When software attacks!

Thoughts and musings on anything that comes to mind

Twitter clients: Twinbox and Tweetz

Anybody who follows me on twitter will know that @rikhepworth is by no means a prolific tweeter. However, I do follow a number of people around the planet, and in addition to the ubiquitous Tweetie2 on my iPhone, I have found two clients to be useful and reliable.

The first is Tweetz, from Blue Onion Software. This is a great gadget for the Windows 7 desktop (or Vista Sidebar). The UI is simple and extremely usable (I love the way I can scroll the history for older tweets) and it makes posting a breeze.

The second reflects just how much I live by Outlook and the resulting ability to search and collate unread mails, blog posts and now tweets. Twinbox from TechHit allows you to tweet directly from Outlook and incoming tweets are collated by sender. No integration with the Office 2010 fluent UI but the add-in works, and there is a 64-bit version available as well.

Solve ‘pending reboot’ setup show stopper for CRM 4 Client (with Update Rollup 7)

I’ve been extremely busy over the past week creating demo systems and updating our own internal Black Marble systems. Part of that long list of tasks was to get around to testing the CRM 4 Outlook client with Outlook 2010.

For those who don’t know, you need the Update Rollup7 client if you want to use Outlook 2010 (and x86 Office only need apply). You can download a slipstreamed client installer from Microsoft.

However, you may find that the client steadfastly refuse to install, telling you that it is unable to proceed due to a pending restart.

The solution to the problem can be found on the Microsoft forums:

Look in the registry, in the Current User hive (HKEY_Current_User) for the user you’re trying to run setupclient.exe as. You will find a key in HKCU\Software\Microsoft named MSCRMClient. Create a new Dword value (32-bit if you’re on Windows 7 x64) called IgnoreChecks and set the value to 1.

This fixed it for me. Hopefully it will fix it for you too.

Reassigning the correct SSL certificate to SharePoint 2010 Web Services IIS Site


This post is about assigning an SSL certificate to an IIS 7.5-hosted website which is not located in the Personal Certificate store. The steps shown are not SharePoint-specific, however. Hopefully this post will save you the large amount of time I spent hunting down the information on how to do this.

The usual background

I’ve been installing and configuring a SharePoint 2010 system that we can use here at Black Marble for our demo sessions. I hit a nasty wall just after lunch which turned out to be caused by the SSL certificate being used by the ISS web site hosting the SharePoint web services.

I’d spent a while carefully wiring up the user profile service to our AD, getting synchronisation working and dealing with the creation of a new MySite host. That in itself is a fairly involved process right now, so when I hit errors I naturally assumed it was related to my work on the user profile service.

When trying to manage the User Profile Service I was seeing errors that Central Administration could  not access the service.

The automatic Health Analyzer in SharePoint was telling there was an error with the Security Token Service:

The Security Token Service is not available.
The Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state.
SPSecurityTokenService (SecurityTokenService)

In the Application Event Log I was seeing EventID 8306: An exception occurred when trying to issue security token: Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost:32844'..

Naturally, I checked the bindings through IIS Manager to see what certificate was in use. An IIS self-issued certificate for the server was listed, which I though should have been valid…

I looked in the Local Computer Certificate Store using the MMC snapin and I discovered a folder called SharePoint which had three certificate in it, all issued by the Sharepoint Root Authority:

  • SharePoint Security Token Service
  • SharePoint Security Token Service Encryption
  • SharePoint Services

That sounded interesting – perhaps one of these was the certificate which should be used and the configuration had got changed. The trouble now was how I assigned those certificates. IIS Manager only shows you the certificates in the Personal store – I couldn’t select the certificate I  needed anywhere.

Being one to tinker before turning to the web I looked in applicationhost.config – the xml file which contains the configuration details for the IIS sites. It listed the protocol bindings but not the certificate. So I turned to Bing.

The first site of note was (of course) on IIS.Net – How to setup SSL on IIS 7.0

This listed a whole heap of things to do in order to set up SSL, but none of it told me how to assign a certificate from a specific store, at least without turning to WMI (and that wasn’t clear).

I then found a detailed MSDN How To: Configure a Port with an SSL Certificate

This was really useful (if hard to find). It detailed how to configure a certificate using netsh. This required a key bit of information which I didn’t have – the certificate hash. However, the article linked to another, telling me that the has is in fact the Thumbprint attribute, accessible through the certificate MMC snapin (MSDN – How To: Retrieve the Thumbprint of a Certificate).

