Its a common problem that many of us have. You set up your SharePoint farm, and its been running sweet as a nut, till you get asked one difficult question by the server team… why is the SharePoint configuration database log file so large?

SharePoint 2007 creates its databases in FULL RECOVERY mode. This is presumably because the SharePoint central administration pages were going to offer a more comprehensive recovery option, however I’ve only ever seen a full database restore. However, even though the built in GUI doesn’t make the use of the FULL RECOVERY model, I don’t think we should discount it.

There are two (nice) ways of coping with the log growth issue;

1. You use your own backup strategy [NB this means you can’t use the built in restore option anymore], e.g. Scheduled SQL Job to backup the databases and logs yourself. When you do this, you have the option to use the WITH TRUNCATE ONLY option, or…
2. Use the built in SharePoint backup/restore service from Central Admin, and schedule log truncations at defined intervals. (see below snippet of code shamelessly stolen from the Microsoft DBCC Shrink file tutorial)

– Example truncating a config db logfile to 70 MB):
BACKUP LOG [Sharepoint_Config] TO DISK=’drive:\path\Yourbackupfile.bak’
GO
BACKUP LOG [Sharepoint_Config] WITH TRUNCATE_ONLY
USE [SharePoint_Config]
GO
DBCC SHRINKFILE (N’SharePoint_Config_log’ , 70)

– Note: the 70 is the 70MB.  
GO

There is an excellent article on Death By Patterns website about log file management. This gives you an overview of why logs grow, and how they work in practice.

It should be noted that in more than a few places on the net, people recommend changing the database mode from FULL to SIMPLE in order to perform a DBCC SHRINKFILE. Whilst this is a simple and effective solution it takes away a crucial service that administrators can perform on a live SharePoint farm, if something goes wrong during the day, before a backup takes place, you have the capability of doing a in place transaction rollback.

See Sherin George’s blog for an excellent overview of the recovery models available in SQL Server.

See Server Fault discussion on SharePoint recovery models.

SC

Since NT was introduced, pure command line DOS was replaced with the Virtual DOS machine (VDM) that allows legacy DOS and 16-bit windows application to run on top of NT (all variants), XP, Vista and Windows 7.

It would seem the VDM engine has a major flaw!

Read more at neohapsis.com and packet storm security

A summary of the issue is that it is possible for a limited user (i.e. a non administrator user) to gain administrative privileges via the VDM.

A workaround is to disable 16-bit applications as part of the Active Directory policy for your domain.

SC

With the new year almost upon us, I’ve been trying to theorise what skills will be required of developers in the next four years.

It is important to take stock of what you’ve got at the end of each year to ensure you offer training and support to the development team to help ensure they are productive with new technologies and tools.

As a developer myself, do I need to worry about keeping my job… ?

Ellen Fanning from Computer World, back in 2006, predicted outsourcing and the need to be business savvy was a major threat to IT workers.

John Newton from the CIO weblog (also from his own blog), back in 2007, predicted that content management would be improved and delivered in more human friendly ways. Business computing would shift to Blackberry type devices. User Interface design would be improved and take ideas from the gaming market.

There are a number of existing/emerging technologies that will impact my organisation in the near future (… I’m well aware that we are behind the curve on most of these, but give us a chance, and we’ll try to keep up :-)). Those are

1. SharePoint 2010
2. .NET 4.0
3. ASP.NET Model View Controller 2
4. jQuery
5. Silverlight
6. Windows Presentation Foundation

I’m sure there are many others.

We’ll also be trying to maximise productivity with our existing tools, such as the K2 BlackPearl / BlackPoint workflow suites.

It is has been a difficult time for many IT workers, when a business looks at what it can cut out of the budget, it usually means laying off staff, or the reduction of investment in their IT systems. Hopefully we can take heed with an article from Judi Hasson, Fiece CIO, who writes that IT is the key to recession recovery. Lets hope so!

Merry Christmas and a happy new year to all

SC

We run a few internal applications that are addressed using a FQDN:

http://site.domain.com/our_app

The applications are also available through the server name:

http://site/our_app

We’ve had a strange issue with one of our applications that requires ‘Integrated Security’ authentication.

A few of our users, who run IE6 (because that’s what they are forced to use) get prompted for credentials.

You’d assume that since IE knows who the user is, that it would simply provide it to the application, and it would allow access.

