Monday, June 30, 2008

BDC Crawl Missing Security Identifier

SOLUTION - We rebuild the SSP

Error: I ran across the interesting little error with the BDC which I did not expect. You may know that in the Share Service Provider (SSP) you need to give user permissions to the BDC. Well you may come across this error when you index a content source that is using the BDC:

The parameter is incorrect. (Could not create a security identifier for the identity 'XXX\YYY'. This identity may have been deleted.)

Symptoms: If you view the BDC content source crawl log there will be no errors however this error will be listed as an error in the Crawl Settings for search itself. This error will be created for every record that was indexed.

Cause: Well I found out that the user account in question had been deleted from Active Directory.

Resolution: To resolve the issue I had to remove the user account from the Business Data Catalog permissions as well as from all the BDC applications and entities permissions. Once I did that, run a full index, and everything will work.

Background: The first question I had was why are there no errors on the BDC content source? Knowing what I know about the BDC I suspect this is what occurred. First, there are connection errors to the BDC data source (SQL Server in this case); for instance there were no access issues to the database or the database objects that were being used in the Application Definition File (ADF). Second, knowing this I can only assume there is an error with the way the index is being built. Basically the error is in reference to the validation of Active Directory account that has permissions to the BDC application and its entities.

Deeper Dive: Digging a little deeper the following is the root of the issue. Many developers create an ADF using a tool or by hand and may not add an AccessControlList node. These nodes get added to the ADF when permissions are added in Central Administration. The AccessControlList can be added to both the LobSystem and Entity nodes.

The AccessControlList nodes must be added to the ADF prior to it being crawled. This is why if an administrator goes to Central Administration and gives a user or a group permission to the BDC, they must do a new full index of the BDC content source.

The following is an example the AccessControlList. In this example, account XXX\YYYY is being given full rights. This XML can be added to both the LobSystem and Entity node.

<AccessControlEntry Principal="XXX\YYYY">
<Right BdcRight="Edit" />
<Right BdcRight="Execute" />
<Right BdcRight="SetPermissions" />
<Right BdcRight="SelectableInClients" />

Avoiding this Error: The error is occurring because the account XXX\YYYY does not exist in Active Directory account. It is recommend that permissions through a Active Directory group to minimize the occurrence of this error.

Friday, June 6, 2008

K2 blackpoint Questions and Answers

Here are some common questions that you may ask about K2 blackpoint.

Q: We already have blackpearl does blackpoint fit into the picture?

A: All the functionality in blackpoint will be rolled into blackpearl. Blackpoint is targeted toward organizations that want workflow beyond what SharePoint workflow can provide but may not need all the capabilities, such as Visual Studio and SmartObjects that blackpearl includes.

Q: Can I use blackpoint with WSS, Microsoft Forms Server and MOSS?

A: K2 blackpoint can be used with either Windows SharePoint Services v3 or Microsoft Office SharePoint Server. Microsoft Office Forms Server to provided for web-enabled InfoPath forms.

Q: Can I use SharePoint 2003?

A: SharePoint 2003 is not supported.

Q: Can I use blackpoint on a load balanced SharePoint farm?

A: Yes, K2 blackpoint can be used to provide workflow capabilities for any number of SharePoint web front-ends in a SharePoint farm.

Q: What servers in my SharePoint farm do I have to install this on?

A: The K2 blackpoint server components can be installed on a non-SharePoint server or on any of the SharePoint servers depending on how the farm is being scaled. On each SharePoint server, a set of web services is installed to facilitate communication between the SharePoint server and the K2 blackpoint server.

Q: Will I need administrative rights to install?

A: Yes, the install requires a user with local administrator rights on the server.

Q: Will this install anything on my SharePoint central administration site?

A: Yes, the K2 blackpoint install adds a tab to the Central administration site that provides access to administrative pages and tasks for managing the integration between K2 and SharePoint.

Q: Do you do solution or feature deployment?

A: Components such as our K2 web parts are deployed via solution deployment. Other components, such as our SmartObject creation capability are deployed as features and can be activated on a per site collection basis. K2 blackpoint processes are deployed to the K2 blackpoint server and do not reside directly on the SharePoint server.

Q: Can I extend the templates in K2 Studio?

A: No, existing templates in K2 Studio cannot be extended, but custom templates can be built and surfaced within the K2 Studio environment.

Q: Can I get to the code in K2 Studio?

A: No, code-level access is not available in K2 Studio.

Q: Do I have to use a process portal to manage my process?

A: Yes, K2 blackpoint makes use of Process Portals to provide access to all administrative and management tasks related to processes

Q: Microsoft says SharePoint has workflow, what does this do that it does not?

A: K2 blackpoint extends on the out-of-the-box SharePoint workflow capabilities by including a drag-and-drop Office-style process designer, functionality to manage all aspects of your SharePoint environment including lists, libraries and sites, a more in-depth set of reporting capabilities and improved task management capabilities such as delegation and redirection.

Q: Why wouldn't I just want to use built-in workflow in SharePoint?

A: SharePoint workflow provides basic process capabilities for managing documents and list items in SharePoint. However, more complex tasks, such as complex routing rules, escalations or managing lists, libraries and sites in SharePoint can be very difficult and in most cases requires a developer to write code to provide the functionality. K2 blackpoint provides all of these capabilities and more out of the box, without the need to write any code.