I tried the appropriate netsh command and it failed. I then realised that when I queried the ssl bindings the certificate store name was listed, showing where cert was. There was no information in that article on how to specifiy this.

Bing to the rescue again. A non-MS site listing the parameters of the netsh add sslcert command.

The actual solution

In an elevated command prompt enter the following command to list the current SSL bindings:

netsh http show sslcert

You’ll get something that looks suspiciously like the image below. Note that there may be more than one binding listed; note also that the details below are for a working web services site.

Output from netsh http show sslcert

You need to get some information for the SSL binding on port 32844, used by the SharePoint Web Services. The relevant section, as show above, will list the IP:Port as Mark and copy the the Application ID GUID. Interestingly, I’ve checked two different SharePoint 2010 installs on different servers and the Application ID is the same for both.

You also need to find the certificate hash (thumbprint) for the SharePoint Services Certificate. Load up MMC and add the certificate snapin, connecting to the Local Computer store. You should see a store named SharePoint with three certificates in, as per the image below:

Certificate console showing SharePoint store

Double-click the SharePoint Services certificate and select the Details tab. Scroll down and find the Thumbprint property and copy it’s contents to the clipboard.

Certificate properties showing Thumbprint

Paste the text into notepad and trim out the spaces before you use it in the commands below.

I removed the SSL binding first using the command below, although I’m not sure if this step is necessary:

netsh http delete sslcert ipport=0.0.0:32844

Once that’s done, enter the command below, using the thumbprint from your certificate and (if it’s different) the correct appid for your website.

netsh http add sslcert ipport=0.0.0:32844 certhash=<thumbprint> appid={4dc3e181-e14b-4a21-b022-59fc669b0914} certstorename=SharePoint

Finish off with another netsh http show sslcert to make sure the changes have been made, and then perform an iisreset, just to be sure.

The annoying bit

When you’ve done all this, don’t be fooled when you examine the bindings in IIS manager. If the certificate isn’t in the Personal store (i.e. IIS Manager doesn’t show it in the list) then the certificate is listed as Not Selected, which is very misleading. One to poke the guys in the IIS team about, I think.

Berlin: Legoland Experience

I’d love to say that I enjoyed the Legoland Experience in Berlin, located beneath the Sony Centre in Potzdamer Platz. I’d love to, but I can’t – I’ve been to a conference you know; none of this sightseeing malarky for me.

Having said that, whilst visiting the Mauerfall celebrations I stumbled upon the entrance, and I don’t often get the chance to post gratuitous pictures of Lego…


As a complete aside, that night we also stumbled upon the European premier of 2012, with Amanda Peet and John Cusack on the red carpet at the Sony Centre, surrounded by photographers. Perhaps unfortunate, then, that all the crowds were elsewhere, walking along the lines of dominoes, drinking gluhwein.

Places to eat in Berlin: Grenander

Lets get this straight right of the bat: Grenander is not a restaurant. Sure, it’s open in the evening and it does light meals (think: soup and a roll). However, it’s really a cafe (‘cafehaus and icecream’,  says  my receipt).

Coffee and cake is a deep-seated German tradition. You really must indulge, but beware that this is no piffling, tiny piece of sponge cake we’re talking about – oh no. Coffee and cakes demands a huge, sumptuous piece of one of a range of marvellous gateaux. Picture a huge Black Forest Gateau (Schwarzwalder Kirschtorte) and you’re in the right place.

Right across the road from the Wittenbergplatz, not far from KaDeWe, Grenander is easy to find and quite welcoming. It’s not very big, though, so you’d better hope it’s not busy.


Places to eat in Berlin: Mola

Mola is opposite the Wittenbergplatz U-bahn station, just along the Ku’damme from KaDeWe. It’s not the most sophisticated restaurant you’ll find, but it’s a wonderfully authentic Italian restaurant.


The first thing you’ll notice is the marvellously jovial owner (at least I think he was the owner) who welcomes you in Italian. The next thing that you’ll notice is the large traditional pizza oven, with the pizza chef making fresh pizza by hand right in front of you.

I wouldn’t pretend that the menu is sophisticated, but the pizzas are wonderfully tasty, authentic thin Italian pizzas. The staff are jolly, friendly and helpful and the overall atmosphere is welcoming and relaxed. They also serve Warsteiner. It’s going back a log way, but my childhood pen-friends in Hamm, in the west of Germany always used to maintain that Warsteiner was their favourite bier (much better than Krombacher, I recall).

