Slice of IT: December 2010

Thursday, December 30, 2010

Invalid characters in XML

To make sure you do not write invalid characters to an XML document, you can use the following code:
Import System.Security.SecurityElement
Private Function prepareXMLString(ByVal str AS String)
str = Escape(str)
Return str
End Sub

To convert XML characters to string, just use the .ToString method.

Application is already precompiled

Today I had an error message “application is already precompiled” on my website.

The site had been up and running for over a year, and suddenly it stop working. When I copied the website back to my computer and rebuild it, the error message appeared.

There were several problems to this. First one was that it had an added file called PrecompileApp.config, second problem was in two or three of the .aspx pages in the inherit tag there was a reference to a dll file called App_Web_6ecyhum5 . The third problem was in the bin folder, a dll file with the same name App_Web_6ecyhum5.dll existed.

I have no idea how these could be added automatically unless someone hacked in and added them manually.

Also, three or four reference of the CodeFile was deleted.

To fix all the errors, I deleted the PrecompileApp.config, App_Web_6ecyhum5, App_Web_6ecyhum5.dll and added all the references back to the CodeFile.

The site is very simple with an email form and the rest being static pages with flash header on each page. No magic here.

What could have caused this?

IIS6 and IIS7 Mapping

Just had a big problem when I was trying to set the execute permissions in IIS6 until I found this chart

Task	IIS 6.0	IIS 7.0
IP Bindings and port	Web site – Properties – Web site tab	Actions pane - Bindings
Connection timeout	Web site – Properties – Web site tab	Actions pane - Limits
HTTP Keep-Alive	Web site – Properties – Web site tab	Features View pane – HTTP Response Header – Set Common Headers
Logging	Web site – Properties – Web site tab	Features View pane – Logging
Bandwidth Throttling and Connection limits	Web site – Properties – Performance tab	Actions pane - Limits
ISAPI Filters	Web site – Properties – ISAPI Filters tab	Features View pane – ISAPI Filters
Home Directory	Web site – Properties – Home Directory tab	Actions pane – Basic Settings / Advanced Settings
UNC Resource	Web site – Properties – Home Directory tab	Actions pane – Basic Settings / Advanced Settings
Redirection	Web site – Properties – Home Directory tab	Features View pane – HTTP Redirect
IIS Permissions – Scripts source access, Read, Write, Directory Browsing, Log Visits, Index this resource	Web site – Properties – Home Directory tab	Scripts source access: Feature depreciated.
		Read, Write: NTFS permissions and Features View pane – Authorization Rules
		Directory Browsing: Features View pane – Directory Browsing
		Log Visits: Features View pane - Logging
Application Name	Web site – Properties – Home Directory tab	Features View pane – View Applications
Execute Permissions (None, Scripts Only, Scripts and Executable)	Web site – Properties – Home Directory tab	Features View pane – Handler Mappings – Edit Handler Permissions
Application Pool	Web site – Properties – Home Directory tab	Actions pane – Basic Settings / Advanced Settings
Application Extensions Mapping	Web site – Properties – Home Directory tab – Configuration – Mapping tab	Features View pane – Handler Mappings
ASP Configuration (session timeout, buffering, parent paths)	Web site – Properties – Home Directory tab – Configuration – Options tab	Session timeout: Features View pane – ASP – Sessions Properties
		Buffering and Parent Paths: Features View pane – ASP - Behavior
ASP Debugging Flags (server-side and client side debugging, error message handling.	Web site – Properties – Home Directory tab – Configuration – Debugging tab	Features View pane – ASP – Debugging Properties
Default documents	Web site – Properties – Documents tab	Features View pane – Default Document
Document footer	Web site – Properties – Documents tab	Feature depreciated from UI. Configure via AppCmd.exe instead. For example - appcmd set config “Fabrikam HR” /sections:staticContent /enableDocFooter:true /defaultDocFooter:”d:\foot.html” /isDocFooterFileName:true to configure document footer.
Authentication	Web site – Properties – Directory Security tab	Features View pane – Authentication
IP address and domain name restriction	Web site – Properties – Directory Security tab	Features View pane – IPv4 Address and Domain Restrictions
Secure Communication (SSL)	Web site – Properties – Directory Security tab	Features View pane – SSL Settings
HTTP Headers (content expiration, HTTP Headers, content rating, MIME Types	Web site – Properties – HTTP Headers tab	Content expiration and HTTP Headers: Features View pane – HTTP Response Headers
		Content Rating: Feature depreciated from UI, However, you can try to configure the P3P policy via AppCmd.exe
		MIME Types: Features View pane – MIME Types
Custom Errors	Web site – Properties – Custom Errors tab	Features View pane – Error Pages

