Tip: When working with the MovableType (Movable Type) dashboard, be sure to enable the “compatibility” mode in IE9. Otherwise several dialogs won’t work. It’s just another joy of working with IE9.

SMTPAuth (Settings panel does not appear)

A developer asked a question on MSDN that was similar to a question a few days earlier so I decided to help folks get over the problems of setting report parameters in ReportViewer projects.

For those of you that don’t use Facebook to follow the Microsoft teams, I commented on a Facebook entry from the Denali team that pointed me to their new Denali blurb.

Nine Hours of Fast-Paced Training

Tomorrow (July 12th) I’ll be presenting my monthly webinar. It’s been updated to include more information about SQL Server Reporting Services (R2) and Visual Studio 2010. This high-impact series of six 90-minute webinars held over three mornings (Pacific time from 09:00-12:30) is for anyone who wants to leverage Business Intelligence Development Studio (BIDS), SQL Server and Reporting Services best practices—learning what works, what doesn't and why. These sessions are for developers, architects and managers who want to know how and (more importantly) when to leverage the power and benefits of SQL Server and Reporting Services. The fee also includes both of my Reporting Services and Visual Studio books.

Incidentally, Progressive does not care how many people sit in on the sessions so you can fill a meeting room or the local theater if you want to. These are also designed to be interactive—that is, I encourage the attendees to chat in questions anytime or ask over the phone at the end.

Want a front-row seat in my next Webinar? If so, I’m accepting applications for the live studio audience. All you need to do is send me an note saying why you would like to attend. I can comfortably sit about four people so get your application in early. Let me worry about the conference $999 fee, but if you bring doughnuts for everyone... I’ll pick the audience the Friday before the next talk.

I was asked to provide a quiz question for the Beyond Relational folks so I came up with this:

What issues are exposed when using SSPI authentication? How does one avoid these issues?

There were lots of answers that almost universally said that using SSPI authentication was the way to go. A number of folks cataloged many of the problems associated with SSPI including having to implement Kerberos when using multiple hops. I’m no fan of Kerberos as it can make a fairly simple client/server or Reporting Services site unmanageable. But everyone missed the point. Consider this scenario:

The question for the month of June seems deceptively easy:

What issues are exposed when using SSPI authentication? How does one avoid these issues?

When I initially wrote this question, I was thinking about SQL Server Reporting Services reports and the data source connections they establish, but the question also applies to applications of all kinds that connect to data sources. As you (should) know, SSPI (or “trusted”) connections use the currently logged in Windows system credentials to pass along to the data source. The trusted approach precludes the need to use hard-coded (or generated) data source-dependent login names and passwords. With SSPI/trusted authentication, if the Windows user has a login account on the target SQL Server (or other data source), the connection is permitted to be (further) authenticated. No, the data source might not authenticate the connection if the user does not have rights on the initial catalog (default database), or if the server is too busy to take on additional connections, but that’s another issue.

• The question is, do you know what issues are exposed when you use this trusted connection approach?
• What are the alternatives and why should they be considered?
• What are the downsides to these alternatives?

Want a hint? Check out Chapter 9 of my 7th Edition.

Note that you are not permitted to post answers to this question until June 1st. 2011.

Bill Vaughn

Postscript:

So, it seems that most responders to this question think that SSPI is the way to go. Here is another hint: Consider that SQL Server permits an application to submit any number of TSQL operations in a single query.

Well, it’s official. Microsoft has abandoned another mainstream product with no replacement. When I installed the new IE9 I discovered that SharedView no longer worked. I quickly uninstalled IE9 and submitted a Connect bug and asked my MVP lead to check out what’s going on. He got back to me today with the grim news: “Microsoft SharedView is no longer supported by Microsoft.”

http://social.microsoft.com/Forums/en-US/sharedviewbetahelp/threads

This is pretty sad. I leaves me and many other trainers and support professionals in the lurch. Now I have to find a suitable (non-Microsoft) replacement, test it and learn how to use it as well as update my course materials. I expect this is not nearly as expensive as the costs incurred by others that depend on SharedView on a daily basis.

Why is SharedView important? Yes there are other programs that purport to do the same. The SharedView advantage is that it's a MICROSOFT desktop sharing solution. You don't have to convince a customer that this free program is going to do anything but do what it's supposed to do. It's very lightweight, installs in seconds, is virtually pain-free and is brutally simple for each end to use. We have lots of sites where remote desktop is not an option--especially in my webinar classes. Consider that SV lets me view the system while the customer demonstrates a problem. I can take over his mouse and keyboard but only if he lets me and all he needs to do to take control back is move the mouse or press a key. It gave the customers a lot more confidence in their own system's security.

Wonder why the Microsoft stock is flat or falling while other companies continue to grow even in this economy? Now you know.