GAC folders

I keep forgetting exact GAC folders’ locations and whenever I try to Google this information it is always buried under some layers of misunderstanding and confused discussions. This steams from the fact that there are different locations depending on .NET version and bitness of your assemblies. So I’m just jotting down all the locations here for quick reference:

.NET 2.0 GAC:  C:\Windows\assembly

.NET 4.0 GAC: C:\Windows\Microsoft.NET\assembly

Now each of this folder has the following sub-folders:

GAC_32 for 32-bit assemblies (defines word size)

GAC_64 for 64-bit assemblies  (defines word size)

GAC_MSIL for assemblies that can be run in either 32-bit or 64-bit mode which are JIT compiled to the required word size as needed

On machines with x86/32-bit version of Windows (which is way too rare now, especially for Windows Server) there is only GAC_32 subfolder, and on x64 OS machines there are both GAC_32 and GAC_64 folders as 32-bit code is supported via emulation (WOW32).

Facebooktwittergoogle_plusredditpinterestlinkedinmail

“Glock: The Rise of America’s Gun” – book review and some thoughts on product design

It has been a while since I written anything on my blog – was a bit busy. Then I decided to write a tiny review of this book but fell under the spell of Steven Sinofsky‘s long form write ups and as a result this tiny review turned into something too big and I was trying to finish it for way too long. I end up finishing this abruptly and  posting using truly Bill Gates’ approach of “get it out there, fix it later”, as sticking to “keep it secret till you make it perfect” Apple approach is way to difficult to adhere to. So if anything is wrong here I’ll edit it later 🙂

I’ve recently finished listening Audible’s audio-book “Glock: The Rise of America’s Gun” by Paul M. Barret and it was so good that I can’t help writing (a bit) about it here on my blog. I have quite broad range of interests without allergy to go deeper in any number of narrow topics, so on my ever-growing to read/to listen list there are always very diverse books, with topics ranging from economics and linguistics to IT, to history and I never know what else.

From that vast array of topics two have special importance for me: philosophy and history. I just keep noticing that way too many people dismiss first as something you can read/listen only after smoking some weed (I almost quote one of my former school classmates here) and the second as something of a little value and relevancy to our present-day life. It makes me a tiny bit sad to see those disciplines neglected and grossly underestimated. Seriously, the negligence and ignorance about each of these domains is by itself a topic not for a blog post, but for an essay or even a whole book 😊 What could be more important to slow down and to think about “how do we think about things” and “what is worth to think about in the first place” along with “being acutely aware about what has been done and tried before you”? I hardly can name anything more important I think…

Anyhow getting back to the Glock book, it was one of those which just caught my attention somehow (back then I haven’t had any interest in guns beyond general vague subconscious man predisposition to all things military), and it then waited for something like 5 years before I decided to listen to it. Essentially as many of other books in my Audible wish list it landed there thanks to serendipity and maybe some clever Amazon recommendations algorithms.  And as it happens sometimes with the book turned out to be absolutely brilliant and it was just waited for the right time to be listened to (in this case it means some experience with pistol practical shooting and Glock pistol). Another example of the same random-perfect choice for me was “The Language Instinct – How the Mind Creates Language” book by Steven Pinker– this book too was sitting in my wish list for about 5 years and was added there instinctively, and despite I was interested in linguistics when I put it on my wish list, while it was sitting there I managed to learn a lot of stuff about the topic, took some Coursera courses which introduced me to some of the linguistics problems, and then I finally got around that book and it was just “wow” and “why I haven’t listened to it earlier” and “it is a book which eligible to re-read/re-listen many times”…

Looping back from randomly selected books and importance of history to the Glock book. It is one of those non-fiction books which introduce you to the history of the specific topic with great details, and I strongly believe when such books are written by informed person with keen interest to the topic, almost any topic can be really fascinating to dive in. In this case book has it all: history of engineering and enterprise, some political and cultural background, corporate rivalry and person/character evolution – there are so many facets covered in the book which make you understand a lot of things better (if you wish to) or merely enjoy fascinating unfolding of the great story (and as it often happens, true stories turn out to be way more exciting and unpredictable than most works of fiction). I won’t be writing coherent review of the book, but rather list some of my take-aways from it.