Database ID 5, Page (1:4171728) is marked RestorePending, which may indicate disk corruption.

I recently encountered a power outage which drained our UPS backups and abnormally shut down my database server.

Once I brought it online again, when accessing certain records, I got this error message

Database ID 5, Page (1:4171728) is marked RestorePending, which may indicate disk corruption. To recover from this state, perform a restore.

I tried to do a page restore, and it completed successfully, but the problem still existed.

Running the DBCC CHECKDB statement, it showed that I still had errors in the database.

To resolve this, I put the database in Emergency mode and set it to single user. I then did a repair_allow_data_loss to repair the bad portions of the database.

Remember to kill any connections to the database except your own in order to set the database to single user.

See scripts below...

Script
USE master
RESTORE DATABASE myDB
PAGE = '1:4171728'FROM DISK = 'D:\Backups\Database\myDB Full'WITH NORECOVERY;

Result
Processed 1 pages for database 'myDB', file 'myDB' on file 1.RESTORE DATABASE ... FILE=<name> successfully processed 1 pages in 4229.373 seconds (0.000 MB/sec).

Script
DBCC CHECKDB (myDB, repair_allow_data_loss) WITH NO_INFOMSGS;

Result
Msg 8928, Level 16, State 1, Line 1Object ID 821577965, index ID 1, partition ID 72057594081050624, alloc unit ID 72057594085769216 (type In-row data): Page (1:4171728) could not be processed. See other errors for details.Msg 8939, Level 16, State 98, Line 1Table error: Object ID 821577965, index ID 1, partition ID 72057594081050624, alloc unit ID 72057594085769216 (type In-row data), page (1:4171728). Test (IS_OFF (BUF_IOERR, pBUF->bstat)) failed. Values are 79825161 and -6.CHECKDB found 0 allocation errors and 2 consistency errors in table 'myTable' (object ID 821577965).CHECKDB found 0 allocation errors and 2 consistency errors in database 'myDB'.repair_allow_data_loss is the minimum repair level for the errors found by DBCC CHECKDB (myDB).

Script
ALTER DATABASE myDB SET EMERGENCY;

Script
ALTER DATABASE myDB SET SINGLE_USER WITH NO_WAIT;

Script
DBCC CHECKDB (myDB, repair_allow_data_loss) WITH NO_INFOMSGS;

