receiving the following error whenever I was trying to install the connector on a client machine (Windows 2003, Windows 2008, Win 7)

      Protocol mismatch. This computer uses protocol version 6.0.2030.2, but partner computer [server] uses protocol version 6.0.2030.0. A connection cannot be established

      This was because the http://server:55000/enrollid/id.aspx webservice that the connector uses on the WHS machine was returning the incorrect version.  The only way to fix it that I found was by installing the final build of Power Pack 3.  The beta didn’t work, nor did downgrading to a previous PP.

    Hopefully this little guide helps someone else out there.  As I tinker with it some more, I will probably add additional articles, but it is amazing how long it has taken me to get this silly machine up and running, especially when this is supposed to be an appliance.  I know that MS is learning a lot from this, but the polish is still a bit missing, and this is after 3 Service Packs (Power Packs).

  • Copy Files Between Untrusted Domains Programmatically

    Normally on a Windows machine when you attempt to access a share in a different domain you are prompted for credentials.  However, there are no copy utilities (copy, xcopy, robocopy, etc) that pass credentials in the command line.  Also, as it is an untrusted domain, you simply can’t do a RunAs (need to manually type in a password for that anyways).

    The answer was so obvious, I can’t believe it didn’t come to me right away.  However, net use, the simplest of commands, is your friend again.  Using the following command you can initiate the connection and then copy between the machines as much as you like via normal UNC path.

    net use [server][path] [password] /user:[username]

    copy [server][path][more path]

    net use [server][path] /delete /y

    By using the following syntax there is no mapped drive.  There is simply a stored connection with the associated credentials for the life of the profile or until the delete command is run. 

  • PSExec

    On my current project they deploy PSExec to all machines.  The downside?  It is a version from 2004.  Yes, that is right from over 5 years ago.  Needless to say, there has been nothing but problems with it.  Granted, PSExec is probably one of the easiest things to upgrade as you just need to upgrade the version that you are calling PSExec from.  It then copies itself out to the machine and does it’s job.  However, if the old version was ever tried against a machine, you may be in some weird state like we were where PSExec wouldn’t start, or it would and wouldn’t close, etc.

    Stumbling along the internet I found someone else who had this issue.  However, his processes doesn’t always work because there may be something hanging onto the PSExecsvc.exe file still.  Instead I recommend using the following batch file.

    sc %1 stop psexesvc
    sc %1 delete psexesvc
    del %1admin$psexesvc.exe
    del %1admin$system32psexesvc.exe

     

    It just deletes the service before it tries to delete the files.  Works like a charm.

  • CSS Project Destination Authentication Account

    Been a long time again, but I have a few updates to put up here.  They may not help a lot of people, but they are good things that I want to remember 🙂

    Commerce Server uses a pretty antiquated system for doing content and code promotions.  It is called Commerce Server Staging (CSS).  We have set it up, but want to better automate the deployment of all the CSS projects (jobs).  For the life of me, I could not figure out how to add in the destination authentication account programmatically.  Thankfully it wasn’t something short sighted I was missing.  After discussing with Microsoft for awhile, there is apparently some undocumented switches on CSS.exe.  After you add the project (css.exe addproj), you then need to edit the project with the following syntax:

    css.exe editproj [project] Destination=[server];[username];[password]

    Yay to automation!

    Update:
    Turns out you can do this with the Addproj also doing the same way with the semicolon separated items for the destination.

  • Data Protection Manager and Windows 2008

    I’ve been playing with getting DPM running on Windows 2008 (SQL) for awhile now.  Mostly on and off, just when I have time to think about it.  Well, today I finally got around to getting it installed, successfully.

    First of all my setup:

    • Frontend is on Windows 2003 x86 R2 with SP2
    • SQL is on a Windows 2008 x64 box
    • Reporting Services front-end is on a Windows 2008 x86 box

    Things I found out while trying to install:

    • DPM will not install unless Reporting Services is installed on the same box as the SQL database.  You may be able to fix that afterwards, but this is a serious limitation.  In any sort of enterprise, reporting services is (or at least should be) segregated from the production database services box.  This was a large pain as I needed to move everything, ugh.
    • DPM’s installer doesn’t play nicely with UAC.  There’s a step that a registry item needs to be added to the remote SQL server.  However, if UAC is enabled on the SQL box, the installer fails saying that it can’t create that registry key eventhough I’m logged in as an administrator on both machines.  This is because on the SQL box, it’s probably getting the allow dialog box.  Simply turn off UAC on the remote machine, or run the installer as the local administrator account (password must be the same on both machines).

