Sunday, August 19, 2007

SQL Server Reporting Service woes

I just installed SQL Server 2005 on my home PC. When I opened http://localhost/reports to check out if my Reporting Service is working properly, I got the following error:

The report server has encountered a configuration error. See the report server log files for more information. (rsServerConfigurationError)

  • Access to the path 'C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\RSReportServer.config' is denied.


I found this post by Teo Lachev that shed some light on the problem. I figured that the rsreportserver.config file must be accessible by the MACHINE\ASPNET user. From Lachev's post, I figured I could right click on the file and simply add another user to the ACL (I remember doing that sometime). But when I click on the file, I dont find any security tab anywhere. I went up to the folder "C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer" and right clicked on it:

So I was fretting that I cannot edit the ACL for the file or the folder. I dont know if this is just my machine, or if this is generic. I somehow remember right clicking on a file/folder and adding another user to the ACL of that particular file/folder. But I have done that on my work machine which is part of a domain. Is it not possible to edit ACLs on a stand alone machine which is not part of a domain? Somebody please tell me that.

Meanwhile I was desperate to get my SSRS running, so I wrote this small code snippet in C# to add the ASPNET user to the ReportServer folder:
DirectoryInfo directoryInfo = new DirectoryInfo(@"C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer");

DirectorySecurity dirSecurity = directoryInfo.GetAccessControl();

try

{
DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
FileSystemAccessRule newAccessRule = new FileSystemAccessRule(new System.Security.Principal.NTAccount("MYCOMP", "ASPNET"), FileSystemRights.FullControl, AccessControlType.Allow);

directorySecurity.AddAccessRule(newAccessRule);
Directory.SetAccessControl(directoryInfo.FullName, directorySecurity);
}
catch (System.Runtime.InteropServices.SEHException sehException)
{
Console.WriteLine(sehException.Message);
}

catch (Exception e)

{
Console.WriteLine(e.Message);
}

After that when I viewed the ACL for this folder, I saw that ASPNET user was successfully added. But this still did not solve my problem. So I wrote a similar piece of code to allow full permissions to the ASPNET user for every file inside the ReportServer folder.

try
{
foreach (FileInfo fileInfo in directoryInfo.GetFiles())
{
FileSystemAccessRule newAccessRule = new FileSystemAccessRule(new System.Security.Principal.NTAccount("MYCOMP", "ASPNET"), FileSystemRights.FullControl, AccessControlType.Allow);
fileSecurity = fileInfo.GetAccessControl();
fileSecurity.AddAccessRule(newAccessRule);
File.SetAccessControl(fileInfo.FullName, fileSecurity);
}
}

catch (System.Runtime.InteropServices.SEHException sehException)
{
Console.WriteLine(sehException.Message);
}

catch (Exception e)
{
Console.WriteLine(e.Message);
}

After this when I tried to access the ReportServer website, it worked!! Anyway, this was just a one time fix. If I reinstall SQL Server again, then I might have run this code again. Is there some way to edit ACLs for a particular file/folder? Maybe I have not done enough searching.

Update: Found this link for the security tab: http://www.mydigitallife.info/2006/07/19/missing-or-no-security-tab-found-in-windows-xp-professional/

SQL Server Reporting Service woes

I just installed SQL Server 2005 on my home PC. When I opened http://localhost/reports to check out if my Reporting Service is working properly, I got the following error:

The report server has encountered a configuration error. See the report server log files for more information. (rsServerConfigurationError)
  • Access to the path 'C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\RSReportServer.config' is denied.
I found this post by Teo Lachev that shed some light on the problem. I figured that the rsreportserver.config file must be accessible by the MACHINE\ASPNET user. From Lachev's post, I figured I could right click on the file and simply add another user to the ACL (I remember doing that sometime). But when I click on the file, I dont find any security tab anywhere. I went up to the folder "C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer" and right clicked on it:

So I was fretting that I cannot edit the ACL for the file or the folder. I dont know if this is just my machine, or if this is generic. I somehow remember right clicking on a file/folder and adding another user to the ACL of that particular file/folder. But I have done that on my work machine which is part of a domain. Is it not possible to edit ACLs on a stand alone machine which is not part of a domain? Somebody please tell me that.

