by community-syndication | Mar 26, 2007 | BizTalk Community Blogs via Syndication
Tom did a good job of explaining the database structure and following up on this post,getting the data into the database is somewhat a challenging process.
So in putting together the import process, I was trying to get my head around how to create the various xml files to import. Since I am a visual guy, I put this little relationship diagram so I can easily relate my data elements to the example in the documentation xml files of listOfAppType.xml, listOfAppInstance.xml, listOfIDXref.xml, and listOfIDXrefData.xml. (It is a big picture, so click on it and then click on the picture in the window that opens up to see the origina size (at least in IE7))
Some other things to be aware of:
When importing the data, there is the case where you will need to map a BA rule as the following verbiage ‘for input value of A map an X, for value of E map Z for all others map Y’ or you are given the following table:
Incoming value Output Value
AX
BY
CY
D Y
EZ
Since there is the following constraints on the xref_IDXRefData table
CONSTRAINT [IX_xref_IDXRefData_appID] UNIQUE NONCLUSTERED
(
[appID],
[idXRefID],
[appInstanceID]
) ON [PRIMARY] ,
CONSTRAINT [IX_xref_IDXRefData_commonID] UNIQUE NONCLUSTERED
(
[commonID],
[idXRefID],
[appInstanceID]
) ON [PRIMARY]
on either the commonID or the appInstanceID column can’t have a duplicate value. The first work around was to import the data with spaces in the following example
<listOfIDXRefData>
<idXRef name=”Subscriber”>
<appInstance name=”AppInstance_01″>
<appID commonID=”X”>A</appID>
<appID commonID=”Y”>B</appID>
<appID commonID=”Y “>C</appID>
<appID commonID=”Y “>D</appID>
<appID commonID=”Z”>E</appID>
</appInstance>
</idXRef>
</listOfIDXRefData>
In the map I would have the following logic where it would retrieve the appID and I would simply trim the spaces off of the right
However I was unable to import the data using the BTSXRefImport.exe, stating that a key contraint was violated.
I then changed the data to look like this (notice the periods instead of the spaces):
<listOfIDXRefData>
<idXRef name=”Subscriber”>
<appInstance name=”AppInstance_01″>
<appID commonID=”X”>A</appID>
<appID commonID=”Y”>B</appID>
<appID commonID=”Y.”>C</appID>
<appID commonID=”Y..”>D</appID>
<appID commonID=”Z”>E</appID>
</appInstance>
</idXRef>
</listOfIDXRefData>
And in the map I took the first byte of the result of the appID
This worked out great for me except in the following situation
Incoming value Output Value
AXX
BY
CY
D YY
EZ
I first created the following xml structure
<listOfIDXRefData>
<idXRef name=”Subscriber”>
<appInstance name=”AppInstance_01″>
<appID commonID=”XX”>A</appID>
<appID commonID=”Y”>B</appID>
<appID commonID=”Y.”>C</appID>
<appID commonID=”YY”>D</appID>
<appID commonID=”Z”>E</appID>
</appInstance>
</idXRef>
</listOfIDXRefData>
The problem was that I could not just take the right two bytes because that would represent the following table and create a’Y.’ if ‘C’ was sent in.
Incoming value Output Value
AXX
BY
CY.
D YY
EZ
I finally created the final output
<listOfIDXRefData>
<idXRef name=”FirstValue”>
<appInstance name=”AppInstance_01″>
<appID commonID=”X”>A</appID>
<appID commonID=”Y”>B</appID>
<appID commonID=”Y.”>C</appID>
<appID commonID=”Y..”>D</appID>
<appID commonID=”Z”>E</appID>
</appInstance>
</idXRef>
</listOfIDXRefData>
<listOfIDXRefData>
<idXRef name=”SecondValue”>
<appInstance name=”AppInstance_01″>
<appID commonID=”X”>A</appID>
<appID commonID=”Y”>D</appID>
</appInstance>
</idXRef>
</listOfIDXRefData>
I extracted the data, took the first character from each getCommonID resultand then concatonated the values together:
by community-syndication | Mar 26, 2007 | BizTalk Community Blogs via Syndication
Walkthroughs and webcast demonstrations on how the new Search works.
