Category Archives: Uncategorized

SoCal Code Camp San Diego 2014 – June 28th & 29th @ UCSD Extensions

image

www.socalcodecamp.com
June 28th & 29th @ UCSD Extensions

Hello SoCal Developer Community,

It’s getting down to the wire with only two weeks to go. Many new sessions that have been added see if anything new piques your interest.

The Topics You Want!
With almost 80 sessions at present, we know that more will be added in the days ahead. Sessions on ASP.NET vNext, Visual Studio Online, Typescript, Game Dev and lots more!

Take a moment to show your interest on the sessions page, and, while there, add a session of your own in your area of expertise so that your developer peers will benefit! All platforms, programming languages, and disciplines are welcome!

Geek Dinner – We have great ideas bouncing around for our Saturday night Geek Dinner.  Food and beverage with our dev peers is the perfect way to share our excitement after day #1. Stay tuned!

ASP.NET vNext –
There’s lots of exciting things happening in the ASP.NET space! Be sure to check out http://asp.net/vnext and http://blogs.msdn.com/b/webdev to stay up to date on ASP.NET and Web Tools. You can also follow @aspnet and http://fb.me/aspnet for news, tutorials, videos, and much more. But that’s not all! We’re also on GitHub (yeah, I said it) at http://github.com/aspnet. It’s a great day to be an ASP.NET developer on the Open Web.

Remember, CODE CAMP IS FREE!!! 

June 28th and 29th!

RSVP Now at http://www.socalcodecamp.com/
Thanks and we look forward to seeing you at SoCal Code Camp SD @ UCSD!

image

 

clip_image013

Cant wait to hang out with old friends…. See ya there!!!

clip_image002 clip_image004 clip_image006 clip_image007 clip_image009 clip_image010

 

-Ivan

 

The SharePoint Conference 2014 Part 1

imageMy favorite sessions so far has been Develop Advanced Search-Driven SharePoint 2013 Apps, my favorite Exam so far was 70-332, and my favorite party so far? was the Annual RED Party hosted by AvePoint.

My Favorite Keynote (so far) was Bill Clinton, he Rocked, and the message is clear. As the next generation has grown up without the traditional borders due to the technology revolution. They are more inclusive and think nothing of playing video games or talking on Skype with other members of their generation anywhere in the world. I know on any given night my son Jon is online with Germany, India, Italy, China, Korea, and many more. playing video games, watching youtube,  and talking about college (how boring and useless). this is in stark contrast to the typical exclusiveness of previous generations,  the us verses them mentality. image

 

Regardless of where you live, the color of your skin, the language you speak, gay or straight, the God you believe in, you are still one of us, and not one of them.

We are ALL in this together!@

 

 

 

But the Best Part of the Conference (so far) was a small dinner for the SharePoint Server MVPs at Dal Toro. Its really cool when a group of us have the opportunity to get together in a quite setting, have dinner, and discuss some of our more interesting war stories, life in the trenches.

But, its more than that it’s about our community.

IMG_0611

As in all communities there is always change and after dinner Jeremy Thake announced that this would be his last MVP Event. Most of you probably know Jeremy from his current job with AvePoint. I was lucky enough to have met him prior to his move to AvePoint and America. Though I am sad that we may not get to hang out at the MVP Summit (LOL) the way we have in the past, I am more than thrilled he has taken a position with one of the best companies in the world (Microsoft) and in the best product group (SharePoint).

Congratulations Jeremy, I think its really cool that though you may have left AvePoint and are no longer a SharePoint MVP we will still be able to hang out and continue to work with you in your new position.

TAO at the Venetian Las Vegas

IMG_0617

 

      AvePoint ROCKS!!

IMG_0618

BUDDHA

Oh, and Club SPC was pretty cool last night as well, I loved the Disco Ball and music thumpin in the Exhibit hall….

 

I hope everyone will be at the Las Vegas Motor Speedway for the Evening Event Tonight, from 7-10pm PST! The blowout party is sponsored by Neudesic. We will see if its more cool than the AvePoint Party last night at TAO.

Cheers,

 

-Ivan

SharePoint Technologies Test and Hands on Labs

I HAVE INCLUDED A FEW OF THE SharePoint 2013 Labs hat are available for download. I hope everyone can make the time to download the LABs and walkthrough them, as this will give you a better Idea of the new features in SharePoint 2013

Test Lab Guide: Demonstrate SAML-based Claims Authentication with SharePoint Server 2013

Test Lab Guide: Demonstrate Intranet Collaboration with SharePoint Server 2013

This paper helps you configure an environment to demonstrate the intranet collaboration features of SharePoint Server 2013.