Q: Can't I do all this in SharePoint Designer?

A: No, many more complex tasks require a developer to write code to provide the same functionality that is included out of the box in K2 blackpoint. The K2 blackpoint comparison document compares features that are available in SharePoint Designer compared to K2 blackpoint.

Q: How does K2 blackpoint scale?

A: K2 blackpoint can be scaled to support multiple SharePoint servers. K2 blackpoint does not have to be installed no every SharePoint web front end of the farm, it is server unto itself. They can be clustered on their own dedicated resources, load-balanced, and be a highly available workflow environment.

Q: Can I upgrade to K2 blackpearl later?

A: Yes, when your workflow needs become more complex over time K2 provides the ability to easily upgrade to K2 blackpearl.

Thursday, June 5, 2008

June K2 blackpoint Community Webcasts

K2 is providing some community web casts on K2 blackpoint. It is open to anyone. If you want to see it in action and ask some questions here is a place you can do it in. No upfront information needs to be provided. Just attend and check it out!

Tuesday June 17, 2008 11:00am-12:00PM CST (GMT-06)

Subject: blackpoint Webcast
Start Time: Tuesday, Jun 17, 2008 9:00 AM PDT
End Time: Tuesday, Jun 17, 2008 10:00 AM PDT
Attendee URL:
Meeting ID: 7CND7W
Attendee Entry Code: w;26H9&Pd
Location: Live Meeting
Toll free: +1 (888) 233-7876
Toll: +1 (719) 234-7876
Participant code: 733479

June 19th meeting from 6pm – 7pm Central Time. (GMT -06)

Subject: blackpoint Webcast
Start Time: Thursday, Jun 19, 2008 4:00 PM PDT
End Time: Thursday, Jun 19, 2008 5:00 PM PDT
Attendee URL:
Meeting ID: CK67B6
Attendee Entry Code: w;26H9&Pd
Location: Live Meeting
Toll free: +1 (888) 233-4650
Toll: +1 (719) 234-7876
Participant code: 733479

K2 blackpoint Released for SharePoint Workflow

K2 blackpoint has now been released. I have known about it but was told to keep quiet about it. Now it is out and I am extremely excited. I will make time soon to try out the beta bits that I have access to and get some information out there.

So what is K2 blackpoint? It is K2 response to providing workflow environment that power business and technical users can author workflows. It is skinned in a MS office look and feel environment. Check out the blackpoint website to get some more information. K2 blackpoint provides this perfect middle ground between K2 blackpearl and SharePoint Designer/WF workflows (comparing blackpearl to WF).

The deal is this. Building workflow in SharePoint Designer is flat out limited in scope and scalability. Building in WF requires a significant effort. Building in K2 blackpearl gets you past many of the challenges of WF however it still requires some effort and knowledge with Visual Studio. K2 blackpoint provides SharePoint users the ability to build workflows that can pretty much do anything with MOSS.

The cost of K2 blackpoint is awesome.

  • $5,000 for 200 users
  • $10,000 for 500 users
  • $15,000 for unlimited

Pretty much a no brainer. I am so excited about this!

So what is the real difference between K2 blackpoint and blackpearl? I equate it to the difference between WSS 3.0 and MOSS. The comparison worksheet on blackpoint website spells it all out.

So what's in K2 blackpoint?

  • A studio environment.
  • Deployable on WSS 3.0 and MOSS.
  • Many usability enhancements not available in Visual Studio.
  • ALL of their SharePoint events (way more than what WF or SharePoint designer provide)
  • InfoPath client events
  • client events
  • Mail events
  • Web Service events
  • Process Portals (totally awesome)
  • User specific task list
  • Escalations, delegations
  • SharePoint and workflow only SmartObjects (Workflow SmartObjects are all of the SmartObjects you get for free as part of the process definition. SharePoint SmartObjects allow you to get access to much of the data stored in SharePoint).
  • New SharePoint Service Object with server side filtering and dynamic features
  • data provider for custom reports and pages.
  • Out of Office
  • Extendibility
  • Create custom event wizards
  • Create your own reports
  • Out of the box reports

So what's not in K2 blackpoint?

  • Visual Studio integration (ok – had to say it)
  • SmartObject Designer (You cannot create your own SmartObjects. You will have to build up or utilize existing services. The web services template or custom event wizards can be written to satisfy that. If you have data integration requirements, I would not discount want SmartObject bring to the table from the ability to create workflows in a rapid fashion.).
  • K2 Workspace (this is a valuable tool and some of the functionality it provides is available by blackpoint)
  • Custom report design tool that is in the K2 Workspace
  • SmartForms
  • SmartFunctions
  • Simulation
  • Code editing (Reality as workflows get complicated it is very hard to avoid writing custom code. With K2 blackpoint you are forced to create custom event wizards to implement custom code. I would not cheat and implement custom code in a web service just so you can call it from a blackpoint. As well, there are times you need to have custom code events that work with process and activity instance data. Now there is more effort to do custom code and the this should be a consideration of the scalability of the process.).
  • K2 connect

I will be working up some things soon on K2 blackpoint…