Wednesday, December 10, 2008

Free extra wizard for K2 [blackpearl]

You might be aware of the recent release of K2 [blackpoint] with the beta 2 label. If not please consider a quick revision. But assuming you are already familiar with product, let`s find out some of it`s hidden surprises.
Although a new development tool is been introduced as a environment for building workflows, the well-known approach of having wizards is kept. The grouping remained the same, obviously to suit developers already used to the previous tools like VisualStudio or Visio. So exploring down what we could rely on, it`s obvious that we encounter a new wizard not existing for the [blackpearl].

Data Event wizard, as being a client wizard, adds extra logic to run on the server side, but specified on activity level. In general it gives the ability to map a set of fields, and once it`s executed, all the related values will be copied. It maintains one to one relations, requiring a field for destination, but providing flexibility for the source as another field or a static value.




Still the Data Event wizard works with fields defined only at its activity or global process level fields, which makes it suitable for following tasks :
  • Maintain a counter - now you have the possibility without relying on an external system, to manually change a value of a local field.
  • Extra copy of a data set - if working with shared process level fields, now you can provide their local copy per activity, and later if approval, to copy back the values to the process fields.
I know you can find additional usage if this extra event for preventing the unnecessary need of external system or smart objects.

And now the promised surprise. How can we have this event at our [blackpearl] development stations. Well the approach is easy to follow and I`ll bring it up in a step by step followups. But first what you need : simply - having [blackpoint] K2 studio installed and a [blackpearl] development components (for VisualStudio or Visio). Mark at that point that no intervention with any K2 sever is required. It`s all about distributing the extra event wizard from one station to another. Underneath, it includes all the required code to run inside the process definition, so only the developer tools are under consideration here and later.
  1. Locate on the [blackpoint] station were the k2 files reside. It`s usually %ProgramFiles%\K2 blackpoint
  2. Under the bin folder locate the 2 files named : DataEvent.Design.dll and DataEvent.Wizard.dll
  3. Copy those 2 files to your [blackpearl] bin folder - usually %ProgramFiles%\K2 blackpearl\bin\
  4. Register those 2 files in the GAC of the [blackpearl] machine. Could be done by dropping the files at %windir%\assembly, using the command line tool - gacutil, or if Windows XP - use the Admin Tools -> .Net framework 2.0 Configuration tool
  5. Locate on the [blackpoint] station the folder "Design.DataEventItem", it`ll reside at %ProgramFiles%\K2 blackpoint\bin\DesignTemplates\CSharp\WindowsWorkflowExtender\1033\
  6. Copy the entire folder to your [blackpearl] location : %ProgramFiles%\K2 blackpearl\bin\DesignTemplates\CSharp\WindowsWorkflowExtender\1033\
  7. The easy part is over, so additional preparations are required before continuation - on both [blackpoint] and [blackpearl] locate the file "configurationmanager.config" and make a backup of it. It resides at the bin folder.
  8. You need the 2 files open (use wordpad or better text editor), and the transfer we`ll make is from the [blackpoint] file to the [blackpearl] file. The content is in XML, and you need to copy the entire xml elements (as specified underneath) to the same location on the other file.
  9. Copy the following xml elements (lines) from the [blackpoint]to the [blackpearl] file:
  • <propertywizard text="Data Event" description="Data Event Property Wizard" makeavailableoffline="false" minversionrequired="4.0.0.0" type="SourceCode.Workflow.Wizards.DataEvent.DataEventPropertyWizard" assembly="DataEvent.Wizard, Version=4.0.0.0, Culture=neutral, PublicKeyToken=16a2c5aaaa1b130d" name="F23B5E30-479F-436c-8771-7A949AA3F967"> </propertywizard>- this needs to go undernieth the xml element <propertywizards>
  • <wizard text="Data Event" showintoolbox="true" description="Data Event Wizard" makeavailableoffline="false" minversionrequired="4.0.0.0" type="SourceCode.Workflow.Wizards.DataEvent.DataEventWizard" assembly="DataEvent.Wizard, Version=4.0.0.0, Culture=neutral, PublicKeyToken=16a2c5aaaa1b130d" name="916261B2-1024-485f-89AD-A8E509CCEA8C">
    <propertywizards>
    <add name="Event General Property Wizard"/>
    <add name="F23B5E30-479F-436c-8771-7A949AA3F967"/>
    </propertywizards></wizard>
    - this needs to go underneath the the xml element <wizards>
  • <add name="916261B2-1024-485f-89AD-A8E509CCEA8C"></add>- this needs to go underneath the xml tree : <toolboxCategory default="Default Server Event Wizard" text="Event Wizards" name="ToolboxCategoryEvent"><toolboxImts>

