Month: June 2011

Posted on by Leave a comment

Invalid Heap Size

Was getting the following error when trying to start the OAS server:

D:OASopmnbin>opmnctl startall
opmnctl: starting opmn and all managed processes…
====================================================================
opmn id=MYSERVER:6200
1 of 2 processes started.
ias-instance id=MYSERVER.XXXX.XXXXX ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ias-component/process-type/process-set:
default_group/MYAPP/default_group/
Error
–> Process (index=1,uid=809764963,pid=3936)
failed to start a managed process after the maximum retry limit
Log:
D:OASopmnlogsdefault_group~MYAPP~default_group~1.log

Here’s what the log said:

——–
09/02/17 12:37:26 Start process
——–
Error occurred during initialization of VM
Incompatible initial and maximum heap sizes specified

Cracked open the config file and found the following:

D:OASopmnconfopmn.xml

<data id=”java-options” value=”-server -mx512M -ms1024M -Xrs -XX:MaxPermSize=256M -XX:AppendRatio=3 -Djava.security.policy=$ORACLE_HOME/j2ee/MYAPP/config/java2.policy -Djava.awt.headless=true -Dhttp.webdir.enable=false -XX:+UseConcMarkSweepGC -XX:+CMSPermGenSweepingEnabled -XX:+CMSClassUnloadingEnabled”/>
Fixed it:

<data id=”java-options” value=”-server -mx1024M -ms512M -Xrs -XX:MaxPermSize=256M -XX:AppendRatio=3 -Djava.security.policy=$ORACLE_HOME/j2ee/MYAPP/config/java2.policy -Djava.awt.headless=true -Dhttp.webdir.enable=false -XX:+UseConcMarkSweepGC -XX:+CMSPermGenSweepingEnabled -XX:+CMSClassUnloadingEnabled”/>

Posted on by Leave a comment

Tracing Calls to Stored Procedures from C

//where cmd is of type SqlCommand

Console.WriteLine(“”);
Console.WriteLine(cmd.CommandText);
String sep = ” “;
foreach (SqlParameter param in cmd.Parameters)
{
if (param.SqlValue.Equals(“Null”))
{
Console.WriteLine(sep + param.ParameterName + “=” + param.SqlValue);
}
else
{
switch (param.SqlDbType)
{
case SqlDbType.NChar:
case SqlDbType.NVarChar:
case SqlDbType.VarChar:
case SqlDbType.Char:
case SqlDbType.Date:
case SqlDbType.DateTime:
case SqlDbType.DateTime2:
case SqlDbType.SmallDateTime:
case SqlDbType.Text:
Console.WriteLine(sep + param.ParameterName + “='” + param.SqlValue + “‘”);
break;
default:
Console.WriteLine(sep + param.ParameterName + “=” + param.SqlValue);
break;
}
}
sep = “, “;
}
Console.WriteLine(“”);

Posted on by Leave a comment

iis restart

REM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
REM
REM Use this batch file to start IIS web sites when the server is started. To use, ensure that all following steps have been followed.
REM 1. Place this as a batch file on the server ( C:StartWebsites.bat )
REM 2. Edit the startup group policy setting for the local machine
REM PATH : ( Group Policy Object Editor – Local ComputerPolicy – Computer Configuration – Windows Settings – Scripts – Startup)
REM 3. Add a script with the path to the batch file as the script name ( Script Name: C:StartWebsites.bat )
REM
REM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
REM CScript Host is required to use IIS command line tools
cscript.exe //H:CScript

REM Start web sites

REM web sites
iisweb /start wiki
iisweb /start development

REM Reset default scripting host to WScript in case anything else depends on it.
cscript.exe //H:WScript

Posted on by Leave a comment

Windows Platform FIPS Error

Pass this on to your folks if they get the following error in a asp.net app on the development server:

“This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms”

Have your developer go into the web config and move the “sessionState” tag to just under the tag and make sure the sessionState is uncommented.

To this point I still only have speculation as to what changed on the server that now is causing this error. Most likely was a setting that changed as part of a security update.