I’ve done a little digging at it would seem we are not the only people with this issue.

• FQDN name verses server name
• URL with FQDN is asking for authentication

It would seem that this is a browser, rather than application related issue:

• Internet Explorer May Prompt You for a Password
• Intranet site is identified as an Internet site when you use an FQDN or an IP address

Best explanation award foes to Windows IT Pro:

• Preventing IIS from Prompting for User Credentials

It would seem the only short term solution is to provide the fix to the user community before we can update group policy (if this is possible!)

SC

We manage a few standalone machines, and also a few machines that are on a network without access to the internet.

What is the alternative to WSUS and Windows Update?

Well, as I have to keep using a search engine to get this link, here it is:

http://support.microsoft.com/default.aspx/kb/913086

This page links to a list of ISO images that contain the security patches for a given month.

SpittingCAML

Recently we’ve had lots of interest in an internally developed product from external organisations. Obviously if they’ve got enough interest to want to pay for it… why not sell it to them?

There’s a few issues to consider when the software was developed without a clear goal to make it into a saleable product:

1. The software was never developed to be a product for general sale – it is likely to have missing requirements as it was developed for a single purpose (i.e. not generic enough)
2. Licensing (the software) was not a requirement during the development – the developers did not know it was a requirement, this could have altered the design stratagem
3. Database objects not created ‘WITH ENCRYPTION’ – a simple to fix issue, but its a PITA!
4. Web application not written with obfuscation in mind – is it possible to reverse engineer our DLLs/Web Services?

The software we need to protect is a web application (ASP.NET 3.5 C#) with a SQL Server 2005 back end

I had some experience with obfuscating .NET since 1.1, and it seems lots of the issues from back in 2001/2 have now gone since the .NET language has moved on and become more optimised. There’s an interesting thread of discussion on Stack Overflow that might interest you. It discusses tools, reasons for doing it, and the potential pitfalls.

I’m not too worried about our IP going missing, as we will put a non-disclosure agreement in place, and the potential buyer would loose significant reputation and business from my organisation if they were to attempt to get out our precious source code.

Having looked at a few obfuscators, I’m tending to go for Eazfuscator.NET.  As this software package is under maintenance (internally) I didn’t want to make wholesale changes to the solution/project so it seemed the obvious choice. Simply use it on your web application DLL (outside of Visual Studio), and all is well.

In terms of licensing, we will need to think about a pricing model if orders do come through to door and then come up with a suitable licensing strategy.

Our main headache is going to be “… well, it kinda does what we want it to do but …” type questions. Our internal processes are almost certainly going to be different to those organisations wanting to use the package. Dealing with this, alongside the maintenance of an existing system is going to be challenging.

SpittingCAML

I’ve just started using this application today and it is a must have App for your Windows Smartphone.

Take a look at the sales pitch: here

I’m currently using it to block 08080000144 .. a phone number that constantly calls me during the day. It is supposed to be linked to vodafone in some way, but I don’t really know why they’d want to call me since I haven’t got any association with them in any way.

Still… I don’t care, they can call all they like as it is now set to block them

SpittingCAML

Well the answer should be 21.74…. and I don’t think it is an unreasonable bit of maths.

Here is what C# (.NET 3.5) tells me:

(double)25 - (double)3.26 = (double)21.740000000000002

Why the extra decimal places?

I’m pretty sure I remember lots of my Uni course where we talked about this lots in terms of lots of decimal values and the representation of numbers as binary, but it looks far too simple to me… (perhaps it is me that is simple!)

I’ve tried using float and single, at it works fine…. I need the precision of double for certain aspects of the system.

Any help welcomed.

SpittingCAML

This blog has been quiet for the last couple of weeks because I’ve been leading a development team in the final stages of delivery of a pretty large asset/stock tracking system.

Its a long story as to why we decided to do it all ‘in house’ rather than to buy a COTS product. Lets just say, we’d already tried buying off the shelf and that’s the reason why we started doing our own.

The budget was very challenging and the development team grew large in the space of a few weeks when we realised that the estimated man hours required to do it was going to take more than four full time developers.

Communication

With a large development team, in disparate locations around the UK it is important to get the communication channels right. My organisation had rolled out text based communication similar to Live Messenger (Office Communicator). This proved the first clever shortcut. This tool allowed us to collaborate in real time, using virtual whiteboards.