That was the scary part, and now if you restart your [blackpearl] development tools, you`ll be able to see and use the Data Event Wizard. In case of VisualStudio, you`ll need an extra forced "Reset toolbox" to reload the configurations and bring up the new wizard.
In any case, keep the configurationmanager.config backup, if you want to get rid of the wizard, or you mess up with the xml file.
So the outcome is that if you register for the beta of [blackpoint] you can easily get stuffed with an extra wizard for your [blackpearl]. And if you were watching closely, you might have noticed there is another new wizard...
Read more on this article...
Bookmark and Share

Wednesday, November 26, 2008

Inobits to exclusivly distribute iIechnology Forms Accelerator in the United States.

[from press release] MISSION VIEJO, CA, November 26, 2008 –Technology Corporation, an emerging leader in enterprise-class solutions for process automation, today announced Inobits, Inc. (Inobits) as the exclusive distribution partner in the United States of America for iTechnology Forms Accelerator™. The partnership opens additional channels for iTechnology and enables Inobits to exclusively distribute the forms generation component for K2blackpearl™ to their extensive network of customers in the United States of America.

"We're very careful when considering the products to distribute and support, and iTechnology Forms Accelerator™ certainly aligns well with our mission for delivering effective and robust process automation and management solutions," said Johan Grobler, president of Inobits, Inc. "It blends perfectly with our existing services and adds more value towards meeting the demands of customers and partners alike. Building user interfaces without InfoPath or custom ASP pages continues being in high demand in our customer base."


"We are confident that this relationship with Inobits, which is one of the leading K2 value-added distributors, will give iTechnology Forms Accelerator greater reach," said Dmitry Ivahno, president of iTechnology Corporation. "Inobits is a respected firm with a high level of expertise in the process automation and management field with a strong focus on pre and post sales support and is the ideal partner to further establish iTechnology's presence in the United States of America."

"We are pleased to partner with iTechnology which enables us to strengthen our product portfolio," added Johan Grobler. "Through iTechnology we will be able to offer affordable enterprise-class web forms development that meets both the financial and compliance needs of our customers."

The new release of iTechnology Forms Accelerator, together with K2 blackpearl™ and Microsoft Visio 2007, includes all the tools needed to perform process modeling, data capturing, task processing, workflow distribution, routing by rules, retrieval and viewing. Additionally iTechnology Forms Accelerator has its own forms layout designer for defining user interfaces and presenting task information in web forms without usage of InfoPath or custom web development.

About iTechnology
Founded in 2007 and based in Mission Viejo, California, iTechnology offers the industry’s most efficient forms development tools for K2 processes along with a true best-of-breed professional services. The company’s solutions are engineered to deliver swift, cost-effective implementations that integrate with existing K2 processes and avoid inflexible programming efforts and high maintenance costs. Through iTechnology’s innovative enterprise-class software components and services, many companies maximize their business agility and improve process automation efficiency. iTechnology’s solutions are for small, medium andlarge
institutions. For more information, visit www.myitechnology.com or call +1.888.792.7871.

About Inobits, Inc.
Inobits Inc (USA) is a specialized software consulting business that focuses its expertise in business process optimization and workflow office automation. The company operates in areas of next generation breakthrough applications and tools that are designed to amplify the impact of business productivity. Inobits specializes in: Software Implementation & Consulting; K2 blackpearl™; Microsoft SharePoint; iTechnology Forms Accelerator™ for K2.

Inobits Inc USA was established in 2004 as a California Corporation and has its origin from
its founding company, Inobits Consulting (Pty) Ltd in South Africa (1999).

For more information, visit www.inobitsinc.com or call +1.714.371.4232 or by email: johan@inobitsinc.com

About K2 and K2 blackpearl™
K2 provides the platform for a new generation of users to collaboratively assemble dynamic business applications from reusable items. K2-based solutions are deployed by a growing number of the global Fortune 100. K2 is a business unit of SourceCode Technology Holdings, Inc.

iTECHNOLOGY CONTACT: Bobby Naydenova

iTechnology Corporation

bnaydenova@myitechnology.com



Read more on this article...
Bookmark and Share

Monday, November 24, 2008

iTechnology Releases Forms Accelerator for K2

New version enables business users developing web forms in Visio / K2 blackpearl without InfoPath or any coding.

