Wednesday, November 1, 2017

Collab365 Conference 2017 : Join my session on Single Page Applications with SharePoint

Have you heard about the virtual Collab365 Global Conference 2017 that’s streaming online November 1st – 2nd?

Join me and 120 other speakers from around the world who will be bringing you the very latest content around SharePoint, Office 365, Flow, PowerApps, Azure, OneDrive for Business and of course the increasingly popular Microsoft Teams. The event is produced by the Collab365 Community and is entirely free to attend.

Places are limited to 5000 so be quick and register now.

image

During the conference I'd love you to watch my session which is called : 'Rich single page applications with SharePoint'

There are lots of ways to develop applications on top of SharePoint. You can build full trust farm solutions, SharePoint add-ins or SharePoint framework based apps. But can we do customizations without limiting to any of these frameworks? In this session, I will explain how to build and package Single Page Applications (SPA) on top of SharePoint and embrace client-side technologies. Furthermore, I will explain how to involve continuous integration and unit testing whenever possible​

If you join me, you will learn:

  • Single Page Applications (SPA) concepts
  • AngularJS, SharePoint REST API
  • Packaging
  • Further improvements

Topic(s):

  • SharePoint

Audience :

  • Developer

Time (in UTC) :

  • Thursday, November 2 2017 2:00 PM ( 7.30PM IST)

How to attend :

  1. Register here.
  2. At the time listed above go here to watch my session. (you can also add me to your own personal planner from the agenda.
  3. Be ready to take notes!

Wednesday, August 16, 2017

Collab365 conference : “Rich single page applications with SharePoint”

It feels great to be selected yet another time to speak at Collab365 conference. This time I will be talking about how to build single page applications with SharePoint.

There are lots of ways to develop applications on top of SharePoint. You can build full trust farm solutions, SharePoint add-ins or SharePoint framework based apps. But can we do customizations without limiting to any of these frameworks?

In this session I will explain how to build and package Single Page Applications (SPA) on top of SharePoint and embrace client side technologies

600x200_gc17_speakerbadge_lndscp

Following are some links for the event

Friday, July 28, 2017

Create IKEV1/V2 site-to-site VPN between Microsoft Azure and external networks using a StrongSwan VM

Microsoft Azure is a great place to host our IaaS workloads. We can create a complete setup using Azure IaaS features including but not limited to Virtual Machines, Virtual Networks, Gateways, etc..

It’s often a requirement to connect external networks to our Azure virtual network. Azure itself provides a great feature called Virtual Network Gateway which can be utilized to build Site-to-Site VPN connectivity with external network.

However, Azure Virtual Network Gateways still have some compatibility issues and other limitations. Some issues are as below

  • Some routes are still not supported.
  • We can use either IKEV1 or IKEV2 for a subnet but not both (either policy based or route based. but not both).

We don’t know, by the time you read this article, those issues may have fixed.

In my Azure environment, I have a SharePoint 2013 farm. I need to allow users from the external network to use my SharePoint farm by creating a trust between two environment. In order to perform that task I need a reliable Site-to-Site connection.

In this article I’ll show a reliable mechanism to create Site-to-Site VPN using a Ubuntu Linux VM and StrongSwan.

image

Following are the steps to be done at Azure environment

Prerequisites

  • Create Ubuntu 14.04 VM in Microsoft Azure environment
  • Public IP is available
  • IP can be forwarded
  • UDP ports 500 and 4500 is open

Steps

  • Create Ubuntu VM and connect to it using SSH client like PuTTy

image

  • Login as Root

sudo su
sudo apt-get update

  • Install OpenSSH server

sudo apt-get install openssh-server

  • Enable IP forwarding
echo "1" | sudo tee /proc/sys/net/ipv4/ip_forward
  • Navigate to /etc/iptables.rules and add following section

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -s 10.0.0.0/16 -j ACCEPT
-A POSTROUTING -d 10.0.0.0/16 -j ACCEPT
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT

  • Install StrongSwan and Update
sudo apt-get install strongswan
sudo apt-get upgrade strongswan
  • Navigate to /etc/ipsec.secrets and add following line. We will create the connection using Pre Shared Key (PSK) to create the VPN. We should create a matching entry in our client VPN device too.
Z.Z.Z.Z Y.Y.Y.Y : PSK "Password"
  • Add configurations for each Subnet as below. In this sample I have shown how to build a IKEV1 connection.

conn Client1
        authby=secret
        type=tunnel
        leftsendcert=never
        leftid=Z.Z.Z.Z
        left=10.0.4.4
        leftfirewall=yes
        leftsubnet=10.0.4.0/24
        rightid=Y.Y.Y.Y
        right=Y.Y.Y.Y
        rightsubnet=X.X.X.X/24
        keyexchange=ikev1
        rekeymargin=120s
        ikelifetime=3600s
        keylife=3600s
        ike=3des-sha1-modp1024!
        esp=3des-sha1!
        compress=no
        keyingtries=3
        reauth=no
        rekey=yes
        modeconfig=push
        auto=route

Building IKEV2 connection is also similar.

