MSPSS: is there life after the helpdesk?

sharing solutions to uncommon IT problems

Author Archive

Powershell: Web Service Monitoring

leave a comment »


<#
Script: WebServiceInvokeTest
Synopsis: This script can consume any webservice and logs a message in the event log in case of success or failure.
The script can be amended in the if block to also return values to monitoring services (I use it for SCOM but it should work for other monitoring serivces as well.
If you want to integrate it with SCOM all you have to do is instantiate the bag before the if block and fill it with the result of the test (and return the bag at the end).
Parameters:
Server: Target server
URI: Path to the webservice
Method: The method you want to consume
Location: the XML path to the variable we check to see if the webservice is responsive
Success: The value of the variable that identifies a successful connection

Example: .\WebServiceInvokeTest.ps1 -server “YourServer-WebServiceHost” -URI “/WSPath/WSName.asmx” -method “WSMethod2Test” -location “FirstNode.SecondNode” -success “ReturnedValue4Success (i.e.: True)”

Author: Roberto Santoro
Date: 18/07/2014
#>
param (
[string]$server = $(throw “-server is required.”),
[string]$URI = $(throw “-URI is required.”),
[string]$method = $(throw “-method is required.”),
[string]$location = $(throw “-location is required.”),
[string]$success = $(throw “-success is required.”)
)

New-EventLog –LogName Application –Source “MyScript” -ErrorAction SilentlyContinue

$URL = “http://” + $server + $URI

try {
$Proxy = New-WebServiceProxy -uri $URL -namespace WebServiceProxy -UseDefaultCredential

[xml]$xml1 = $Proxy.”$method”.invoke()

$result = Invoke-Expression “`$xml1.$location”

if($result -eq $success){
Write-EventLog –LogName Application –Source “MyScript” –EntryType Information –EventID 100 –Message “The webservice test on $URL was successful.`r`nThe XML returned was: $($xml1.InnerXml)”
}
else {
Write-EventLog –LogName Application –Source “MyScript” –EntryType Error –EventID 101 –Message “The webservice test on $URL returned an error. The XML returned was: $($xml1.InnerXml)”
}
}
catch
{
Write-EventLog –LogName Application –Source “MyScript” –EntryType Error –EventID 101 –Message “The webservice test on $URL returned an error. Exception Message: $($_.Exception.Message)”
}

Written by zantoro

July 23, 2014 at 11:39 am

Posted in Powershell

Tagged with

Powershell: write in a Windows event log

leave a comment »


Hello,

this is really quick post about a Powershell quibble I faced today.
Writing in an event log is very easy but if you want to have your own Source (and most of the times you want to do that) you have to create the source first.

New-EventLog –LogName Application –Source “My Script”
Write-EventLog –LogName Application –Source “My Script” –EntryType Information –EventID 100 –Message “A Message”

Unfortunately if you have already created the source, you’ll get an error when trying to create it again the second time: “New-EventLog : The “My Script” source is already registered on the “localhost” computer.”

Most sources on the internet suggest to check if the source exists by doing: if (!(Get-Eventlog -LogName Application -Source “My Script”)) {
This a bad idea because Powershell has to parse the entire event log to find out if the Source exists, resulting in a very loooong query.
Personally, given that the error is a not blocking one, I resolved to run the command New-EventLog anyway and use the -ErrorAction SilentlyContinue parameter to keep the error quiet (but you still get other errors).

New-EventLog –LogName Application –Source “My Script” -ErrorAction SilentlyContinue

 

HTH,

Roberto.

Written by zantoro

July 18, 2014 at 11:29 am

Posted in Powershell

Tagged with

SSO for a website with mixed forms and basic authentication

leave a comment »


Hello,

We have tried to achieve Single Sign-On for a while consolidating 3 of our websites into one. The challenge was that 1 website was using Forms based authentication (fed by Active Directory through Dotnetnuke), 1 with basic authentication and classic ASP and 1 is a document repository with basic authentication.

=====================================
My first challenge was to enable cross-application authentication for all applications (ASP and .NET) hosted outside the DotNetNuke pool (but still in the same website).
Frankly I had never had to do this before and I was surprised by simplicity of it all:
All we need in this case is to have the same <machinekey> in the web.config of every web application.
The machinekey is the key that is used to encrypt the authentication cookie, having the same machinekey allows other applications to decrypt the same cookie and find out who the user is.
IIS by default generates the machinekey on the go, if you want to achieve SSO you will have to specify it explicitly in the web.config (you can generate the keys from many websites like http://aspnetresources.com/tools/machineKey)

<system.web>
<machineKey validationKey=”yourvalidationkey” decryptionKey=”youdecryptkey” decryption=”3DES” validation=”SHA1″ />
<authentication mode=”Forms”>
<forms name=”whatever” protection=”All” timeout=”60″ cookieless=”UseCookies” />
</authentication>
</system.web>

Once I did this I could easily retrieve the username from an ASP.NET page (using User.Identity.Name).
On classic ASP (using Request.ServerVariables(“AUTH_USER”)) is also easy but I had to configure IIS to process requests coming for .asp through .NET Framework. In IIS7.5 this is easy if you use its integrated pipeline (application pool mode=integrated) but it is also possible to achieve with the classic mode.
I followed this article: Wildcard mapping
Obviously once you did all this, you will have to update your apps to retrieve the username from the variables above.
=====================================

So, at this stage I was already quite happy as I had achieved SSO throughout all our web applications but still I couldn’t find a way to do the same for our document repository as it uses built in (i.e.: not adaptable) functionalities of IIS such as basic authentication coupled with NTFS security.
Then I started thinking that this could be achieved by developing my own isapi filter that would do the checking on NTFS on the user behalf.
On IIS7.5 isapi have been replaced by http handlers and http modules. What I needed was an HTTP module that would:

  • Decrypt the cookie and retrieve the user
  • Redirect to the login page if the user is not logged in
  • Check the NTFS effective permissions of the user against the file he’s trying to download
  • If he doesn’t have read rights, redirect the user to the “not authorised page”
  • If he does have read rights, let the request go (the download is actually operated under the application pool identity)

This would not only achieve SSO for the document repository but would also give the user a better experience as if he is missing rights, he is not presented with the never ending login prompts typical of basic authentication but he’s given a clear “not authorised” message.