[from press release] MISSION VIEJO, CA, November 24, 2008 – iTechnology Corporation, an emerging leader in enterprise-class solutions for process automation, announced that Forms Accelerator now supports K2[blackpearl].

The new release, together with K2[blackpearl] and Microsoft Visio 2007, includes all the tools needed to perform process modeling, data capturing, task processing, workflow distribution, routing by rules, retrieval and viewing. Additionally iTechnology Forms Accelerator has its own forms layout designer for defining user interfaces and presenting task information in web forms without usage of InfoPath or custom web development.





Users also have the added ability to build web interface simultaneously with defining business processes. This allows rapid changes to be made and rolled out in minutes as opposed to making changes one by one.

Also notable are forms rendering enhancements that were made to iTechnology Forms Accelerator to dramatically decrease the duration needed for end-user to complete work task. Added support of Firefox browser sets iTechnology Forms Accelerator as the most efficient method of User Interface development for automated processes.

"The introduction of iTechnology Forms Accelerator was based on in depth client feedback that ultimately strengthens the value proposition of the K2[blackpearl] process automation," said Dmitry Ivahno, president of iTechnology. "This version of Forms Accelerator offers our clients newfound ease of process automation when InfoPath or custom solution development are prohibitive or too expensive."

Contact the company to arrange a private demonstration at 888.792.7871, ext. 704.

About iTechnology
Founded in 2007 and based in Mission Viejo, California, iTechnology offers the industry’s most efficient forms development tools for K2 processes along with a true best-of-breed professional services. The company’s solutions are engineered to deliver swift, cost-effective implementations that integrate with existing K2 processes and avoid inflexible programming efforts and high maintenance costs. Through iTechnology’s innovative enterprise-class software components and services, many companies maximize their business agility and improve process automation efficiency. iTechnology’s solutions are for small, medium and large institutions. For more information, visit www.myitechnology.com or call +1.888.792.7871.

About K2 and K2[blackpearl]
K2 provides the platform for a new generation of users to collaboratively assemble dynamic business applications from reusable items. K2-based solutions are deployed by a growing number of the global Fortune 100. K2 is a business unit of SourceCode Technology Holdings, Inc.


Read more on this article...
Bookmark and Share

Wednesday, October 15, 2008

K2 [blackpoint] on Silverlight - my first impression!

On Friday October 10th, I participated in a SourceCode’s webcast regarding the Silverlight version of their new product K2 [blackpoint]. Having already tested Windows client of Blackpoint, it was interesting to see how Silverlight edition compliments K2 framework… but first things first:
What we all know about K2 [blackpoint] is that it is a new addition to K2 product line which we can use to build a dynamic process- driven applications, using SharePoint and its integrated services. K2 [blackpoint] offers a new opportunity for developers to deliver a powerful , simplified and easier to maintain business process without writing a code. What is new here is that K2 [blackpoint] is a new advanced product not only for the developers but also for business users allowing them to manage the processes at any time when their business requires it. Most important, K2 [blackpoint] already has a new design platform incorporating all main features required to plan business processes quickly and efficiently.
K2 [blackpoint] structure is built on Microsoft Silverlight which provides rich functionality to browsers. While Silverlight is still a relatively new product, K2 [blackpoint] provides many sophisticated features, which contribute for the successful and friendly usage of the Designer.
The new K2 [blackpoint ] designer is aimed at non technical personnel. It consists of a standalone application so you do not have to own Visual Studio or Visio. The web version provides an easy and simple development platform for enterprises without hassle of installing software on each single workstation. You can build an entire application just by using the visual designer. You do not need to write a single line of code.
Writing complex and intuitive applications on K2 [blackpoint] with Silverlight is as easy as it can be. You no longer need to develop and use complex JavaScript libraries. You can use a simple XML driven language and a powerful visual editor to accomplish the same effect. Another clear benefit is that K2 [blackpoint] uses XAML (Extensible Application Markup Language). XAML is a declarative XML-based language used to define data binding, events and UI elements in WPF and Silverlight applications, and to define workflows in Windows Workflow Foundation.
If we continue to walk through the new K2 product then I would like to point out that now we can set the properties of the workflow faster than before, using many user-friendly features such as: Outcome Templates for adjusting the process activities, numerous Wizards that will help you optimize your company's workflow and building many business entities.

