BM-Bloggers

The blogs of Black Marble staff

Sysadmin Deep Doo Doo

I was out of the office on Friday and a little birdie has just reminded me that I missed partaking in the celebrations that are Sysadmin day. On Sysadmin day legend has it Sysadmin's demand more ego massaging than normal to such an extent that it take days for their swollen egos to return to normal and they can actually fit through the door of the machine room.

I am concerned that my failure to partake could end up with my laptop being exchanged with a commodore pet and my phone replaced with something made of Bakelite, so if all of our Sysadmin's out there are reading this , presents have been ordered and will be with you shortly.

b.

Name Space Collisions

We have been suffering some staff problems recently, everybody we hire has a name that is already in use elsewhere in the company. So we have decided to reorganise the Black Marble name space, initial thoughts included post name numbering , but nobody could agree if the numbering base should be zero or one and Richard 0 was not complementary (Rik however liked the idea of being No 2) . The usual list of server/workstation naming suggestions came and went but in the end the solution came when clearing out the freebies cupboard and some of the devs took some old BM Red polo shirts. So next time you are visiting say hello to some of our interns Ensign's Disposable,Expendable and Der Trihs , you will be able to find them crawling around in the Jefferies tubes before being send out as part of a customer landing party.

b.

Update : the sad part is most of our Interns think of STNG as the old Star Trek <sigh> and don't get the joke.

Technorati tags: ,

Living with IT Managers

Rik sent me this to illustrate the pain of not having a new server within the last week and has suggested that we may need to move to this if his demands of a bi-weekly addition to the server farm is not met.

b.

Technorati tags:

Every home should have one

Scientific American has a interesting article on a Data Center in a box. Basically it is a standard shipping container full of Sun Servers. I am our our IT manager would like one! it should fit on any house's driveway, a stylish addition to any home.

It is an interesting spin on the old IBM data recovery model where they turned up with a duplicate of your system in a truck in event of a major failure. The key change is it is being sold as a greatly cheaper option than a traditional data center. All it needs is power, a water supply (cooling) and I suppose given our current weather, a location not prone to flooding.

Web development helpers: Redux

After posting yesterday about useful tools for development I stumbled across another little gem of a utility. IE7Pro is much more of a usability-enhancing tool but it has a wonderfully handy tool nestling within - Save Current Tab As Image. If you need to do grabs of pages for documentation or presentations and the page is more than a single screen in length this will transform your life - no more cropping and stitching!

IE7Pro also has a raft of features such as adblocking and mouse gestures, which I will admit to switching off immediately. However, it's inline search (not quite Find As You Type, but pretty close) is jolly useful.

Get IE7Pro

Web development little helpers

As web development gets more and more complex having the right tools to help you figure out what's going on is essential. I thought I'd do a quick post on the ones I find most useful. In no particular order, then, here they are.

  1. Virtual PC
    This one is a godsend, because as we all know, running multiple versions of Internet Explorer is hard. VPC, now available as a free download from Microsoft, allows me to run the numerous variants of IE our clients require me to test against.
    If you just want IE6, Microsoft have a handy downloadable pre-built VPC:
    Download Virtual PC
    Download the Internet Explorer Compatibility VPC Image
     
  2. Firebug for Firefox
    Now imitated for other browsers, Firebug is fantastic. A clear and straightforward way to identify the bugs in your pages or styles, it allows you to easily identify which stylesheet rules are being applied and in what order, and to hack 'em on the fly as you test your fixes. Add to that the ability to mangle the page and debug javascript and we have a winner.
    Download Firebug
    Firebug running in Firefox
  3. Chris Pederick's Developer Toolbar for Firefox
    Even though Firebug is great, I still use Chris Pederick's trusty developer toolbar for enabling and disabling styles, accessing the W3C validator and other stuff. Couldn't live without it, in fact.
    Get Developer Toolbar
  4. Nikhil Kothari's Web Development Helper for IE
    Broadly offering the same level of information as Firebug, but without the ability to hack on the fly, this is a handy way of seeing what IE is doing with your page under the hood.
    Get Web Development Helper
    Webhelper in IE
    The Webhelper DOM Inspector
  5. Inspector for Safari (for Windows)
    I have a trusty Mac Mini that I use for checking Safari as well, but the advent of Safari for Windows has made my life easier, I must admit. How excited was I, then, to find that you get Inspector working with the Windows version. Again, loads of info about the page, although hacking on the fly. Instructions courtesty of David Barkol's blog. A note - as I write this the latest nightly crashes horribly - I am using the nightly from the 21st June and it works well. At some point I will try later builds but right now a stable platform that I can enable easily and consistently is more important.
    Enable Web Inspector for Safari on Windows
    Inspector in Safari for Windows
    The Inspector Information Window

I'd love to hear from anybody who uses other cool tools that I may not have come across. I'm particularly interested in these kind of things for Opera.

The World Bank backing Board Games to fight poverty

It may surprise some but I am a huge fan of board games, I feel that they can provide a great social event and some of the newer games produced over the last 10 years, are truly sublime.

