Could Not Establish Trust Relationship for SSL/TLS Secure Channel

A while back I worked on a project that required me to integrate to a third-party web service. The web service also in development in parallel by the external team and our team was provided a development endpoint that would be used for testing.

The problem was the certificate used in the SSL was the same as the one production. This resulted in any call to the web service throwing an Could not establish trust relationship for SSL/TLS secure channel error because of the url mismatch.

Due to various constraints we were unable to get certificate replaced. So our temporary work around was to make our code to explicitly trust the external web service host:

Read more...

Obfuscating a SharePoint-Integrated SSRS DataSource's Connection String

When SQL Server Reporting Services (SSRS) is deployed as an SharePoint integrated solution, it enables much of its functionality to be managed right from within SharePoint. Starting from the 2013 version, the integration between SharePoint and SQL Server Reporting Services 2012 is more tightly coupled than previous iterations.

One feature in integrated mode is the ability to have the data sources (.rsds) and report files (.rdl) within a document library itself. This means that reports can reference a DataSource within any document library in the SharePoint site.

In order for the report to work the user should have read permission on both the data source as well as the report file. The problem with this is that the same user can now potentially view the settings within the data source file, including the connection string.

The Solution

In order to protect the connection string, I came up with a solution to obscure it through encryption. The solution can be broken down to two major steps:

  1. Force the reports to get the connection string by evaluating an expression embedded within itself.
  2. Within this expression, call some custom code which manages the retrieval and decryption of the connection string.

One of the limitations with this method is that you can no longer use a shared data source and each report has to have its credentials embedded.

In my example below, I will be retrieving the configuration string from a configuration list stored in the same SharePoint server.

Read more...

Customize a Build Template to Exclude Symbols From Being Published to the Symbol Server

This post was inspired by a feedback provided by one of the commenters on this post. The requirement was to exclude certain third party symbols from being published to the symbol server. I thought I would take upon the challenge to implement this.

As suggested in the same comment thread, my approach would revolve around explicitly setting the FileList property in the PublishSymbols activity. I would set it to a list that includes only the symbols that I want published. And the symbols I want to be excluded would be handled through a wild card filter that is passed as a build template parameter.

Pre-Requisites

Customization Steps

My template is based on the default TFS template TfvcTemplate.12.xaml and customized with the following changes:

Read more...

TFS Tip: Disable Windows Update Prior TFS Upgrade

Always make sure to disable the windows update services before starting any significant software upgrade. We found out the hard way that process such as a long running database backup does not handle kindly to spontaneous server restarts.

Its one of those thing that can easily slip through the cracks but have a large impact in your deployment. So always make sure to add this to part of your per-requisite checklist.

Personally I use the net stop "windows update" command as it is only effective until you restart the computer/service.

Read more...

TFS Tip: Scheduled Backups Do Not Work While the Service Is Quiesced

Last month I worked on upgrading a Team Foundation Server from 2012.2 to 2013.4. While majority of the process was based on the off of the ALM Rangers upgrade guide, there were a few interesting tidbits that we learned during the upgrade.

The most important one was that Scheduled Backups feature no longer works if the services are stopped using the TFSServiceControl quiesce command.

While the MSDN Article for the command does state that it would take down all the services, it also says that you would normally use this command in order to facilitate backups. As such we assumed, incorrectly, that it would not apply to the scheduled backup service.

Read more...

Setting up Source and Symbol Servers in Team Foundation Server

What are debug symbols?

Debug symbols are artifacts that a debugger can use in order to better debug an application. Within the.NET ecosystem these are managed through PDB files. The PDB files contain information about the source file name, line numbers as well as local variable names.

As a software solution evolves, it is likely that multiple versions of it gets deployed into different production systems. And once the software is out in the wild, it becomes important that the developers can react to issues discovered by debugging specific versions. In order to do this effectively, it is important that the debug symbols themselves be treated as an first class artifact of the build and that it is readily accessible. Team Foundation Server (TFS) achieves this via a Source Server and Symbol Server.