While K2 [Blackpearl] Designer is a tool for expert developers with its integration with Visual Studio and extendable workflow foundation technology, K2 [blackpoint] is a scaled down and simplified version which can be used anywhere in the world directly from your web browser. Its intuitive design delivers the power of SharePoint and workflow to the common user.
It will be fair to say that K2 Blackpoint Designer on SIlverlight as any other web application cannot compete in performance with a standalone native applications. Luckily user can choose between the two - a standalone K2 [blackpoint] designer or Silverlight version of it.
K2 [blackpoint] has the capacity to design some business solutions efficiently from within the Microsoft SharePoint environment. K2 [blackpoint]’s “native” integration with SharePoint and Outlook will help you optimize information flow in your company. You may configure all SharePoint web parts according to your needs. This includes processes that will manage lists and libraries, list items and documents or content types.

As we continue reviewing K2 [blackpoint] I will say that it delivers the opportunity to work in the same environment as in K2 [blackpearl], so if you are familiar with the K2 [blackpearl] tools and services you will need minimal training effort to transition. In the same time K2 [blackpoint] training would be a good investment if you want to enable your business users to take charge of process development and maintenance.
Let’s look at a particular project which uses InfoPath forms. If you want your workflow to gather information from people who will submit the forms then you need to start an initial project in K2 Studio which will integrate InfoPath template. Then it could be used from the K2 Process Portal. The support of InfoPath forms makes the process more efficient and user friendly for audiences who will develop the whole process.
Before we test how our process works we have to check the security settings. We have to be sure that the appropriate permissions are set for the users who will operate with the processes. After specifying the required users’ role in the SharePoint Administration section we can start testing to be assured that our processes works according to our needs. This will include launching our integrated InfoPath form, filling it out and then submitting it. Then depending on your workflow settings and implemented activities it could be reviewed, approved or declined.
If you need to monitor process instances you can take a look at Process Instances panel. This panel is a new feature of the K2 designer, which makes administration of processes much more mature and efficient.

I would like to emphasize that K2 [blackpoint] supports Smart Object Service Integration to connect to your Line of Business systems. While you cannot create new SmartObjects in K2 [blackpoint], you can reuse already pre-created SmartObjects or you can procure their development by K2 partners.
K2 [blackpoint] focuses on building complete process using Sharepoint and InfoPath. While it is a great advantage for some clients, it is disadvantage for others. There is still a large pool of companies who like K2 workflow framework but do not want to invest in Sharepoint/InfoPath infrastructure. In our next article, I will highlight what iTechnology offers for non-Sharepoint clients.

Also if you would like to see K2 [blackpoint] demo, or interested in K2 Blackpoint/Blackpearl training, please feel free to contact us at info@myitechnology.com
Read more on this article...
Bookmark and Share

Tuesday, October 7, 2008

K2 [blackpoint] Installation Wrong Type of Database

By Hristo Yankov
As of today, you can install K2 [blackpoint] only on a clean (K2-free) environment. So if you are trying to install K2 [blackpoint] on an environment previously or currently used by K2 [blackpearl], you have no choice but uninstall K2 [blackpearl].

What you should be aware of, however, is the fact that the K2 [blackpearl] uninstaller does not remove the K2 databases (HostServer, Categories, Dependencies, etc) from the SQL server! If you try to install the K2 [blackpoint] databases on the same SQL server and haven't deleted the K2 [blackpearl] databases manually, you will end up with the following errors during the K2 [blackpoint] installation:




So long story made short, make sure the K2 [blackpoint] database installation does not overlap with existing K2 [blackpearl] databases, as they are not being removed by uninstaller.
Read more on this article...
Bookmark and Share

K2 Workspace 404 Not Found Error

By Hristo Yankov

In the process of a K2 installation, no matter distributed or on a single server, you have to setup the K2 Workspace. It is mostly well covered by the K2 Getting Started (Installation) documentation.

However, even if you follow strictly the instructions, you might get a 404 (Not Found) error when trying to access your Workspace. The following is a step by step guide on how to troubleshoot this error.


