Absolutely fantastic resource that I just stumbled upon a little while ago that cobbles together all the SharePoint 2007 and SharePoint 2010 version numbers according to applied Service Packs and Cumulative Updates.  It’s part of a SharePoint site that was set up to support the book, SharePoint Designer – Step-by-Step:

How to find the level of SharePoint you are running?

And here’s the ironic part:  The book is published by Microsoft Press.  I seriously wonder if they ever get the left and right hands talking to each other, as this would be a rather smart page to have front-and-center on the Update Resource Center for SharePoint Products and Technologies.  This is asked so often in most SharePoint shops that I’m amazed this hasn’t been assembled by MSFT earlier.  It’s *vital* when you’re trying to align your DEV, STAGING and PROD boxes to a common patch level.

About four years ago I attended my first professional Scrum certification course.  It was facilitated by Mishkin Berteig of Berteig Consulting and paid for by the firm I was working for at the time (about $2000).  Held in a hotel conference room in Markham, I and about five other people went through the Certified Scrum Master curriculum as laid out by Ken Schwaber (co-creator of Scrum) and the Scrum Alliance in 2002.  It was an intensive three day course where we covered every aspect of Scrum, which I kind of already knew having stumbled upon the classic Schwaber/Beedle text in a used book store four years earlier and so began my love affair with “doing software right”.

Nevertheless, it was engaging and I enjoyed getting my skills independently assessed and verified.  At the end, I had my Certified Scrum Master designation, which was assessed by my instructor (no written exam necessary) and got my name added to a roster of 50,000 others from around the world who had done the same.

Professional Scrum Master vs. Certified Scrum Master Certification

Flash-forward to the present day:  I’ve just signed up to attend a Professional Scrum Master certification course in Boston, MA this Sept. 23–24 that’s being taught by Ken Schwaber himself.  Redundant?  Not really.

This course represents the first significant update to the curriculum since 2002, and since Ken’s split with the Scrum Alliance.  And after reading his blog post on Scrum.org, Genesis of Scrum.org and Professional Scrum Developer, I plan to disavow my CSM accreditation in favour of the PSM.  Why?  Because, as Schwaber himself once mused about the term “ROI”, the CSM designation has become rather worthless as the result of poor monitoring, assessment and dilution.  I won’t rehash what Ken’s eloquently written in his post, but suffice to say I find strong simpatico with the idea that certification/assessment should be about the skills and practices and not about creating and sustaining an industry of trainers and associated third-party vendors.

Professional Scrum Developer

However, what I find really exciting about the new direction and philosophy of Scrum.org and Ken’s work is the creation of the Professional Scrum Developer course in partnership with Microsoft, Accentient, Zuehlke, Pyxis, Adrena Objects, nTier, and codecentric.  For me, this has been a vital piece missing from the Scrum knowledge corpus:  It’s been assumed that developers just “know” how to develop – they’ve just been constrained by a bad SDLC (software development life-cycle).  In actuality, the rigor and discipline of Scrum needs developers to bring their “A” game to the fray, and in my experience very few developers possess even half the skills needed.

The PSD addresses this by giving attendees a dose of Scrum, the tools to use for either .NET or Java development, and the practices to become a world-class team member:  Test-Driven Development, Continuous Integration, Refactoring, Emergent Architecture, Evolutionary Database Development, Release Management, Shipping, “Done-Done”, Pair-Programming, Version Control and Acceptance Testing.  In short, just about everything I think should be taught in university Computer Science and Software Engineering degree programs.

I’m quite enthused to be attending this course, and even more so since I will be (re)learning the fundamentals of Scrum from its most passionate and motivated advocate, Ken Schwaber, which makes the designation that much more valuable.  I encourage anyone interested in Scrum to attend a PSM course irrespective of your background or role in your organization.  It’s money and time well-spent.

If you’ve been following this series (Part 1, 2, 3) you know the issue:  I’ve got a SharePoint 2010 VM with three web applications, each enabled for Claims Authentication using three separate ASP.NET Membership SQL Databases.  One out of the three works reliably (ie. login/off/as another user) while the other two require a weird hokey-pokey of authenticating in using Windows credentials before letting the FBA credentials work.