Places to eat in Berlin: La Sepia

Anybody who knows me well will tell you that I am prone to waxing lyrical about Portugal. Whilst I haven’t been there for a good few years now, it was a regular destination for my family when I was younger and I have strong, fond memories of the place and its food.

Imagine my surprise then, when we found a Portuguese/Spanish restaurant just a few minutes away from our hotel. La Sepia is on Marburger Strasse, just off Ku’damme.

Cue a random mix from our blogger of broken German and broken Portuguese – all the staff we spoke to were native Portuguese, as far as I could tell.

Sadly, they only offer bacalhao a bras (Portuguese salt cod) during the day, but in addition to a range of tapas and a fabulous choice of fresh fish, a number of different dishes cooked in the traditional cataplana were on offer.

The cataplana is a traditional Portuguese cooking pot. Imagine a wok; now add another wok which closes against first on a hinge, like a clam. It clamps shut, making something a little bit like a pressure cooker.


Tourists who visit the Algarve will have seen cataplana on the menus of many restaurants. Mostly, that means pork and clams, cooked in the cataplana. La Sepia offer this, of course, but also have other dishes. I plumped for monkfish, cooked in the cataplana. The dish is a bit like a stew – big chunks of monkfish, potatoes and other vegetables in a sauce which is a mixture of tomato and fish. Take it from me – it’s great. Just make sure you save some bread to mop up the sauce!


A wide range of Portuguese wine fill a lengthy wine list. We settled on a nice Vino Verde – a light, slightly sparkling fresh white (literally translated to English as green wine). To finish, a bica – the strong Portuguese coffee which makes espresso look weak.

Overall, a place I can heartily recommend. You can bet that I’ll try to make it back during the day for bacalhao a bras before we leave Berlin.

Places to eat in Berlin: Coa

It’s becoming a tradition that every time I attend a conference or travel anywhere interesting I post at least a couple of places to eat. Perhaps ironically, none of the places I am about to post about serve cuisine that you could reasonable call German.

It’s true – we’ve done coffee and cake – that well known German tradition. In an evening, however, besides our hotel we have been to a Chinese, an oriental fusion place and a Portuguese and Spanish restaurant.

A general warning to those eating out in Berlin – do not take for granted that the place you choose will take plastic – many don’t, and you should at least be prepared to pay cash.

Of those, the fusion restaurant was the first place we ate - Coa. Situated right in Potzdamer Platz it was an obvious choice early in our stay as we wandered around the dominoes of Mauerfall.

If you like noodles, you’ll do just fine here. The cuisine is an interesting mix of Vietnamese, Thai, Chinese and Japanese. The surroundings are stylish, the service is friendly (and happy to converse in English) and the food is excellent. There is a great range of dishes from dim sum to noodles and everything we had was well prepared and tasty.

TechEd 2009: Finding technical content

Whilst TechEd this year has been rich with interesting content, most notably on SharePoint 2010, I’ve found it sadly thin on the ground when it comes to deep technical sessions. What exceptions to this rule there have been, however, were excellent and worthy of mention.

Mark Minasi delivered an explanation of Kerberos and its usage in Windows which was both extremely informative and wildly funny. His engaging delivery and use of cartoons, animations and humour made what could have been a dry subject all the more informative and memorable. If you can get hold of the recording, I would strongly urge you to watch.

John Craddock went one better. His extremely deep coverage of DirectAccess and the IPv6 technologies which underpin it took two sessions, and has spawned a third, Q&A tomorrow morning which I shall be sure to attend. He gave a solid explanation of all the component technologies used by DirectAccess with an excellent demo rig to illustrate every step. After nigh-on three hours in his company I have come away with a much better understanding of the area, and an idea of how I can implement the technology in spite of the more readily available DA documentation implying that I can’t.

One or two of the Sharepoint sessions have been equally as useful – Joel Oleson and Todd Klindt on what you should look on your SQL server and how it’s configured to make your SharePoint perform better, and Todd again, along with his colleague Shane on upgrading from 2007 to 2010. Many others, however, were more marketing (and I learned a new word – markitechture – or should that be marchitecture?) than meat, which is a real shame.

Overall, TechEd is still a great conference for content which covers a broad range of Microsoft technologies. I have to say that I enjoyed it – I just won an Xbox in the feedback ‘contest’! I think on balance I really have enjoyed it. Mark and John’s sessions alone make it worth the ticket price; I also look forward to Sanjay’s presentation on Microsoft BUI tomorrow. Part of me does wonder though – do I need to go to a ‘vertical’ conference like SharePoint 2009 for the deep content?