WAN based software configuration management. This was very important, it meant we could all see the same page, and nothing was stuck on Fred’s laptop when he went on leave

Hudson – continuous integration testing, ensured that we never dirtied our source code, so we didn’t hear any of the usual ‘why does it not build when I check it out?’ type crying from the team. I really liked the fact you could schedule builds and output the successful build number to SharePoint using it’s RSS feeds. This little gem saved the bacon many a time… although until the developers got used to not treating our source code control system as a backup for their work in progress, the automatic emails telling everyone (including the PM) that the build failed was a little annoying ;-)… I loved it, as there was no excuse for checking in ‘work in progress’ 

SharePoint 2007 for project documentation. For much the same reason why we had WAN based software configuration management. SharePoint helps anyone on the internal intranet see what we are up to … and the project manager can stick the GANTT and meeting minutes somewhere too

Process

Those of you who have read my blog before will remember my ramblings about which software development methodology should you choose. We chose to use OpenUP, which is the open source version of the Rational Unified Process. I was a little sceptical about its adoption in the embryonic stages of the project, but it certainly helped us stay on course. It also ensured we followed a process that industry knows about. The iterative nature of these kinds of processes ensure that higher management get to see what us technical types are up to, which keeps the pressure off, because at the end of each iteration there is a defined output and testing stratagem.

Technology

We had to keep it all web based, so it could work over the intranet… and we were limited to IE6 because my organisation hates upgrading and is very risk adverse. I can hear you all groaning… but what about all the security patches etc. etc… yeah I know… I’ve sat across the table from the infrastructure guys and have tried to explain that, but we are only developing for our internal intranet… what could go wrong with that … basically it is out of my pay bracket to argue with the people that make that kind of decision.

As my department is well versed in C# and ASP.NET (3.5) this was our chosen technology base… we paired this with SQL Server, as we are also well versed in that.

During the design phase it was glaringly obvious that the standard AJAX toolkit combined with the standard ASP.NET controls was not going to cut the mustard with the requirements that had been elicited… and we needed rapid application development, and slick results.

We turned to Telerik’s ASP.NET AJAX control library and it saved us a small fortune. I’m sceptical about most third party products… and I was very sceptical about using it in such a ‘flagship’ project, however my fears were unfounded. It seems you can sell a product with these controls in, and you get all the source code for them… and you can modify the source code for them providing you let Telerik know what you did. They also provide an excellent forum for dealing with problems. If you use a search engine and look up ‘RadGrid’ the Telerik equivalent of a GridView or DataGrid, you still get hundreds of hits

We used the windows style dialog manager (RadWindow and RadAlert), menu control (RadMenu), grid view (RadGrid), combo box (RadComboBox), numeric only text boxes with extras (RadNumericTextBox) and many of their date pickers to name a few. Not only did we use them, we also used them alongside existing AJAX and standard .NET controls with no issue. I think if we did not buy this toolset, we would have spent hundreds of hours doing what they have already done for us, and I bet ours wouldn’t have been as slick, or as tested as theirs. The development team and I weren’t sad that they’d taken the raw control building away from us (and I thought it would incite a riot by the coffee machine!). One of the most pleasing aspects about it is that the customer is happy that we have delivered a sophisticated interface that is user friendly. The window manager allows users to resize, drag and minimise functionality on our web pages much the same as they do on their windows desktop machines.

Our next cost saving came came with the ReportViewer control. We’d been bitten badly in previous projects when using Reporting Services. Is it just me, or does it not feel like a finished product? Problems we had in the past were cross domain access / the classic double hop problem (impersonation) and unstructured website navigation (that one was probably more our fault). The ReportViewer control gives us a little more freedom, we can construct dynamic object data sources in our business layer, and create reports on the fly, on the actual page rather than firing off our requests to the Reporting Services engine running on another site collection in IIS. This eliminates authentication issues and allows you to put the report that is generated anywhere on your page. Our user’s like it a lot :-).

SQL Server Integration Services (SSIS) is looking like it will save us money once we’ve worked out how to use it properly ;-). The COTS product that we’re replacing has a database backend that we can connect to using SSIS, and the customer is providing us data in excel. This is a useful took to help shape and data cleanse on the way into the new system

Final thoughts

User training is now underway and the User acceptance test is around the corner, and I think it will be a big success for the team.

SpittingCAML