Today, I was on a call with “D”, the Escalation Support Engineer assigned to my customer’s case.  He demonstrated to me how he was able to get three 2010 web apps, each with their own SQL Membership Database all working.  Up and down, left and right, no questions asked.  Baffling to me.

So, we do an EasyShare on my VM and I demonstrate the problem once more:  Port 80, works fine.  Port 85 and 90, only work after using Windows credentials.

“Could you try using the machine name in the browser address bar instead of ‘localhost’ ?”, “D” asks.

“Sure.”

And dammit.  It worked.  Each of the three web apps allowed me to sign-in/out and in again as another user.

“D” isn’t done, however.  He tries using ‘localhost’ on his end.

“They all work on my VM whether I use ‘localhost’ or the machine name,” says “D”.

Raising More Questions than Answered

Well, ain’t that just peachy.  So, the apparent “fix” for my environment is to not use ‘localhost’.  But even that’s not quite right as the port 80 web app works up and down irrespective of the means I put into the addressbar.  So, I’m left even more confused:  Why on Earth is there no consistency in a vanilla environment?

I’ve got homework to do, before I can come to a closer definitive resolution.  “D” has asked me to re-build my web apps using his recommended web.configs – that will take an hour or so.  Then I need to ping him again to see where this goes.

What. Fun.

A short post to summarize the state of the matter revealed in my prior two posts (Part 1, Part 2) on the bizarre behaviours I've been encountering on behalf of my customer, Envision IT, with respect to SharePoint 2010 Claims Based Authentication. As indicated in my last post, we have initiated a support ticket with Microsoft to explore the issues we've seen (captured in a screencast that can be found in Part 2). This was sent to Premier Support, along with corresponding ULS logs: In the end, they had no explanation for what was causing the problems. 

So, I asked for an escalation to the next level which should be initiated some time today - I have no preconceived expectations here, but it would be nice to know why, precisely, FBA/CBA is such an untameable monster. In the interim, my customer opened a second support ticket to walk through setting up FBA on one of their integration servers that was acting ornery and not allowing the setting of permissions for Forms Based Users.

A bizarre (to me) outcome of this was the discovery that you don't need to add FBA users via User Policy in Central Administration for them to access a site collection. That's really, really, really interesting. Because just about every ounce of documentation that I've ever come across for setting up Claims requires this step to allow your FBA/Sql users into your web app. Even my first level of support indicated this as a required step. So what gives with that?

All this underscores a wide amount of confusion and lack of concise documentation from Microsoft on how to configure these environments successfully and repeatedly. Additionally, there is also the matter of IIS 7 integration when it comes to configuring the environments - effectively, you're better off modifying the web.config files for Central Admin, the Security Token Service and the target Web App manually rather than through IIS Manager. Part 4 should come later today or tomorrow.

Ongoing…

Following up on my earlier post, here’s the latest installment of my Riddle of the Three Failing SharePoint 2010 FBA Web Applications.  As you’ll recall, I’ve been experiencing some baffling authentication errors with SharePoint Claims Authentication web apps which prompted me to configure a “clean room” test on a VM that consisted of three vanilla publishing web apps, each set up for claims auth using a standard ASP.NET SQL Membership database.

What I discovered was that as I configured the web apps, things began to fail once I completed setting up the last one.  I found that the second web app wouldn’t let me in, then the first then all three.  For no apparent reason.

I escalated this to open a support ticket with Microsoft on the issue, which is ongoing.  However, I did want to show what we’re seeing as it is a variant on the above scenario.  Support believed the issue could be with the way we were configuring our connection strings and providers through IIS Manager, and recommended using modifications to web.config.  Six and one half dozen, I think, but ok.  Then things got weird.

So – same deal:  Three web apps, port 80, 85 and 90.  This time, port 90, the last one configured, works as advertised - solid.  The first two fail in a strange way where accessing one affects the other requiring authentication using Windows credentials and signing in as an FBA user once access is granted.  Sign out, however, and your FBA creds get denied.

The following screencast shows what we’re seeing – again, if you can set up a similar test environment to corroborate or refute, this would be helpful!  We’re running the RTM code and back-ended to a SQL 2008 R2 database.