Result
Repair: The Clustered index successfully rebuilt for the object "dbo.POAllocation" in database "myDB".Repair: The page (1:4171728) has been deallocated from object ID 821577965, index ID 1, partition ID 72057594081050624, alloc unit ID 72057594085769216 (type In-row data).Repair: The Nonclustered index successfully rebuilt for the object "dbo.myTable, PK_myTable" in database "myDB".Repair: The Nonclustered index successfully rebuilt for the object "dbo.myTable, IDX_myTable_myColumn" in database "myDB".Msg 8945, Level 16, State 1, Line 1Table error: Object ID 821577965, index ID 1 will be rebuilt. The error has been repaired.Msg 8928, Level 16, State 1, Line 1Object ID 821577965, index ID 1, partition ID 72057594081050624, alloc unit ID 72057594085769216 (type In-row data): Page (1:4171728) could not be processed. See other errors for details. The error has been repaired.Msg 8939, Level 16, State 98, Line 1Table error: Object ID 821577965, index ID 1, partition ID 72057594081050624, alloc unit ID 72057594085769216 (type In-row data), page (1:4171728). Test (IS_OFF (BUF_IOERR, pBUF->bstat)) failed. Values are 62916617 and -6. The error has been repaired.Msg 8976, Level 16, State 1, Line 1Table error: Object ID 821577965, index ID 1, partition ID 72057594081050624, alloc unit ID 72057594085769216 (type In-row data). Page (1:4171728) was not seen in the scan although its parent (1:567168) and previous (1:4100112) refer to it. Check any previous errors. The error has been repaired.Msg 8978, Level 16, State 1, Line 1Table error: Object ID 821577965, index ID 1, partition ID 72057594081050624, alloc unit ID 72057594085769216 (type In-row data). Page (1:4171730) is missing a reference from previous page (1:4171728). Possible chain linkage problem. The error has been repaired.Msg 8945, Level 16, State 1, Line 1Table error: Object ID 821577965, index ID 2 will be rebuilt. The error has been repaired.Msg 8945, Level 16, State 1, Line 1Table error: Object ID 821577965, index ID 3 will be rebuilt. The error has been repaired.CHECKDB found 0 allocation errors and 4 consistency errors in table 'myTable' (object ID 821577965).CHECKDB fixed 0 allocation errors and 4 consistency errors in table 'myTable' (object ID 821577965).CHECKDB found 0 allocation errors and 4 consistency errors in database 'myDB'.CHECKDB fixed 0 allocation errors and 4 consistency errors in database 'myDB'.

Script
ALTER DATABASE myDB SET MULTI_USER WITH NO_WAIT;

Script
ALTER DATABASE myDB SET ONLINE;

Exchange Server 2010 – Certificate Error

I recently upgraded our company’s Exchange server from 2003 to 2010; not without any problems, as expected. In this blog, I wanted to share some information on how to go about and solve an error related to Certificate in Exchange 2010.

I have to admit that I am not a pro on certificates or that I like working with them, but sometimes you have to deal with the things that you don’t ‘fancy’ too much.

The story

So we install Exchange 2010 and do all the poking around to make sure all the settings are correct. Ignoring the certificate portion even though reading about it, and voila, off to go and test how Outlook works on our client’s computer.

What happend?

A certification error pops up when we open Outlook on the client computer with a security alert saying ‘The name on the security certificate is invalid or does not match the name of the site.’

On some of the client computers, it blocks access to connect Outlook to the Exchange server after you click ‘Yes’ to continue.

Back to the Exchange server we try to see what certificate is causing the problem, when realizing that we have to set up a new certificate since our domain name is not matching the one in the certificate.

A couple of things to note:

1.       We needed a certificate
2.       It cost money
3.       We needed a special certificate to handle multiple sub domain names

What is going on here?

Well, at first we need to understand how internal versus external certificates work.
When you navigate to a website outside your network, an external certificate is needed so here we need to use a third party vendor such as GoDaddy or VeriSign because the certificates are available on the web.

If we are inside our network and are using websites or applications which are hosted inside our network, we can use an internal certificate since it is available throughout our network. We just install the Certification Authority (CA) role on a server within our network and then we can generate our own certificates from there.

This answers the first two points above.

The third point addresses something called Subject Alternative Names (SAN).

In some cases, we have more than one domain name (local domain name or external). Such can be, in our case, mail.domain.com, Server01.domain.com, and autodiscover.domain.com.Instead of generating one certificate for each name, we can add Subject Alternative Names in the certificate.

So how do we solved this?

First, we installed the Certificate Authority (CA), Certificate Authority Web Enrollment, and the Online Responder Role on the server. It is recommended that you install it on a separate server in your domain and not the Exchange server.

Once we have the CA installed, we need to enable some functions in Internet Explorer on the Exchange server.

First we need to go to ‘Tools’ then to ‘Internet Options’ in Internet Explorer. We then need to select the ‘Security’ tab and click on ‘Trusted Sites’ icon. Click on the ‘Sites’ button and add the site ‘http://<CA Server Name>/certsrv/’ and uncheck the ‘Require server verification (https:) for all sites in this zone’.