Posted on by Leave a comment

Encrypting web.config Sections

1. First, add following to web.config within the container

---------------------BEGIN:  configProtectedData ---------------------


---------------------END:  configProtectedData ---------------------

2. Below is an example .bat or .cmd file for encrypting sensitive sections of the web.config for a given .NET web application. Change the {PATH} to the physical path to the web application's folder.

---------------------BEGIN:  encrypt.cmd ---------------------

@echo off


REM *********************************************************

REM ** APP_PATH

REM ** Change {PATH} below to path of physical location where

REM ** application is installed

REM **

REM ** ASP_PATH

REM ** Location of ASP.NET framework

REM *********************************************************

SET APP_PATH="{PATH}"

SET ASP_PATH=C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_regiis.exe

SET ASP_OPT=-pef

SET ASP_PROV="MY_PROVIDER"


%ASP_PATH% %ASP_OPT% "connectionStrings"


%APP_PATH% -prov %ASP_PROV%


pause

---------------------END:  encrypt.cmd ---------------------
A complete walkthrough for this, including information on key stores is available here:

http://msdn.microsoft.com/en-us/library/2w117ede.aspx

Posted on by Leave a comment

Managing Key Store

———————BEGIN: create_keystore.cmd ———————
@echo off
REM *********************************************************
REM ** ASP_PATH
REM ** Location of ASP.NET framework
REM **
REM ** Warning: keep the exported key in a safe place
REM ** you will not be able to decrypt data using
REM ** a recreated keystore even by same name
REM *********************************************************
SET ASP_PATH=C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_regiis.exe
REM To Delete Key store
REM %ASP_PATH% -pz “MY_KEYS”

REM To Create key store
%ASP_PATH% -pc “MY_KEYS” -exp

REM To grant access to key store by ASP.NET application service
%ASP_PATH% -pa “MY_KEYS” “NT AUTHORITYNETWORK SERVICE”

REM To Export key store
%ASP_PATH% -px “MY_KEYS” “d:tempcryptoMY_KEYS.xml” -pri

———————END: create_keystore.cmd ———————

———————BEGIN: import_keystore.cmd ———————

@echo off
REM *********************************************************
REM **
REM ** ASP_PATH
REM ** Location of ASP.NET framework
REM *********************************************************
SET ASP_PATH=C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_regiis.exe

REM To Delete Key store
%ASP_PATH% -pz “MY_KEYS”

REM To Import Key Store
%ASP_PATH% -pi “MY_KEYS” “d:tempcrypto375CSPTS_KEYS.xml”

REM To grant access to key store by ASP.NET application service
%ASP_PATH% -pa “MY_KEYS” “NT AUTHORITYNETWORK SERVICE”

———————END: import_keystore.cmd ———————

A complete walkthrough for this, including information on key stores is available here:

http://msdn.microsoft.com/en-us/library/2w117ede.aspx

Posted on by Leave a comment

Clearing out security log

If you get a message ‘security log is full’, can take the following steps….

1. log in as administrator

2. right-click ‘my computer’ icon and select ‘manage’

3. in the computer management window, expand ‘system tools’, then expand ‘event viewer’

4. select the ‘security’ entry

5. from the computer management window menu, select ‘action’, then ‘clear all events’

6. click ‘yes’ to save a copy of the log, or ‘no’ to clear the log completely

Posted on by Leave a comment

setmetabase UploadReadAheadSize

‘cscript setmetabase.vbs

‘set vdirObj=GetObject(“IIS://localhost/W3svc/1/ROOT”)
‘set vdirObj=GetObject(“IIS://localhost/W3SVC/1/Root/rapid/projects/proj1”)
‘set vdirObj=GetObject(“IIS://localhost/W3SVC/1/Root/rapid/projects/proj_Prototype”)
set vdirObj=GetObject(“IIS://localhost/W3SVC/1/Root/rapid/projects/proj2”)

