Sharepoint 2013 via clientless SSL (webvpn) on CISCO ASA

I just beat myself in the head for a better part of a day on this… I was using the predefined application template for sharepoint 2013 (which is only available in ASA 9.5 or above.) and getting nowhere. The bookmark would start to open sharepoint then pause. In the end, this command fixed it.

auto-signon allow ip 172.18.6.0 255.255.255.0 auth-type ntlm

Once I did that I went with the default Sharepoint 2013 configuration and everything worked like a champ. Go figure.

using pscp.exe in a batch file and getting around the host key

I was trying to automate an scp file copy for work and having a hell of a time with the host key. Even though I was logged in as the same user that the script is running, when it’s run non interactive, for some reason it cannot find the host key in the registry, and fails. Some info.

  • putty and  pscp.exe keep their host keys in – [HKEY_CURRENT_USERSoftwareSimonTathamPuTTYSshHostKeys]
  • if you run your pscp.exe with the –batch command, you cannot input any console input
  • in order to get this to work, I had to echo a “Y” to it like thisecho y | C:_scriptspscp -sftp –v  -etc. etc

Basically, If you try to echo the Y with the –batch option, then you can’t because the –batch option makes it ignore any input. In order to make this secure, I ran it once the way I have listed above, and once the host key was stored in the right place, I removed the echo and added the batch again.

strange .net runtime error and the fix

We had done a POC for Foglight by Quest back in March and ended up not purchasing the product because we already had SCOM in place. After the uninstall and ever since, we have had some issues.

  • errors logged whenever an app pool starts/restarts containing this description
  • .NET Runtime version 2.0.50727.3603 – Failed to CoCreate profiler.
  • .net health monitoring would log an app pool start but not log an app pool stop or shutdown
  • I had the suspicion that this was related to random app pool restarts during the day on one of our webservices
  • other debuggers would not attach to an app pool and work (like avicode that comes with SCOM)
  • I looked for how to fix this since March, of course I was too stubborn to call Quest, so that’s my fault. Much googling didn’t resolve much so when I finally did figure this out, I wanted to post what I found. It turns out that debugging is set in an environment variable. Seems like it’s a session variable because it’s set in the parameters of a service, so that way it runs with the service in the user context of the service. This is something I had never run across before so it seemed kinda odd.

    In the end we had to remove the reg key “Environment” (and the contents of the key) from the two locations. This key is what sets the debugger to enabled and tells it which debugger to use.

    • [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW3SVC]
    • [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesIISADMIN]

    Once these have been deleted, all you have to do is IISRESET the server and the error is gone and random app pool restarts have ceased. As of this writing I have not tried to reinstall the SCOM AVIcode to the webservice, but I’m certain that it will work now.

    SQL query to tell if SQL logins are using Kerberos or NTLM

    Not explanation needed here, if you know what you are looking for, this is it.

    SELECT 
    s.session_id
    , c.connect_time
    , s.login_time
    , s.login_name
    , c.protocol_type
    , c.auth_scheme
    , s.HOST_NAME
    , s.program_name
    FROM sys.dm_exec_sessions s
    JOIN sys.dm_exec_connections c
    ON s.session_id = c.session_id

    TFS 2008 to TFS 2010 Install notes

    Recently (about 5 minutes ago) I did an upgrade in production of our Team Foundation 2008 server to Team Foundation 2010. I had a dry run that worked well but of course on the real thing I had a couple of issues. Here are some notes.

    • TFS requires sysadmin on the new SQL server, it wants to create/drop databases like crazy
    • TFS previous to 2010 required sharepoint to be installed, with 2010 it’s just an option, you can add it later.
    • To clean up from an earlier install (failed, test run, etc.) you can run this command (see the gotcha at the end!)

