When software attacks!

Thoughts and musings on anything that comes to mind

Places to eat in Berlin: Coa

It’s becoming a tradition that every time I attend a conference or travel anywhere interesting I post at least a couple of places to eat. Perhaps ironically, none of the places I am about to post about serve cuisine that you could reasonable call German.

It’s true – we’ve done coffee and cake – that well known German tradition. In an evening, however, besides our hotel we have been to a Chinese, an oriental fusion place and a Portuguese and Spanish restaurant.

A general warning to those eating out in Berlin – do not take for granted that the place you choose will take plastic – many don’t, and you should at least be prepared to pay cash.

Of those, the fusion restaurant was the first place we ate - Coa. Situated right in Potzdamer Platz it was an obvious choice early in our stay as we wandered around the dominoes of Mauerfall.

If you like noodles, you’ll do just fine here. The cuisine is an interesting mix of Vietnamese, Thai, Chinese and Japanese. The surroundings are stylish, the service is friendly (and happy to converse in English) and the food is excellent. There is a great range of dishes from dim sum to noodles and everything we had was well prepared and tasty.

TechEd 2009: Finding technical content

Whilst TechEd this year has been rich with interesting content, most notably on SharePoint 2010, I’ve found it sadly thin on the ground when it comes to deep technical sessions. What exceptions to this rule there have been, however, were excellent and worthy of mention.

Mark Minasi delivered an explanation of Kerberos and its usage in Windows which was both extremely informative and wildly funny. His engaging delivery and use of cartoons, animations and humour made what could have been a dry subject all the more informative and memorable. If you can get hold of the recording, I would strongly urge you to watch.

John Craddock went one better. His extremely deep coverage of DirectAccess and the IPv6 technologies which underpin it took two sessions, and has spawned a third, Q&A tomorrow morning which I shall be sure to attend. He gave a solid explanation of all the component technologies used by DirectAccess with an excellent demo rig to illustrate every step. After nigh-on three hours in his company I have come away with a much better understanding of the area, and an idea of how I can implement the technology in spite of the more readily available DA documentation implying that I can’t.

One or two of the Sharepoint sessions have been equally as useful – Joel Oleson and Todd Klindt on what you should look on your SQL server and how it’s configured to make your SharePoint perform better, and Todd again, along with his colleague Shane on upgrading from 2007 to 2010. Many others, however, were more marketing (and I learned a new word – markitechture – or should that be marchitecture?) than meat, which is a real shame.

Overall, TechEd is still a great conference for content which covers a broad range of Microsoft technologies. I have to say that I enjoyed it – I just won an Xbox in the feedback ‘contest’! I think on balance I really have enjoyed it. Mark and John’s sessions alone make it worth the ticket price; I also look forward to Sanjay’s presentation on Microsoft BUI tomorrow. Part of me does wonder though – do I need to go to a ‘vertical’ conference like SharePoint 2009 for the deep content?

20 Jahre Mauerfall

Monday night saw the official celebration of the twentieth anniversary of the historic events which saw the fall of the Berlin Wall and paved the way for German reunification.

Sadly, the night was cold and wet – the rain was falling in torrents as we made our way to Potsdamer Platz and walked towards the Brandenburg Gate. We managed to stand right next to one of the large screens on which proceedings were to be shown – next to the gate and near the dominoes which were to topple during the night.

Cold it may have been, but the atmosphere was warm and friendly, with people from all over the world joining the celebrations. Within a few feet of us were some French students, Americans from across the USA, Italians, Germans, and Yorkshiremen.

The evening was a great mix of culture and spectacle. We were treated to opera (with a distinguished-looking Placido Domingo), the Berlin Philharmonic with Daniel Barenboim conducting, Bon Jovi and some other most likely very popular German bands that I’d never heard of.

There were also plenty of speeches from German and other European leaders, along with Lech Walesa and Michael Gorbechev (sorry if I’ve mis-spelled either of those – I’m composing with no internet connection).

The whole event was punctuated by the toppling of dominoes, which turned out to be done in stages, and topped off with a fireworks display over the Brandenburg Gate.

berlin mauerfall 006 berlin mauerfall 011 berlin mauerfall 013 berlin mauerfall 022 berlin mauerfall 044 berlin mauerfall 054 berlin mauerfall 093 berlin mauerfall 112

Once over, a sea of people flowed to the U- and S-Bahns. It’s a testament to the efficiency of Berlin public transport that the sea of people managed to quickly pile onto a succession of trains to be whisked away from Potsdamer Platz.

IMAGE_042

Most definitely a night to remember.