Meanwhile I was desperate to get my SSRS running, so I wrote this small code snippet in C# to add the ASPNET user to the ReportServer folder:

DirectoryInfo directoryInfo = new DirectoryInfo(@"C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer");
DirectorySecurity dirSecurity = directoryInfo.GetAccessControl();
try
{
DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
FileSystemAccessRule newAccessRule = new FileSystemAccessRule(new System.Security.Principal.NTAccount("MYCOMP", "ASPNET"), FileSystemRights.FullControl, AccessControlType.Allow);

directorySecurity.AddAccessRule(newAccessRule);
Directory.SetAccessControl(directoryInfo.FullName, directorySecurity);
}

catch (System.Runtime.InteropServices.SEHException sehException)
{
Console.WriteLine(sehException.Message);
}

catch (Exception e)
{
Console.WriteLine(e.Message);
}


After that when I viewed the ACL for this folder, I saw that ASPNET user was successfully added. But this still did not solve my problem. So I wrote a similar piece of code to allow full permissions to the ASPNET user for every file inside the ReportServer folder.

try
{
foreach (FileInfo fileInfo in directoryInfo.GetFiles())
{
FileSystemAccessRule newAccessRule = new FileSystemAccessRule(new System.Security.Principal.NTAccount("MYCOMP", "ASPNET"), FileSystemRights.FullControl, AccessControlType.Allow);
fileSecurity = fileInfo.GetAccessControl();

fileSecurity.AddAccessRule(newAccessRule);
File.SetAccessControl(fileInfo.FullName, fileSecurity);
}
}

catch (System.Runtime.InteropServices.SEHException sehException)
{
Console.WriteLine(sehException.Message);
}

catch (Exception e)
{
Console.WriteLine(e.Message);
}


After this when I tried to access the ReportServer website, it worked!! Anyway, this was just a one time fix. If I reinstall SQL Server again, then I might have run this code again. Is there some way to edit ACLs for a particular file/folder? Maybe I have not done enough searching.

Update: Found this link for the security tab: http://www.mydigitallife.info/2006/07/19/missing-or-no-security-tab-found-in-windows-xp-professional/

Wednesday, August 01, 2007

Why my friends dont do business with ICICI

Many of my friends got ICICI accounts; mostly because it is the into which our monthly salary is credited. All of my friends then move their money into their respective primary accounts with other banks. One of them uses UTI, another uses SBI, while a third one uses HSBC. I always wondered why. I always kept my money in the same account cos I thought that its easier having centralized control over your money.....having a S/B account, a credit card account, and a demat account integrated....having access to your money from so many ATMs, 24 hour telephone access and so many branches.

When I studied elementary distributed systems, I read that it is not a good idea to have a single point of failure. Unfortunately for me, and also for ICICI, we both learned it the hard way. All this while, when I kept a large part of all my money with a single bank, I did not pay much attention to the theory I studied in college earlier.

Today I ordered for a Demand Draft from ICICI (over phone banking) which was for a pretty big amount. I need it urgently as my brother needs to pay his university fees tomorrow. I was told by the phone banking officer that the DD will be ready in 1 hour and that I may collect it from any branch I wish. I decide that I will pick it up from the Mulund (W) branch.

When I reach the branch, I am told that ICICI bank systems are down and that they cannot access any information and hence cannot process my DD. Apparently none of the people at ICICI's operations and computer systems department knew anything about distributed systems and fault tolerance. They thought that having their back end servers at one location would be fine, and that their customers will be fine if a fire breaks out and if all their servers go down. The customer relationship officers at the bank are noncommittal: I wait for over two hours; but no avail. Oh and since even I have a single point of failure i.e. all my money in a single bank, I cannot withdraw money so that I could get the DD done from another bank.