Test Lab Guide: Configure SharePoint Server 2013 in a Three-Tier Farm

This paper provides a brief introduction to SharePoint Server 2013 and illustrates how to create a three-tier test lab. http://www.microsoft.com/en-us/download/details.aspx?id=30386

Test Lab Guide: Demonstrate Forms-Based Authentication with SharePoint Server 2013

Hands-on Lab Online: Advanced Web and Worker Roles

Starts:  Thursday, January 17, 2013 9:00 AM  Time zone: (GMT-08:00) | Duration: 3 hour(s)

  • Sign up for our Hands-on Lab Online (HOLO) event today. What is a HOLO event? It’s an online event where you listen to a live presentation and work on lab exercises. As you work on your labs, Microsoft experts can assist and provide guidance by chatting with you one-on-one or by virtually taking control of your lab. Sign up soon as registration and seating is limited.
  • https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032537777&culture=en-US

Hands-on Lab Online: Introduction to Windows Azure Virtual Machines

Starts:  Thursday, February 14, 2013 9:00 AM  Time zone: (GMT-08:00) Duration: 3 hour(s)

  • Sign up for our Hands-on Lab Online (HOLO) event today. What is a HOLO event? It’s an online event where you listen to a live presentation and work on lab exercises. As you work on your labs, Microsoft experts can assist and provide guidance by chatting with you one-on-one or by virtually taking control of your lab.  Sign up soon as registration and seating is limited.
  • https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032540778&culture=en-US

SharePoint Composite Handbook

A SharePoint Composite combines data, documents, and business process in a useful, productive way by assembling, connecting, and configuring the basic building blocks of functionality available in SharePoint 2013 and Microsoft Office 2013 so you can rapidly create business solutions.

http://www.microsoft.com/en-us/download/details.aspx?id=36055

 

-Ivan

Technorati Tags:

ineta Community Champion Award Letter of Commendation 2012

I have been honored this year with with the ineta Community Champion Award. ineta is an awesome organization who I first became involved with Birds of a feather during teched 2007.

image

 

Thank you ineta for your community involvement at so many of the events I attend and thank you for this award

Hopefully I will be recognized again.  it was a much appreciated honor to receive the first time…

We love “Birds of A Feather” please keep them coming to all of the events.

 

 

 

 

 

 

 

 

 

 

 

 

 

-Ivan

Windows Server 2012 AD RMS with SharePoint IRM a Step by Step Guide



I have included below for your review and use a copy of a document that I recently created for a 3 Server DEV environment for SharePoint IRM


Create Service Accounts


Account Name

User Logon Name

Group

ADRMSSRVC

ADRMS

 

ADRMSADMIN

ADRMSADMIN

Enterprise Admins

 

 

 


 


Server Names Operating System and Role / Applications


Server Names

OS

Roles  / Applications

DSI-DC1

Windows Server 2012

AD DS, ADRMS, DNS

DSI-SQL

Windows Server 2012

SQL Server 2012

DSI-SP2010

Windows Server 2012

SharePoint 2010


 


AD RMS Installation


1. Log on to Domain Controller DSI-DC1 as administrator.


2. Click on Desktop then click Server Manager then click Manage and Add Role and Features


3. Read the Before You Begin section, and then click Next.


Add Role AD RMS


On the Select Server Roles page, select the Active Directory Rights Management Services check box.


img2A


Add Required Features


The Add Required Features page appears informing you of the AD RMS required role services and features. Click Next.


img2C


Select Additional Features


The Add Additional Features page appears, Click Next


img2D


Active Directory Rights Management Services Introduction


Read the AD RMS introduction page, and then click Next.


img2E


Select Role Services


On the Select Role Services page, verify that the Active Directory Rights Management Server check box is selected, and then click Next.


img2F


Web Server Role (IIS)


Read the Web Server Role (IIS) introduction page, and then click Next.


img32


Select Role Services


On the Select Role Services page, verify that the Web Server Services, and then click Next.


img34


Confirm Installation Selections


Confirm the AD RMS Installation selections, and then click Next.




img35


Installation Progress


img36


 

Active Directory Rights Management Configuration


img37


Create a new AD RMS Cluster


Click the Create a new AD RMS root cluster option, and then click Next.


img38


Select Configuration Database Server


Click the Specify a database server and a instance option type DSI-SQL , and choose Default Instance, then Click Next. If you have any issues connecting to the instance you may have to enable the SQL Brower. This is especially the case if you are configuring AD RMS on Windows Server 2012 that has the AD DS Role.


img39


Specify Service Account Requires Domain Admin User Rights


Click Specify, type DIMENSION-SI\ADRMSSVC, click Next.


