Powershell DSC Securing Credentials

The LocalConfigurationManager setting like this will not work.
Node @($AllNodes.Where{$_.Role -eq "WebSphereEsb"}.NodeName)
CertificateId = $Node.Thumbprint
DebugMode = 'None'

Sync the LCM using this SyncLcm function ( use the DistributeEncryptionCertificate to distribute the required certificates first )

function SyncLcm
param($nodeName, $certificateId)
Configuration LcmConfiguration {
Node $nodeName {
Settings {
CertificateId = $certificateId
DebugMode = 'None'
$CimSession = New-CimSession -computerName $nodeName
Set-DscLocalConfigurationManager -Path .\LcmConfiguration -CimSession $CimSession
Get-DscLocalConfigurationManager -CimSession $CimSession
Remove-CimSession -CimSession $CimSession
} $nodeName $certificateId

function DistributeEncryptionCertificate
$certFile=Get-Item $certFileFileFullName
$computerName = $_.NodeName
$certFile=Get-Item $certFileFileFullName
Write-Host "Copying $certFileFileFullName to \\$computerName\Releases\Setup\$($certFile.Name)"
if (-not(Test-Path "\\$computerName\Releases\Setup"))
New-Item "\\$computerName\Releases\Setup" -Force -type Directory |Out-Null
Copy-Item $certFileFileFullName "\\$computerName\Releases\Setup\$($certFile.Name)" -force
Write-Host "Completed $certFileFileFullName to \\$computerName\Releases\Setup\$($certFile.Name)"
Invoke-Command -ComputerName $computerName -ScriptBlock {
param([IO.FileInfo] $CertFile ,[string] $CertPassword,[string]$StoreScope='LocalMachine',[string]$StoreName='My')
Write-Host "Importing $CertFile ..."
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store $StoreName,$StoreScope
$certs = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$certs.Import($CertFile, $CertPassword, $flags)
Remove-Item $CertFile -Force
Write-Host "Complete importing $CertFile."
Write-Error ("Error importing '$certfile': $CertFile") -ErrorAction:Continue
throw $_
} -ArgumentList @("$localReleaseFolderFullName\Setup\$($certFile.Name)", $password)

Posted in Uncategorized | Leave a comment

Service Virtualization and test automation with CA LISA -First Encounter

I was given a set of .mar files. It’s basically a compressed file of a lisa project. There were two types – the test suites and the virtualized services definition.  Like most test code they should be sourced controlled and built together with the code targeted for testing(in this case it is the integration code). As I have only started to force the conversation about source controlling and versionning test artefacts with the test team, I am not sure if there are plugins into version control systems like Subversion, TFS or Git.


Before we get going we’ll need to basically setup the pathfinder agents on the integration servers and allow them to redirect the service access to LISA registry server where the virtualized services are deployed/registered. The exact prerequisites are shown below (in the form of a powershell based DSC(desired state configuration) language that I’ve put together ) :

File LisaAgentJars @{

FileEdit LisaCustomOptInclusion @{
FileFullName=("{0}\{1}\{2}" -f $Node.WmInstallRootPath,$Node.IntSvrInstallType,$Node.IntSvrSetEnvRelativePath)
ContentSpec=@(@{Name='LisaCustomOptBlock';Pattern='(?<Pre>if "%PROFILER_ENABLED%"=="true" \([\w\W]+\))[\W]*(if "%LISA_AGENT_ENABLED%"=="true" \([\w\W]+\))?';Value="`$`{Pre`}`r`n`r`nif `"%LISA_AGENT_ENABLED%`"==`"true`" (`r`n set JAVA_CUSTOM_OPTS=%JAVA_CUSTOM_OPTS% %LISA_AGENT_OPTS%`r`n)"})


