Recently when playing around with the Sharepoint 2010 beta I extended a site to use Forms and passed that through ISA 2006.

This is all very basic stuff, there are a number of good references on how to set this up, but what I did not expect was the http 500 internal error on my browser (see below).

The solution was to modify the HTTP filter (egad! an error message that actually gives the correct problem!) within ISA for that Rule (right-click the rule and select "Configure HTTP") and uncheck "Verify normalization" (see image below). I do not know if this is restricted to Sharepoint, but I suspect that will all the razzle-dazzle that SP2010 is trying to pull off it is tripping over the big feet of ISA...

This was verified by checking the logs. I tried many, many things to resolve it, including making sure "Network Service" had full control over the 14-hive, per this blog and setting up Network Service using the aspnet_regiis -SampleKeys, etc. I even disabled the UAC (see my earlier post for an explanation).

No dice.

The resolution lay, as you may be suspecting, in messed up perms on the RSA folder, specifically C:\Program Data\Microsoft\Crypto\RSA\MachineKeys. I had checked to the RSA level and Administrators had full perms (I was logged on as with an Administrative account) but I had not taken the next step and checked MachineKeys.

Turns out that that folder had removed all perms from Adminstrators. I ended up having to take ownership of the folder and give Admins full perms again. Sure enough - it worked...

As a bonus it DID fix my Search problem (I was getting "The search request was unable to connect to the Search Service.").

Maybe.

Step 1 - open up the Sql Server Configuration Manager and click on 'Sql Server Services in the left pane. You will see that the SQL Server Agetn is Stopped and has its 'Start Mode' set to Manual.

Step 2 - double click on the Sql Server Agent in the right tab and its properties will appear. Click on the 'Start' button to begin it running.

Step 3 - now click on the 'Service' tab and change the Start Mode to Automatic. This will ensure that if your server restarts this service will start as well (and hence you will get your Maintenance plans.

Look here for some good instructions for adding icons for file types (from foxit software who make a pdf search filter).

http://www.foxitsoftware.com/pdf/ifilter/installation

Remember to make the icon 16x16. Here is one you can use...

There are many nice things to like about x07's Management Shell, but one of the best is pipelining. In short what pipelining does is allow you to feed the results from one cmdlet into another. As you can imagine that increases your capability exponentially. It is called pipelining because you use the pipe (|) symbol to separate the cmdlets.

Let us say, for example, that you want to grant a Full Access perms to the mailbox Bob.Marley for Lenny.Scott:

Get-Mailbox Bob.Marley | Add-MailboxPermission -User 'myDomain\Lenny.Scott' -AccessRights FullAccess

What if you want to give Lenny.Scott Full Access to ALL maillboxes:

Get-Mailbox | Add-MailboxPermission -User 'myDomain\Lenny.Scott' -AccessRights FullAccess

What if you want to give Lenny.Scott Full Access to only the mailboxes in the Sales Database:

Get-MailboxDatabase myX07Server\Sales | Get-Mailbox | Add-MailboxPermission -User 'myDomain\Lenny.Scott' -AccessRights FullAccess

The above example shows how you can pipeline into another pipeline. However, if you really wanted to do this you might use the Add-ADPermission cmdlet:

Get-MailboxDatabase myX07Server\Sales | Add-ADPermission -User 'myDomain\Lenny.Scott' -AccessRights GenericAll

This capability is stunning in its power, which should also be a little terrifying. 

Use With Caution...

I was setting up a Man in the Middle webservice to intercept a message coming in so that I could do some processing of it on the side. Don't worry, it was our webservice. My process is fairly simple:

1. accept the submitted object
2. forward the object to the old web service
3. do what I wanted with the info

Step #2 appears fairly straightforward, and for the most part it is.

1. Create a (new) Web Service.
2. Expose the same public WebMethods.
3. Add a 'Web Reference' to the (old) Web Service
4. Create a new Web Service object of the old Web Service
5. Pass the received object onward

The problem that occurs is that because the (new) Web Service has to be all-inclusive it creates its own object type. While this is acceptable in .Net (since it goes by .net classnames) this gets all out of whack in the XML. This is because the XML uses a different namespace process - and since the (new) Web Service uses the same object as the (old) Web Service, albeit with a different .net namespace one of the things that it includes as an Attribute is the XML namespace. So

• The two classes have different .net namespaces
• The two classes have the exact same XML namespace

The compiler does not catch this because it is only looking at the .net namespace. So it will give you all sorts of helpful suggestions.

However....

There is a simpler way to do it. Basically, since you KNOW that the incoming and outgoing objects are the same, you are simply going to override the class that the Web Reference uses to tell it to use the original class.

If you initially open up the Web Reference to your (old) Web Service you are not going to see the file you need. You need to go up to the File Menu and select Project, Show All Files.

Now you will see the file that you want over in the Solution Exploerer -> Reference.cs.

Open that puppy up and make the necessary changes, just remember to wipe out the (new) objects that will be in there. All you want to leave are the methods, and those should now be passing the classes from the (old) Web Service.

Happy coding!

There appears to be an issue with w08r2 when it comes to using Hyper-V. When attempting to launch your VM you might encounter the error: The application encountered an error while attempting to change the state of %yourVM%.

The solution seems very simple (thanks to this post) which is that you need to give 'Authenticated Users' the 'List folder / read data' permission at the root of the drive that contains the Virtual Machines (and you ONLY need to do it at that level, not the ones below).

Why this solves the problem I do not know, but here are the steps (with some pictures) to walk you through the process:

1 - Open up the root of the drive's properties and choose the Security tab. Click on the Advanced button

2. Click on 'Change Permissions'

3. Click on 'Add', Type in 'Authenticated Users' and hit the OK button, you should see the screen below. Change the "Apply to:" to be "This folder only" and put a check in to the "List folder / read data" check box. Click 'OK'

4. Make sure NOT to check the 'Replace all child objects...' checkbox. Check your settings, and click OK. Click OK to close the Properties screen for the drive and you should be good to go.

When clustering two servers together you may still want to set up private network connections. If you do hook a crossover cable and give it a different set of IPs from your domain you may find that the private network does not working. Pinging will return no responses. What you may have run into is that the Windows Firewall is interpreting your little private network as being 'Public' and so is block all communications in.

The solution depends on what flavor of w08 you are running. If you are running w08 you can go into the "Network and Sharing Center" and customize the network to be "Private" which will allow communication through. If you are running w08r2 it is not so simple. You have to go into Windows Firewall and explicitly tell it NOT to apply "Public" rules to the adapter you are using for your private network. 

Because a picture is worth a thousand words:

Windows 2008 (non-R2)

Windows 2008 R2