‘ Print out the current value of some properties:
WScript.Echo “UploadReadAheadSize Before: ” & vdirObj.UploadReadAheadSize

‘ Set some properties:
‘ default is 49152
‘vdirObj.Put “UploadReadAheadSize”, 1024000

‘ Save the property changes in the metabase:
‘vdirObj.SetInfo
‘WScript.Echo “UploadReadAheadSize After: ” & vdirObj.UploadReadAheadSize

Posted on by Leave a comment

Create ap_developer and ap_user Roles

USE model
GO

———————————
— ap_developer
———————————

DECLARE @RoleName sysname
set @RoleName = N’ap_developer’
IF EXISTS (SELECT * FROM sys.database_principals WHERE name = @RoleName AND type = ‘R’)
Begin
DECLARE @RoleMemberName sysname
DECLARE Member_Cursor CURSOR FOR
select [name]
from dbo.sysusers
where uid in (
select member_principal_id
from sys.database_role_members
where role_principal_id in (
select principal_id
FROM sys.database_principals where [name] = @RoleName AND type = ‘R’ ))
OPEN Member_Cursor;
FETCH NEXT FROM Member_Cursor
into @RoleMemberName
WHILE @@FETCH_STATUS = 0
BEGIN
exec sp_droprolemember @rolename=@RoleName, @membername= @RoleMemberName
FETCH NEXT FROM Member_Cursor
into @RoleMemberName
END;
CLOSE Member_Cursor;
DEALLOCATE Member_Cursor;
End
GO

IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N’ap_developer’ AND type = ‘R’)
DROP ROLE [ap_developer]
GO

IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N’ap_developer’ AND type = ‘A’)
DROP APPLICATION ROLE [ap_developer]
GO

CREATE ROLE [ap_developer] AUTHORIZATION [dbo]
GO

EXEC sp_addrolemember N’db_datareader’, N’ap_developer’
EXEC sp_addrolemember N’db_datawriter’, N’ap_developer’
GRANT CONTROL ON SCHEMA::[dbo] TO [ap_developer]
GRANT VIEW DEFINITION TO [ap_developer]
GRANT CREATE PROCEDURE TO [ap_developer]
GRANT EXECUTE TO [ap_developer]
GO

———————————
— ap_user
———————————
DECLARE @RoleName sysname
set @RoleName = N’ap_user’
IF EXISTS (SELECT * FROM sys.database_principals WHERE name = @RoleName AND type = ‘R’)
Begin
DECLARE @RoleMemberName sysname
DECLARE Member_Cursor CURSOR FOR
select [name]
from dbo.sysusers
where uid in (
select member_principal_id
from sys.database_role_members
where role_principal_id in (
select principal_id
FROM sys.database_principals where [name] = @RoleName AND type = ‘R’ ))
OPEN Member_Cursor;
FETCH NEXT FROM Member_Cursor
into @RoleMemberName
WHILE @@FETCH_STATUS = 0
BEGIN
exec sp_droprolemember @rolename=@RoleName, @membername= @RoleMemberName
FETCH NEXT FROM Member_Cursor
into @RoleMemberName
END;
CLOSE Member_Cursor;
DEALLOCATE Member_Cursor;
End
GO

IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N’ap_user’ AND type = ‘R’)
DROP ROLE [ap_user]
GO

IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N’ap_user’ AND type = ‘A’)
DROP APPLICATION ROLE [ap_user]
GO

CREATE ROLE [ap_user] AUTHORIZATION [dbo]
GO

EXEC sp_addrolemember N’db_datareader’, N’ap_user’
EXEC sp_addrolemember N’db_datawriter’, N’ap_user’
GRANT VIEW DEFINITION TO [ap_user]
GRANT EXECUTE TO [ap_user]
GO

/**********
IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N’jmolsen’)
DROP USER [jmolsen]
GO
CREATE USER [jmolsen] FOR LOGIN [jmolsen] WITH DEFAULT_SCHEMA=[dbo]
GO

EXEC sp_addrolemember N’ap_developer’, N’jmolsen’
GO
************/