So you open your K2 Workspace and you are greeted by a 404 (Not Found) error. First thing you need to do is enable the logging of your K2 workspace web site. You can do that by running IIS Manager, navigating to Web sites, locating your K2 website, right clicking on it, selecting Properties from the context menu. It will open the properties of your web site. Navigate to the Web Site tab. There is a checkbox called 'Enable Logging'. Check it, and just in case do 'iisreset'. Make a note of where the log is stored. It is usually in a C:\WINDOWS\system32\LogFiles\ folder.

Open your K2 Workspace site again, so the error is logged. Then navigate to the log folder and open the log file. You should see entries similar to:
YYYY-MM-DD HH:MM:SS W3SVCXXXX XX.XX.XX.XX GET /Workspace/default.aspx - 80 Domain\User XX.XX.XX.X long-client-description-entry-here 404 2 1260

The most important part of this error log is the error code. It is "404 2 1260". 404, not found, could be caused by a couple of reasons. It is the "2" and "1260" part of this entry that specify what exactly it is. If you refer to this URL you will see that '2' stands for "Web service extension lockdown policy prevents this request." Basically, you have a policy, which is preventing the server from hosting the file.

Now, how to fix that? Go back to the IIS Manager and right click on the "Web Service Extensions" folder. From the context menu select "Allow all Web service extensions for specific application...".


Then from the pop up window select ASP.NET v2.0 and click ok. iisreset and you should be fine.


If your error is not 404 x 2, but something else, the URL above should give you a hint on the root cause.

In the case of 404 x 2, this will fix your problem, but you might want to experiment with the Web Service Extensions policies, in order to achieve higher security level.
Read more on this article...
Bookmark and Share

Friday, September 26, 2008

Benefits of Water... Fat Free

Yes, it is always pleasant to rediscover benefits of ordinary object. In my latest case it happened during one of visits to Coffee Bean & Tea Leaf.

Day was usual for Southern California in high 90s and I had only desire for refreshing drink. And then unexpected appeared in front of eyes: FAT FREE SPRING WATER


After my few second confusion was gone I started reading back side of the label with hope find if this drink is also free of carbohydrates and proteins. Unlucky it is only FAT FREE WATER.

I don't think this bottled water requires additional advertising. I just wish you enjoy such healthy water.
Read more on this article...
Bookmark and Share

Troubleshooting Kerberos issues

By Hristo Yankov

Dealing with Kerberos in MOSS/K2 distributed environment is inevitable. First, let's start with a quick overview of what is Kerberos.

From Wiki:
Kerberos is a computer network authentication protocol, which allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. It is also a suite of free software published by Massachusetts Institute of Technology (MIT) that implements this protocol. Its designers aimed primarily at a client-server model, and it provides mutual authentication — both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.



What this means in the MOSS (with K2 worklist web part)/K2 context is:
End client's browser requests MOSS page featuring the K2 web part, MOSS delegates the client's credential to K2, K2 knows who the end user is and retrieves his or her worklist items.

Since this is a 'troubleshooting Kerberos' article and not 'setting up Kerberos for first time' we will assume that:
  • You have supposedly configured your network to work with it, by following the K2 documentation (Getting Started)
  • You went to the Active Directory on the Domain Controller and gave the computers and users participating in the process a Delegate right.
  • You have configured IIS to use Negotiate, rather than NTLM
  • You DO have worklist items waiting for you.
  • If you have more than one domain controller in the network you realize that replication time could be a problem. Make sure that if you do some domain changes (adding/removing SPN, trusting delegation and etc) you either force the replication or wait for the period of time. You might want to decrease it to 10-15 minutes.

Now, if you don't see any of your items in the MOSS K2 web part, that's the first sign your Kerberos setup is not working. Login to your K2 server (using the K2 Service credentials!), go to the Services and stop the BlackPearl service. Then run it in console mode so you can clearly see what the error is. Chances are, you will see error messages telling you that the user 'NT AUTHORITY\ANONYMOUS LOGON' was denied access.


Obviously what happens is - IIS is not passing the end client credentials to the next server in the chain, which in our particular case is the K2 server. Now starts the fun part, trying to determine why your Kerberos configuration is not working. Logically, you would start by enabling the Kerberos logging on all participating machines. You do that by running regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters. You should add a REG_DWORD entry with value of '1'. Also, on the machine issuing TGT you should add the key KerbDebugLevel with value of '1', in the same Parameters folder. Enabling Kerberos logging is also explained here.

