Author Archives: Mikhail

How To: Re-configure your K2 environment to use forms authentication

Leave a reply

This blog post is just a short walk-through explaining how to switch your K2 environment from Windows to Forms authentication. Just to provide you an example of when you may want this – you can use this configuration when you want to get password prompt on token expiration while all your forms users working from domain joined workstations belonging to K2 server domain (that means that STS token refresh will be happening without any extra password prompts using existing Windows user credentials to obtain STS token).

Required steps are described in K2 documentation (look under “Forms Authentication”) but at the moment it does not mention some required steps which we will cover here.

To switch over to Forms Authentication you first need to navigate to K2 Management > Authentication > Claims > Issuers section of K2 Management site:

K2 Management – Issuers

There you can select K2 Forms STS and Click Edit button to enable “Use for Login” option of this issuer:

K2 Management – Edit K2 Forms STS issuer

Once you enabled this option, switch over to Authentication > Claims > Realms:

K2 Management – Realms

Here you need to edit every realm and link K2 Forms STS issuers to it (depending on your needs you can do that only for some realms):

K2 Management – Edit Issuer

Once you do that your realms should have K2 Forms STS visible in LINKED ISSUERS column:

K2 Management – Linked Issuers Column

At this point if you restart your browser and try to access K2 sites you will be presented with login method selection which looks as follows:

K2 Login Method Selection

If you don’t like this dialog or do not need to use multiple logon methods just uncheck
“Use for Login” option for K2 Windows STS issuer, with such configuration you will be getting immediate form authentication prompt on attempt to access K2 site (and after K2 STS token expiration). This is how it looks like:

K2 Forms Authentication Logon Page

Up to now we were following steps from K2 documentation and completed them but if you try to login with correct credentials you may see the following error:

Server Error – Claim mapping configuration cannot be found for this claim

Error message has the following text: 

Server Error

Claim mapping configuration cannot be found for this claim. Claim information:
Name='DENALLIX\administrator', Issuer='FormsSTS', Original Issuer='FormsSTS'.
Please ensure that you have configured the K2 server as specified in K2 Help:
Installation and Configuration > Configuration > SharePoint >
Claims-based Authentication.

More Details

at
SourceCode.Hosting.Server.Runtime.HostSecurityManager.GetClaimsUserName(String
tokenXml, ClaimsTokenType tokenType, ClaimsVersion claimsVersion)

at SourceCode.Hosting.Server.Runtime.HostSecurityManager.AuthenticateIIdentitySession(String
sessionCookie, String tokenXml, ClaimsTokenType tokenType, String
connectionString, String authReqSource, ClaimsVersion claimsVersion)

This error and corrective actions to it do not mentioned in product documentation. To fix this you have to do the following:

1. Edit K2TokenService.exe.config located in “%K2_INSTALLATION_ROOT%\Token Service\Bin\” adding your K2 service and K2 application pool accounts into allowedCallers section as shown below:

K2TokenService.exe.config – allowedCallers

Here is sample of allowedCallers section text:

<allowedCallers>

  <clear />

  <add value=”denallix\k2webservice” />

  <add value=”denallix\k2service” />

</allowedCallers>

2. Save your changes and restart K2 Claims To Windows Token Service aka K2WTS (you can use PoSh command for that – Restart-Service K2WTS).

After performing these steps you will be able to logon to K2 sites using forms authentication.

Please follow and like us:
error0

StarWind VSAN overview

Leave a reply

This article provides a basic overview of StarWind Virtual SAN (VSAN), a software-defined storage (SDS) solution from StarWind.

First things first: it is important to understand what SDS is

SDS is an umbrella term for software that enables policy-based provisioning of data storage independently of the underlying hardware. You can consider SDS a form of storage virtualization allowing to separate storage hardware from the software for its management. On top of that, SDS virtualization may also provide a rich policy-managed feature set including such things as data deduplication, replication, thin provisioning, etc.

SDS allows you to design architectures where software (instead of hardware) determines storage performance, availability, and resiliency. Usually, SDS systems are designed to perform on commodity hardware so that the software never gets dependent on proprietary hardware. However, the software you use may lock-in you to the particular vendor.

There are different implementations of SDS from different vendors. They can be divided on solutions offered by OS vendors (or public cloud providers) and ones developed by vendors focused purely on SDS.

For example, Microsoft introduced its SDS solution, Storage Spaces Direct, as a Windows Server 2016 feature (this version was RTMed in September 2016). However, you can find flaws even in the latest versions of their Storage Spaces Direct technology (for instance, deduplication did not work on ReFS until Windows Server 2019 release). Such issues may be a good reason why users opt for an alternative. Another thing about SDS is that you can access Storage Spaces Direct functionality only in Datacenter edition of Windows Server (high licensing costs).