Enjoy
SharePoint
Server 2007 Presentations: Enterprise Search Deep Dives
by community-syndication | Mar 26, 2007 | BizTalk Community Blogs via Syndication
yeah baby 🙂
I wrote before Christmas how these were coming out….grab them here…..
http://www.microsoft.com/technet/windowsserver/sharepoint/wssapps/templates/default.mspx
— snip —
Application Templates Available for Download
All forty application templates are available in English. The twenty server admin
templates are also available in ten additional languages: French, Italian, German,
Spanish, Portuguese (BR), Japanese, Korean, Hebrew, Chinese (simplified), and Chinese
(traditional).
Package Downloads
In addition to the following individual download links, you can get the Application
Templates for Windows SharePoint Services 3.0 in these three convenient packages.
Registration is required for package downloads.
Site
Admin Templates: Get all 20 Site Admin templates as a single package download.
Available in English only.
Server
Admin Templates: Get all 20 Server Admin templates as a single package download.
Multiple languages available.
All
40 Application Templates : Get all 40 Application Templates for Windows SharePoint
Services 3.0 as a single package download. Package only includes English versions.
Site Admin Templates
Board
of Directors
Business
Performance Reporting
Case
Management for Government Agencies
Classroom
Management
Clinical
Trial Initiation and Management
Competitive
Analysis Site
Discussion
Database
Disputed
Invoice Management
Employee
Activities Site
Employee
Self-Service Benefits
Employee
Training Scheduling and Materials
Equity
Research
Integrated
Marketing Campaign Tracking
Manufacturing
Process Management
New
Store Opening
Product
and Marketing Requirements Planning
Request
for Proposal
Sports
League
Team
Work Site
Timecard
Management
Server Admin Templates
Absence
Request and Vacation Schedule Management
Budgeting
and Tracking Multiple Projects
Bug
Database
Call
Center
Change
Request Management
Compliance
Process Support Site
Contacts
Management
Document
Library and Review
Event
Planning
Expense
Reimbursement and Approval
Help
Desk
Inventory
Tracking
IT
Team Workspace
Job
Requisition and Interview Management
Knowledge
Base
Lending
Library
Physical
Asset Tracking and Management
Project
Tracking Workspace
Room
and Equipment Reservations
Sales
Lead Pipeline
by community-syndication | Mar 25, 2007 | BizTalk Community Blogs via Syndication
I’ve been teaching these MOSS 2007 Bootcamps with Dimension Data and Breeze Training here in Australia for the last couple of months. It has been a big team effort! One of our students, Sezai Komur gave me some nice feedback:
http://www.sharepointblogs.com/sezai/archive/2007/03/23/moss-2007-boot-camp-in-perth-western-australia.aspx
Thanks for the accolades Sezai
by community-syndication | Mar 25, 2007 | BizTalk Community Blogs via Syndication
Sorry I went dark right after the MVP Summit but I've been on medical leave due to a bad reaction to my cholesterol medication. I returned from Seattle on Saturday afternoon and felt just fine until Monday evening when I began to feel extreme pain in both legs. It was honestly like someone had run over my legs with a truck. My doctor said I was experiencing an unusual (but no unheard of) side effect of my cholesterol medication ("statin") and it would take several days for the affects to wear off. So I've spent the past few days almost completely immobile and in incredible pain. Only now, a week later, can I walk around the house without feeling like a 94 year old. Luckily my blood tests came back and showed no liver or permanent muscle damage.
There is a moral to this story and a lesson that I've finally learned (it only took 47 years). When your doctor prescribes a long term medication, ALWAYS READ THE DESCRIPTION, especially the part that talks about possible side effects. And if you start feeling those side effects, CALL YOUR DOCTOR immediately, not after "toughing it out" for six weeks. The life legs you save may be your own!
Next post will be technical, I promise!
by community-syndication | Mar 25, 2007 | BizTalk Community Blogs via Syndication
We covered the new WSS feature framework in a I was teaching last week. Using features you can item menu items to the Site Actions menu. It seems in all the example the menu will show up for all users. Someone asked “How do you restrict it so that the menu item only shows up for Site Administrators?”