Here is the code I’ve put together (wordpress doesn’t allow me to upload actual code files or text so I had to PDF it): ntfs_checker
You can either compile it into dll and put in the bin folder or rename it to .vb and put it in the app_code folder and add the following tags in the web.config:

<modules>
<add name=”ntfs_checker” type=”ntfs_checker” />
</modules>
<appSettings>
<add key=”Domain” value=”AD_Domain_Netbios”/>
<add key=”LoginPage” value=”/login.aspx”/>
<add key=”NotAuthPage” value=”/NotAuthorized.aspx”/>
</appSettings>

If anyone tries it out and finds new ways to improve it, please post it back.

P.S.: one little update: the application pool of the NTFS checker must run with 32-bit apps enabled or it won’t work.

HTH,
Roberto.

Written by zantoro

March 22, 2014 at 10:10 pm

IIS6 – Classic ASP – Special characters being displayed as �

leave a comment »


Hello,

I haven’t posted anything in a while maybe a bit because I got lazy and/or maybe because I’m thinking of writing a big article about my last experience in the Philippines and I can put my mind to it…

Anyway… today I fixed an unusual problem on one of our websites, it was displaying special characters (like the accented i “í” or the ©) as “�”.

I knew right away the problem was somehow due to the wrong charset being referenced in the page. Initially I thought it could be due to the hex string problem I already wrote about some time ago but I couldn’t find said string anywhere in the text.

Eventually I found out that the problem was caused by this line:
<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″>

Removing the “; charset=utf-8” fixed the issue.

HTH,

Roberto.

Written by zantoro

March 5, 2014 at 2:25 pm

Posted in IIS

Tagged with ,

DotNetNuke – Error during upgrade “A newer version of this package is already installed”

leave a comment »


Hello,

When I tried to upgrade our DNN portal from 7.1.2 to 7.2.0 I got a blocking, very cryptic error: “Upgrade A newer version of this package is already installed”.

The error log showed the following lines:

01/12/2014 17:55:09 [INFO] DotNetNuke.Services.Upgrade.Upgrade Start InstallPackage:D:\MyWebsite\Install\Module\DNNCE_CoreMessaging_07.00.04_Install.zip
01/12/2014 17:55:10 [ERROR] DotNetNuke.Services.Upgrade.Upgrade A newer version of this package is already installed – 7.1.2

The problem was that I had copied over the upgrade files without first deleting the old Install folder. In the install folder we had old modules alongside with the new modules.

Apparently the DNN Install/Upgrade routine tries to install all modules in the module folder without any particular order or rule. When it tried to install a very old version of the coremessanging module it prompted the error above.

Deleting the Install folder (best practice anyhow) fixes the problem.

HTH,
Roberto.

Written by zantoro

January 13, 2014 at 9:19 am

Posted in DotNetNuke

Tagged with ,

[MySQL] – Old DB restored on MySQL – Error loading schema content (Error Code: 1548 Cannot load from mysql.proc. The table is probably corrupted)

leave a comment »


Just a quick post as I have had this problem and I couldn’t find a solution on Google.
I tried to restore an old MySQL database on my Windows 2008 R2 using Workbench 6.0.

The restore was successful, I could query the db via PHP but trying to open the schema via Workbench I would now get an error:
Error loading schema content
Error Code: 1548 Cannot load from mysql.proc. The table is probably corrupted

The fix is easy: go to the MySQL bin folder and run mysql_upgrade (-p to make it ask for the root password).

HTH,
Roberto.

Written by zantoro

November 21, 2013 at 12:32 pm

Posted in MySQL

[MS Access 2003] Scheduled task for a VBA function

with one comment


Following my previous post, I found myself in need to schedule a MS Access VBA function to run once a day. On the internet we find plenty of articles recommending to launch the Access with the destination DB as parameter and the /X “nameofthefunction” switch.

In my case this did not work for a “cannot find macro” error.
Then what I did is create a macro that would call the function (use the “Run Code” method).
I came up with a couple of generic guidelines dictated by the various problems I bumped into:

1. In the Run Code method specify the function you are calling adding () at the end even if no parameters are expected (e.g.: myfunction())
2. Make sure your function does not have the same name as the module (in my case this caused confusion for the function call)
3. You MUST use a function not a SUB or it won’t work
4. Any warning at the start up of MS Access will prevent the scheduled task from running. For macros you can simply lower the security for Macros.
5. Make sure the references are correct in VBA. In our case the database is copied at regular intervals from another pc. Some DLLs were missing and some other were misplaced.
More on this: I had a weird problem: although I had referenced and installed the same DLL on the server and the client, when the db was copied over from the client, I would still get a “MISSING” DLL error (and the name and location were the same). It turns out that the “references” take into account not only the file name and path but even the file version (although not visible). After copying the referenced DLL over in the same location, everything worked.

HTH,
Roberto.

Written by zantoro

November 18, 2013 at 2:19 pm

Posted in MS Access