Category: Application

Mourning the loss of Dekiwiki

Jeff Miles 7 Comments

In 2007 I implemented Mindtouch Dekiwiki as an internal website. I was excited by the quality of the product, the extensibility, and most importantly the active community and developer interaction.

As Mindtouch grew, they incorporated more excellent features, and were very open about the direction of the product. The developer site contained a wealth of information about release schedules, change logs and tutorials for the product. I found myself interacting with the community regularly, posting information on how to do certain things, answering questions on the forums and filing bugs. I was encouraged that employees of Mindtouch were directly interacting with the community on a daily basis.

I don’t think the company that produced that product exists any longer. It’s been replaced by a buzzword-spewing, no-face entity who hides real information about their product behind flowery text and email signup forms. I lose a lot of interest when companies make it difficult to gather information about their product, and If you take a look at mindtouch.com you’ll find they’re one of the worst offenders. There is only a single line or two on the main page describing what the company is all about, and the product page itself is still undergoing an identity crisis with names such as Mindtouch TCS, Social Help System and just plain Mindtouch in most of the descriptions.

There is actually very little information about the product, no demo site or feature comparisions, no cost information or even licensing models. What videos there are, are hidden behind email sign-ups. As a company marketing it’s product, if you feel the need to hide what you’ve built behind a sign-up wall, you immediately make everyone who comes across it distrustful. Are they not confident enough to proudly show it off? Are they worried that the licensing model will scare people away?

The developer site is effectively dead, and so is Mindtouch Core, the open source edition of what once was Deki Wiki. Most frustrating of all is that Mindtouch Core (the open source derivative of Mindtouch) is no where to be found. Its basically impossible to find it now, which is sad considering that I remember the owners and developers passionate exclamations a few years ago that the product started as open source, would always remain open source and that it’s community would always be vital.

To be clear, I can’t really blame the leaders of Mindtouch for moving in this direction. One look at their customer list and you can see it’s a profitable transition. However I can’t help but be disappointed and a little bit betrayed. To see the excitement of the developers and of the users who are adding to the product is one thing that makes it very attractive. It tells me that the product is good enough to make people talk about it and invest time into it.

Dekiwiki, I’ll remember you fondly as I go looking for your replacement.

 

 

Lightswitch Deployment for 3-tier app

Jeff Miles Leave a comment

I’ve been having a problem trying to deploy my first Lightswitch app to IIS, where the first Application Administrator isn’t being created.

I kept getting an error similar to “unable to create the application administrator”.

Google eventually brought me to look at the MSDTC settings on the IIS server, but that definitely wasn’t the right direction.

However, I did find the following thread which provided the solution:

http://social.msdn.microsoft.com/Forums/hu/lightswitch/thread/615aaa1b-4f37-40a1-ace2-0735c294c57e

I set “enlist = false” within the web.config application string for my database connection, and this resolved the issue!

 

I’m still impressed by LightSwitch, although I’ve been finding myself wishing it was easier to use custom SQL queries when building the datasets.

Intranet site not accessible externally by domain member

Jeff Miles 2 Comments

A strange issue popped up recently with one of my internal sites. To be honest I’m not quite sure what changed as this site has not experienced the problem mentioned in the post title until just recently.

The problem is as follows:

  • A domain-joined computer is within the company LAN, and accesses intranet.company.com without issue.
  • A non-domain joined computer (such as my personal computer) is able to access intranet.company.com externally.
  • The the domain-joined computer travels outside the LAN and is now unable to access intranet.company.com.

 

At first I thought this was a problem with my reverse proxy, but after extensive troubleshooting I had ruled it out. Once I realized domain membership was a factor in connectivity, I knew the network firewall wasn’t the issue either. I suspected it had something to do with Internet Explorer’s categorization and rules around Internet/Intranet/Trusted Sites.

 

Eventually I stumbled upon this serverfault article which lead me to the solution. I needed to use the AdsUtil.vbs script to set the authentication on the affected directory to “NTLM” instead of the default “Negotiate,NTLM”. As the page mentions, I am using IE8 and IIS 6.

 

To use that adsutil.vbs, I did the following:

Opened a command prompt, and navigated to:

C:\Inetpub\AdminScripts

Then I opened IIS and took note of the site ID for the affected site:

 

 

Then I checked on the authentication value with my affected site ID inserted into the command:

cscript adsutil.vbs GET W3SVC/14548430/Root/NTAuthenticationProviders

And after verifying it was the default, I changed it:

cscript adsutil.vbs SET W3SVC/14548430/Root/NTAuthenticationProviders "NTLM"

After this, my domain-joined computers were accessing it properly once again.