On good product. This book is in itself an example of good product design, where even a name (for informed person) designed to spark your interest and buy the book. I mean the title “The Rise of America’s Gun” combined with black Glock pistol on a white background should spark in you an interest as to how Austrian made pistol from old Europe can be an America’s gun, meaning a gun of a country where guns culture is a part of a nation´s psyche and where some other epic names used to reign supreme? Surely you know that gun which won the west? And it wasn’t Austrian one, right? So this book is artfully designed product about another good product which appeared out of nowhere (not exactly of course) and won the market which it possibly it never could have dreamed of, and it won it in a big way. But to understand how you need to know the history which will tell you that everything was important: right timing for entry to the market, a bit of luck, huge amount of controversial (but free for the company) publicity, importance of designing from scratch – good story about good product can teach you a lot about what is important for products, and this knowledge is transferable, meaning that it can be relevant not only to pistols design and manufacturing but, let’s say, for modern day software products or any other products. So I’ll just try to highlight some points from the book which show importance of learning from history and how it can be still relevant.

On engineering. Designing from scratch is something you should do to really innovate. And it does not mean you throw away history/what has been done before you – on the contrary you have to critically review with a pair of fresh eyes and then design from scratch. Before starting development of his gun Glock bought tested and disassembled number of popular guns available on the market:  and come to conclusion that all of them unnecessarily complex (too many parts).

What was really new for gun design is the following:

  • Pistol was designed for complete production on CNC (computer-controlled) tools = lower production cost. This was possible as Glock didn’t have an existing production plant and he was able to build one with this in mind
  • Pistol frame was made out of light, resilient, injection-molded plastic. And it is first commercially successful firearm which was designed with such material. Glock had begun learning about the material when he bought an injection-molding machine to make handles and sheaths for the military knives he produced in his garage. Glock hired former employees of a bankrupt camera manufacturer who brought advanced injection-molding and plastic-design skills. This allowed Glock pistol be remarkably strong and resistant to corrosion, a major problem with traditional steel guns. And light too. Bug main reasoning behind this design was getting savings on raw material and labor anddistinct ergonomic advantages over gun cobbled together from blued steel and walnut. There were earlier attempts to use polymer frame which had not had any success due to design shortcomings (American Remington Nylon 66 rifle and the German Heckler & Koch VP70 pistol)
  • Glock worked with shooters and wooden pistol models on a early design stages to decide on grip-to-frame angle which allows to point gun “instinctively” – and initially it was defined as 22 degrees. Angle was a bit reduced later but up to now unconventional  grip-to-frame angle of Glock makes difficult to shooters to switch to any other pistol (majority uses other angle).

All established market players were all intheir product-market fit (PMF) stage – they just were to attached to their existing gun designs and in PMF stage your business is about extracting more money from existing product – there is neither time no motivation for building different/new product. It is not only “we always done it like that” and “we cannot do it differently” mindset it is also “we have not tools for that” syndrome.

Innovation through removing features. One thing which was crucial for this product is taken away an essential feature and throwing it away, transforming absence of this feature into feature in its own right. I haven’t done any research on this, but I bet external safety trigger was once innovative product feature and selling point for some other gun. We can see this rather a lot in software products (especially as they move to the cloud) – we gradually lose some features we can fiddle with but after a while embrace the increased simplicity and efficiency of that, and the same happens with hardware products (think of mobile phones and bold move of throwing away hardware keyboard).

So Glock was able to sell idea of removal of external safety trigger (though technically it has some sort of 3 step internal one, but from usability POV there is just a trigger and no safety trigger) – it was major selling point as it introduced simplicity of use.

Your strength is your weakness too. Book brilliantly illustrates problem of fit to market stage – old gun manufacturers were busy extracting money from existing product designs with no ability to change them. Unfortunately even zeal of product fans and legendary brand image stop supporting you if there is new better product addressing clients’ needs.

And it is not only syndrome that we did it like that all the time, so we can´t change it, it is also “we don’t have tools” syndrome.