TechEd Europe has real Coke

For those of you who are confused by the title, Robert, our MD complained bitterly that the SharePoint Conference 2009 in Las Vegas only had Pepsi. I don’t know any geeks who like Pepsi, and a quick poll on twitter seemed to suggest that Robert and I aren’t alone. I just want to report that Berlin has restored my faith and has large fridges full of bottles of Coke. No Cherry Coke, however, so they don’t quite make a gold star.

This conference is HUGE. The conference centre is enormous. We arrived on Sunday by U-Bahn, which is to the north of the centre. It was a ten or fifteen minute walk to get from there to the north, where the entrance is. Fortunately, the S-Bahn station is at the north end. This morning was a bit like a football match – hundreds and hundreds of attendees streamed off two trains in the station and swarmed into the centre entrance. People were taking pictures in awe – incredible.

Big it may be, but I must admit to being a little disappointed. There are few sessions that grab me. After last year, where Andy and I struggled to cover all the new and exciting stuff between us, this year has much less for me. The developer and IT events have been combined this year, and everything seems to lean more towards dev. I get the feeling also that the individual product conferences such as SharePoint and Project are taking over as the place to get great content as they can be more focused. Overall, I think that’s a shame. It’s hard to send guys to lots of conferences, and expensive. Being able to get deep technical content across a broad range of products was the great benefit of TechEd last year, with our IT guys out one week and the devs out the next.

Compared to Barcelona, I have a few key points:

  • It’s a lot colder.
  • The venue is much more organised (although it’s massive and sprawling)
  • The venue catering seems better (food, drinks and fruit is readily available, which it wasn’t last year), although it would be better if it were closer to the session rooms. I have to make a good ten or fifteen minute round trip if I want to forage.
  • The conference pack was better last year. it’s little things, like the session abstracts and pullout cards of session plans that fit easily in your badge holder. This year is not as good – the booklet I have, whilst it fits in my badge holder, requires me to constantly flick through. Most stuff is on the web, which is great if you have an internet connection, plenty of time, and something bigger than a netbook that can run full outlook. I have none of those, so I can’t use it at all. The system is horribly unusable on a netbook. Guess what nearly all the people I’ve met so far are carrying?!
  • Did I mention that it was cold? Last night there were lines of Brass Monkeys all searching for their balls (and that’s not rude, it’s an english naval reference – go look it up!)
  • The jury is still out on a city-versus-city comparison. Berlin is quite varied in many ways; Barcelona seemed more alive.

Content so far is ok. I can’t be more excited as I’ve only been to two sessions. I can tell you, however, that Richard Riley is an excellent presenter and succinctly covered key points for IT Pros in SharePoint 2010. I’m going to a session by Joel Oleson next, and I’m looking forward to that – I have a great deal of respect for Joel’s expertise. Hopefully I will be able to post more later.

Ich bin ein Berliner

As you may know, TechE d 2009 EMEA is in Berlin this year. You may also know that this year is the twentieth anniversary of the fall of the Berlin Wall. I’m here in Berlin, which means that I’ll try to blog what’s going on at TechEd. However, this post is all about the really cool idea Berlin has for the celebrations!

We arrived on Saturday and went out to Potsdamer Platz, not far from the Brandenburg Gate and German Parliament. We hadn’t heard about the 1000 dominoes, so we were really surprised and impressed.

IMAGE_008

The line begins at Potsdamer Platz (where there’s a really cool sledding slope, too) and snakes it’s way past the Brandenburg Gate to the new government buildings. Each domino is about 7 feet tall, and is uniquely decorated. Next to every domino is a small plaque telling you who did the artwork and, if your german is up to is, which mine isn’t quite, their thoughts about the piece. Some are truly startling, and they have been painted by everyone, from schoolchildren to artists to local companies and charities. On the 9th of November, the day the wall came down, those dominoes will be toppled.

IMAGE_009

You can follow the line all the way to the end, and there are thousands of people doing just that – all day and night. There are also wurst stalls, bier stands and stands selling gluhwein to ward off the cold. The atmosphere is absolutely fantastic!

IMAGE_013

These pictures don’t really do it justice – I took them with my phone on Saturday night. I have more taken with my EOS but I’ve not sorted them yet, and I wanted to get this post up.

The TV crews must be having a field day. There is an incredible amount of technical gear here – cameras on tripods; cameras on cranes; and one really cool camera on a wire track ready to chase the falling dominoes.

The Brandenburg Gate is all lit up and has big grandstands around it, ready for the festivities.

IMAGE_015

The building where the line ends is this fabulous work of modern architecture housing the national library.

IMAGE_024

The big celebrations for Berlin Mauerfall are tonight. TechEd has carefully arranged it’s schedules so we have time to get there and join in. Here’s hoping the weather is good.