    Now I just need to start backing up my Exchange 2007 server, since it has log files dating back to March the 3rd (ouch).

    *Update*
    Well, it looks like the DPM team has finally released the Rollup package to allow for Win2k8 system state backups (among other things).  Check out the news.

  • WCF Extensions and .NET 3.0 SP1

    Having issues installing the WCF Extensions on Visual Studio 2005 when you have .NET 3.0 SP1 installed?  Getting an error message the looks something like the following? 

    Setup has detected that a prerequisite is missing. To use Visual Studio 2005 extensions for .NET Framework 3.0 (WCF & WPF), November 2006 CTP you must have the .NET Framework 3.0 runtime installed. Please install the .NET Framework 3.0 runtime and restart setup.

    Well, instead of just installing the application by double clicking on the MSI, run it the following way.  This ends up bypassing the prereq checks and it installs successfully.  Yay to broken installers!

    msiexec /i vsextwfx.msi WRC_INSTALLED_OVERRIDE=1

  • VI3, NFS and Windows VMs

    See the second update for the correct way of setting this up 🙂

    You may be like me, and have a test lab running VI3.  You may also only be running Microsoft VMs for whatever reason.  I happen to be because that’s all I deal with as I work for a MS Consulting company.  Anyways, whenever I wanted to create a new machine I needed to have the ISO copied out to the ESX storage device.  This was always a pain because I’d have to use WinSCP or Filezilla to copy it from a host virtual machine to the storage device.  Plus there was the fact that I was now using 2x the space on the storage device because it’s accessible to ESX and it’s stored in a VM.  Lame.

    With VI3 you can use NFS shares as storage devices.  Downside is, is that by default Windows only uses CIFS (or SMB) sharing.  However, with Windows 2003 R2 (you may be able to do it in Win2k3 too) you can install the Unix NFS tools which allows for the creation of NFS shares.

    From the Windows machine you want the NFS share(s) located on, you need to open Add/Remove Programs from the Control Panel and then Add the following Windows components.  Under Other Network File and Print Services select to install all of the Microsoft Services for NFS.  I don’t think if you need all of them, but it’s working with them all (feel free to leave feedback if you play).

    After you install those, it will require a reboot.  Once you’re back up, open up the Microsoft Services for NFS in the Administrator Tools.  Right click on the root (Microsoft Services for NFS) and select the user name mapping you want.  I set mine to AD lookup, but I’m using anonymous read only access on the share anyways.

    If the CIFS share has already been created, you will need to create the NFS share from the command line.  This can be done with the following command:  nfsshare -o anon=yes

    =drive:path.  Obviously replace

    with the name you like and drive:path with the location for the share. 

    If the CIFS share hasn’t already been created, then you will see a NFS Sharing tab when you attempt to create the share.

    Once the share has been created, within your VirtualCenter client (or host based VI Client), select the host, go to configuration tab, and then Storage (SCSI, SAN, and NFS).  Select Add Storage and select the Network File System option.  Enter the info for the server you just set this up on and the folder (/

    ).  Now you have a mounted storage device for your share.  Yay!

    As mentioned before, this NFS mount point can be a virtual machine on the host.  I haven’t restarted the host yet, so I’m not sure how nicely it plays with that though.

    Resources used for this:
    http://levelsofdetail.kendeeter.com/2007/01/setting_up_an_nfs_server_on_wi.html
    http://support.microsoft.com/kb/324089

    **Update**

    Ugh, so just doing the above doesn’t work.  At least it didn’t list the contents of the iso directory.  No good.  Further research comes up with one possible solution, but it’s ugly.

    Add anonymous login read access to the share and ntfs permissions on the share.  This seems to work, but I’m not really a fan of it.  For some reason, user mapping doesn’t seem to be working.  You should be able to do user mapping by grabbing the /etc/passwd and /etc/group files from your VI3 host and then importing them into the Microsoft Services for NFS User Name Mapping section (right click and define the location for these two files). 

    I’ve mapped the local admin to the root account.  I get no love though as soon as I disable anonymous access on the NFS share.  Boo.  What really makes me angry is that I want to host templates on this Windows NFS share.  That would require me to enable read/write access to the anonymous user.  Needless to say, something I’m really not comfortable with.  Maybe I can fix this stupid user mapping issue, and then I won’t have to worry.