I wasn’t sure but after a bit of hunting I found this article that had the answer:
http://sharepointsolutions.blogspot.com/2006/10/quick-site-settings-adding-sub-menus_16.html
All you need to do is add the RequireSiteAdministrator=”TRUE” attribute as in the following example:
<Elements xmlns=”http://schemas.microsoft.com/sharepoint/”>
<CustomAction
Id=”SiteActionsSubMenuCustomizer”
RequireSiteAdministrator=”TRUE”
GroupId=”SiteActions”
Location=”Microsoft.SharePoint.StandardMenu”
ControlAssembly=”SiteActionsSubMenuDemo, Version=1.0.0.0, Culture=neutral, PublicKeyToken=e9db3057acd9c0f6″
ControlClass=”SiteActionsSubMenuDemo.SiteActionsSubMenuCustomizer” >
</CustomAction>
</Elements>
by community-syndication | Mar 25, 2007 | BizTalk Community Blogs via Syndication
Sorry I went dark right after the MVP Summit but I've been on medical leave due to a bad reaction to my cholesterol medication. I returned from Seattle on Saturday afternoon and felt just fine until Monday evening when I began to feel extreme pain in both legs. It was honestly like someone had run over my legs with a truck. My doctor said I was experiencing an unusual (but no unheard of) side effect of my cholesterol medication ("statin") and it would take several days for the affects to wear off. So I've spent the past few days almost completely immobile and in incredible pain. Only now, a week later, can I walk around the house without feeling like a 94 year old. Luckily my blood tests came back and showed no liver or permanent muscle damage.
There is a moral to this story and a lesson that I've finally learned (it only took 47 years). When your doctor prescribes a long term medication, ALWAYS READ THE DESCRIPTION, especially the part that talks about possible side effects. And if you start feeling those side effects, CALL YOUR DOCTOR immediately, not after "toughing it out" for six weeks. The life legs you save may be your own!
Next post will be technical, I promise!
by community-syndication | Mar 24, 2007 | BizTalk Community Blogs via Syndication
Found my old research paper from 1994 “An object-oriented approach to knowledge representation in a biomedical domain”. Looked like they scanned the contents of the original paper.
It’s pretty outdated. Note that this was before the existence of Java or C#, but there was good old Smalltalk.
One thing is still relevant. The construction of a hybrid knowledge based system. Translated to 2007; the semantic web 3.0. Defining a clear terminological component (vocabulary) in order to make assertions from basic facts.
by community-syndication | Mar 24, 2007 | BizTalk Community Blogs via Syndication
(This is the third in a series of three posts about CRLs – the first was Web
Services and the 15 Second Delay, and the second was BizTalk
and Certificate Revocation Lists (CRLs) – Part I).
Note: A lot of the information in this post comes from a great MSDN article
located here.
Caveat: My client uses 64-bit servers (AMD Opterons), running 64-bit
versions of Windows 2003 R2 and BizTalk 2006. IIS is running in 32-bit
compatibility mode (as we use Sharepoint). I haven’t yet worked out if the
CRL problem occurs on 32-bit servers – I definitely haven’t noticed the problem on
our 32-bit servers as of yet.
For 2 months, my BizTalk application was working fine. The system passed performance
testing, and was deployed on the Live servers in preparation for final connectivity
testing.
Then one Monday, last week, the test team complained that they were experiencing sporadic
timeouts. On the same day, I was doing some testing on an unrelated BizTalk application
on a separate server… and I noticed that I would occasionally get request-response
latency approaching 70 secs…
Given that the same day I’d noticed I no longer had access to iTunes Radio from that
morning (bah!), I assumed that changes had been made to our proxy sever or firewall.
I fired up TCP View on the server I was working on, and there was our old friend SYN_SENT:
something was blocking access to the CRL again. I spoke to the Tech Support team and
discovered that no changes had been made to the proxy server. Leaving them to check
for changes to our firewall and security policies, I decided to do some research into
why this delay exists (if the call is blocked) and if there was a way around it. Here’s
what I discovered (refer to this article
for a more in-depth explanation of Certificates and CRLs):
-
Any given Digital Certificate contains a property called the CRL Distribution Point
which is a collection of URIs.
