Check out my new blog at https://shibumiware.blogspot.com

Monday, April 14, 2014

WSUS and Windows Internal Database

As I sit here waiting for a build to complete and for a database to restore, I started fiddling with my new Windows Server 2012 instance.  Weird, the available memory is super low so I take look and I see that there is a mystery SQL Server instance running something called the Windows Internal Database.  What’s that all about?

I guess I have been living under a rock in terms of this subject.  Windows Internal Database (WID) is a version of SQL Server 2005-2012 that Microsoft ships with Windows Server 2008/2008R2/2012/2012R2.  It is a variant of SQL Express that is designed to be used by Windows Services.  It cannot be uninstalled and it is used by a variety of Microsoft products, including WSUS (which is how I discovered it—I was trying to figure out why available memory dropped so dramatically after I installed WSUS), ADRMS, Resource Manager, and a couple of others.

You can connect (only locally and preferably using the same account used to install Windows) through the pipe called \\.\pipe\MICROSOFT##WID\tsql\query (for 2012).  I was able to throttle memory usage on WID but expanding databases caused SQL Management Studio to hang.

Learn something new every day!

Saturday, April 12, 2014

Windows Update Services on Windows Server 2012 R2

I am trying to modernize a bit.  My products support Windows Server 2008, Windows Server 2008 R2, SQL Server 2005-2008/2008R2, and SharePoint 2007/2010.  My home network is a 2008 R2 domain.  My mission was to introduce Windows Server 2012 R2, SQL Server 2012 R2, and SharePoint 2013 with Project Server 2013.

This hasn't been easy.

Figuring that after (depending on which version of which product) x number of years, things would get  easier to install, configure, and go live with.  Installing Windows 2012 R2 was a breeze of course.  Adding the various roles and features I need was easy as well.  Until I hit Windows Update Services (WSUS).

I like WSUS for my domain because I can pick and choose what updates go out to the house computers.  In previous versions of Windows, it was pretty straight forward.  Simply add the necessary roles and features to your server, talk to Windows Update about the types of updates you want, possibly create some rules to auto-approve the updates, setup a GPO object so your machines are looking at your local WSUS, reboot about 12 times, and you are ready to go.

This time, with Windows 2012 R2, this became a serious hassle.  Absolutely nothing worked.  For the machine hosting WSUS, I couldn’t even get it to talk to Windows Update even though it was a vanilla install straight from the ISO downloaded from MSDN.  The MMC snapin wouldn’t initialize, the client machines couldn’t see it, and WSUS kept complaining about not being able to connect to the service.

Time to start over.

After many hours today I finally got the WSUS host to talk to Windows Update.  Unfortunately, I don’t know why it started to communicate.  I just kept plugging away at all of the “answers” on the web, rebooting, turning services on and off, renaming the SoftwareDistribution folder, deleting the crypto directory, etc, etc, until it finally worked. My intention was to track these modifications and create a tool that would do what Microsoft didn’t, which is to make WSUS work on Windows Server 2012 R2 right out the box.  Unfortunately, I didn’t track changes because I was ripping through trying to get it to work.

I wasn’t even trying to spend the day messing with this.  I wanted to get my Windows 2012 + SharePoint 2013 + Project Server 2013 instance up so I could see what it would take to deploy my stuff.  That will be a topic of another post.

What I can tell you is this:  once you get everything working except for clients talking to the WSUS host, you have a big problem. I really can’t explain why Microsoft did this, but the web services WSUS requires have quite the spastic web.configs.  None of them have the correct protocols in their respective web.configs.  I had to not only manually edit each web service .config, but I also had to take ownership of the file because the owner is “TrustedInstaller” so even though I am a domain admin, I could not edit and save the configs to fix the problem.

Hours later…

Everything is working great.  Here’s what you need to know:

Your web configs are wrong.  Open IIS Manager and select the following:

image

Open the web.config in Explore and look:

<webServices>
  <protocols>
    <remove name="Documentation"/>
  </protocols>

  <!-- Run SOAP Header Filter with ClientWebService -->
  <soapExtensionTypes>
    <add type="Microsoft.UpdateServices.WUShield,WUShield"
    priority="1"
    group="0" />
  </soapExtensionTypes>
</webServices>

Nope, not going to work!  There is nothing there for get and post, so you will get something like this.