  • Create a user defined route in Azure

image

image

image

  • Start the VPN
    • ipsec update
    • ipsec secrets
    • ipsec restart

Following are the steps to be performed at client router

  • Create VPN Policy

image

  • Create VPN Connection

image

After completing above steps I’m able to establish a connection between my Azure environment and client network.

By using StrongSwan I can create multiple IKEV1 and IKEV2 connections to my Azure network seamlessly

Wednesday, May 10, 2017

Presentation - Build real-time applications using SharePoint, Azure Service Bus and SignalR

I did a session on real-time applications with SignalR and Azure service bus for SharePoint Saturday Colombo 2017. I explained the concept and different technologies we can employ to build rich and real-time applications. Later I explained the approach to host such applications within SharePoint.

I will do a separate blog post explaining the steps required to a host real-time web application within SharePoint.

image

Following is the presentation I did

 
We had a room full of active participants Smile. It was nice to see some familiar faces after a long time.
 
DSC_0019   DSC_0059
DSC_0077 
We had a productive panel discussion as well.
DSC_0111

Wednesday, April 12, 2017

Resolve SQL Server error “Cannot generate SSPI context” in a Kerberos environment

Recently I came across following error when I tried to create an ODBC connection to one of my SQL Servers using TCP/IP.

image

The SQL server belongs to a SharePoint farm which is configured with Kerberos authentication. The same SQL server was initially configured with local system account and later reconfigured with a domain account (e.g trs\SQL_Admin).

Logs showed that there is an issue with SPN records

Following are the steps I followed to resolve the issue

  • Check existing SPN records for the service account

setspn –l trs\sql_admin

It lists all SPN records registered. However it did not contain an entry for

mssqlsvc/TRS-AUS1-AS-01.trs.local:1433

  • Add missing SPN record using following command

setspn -a mssqlsvc/TRS-AUS1-AS-01.trs.local:1433 trs\sql_admin

Unfortunately I received an error saying that there is a duplicate record. Let’s investigate that

  • Execute following command to find out any SPN records for that particular server

setspn -l TRS-AUS1-AS-01

It had a record with same signature. May be it was created for my local service account when SQL server was initially configured

image

  • We need to remove those SPN entries. To remove them use following commands

SetSpn -d MSSQLSvc/TRS-AUS1-AS-01.TRS.local:1433 TRS-AUS1-AS-01
SetSpn -d MSSQLSvc/TRS-AUS1-AS-01.TRS.local TRS-AUS1-AS-01

  • Then we need to add new SPN entries with our service account

setspn -a mssqlsvc/TRS-AUS1-AS-01:1433 trs\sql_admin
setspn -a mssqlsvc/TRS-AUS1-AS-01.trs.local:1433 trs\sql_admin

  • You can verify the delegation through Active Directory Users and Computers

image

That’s all we have to do. Now I can create an ODBC connection using TCP/IP

Monday, March 20, 2017

Presentation - A deep dive on SharePoint Authentication

We discussed about different authentication options in SharePoint at SharePoint Sri Lanka forum on 8th of March 2016.

17022096_10154847202392530_5755041721635751879_n

Following is the presentation I did

Thursday, January 19, 2017

SharePoint 2013 PowerPivot workbooks–Resolving error “We cannot locate a server to load the workbook data model”

I have a collection of PowerPivot Excel workbooks in a SharePoint 2013 farm. I had configured everything including a SQL Server Analysis Services (SSAS) server in PowerPivot mode and SQL Server PowerPivot Service Application.

Suddenly filters and sliders in my all PowerPivot reports stopped working throwing following error message.

          1

Then I checked ULS logs, which showed me the cause of the error

“Uncaught CLR exception crossing the Interop boundary: Microsoft.AnalysisServices.Streaming.ServerNotFoundException: There are no servers available or actively being initialized.   
at Microsoft.AnalysisServices.Streaming.OnPremise.ServerPool.Microsoft.AnalysisServices.Streaming.OnPremise.IServerPool.GetAvailableServers()”
   

That means, the Excel Services cannot locate my SSAS server. Following are the diagnostics I did

  • Check if the SSAS server is up – Success
  • Ping the SSAS server from SharePoint serve and vice versa – Success
  • Check if my SSAS PowerPivot instance is listed in Excel Services –> Data Model settings – Success
  • Check if relevant services are running from SQL Server Configuration Manager – Success
  • Check if firewall is enabled or ports are blocked – Gotcha !!

My domain firewall is enabled after a restart. Initially I kept it disabled to make things simple. But it seams that I need a concrete solution.

Following are the steps I used to open required ports

1. What are the ports need to be open?

As a practice I will open 2383, 2382 ports for a SSAS server. Since we have a named instance <SSAS Server>/PowerPivot, we need to open the custom port used by that instance.

2. How to find custom port for named SSAS instance

  • Navigate to “C:\Program Files (x86)\Microsoft SQL Server\90\Shared\ASConfig”
  • Open msmdredir.ini in text editor
  • Get the port specified in that file

         image

3. Configure a firewall rule

  • Open Windows Firewall with Advanced Security
  • Create a new Inbound rule
  • Specify following ports to open

           image

That fixed the issue.