You might notice that Kerberos delays error logging, skips some or just doesn't output when you expect it to. Eventually you will start seeing some logs in you Event Log viewer, System section. There might be gems such as:
  • KDC_ERR_S_PRINCIPAL_UNKNOWN
  • KDC_ERR_BADOPTION
  • KRB_ERR_RESPONSE_TOO_BIG
  • And other...
Microsoft tries to explain them here, but generally, the descriptions of those errors might be unclear or even misleading. During the course of a week-long Kerberos issue troubleshooting, the problem was pinpointed to the following items.

  1. Internet Explorer settings on the client side. Make sure that the client (using IE) has added your MOSS website to the list of Trusted Sites. This is done by going to the IE -> Tools -> Internet Options -> Security -> click on Trusted Sites -> Click on the Sites button -> type the url of the site and click Add. Also, make sure that the Security Level for the Trusted zone is Low. If that's not possible, do a custom level (by pressing its button) and scroll down to the bottom of the pop up screen. Select "User Authentication->Logon->Automatic logon with current user name and password" radio button. Basically this tells the browser to pass the user credentials to the web site. Otherwise it will pass some anonymous user and it will never work.
  2. It is worth mentioning that IE 6 won't work with Kerberos, if the web site is not running on port 80. It is explained in details here, but you can easily overcome this problem by using host headers, insted of ports.
  3. Kerberos UDP fragmentation. Yes, by default Kerberos is running over the unreliable UDP protocol. This means - there is no guarantee that the packages will actually reach the destination. So if you get a lot of KDC_ERR_S_PRINCIPAL_UNKNOWN and KRB_ERR_RESPONSE_TOO_BIG error logs, this might be the reason. It is explained here and the solution to that is right here. By setting the max packet size to 1, you force it to run over TCP. This will require reboot of the system, though.
  4. Duplicate SPNs. That is my favorite and less documented problem! To understand what is considered a duplicate, read this short article carefully! Turns out, you can not have "HTTP/portal.mydomain.com DOMAIN\ServiceA" AND "HTTP/portal.mydomain.com DOMAIN\ServiceB" in the same time! When you are adding a SPN, it should be assigned to only one user!
Getting rid of the duplicate SPNs is no fun at all. Currently, there is no good tool do that for you. You will have to do it manually. First, you will need to output all the current SPNs in your domain. It's all explained here (3rd method).
  1. Get the spnquery.vbs script from here (click on the download button)
  2. Run it by executing "cscript spnquery.vbs * > my_SPNs.txt" in the command prompt
  3. Now you have all your SPNs dumped into the my_SPNs.txt file
Open it in your favorite text editor for review. Let's assume your MOSS server is called "SRV-MOSS" and your domain is "domain.company". Search the file for "SRV-MOSS". You should see an entry like:
CN=SRV-MOSS,[...]
Class: computer
Computer DNS: [...]
-- HOST/SRV-MOSS.domain.company
-- HOST/SRV-MOSS
It is fine. It shows that your MOSS server is trusted for delegation in the AD. Keep searching. You should see an entry similar to:
CN=[Application Pool Running User],[...]
Class: user
User Logon: [ApplicationPoolRunningUser]
-- HTTP/SRV-MOSS
-- HTTP/SRV-MOSS.domain.company
If the [ApplicationPoolRunningUser] is the domain user, running your MOSS web application pool, that is great, because it means that you have set a correct SPN! If you don't find such entries at all, you have missed an important step and you need to add delegation, by running command similar to:
setspn -A HTTP/SRV-MOSS domain.company\ApplicationPoolRunningUser
setspn -A HTTP/SRV-MOSS.domain.company domain.company\ApplicationPoolRunningUser
However, if you find another user entry (different of your MOSS app. pool running user), listing HTTP/SRV-MOSS as service principal name, that's a problem, because it's a duplicate! You will need to remove it by executing:
setspn -D HTTP/SRV-MOSS domain.company\AnotherUser
setspn -D HTTP/SRV-MOSS.domain.company domain.company\AnotherUser
Search for other duplicates and if none, you are one step closer to resolving the problem. At this moment, it is great idea to Purge all current Kerberos tickets in the system, as they (and the lack of?!) are being cached for more than 20 hours. For that purpose, you need to obtain a copy of the free KerbTray program. You might already have it installed, so check in your Program Files\Resource Kits. If not, get it from here and disregard it's saying the program is for Windows 2000 only. Here is a tip - if you are lazy and don't want to install it on all machines, you can intall it on one and access it from the others by opening \\servername\C$\... (if enabled). The program usually runs fine that way, worst case you will have to copy it.