You really need your <webServices> * to look like this:

<webServices>
  <protocols>
    <remove name="Documentation"/>
    <!-- <add name="HttpSoap1.2"/> -->
    <add name="HttpSoap"/>
    <add name="HttpPost"/>
    <add name="HttpGet"/>
    <!-- <add name="HttpPostLocalhost"/> -->
    <add name="Documentation"/>
  </protocols>

  <!-- Run SOAP Header Filter with ClientWebService -->
  <soapExtensionTypes>
    <add type="Microsoft.UpdateServices.WUShield,WUShield"
    priority="1"
    group="0" />
  </soapExtensionTypes>
</webServices>

So do that!  But your challenge will be to get Windows to let you.  It’s not difficult.  Just take ownership from TrustedInstaller and add your logged on user credentials, edit the file, save, and then you are golden.

You have to do something similar for all of WSUS web services except some don’t require the SOAP components of web.config.  Not hard to figure out.  Simply try to browse to the web service endpoint.  If not doesn’t give you something like this:

image

Then you have some work to do.

Microsoft: This is not okay.  It also isn’t documented anywhere that I can find.  I figured this out by research.  Windows 2012 is a derivative of Windows 8*, which few like so it would seem you would pay more attention to your enterprise users.  That being said, I am really digging the new UI.  I don’t like it on my workstations but I do like it on the server. 

HTH,

Colby

Thursday, April 10, 2014

Windows Server 2012 – Windows Update Malfunction

Brand new install of WS2012, out of the box, nothing configured and yet windows update sat at zero percent for hours.

Here is how to solve it:

1.)  Disable Windows Update Service

2.)  Reboot

3.)  Delete all content from C:\windows\softwaredistribution

4.)  Restart Windows Update Service

5.)  Check for updates and apply…

HTH

UPDATE: These steps didn’t fully rectify the problem.  Following these steps did:

http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/windows-update-hangs-on-checking-for-updates/b762abf5-655c-4a60-aabc-9f59785bd8d9

Colby

Wednesday, April 02, 2014

Forms Authentication in SharePoint

There are tons of posts about how to configure forms auth for SharePoint.  I have a need for a forms auth site collection so I started off by reading the office documentation from Microsoft.  After configuring the web application and creating a new site collection (and doing the numerous things you must do before this), I attempted to browse the new site collection.  I got this error:

“Cannot get Membership Provider with name AspNetSqlMembershipProvider. The membership provider for this process was not properly configured. You must configure the membership provider in the .config file for every SharePoint process.”

Okay, so I went to Central Admin->Security->Specify -->Authentication Providers—>Default and noted that AspNetSqlMembershipProvider was specified.  I checked the web.config and it was listed (inherited).  Reset IIS.  No luck.

Ah, but wait, the security token service wasn’t started.  That must be it.  So I started the service and still no luck.

In IIS Manager, I noticed this:

 image

That doesn’t look right.  The AspNetSqlMembershipProvider is not listed.

Here is what the problem is:

Open :C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\Root\web.config

Notice this:

system.web>
    <membership defaultProvider="i">
      <providers>
        <clear />
        <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="c">
      <providers>
        <clear />
        <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      </providers>
    </roleManager>
  </system.web>

The <clear /> element is well understood of course.  It simply clears all inherited providers in this case.  Removing those two elements and here we go:

image

The next problem is trying to create users.  When I open the .NET Users feature I get: “The default role provider does not exist”.

In web.config change:

<roleManager cacheRolesInCookie="false" defaultProvider="c" enabled="true">

to:

<roleManager cacheRolesInCookie="false" defaultProvider="AspNetSqlRoleProvider" enabled="true">

I created a users and logged in just fine.

I feel tool coming on for configuring all of this without wading through XML.

Hope this helps.

Disclaimer

Content on this site is provided "AS IS" with no warranties and confers no rights. Additionally, all content on this site is my own personal opinion and does not represent my employer's view in any way.