Friday, May 22, 2009

Enabling Kerberos delegation with Application Service Architectures and SQL Server Analysis Services 2005


This document describes how to setup Kerberos delegation to authenticate an application windows service HTTP requests to SQL Server Analysis Services 2005. Additionally the steps for configuration that will follow become required when the application host machines are separated but exist within the same domain. More information can be obtained on this here.

Active Directory Setup

When making changes in Active Directory there is a requirement for you to have a System Administrator with permissions to invoke any of the changes needed below.

● The server which hosts your application windows services must be set to 'Trust this computer for Delegation (Kerberos
● All your AD user-accounts that will utilize your application windows service should have the setting "Sensitive: not allowed
to be delegated" disabled. This means that all these accounts should be allowed to be delegated.
● Register the Service Principal Names (SPN) described in this document in your Active Directory.

Service Principal Name Registration

If you do not have the Service Principal Name tool or SPN tool is part of the Windows Server 2003 and 2008 Support tools and can be found on your product CD. Alternatively you can download it from here.

Machine hosting your application windows service.

Check the registered SPN’s before you continue with the registration by issuing the following text from the command line:
setspn –l <domainName]\[serverHostName]

This command will list (-l) out the current SPN’s and the only one’s that should show up are as follows:


Protocol registration

setspn –a HTTP/<domainName>\<serverHostName> <serviceAccount>
setspn –a HTTP/<serverHostName>.<domainName>.com <serviceAccount>

Application Service registration

setspn –a <appWindowsServiceName>/<domainName>\<serverHostName> <serviceAccount>
setspn –a <appWindowsServiceName>/<serverHostName>.<domainName>.com <serviceAccount>

Note: The <serviceAccount> token we have used above will be referenced as the <serverHostName> token when the services are running as LocalSystem/NetworkService. Otherwise specify the Domain account that the services are running under.

Machine Hosting SQL Server Analysis Services

Check the registered SPN’s before you continue with the registration by issuing the following text from the command line:
setspn –l <domainName]\[serverHostName]

This command will list (-l) out the registered SPN’s. Typically the one’s that will appear are the same as noted above on your Application windows service machine.

SSAS Service registration

setspn –a MSOLAPSvc.3/<domainName>\<serverHostName> <serviceAccount>
setspn –a MSOLAPSvc.3/<serverHostName>.<domainName>.com <serviceAccount>

The <serviceAccount> token notes above equally apply.

Setup the clients

● The URL used to connect to the Application service web application http://<serverhostname>.<domainname>.com/) should be added to the trusted sites list in Internet Explorer
● To use Windows Integrated Authentication, the option ‘Automatic logon with current username and
password’ must be selected in the Security settings dialog box for the trusted sites zone, (Section:User authentication -Logon)

Sunday, May 3, 2009

Team City Addin for NUnit

Recently at our Virtual Alt.Net group I ran through getting a basic project up and running within Team City 4.0. During the demonstration we were lucky to have a couple of key insiders from Jet Brains join us in the discussion. During the presentation I was painfully hitting the proverbial brick wall of "fail", namely around getting my NUnit test results integrated into Team City's build reports. To save all of you from having to watch the video and to concisely put this rather simple issue to rest quickly, I have concluded at the bottom of this post steps requiring action to have your NUnit tests integrated within Team City. I would like to thank Yegor Yarko and Eugene Petrenko and all participating attendees who offered their assistance in getting this to work!

In order to integrate the NUnit Test runner, Team City requires a bit of additional configuration and the documentation is not as forthcoming as I would like. Hopefully this post will assist others who want to integrate their testing statistics into their build server's dashboard reporting.

Jet Brains indicates that they provide support for NUnit via an addin. The addin provides on-the-fly test coverage reporting integrated within Team City.
The screen to the left appears as an additional chart located within the Settings tab indicating Test Count.

The screen shot below is indicative proof that test reports are not configured correctly. The build itself however is successful. Notice that there are four tabs displayed, there should be five with a Tab named Tests.

When the NUnit test runner integration is correct the screen will appear as follows:

Click on the Tests tab and you can filter the tests by ignored, successful, failed, or all. Additionally you can view your tests by classes, suites, namespaces/packages, or all. This filtering capability is directly above the listing of tests in the screenshot below.

Configuration Steps

It is important to note that with the ensuing steps integration of the NUnit test runner is supported only from versions 2.4X and higher of NUnit.

  • Locate the nunit.console.exe.config file for the version of NUnit that you will be using. In this case I chose to use NUnit 2.4.8. The path to the file is C:\Program Files\NUnit 2.4.8\bin. Add the following XML to the config file save and close the file.

  • I defined a property for locating the NUnit console runner for version 2.4.8. This is optional of course I just find this a cleaner approach as I can reference this location with less noise later in the build script. Additionally its also worth noting that the version for NUnit's console runner does not have to match the version of NUnit referenced within your project's test assembly.

  • Copy the dll and pdb files for the Team City Nunit AddIn to the location defined above for the nunintconsole property and place the files within the newly defined directory of addins that is created within this task. Then the tests are executed by NUnit.

The Team City test runner for NUnit will work only for version's 2.4x and higher for NUnit. If anyone has some alternative configuration that has worked for them I would love to hear them.