On time to entry (to the market). Glock not only won contract for Austrian army he also been in time (without any plans of doing so) to address concerns of American law enforcement organizations which were prepared to embrace necessity of moving away from west beloved revolvers to different gun. There were reasons for those concerns, in particular incident known as 1986 FBI Miami shootout  which eventually lead to the process of searching for new gun for FBI (1987) and later for other law enforcement agencies. Long story short that incident show inability of revolvers to compete with semiautomatic weapon in the hands of professionals. 4 minutes of shooting, 8 FBI agents armed with revolvers and some shotguns VS 2 criminal, only one of them having Ruger Mini-14 semi-automatic riffle which was sufficient to do suppressive fire.

On shaping client needs. Shape your client needs (Apple way) or at least talk to your clients early in design stage. Nobody asked for plastic pistol, and even once they get it some were to attached to their revolvers considering Glock an ugly gun – that has changed after it was adopted by professionals (publicity matters) and other shooters – then everybody discovered usability, efficiency and gun acquired its own cachet of best gun, instead of “ugly” people started to call its look “futuristic”… From ugly duckling to the pistol of the future.

On publicity. Publicity matters. Sometimes even not a very good one. Glock received a lot of free publicity on different occasions – congress hearing related to it being terrorist gun invisible for metal detectors and some completely irrelevant descriptions from Hollywood action movies which cemented gun presence in popular culture. Most of the publicity was free of charge and some was bad, but as Bill Gates used to say “whatever they say about us it is always better than not saying anything about us” (not 100% sure on exactness of quote but I believe it is something from MSFT early days).

Maybe someone still remember that epic description of non-existing Glock 7 in Die Hard movie:

Not a gun model nor single word in description provided is true, but main thing that everybody talking about your brand and you not paying for product placement ads.

On brand storytelling and company message. “Glock perfection” message and personal inventor/businessman legend was formed by some accidents, then supported, developed and shaped by company and its fans. At some point it just start living on its own. So if you as a business don’t have one you’d better work to have it early on and have it right – it may work for you later.

From humble beginnings to the arrogance of success. I believe the Glock as a product centered business is in its product-market fit (PMF) stage, but as it always the case with tangible and software-less product such periods are far longer than for any software or software-enabled/smart product. But still we may expect that somebody will come up with biometry based safety trigger totally blocking ability to fire the pistol to anyone but its legal owner or something that decrease complexity of a gun even more (we still have noise, moving parts and metal parts). But interestingly for Glock pistol and probably for most of the modern pistols in general, almost every remaining issue to address can be sold and believed by many people to be a feature they want to have and keep. Though in retrospect we may see that being big and cool looking, and surrounded by legends even, have not saved revolver(s) as a product – it was superseded by semi-automatic pistols and Glock had become just early entrant to the market which now enjoys status of perfect reputation and seemingly never ending PMF 😊

If we look at the personal evolution of Gaston Glock we may also see that he is changed quite a lot from a timid engineer to more flamboyant person with different lifestyle and demands. But let personal things be personal.

On corporate intrigue and creative accounting. This book covers unsuccessful assassination and I would say that it adds to the overall story twists and dynamics you normally expect to see in fiction movies rather than in history books… Though one would say you can expect than when there guns and a lot of money going around… There is nothing funny when such things happen in real life but nonetheless the way it happened reminded me that fight scene from 2004 Punisher movie for some reason…

And just to conclude, or to address people who tend to scroll down and read final paragraph only: this is a fantastic book which can entertain (education and thinking is always optional nowadays) and contains some surprises and unexpected twists. For me it was really interesting to know more about Glock pistol and its business and development story. Just before I listened to this book I tried Glock 17 on a shooting range right after using heavier, larger caliber Tanfoglio Limited within the same training session and I should tell that now I know what features of the Glock explain my immediate results improvement.

P.S. Tanfoglio is a beautiful, high quality pistol, pleasant to hold but it is still an example of that harder trigger pull resistance and larger stopping power even in highest quality does not provide you with benefits of an easy and consistent results which you can get with light trigger (and light weight) pistol which just makes it easy (maybe even dangerously easy) to shot.

P.P.S. I can mistake about trigger pool resistance though – geeks can read up some specs.

