DBML and ConnectionString Pitfall

Published on March 23, 2011 Written by

This one bit me good, and cost quite a bit of time before I figured it out.  Therefore, I thought it best to document my findings in case it comes up again.

The Issue

As with many bugs, the behavior didn’t show up until the application was deployed – it worked fine in the development environment.  My app uses Linq-to-SQL, and includes an IDE-generated DBML file to interface with my database.  The app was connecting to my local database just fine.  However, when the app was deployed, and all the changes to the connection string in the web.config file were updated, the connection to the database failed with the error “A network-related or instance-specific error occurred while establishing a connection to SQL Server”.  What??

The Solution

After digging and googling, I discovered something about the IDE behavior when it comes to Linq-to-SQL and DBML generation.  When the DBML file is first created, the IDE inserts an entry in the Settings.settings file, which contains the full connection string details.  Since this connection string matches the settings in my web.config and the app.config for my local projects, everything works fine.  The problem is masked by the fact that both the settings file entry and the config file entries are the same.  So, to fix this requires first changing the settings on the DBML file to not use the connection string in the Settings.settings file.

After that, the constructor for the repository needs to be updated to use the configuration manager to pull in the connection string from the config file, like this:

Once this is done, the app will pull in the connection string from the config file, and no more error!

Original post from http://www.sunergeosystems.com/2011/03/23/dbml-and-connectionstring-pitfall/

Filed in Uncategorized | No replies

Tomcat 5 SSL – Install GoDaddy Wildcard Certificate JKS / PKCS12 ? What?

Published on February 4, 2011 Written by

Ok, have you ever had a day where you spent hours and hours only to feel the frustration of not reaching your goal.  I was *almost* there.

When you buy a Wildcard SSL certificate from GoDaddy and need to install it on Tomcat 5 or 6.  Don’t call GoDaddy.  I called only to be told follow the website instructions.  Ummm…yeah…I did that.  No go on that one. Riiigghhhhht…..

After 6 hours of living hell building a JKS keystore, here is what ultimately worked with the GoDaddy installation.  I will spare you the story of my pain.

Installation Environment

Tomcat 5 Installation on RedHat (CentOS) Linux with no self-signed certificate.  If you have a self -signed keystore, blow it away and start over.

Start with the CSR

Before you can get your GoDaddy Wildcard Cert, you need to generate a CSR and build a new keystore file for tomcat.  The keystore is in the JKS format and holds the chain of certificates.  The ones for your server and for your cert issuer.

I started by working in my home folder.  Let’s call it /home.

cd /home

Issue the following command to Create your keystore

keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

You will be prompted for a password.  I used the default tomcat password of changeit.

My screens looked something like this.  Remember I am making a wildcard domain CSR.

Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]:  *.mydomain.com
What is the name of your organizational unit?
[Unknown]:  Web
What is the name of your organization?
[Unknown]:  Mydomain.com
What is the name of your City or Locality?
[Unknown]:  Tyler
What is the name of your State or Province?
[Unknown]:  TX
What is the two-letter country code for this unit?
[Unknown]:  US
Is CN=*.mydomain.com, OU=Web, O=Mydomain.com, L=Tyler, ST=TX, C=US correct?
[no]:  yes

Enter key password for <tomcat>
(RETURN if same as keystore password):

This will create a file called tomcat.keystore.  Be sure this is referenced in every command moving forward otherwise, you will be affecting the file named .keystore in your home folder.  This then gets confusing.

Now, create the CSR so you can go through the GoDaddy SSL process.*

*If this article is helpful, you can buy it here if you haven’t already and benefit our company. It’s still GoDaddy!

keytool -certreq -keyalg RSA -alias tomcat -file mydomain.csr -keystore tomcat.keystore

You will be asked for the password again.  Remember the password is changeit

You will now have two files.

1. tomcat.keystore – back this file up somewhere just in case you screw up somewhere

2.  mydomain.csr – This is your plain text CSR to use on GoDaddy’s website to gen your wildcard SSL cert.  Copy and paste this to get your certificate file.

…..Wait….. After submitting..you will wait. ….just wait….zzzzzzzzzzzzzzzzzzzzzzzzzzz

Install the Certificate

Once you have completed your waiting, you will receive a zip file containing several files.  The file we need the most is mydomain.crt.  This contains your certificate.  Now, if you were to attempt to follow GoDaddy’s installation certificate problems you would find you don’t have the materials to perform option 1.

http://help.godaddy.com/article/5239

As a result you would try option 2 and fail miserably.  Here is where we get creative.

