I was lucky to attend and present at last week’s SharePoint Best Practices conference.  I’m still new to the whole speaking "thing" and, frankly, I was a bit nervous for the first half while I sweated out waiting to speak myself.  That sort of nervous feeling made it a little hard for me to pay attention to the presenters (not that I ignored them).  Instead, I focused a bit more on the attendees.

Conferences always set my mind racing and there was a lot take in at this one.  This conference was excellent.  I think it was unusual in several ways.  It wasn’t a heavy developer conference.  There were certainly dev parts to it, but I think it was at least 60% focused on non-dev issues, maybe as high as 80%.  I think that speaks to the evolving nature of the SharePoint market.  Companies are implementing SharePoint in a variety of ways and they are looking for guidance on how to do it right.  And not just guidance on how to create features/solutions (which by now, has been very well established).

I believe the conference was tremendously valuable to most everyone that attended and I know that the organizers plan to do the conference again early next year. 

Having said that, I believe there was a missed opportunity which I hope the next conference addresses.  I say it’s a missed opportunity, but that’s not a bad thing.  Discovering a community need is in and of itself a good thing.  The conference discussed a number of best practices in a variety of areas such as governance, training, requirements gathering, search, development, information architecture, etc.   I think that the missed opportunity has to do with the "green field" assumptions underlying many of the best practices.

When we talk about green field, we mean that SharePoint hasn’t gone into production and we’re starting with a clean slate.  This is ideal because you can start straight away using best practices for defining and managing governance, information architecture, etc.  However … what happens when you’re already in production with several thousand users (or 10’s of thousands) and you didn’t follow best practices at the beginning?  I’ve seen companies with … ahem … a very odd information architecture baked into their environment.  I don’t think that this conference provided much guidance for organizations with that kind of problem (and I don’t just mean IA, but governance, search, many other areas).  Of course, knowing you have a problem is a big part of the solution and that’s very valuable.

I think that the online SharePoint community hasn’t done much to address this either.  I know I have not.  It’s a very hard problem to solve at many levels.  Technically it’s hard.  Budget-wise it’s hard.  Culturally, it’s hard.  However, it’s probably a bigger real world problem than most.  Since the conference ended, I’ve been thinking about these kinds of problems and how one would solve them.  There has to be a better answer than, "uninstall and reinstall" and the community needs to face it head on.

I think that this a great opportunity for the blogging community and experienced thought leaders to lay out some guidance on how to repair their environments.  I think there’s a small but non-zero risk that SharePoint could end up with a bad and enduring reputation as a result of poorly architected implementations that fail due to poor governance, IA, etc. 

</end>

Subscribe to my blog.

My online friend, Mark Miller over and End User SharePoint (www.endusersharepoint.com) is running a free one hour seminar targeted, like he always does, at the SharePoint End User community.  It takes place at 1pm EDT.  Details are here: http://www.endusersharepoint.com/?p=785

I have sat in on one of his online seminar last month and it was done quite well and if you’re interested in some very practical info on dashboards in SharePoint, I’m sure it’s worth the 1 hour investment.

</end>

Subscribe to my blog.

My colleague has been working on a web part in an FBA environment.  Among other things, the web part pulls some data from SQL server.  The grand plan for this project dictates that a DBA configures data level security in SQL (as opposed to embedding a user ID in a SQL query or some other approach).

The problem is that SQL server doesn’t know anything about our FBA environment so it can’t trust us.  We solved this problem by, for lack of a better word, manually impersonating an AD user so that we could connect to SQL such that SQL data level security works. 

Even though FBA is an ASP.NET feature, we SharePoint Nation people have taught the various search engines that if you’re querying for FBA, you must mean you want know how to configure FBA in SharePoint.  I failed to find find any information on how to enable an FBA oriented ASP.NET application to communicate with SQL in the way we needed. 

In the course of researching this, we re-read this article: ASP.NET Impersonation

More research led us to this codproject article: http://www.codeproject.com/KB/cs/cpimpersonation1.aspx

That helped us write our code, which I’ve included below.  It’s not the most elegant stuff, but it worked.  I hope you find it helpful.

Here’s the code that worked for us:

protected void btnSearchCarrier_Click(object sender, EventArgs e)
 {
 try
 {
 ImpersonateUser iU = new ImpersonateUser();
 // TODO: Replace credentials
 iU.Impersonate("DomainName", "UserName", "Password");

//
 CODE
//

 iU.Undo();
 }
 catch (Exception ex)
 {

 }
 }

// Using Impersonation class as mentioned below.

public class ImpersonateUser
 {
 [DllImport("advapi32.dll", SetLastError = true)]
 public static extern bool LogonUser(
 String lpszUsername,
 String lpszDomain,
 String lpszPassword,
 int dwLogonType,
 int dwLogonProvider,
 ref IntPtr phToken);

 [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
 private extern static bool CloseHandle(IntPtr handle);

 private static IntPtr tokenHandle = new IntPtr(0);
 private static WindowsImpersonationContext impersonatedUser;

 // If you incorporate this code into a DLL, be sure to demand that it
 // runs with FullTrust.
 [PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
 public void Impersonate(string domainName, string userName, string password)
 {
 try
 {

 // Use the unmanaged LogonUser function to get the user token for
 // the specified user, domain, and password.
 const int LOGON32_PROVIDER_DEFAULT = 0;