FileEdit ConfigureLisaAgentOpts @{
FileFullName=("{0}\{1}\{2}" -f $Node.WmInstallRootPath,$Node.IntSvrInstallType,$Node.IntSvrSetEnvRelativePath)
ContentSpec=@(@{Name="LISA_AGENT_OPTS";NextLineAfterText="set JAVA_PROFILER_OPTS=";Value=('-javaagent:{0}/LisaAgent2.jar=url=tcp://{1}:{2},name=lisa_{3}_{4}_{5}_{6}' -f $Node.LisaAgentPath,$Node.LisaRegistryServer.HostName,$Node.LisaRegistryServer.Port,$Node.EnvironmentName,$Node.Name,$Node.EnvPurpose,$Node.Role.Replace($Node.ISRolePrefix,''))})

FileEdit EnableLisaAgent @{
FileFullName=("{0}\{1}\{2}" -f $Node.WmInstallRootPath,$Node.IntSvrInstallType,$Node.IntSvrSetEnvRelativePath)
ContentSpec=@(@{Name="LISA_AGENT_ENABLED";NextLineAfterText="set PROFILER_ENABLED=";Value=$Node.EnableLisa})}

Deploying the virtual services & running the test cases 

Deploying the virtual services is simply executing the VSEManager.exe (on the machine where LISA Workstation is installed) with the virtual service definition mar file.

Invoke-Expression "&$vseMgrCmd --registry $registryServer/Registry --deploy $virtualServiceFileFullName"

Running the test case involve calling the testrunner.exe, I’ve wrapped this call in a powershell function below :

function RunTest
param($testRunnerCmd, $registryServer, $testCasesFileFullName, $categories)
#todo reintroduce -m $registryServer/Registry when we've figure out the issue how to register the result on a different registry server"
$rawResult=Invoke-Expression "&amp;$testRunnerCmd -mar $testCasesFileFullName -a"

$resultLinePattern="Exiting with exit code (?&lt;$resultExitCodePatternGroupName&gt;   [\d]+) \((?&lt;$resultPatternGroupName&gt;[\w]+)\)"
if(@($rawResult|where{ $_ -match $resultLinePattern}).Count-gt 0 )

Results and opinions

The test summary returned from the CLI(command line interface) is insufficient. I’d expected the following but its not available

  • Total Test Case
  • Total Tested
  • Total Aborted, provide test case list & short description of reason
  • Total Pass
  • Total Fail, provide test case list & short description of reason

It seems that in order to get these information I will need to use regular expression to pick up the id for the test session and use that id to query the database for these details. I am frowning at this point.

Also it doesn’t seem to reliably report the test run result, the log indicated a SUCCESS at the end even though an abort was detected at the beginning.

014-11-06 23:54:16,117Z (10:54) [ActiveMQ Transport: tcp://— WARN com.itko.lisa.testing.TestAuditor – Aborting test with Term Event Term: event = [‘Abort’] Fail message: The test case failed (executed the abort node).
2014-11-06 23:54:18,114Z (10:54) [main] INFO com.itko.lisa.coordinator.TestRunner – There were 0 failed tests[]
2014-11-06 23:54:18,114Z (10:54) [main] INFO System.out – There were 0 failed tests[]

2014-11-06 23:54:18,114Z (10:54) [main] INFO System.out – Exiting with exit code 0 (SUCCESS)

Posted in Uncategorized | Leave a comment

Adding automated tests with service virtualization to the CI story

If any organization is thinking about continuous integration/delivery then automated environment provisioning and automated test would be the two things to be busy about.

Service virtualization allows you to cheat automated environment provisioning and this is particularly useful if you have an integration layer ( e.g. products – Software AG’s webMethods, IBM WebSphere, etc ) which talks to a huge set of external/core services and possibly databases. One promise of a service virtualization product is the ease of creation and maintenance of the virtualized services. If the product lives up to this promise then the strategy would be to first automate provisioning of simple core services, databases and the integration layer and virtualized the remaining complex core services. You’d need to virtualized the external services as well.

Side note – If you have to consider the things that I am talking about it is likely that the databases are large, so it is inconceivable not to consider a product like Delphix.