So, after you start KerbTray you will notice a new green icon in the system tray.


If you double click it will show you the current Kerberos tickets obtained for the system.


What you want to do is right click the icon and select 'Purge Tickets'. Don't worry, the system will obtain them again and that's the whole point of the exercise.

Now go ahead and retest the network connectivity. Keep monitoring the K2 blackpearl server output. You should not see anonymous logons any more. Every network environment and its Kerberos configuration has something specific and its own flavor. Explore the references below to get further information and idea on how to troubleshoot Kerberos issues.

References:

Read more on this article...
Bookmark and Share

Tuesday, September 16, 2008

InfoPath 2007 Digitally Signed Form Templates

By Hristo Yankov

If you are developing a K2 blackpearl / InfoPath 2007 / MOSS solution, at some point of time you might need to digitally sign your Form template. One of the reasons you may need to do that is, if you have to give 'Full Trust' to the form. That's because MOSS will not allow you to submit (or event start filling out) a new InfoPath form, which requires full trust but is not digitally signed.

The process is pretty straight-forward - in InfoPath you click on the Tools in menu, select 'Form Options' and navigate to the 'Security and Trust' tab.

Then you click on the 'Sign this form template' checkbox and choose a certificate (or create a new one).


After doing this, you might be thinking that your InfoPath form is digitally signed and you can safely use the 'Full Trust' settings. In reality, after you deploy your solution and attempt to create a new InfoPath form in the Form Library, you get the following error:

"The form template is trying to access files and settings on your computer. InfoPath cannot grant access to these files and settings because the form template is not fully trusted. For a form to run with full trust, it must be installed or digitally signed with a certificate."



Now, let's think about how we usually edit InfoPath forms, which are already integrated with the K2 process. Usually we click on the InfoPath integration icon which opens the wizard and then we click on the 'Design' button, which opens the InfoPath application for us, so we can edit it.


(InfoPath Integration Wizard)


The problem with this approach is - by modifying the InfoPath form, K2 blackpearl invalidates your digital signature and effectively removes it. What happens is - you click on the 'Design' button, open the InfoPath form, set the signature, save the form, close it, 'Finish' the wizard, but next time you open the InfoPath form, your signature is gone. Even if you modify the InfoPath form outside the K2 studio, in the process of deployment, your signature is being destroyed again.

As a conclusion - there is no way you can deploy digitally signed InfoPath form, through the K2 blackpearl studio!

Fortunately there is a work-around. After deploying your solution, follow these steps:
  1. Navigate to your MOSS website
  2. Navigate to your Form Library where the form was deployed
  3. Click on Settings -> Form Library Settings
  4. Click on the 'Advanced settings' link
  5. Click on 'Edit template' link (Select 'Yes' at the question, if any)
  6. It will open the InfoPath form in design mode for you and will prompt you to save it somewhere. Don't overwrite the InfoPath form which is in the K2 project. Just save this on the desktop, or somewhere else.
  7. Now, in the InfoPath go to the Tool -> Form Options... -> Security and Trust and select full trust radio-button.
  8. On the same screen - sign the form
  9. Save the InfoPath on the desktop again
  10. Use the Publishing wizard in the InfoPath application (File -> Publish...) to republish the form into the form library.
Now your InfoPath form is digitally signed and ready to use. Unfortunately, you will have to follow those steps after each deployment.

Read more on this article...
Bookmark and Share

Friday, August 15, 2008

iTechnology Expands European Office

Mission Viejo, Calif. — iTechnology Corporation, a provider of business process optimization services and products that maximizes streamlines process automation by business users, announced the expansion of its European branch in Bulgaria. The expanded office provides iTechnology clients, particularly in the European Union better on-site support and industry expertise.

The European office will also support the development center of Task Based Workflow product, a premier tool enabling business users to create automated processes in one unified environment. Next release of iTechnology Task Workflow is planned for Q4 2008.

"This greater presence in Europe will allow us to continue to provide superior level of service to our growing number of clients in the region," said Dmitry Ivahno, president of iTechnology Corporation.

iTechnology has more than 50 clients across a variety of service industries including clients in financial services such as AXA, Irwin Financials, and Century Bank.

Read more on this article...
Bookmark and Share