Let’s examine the command for “Option 1″ and see what we need.

openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in <name of your certificate> -inkey <name of your certificate private key file> -out keystore.tomcat -name tomcat -passout pass:changeit

Here is my checklist:

gd_bundle.crt – Don’t need it.  Found this out the hard way.  Just bear with me.

<name of your certificate> - this is mydomain.crt file – we have that. Check!

<name of your certificate private key file> – WTF?  Where do I get this?  See below.

keystore.tomcat – Oh yeah, we made that file earlier. Check!

sf_bundle.crt – You need this instead of gd_bundle.crt.  Needed to face lots of errors to figure that out.

Get GoDaddy Bundle files here: https://certs.godaddy.com/anonymous/repository.seam

Getting your Private Key File

There are lots of ways to extract your private key, but I found the best way to be a  GUI Java app called KeyStore Explorer.  This is a super great tool.  http://www.lazgosoftware.com/kse/

1.  Download and install Keystore Explorer.  If you need java, goto java.com and install it first.

2.  Upload your tomcat.keystore file to your windows box.  This is a binary file.  Treat it as such.

3.  Open your tomcat.keystore file in Keystore Explorer.  Find the tomcat alias entry we craeated.  right click and Export -> Export Key Pair.  Do NOT enter a password.  Simply put the name of the file.  I called mine mykey.p12

4.  Copy this file back to your /home folder.

You now have a PKCS12 file with both your public and private key in there.  However, we still aren’t quite there.  We need to extract the Private key for the command above.

openssl pkcs12 -in mykey.p12 -nocerts -out privateKey.pem

Press Enter when prompted for the Import password.  When prompted for the PEM Pass phrase, I used changeit.

NOW WE ARE COOKIN!

Now we have a Private Key file that we can use in our OpenSSL command above.  The top of the file will look something like this:

[root@www tools]# head privateKey.pem
Bag Attributes
localKeyID: B7 5F 05 B7 5F FD 6C 33 EE F2 83 02 CE 13 2A 14 55 A2 BD 24
friendlyName: tomcat
Key Attributes: <No Attributes>
—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E73EA2AB27EAE14C

RXEBrTW9KRqyYAA0JtTRek/YL3+8mW2xyoBhdjs9W0lNVL6FpefAArsyvMD0tjgK
jKhadkcV5xUjiK5KDamDk0MWpXY2OYSScKJZDFkjc9eAvFlCZVD2+yltND/5WGNJ

————————–

Now in order to get the file clean enough to use as our import, we need JUST the key.  So, edit the file and delete the lines before:

—–BEGIN RSA PRIVATE KEY—

Now the top of your file looks like this:

—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E73EA2AB27EAE14C

RXEBrTW9KRqyYAA0JtTRek/YL3+8mW2xyoBhdjs9W0lNVL6FpefAArsyvMD0tjgK
jKhadkcV5xUjiK5KDamDk0MWpXY2OYSScKJZDFkjc9eAvFlCZVD2+yltND/5WGNJ

—————————————

Save and let’s get finished.

Finally – Importing your Certificate

Let’s go back and get us a working keystore for our SSL installation for Tomcat.  We now have everything we need.

openssl pkcs12 -export -chain -CAfile sf_bundle.crt -in mydomain.com.crt -inkey privateKey.pem -out keystore.tomcat -name tomcat -passout pass:changeit

Ok, notice we are NOT referencing tomcat.keystore, but instead we created a new PKCS12 Keystore called keystore.tomcat.

Now, let’s see if it works.

Installing the Certificate in Tomcat

Let’s copy the file to our tomcat installation configuration directory.  My tomcat was in /usr/local/tomcat5

cp keystore.tomcat /usr/local/tomcat5/conf

Now, we need to enable SSL.  So, we need to edit the server-wide server.xml file.  Find the section like this:

<!– Define a SSL Coyote HTTP/1.1 Connector on port 8443 –>
<!–
<Connector port=”8443″
maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″
enableLookups=”false” disableUploadTimeout=”true”
acceptCount=”100″ debug=”0″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS” />
–>

Replace it.  Mine looks like this:

<!– Define a SSL Coyote HTTP/1.1 Connector on port 8443 –>
<Connector port=”443″
maxHttpHeaderSize=”8192″ maxThreads=”250″ minSpareThreads=”25″ maxSpareThreads=”75″
enableLookups=”false” disableUploadTimeout=”true”
acceptCount=”100″ debug=”0″ scheme=”https” secure=”true” SSLEnabled=”true”
clientAuth=”false” sslProtocol=”TLS” keyAlias=”tomcat”
keystoreFile=”/usr/local/tomcat5/conf/keystore.tomcat”
keystorePass=”changeit”
keystoreType=”PKCS12″ />

Lastly, find any other references to port 8443 in the server.xml file and replace them with just 443.

