Previously I had been using the (formally "Katmai") SQL Server 2008 CTPs that were distributed through MSDN as VHD files ready for Virtual PC.  But today with the arrival of the November CTP (CTP 5) DVD I actually got around to the installation.

I had no problem with the hardware requirements and the install went successfully.  I screen caped the interesting bits as I went...

The Launcher.  First up there are some improvements to the install launcher with all the important stuff easy to find.

The Configuration Check screen is as you would expect based on SQL Server 2005.



An interesting thing to note about the Feature Selection screen is as you add and remove features the remaining steps adjust accordingly



I've skipped the Instace Configuration screen because it is just as you would expect, however the Service Accounts page has been improved with some secure defaults and it guides you towards secure choices. 



Again I have skipped the Instance Configuration because it is much as you would expect.  The Database Engine Configuration screen is again good at guiding you towards good choices.  Interestingly TempDB location is included which is nice.  Always good to have TempDB on seperate IO if possible.



Analysis Services Configuration is much the same as Database Engine Configuration, but nice to see SharePoint integrated mode is available on the Reporting Services Configuration step.  Historically this use to be some black magic.  I'm looking forward to testing out this option in Katmai in greater depth later.



The rest of the steps are much as you would expect based on SQL Server 2005 and not too interactive, so I have saved you the bandwidth. 

And there you have it!  Play time again for me

Listening To: Air - Premiers Symptomes

Sydney had some very heavy storms today, on the back of what is an unseasonal string of storms.  The drains outside my new home office were at capacity for the first time and with the rain coming down…

It flooded

However by and large things went well.  First thing was to cut mains power to the room as a puddle was forming under my rack.  A laptop was on hand and the LAN infrastructure was on power protection, so all the machines that matter shut down cleanly. 

What did I learn?

• My SQL Server (Proliant ML530, 2x Xeons, 3Gb, Ultra3 RAID) takes the longest to shut down so should be shut down first.  Tacitly I knew this, but didn’t connect the dots at the time (with the UPS ticking away)
• Power packs, in fact mains power in general should be off the floor.  I am gonna make a policy about this.  Again it could have been a lot worse but it was a distraction with the clock ticking.  Command hooks are cheap and I will be making some CapEx 3M’s way shortly.
• The floor is a bad place to stack paperwork.  Nothing important was lost but Rob and Coronel has a date with the hair dryer
• One of my UPSes goes Red with plenty of juice to spare.  Might need to do more testing.

 

Lots of people are familiar with obtaining and installing SSL Certificates for hosting secure web sites, but the area of code signing seems less cohesive. I’ve compiled some notes I have on the process together in this blog post.

Yes, but who are you?

Reputable publishers of code signing certificates require some evidence that you are authorized with respect to the organization you wish to have named on your certificate. In my case, being able to produce the ASIC registration for my company was enough, YMMV.

This is subtle, but important.

1. My company rego papers are credentials a Root CA (e.g Comodo, Verisign, Thawte, USERTrust etc) uses to trusts me.
2. The user (implicitly) trust the Root CA by using an OS with their Certificate installed.
3. Ergo, the user (indirectly) trusts me.

Macro projects in Microsoft Excel/Word/Visio/Access/etc

Once you have obtained your certificate, you are able to sign Macro projects in Office document templates by choosing Tools -> Digital Signature.

Your newly purchased certificate will appear in the list and by saving the project your template is signed. The difference is now the user is asked to trust you (as verified by the CA) and your code, rather than being asked to enable all macros.

Software distributed MSI packages

Signing MSI packages and CAB files is more visible than ever before in Windows Vista. This I think is a good thing, however I do worry that because there are a lot of unsigned installers out there that users may get the message that it’s not that important.

Once you have got your certificate from a CA, the process couldn’t be easier. There are a couple of ways to get signtool.exe, I usually have the Windows SDK on my machines which ships with it.  The command to sign ClassLibrary1.dll for example is: (assuming signing from a pfx, not the local cert store)

C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\signtool.exe sign /f My_Code_Signing_Cert.pfx /p L0ng5ecr3tp@ssw0rd /d name /du http://www.MyCompany.com /t http://timestamp.verisign.com/scripts/timestamp.dll ClassLibrary1.dll

The time stamping is important here, in that certificates expire. An external time stamp ensures that the assembly was signed while the certificate was valid.

.NET Assemblies

Technically, signing an assembly is not unlike signing an MSI. On one hand it is easier because you can do the signing from inside Visual Studio’s project properties

On the hand there is the concept of delay signing, where the actual private key is not available to the developer on a day-to-day basis.  This added security adds a layer of complexity that is frankly beyond the scope of this post. I will come back and dedicate a whole post to it some time

Windows Logo Certification / WinQual

This is the only case I can think of where the vendor of the certificate matters. A certificate from VeriSign is required to prove your identity in the WinQual program, which is required for a Windows Logo certification. VeriSign has special pricing is on offer for members of Windows Quality Online Services site.  The $99 cert from VeriSign is required for WinQual membership, and is all you need if you already have a code signing certificate. The $399 cert is valid for both code signing and WinQual membership.