SharePoint Search Gatherer Error 10032

We encountered a problem recently with a two server farm. One server was configured as index and query server. Both servers were delivering pages to users. If a user executed a search on the server which did not run the search services, the Search page returned an error, and we saw the following in the application log and SharePoint logs:

Event Type:    Error
Event Source:    Office Server Search
Event Category:    Gatherer
Event ID:    10032
Description:
Could not create a database session.
Context: Application '2bee214b-e0b9-413b-8d85-c71002287e99'
Details:
    The database connection string is not available.   (0xc0041228)

Application 2bee214b-e0b9-413b-8d85-c71002287e99: The parent farm application root doesn't exist or access denied. - File:d:\office\source\search\search\searchdll\resourcemanagerimpl.cpp Line:703
Application 2bee214b-e0b9-413b-8d85-c71002287e99: Database session creation error for resource type 0. - File:d:\office\source\search\search\searchdll\resourcemanagerimpl.cpp Line:555

After a great deal of investigation and assistance from the guys at Microsoft, we identified the fault. On the server which had no search services configured, we added the following registry keys, copied across from the server which was running index and query functions:

HKLM\SOFTWARE\Microsoft\Office Server\12.0\Search\Applications\<SEARCH APPLICATION GUID>\ResourceManager                              Data=Server=sqlserver;Database=MOSSWEB_MYSITE_SSP_SEARCH;Trusted_Connection=yes;App=Windows SharePoint Services;Timeout=15                              Server=sqlserver;Database=MOSSWEB_MYSITE_SSP_SERVICE;Trusted_Connection=yes;App=Windows SharePoint Services;Timeout=15

Where the Search Application GUID was the GUID from the error message, and the DB connection strings were copied over from the working server.

This resolved the problem, and now both servers deliver search results correctly.

I’m posting this here because I found only two possible leads in all my searching, neither of which detailed the fault. Hopefully, as always, this will help somebody else.

Kerberos for SharePoint on Server 2008 with IIS 7

UPDATE: Spence posted a great comment pointing out some issues with this post. Richard then restored our Community Server DB to a point in time before the post, so it’s been wiped. Post again, Spence, please, as I didn’t get chance to copy the text of the comment, I’m afraid.

I’ve not been doing so well with blog posts lately. I have more than one currently in process but unposted, and I just can’t seem to get the time to finish them – so apologies, CSW, for not getting the article I promised up yet, but I am working on it.

However, I needed to write up the work I did on our SharePoint at the end of last week, which I thought warranted being made available to a wider audience, so this a quick but hopefully helpful post.

Kerberos, Service Principal Names and Application Pool Identities

I’ve been migrating our SharePoint farm from Server 2003 to Server 2008, and because we now also use Microsoft CRM and a few other systems that require it, I’ve been configuring kerberos.

In theory, this should be simple: We always create service accounts in the AD for each web application to run as, so each of those accounts needs the correct SPN’s creating to match the web site.

For example, if our internal domain is mycorp.com and our SharePoint site is Portal running as the portalapp account, then I would register the SPNs of http/portal.mycorp.com and http/portal against the portalapp account using either adsiedit or setspn. I then make sure that the account is trusted for delegation, which I can do through the delegation tab in the account properties dialog in Active Directory Users and Computers. I also make sure that the servers running SharePoint are trusted for delegation to any service in the same way. UPDATE: Spence pointed out that this is completely unnecessary, see the comments, below.

Once I’ve done all that, I can enable Kerberos on the SharePoint web application through Central Administration. If you’ve never done that, the Authentication Providers option is in the Application Security section (usually the right hand column) in Application Management. Make sure you have the correct web application selected and choose the zone you want to configure (if you haven’t extended your web application, that’ll be default). In the Edit Authentication page, simply tick Integrated Windows Authentication and toggle the radio button beneath to Negotiate (Kerberos). Apply the changes, and we’re done.

Or so you’d think…

To be fair, with Server 2003, that should be it. With Server 2008, however, things just didn’t seem to be working properly for me. So I consulted the Oracle (on a side note, I’m trying a new Oracle lately…).

Kernel-mode authentication. Great idea, shame about the configuration

It turns out the IIS 7 has changed the way it deals with authentication, in that it now executes authentication-related processes in kernel mode for security and performance. That’s all well and good, but it also transpires that because of that, it uses the Local System account for this, and that’s where we hit a snag: I’ve created the SPN’s on the wrong account – I would need to create them on the machine account for the hosting server. Except that won’t work if we’re using more than one server in our farm to host the web applications, because I can only set the SPN against a single account.