      C:Program FilesMicrosoft Team Foundation Server 2010Tools>tfsconfig setup /un
      install:all

  • The steps are
    1. Install TFS 2010
    2. Configure TFS 2010 (this creates databases)
    3. Backup your old TFS databases (all of them)
    4. Restore your old TFS databases to your new sql instance
    5. Run the TFS import command from command line. It should look like this:

      C:Program FilesMicrosoft Team Foundation Server 2010Tools>Tfsconfig import /s
      qlinstance:serverinstance /collectionName:imported /confirmed

  • Once you do this, you should be good to go
  • We had an error when trying to install on production because it kept finding information from the previous one. Apparently the tsconfig /setup uninstall:all doesn’t really uninstall all! There were extended database properties left over that we had to delete manually. Until we did this, we received this error:
    • TF30046: The instance information does not match.
  • There are very useful logfiles located in:
    • C:ProgramDataMicrosoftTeam FoundationServer ConfigurationLogs
  • In order to get visual studio 2005 to connect to TFS 2010, you have to install in this order:
    1. Visual studio 2005
    2. Tfs plugin for vs 2005
    3. Vs 2005 sp1
    4. Vs 2005 vista compatibility update (run windows update)
    5. Vs 2005 TFS 2010 update
    6. Then you enter the full URL in the server name field: http://tfs2010_server:8080/tfs
    7. If it tells you that you can’t put in the “/” and such, it means you installed in the wrong order.
  • In order to get visual studio 2008 to connect to TFS 2010, you have to:
    1. Install vs 2008
    2. Install vs 2008 sp1
    3. Install vs 2008 TFS compatibility pack
    4. Enter servername as: http://tfs2010_server:8080/tfs
  • That’s all I have for now. After all the devs come in and hit this tomorrow I may have some more updates (but I hope not!).
  •  

     

    Dashboarding using the SCCM Dashboard solution accelerator example

    I will turn this into a more useful blog post when I have a few minutes but for now it is just a collection of links about dashboarding using the System Center Configuration Manager Solution Accelerator. The short story is that this runs on top of Sharepoint 3.0, which is free, meaning you can run this for free. It’s not specific to SCCM so you can dashboard any sql data you want! Cool!

    http://technet.microsoft.com/en-us/library/ff369719.aspx

    http://systemscentre.blogspot.com/search/label/Dashboard

    http://garyhay.blogspot.com/2010/07/sccm-dashboard-queries-1.html

    http://blogs.msdn.com/b/shitanshu/archive/2010/04/08/part-1-how-microsoft-it-using-configuration-manager-dashboard.aspx

    http://blogs.msdn.com/b/shitanshu/archive/2010/04/11/part-2-using-configuration-manager-dashboard-for-software-update-deployment-readiness-patch-tuesday-checklist.aspx

    http://blogs.msdn.com/b/shitanshu/archive/2010/05/02/part-3-sql-queries-used-for-creating-custom-configuration-manager-dashboard-in-microsoft-it.aspx

    http://blogs.msdn.com/b/shitanshu/archive/2010/10/09/part-4-sql-queries-for-creating-configuration-manager-client-health-and-problem-management-dashboard.aspx

    http://64.4.11.252/en-us/edge/system-center-configuration-manager-2007-dashboard-part-2-configuration.aspx?query=1

    urlscan issue

    I have the following URLscan value:

     

    RuleList=DenyUserAgent

     
    [DenyUserAgent]
    DenyDataSection=AgentStrings
    ScanHeaders=User-Agent

    [AgentStrings]
    Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
    Opera/9.02 (Windows NT 5.1; U; ru)

    In the logfiles I am seeing where it is blocking non russian mozillas, like this:

    2010-11-05 21:49:23 76.94.140.86 896362 GET /programs/images/t8.jpg Rejected rule+’DenyUserAgent’+triggered User-Agent: mozilla/5.0+(windows;+u;+windows+nt+6.1;+en-us;+rv:1.9.2.3)+gecko/20100401+firefox/3.6.3 mozilla/5.0+(windows

    (The logfile truncates after a certain length.) I do not understand why it is blocking this mozilla version with a totally different user agent. ???

    Looking for an answer on this one….