 // Passing this parameter causes LogonUser to create a primary token.
 const int LOGON32_LOGON_INTERACTIVE = 2;
 tokenHandle = IntPtr.Zero;

 // Step -1 Call LogonUser to obtain a handle to an access token.
 bool returnValue = LogonUser(
 userName,
 domainName,
 password,
 LOGON32_LOGON_INTERACTIVE,
 LOGON32_PROVIDER_DEFAULT,
 ref tokenHandle); // tokenHandle - new security token

 if (false == returnValue)
 {
 int ret = Marshal.GetLastWin32Error();
 Console.WriteLine("LogonUser call failed with error code : " +
 ret);
 throw new System.ComponentModel.Win32Exception(ret);
 }

 // Step - 2
 WindowsIdentity newId = new WindowsIdentity(tokenHandle);
 // Step -3
 impersonatedUser = newId.Impersonate();

 }
 catch (Exception ex)
 {
 Console.WriteLine("Exception occurred. " + ex.Message);
 }
 }


 /// <summary>
 /// Stops impersonation
 /// </summary>
 public void Undo()
 {
 impersonatedUser.Undo();
 // Free the tokens.
 if (tokenHandle != IntPtr.Zero)
 CloseHandle(tokenHandle);
 }
 }

</end>

Subscribe to my blog.

A few weeks back, I was working with my developer colleague on a project involving SQL Server Reporting Services plug-in for MOSS.  He was developing a web part that provides a fancy front-end to the report proper (the main feature being a clever lookup on a parameter with several thousand searchable values behind it).

This was working great in the development environment but in the user acceptance testing (UAT) environment, it wouldn’t work.  Firing up the debugger, we would see exception details like this:

The permissions granted to user ‘UAT_domain\mosssvc’ are insufficient for performing this operation.(rsAccessDenied).

If you do a live search on the above error, you find it’s quite common.  Scarily common.  The worst kind of common because it has many different potential root causes and everyone’s suggested solution "feels" right.  We probably tried them all.

In our case, the problem was that we had done a backup/restore of DEV to UAT.  Somewhere in the data, something was still referring to "DEV_domain" (instead of the updated "UAT_Domain").  We created a new site, added the web part and that solved our problem.

Hopefully this will save someone an hour or two down the line.

</end>

Subscribe to my blog.

I receive a handful of messages from individuals via the built-in "send a message" function Microsoft provides with live spaces (which also hosts my blog) every month.

About one third of the time, those users have secured their live spaces account such that I cannot reply.  This is some kind of anti-spam feature I assume.

</end>

I was reading Madhur’s blog post on how to enable stack trace displays and now I’m wondering: why don’t we always show a stack trace?

Who came up with that rule and why do we follow it?

End users will know something is wrong in either case.  At least with a stack trace, they can press control-printscreen, copy/paste into an email and send it to IT.  That would clearly reduce the time and effort required to solve the issue.

</end>

I do a Google search:

I click on the link highlighted above ("Download details: Windows SharePoint…").

I get this:

Note the URL. 

Looks pretty suspicious to me.  I don’t know if I should laugh, chuckle or call a priest.

</end>

http://groups.google.com/group/microsoft.public.sharepoint.portalserver.development/browse_thread/thread/41e8cbe4f15e8b4c/76506ea401403e35?#76506ea401403e35

If the tool is doing stuff you don’t understand and then it fails in step n of an unknown number of steps, you’re dead in the water…

</end>

UPDATE (04/08/08): I seem to have solved this problem.  From the command line, I ran "c:\windows\system32\lodctr /R" as per an entry talking about InstallShield problems and that appears to have solved it for me.

I have noticed that lately, my desktop/server fan never turns off.  I know it used to turn off.  I took a moment to check it out noticed that the a VMware process was running a consistent 20% utilization on one of the CPU’s.  I checked the event log and saw these errors in the application log happening dozens of times per minute:

Windows cannot load extensible counter DLL UGatherer, the first DWORD in data section is the Windows error code.

Windows cannot load extensible counter DLL UGTHRSVC, the first DWORD in data section is the Windows error code.

Windows cannot load extensible counter DLL MSSCNTRS, the first DWORD in data section is the Windows error code.

If I drill into the details of one of those messages, I get this:

Source: Perflib

Type: Error

Category: None

Event ID 1023

I did some research and there was some indication it could be a permission problem in terms of access to the DLLs in question.  I played around with that stuff but could not affect things in a positive way so I gave up on that.

VMware had been nagging me about performing an update for quite some time, so I jotted down the version I had installed (apparently "1.0.1 build 29996") and did the update.  This upgraded me to v1.04.  Sadly, it did not fix the issue.

I can stop the insane number of messages going to my application log if I shut down a service named "VMware Authorization Service".  This prevents me from using the VMware software, so … not such a great option. 

The host operating system is Windows XP 64 bit. 

I don’t think this has always happened, but I don’t recall any particular event that might have led to it.

This is why I hate computers.

</end>

A fellow, "Mark", has started up a potentially interesting newsgroup discussion focusing on "establishing excellent SharePoint Governance from the start" for a 35,000 user environment.

The discussion is here: http://groups.google.com/group/microsoft.public.sharepoint.portalserver/browse_thread/thread/6d9a738d981af772/1c390b15c5407db6?#1c390b15c5407db6

Pop on over and contribute!

</end>