It turns out that there is a solution to this. Frustratingly, however, it can’t be done through IIS Manager (or at least, I couldn’t see a way – perhaps Andy Westgarth and the IIS boys can help me here?). Once again we need to edit the applicationHost.config file, just like we did for the bindings, previously:

  1. Finding the right section for this can be tricky. You’re looking for the <location> section for your site, which then has a <system.webServer> section within it. I search on the site name (for example, our web site in IIS is SharePoint – Portal) because the line should look something like:
    <location path=”SharePoint – Portal”>
  2. Scroll down until you find the <security> section. In there you should see an <authentication> section and beneath that, <windowsAuthentication>. It will probably say:
    <windowsAuthentication enabled="true">
  3. Edit that line to read:
    <windowsAuthentication enabled="true" useKernelMode="true" useAppPoolCredentials="true">

You’ll need to do an IISReset after that, or at least I did.

Am I the only person that thinks this should be a setting in the GUI somewhere – it’s such a fundamental issue if you’re using any kind of farm-based system (such as SharePoint or CRM) that I can’t believe it’s so hidden.

UPDATE: Spence also pointed out that appcmd lets you configure this. I’ll post more when I’ve learned how to do it myself.

Appcmd syntax and a hotfix

After Spence posted his comments I did more digging. The syntax for appcmd to make the change I describe above is:
appcmd set config “SharePoint – Portal” /section:windowsAuthentication /useAppPoolCredentials:true /commmit:MACHINE/WEBROOT/APPHOST
where you need to replace the stuff in quotes with the name of your site. You can get a list using appcmd:
appcmd list site

I also found a note about a hotfix related to this issue. If you see your server suffering from blue screens after configuring kerberos (I haven’t… yet) then this might help.

Finally, Spence posted a link to a set of useful slides covering just this topic – thanks Spence, I bet those were three great sessions. Hopefully I’ve now corrected the errors you pointed out and this post is back to being helpful!

Places to eat on the South Bank in London

A set of conference posts wouldn’t be complete without a run down of the local culinary delights. We haven’t strayed far from the South Bank Centre for the past few days, but we’ve had a great variety of meals.

Wednesday night and Thursday lunchtime was Wagamamas. I love Wagamamas. There’s one in Leeds as well, and whilst Fuji Hero is perhaps more authentic, I just love the deserts at Wagamamas. I also have at least one of their recipe books, so I can try it at home! Busy though – we arrived just shy of seven in the evening of our arrival and the queue to get in didn’t really die down until after nine. The new teppanyaki soba is to be recommended.

Thursday night was Tapas at Las Iguanas – a latin-themed place. It was pretty good too, although if I’m honest I’ve had better tapas. It was really busy too – I guess that’s partly because it’s summer and the south bank is one of those places where people congregate, but be prepared to wait a while for a table.

Lunchtime today saw us in Ping Pong, a Dim Sum place down the stairs out back. That was great – a menu with loads of different dishes with helpful staff to walk you through ordering a range of really tasty dishes. We all thoroughly enjoyed it and I’d really recommend it as a slightly different experience, and great for lunch where you might not want a huge meal. I also thing it’s a great social experience, as you can all order a dish you like and get others to try it, with all the conversation that will provoke!

@media Day 2 - Afternoon

I hadn’t really thought about it before, but Andy Budd has a very similar presentation style to my own. He’s incredibly enthusiastic and passionate about what he’s speaking about, and he wanders around waving his arms in an extremely animated way. Snap!

The topic of usability testing is an important one. I always try to impress upon our clients the need to see how the systems we build for them are used and tweak and fix accordingly. Andy’s approach to low-budget, formative testing to identify and solve usability issues during development as part of an agile approach struck a chord with me. I think that it’s important to have a dialog with ‘average’ users (i.e. not involved directly with development and therefore too close to a project to notice the problems) and to feed back into the development process what you find and the pain points you identify. Far better to find and fix during development than to force your product to fail testing or, even worse, to hit issues during rollout that hinder adoption.

I really like Andy Budd – every time I come to @media he recognises me and says hi. He’s a guy who knows his stuff, but he takes time out for those around him, and he deserves your attention.

The last session before the Hot Topics panel was Robin Christopherson from AbilityNet. Every time I attend a session with Robin I learn as much from watching and listening to him present (in terms of how he does it) as I do from the content of his session. Robin is blind, and when things don’t go quite as expected on screen, he doesn’t always know. That gives a helpful insight for an able person as to the problems that impaired users might have. I now need to go to Opera Labs to investigate FingerTouch, which looks like a great improvement for my mobile browser of choice. It was also great to see examples of ARIA being used which was pretty inspiring.