SOAP Adapter – Confusing error with an untrusted Root Certificate Authority

I recently wrote about problems with two-factor authentication and installing a certificate in the correct certificate store. Well, we’ve had similar problems, this time securing the transport link on a SOAP adapter, which resulted in the following error:

Could not establish trust relationship for the SSL/TLS secure channel with authority ‘your machine name’. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

After some digging, it turns out that the problem is due to an untrusted certificate issuer (Certificate Authority) for the cert we were trying to use. Adding the root certificate to the list of Trusted Root Certification Authorities resolved the issue.

BizTalk 2004: EnlistOrch.vbs does not Correctly Set the Host

For those of you that still live in the wonderful world of BizTalk 2004 and use the EnlistOrch.vbs script, I noticed today that it will always use the default Host when starting, which is a bit annoying when you have set another host during binding and are scripting your deployment…..

I’ve updated the script to accept the Host you want the orchestration to use as a command-line parameter, this ensures that the orchestration will be started with the correct Host. Invoking the script now looks something like the following (note the new HostName parameter):

C:>EnlistOrch.vbs <OrchestrationName> <Assembly> <HostName> [Action]

An updated version of the script can be downloaded here.

SQL Server – Hotfix Available for Elevation of Privilege

Just a quick heads-up for those of you managing a SQL Server environment, it looks as though there is an important update for SQL Server versions 7.0, 2000 & 2005. Full details of bulletin MS08-040 are available on the Microsoft Security Bulletin Website – details are as follows (my emphasis):

This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

This security update is rated Important for supported releases of SQL Server 7.0, SQL Server 2000, SQL Server 2005, Microsoft Data Engine (MSDE) 1.0, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon).

The security update addresses the vulnerabilities by modifying the way that SQL Server manages page reuse, allocating more memory for the convert function, validating on-disk files before loading them, and validating insert statements.

The hotfix will be installed automatically by Windows Update (as it has just done on my development machine); you may want to check it on a non-production environment first to ensure there are no unwanted side affects.

BizTalk 2006 Message Archiving Component v0.4 – Proposed Enhancements

The BizTalk 2006 Message Archiving Component I released in March of this year on Codeplex has been received well by the BizTalk Community based on the e-mails I have received and downloads (156 source code downloads & 51 binary downloads):

Download StatisticsThe component allows messages to be written to the file system for archiving, it can be executed in either the Decode (Receive) or Encode (Send) stages and uses message context-properties to define the archive path. The component is written in a streaming fashion, is designed for large message consumption and can handle Xml, binary and flat-files. If you haven’t tried it yet, download a copy from Codeplex now.

I’m now starting to think about feature enhancements for the next version, 0.4; my current feature list is as follows:

  • Enabled/Disabled flag to allow easy on/off functionality at run-time
  • Archiving to database (rather than file)
  • Enhanced logging functionality
  • ‘Special’ macros to include values other than those taken from the context properties (e.g. %ReceivedFolderName% when messages are received via the file adapter)
  • MSI-based installer
  • Documentation!

Please feel free to add any further features or requests via the comments.