Back to the parent window, we need to click the ‘custom Level…’ button and enable all of the options under the ActiveX controls and plug-ins. Also enable all items under the Scripting section. Remember to disable these settings once you are done with your certificates on your Exchange server.

Now we can navigate to the page ‘http://<CA Server Name>/certsrv/’ and select ‘Request a certificate’ then ‘advanced certificate request’ and then ‘Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.’

On this page, we can paste the content of a request file and generate a local certificate.
By default, CA does not have the option to generate certificate which has multiple Subject Alternative Names (SAN), which we will need to generate our Exchange Certificate with multiple sub domain names.

To do this, go to the command prompt on the CA server, right click and run it as administrator.
Enter: certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2 This will enable SAN for the CA.

Next, enter: net stop certsvc
Next, enter: net start certsvc

This will stop and start the CA service.

At this point, we need to see what certificates we have in our Exchange server. To do this, open Exchange Management Console and navigate to ‘Server Configuration’ and in the main top window, select the Exchange server.

Below we can find our Exchange Certificates file(s), and on each certificate, it will list what services are assigned to each certificate. On the right side pane, we have an option to create a new certification request.

What this does is that it prepares a request file that needs to be submitted to our internal CA server, and in return, it will generate a certificate which we can use in our Exchange server.

When we click on the ‘New Exchange Certificate’ and select what services we want to use for this certificate, it will generate a .req file which we can save on the desktop. We then have to right click this file and open it with notepad or WordPad and copy all of its content and paste it into the CA website on our Exchange server.

Once we click submit, the CA server will generate a .cer document which is our certificate file. Save this on the desktop and go back to the Exchange Management Console.

We can now see a certificate which does not have a blue icon with a white check mark in it. This is our pending certificate request which we have to right click and select ‘complete request’.
Follow the wizard, locate the .cer file and install it.

So now we have our new certificate installed and services assigned to it, but let’s verify if we have the correct certificate installed for the correct services to solve our dilemma with the certification error in Outlook.

To do this, we need to open Outlook on our client machine, and once or if the certification warning pops up, we need to click ‘View Certificate’, navigate to the ‘Details’ tab and scroll down to and click on ‘Subject Alternative Name.’ This should list all the DNS names which we want this certificate to be valid for.

If there are not names or the name is wrong, we can check the ‘Thumbprint’ and see what services are assigned to this Certificate in Exchange. Write down this sequence of characters or the first eight characters which we will need to compare with the certificates being used in the Exchange Management Shell (EMS).

Go back to the Exchange server and open Exchange Management Shell. Type: Get-ExchangeCertificate
This will list all the certificates installed and the thumbprint, services and subject name of each certificate.

Locate the thumbprint characters which we wrote down and look at the CN name that it is assigned to. Go back to Exchange Management Console and find the certificate being used. If it does not have the services we selected, we need to right click and assign the services to be used.

Follow the wizard and add at the minimum IIS to it.

That should be it.

Complete the restore sequence before taking ...

A couple of months ago, I performed an online page restore on our database. Everything has been working fine until we upgraded our SQL server from 2005 to 2008.
Now when I try to setup/run backup on the database .mdf file, I get an error message. The log file is being backed up just fine.
Failed:(-1073548784) Executing the query "BACKUP DATABASE [ADS] TO DISK = N'\\\\<domainName>..." failed with the following error: "Backup of file 'ADS' is not permitted because it contains pages subject to an online restore sequence. Complete the restore sequence before taking the backup, or restrict the backup to exclude this file.
BACKUP DATABASE is terminating abnormally.". Possible failure reasons: Problems with the query, "ResultSet" property not set correctly, parameters not set correctly, or connection not established correctly.

Running the database check:

DBCC CHECKDB ('ADS') WITH NO_INFOMSGS
result
Command(s) completed successfully.
Everything looked fine.
To resolve this, I ended up creating a new database, and scripted all the tables, stored procedure, and triggers.
Imported all the data with the import/export wizard.
Recreated and set all the permissions on the users.
After this, I could backup the database.