The Source Server and Symbol Server

A Source Server component is essentially letting TFS know that we would be retrieving specific versions of source files and that it should be indexed. And a Symbol Server is a fancy name for a networked file share location containing the multiple versions of symbols [read more].

A TFS build definition will be configured in order to automatically index sources and publish symbols [read more].

Read more...

TFS 2013 - Enabling Reporting, Warehouse and Analysis Services

Suppose you already have an Team Foundation Server (TFS) environment where you have opted-out from configuring the Reporting Services and Analysis Services during the installation. The following steps would help you to configure the warehouse and reporting functionality.

Pre-Requisites

  1. Ensure that the SQL Server client tools are installed on the Application Tier.

    If this is not already done, you would most likely receive a TF400465 error when attempting to edit the configuration. TF400465 states that client tool are needed to be installed on the application tier in order for the analysis services to function properly.

    This can be fixed by re-running the SQL Server setup and adding the Client Tools Connectivity feature [Read More].

    Once installed, make sure to restart the TFS administration console.

  2. Ensure that Management Tools - Complete is installed on at least one of the servers in your topology. This is because SQL Server Management Studio requires the complete version installed in order to manage Analysis Services. This step optional but makes it easy for troubleshooting or future maintenance.

  3. Ensure that the Analysis Services have been installed and is up and running.
  4. Ensure SQL Server Reporting Services is installed and configured in native mode [Read More].
  5. This goes without saying, Analysis Services and Reporting Services are not available on the express version of SQL Server.

Read more...

Get a list of files changed between changesets in Visual Studio Online using PowerShell

So recently I had the requirement of getting a list of files that changed between two different releases. We wanted to use this list to act as a verification to ensure that all artifacts were included in a release package.

I modified the code posted here in order to quickly write a console application to do the task. With the immediate problem solved, my colleges and I bounced the idea about porting the code into a PowerShell script which would allow us to enhance it better in the long run.

Overview

The solution would be built around the Visual Studio Online(VSO) REST service. This reduces any dependency on Team Foundation Server(TFS) specific client side assemblies or tools. The limitation is that, at the moment, it is only supported in Visual Studio Online and not all features are supported.

Read more...

Improved Performance by Hosting Virtual Hard Disk External USB Drives

I think I already knew this to be true, but didn't own a "portable enough" hard disk to lug around with my laptop to try it out myself. That's about to change as I got myself new Western Digital My Passport Ultra today; its the perfect size both terms of capacity and dimensions. So now I get to try this out in a real world scenario.

Moving the Virtual Drive Images

The entire process entails moving the physical files to the new location and letting Hyper-V know about this move. If the virtual machine (VM) is already active it does not seem to be possible to move the checkpoint location.

Read more...

Create An Isolated Hyper-V Environment

Bad things may happen when you power up a virtualized Domain Controller on your laptop and connect it to the corporate network.

This post focuses on building a self-contained, isolated virtual environment with internet connectivity.

My colleague, Chaminda has a detailed post on how to setup and isolated environment using virtual box. Go check it out if you would like to implement it via virtual box. While virtual box is a good virtualization platform on its own right, I have grown accustomed to using Hyper-V in my day-job and has become a personal preference.

Hyper-V

My own environment is built around this excellent post. It details the entire process involved. While my own setup is identical to the above, I have taken into account the following caveats:

  1. As mentioned by one of the comments on the post, it is important to explicitly set the port to eth0 soon after flashing the image.
  2. Port Forwarding - Even simple tasks like setting up share folders require that certain ports be accessible. Therefore this it is an important consideration when planning an isolated environment. Here are some of the services and ports I've used for my TFS environment:

    Port Forwarding

Setting up Routing

Even though I have my isolated environment, there are instances where I would like resource in my main network to have access to the internal network. Although port forwarding works to a certain degree, we run into its limitations very fast.

This involves setting up routes on both out internal router as well as the external router under which the external resources exists.

Read more...