P.P.S. For those who found this post strangely incongruous with normal topics of my blog posts be sure to wait for the next one about pottery (no it won’t be considered as something you can shot at 🙂 ). I’m really have plans for this post stay tuned.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Configure K2 and SharePoint Online integration

Some time ago I posted an article “Configure K2 and SharePoint Online integration” on StarWind Software blog which outlines details about getting your SharePoint online instance up and running and adding K2 for SharePoint app to your app catalog, so if you are interested to know more read on at StarWind Software blog.

One thing I was not 100% clear on while writing that article is “Enable auto-activation on sites where the app is deployed” option, which is enabled by default (K2 for SharePoint app > Settings > Manage App Activations).

Based on the setting name wording I was not very clear whether “Enable auto-activation on sites where the app is deployed” setting works for SharePoint online newly created site collections? Especially as I’ve noticed that if I run activation manually there is a step “we need to create a token of your behalf” which, I assume, requires user input… So I had a question whether auto activation is possible for SharePoint Online newly created site collections where K2 app was only deployed?

It was also not very clear what drives/triggers automatic activation and with which frequency it happens.

Luckily enough there are some colleagues who always help 🙂 Below some extra details I’ve learnt only after writing that article.

The function of the Auto-Activation Setting on the Manage App Activation Page designed for strict activation on Site Collection Level (permission wise) and only allow Site Collections to be activated via the App Catalog Level.

When the setting is set to False the below Warning will be presented when the user tries to activate on the Site Collection Level:

This setting will not Auto Activate any new Site Collections created in SharePoint Online. When it set to True/Enabled you can perform activation from site collection level. So the wording “Enable auto-activation on sites where the app is deployed” is really a bit confusing though description above this setting is quite clear (but who reads notes and descriptions? 😉

Essentially this option allows Site Collection Owners activate K2 app on a site collection level manually and when it disabled they won’t be able to do that from the site collection level and it will be possible only via app catalog level from K2 app management page.

But, true auto activation does happen for sub-sites of already activated site collections. But this functionality works only with K2 Five. This functionality was introduced in K2 4.7 but did not work as expected. More information on this can be found in the following KB http://help.k2.com/kb001755

But this subsites auto-activation requires Event Receiver sub-site of the K2 site to be exposed to internet when you use SharePoint Online. When using SharePoint on premise there is no need for any exposure of the K2 site to the internet.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Configuring Windows Server 2016 Core Domain Controller

In Windows Server 2016 you no longer have an opportunity to switch back and forth between core and GUI installation, hence you cannot do install and configure AD DS in a lazy way (using full GUI) and then convert it to core. That was something I discovered hard way long time ago – so I already have separate VHDX templates for Server 2016 core and full GUI VMs.

But it has been quite a while since I was playing with Server Core so when I starting provisioning my new Server 2016 core domain controller VMs today I realized that I need to remember quite a few commands to fully install AD DS on Server Core. I was about to create a blog post listing essential commands, but actually found very well written blog post on TechNet covering exactly that: Chad’s Quick Notes – Installing a Domain Controller with Server 2016 Core. So just sharing it here, instead of writing the same myself 🙂

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Getting Hyper-V guest OS information without logging in to guest OS/VM

The other day it was necessary for me to confirm Windows OS build in  Hyper-V guest VM without logging in into it. I simply received VM from the client but no credentials which I could use, but it was necessary to quickly confirm guest OS build. I was certain that there is a way to query such data from Hyper-V host without logging into guest and with no credentials. After some googling I was not able to find some simple command or one liner to pull this data (opening PS session into VM was not an option as it requires credentials), but I’ve found good function which does exactly what I need on Yusuf Öztürk blog, here it is:

Once you have this function, you can use it like this:

Sample output from this function:

Facebooktwittergoogle_plusredditpinterestlinkedinmail

K2 Five collation requirement changes

In the past I’ve wrote some blog post promoting documented K2 collation requirement. With release K2 Five this requirement changed and I guess I have to mention it on my blog as essentially it makes my old blog posts about required K2 database collation incorrect.

So recently (with release of K2 Five) all K2 documentation was updated and states that our requited collation now is “SQL_Latin1_General_CP1_CI_AS“. Where to find this information?

In K2 Installation and Configuration Guide you can find “SQL and Reporting Services Operational Requirements” section which says that:

– Case-sensitive databases are NOT supported.