Sonicwall Global VPN disconnecting repeatedly

Jeff Miles 1 Comment

For a while now I’ve had my Sonicwall Global VPN policy on the firewall set as a “route all” connection. This means that all traffic for the VPN client goes through the Sonicwall directly, and blocks access on the client’s end to local devices.

 

Yesterday I came upon a situation where I needed to enable a client access to both the VPN and local devices at the same time. This called for Split Tunnels!

However, I didn’t want to enable split tunnels universally for all my VPN clients. Luckily I found this Sonicwall documentation on setting up a single WanGroupVPN with two different policies based on user group.

The premise is that you set up your Wan GroupVPN as a split tunnel, but then give certain users access only to a specific address object and use a specific NAT Policy (I won’t regurgitate the entire document here).

This was working great, but I shortly found that when testing as the split tunnel user, I would get connected and then disconnected within 10 seconds. Typically the connection would last for 3 successful pings.

After a bit of Googling I found this article which explained it being caused by an incorrect address object within the “VPN Access” tab for the user.

I checked that out, and strangely enough, only the correct item was listed:

I looked at both the “Everyone” and “Trusted Users” group and it looked the same.

 

After a lot of head scratching, I finally discovered that in fact the “Everyone” group did have “All Interface IP” object applied to it, by viewing a logged in user’s status here:

Click for large view

Somehow that was still selected for the “Everyone” group, but it just wasn’t displaying when viewing the “VPN Access” tab. So I clicked “remove all”, and then re-added the appropriate objects, and problem solved!

 

FTP software alternatives

Jeff Miles 2 Comments

I’m looking for an alternative to FTP, because to be honest, FTP really sucks. Right now I’m using it for:

  • one-time transfers between individuals
  • long term sites for repeated transfers
  • data uploads for internal procedures

 

The big features that I need are security (through SSL), ease of use, and email notifications. The other requirement is that it must be on-premise; some of these long term sites have GB of data that changes daily, and I can’t have my users waiting to transfer that data to the cloud before its available for our clients.

So far I’ve found 3 potential solutions:

 

Ajaxplorer is attractive because its open-source, and offers a familiar interface through a web browser. It doesn’t require any add-ons or plugins to access. I ended up setting up a test site with ajaxplorer to further evaluate, and have determined that despite all of its strengths, the weaknesses are just too big to fully replace FTP within my environment. Notably:

  • Email notifications: they are possible, but aren’t very configurable, and are only per-file. There isn’t a way to make an email summary per connection. If someone uploads 3000 files, the recipient is going to get 3000 emails.
  • Active Directory integration: again, this is possible, but you can’t mix AD users and local user accounts. We want both so that our internal users don’t need another account, but external clients don’t need to be in our AD.

 

Citrix Sharefile was introduced to me through a cold call, but it happened to be a day after I started looking for an FTP replacement. Sharefile is a fully featured, cloud based file transfer application that can be used through a Windows client, mobile client, or web browser. Its really nice actually, and very easy for the average user to pick up. The client for Windows (and add-ons for Microsoft Office) add a lot of value, and give the capability to auto-upload to Sharefile or generate links to send out.

External clients receiving files can do so straight through their web browser, and depending on the link generated for them they may not need to log in at all.

Sharefile is licensed per named user per month, and seems to be pretty competitive. The major downside of Sharefile right now is that there is no on-premise option. According to the sales rep I was speaking to we can expect this installation type later this year. Whether I wait for that depends on whether I find something else that can do the same job in the mean time.

 

Which brings me to RES HyperDrive. This is very similar to Citrix Sharefile, except that it is on-premise from the start. One problem: it hasn’t been released yet. I’ve got a demo sitting on my desktop to try out which I’m very excited about but even if I love it, it will be difficult to trust the first release of some software. I was very pleased when downloading their VM for the demo that it was pre-packaged in a Hyper-V format. This is the first vendor that I’ve seen doing so.

I suppose this post is a little premature due to having not tested RES, but if it performs well and has all the features I need, a follow-up post will be coming with my installation and setup experience.
At the moment I’m not sure how RES Hyperdrive is licensed, or potential costs.

 

If anyone is using any of these applications and have an experience to share, please do in the comments!