However I did not expect to see the World bank trying to fight poverty by producing board games, especially commissioning a game around the subject of street addressing.

In November 2006, they called for game proposals on this topic: “Designing and Developing an Educational Game on Street Addressing.”

I wondered about the issues that the Bank were addressing, but after some reading and some thought realized that they are trying to get people to look at economic growth of poorer countries and address key issues which will affect growing business such as being able to have post/supplies delivered reliably and well you can work the rest out.

so my deepest congratulations and in fact my heartfelt thanks go out to the winners 1) I Need A Sign by Ariel Seoane from Uruguay, and 2) URBS & CIVITAS by John Baluci from USA

I think if I had known such a challenge had been put forward and the impact could be as great as it seems , I would have put a lot of effort into helping out. Maybe next time :)

if you would like to know more about the importance of street addressing the World Bank has produced a Report

b.

 

Technorati tags: ,

SharePoint problems with access rights

I spent a while knocking my head against a problem with a SharePoint server farm that's worth posting about. It's also worth a big hats-off to our Technical Support Coordinator at Microsoft Partner Support who dredged up the article that finally pointed us in the right direction.

The problem

I'll post later about our approach to SharePoint installations, but I'll summarise thus: We create multiple user accounts to the SharePoint services - a db access account, an installation account etc etc. In this instance we were building a three server setup - db server, web server, index server. The accounts were created first, logged in as a domain admin. I also installed SharePoint as the domain admin, but didn't run the config wizard.

I then logged in as our installation user, which has local admin rights to the two servers and dbcreator and securityadmin roles in the SQL server. I ran the config wizard on the web server and created the farm, specifying the db access account for (shock!) db access! The web server got to host the central admin site, which was tested and worked.

Before doing anything else I ran the config wizard on the second server and connected to the farm. At this point I had three servers listed in the Central Admin site, and it was time to configure services.

At this point we hit the snag - when I tried to configure the Office Server Search Service to run on the second server I got a SharePoint page telling me access was denied ('The request failed with HTTP status 401: Unathorised'. There was a similar error in the event log with an event ID of 1314, and we also found an event log error with ID 5000.

I bashed my head against this for a while, checking user rights, group memberships and stuff. I checked the DCOM IIS WAMREG activation rights for the users that the app pools were running as and just in case did an aspnet_regiis -ga <username> for those accounts to ensure that all the .Net registrations and rights were correct. No success.

I removed SharePoint and reinstalled the farm with the roles reversed. The fault moved to the other server. I confirmed that I could configure the service on the same server as the central admin site but never on the other server. I looked at the system registry, compared service configurations with a working system and tried manually hacking the config to no effect.

In the end I uninstalled everything, installed the farm clean and unconfigured and called in air support.

The fix

I can't praise our support guy at Microsoft enough. He's incredible - I emailed him and got a phone call within five minutes! We ran through the problem and he consulted his support resources. What he came back with took a few goes to make stick, but it worked, and in fixing SharePoint pointed to the root of the problem.

The solution is to edit the web.config for the Office Server Web Services site. On our system that file is in C:\Program Files\Microsoft Office Servers\12.0\WebServices\Root. The original file looks like this:

<?xml version="1.0" encoding="utf-8"?>
<configuration> 
    <configSections> 
        <sectionGroup name="microsoft.office.server" type="Microsoft.Office.Server.Administration.OfficeServerConfigurationSectionGroup, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" > 
            <section name="sharedServices" type="Microsoft.Office.Server.Administration.SharedServiceConfigurationSection, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> 
        </sectionGroup> 
    </configSections> 
    <system.web> 
        <authorization> 
            <allow roles=".\WSS_ADMIN_WPG" /> 
            <deny users="*" /> 
        </authorization> 
        <webServices> 
            <protocols> 
                <clear /> 
                <add name="AnyHttpSoap" /> 
                <add name="Documentation" /> 
            </protocols> 
        </webServices> 
    </system.web>
</configuration>

The solution is to edit the <authorization> section, adding entries to grant access to the user accounts for installation and db access:

        <authorization> 
            <allow roles=".\WSS_ADMIN_WPG" /> 
            <allow users="ondemand\MOSSdba" /> 
            <allow users="ondemand\MOSSsetup" /> 
            <deny users="*" /> 
        </authorization>

However, the gotcha is that SharePoint puts the settings back - don't do an IISreset; don't recycle the app pool. Simply edit the file then go the page to configure the search service and it works. Once you've done that the service will start.

I then found that I couldn't get back into the page because the web.config got reset (grr), but that's not important right now.

The cause

The key in all this is that the two users I added explicit rights for were members of the WSS_ADMIN_WPG group specified inthe original file. This pointed at an issue with the domain - the server was failing to get a list of members for that group.

The servers themselves were built and managed by our customer's hosting provider, so I passed the fault to them. They checked the systems and found a domain fault affecting synchronisation. Result!