On the other hand, StarWind VSAN is an example of SDS software developed by an SDS-oriented company. First released in 2005, it was one of the first practical implementations of SDS built with simplicity in mind. Any experienced administrator of Microsoft Hyper-V, VMware vSphere, or Citrix XenServer can configure StarWind VSAN easily. StarWind VSAN also allows you to start leveraging its full feature set starting with just two commodity servers as a foundation of highly-available (HA) SDS. Although this software uses the services provided by of Windows Server, you have a better version and edition choices, i.e., you can run it on any edition of Windows Server 2012 or 2016 (there is still even partial support for 2008 R2 which will probably end soon). As you can see, this specialized software found a way to the market earlier than Storage Spaces Direct, thereby developers had more time for adding improvements and refinements based on real-world usage and client base’s feedback.

You can have a full-fledged feature set including asynchronous replication, in-line, and offline deduplication, log structuring, and multi-tiered caching even in a minimal configuration of a two-node VSAN cluster. These features are present in other software solutions, but they often do not allow the two-node implementation scenario.

StarWind Virtual SAN features

  • Asynchronous replication replicates mission-critical data to remote disaster recovery (DR) site with minimal requirements for network bandwidth and hardware equipment, enabling you to perform replication over long-distance high-latency routes. Replication is performed asynchronously in the background using snapshots as a source. Features such as deduplication, snapshots, change block tracking in combination minimize the amount of data transferred to reduce WAN link usage. Snapshots secure data integrity.
  • In-line deduplication. Deduplication increases storage efficiency by saving space through elimination of repeating data. StarWind in-line duplication uses industry standard 4k blocks. Being combined with compression, it reduces the number of write operations, allowing to extend flash life span.
  • Log structuring write-back cache (LSWBC) optimizes highly randomized data flow generated by VMs. Disk storage handles highly randomized writes poorly; it uses RAM cache, leading to the risk of data loss. The use of SSD as the only approach is not always viable from the financial standpoint (overprovisioning/overuse of financial budget). LSWBS uses RAM and flash caching in conjunction with log structuring. LSWBC writes data to the circular buffer in RAM, organizes its flow sequentially, and gradually flushes it to the log disk (device from a tiny fraction of your storage). Log disk, in turn, sends data to the underlying storage where it eventually resides. Hence, it is possible to get high performance even with highly randomized workloads.
  • Two-tier server-side cache is a technology turning an SSD into level 2 cache. With the use of server RAM as level 1 cache, it absorbs excessive writes and reduces the number of write cycles impacting life span of SSD drives. Inexpensive commodity hardware is available, which means that you can use MLC flash instead of expensive SLC flash that gives more memory to meet workload requirements.
  • Multiprotocol: VSAN supports industry-standard uplink protocols. The following protocols are available: iSER, NVMe-oF, iSCSI, SMB3 (including RDMA-supporting SMB Direct and MPIO-utilizing SMB Multichannel), and NFS. Virtually unlimited use cases are possible: bare-metal, converged (“compute and storage separated”), hyperconverged, Clustered Shared Volumes for SOFS, VVols on top of iSCSI, SMB3 file servers and many others.

In terms of supported fabrics, you can use 1, 10, and up to 200 GbE or Infiniband.

Such feature set makes StarWind VSAN proposition quite compelling and competitive. It is an interesting option, especially in terms of design flexibility it provides and a variety of potential use cases.

I hope that this overview was useful and interesting. In case you want to know more about StarWind VSAN, you can get more information on StarWind Virtual SAN product page.

Please follow and like us:
error0

K2 – no task notifications processing due to “Unable to load EventBus Server” error

Leave a reply

K2 versions older than Five rely on MSMQ for task notification emails queuing and processing. Sometimes you may see the following scenario:

You start process which supposed to send task notification. Notification not delivered and there is no error messages logged nor in K2 host server log, MSMQ diagnostic log nor in Eventbus.ClientRecorderError table logged at the time of task assignment. Obviously process does not go into error state as notification delivery performed on “best possible effort” principle and not preventing user from completing assigned task using his worklist which can be exposed through different UIs.
At the same time it is possible to see that queue exist and messages gets queued into it (Computer Management snap-in > Services and Applications > Message Queuing > Eventbus > Queue Messages:

If it is not highly loaded production environment you will be able to see that message gets queued per each client event, and you can also see that Message ID gets assigned with increment of 2, with new messages being added to the end of the queue. At this stage you may think that Message Queuing may not run – but this is unlikely as when this service stopped message cannot be placed into queue (that definitely will be logged on K2 side) and you unable to view Queue contents in computer management with the following error:

Other possibility is somehow malformed error message and some glitch in MSMQ service itself – again a bit unlikely as new messages gets queued just fine, but you can try Message Service restart along with removing topmost message from the queue. If that does not help (which most likely will be the case), check the very beginning of your latest K2 host server log (defalut location – “C:\Program Files (x86)\K2 blackpearl\Host Server\Bin”), to verify if it contains the following errors:

In case very beginning of your log contains these error messages:

  • “7030 Unable to create ‘dlx\EventBus’ queue : ‘Message Queue service is not available.'”
  • “7030 Unable to create ‘dlx\EventBus Error’ queue : ‘Message Queue service is not available.'”
  • “EventQueueProcessing.Main”,”7026 Unable to load EventBus Server”

This means that Message Queuing service on K2 server was not running at the time of K2 server start.