Now, restart Tomcat and enjoy your newly functioning wildcard certificate.

I hope this bridges the gaps on some of the other articles out there.

Please comment if it helps you.

Good Luck!

Filed in Information Technology | One reply

Information Technology – Cost Center or Investment?

Published on January 6, 2011 Written by

Have you ever wondered why IT costs seem to run amuck?

Have you ever wondered why everyone seems to view IT as nothing but ongoing trouble?

Why does every IT expenditure costs thousands and seem to take days to implement?

Have you ever noticed how business owners and management get majorly frustrated whenever their IT doesn’t work?

Let’s take a look at this shall we.

In my experience, most IT shops constantly ask the wrong questions as to what they are supposed to do and often define themselves as the solution for everyman.  IT professionals aim to please their customers and often leverage whatever technology is at hand to solve whatever immediate problem presents itself.  Think handyman with software and USB drives instead of hammer and nails.

Because they take the approach of being the handyman and just fixing the issue, the real value of IT often gets overlooked or misrepresented.  This creates frustration among all of the players from management, employees, customers, and even the IT folks themselves.

IT Costs Run Amuck? Trouble? Frustration?

You can almost always contribute this to lack of investment in time, energy, planning, and maintenance.  Customers spend tens of thousands of dollars to get into a new system..for example Microsoft Exchange.  After spending all this money, they just want to walk away and enjoy the fruits of their labor.  Unfortunately, this is just the beginning.  Let’s use the analogy of a fleet of cars.

If you are a service company and you have to have employees driving cars all around the state, you have enormous costs after the initial cost of the car.  You have to change tires, do constant engine maintenance, pay for gasoline, oil changes, insurance and more….  However, the average company accepts these costs as an investment in growing their business.  Without the cars, the company’s growth would be hampered.

If management was to take the same view of IT, perhaps the comparisons would begin.

If we didn’t have this new Exchange system, how much time would we lose?

If the servers were down, how much productivity is lost?

If the Internet is unavailable, how much business do we lose?

What sort of investment in time and money would allow us to move forward with the least amount of expense, but maintain the best operating environment for our investment?

Companies have to change the dialogue to STOP the frustration.  Define WHAT IT really is to the company.  IT is NOT a Cost Center.  IT is an investment.  IT ENABLES the company to do things never before possible.  An accountant 50 years ago would have had to have dozens of clerks for their asset management/tax business for only a dozen or so companies.  Today, that same accountant can manage hundreds of clients with only a handful of bookkeepers and a few computers.  IT ENABLES the company and the customer.

Companies must change the internal dialogue to limit the responsibility of IT and work to create an ongoing re-investment back into their own business.

Does IT runaway spending exist?  Of course it does?  How do you identify it….well, that’s a post for another day.

Filed in Information Technology | No replies

Switching to RAID

Published on December 29, 2010 Written by

I got some new hard drives for Christmas and wanted to switch to a RAID setup.  My motherboard comes with the Intel Onboard RAID and I was planning on using it to setup a simple mirror.

BSOD for Christmas

I had already installed Windows 7 with my SATA II drives in IDE mode.  First I tried to install the intel Matrix drivers, they wouldn’t run saying there was no compatible hardware.  Looking at my motherboard documentation  (ASUSRock x58 Extreme), it recommended enabling the RAID in the bios before  installing windows or the intel drivers.

A quick f2 on boot and I changed the SATA mode to RAID. Save and continue,  The windows 7 logo appeared, good it saw the harddrive.   everything was going along normally then blue screen and automatic reboot.  This isn’t going to  be an easy switch.

Don’t waist your time running the windows 7 startup repair or trying to trick the intel drivers to install, all you have to do is change one registry setting.  With some googling I found this forum thread for switching to RAID mode:

So switch back to IDE mode, reboot into windows 7 open up regedit from the start menu and go to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iaStorV

Change REG_DWORD “Start” from 3 to 0
Reboot switch back to RAID in BIOS and you can now boot. You can now install the INTEL Matrix drivers and go on with your life.    Now in the process of googling I decided to research the performance of the onboard RAID with the mirroring in Windows 7.