But luckily for me, I dont claim to have thousands of satisfied customers, and that I can correct my situation of a single point of failure by moving bulk of my transactions to other banks. The service and policies of ICICI also motivate me to do that. A bank loses its credibility the moment it does not allow its customers to access their own money. That happened today. It was certainly because of a technical problem, but they should have done their homework better. It is going to cost them a lot more, maybe even a few customers like me.

My travails dont end here. I finally am able to withdraw the maximum amount of money allowed by their ATMs (some of them are working incidentally), but this amount is far lesser than the total amount of the DD. I still need to withdraw the rest of the money tomorrow. All this in the hope that I can give the money to my brother and that he can get the DD done from some other bank tomorrow. I was told at the bank that I will be able to cancel the DD using phone banking as that is the medium I used to place the order. Wonder of wonders.....when I call up, the phone banking officer tells me that the transaction is now in the scope of the branch now, and that I cannot cancel over telephone. I will actually have to walk into the same branch again and beg them to cancel the DD now as it is of no use to me any more, and plead with them to not charge me any cancellation fee. Sometimes just getting a particular service is not everything; it is important that you get it on time.

Well, all this made me recall my the fault tolerance chapter from distributed systems. I am certainly going to apply it in real life by moving my transactions to some other banks that really work when you need them to.

Why my friends dont do business with ICICI

Many of my friends got ICICI accounts; mostly because it is the into which our monthly salary is credited. All of my friends then move their money into their respective primary accounts with other banks. One of them uses UTI, another uses SBI, while a third one uses HSBC. I always wondered why. I always kept my money in the same account cos I thought that its easier having centralized control over your money.....having a S/B account, a credit card account, and a demat account integrated....having access to your money from so many ATMs, 24 hour telephone access and so many branches.

When I studied elementary distributed systems, I read that it is not a good idea to have a single point of failure. Unfortunately for me, and also for ICICI, we both learned it the hard way. All this while, when I kept a large part of all my money with a single bank, I did not pay much attention to the theory I studied in college earlier.

Today I ordered for a Demand Draft from ICICI (over phone banking) which was for a pretty big amount. I need it urgently as my brother needs to pay his university fees tomorrow. I was told by the phone banking officer that the DD will be ready in 1 hour and that I may collect it from any branch I wish. I decide that I will pick it up from the Mulund (W) branch.

When I reach the branch, I am told that ICICI bank systems are down and that they cannot access any information and hence cannot process my DD. Apparently none of the people at ICICI's operations and computer systems department knew anything about distributed systems and fault tolerance. They thought that having their back end servers at one location would be fine, and that their customers will be fine if a fire breaks out and if all their servers go down. The customer relationship officers at the bank are noncommittal: I wait for over two hours; but no avail. Oh and since even I have a single point of failure i.e. all my money in a single bank, I cannot withdraw money so that I could get the DD done from another bank.

But luckily for me, I dont claim to have thousands of satisfied customers, and that I can correct my situation of a single point of failure by moving bulk of my transactions to other banks. The service and policies of ICICI also motivate me to do that. A bank loses its credibility the moment it does not allow its customers to access their own money. That happened today. It was certainly because of a technical problem, but they should have done their homework better. It is going to cost them a lot more, maybe even a few customers like me.

My travails dont end here. I finally am able to withdraw the maximum amount of money allowed by their ATMs (some of them are working incidentally), but this amount is far lesser than the total amount of the DD. I still need to withdraw the rest of the money tomorrow. All this in the hope that I can give the money to my brother and that he can get the DD done from some other bank tomorrow. I was told at the bank that I will be able to cancel the DD using phone banking as that is the medium I used to place the order. Wonder of wonders.....when I call up, the phone banking officer tells me that the transaction is now in the scope of the branch now, and that I cannot cancel over telephone. I will actually have to walk into the same branch again and beg them to cancel the DD now as it is of no use to me any more, and plead with them to not charge me any cancellation fee. Sometimes just getting a particular service is not everything; it is important that you get it on time.

Well, all this made me recall my the fault tolerance chapter from distributed systems. I am certainly going to apply it in real life by moving my transactions to some other banks that really work when you need them to.