– The following collation setting is required for the K2 database: SQL_Latin1_General_CP1_CI_AS

And as usually you can find the same information in K2 Product Compatibility, Integration and Support matrix:

What is good about this change is that SQL_Latin1_General_CP1_CI_AS will be default collation if you installing SQL Server on top of Windows Server which has been installed with US location/language settings – so at least some people will meet this requirement by accident.

What is bad is that collation requirement was just silently changed in documentation with release of K2 Five without any explanations. According to my current knowledge collation which was mentioned in documentation before was a requirement only for pre-4.6.11 versions of K2. So in case you are doing new installation of K2 4.6.11 or newer make sure that your SQL Server instance provisioned with SQL_Latin1_General_CP1_CI_AS collation.

Somewhat mixed blessing is change which was made to K2 Five installer to enforce this collation: what it does at the moment is just enforces this collation on K2 DB level while ignoring SQL Server instance level collation. So in case you not provisioned SQL Server instance with the right collation you will get an errors post installation and will be forced to change SQL Server instance level collation to fix this. That’s something that I hope will be corrected in K2 installer in the future so that it warns you about wrong instance level collation issues before you start your installation.

Conclusion: read vendor documentation carefully before doing your installation even if you did it many times before 🙂

Update (Feb 2018): Current guidelines are:

– For upgrade installations be sure to make SQL server instance and K2 DB collation are the same (in case you moving K2 DB onto new server)

– For clean installs I would suggest stick to Latin1_General_CP1_CI_AS (especially if you do 4.7 install). I will probably write more detailed post to explain this position later

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Unable to logon to K2 using AAD credentials: “WIF10201: No valid key mapping found for securityToken”

Problem: You unable to log on to K2 sites (Designer/Runtime/Management) using AAD credentials (AAD integration configured without SharePoint online as described here) and receiving the following error:

Resolution steps:

1) Open your K2 AAD app Federation Metadata Document using the following URL: 

https://login.microsoftonline.com/{YOUR_DIRECTORY ID}/federationmetadata/2007-06/federationmetadata.xml

2) Inside metadata XML document you need to search for a certificate value within <X509Certificate></X509Certificate> tags and copy it. You need very first value from <Signature> section. It looks like it gets changed from time to time causing this issue.

3) Open online Calculate Fingerprint tool and paste this value into X.509 cert field of this page, make sure sha1 selected as algorithm and click on Calculate Fingerprint button:

4) Navigate to K2 Management > Authentication > Claims > Issuers. Select your AAD issuer, click Edit and paste unformatted FingerPrint value into Thumbprint field of Edit Claim Issuer dialog:

This completes required changes, no K2 service restart required after this, and you can proceed to step (5) immediately.

5) Try AAD logon again, clearing browser cache if necessary.

And the most important part (if you use K2 4.7): You may see this error with a regular intervals of around 2 months or something if you run K2 4.7 without November 2017. Be sure to apply November 2017 CU to get support for rollover of the Azure Active Directory certificate thumbprints. You can see that this has been added in November 2017 CU as per CU release notes, K2 Five support this in its RTM version.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail

How to quickly grab K2 HTTPS certificate thumbprint using PowerShell

I’ve already mentioned this in my old blog post (along with GUI way for this task), but just posting this separately for better visibility/searcheability 🙂

In case you need to obtain thumbprint value of your K2 site HTTPS certificate (or any other certificate) you can use this PowerShell script:

If necessary you can put it into variable and reuse in other commands/script, just replace “Write-Host” with “$thumbprint = ” to store certificate thumbprint value in $thumbprint variable. Just don’t forget to change filter argument  “K2.domain.com” to something that is relevant for your certificate.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Configure K2 SmartForms for AAD Authentication

My post “Configure K2 SmartForms for AAD Authentication” has been just recently published on AcloudA Blog. But in addition to that I’ve already managed to revisit exactly the same process to see how it works in K2 Five Public RC which is already available to K2 clients upon request.

This article assumes that you have K2 Five Public RC installed and configured in your environment with on-premise AD or K2 SQL authentication and we now just want to add an AAD integration.

Beyond installed and configured K2 blackpearl and K2 SmarForms our prerequisites are AAD subscription (this has been covered in my previous article) and SSL configuration of K2 web sites (as usual for test purposes you can get away with self-signed certificate, and this is also covered in K2 Installation and Configuration Guide).