-
When a certificate is validated, a CRL retrieval attempt is made using each URI in
the list. Retrieval stops with the first URI to return a valid CRL
-
When a valid CRL is obtained, it is stored in the Certificate Store for
the Local Machine (under Certificates (Local Computer)/Intermediate Certification
Authorities/Certificate Revocation Lists)
-
A CRL is a certificate in its own right and as such, it contains an expiry/update
date called the Next Update date
-
If the CRL already exists in the Certificate Store and is still valid
then this CRL is used; otherwise an attempt is made to download an updated CRL
-
URI schemas valid for CRLs include http://, ldap://, and file:// – it is the Publisher
of the certificate who decides upon the contents of the CRL Distribution Point
-
In large corporations, it is common to use
Active Directory (AD) as the provider of CRLs: AD can download the required CRLs
and either publish them to a master location, or distribute them to servers that need
them
One thing I was curious about was this 15 second delay which kept popping up.
The Xceed
Software post I had read had made reference to there being a 15 second delay hard-coded
into the WinVerifyTrust API
call.
Looking through the
documentation for WinVerifyTrust I noticed two things:
-
Microsoft recommend the use of CertGetCertificateChain for
validating a certificate (instead of WinVerifyTrust)
-
That WinVerifyTrust enumerated a registry key (HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\)
to find out what API call to use to verify the trust of the given object
I’m not about to trace what WinVerifyTrust does to actually check the CRL, but I’d
suspect that it ends up delegating to either CertGetCertificateChain or CertVerifyRevocation (and
I’d bet that internally, CertGetCertificateChain calls CertVerifyRevocation to verify
the CRL for a given certificate).
Suffice to say that CertGetCertificateChain will build a chain of certificates starting
from the given certificate, and building the chain all the way up to the root CA,
and will optionally check the revocation status for each certificate in the chain;
whilst CertVerifyRevocation will verify the revocation status for a single certificate.
And both of them take, as one of their parameters, a struct called CERT_REVOCATION_PARA.
The format of that structure is:
typedef
struct _CERT_REVOCATION_PARA {
DWORD cbSize;
PCCERT_CONTEXT pIssuerCert;
DWORD cCertStore;
HCERTSTORE* rgCertStore;
HCERTSTORE hCrlStore;
LPFILETIME pftTimeToUse;
DWORD dwUrlRetrievalTimeout;
BOOL fCheckFreshnessTime;
DWORD dwFreshnessTime;
LPFILETIME pftCurrentTime;
PCERT_REVOCATION_CRL_INFO pCrlInfo;
LPFILETIME pftCacheResync;
PCERT_REVOCATION_CHAIN_PARA pChainPara;
} CERT_REVOCATION_PARA,
*PCERT_REVOCATION_PARA;
Heh, look, there’s a member called dwUrlRetrievalTimeout.
Wonder if that’s relevant??? 😉
The documentation has this to say:
This member contains the time-out limit,
in milliseconds. If zero, the revocation handler’s default time-out is used.
And what’s the revocation handler’s default time-out?
Well, Microsoft doesn’t specify this directly… but I notice in a related
knowledge base post, that a value of 15000 milliseconds is used i.e. 15 seconds!
So that’s as far as we can go with that – unless IIS includes an option to configure
this timeout, then we can’t change it (and they do, sort of).
Whilst researching this post, I noticed that one solution that is frequently
touted is to modify the following registry key:
HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust
Providers\Software Publishing\State
But that’s not much use, as that’s for the Current User (hence the HKCU). Great if
I was using my own local user account for the application pools, bad if I’m using
a non-interactive user account (which we are). Plus I’m not sure this would work for
IIS maybe I’ll try it at some stage.
(Note: looks like Microsoft are aware of this issue, because in
Windows Vista/Longhorn there’s now a Group Policy setting which lets you set this
default timeout for non-interactive processes i.e. IIS App Pools!!)