In subsequent posts I will provide my experience working with a service virtualization product that I have access to.

Posted in Uncategorized | Leave a comment

WinRM service cannot start ( Win2003 SP2 with IISAdmin )

Setup ($psversiontable)

CLRVersion 2.0.50727.3643

BuildVersion 6.0.6002.18111
PSVersion 2.0
WSManStackVersion 2.0
PSCompatibleVersions {1.0, 2.0}
PSRemotingProtocolVersion 2.1


1) WinRM service starts perfectly on bootup.

2) After stopping WinRM service, it cannot be restarted. An error(-2144108526 80338012) occurs on trying to run winrm quickconfig. IISRESET fails.

3)  If you set up Windbg on WinRM services as described here, you will notice 2 things :

i) WinRM service can start

ii) When calling starting a PSSession, an exception like this occurring ( could be possible this is not related ) :

ModLoad: 4e7c0000 4e81d000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.WinHTTP_6595b64144ccf1df_5.1.3790.4929_x-ww_00269083\winhttp.dll
(b90.f78): C++ EH exception – code e06d7363 (first chance)
ModLoad: 777b0000 77833000 C:\WINDOWS\system32\CLBCatQ.DLL
ModLoad: 77010000 770d6000 C:\WINDOWS\system32\COMRes.dll
ModLoad: 77b90000 77b98000 C:\WINDOWS\system32\VERSION.dll
(b90.f78): Unknown exception – code 000006d9 (first chance)


Given that I have spent one long late night and several days with this nagging issue lingering at the back of my mind, I was just happy to go this workaround (let me know if there is a fix) : 

i) Make a copy of svchost.exe and name it to newsvchostname.exe

ii) HKLM\System\CurrentControlSet\Services\WinRM

– edit the ImagePath to launch newsvchostname.exe instead of svchost.exe

( Inspiration from setting up windbg🙂 ).

Possible Cause

With hints (from the debug process) like :

i) an exception occurs right after loading Version.dll

ii) WinHttp being loaded from WinSxs

iii) WinRM service being able to start from another process

iv) IISRESET has a failure 

v) Mentions by blogs and documentation that WinRM is dependent on WinHttp, just like IIS.

..suggest, that there is an issue with svchost resolving which version of WinHttp to use for WinRM given that it has loaded a version of WinHttp for IIS. 


If it is a new install of WinRM, remember to reboot your machine first. The issue I had was one that stayed on even after many reboots.

Posted in SwDev.ALM | Tagged , , | Leave a comment

Ensuring correctness of multithreaded programs

There are many efforts to make multithreading less daunting to the typical software developer. The most recently introduced example in .net is the async-await asynchronous operation written with a sequential code flow.

Equally, if not more important is the ability to reliably recreate a bug.  The absence of a tool to recreate that specific interleaving ( steps and threads combination ) is the reason these Heisenbugs lurks around the corner. Microsft research team did a wonderful job to release CHESS ( later packaged in Alpaca ) to close this gap.

Here’s a look at the test runner application ( alpaca )

The code below shows how to include methods for the test runner to run.

// namespace/library to include
using Microsoft.Concurrency.TestTools.UnitTesting;
using Microsoft.Concurrency.TestTools.UnitTesting.Chess;

// attributes to let Alpaca recognize/configure this test method
[ChessTestContext(MaxExecTime = 30)]
public void SimulateUserSearchAction()
  var thread = new Thread(() =>{
		_window = new Window{Height = 70, Width = 100};
		_controlUnderTest= new SearchTextBox
} :

After the run with a good variation of interleavings, you can recreate an occurring bug by right clicking on the errors :

This will bring up visual studio ( if you are using Visual Studio 2010, go to Debug->Window->Parallel Stack, to view the stacks of each thread and clicking on the stack line bring you to the offending code )

The alpaca tool helps you to ensure correctness of your multithreaded code, for example :

  • Deadlock & LiveLock
  • Data Race
  • Atomicity
It appears to be integrated with Visual Studio 2008 test development environment but not Visual Studio 2010. I hope it gets included in the latest Visual Studio some day. 