There are two big parts in setting up K2 and AAD integration: registering K2 SmartForms app in AAD and K2 side configuration of OAuth Resource and AAD label.

First part is fully covered in my previous article so I only going to go through K2 side configuration steps.

To begin configuration process, we need to open K2 Management site. As our first step here, we need to Register an OAuth Resource in K2. To do that we navigate to Authentication > OAuth > Resources and click on New button:

As you can see overall UI theme changed a bit in K2 Five from black to silver/gray and in New OAuth Resource form we now have two extra fields “Refresh Token Endpoint” and “Metadata Endpoint”. We now need to to type in resource name, select Microsoft Online as a resource type and enter Authorization and Token Endpoint values we recorded during AAD app registration, i.e. they should look as follows:

Token Endpoint value:

https://login.microsoftonline.com/{AAD_DIRECTORY_ID}/oauth2/token

Authorization Endpoint URL value:

https://login.microsoftonline.com/{AAD_DIRECTORY_ID}/oauth2/authorize

We leave Use Host Server Authorization Endpoint checkbox unchecked, and two new fields unfilled and click on OK button (see screenshot below):

Our next step is to edit client_id resource parameter of newly created OAuth resource. For that make sure that your “AAD” resource is selected in resource list and select client_id from the lest of Resource Parameters below and click on Edit button as shown below:

Once client_id edit dialog has been opened we just need to paste APPLICATION ID we saved during AAD app registration in all three fields of this box, i.e. we use it as a value for Authorization, Token and Refresh:

We next need to edit number of other parameters in the same fashion. We edit api_version resource parameter entering “1.0” for all values:

Next, we edit scope resource parameter entering reader as Authorization Value as shown below:

For all values of client_secret enter KEY we saved during AAD app registration:

We specify https://graph.windows.net for all values of resource parameter:

For redirect_uri we enter https://{YourK2Server}/identity/token/oauth/2 as Authorization and Token value:

For entity_id parameter we enter DIRECTORY ID of your AAD instance as a token value:

After all these edits you Resource Parameters for AAD resource should look like this:

We are now ready to add AAD security label in K2 (you can use something other than “AAD” as label name). For this we need to execute this SQL script or use sample script from K2 Installation and Configuration guide adjusting values for @OAuthProviderName and @SecurityLabelName variables. Be sure to back up your K2 database as you supposed to do before any direct modification of K2 database (I hope this is already your habit? If not try to form it 😊).

Once script has been executed, we need to restart K2 service to get this new label initialized/picked up by K2.

Our next step is to add new claim issuer from K2 Management site, for that navigate to Authentication > Claims > Issuers, click New and fill in New Claim Issuer form as shown below:

You need to specify the following values there:

For Issuer value you specify https://sts.windows.net/{DIRECTORY_ID}/, for URI value you specify https://login.windows.net/{DIRECTORY_ID}/wsfed. As a Thumbprint value you need to paste your FINGERPRINT VALUE. Pay attention to trailing slash in Issuer URL – do not omit it.

Next step is configuration of the Claim Mappings in K2. Claim mappings are used to identify the incoming claims and map them to the appropriate K2 security label. To do that we navigate to Authentication > Claims > Claims and click New:

In the New Claim Mapping form, we then select label and issuer we created earlier and fill in the form. We need to type in User and Group token identifiers and fill in all values under Identity Provider along with Original Issuer and Claim Type values under Identity section (see screenshot below).

Next, we need to configure the Realms and Audience URIs linking them with new issuer. For that, we navigate to K2 Management > Authentication > Claims > Realms and for every realm enable our AAD issuer, by means of selecting realm entry, clicking Edit and checking newly created issuer in Linked Issuers list:

Hooray! We can now navigate to our SmartForms URL and select our AAD and logon with AAD credentials:

Once label is selected you are redireted to Microsoft login page (https://login.microsoft.online.com) where you need to type in your AAD credentials and click Sign in:

 

What you going to see next obviously depends on which K2 site you were trying to access. And here things are a bit different in K2 Five – you actually won’t be able to access anything until rights will be granted. Both K2 Management and K2 Workspace are now essentially SmartForms based forms and you going to get related error messages when you don’t have access to them:

As for designer it seems it is also locked for AAD user, which was not the case in K2 4.7:

It looks like even designer is locked out by default, but bad thing that error messages not too user friendly to say the least.