So what’s the solution in this case?
Well, unless the technical support guys can work out what they changed to block CRL
access (I suspect they turned on authentication on the proxy), we have four choices:
-
Use Active Directory to store and publish CRLs (which we should have been
doing from the start IMO)
This is Microsoft’s preferred way of doing it for large customers.
More information on configuring CRLs with AD can be found here.
-
Manually download the required CRL and install it
This is my preferred solution for this particular issue, and is detailed
below.
-
Disable CRL checking for the server
This is an interesting one. I’m not convinced that this can be done – there
are a few posts about how to do this, including one on how to do it for IIS here.
However, this seems to be related to certificate exchange for HTTP request/responses,
as opposed to certificate validation for signed code, which is a whole different thing.
Plus, turing off certificate checking is a rather large security hole as you don’t
know if a given certificate is still valid.
-
Change the default CRL timeout period for CAPI
I
noticed in the Knowledge Base article for an update
to IIS 5.0 that new registry keys had been added, including allowing a value called ChainUrlRetrievalTimeoutMilliseconds to
be set.
Then when browsing through the PKI documentation, I noticed a reference to the same
registry keys, plus a note saying “this setting was first introduced with MS04-011”
(the IIS 5.0 update linked to above).
So it looks like it is possible to set the default timeout.
I haven’t tried this, so can’t verify that it works, but to me it’s not the correct
solution: the CRL should be available, either from AD or the URL, or by installing
it manually – setting the timeout to a lower value seems to be just ignoring the problem,
plus creates a potential security hole as you can’t be sure that the certificate used
to sign code is valid anymore.
Manually downloading and installing a CRL
Needless to say, I thought I’d have a go manually downloading the CRL and installing
it – and it worked a treat. Problem solved (at least until the next CRL update is
needed, which is August 2007). Still, gives us a breather to get it properly sorted.
Finding the URL to the certificate is easy: look in the certificate details for the
CRL Distribution Point, and copy the URL from there. In this case, it’s the Microsoft
Code Signing Public Certification Authority CRL: http://crl.microsoft.com/pki/crl/products/CodeSignPCA.crl
You can put this URL in a web browser, and download the certificate.
(Note: if you’re doing this in Windows Server 2003, you’ll need to add crl.microsoft.com
to your list of Trusted Sites, otherwise you won’t be able to download the CRL file)
Once you have the file, you can install it following the instructions here:
And lo and behold, the problem was fixed.
At least, it is fixed until August 30th 2007 when the CodeSignPCA.crl expires… 😉
But by then, I’m sure we’ll have found a permanent fix!
by community-syndication | Mar 24, 2007 | BizTalk Community Blogs via Syndication
A few people asked for the demos from this presentation.
Links for the presentation are at the bottom of the post
If you have not already set up your development environment for Windows Workflow Foundation (WF) Development, follow the below steps:
Prerequisites:
a) Windows XP, Windows 2003, Windows Vista
b) Visual Studio 2005
Install the following:
1) .Net Framework 3.0 Redistributable
2) Visual Studio 2005 extensions for .NET Framework 3.0 (Windows Workflow Foundation)
3) You can also optionally download and install:
Microsoft%u00ae Windows%u00ae Software Development Kit for Windows Vista%u2122 and .NET Framework 3.0 Runtime Components
Before installing the above read the provided instructions.
Below are some resources for using/learning/developing with WF:
MSDN – Windows Workflow Foundation
MSDN – Windows Workflow Foundation Tutorials
MSDN – Windows Workflow Foundation General Reference
Getting Started with Windows Workflow Foundation Server Virtual Lab
Hands-on Labs for Windows%u00ae Workflow Foundation
Clinic 5136: Introduction to Developing with Windows%u00ae Workflow Foundation and Visual Studio%u00ae 2005
Windows Workflow Foundation Developer Centre
Also please read Paul Andrews blog (Windows Workflow Foundation Technical Product Manager at Microsoft) for the latest and greatest on WF.
Download the presentation demos here.
Please read this before trying to run.
