Blog - Robert Bogue [MVP]
Rob's Notebook
SharePoint Calendar
Thor Projects LLC - Welcome
Monday, March 26, 2007

Workflow Struggles and Success

Talking to folks about SharePoint and Workflow is getting to be a regular habit.  My buddy Howard recently launched upon a conquest of creating a SharePoint Workflow.  Armed with my article on DevX, he set about creating the sample workflow.  Of course he had problems -- I'm not saying that because of Howard, he started having problems because getting workflows working sometimes feels like getting the right combination on a combination lock.  He wrote down some of his experiences in a blog post.

To be fair not all of the issues are WSS's fault -- or even WF's fault for that matter.  The real point -- the reminder that Howard provided -- was that there are a lot of things that you need to know to get workflows running in SharePoint and there are a lot of ways to fall off the path.

The good news is that I've got two sessions addressing workflow at Advisor Summit on SharePoint in Anaheim May 6th-10th  It will be good to get some more time and space to cover this topic and help others with it.  (A sidebar, DevX generously accepted my article even though it was 4x larger than most articles on the web -- and it's still not enough.)


Categories: Professional | 0 Comments
 
Thursday, March 15, 2007

Article: Wranging SharePoint Workflows with Visual Studio

SharePoint and Workflow may be the most powerful combination since chocolate and peanut butter, but the trick is harnessing their combined power. That isn't as easy as it first seems, but in this article you'll learn how create a SharePoint workflow in Visual Studio from start to finish. 

This article is one small sliver from one chapter of the upcoming SharePoint MVP Book.  17 of the SharePoint technologies MVPs have combined forces to provide one authoritative source for information on SharePoint.  I'm proud to have written the chapter on workflows and WSS.  The above article is one sliver of that chapter.

http://www.devx.com/webdev/Article/34032/


Categories: Articles, Professional | 0 Comments
 
Monday, March 12, 2007

Missing Content Types and Workflows

If you’ve been working with workflows for a while you’ve seen the “Failed on Start” and “Error Occurred” statuses that happen if you mismatch the assembly information or leak an exception back to the workflow foundation, respectively.  However, I found a new behavior.  If you create a workflow that requires a content type through a feature and that feature doesn’t deploy the content type correctly then you won’t see anything when you start the workflow.

When I say anything, I mean it.  You won’t see a status column for the workflow added.  You won’t see a workflow history.  You won’t be able to tell that SharePoint took the command.  However, if you explore the ULS logs you’ll see an error indicating that the content type for the workflow is missing.

When you’re developing it might be helpful to keep the ULS logs handy.


Categories: Professional | 0 Comments
 
Monday, March 12, 2007

On STSADM and Operation Completed Successfully

STSADM has a comforting message that is presented whenever a command is executed successfully.  That comforting message is simply “Operation Completed Successfully.”  It’s a welcome site particularly if you’ve been struggling to get an XML file just right or if it’s the end of a long day.  However, just because you received an “Operation Completed Successfully” message back from STSADM doesn’t mean the command really completed successfully.

Occasionally, you may run into a situation like I did where I received STSADM’s reassurance that everything was fine but it wasn’t.  I was creating a content type and I had accidentally inserted a space at the end of the content type name.  It was a silly little editing error, but it cost me a whole lot of time.  I didn’t realize that the space was there until a workflow that needed it blew up. That, of course, lead to a debugging session, which lead to isolating the missing content type, which lead to reinstalling the feature, and then several minutes of confusion as I compared the web browser demonstrating that the content type was missing with the response from STSADM indicating “Operation Completed Successfully”

A quick trip into the ULS log or a detailed look at the XML either one will solve the problem – however, for that moment I was confused.

So the moral of this story is … check the ULS log if you want to know what really happened.


Categories: Professional | 0 Comments
 
Saturday, March 03, 2007

Fixing SharePoint 401.1 HTTP errors locally with Kerberos, Integrated Windows Authentication, and Service Principal Names

I’ve had this nagging problem for a while.  Occasionally when I setup SharePoint I do it on a server where host headers are really necessary because I’m sharing IP addresses.  However, it seemed like when I’d do this I could get to the server just fine remotely but locally I’d get a 401.1 HTTP error even if I entered the correct password.  This was frustrating but something I lived with because I could always work around it.  However, tonight, while in the middle of working on a workflow article, I took another run at the problem and actually connected the dots that had eluded me.

When I’m working on the same server as the web site there’s an expectation that I can send a Kerberos-based, login request (Negotiate).  (Kerberos is underneath the covers of AD in Windows 2003 if you didn’t know.)  The same assumption isn’t true from the remote computers.  They’ll try NTLM first.  Both of these fall under the checkmark in the IIS Manager as “Integrated Windows Authentication.”  In fact, there is no user interface to control whether to allow Kerberos, NTLM or both.

I know, that’s all fine and good but how does that equate to a 401.1?  Well, remember I mentioned that this happens when I try to add a host header?  In other words, I’m calling the system something other than what it is defined as in the Kerberos database.  Kerberos being the three-headed dog it is, fails the validation not because the user isn’t authenticated but rather the service principal that IIS is trying to validate with doesn’t match.  Kerberos returns a failure and IIS assumes that it’s the user that made the mistake – not that the administrator doesn’t have things setup correctly for Kerberos.

Rather than addressing a way to setup the server in Kerberos (which I’m sure is possible), I simply turned off the Kerberos authentication in the IIS metabase.  The result is that I can now login from the same server.

In order to do this for your site follow these steps:

1)      Launch Internet Information Services (IIS) Manager.

2)      Expand the local computer and then click on Web Sites.

3)      In the right hand pane locate the site you need to change and its Identifier.  If the identifier column isn’t visible you can select View-Add/Remove Columns… from the menu and select it.

4)      With a note of this number, open up a command prompt and navigate to C:\inetpub\adminscripts.  (Or wherever you’ve moved the IIS administrative scripts to.)

5)      Run the command ‘adsutil GET W3SVC/*YOURIDHERE*/Root/NTAuthenticationProviders’ and press Enter.  Replace the *YOURIDHERE* string with the ID you recorded from IIS Manager.

6)      If the response is “Negotiate,NTLM” Kerberos is turned on, continue on to turn it off.  If you see just NTLM then just NTLM is turned on and just Negotiate means only Kerberos.  The next step we’ll change the value to only NT authentication. (Stop here and you won’t have changed anything.)

7)      Run ‘Adsutil SET W3SVC/*YOURIDHERE*/Root/NTAuthenticationProvider NTLM’.  You should see the “NTLM” string reflected back.

That’s all it takes to turn off Kerberos for a web site and allow you to access it from the local system.


Categories: Professional | 1 Comment