img3A


Specify Cryptographic Mode


img3B


Specify Key Storage Mode


Ensure that the Use AD RMS centrally managed key storage option is selected, and then click Next.


img3C


Specify Cluster Key Password


Type a strong password in the Password box and in the Confirm password box, and then click Next.


img41


Specify The AD RMS Web Site


Choose the Web site where AD RMS will be installed, and then click Next. In an installation that uses default settings, the only available Web site should be DEFAULT Web Site.


img42


Specify Cluster FQDN


Click Connection Type Use an SSL-encrypted connection (https://). In the Fully-Qualified Domain Name box, type https://adrms.dimension-si.com, and then click Next


img43


Choose SSL Certificate


Click the Create a self-signed certificate for SSL encryption option, and then click Next.


img4B


Name the Server Licensor Certificate


Type a name that will help you identify DSI-DC1-ADRMS in the Friendly name box, and then click Next.


img4C


Register Service Connection Point


Ensure that the Register the AD RMS service connection point now option is selected, and then click Next to register the AD RMS service connection point (SCP) in Active Directory during installation.


img4D


Confirm Installation Selections 


Click Install to provision AD RMS on the computer. It can take up to 60 minutes to complete the installation and Click Close.


img4E


Confirm Installation Results 


img4F


Sign Out 


Log off the server, and then log on again to update the security token of the logged-on user account. The user account that is logged on when the AD RMS server role is installed is automatically made a member of the AD RMS Enterprise Administrators local group. A user must be a member of that group to administer AD RMS


img50


By default, the AD RMS cluster server certification pipeline ACL is configured to allow only the local System account. You must add the permissions in order for Office SharePoint Server 2010 to integrate with AD RMS.



Add DSI-SP2010 to the AD RMS Certification Pipeline


1. Log on to DSI-DC1 as DIMENSION-SI\Administrator.


2. Click Start, and then click Computer.


3. Navigate to C:\Inetpub\wwwroot\_wmcs\Certification.


4. Right-click ServerCertification.asmx, click Properties, and then click the Security tab.


5. Click Advanced, click Enable Inheritance, select the Include inheritable permissions from this object’s parent check box, and then click OK two times.


6. Click Edit, and then click Add.


7. Click Object Types, select the Computers check box, and then click OK.


8. Type DSI-SP2010, and then click OK.


9. Click OK to close the ServerCertification.asmx Properties sheet.


By default the Read & execute and the Read permissions are configured for the DSI-DC1 computer account object and all other accounts inherited from the parent folder.


10. Click Start, and then click Command Prompt.


11. Type iisreset, and then press ENTER.




Once the AD RMS cluster certification pipeline is inheriting and you have added DSI-SP2010, you must configure Office SharePoint Server 2010 to use the AD RMS cluster:








SharePoint 2010 Information Rights Management Configuration Guidance


Before using IRM, you must have a Windows Rights Management Services (RMS) server to connect to. In addition, you must have installed the Windows Rights Management Services Client Service Pack 2 on every front-end Web server in the farm running SharePoint Server 2010.


SharePoint IRM Configuration Step by Step


1. On the SharePoint Central Administration Web site, in the Quick Launch, click Security.


2. On the Security page, in the Information Policy section, click Configure information rights management.


Central Administration > Security > Information Rights Management 


Use the default RMS server specified in Active Directory Select this option if your organization has specified an RMS server in Active Directory Domain Services (AD DS) and Click OK



img53




Event Log Errors and Reference



If you are unable to open a document from an IRM protected library you may receive two similar events


Event ID 5085 (Windows SharePoint Services health model) 


img55




Reference: http://technet.microsoft.com/en-us/library/cc561091(v=office.12)

Event ID 5065 (Windows SharePoint Services health model) 

 


img54




‘Reference: http://technet.microsoft.com/en-us/library/cc561018(v=office.12)



As the event states the most likely event is the User email Address has not been configured. However, the documentation has not been updated to support SharePoint 2010. The SharePoint 2010 Architecture has change and you now must ensure that the User Profile Service has synced.




If users attempt to open IRM Protected documents prior to the sync, they will NOT open and you will receive the two errors 5065, 5085 listed above  in the event log. Unfortunately, the two references I list above do not allow for comment or I would have added the comment to the technet library


 


Cheers,


 


-Ivan

Microsoft Windows Unauthorized Digital Certificates

Original release date: June 04, 2012 Source: US-CERT Alert TA12-156A

Systems Affected

  • All supported versions of Microsoft Windows, including:
  • * Windows XP and Server 2003
  • * Windows Vista and Server 2008
  • * Windows 7 and Server 2008 R2
  • * Windows 8 Consumer Preview
  • * Windows Mobile and Phone
  • Overview
  • X.509 digital certificates issued by the Microsoft Terminal Services licensing certificate authority (CA) can be illegitimately used to sign code. This problem was discovered in the Flame malware. Microsoft has released updates to revoke trust in the affected certificates.