This nudges us to perform our final configuration step. As we don’t have K2 Management rights we need to go and grant them, right? No changes between 4.7 and K2 Five here, before we will be able to read AAD data we need to obtain and cache AAD OAuth token for K2 service account and until that we only going to get this error message:

Error message tells us that OAuth token requires authorization and comes from K2 URM Service.

It means that we need to obtain OAuth token for K2 service account (URM Service runs in the context of this account). To do that perform the following steps (no changes here if we compare with K2 4.7):

1) Run SmartObject Services Tester (“C:\Program Files (x86)\K2 blackpearl\Bin\SmartObject Service Tester.exe”) in the context of your K2 service account using standard Windows “Run as different user” option.

2) Now the tricky part. Unfortunately, now, in K2 4.7 SmartObject Services Tester only allows you to perform authorization redirect only when you are creating new instance (this possibly will be addressed in upcoming K2 Five release). Thus, to get our K2 Service account token instead of touching URMService we will simply register new Azure Active Directory service instance (and you may want to have it anyway):

 

In Add Service Instance dialog we just switching Authentication Mode to OAuth, selecting our OAuth Resource (“AAD”) and typing https://graph.windows.net as OAuth Resource Audience value. We do not touch any other settings leaving them on default values as illustrated below.

Once you click on Next, you will get this message (once again this message appears only when you are adding new instance, not editing existing one!):

Once you hit OK browser window will be opened where you need to type in your AAD credentials. Important: you need an AAD user with Global administrator directory role for this action, otherwise you are going to see the following error:

If you remember one of the rights we granted to our app is “Read directory data” and as it is a directory wide access only global admin AAD user can grant consent to this right:

Once you type in your AAD global admin user credentials you just need to confirm that we are granting permissions mentioned above to the app:

Once you click on accept you should be redirected on your K2 Identity site (you may get Windows credentials prompt at this stage – type in your K2 service account credentials) and see “Authorization Successful” message:

This means that K2 service account token has been created and cached on your K2 server and you can see it in K2 Management > Authentication > OAuth > Tokens:

3) You can now get back to SmartObject Services Tester and click on Next, Add to finish creation of AAD Service Instance:

We now completed all the configuration steps and can grant rights to AAD users and use them in all K2 user pickers:

If we now trying to login to K2 sites using our AAD account prior to granting any rights both K2 Designer and K2 Workspace going to be available to him in default configuration (so Designer is still not locked out by default), but K2 Management is not accessible until you grant your user appropriate rights:

Of course, K2 Designer we see in K2 Five is completely different beast than it used to be, but discussing it is out of scope for this article, so I’ll just put only one screenshot of it below:

So, after repeating AAD integration configuration steps I can say that at least in K2 Five Public RC we don’t see any drastic changes when it comes to configuring AAD integration (though we can see couple of tiny changes but they don’t impact the overall process) – depending on your preference you can either refer to my old article to go through the entire process or use an old article only for AAD app set up part and this one for K2 configuration part.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Convert Server 2016 Evaluation to Licensed – “This edition cannot be upgraded”

The other day it was necessary to me to convert from activated Windows Server 2016 Evaluation to Licensed. As I had a key I thought it would be matter of clicking Change product key in GUI ant entering a new key. So you either wade through GUI till you find this Change product key link:

Or directly run “slui” command. Both actions will open up this window for you:

But if you try to type license 100% correct and valid product key on activated Evaluation machine you will get this error:

“This edition cannot be upgraded?” And it might be confusing, especially if you did a quick check on edition installed and prepared appropriate product key… But check again, for Evaluation versions, edition value contains word “Evaluation”, so it is not “Datacenter”, but “Datacenter Evaluation”:

Now it is clear what is complaining about. But how to make it to accept full product key? You can use DISM for this:

This will require reboot and some waiting but will convert your Evaluation license to full, provided that you entered correct product key.

Facebooktwittergoogle_plusredditpinterestlinkedinmail