So looking forward to another year in Visual Studio, and this year in Visual Studio 2008 no less! 

I thought I'd open 2008's blog posts with a note about what is in my toolkit at the moment for developing in VS2008.  So in no particular order...

What is in?

• Visual Studio 2008.  I played with it since Beta1, and blogged about it a bit too.  Living in the RTM now and quite liking it.
• Refactor! Pro and Coderush from Developer Express are still on my list.  There is a new version (3.0.5 at time of writing) out that has some cool new improvements.
  
• Aptana Studio.  I heard about this Eclipse-based IDE on the Hanselminutes podcast and had to check it out.  There are some good features in there for CSS and JS.  Worth having around and they cram a lot of IDE into a tiny space!
• The PowerShell Visual Studio Templates.  Powershell is getting more and more use in my life, and I love the idea of rolling your own cmdlet (pronounced:  "command-let") to manage your own apps.  The page says they are for VS2005 but they are good for VS2008 as well.
• NMock.  I know there are plenty of mocking frameworks out there each with their own style.  I just happen to like NMock.

What is out?

• The notable exclusion from my 2008 dev environment is NUnit.  I have been a fan and user of NUnit for some time, but am going with the MSTest-based unit testing framework that is built in to Visual Studio 2008.
• NAnt is on thin ice in my environment too in favour of MSBuild.  This is largely for pragmatic reasons, there is project information kept in both the VS Solution and in the NAnt file and my preference is to maintain it in one spot only.

And that's it!  I like to keep it light.  For Continuous Integration I am using CruseControl.NET.

I'm still searching for the perfect XPath/XSLT environment.  Visual Studio is OK for the moment, but I have a feeling that the perfect tool may just be Eclipse based :)

One question I have strugled to answer clearly in past is What is the difference between Windows Sharepoint Services (WSS 3.0) and Microsoft Office Sharepoint Server?

The first difference is in the name, and is best highlighted in the words of Richard Campbel of DNR/Run-As fame:  When it is a service it is free, when it is server you have to pay for it.

The following diagram shows how I keep them apart in my mind:

To explain a bit: this is not a complete list of features, and not the most important features, just my favs

So if you have any features that you think are really important and didn't get a mention, leave me a comment!

Listening To: You're Living All Over Me, Dinosaur Jr.

The problem with IIS6 that I have been curious about but up until today never needed a solution for.

The problem I am talking about is that with the IIS 6.0 UI you cannot set a host header on a SSL port for a domain.  You can live a long and happy life with a 1-cert-per-server config but with the case of a wildcard cert (one covering all subdomains of the domain it was purchased for) you really want to be able to take advantage of these extra subdomains.

Consider an example from a server below.  The two sites that are highlighted belong to the same domain - Lets call the red one www.MySite.com and the blue one shop.MySite.com.  There is a wildcard cert installed on the machine for *.MySite.com.

The first one is easy.  Install the cert and assign it to the site.

Setting this on subsequent sites on the same box is where you get the problem.  It can be done, and it isn't hard, you just have to know the trick!

The trick is the adsutil.vbs script that is included when you install IIS.  The default path to find these scripts is: C:\Inetpub\AdminScripts.

The process for assigning a host header for SSL to all subsequent sitess is:

1. Don't assign a SSL port number to the second site.  Leave it on port 80 for now
2. Open a command window and change to the path with adsutil.vbs.
3. Run the following command:  cscript.exe adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:<host header>"   In our example above the <site identifier> is replaced with the Id of the blue site, 1023406912, and the <host header> is replaced with shop.MySite.com
4. adsutil will assign port 443 to the site, you do not need to reset IIS

TechNet has a rundown of all the things you can do with adsutil.vbs and IIS6, so check it out.  But don't get too attached - the Metabase is not showing up for IIS 7!

Listening To: The Boatman's Call, Nick Cave and the Bad Seeds

I just saw these and thought they were worthy of linkage

Clinic 2806: Microsoft® Security Guidance Training for Developers.

Clinic 2807: Microsoft® Security Guidance Training for Developers II.

There is a good breadth of topics covered, and the price is right

OK I'm wheeling out the Sharepoint Annoyances category for one last random show - until next time (kinda like the Rolling Stones)

The problem comes when you remove WSS 3.0 from a box and the instance of Microsoft SQL Server 2005 Embedded Edition (SSEE) does not get removed. 

This is by design, however if the reason you are removing WSS 3.0 is because of a problem with the SSEE database you have a problem.

It turns out it is easy to uninstall after all - I found the answer via Jérémie Clabaut's blog.

The good news is it is a one liner to call msiexec.  Quoting Jérémie:

msiexec /x {CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB} callerid=ocsetup.exe

As is documented elsewhere - don't forget to move away / delete any errant Mdf/Ldf files as they can interfere with the reinstall. 

Thanks Jérémie!

Listening To:  The Velvet Underground and Nico, The Velvet Underground