Description

  • Microsoft Security Advisory (2718704) warns of active attacks using illegitimate certificates issued by the the Microsoft Terminal Services licensing certificate authority (CA). There appear to be problems with some combination of weak cryptography and certificate usage configuration. From an MSRC blog post:

We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft.

Security Advisory 2718704: Update to Phased Mitigation Strategy What we found is that certificates issued by our Terminal Services licensing certification authority, which are intended to only be used for license server verification, could also be used to sign code as Microsoft. Specifically, when an enterprise customer requests a Terminal Services activation license, the certificate issued by Microsoft in response to the request allows code signing without accessing Microsoft’s internal PKI infrastructure.

The following details about the affected certificates were provided in Microsoft Security Advisory (2718704):

Certificate: Microsoft Enforced Licensing Intermediate PCA

  • Issued by: Microsoft Root Authority
  • Thumbprint: 2a 83 e9 02 05 91 a5 5f c6 dd ad 3f b1 02 79 4c 52 b2 4e 70

Certificate: Microsoft Enforced Licensing Intermediate PCA

  • Issued by: Microsoft Root Authority
  • Thumbprint: 3a 85 00 44 d8 a1 95 cd 40 1a 68 0c 01 2c b0 a3 b5 f8 dc 08

Certificate: Microsoft Enforced Licensing Registration Authority CA (SHA1)

  • Issued by: Microsoft Root Certificate Authority
  • Thumbprint: fa 66 60 a9 4a b4 5f 6a 88 c0 d7 87 4d 89 a8 63 d7 4d ee 97

Impact

  • An attacker could obtain a certificate that could be used to illegitimately sign code as Microsoft. The signed code could then be used in a variety of attacks in which the code would appear to be trusted by Windows. An attacker could offer software that appeared to be signed by a valid and trusted Microsoft certificate chain. As noted in an MSRC blog post, "…some components of the [Flame] malware have been signed by certificates that allow software to appear as if it was produced by Microsoft."

Solution

  • It is important to act quickly to revoke trust in the affected certificates. Any certificates issued by the Microsoft Terminal Services licensing certificate authority (CA) could be used for illegitimate purposes and should not be trusted.

Apply updates

  • Apply the appropriate versions of KB2718704 to add the affected certificates to the Untrusted Certificate Store. Updates will reach most users via automatic updates and Windows Server Update Services (WSUS).

Revoke trust in affected certificates Manually add the affected certificates to the Untrusted Certificate Store. The Certificates MMC snap-in and Certutil command can be used on Windows systems.

References

-Ivan

20th ANNUAL KROQ WEENIE ROAST y FIESTA “Cinco de Mayo”

 

I  LUV The Offspring and Pennywise a couple of my favorite local bands.

image

Its been a few years since I’ve seen Garbage but will definitely be a blast… I hope to see all the local California folks there..

image

If you have never been to the WEENIE ROAST (you don’t live in SoCal) its been sold out since the first hour on sale every year…

Mike might have a few tickets left but I doubt for very long 949-722-6200.

-Ivan

Microsoft Training Resources

Find training opportunities and recommendations anytime on the U.S. Partner Learning blog, Learning Plan Tool website, and the Local Activities Section of the Training and Events page on the U.S. partner portal.

 

Training for Developers

Microsoft Forefront Security

Forefront Server Security Service Kit: The Tools You Need for a Successful Deployment
TechNet Webcast: Microsoft Forefront Unified Access Gateway – Hands on with Beta 2!
TechNet Webcast: Centralizing Application Authorization with AD FS 2.0 (Level 200)
TechNet Webcast: Forefront Threat Management Gateway 2010: Protection Features and Underlying Technologies (Level 300)
Build Your Forefront Security Learning Plan

 

Microsoft SQL Server 2012

SQL Server 2012: Technical Overview of New Features
SQL Server 2012: Optimized Developer Productivity
SQL Server 2012: Extend Data Virtually Anywhere
SQL Server 2012 Licensing Update for ISVs
Build Your SQL Server 2012 Learning Plan

November Partner Training Sweepstakes
The Partner Training Sweepstakes offers a chance to grow your skills and be entered to win great prizes. Take any of our featured Windows 7, Microsoft Office 2010, Windows Server 2008 R2 and Microsoft System Center training sessions this month and you will be entered to win a Dell Netbook or a $150 American Express gift card.

 

-Ivan