Here’s a link the the introductory video.

Posted in SwDev.Multithreading | Leave a comment

Observing trends and extrapolating for the future

The trend that stood out in George Friedman’s book “The next 100 years ( A forecast for the 21st century )” for me was:

  1. The US goes through a cycle (~ 50yrs apart ) :

(i) founders to pioneers ( Washington – failed presidency of John Adams ) : Upon achieving independence, continue to support the upper end of the society. Shifted from stable currency  to protect investors to cheap money to protect debtors – pioneer farmers majority.

(ii) Jackson to the failed presidency of Ulysses S. Grant, cheap money had made investments unattractive for the now rich class of farmers. The new solution was strong and higher interest to encourage investments, fueling industrialization.

(iii) Rutherford B Hayes to the failed presidency of Herbert  Hoover. The industrialization improved productivity while at the same time immigration added to the oversupply of labor. The new solution involved transferring wealth from the rich to the masses – building the middle class in order to increase consumption. Consumerism.

(iv) Franklin Roosevelt to the failed presidency of Jimmy Carter. The transferring of wealth from rich to the masses came in the form of high tax rates for the rich and the many form of credit facilities for the masses. This made investment unattractive.

The current cycle starts with Reagan , he improved the supply side of investments while maintaining consumption through low taxes across the board. Expensive government services, social safety nets and economic guarantees conversely coupled with low tax rates and  consumption imbalance(compare to the rest of the world) is stressing the international debt market.

Some of the extrapolation worth remembering include :

i) China rise to dominance will fizzle out because of it’s constant struggle of the richer east cost cities with the inner heartlands. Japan and Turkey rising to be regional powers and Mexico the contender to American’s dominance towards the end of the century.

ii) Aging population and labor shortage will dogged the 1st world countries and eventually the rest of the world. Like computing which took more than half a century for it to be pervasive in our daily lives, robotic technology driven by need will feature more pervasively towards the middle of the century.

There is a cyclical theme to the trends, historical or forecast – the solution that seemed to usher the world/country forward will be shoveling the next trough.

Posted in Book Tidbits | Leave a comment

Managing app.config for different environments

You’ve got your development, test and production environment but does your app.config contain the right configuration for those environments (e.g. for development environment the service endpoint points to your local WcfSvcHost and the database connection string points to your local sql express, while for test environment the service endpoint points to shared service and database servers)?

A couple of months ago, we had this problem where a junior developer at the workplace was checking in his version of app.config. The impact would have been users connecting to a mix of development and production servers. Close calls are sometimes good indication that we shouldn’t procrastinate fixing that known issue any longer, so…..

Basically we needed a way to define app.config for each environment ( build configuration, dev~debug, test~test, prod-release) and we :

  • wanted the process to be efficient, i.e. we don’t want to maintain duplicated configuration, we don’t want the same configuration to appear in debug and release. We wanted to work off a base, and if the app.config for the release build had one different configuration then we’d want to just specify that difference.
  • don’t have to learn or specify a completely different configuration schema

The resource I found here by João Angelo was particular useful for our scenario(a click once WPF solution). The article was about using msbuild’s xml transformation task(XDT) currently packaged together with web projects to transform app.config ( of non-web based solutions ). He has packaged up orchestration of transformation, copying, etc tasks into a target file he saved here.

In the project file,  import the tasks orchestration.

<Import Condition=”‘$(Configuration)’ != ‘Debug'” Project=”$(SolutionDir)\AppConfigTransformation.targets” />

Naturally we took the app.config at the debug build configuration as the base, so the transformation will only happen when the build configuration is not Debug.

There appear to be some issue with using XDT for click once ( something we use ) but João Angelo has apparently provided the fix with the target file.

So far so good, no more mixed up configuration.

(note : Jonathan from work shared this plugin so that we don’t have to muck with the project file manually )

Posted in SwDev.Management | Leave a comment