To resolve this make sure that Message Queuing service is up and running and restart K2 service – unfortunately there is no other way to reinitialize MSMQ processing thread which gets initialized on K2 service startup.

You may run into this situation after server reboot if K2 service started before Message Queuing service. To prevent this situation from happening you may want to configure K2 service startup to Automatic (Delayed Start) while keeping Message Queuing configured for Automatic start – that will add some delay to K2 service startup as it only will be attempted after all other services configured for Automatic startup will be started, but honestly I don’t see any problem with that – server reboot translates into downtime in any case and slight delay does not make any big difference here. Another, and possible more “fine grained” option to address this is to configure dependency on MSMQ service for K2. To do that run CMD windows in elevated mode and execute the following command:

sc config “K2 blackpearl Server” depend= MSMQ

After successful execution of this command the following dependency for K2 service gets created:

As per MSFT documentation this setting ensures than on machine startup services listed as dependencies are started before attempting to start service which depends on them.

Please follow and like us:
error0

Creating Hyper-V VM with Ubuntu Server

Leave a reply

I’ve recently decided to learn a bit about Ubuntu and going to do some project based on this platform, hence this little post describing how to create Ubuntu Server Hyper-V VM.

First of all, you need to download latest Ubuntu Server installation media from here, selecting between LTS (Long Term Support) and regular version:

LTS version is more tested and enterprise focused version which is released every 2 years and has 5 years support cycle.

Once you have installation media you just need to create Hyper-V VM allocating desired quantity of resources to it (note that this OS has quite humble minimum requirements) and make your VM Generation choice.

Despite the fact that process of creating VM is more or less the same for any OS I decided to write down all the steps involved into setting up Ubuntu Server VM.

You can follow these steps to create your own Hyper-V VM with Ubuntu Server OS. Right click on your Hyper-V host and select New > Virtual Machine:

Just click Next on Before You Begin page:

Specify name and location for your VM (be sure to specify your preferred VMs folder, VM specific subfolder will be created automatically based on VM name you type in):

Select Generation of your VM (note this cannot be changed once VM is created):

I wanted Generation 2 VM so I’ve selected this option (refer to MSFT documentation for information on choosing VM generation). Note that for Ubuntu VM you need to disable secure boot feature which will be enabled by default on Generation 2 VM.

Assign desired amount of memory and decide whether Dynamic Memory should be used:

Select virtual switch:

Adjust VHD settings if necessary:

Specify path to Ubunto ISO file you downloaded earlier:

Review selection you made and click on Finish:

Disable Secure Boot before powering on your VM – otherwise your VM fail to boot (as per MSFT documentation: “some Linux virtual machines will not boot unless the secure boot option is disabled”):

And while you are still in VM properties I would recommend you to disable automatic checkpoints (unless you want to use them):

Once you start VM setup process will be initiated automatically:

You will need to select preferred language:

Then keyboard settings:

And next, select Install Ubuntu option:

Accept default network connections settings:

And leave your proxy settings empty (unless you are using proxy server):

Accept default archive mirror address and hit Done:

Accept defaults on filesystem setup (which will mean use entire disk for our installation):

Select disc or accept selection if you have just one:

Accept default filesystem settings on the next page:

Agree with formatting selected drive (data loss warning):

Specify profile settings and server name (note that only small letters accepted for server and user names – great example of explicitness which leaves no chance for you to grown up into proficient user thinking that some case insensitive objects are case sensitive – happens way too often in more thanks to some user friendly OSs):

Select whether you want to install OpenSSH server:

Select any additional packages you may want to install:

Wait till installation go through remaining steps:

Hit Reboot Now once installation completes:

Once VM reboot completes you will be prompted to remove installation medium and hit ENTER (Hyper-V should auto remove it for you):

Once reboot completes Ubuntu Server should start and meet you with credentials prompt:

Once you type in your login and password correctly you will be invited to enter commands (no GUI installed on Server version by default):

At this point I suggest you to shutdown VM with shutdown -P now command and make your baseline VM snapshot.

Last do couple of more things before we wrap off our VM setup process. Let’s first install updates using sudo apt-get update (to fetch the list of available updates) and sudo apt-get upgrade (to upgrade installed packages):

And last but not least, let’s add GUI to our server – for that just use sudo apt-get install ubuntu-desktop confirming that you want to continue on additional space usage requirement consent step. Once setup completes you need to reboot your VM and it will start in GUI mode:

After clicking on your user icon, type in your password and click Sign In:

You will be presented with What’s new in Ubuntu splash screen:

This concludes VM installation and configuration process. Stay tuned for the new posts as I’m going to keep using this VM and documenting installation and configuration of additional packages and other things.

Please follow and like us:
error0