    Oh yeah, be sure to enable the NFS client firewall rule on your host…

    **Update #2**  This is the way to get this setup
    Alright, I’m retarded as to why I couldn’t get this figured out.  The real steps to get this going:

    1. Enable NFS Client through the firewall in VI3.  This is done from the host level, configuration, security profile.
    2. Install Microsoft Services for NFS.  From Add/Remove Programs in the Control Panel open up Windows Components and add all of the Microsoft Services for NFS found under Other Network File and Print Services.  Yes, you need them all.
    3. Reboot if required.
    4. Using WinSCP or Filezilla, get the /etc/passwd file from your VI3 host.
    5. Open up the Microsoft Services for NFS in the Administrator Tools.  Do not right click on the root (Microsoft Services for NFS) and delete the user name mapping server.  Be sure it is set to localhost.  Don’t worry about setting the domain unless you want to do additional user name mapping.
    6. Right click on User Name Mapping and select the Use Password and Group files and point to the path of the passwd file.
    7. Right click on User Maps under User Name Mapping and select create maps.
      • On the windows account side, change to the local host (if it’s not already selected) and click the List Windows Users button.
      • On the Unix account side, click the List Unix Users button.
      • Select the local Administrator on the Windows side and the root account on the Unix side.  ESX does everything as root, so don’t worry about selecting multiple mappings. (You can definitely map to a domain account, but DO NOT map to the domain admin account as this is usually disabled.)
    8. Create the NFS shares.  Ensure that the user you mapped to on the windows side (local Administrator) has the required (Windows) Share and NTFS permissions.
      • Right click on a folder and go to Sharing and Security.  Go to the NFS Sharing tab and select Share this folder and give it a name.  DO NOT allow anonymous access.  Instead select the permissions button.  Give the access required and be sure to check “Allow Root Access”.  As mentioned before, ESX does everything as root, so this box must be checked.
    9. Within VirtualCenter client (or host based VI Client) select the host, go to the configuration and then storage.  Select Add Storage and select the Network File System option.  Enter the info for the server you just set this up on and the folder (/).  Now you have a mounted storage device for your share.  Yay!
    10. Verify the storage device by double clicking on it.  If you can view stuff in the folder on windows, you will be able to view it on the ESX host.

  • Windows 2008 Role Services for MOSS 2007 Part 2

    Make sure your Database Access account is an admin on the central administration server, otherwise you’ll get access denied errors when trying to create new web applications.  This is because the db access account won’t have the ability to edit the metabase.  Oh, and this bubble up by MOSS saying that you, the logged in user doesn’t have access, which is completely inaccurate, especially since I was a Farm Administrator.  In addition you’ll see the error message listed below in the Application event logs.

    Log Name:    Application
    Source:      ASP.NET 2.0.50727.0
    Date:      3/18/2008 10:58:42 AM
    Event ID:    1309
    Task Category: Web Event
    Level:      Warning
    Keywords:    Classic
    User:      N/A
    Computer:   

    Description:
    Event code: 3005
    Event message: An unhandled exception has occurred.
    Event time: 3/18/2008 10:58:42 AM
    Event time (UTC): 3/18/2008 3:58:42 PM
    Event ID: c59d97a1bbf8405cba1d837292259be4
    Event sequence: 4767
    Event occurrence: 8
    Event detail code: 0
    Application information:
      Application domain: /LM/W3SVC/236168797/ROOT-1-128503227503346172
      Trust level: WSS_Minimal
      Application Virtual Path: /
      Application Path: C:inetpubwwwrootwssVirtualDirectories37466
      Machine name:


    Process information:
      Process ID: 3720
      Process name: w3wp.exe
      Account name:


    Exception information:
      Exception type: COMException
      Exception message: Access is denied.

    Request information:
      Request URL: http://

    :24055/_admin/extendvs.aspx
      Request path: /_admin/extendvs.aspx
      User host address: fe80::e48a:75aa:9034:9106WSS_Minimal
      User:

      Is authenticated: True
      Authentication Type: NTLM
      Thread account name:

    Thread information:
      Thread ID: 9
      Thread account name:

      Is impersonating: False
      Stack trace:  at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex)
      at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.HandleAccessDenied(Exception ex)
      at Microsoft.SharePoint.ApplicationRuntime.BaseApplication.Application_Error(HttpApplication app)
      at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorAppHandler(Object oSender, EventArgs ea)
      at System.Web.HttpApplication.RaiseOnError()

    I hate having service accounts admins on boxes.