Circling Back

Since I was already researching, I decided to look at the performance of the onboard RAID vs the built in Windows 7 mirroring.  Bad news.  Windows 7 beats the motherboard controller almost everytime with very close performance and better cpu utilization, plus its portable if you switch motherboards.  The only advantage to going the hardware route is that you don’t have to use the dynamic disk mode which some sysadmins see as flaky.

So all that hard work is for naught, I’m just going to use the windows 7 mirroring and not the  “fakeraid” built into my motherboard.  Note If I was mirroring my boot drive, I might go the motherboard route,  as the dynamic disk mode has sometimes decided to flake out and kept people from booting.

Filed in System Utilities | No replies

Tags: ,

Resize Virtual Disk in VMWare Workstation

Published on November 18, 2010 Written by

Expand Virtual Disk Using VMWare

To increase the virtual disk from the command line:

  1. Navigate to the product’s installation directory.
  2. vmware-vdiskmanager -x <newsize> vm.vmdk

For Workstation 7, you can increase the virtual disk from the GUI:

  1. Select the virtual machine from the Inventory.
  2. Edit Virtual Machine Settings -> Hard Disk -> Utilities > Expand, enter the new size, then click Expand.

Increase Partition Size in Guest OS

Expanding the virtual disk size is only half the battle. To complete the process, you must expand the partition size using tools within the guest operating system. For Windows, I prefer EASUS. Windows 7 has built-in disk extension tools, available by doing the following:

  1. Right click on My Computer and click Manage
  2. Go to Storage -> Disk Management
  3. Right click on the volume that needs to be expanded, and select Extend Volume

Filed in Procedures,System Utilities | No replies

Initiate an action from the Server. – Things you can’t (yet) do with a browser

Published on November 17, 2010 Written by

Ever since Tim Berner Lee invented the first web server and browser we have been doing the http request / response dance.  A request is sent from the browser to the server and the server responds to the browser.

But what about going the other way?  Firing an event on the server and notifying the client that something changed?  Getting an alert that is really real time.  That’s something that good old http doesn’t do.

But there are hacks and fixes.  Let’s list them here.

Polling.  You can simply have the browser keep requesting the server, asking has anything happened?  This is usually accomplished  AJAX style with a xmlhttp request that is fired by a setTimeout or setInterval loop.  Every x seconds the browser checks the server for updates.  You can do this on practically any browser.

Long Polling. The client polls the server with a really long timeout,  the server leaves this response open until an event happens.  Once the event happens., it responds, the client does its processing and then starts a new long poll.

Hidden Iframes can be handled with a Chunked Block response that leaves the connection open.  The server that gradually sends script tags down the wire to be executed by the client.

Script Tags with Long Polling. Script tags can be dynamically created and then run by the browser requesting javascript code from a server (with data) and then executing it once received.  Long polling can be established just like using xmlhttp

Use a Plugin. Both Java and Flash can be used to establish connections that are not good old http.

FireFox and NetscapeOnly  Server – Side Push.  Okay we’re getting desperate to be complete here.  Back in 94 or 95 I remember  huddling around the computer to see something amazing.  on the proto-blog suck.com the logo was Moving! That’s right! Animated Gif’s were still in the future (hamster dance didn’t exist yet) but “server side push” had just gone mainstream. You could make things move right then by doing sever-side push.  Basically you setup a cgi program to send back a multipart/x-mixed-replace content-type and it send an image animation back frame by frame. Firefox can handle this still and it can be hacked to send javascript instead of pictures.

WebSockets. The Future is Soon. Finally the W3C commitee is hard at work finalizing WebSockets in HTML5.  Firefox 4, Google Chrome 4, Opera 10.70 and Safari 5 all support WebSockets which upgrades a standard http connection to a bi-directional data tunnell.  A onmessage javascript event can be wired up to the websocket to respond to something that comes down the pipe to the browser.

What about Server Events today? Polling is the simplest and most reliable.  It’s not going to give you real, real-time response for twitch gaming. Dojo has a great high level protocol called Bayeux that wraps some of these transport methods.  WebSockets is the future and you don’t have to wait.  You can use Flash to use websockets on older browsers

Filed in Software Development | No replies

Tags: