Tuesday, November 29, 2011

Making your Apache Web Server more secure

I just wanted to post a few tips that you can use on your Apache 2.2 web server to help make your server a little more secure.  This isn't a list of every security measure you can take but, just a few tips.

One of the first things you should do to secure your Apache installation is to configure Apache file permissions.  This will help mitigate access to primary systems if someone is able to hack into your server through Apache. You can do this by performing the following steps (there are a few, fair warning):
  1. After Apache Web server has been installed open the "Computer Management" console by doing the following:
    1. Click on "Start"
    2. Go to "Administrative Tools"
    3. Click on "Computer Management"
  2. In the "Computer Management" window, expand the "Local Users and Groups" section.  Click on "Users" to see a list of the current users for your system.
  3. Right-click on "Users" and select the "New User" option.
  4. Enter the following information for the new user:
    1. User name
      1. apacheservice
    2. Password
      1. adminpw123 <put something secure here>
    3. Confirm Password
      1. adminpw123 <reminder, change this to something secure>
    4. Clear the "User must change password" check box
    5. Select the "User cannot change password" check box
    6. Select the "Password never expires" check box
  5. Click the "Create" button and then click "Close" to close the "New User" dialog.
  6. Right-click the "apacheservice" user you just created and select "Properties". Click the "Member Of" tab.
  7. Make sure the "apacheservice" user is a "Member Of" the "Users" group.  Click "Cancel" to close the properties window.
  8. Exit out of the "Computer Management" console.
  9. Open the "Services" console by doing the following:
    1. Click on "Start"
    2. Go to "Administrative Tools"
    3. Click on "Services"
  10. Right-click the "Apache2" service and select "Stop".
  11. Open Windows Explorer (not Internet Explorer) and navigate to the following:
    1. C:\Program Files\Apache Software Foundation\Apache2.2
  12. Right-click the "Apache2.2" folder, select "Properties" and then select the "Security" tab.
  13. Make sure that only READ and EXECUTE permissions are granted to the Users group.
  14. No changes should be necessary so just click "Cancel".
  15. Using Windows Explorer, review the permissions for the following:
    1. C:\Program Files\Apache Software Foundation\Apache2.2\logs
  16. Now, we do want to change permissions on the "logs" directory.  To do that do the following:
    1. In the logs Properties dialog's Security tab, click the "Advanced" button.
    2. Clear the "Allow inheritable permissions from the parent" check box.
    3. Click "Remove" in the security window.
    4. Select the "Replace permissions on all child objects" check box and click the "Add" button.
    5. In the "Enter the object name to select" field, type the username "administrator" and click OK.
    6. Under "Allow", select the check box for "Full Control" and click OK.
    7. Click the "Add" button again and in the "Enter the object name to select" field, type the username "apacheservice" and click OK.
    8. Select the following check boxes under Allow:
      1. List Folder/Read Data
      2. Read Attributes
      3. Read Extended Attributes
      4. Create Files/Write Data
      5. Create Folder/Append Data
      6. Write Attributes
      7. Write Extended Attributes
      8. Read Permissions
    9. Click OK when done.
  17. Click OK to close the "Advanced Security Settings" window and again, click OK when asked to continue.
  18. If you check permissions for the "apacheservice" user in the logs Properties dialog's Security tab, you will find we should now have read / write access only.
  19. Click OK to exit out of the logs Properties window.
  20. Now view the security permissions of your web root.  By default, this is the "htdocs" folder found under your Apache2.2 installation.
  21. Click the "Advanced" button under the "Security" tab.
  22. In the "Advanced Security Settings" dialog, clear the "Allow inheritable permissions from the parent" check box.
  23. Click "Copy" in the security window.
  24. Click the OK button to dismiss the Advanced Security Settings.
  25. Select the "Users" group and click Remove.
  26. Select the "SYSTEM" group and click Remove.
  27. Click the Add button and in the "Enter the object name to select" field type the username "apacheservice" and click OK.
  28. In the "Permissions for apacheservice" section, change the permission to Allow Read and Deny Write. Clear any other check box that may be selected.
  29. Click OK to close "WebRootFolder Properties" and click Yes when asked to continue.
    1. Those last steps will ensure that the "apacheservice" user will only ever be able to read, never write, to the root Web document folder.
  30. Switch back to the Services console, or open it again by select Start -> Administrative Tools -> Services.
  31. Right-click the "Apache2" service and select "Properties".
  32. In the properties window, select the "Log On" tab and perform the following steps:
    1. Select the "This account" radio button and type the user name "apacheservice".
    2. Enter the password and confirm the password for the account.
    3. Click the "Apply" button.
      1. You should see a message indicating the account has been granted the "Log On As A Service" right.  This is fine, click OK to dismiss.
    4. Click OK to close the Apache2 properties window.
    5. Right-click the "Apache2" service in the Services console and select "Start".
      1. If you see an error when restarting Apache, then there is a problem with the permissions of the apacheservice user.  Verify your steps by checking permissions (see the instructions leading up to this step).
  33. The last step is simple... When the server comes back up just surf to the URL and ensure it is working.

Now, lets add a few tweaks to our server config file. In the "httpd.conf" file that is located in the "conf" directory of your server you can add the following:
# Controls who can get stuff from this server.
    order deny,allow
    allow from {%}
    deny from all
This configuration is added under your <Directory> for your document root. Replace the {%} token above with any IP address or IP block.  For example you can use the site County IP Blocks to generate a block of IP addresses only from a particular country (such as the USA).  Anyone coming from an IP address not in your block would be denied access.  Or you can do the following...
allow from
...to ensure only local access to the Web server.
# Limit to POST and GET commands only.
<LimitExcept POST GET>
    Require valid-user
This should also be added under your <Directory> root. This configuration will prevent other un-secure commands from being accessed by a user.  POST and GET are really all you should be allowing on your Web server anyway.
# Hide server details from the HTTP response header
ServerSignature off
ServerTokens prod
This configuration (added at the end of your conf file) hides detailed server information from your HTTP response headers (such as Apache version) from potential attackers.  Attackers use information like that to coordinate attacks on your server.

And, of course you should always follow the security tips provided by Apache.  Those can be located here:


I hope some of these tips can help you to make sure your Web Server is more secure.  I will likely post more in the future and will also try to include application servers (Tomcat) and even IIS.

Tuesday, November 1, 2011

Dish Network Customer Service Complaint

I wanted to share this email which I have sent to the executivecustomerservice@DishNetwork.com.  It details a horrible customer service (if that is what you call it) experience my wife and I shared in our attempt to cancel service with Dish Network.  I am still waiting for a reply.

To whom it may concern -

My wife and I had a very distasteful experience with what is being called Customer Service at Dish Network.  This began when my wife contacted your Customer Service staff on Wednesday, October 19th, 2011 between 8:00am and 8:30am.  She was informed that our contract with you ended on December 4th, 2011 which was 45 days from the date she called.  The lady she spoke with informed her that it would be a $10.00 fee if we broke contract early between the time of the phone call and before December 5th.

We discussed it and made the decision to break contract early.  This was simply for economic reasons and we had actually intended on re-evaluating in 3 to 6 months.  If at that time we were capable, we planned on entertaining the idea of reconnecting with Dish since we had had nothing but good experiences with the company.

However, upon contacting Customer Service on Sunday, October 30th, 2011 we were told that the amount was actually $10.00 if within one month of cancellation.  If two months, it was actually $30.00.  And, conveniently enough your staff did not document in their call logs about our prior call in.  My wife asked to speak with a manager at this point, as the representative was not willing to deduct $20.00 from the cancellation fee.

This manager informed my wife that the pricing was actually $15.00 for one month and $30.00 for two.  So at this point, we had received our third set of amounts.  My wife again was told that the pricing couldn't be adjusted to honor the first amount we had been told.  At this point she again escalated to the next tier of support. Another manager.

This manager informed her that the amount is prorated $15 for each month of contract time you have left.  So again, $15.00 for the first month and $30 for the second.  At this point I got on the phone and expressed my disgust at how your company was handling our desire to cancel.  Even though we only had less than 4 days before we were inside the one month window (which your team didn't even suggest us wait for 4 days), your management and service staff was unwilling to budge on a mere $20.00 fee.

And to make matters worse, I was told that I would have to pay for shipping the equipment back.  And that this was an additional $15.00 fee if we use your label that is shipped with the return kit.  Again, it wasn't even suggested to us that maybe one of your Dish installers could swing by and just pick the equipment up should they be out in this area.  Or that I could drop the equipment off myself at one of your  locations.

So, you all seem to be perfectly content with throwing away 2 years of customer loyalty because of a grand total of $35 ($20 cancellation and $15 shipping).  I even warned the last manager I spoke with that if she did not help us I would never be willing to return to Dish.  If my wife and I decided to again go with a satellite or cable provider we will certainly not chose Dish Network.  I also warned her that I would warn anyone in the future not to trust your company.  Simply because of this incident.  To be honest, I am completely disgusted at how you all have treated not only myself and my wife.

If you want redeem yourselves, even in the littlest bit, I would highly recommend that you review this complaint and help to accommodate my wife and I.  Beyond that, I would expect that you inform your call centers and customer service staff that the philosophy of not honoring what you tell your customer is unacceptable.

Wednesday, October 26, 2011

Add custom controls to SharePoint Designer 2010

Haven't posted in a week or so.  So decided it was time to add something.  Lots of idea bouncing while I have been attending a training course on SharePoint Designer.

A question came up during class which was, "How do I add custom controls into SharePoint Designer that I can drag-and-drop like the controls already there?  For example, the ASP.NET controls.".

Here is the answer...

You will need to first copy your DLL and namespace to the SafeControls section of the 'web.config' file.  This will make your control available to SharePoint Designer.  However, an extra step is needed to make the control visible inside the GUI.

You will need to add an attribute to your class file.  Just above your class definition.  The attribute is:

[ToolboxData("<{0}:SomeNewControl runat=\"server\" />"), ToolboxItemFilter("Foo")]

Again, this goes above your class definition.  That is it.  You should now see your custom control inside SharePoint Designer under 'Server Controls'.  And it should work just like the others (drag-and-drop).

Tuesday, October 4, 2011

Migration to SharePoint 2010: Part 3 - Integrating the ASP.NET Web Service into a SharePoint page

In my final posting for this 3-part blog, I will detail the simple steps needed to integrate the ASP.NET Web Service we have worked on into your SharePoint site.

  1. Open Microsoft SharePoint Designer 2010.
  2. Click on Open Site.
  3. Under Site name enter the location to the SharePoint site you wish to connect too.  Click Open.
  4. Under the quick launch area (located to the left of the screen) expand the Site Objects tab.
  5. Click on Data Sources.  The summary area should now show you a list of data sources that are inside SharePoint.  Such as lists, document libraries, etc.
  6. Click on SOAP Service Connection in the ribbon, located at the top of the screen.  You will see the following:

  7. The Service description location is where you will want to put the path to your ASP.NET WSDL.  Should be something like https://localhost/ws-server/MyWebService.asmx?WSDL or whatever you setup.
  8. Click on Connect Now or Reconnect.  You should see your other fields light up.
The rest is pretty self-explanatory.  You can edit your parameters by clicking Modify at the bottom of the screen.  Or you can flag them to be set during runtime.  Under the General tab you can place a name and description to your SOAP service.  I didn't experiment with the Login tab, but it sounds simple enough.

To add this Web Service directly to a page in SharePoint do the following:
  1. Still remaining in SharePoint Designer, click on the Site Pages option under Site Objects.
  2. Add a new ASPX page.  You can add this page by:
    1. Click on the drop-down menu for Page from your ribbon at the top of the screen.
    2. Select ASPX and rename the file.
  3. Right-click on the newly created file from your summary screen.
  4. Select Edit File in Advanced Mode from the context menu.
  5. You will see some code but, what you are interested in is the code between the <form> tags.  Click and place your cursor between those tags.  Or whatever you have setup on the page to meet your needs.
  6. From your ribbon you will want to select the Insert tab.
  7. Under the Data Views & Forms category you will want to select Data View.  This will present you with a list of options.
  8. Scroll down until you find the SOAP service you created under Data Sources earlier.  If everything is successful, you should see a new DataFormWebPart that contains data fed back from the Web Service you just called.  If you get an error you may need to check your logs to determine why.
And that is it.  You have setup your ASP.NET Web Services server, created a Web Service on that server, added that Web Service to SharePoint, and inserted the Web Service directly into a page on the SharePoint site.

Friday, September 30, 2011

Self-Signed Certificate (SSL), SharePoint Designer 2010, and a SOAP Service Connection... Making it work

If you are here you have probably at some point seen the dreaded message...

"The server returned a non-specific error when trying to get data from the data source.  Check the format and content of your query and try again.  If the problem persists, contact the server administrator."

Maybe even specifically whilst attempting to implement a SOAP Service Connection's data view into your ASPX page.  The SOAP service living on a server with SSL enabled and using a self-signed certificate.

Have no fear.  I am going to explain what leads you to this problem and how to correct it.

While setting up my ASP.NET Web Service I had a need to configure localhost to use SSL.  Once this was done I needed to add the service to SharePoint.  In my case, through the SOAP Service Connection GUI located in SharePoint Designer 2010.

The funny thing with Designer is that it attempts to hit the web service through your local machine, but it validates your SSL on the actual SharePoint site (even if you are pointed to a non-local instance of SharePoint).  It does this because of the DataFormWebPart that is being placed in the page.  This paradox hoses up your ability to test the Web Service if you haven't told SharePoint to trust your certificate.

It is really simple to correct this problem.
  1. Export your certificate using the Microsoft Management Console.
    1. Make sure you choose DER Encoded Library X.509 (.CER).
  2. Open your Central Administration site in SharePoint.
  3. Click on the Security heading.
  4. Under General Security you will want to select Manage trust.
  5. Enter the name of your trust relationship and point to the .CER location.
  6. Click OK.
  7. You may or may not need to perform an iisreset.
That is it.  Your Web Service should now work, using SSL, and on your local machine.  You may have to fiddle around with your WSDL url in the Data Sources area of SharePoint Designer.  Try https://localhost and and even try https://yourpcname.  You may also need to include the port (443) on your url.

I hope this helps.

Thursday, September 29, 2011

Migration to SharePoint 2010: Part 2 - ASP.NET Web Service

In continuation of Part 1, the decision was made to create a bridge between our third-party web services and SharePoint due to the native SOAP service connector not being compatible with the WSDL format.

To do this I created an ASP.NET Web Service solution in Visual Studio 2010.
  1. Open Microsoft Visual Studio 2010 (in this case I used VS Professional).
  2. Click on File in the toolbar.
  3. Select New Web Site.
  4. Pick your poison (Visual Basic or C#).  For purposes of what I was working on, I choose C#.
    1. This is where things got interesting.  .NET Framework 4 did not appear to have a ASP.NET Web Service template.  Likely because they expect you to use WCF Service.  I don't know.
  5. Switch to .NET Framework  3.5, if necessary, at the top of the window.
  6. Click on ASP.NET Web Service from the list of templates.
  7. Click on Browse next to your Web location field at the bottom.
  8. Select Local IIS located on the left side of the screen.
    1. A warning here.  When I did this I received the following message:

      I resolved this error message by enabling the Windows feature.  This is how you can enable in Windows 7:
      1. Click on your Start icon.
      2. Select the Control Panel.
      3. Click on the Programs category heading.
      4. Click on Turn Windows Features on or off under the Programs and Features category.
      5. Branch down in the following order: Internet Information Systems => Web Management Tools => IIS 6 Management Compatibility.
      6. Put a check in the box next to IIS Metabase and IIS 6 configuration compatibility.
      7. Click OK.  You may or may not have to restart your machine.
  9. Click on Default Web Site under your list of local web servers.
  10. In my case I needed SSL enabled.  So I selected the option for  Use Secure Sockets Layer. Before you do this though, make sure you have SSL enabled in IIS for localhost.
  11. Click on Create New Web Application.  This is a small icon in the top right of the window.
  12. Enter the name of your web service.  For example, ConversionWebService.  Then click Open.
  13. Click OK.
    1. Another warning.  At this point I got the following message: "ASP.NET 2.0 has not been registered on the Web server. You need to manually configure your Web server for ASP.NET 2.0 in order for your site to run correctly, Press F1 for more details."  To correct this problem I had to revisit the control panel to access Windows features.
      1. Click on your Start icon.
      2. Select the Control Panel.
      3. Click on the Programs category heading.
      4. Click on Turn Windows Features on or off under the Programs and Features category.
      5. Branch down in the following order: Internet Information Systems => World Wide Web Services => Application Development Features.
      6. Put a check in the box next to ASP.NET.  This will also automatically place a check next to other options.  Which is fine.
      7. Click OK.  You may or may not have to restart your machine.
  14. At this point Visual Studio opened up a generic class file called "Service".  Which contains the C# code for managing the Web Service.
    Up to this point I have essentially covered creating the Web Service under IIS.  You can modify this default file or create a new web service.  In my case, I started fresh and removed the generic Service.cs and Service.asmx files.  Keep in mind that my situation may be different then your own.  I am attempting to build a web service proxy.

    So here are the steps I followed to create the new web service:
    1.  In the Solution Explorer pane to the right, right-click your solution name (should look like a URL) and select Add New Item.
    2. Select the Web Service template under your Installed Templates language of choice (again, in my case this is C#).
    3. In the name field, go ahead and name your Web Service.  If you are building the temperature conversion call (from W3C Schools) you could call the Web Service 'Convert.asmx' minus the single quotes.
    4. Place a check in the Place code in separate file box.
    5. Click on Add.
    6. At this point I deleted the original Service.asmx and Service.cs files since I had no plans on using them.
    7. This is where your C# or Visual Basic skills come into play.  The default code includes a Web Service method called HelloWorld().  Include the following code after the HelloWorld() method.  Again, I am doing C#.

      public double FahrenheitToCelsius(double Fahrenheit)
          return ((Fahrenheit - 32) * 5) / 9;
      public double CelsiusToFahrenheit(double Celsius)
          return ((Celsius * 9) / 5) + 32;

    8. Save the file.
    Now we can and should test the web service to make sure it actually works.

    1. In the Solution Explorer pane located to the right, click on your service ASMX file and hit CTRL + F5.  You should see the three operations (CelsiusToFahrenheit, FahrenheitToCelsius, and HelloWorld) at the top of the page that just loaded.
    2. Click on CelsiusToFahrenheit.
    3. In the Celsius field, enter a value (in this case I entered 37).  Then click on Invoke.
    4. If all has gone according to plan, you should see your Fahrenheit value (in my case it was 98.6).
    Sweet.  We now have a Web Service.  Since I am building a type of proxy, where one web service calls another, my code looks much different than what is listed above.  But, you can code the web services to match your situation.

    In my next post, I will go on to describe how I took my Web Service and integrated it into a page on SharePoint 2010.

    Wednesday, September 28, 2011

    How to enable SSL on IIS 7.0 for localhost

    As a developer I have a need to do  this thing called development.  And for me to develop solutions that will one day live on a SSL enabled website, it just makes sense to enable SSL for localhost.

    This walk through will hopefully get someone using IIS 7.0 up and running with SSL.  And IIS 7.0 makes this very easy to do.
    1. Make sure you have IIS 7.0 installed.
    2. Click on Start from your desktop.
    3. Hover over Administrative Tools.  This will present you with some additional options.
    4. Click on Internet Information Services (IIS) Manager.
    5. Under the IIS category, double-click on Server Certificates.
    6. Under the Actions pane on the right-hand side of the screen, click on Create Self-Signed Certificate.
    7. Enter a "friendly name" for the certificate request.  In this case I used 'Localhost' minus the single quotes.  Since I was aiming for https://localhost as my URL.
    8. In the Connections window to the left expand (if not already) in the follow order: Local Computer Name => Sites.
    9. Under Sites heading (in the left pane still) click on Default Web Site.
    10. On the right-side window pane select Bindings.
    11. In the Site Bindings window click Add.
    12. Set the following fields accordingly:
      1. Type => https
      2. IP Address => All Unassigned
      3. Port => 443
      4. Host name => 
      5. SSL certificate => Localhost (or whatever you named it)
    13. Click OK and Close to return to the management screen.
    14. You should now see Browse *:443 (https) in the far right window pane.  Click on it to verify that the binding worked.
      1. You may be warned that it is an "untrusted connection" or a "phishing attempt".  This is just your browser not liking a self-signed certificate.  You can ignore it.  Add https://localhost into your trusted sites to avoid it in the future.
    That is it.  You have now enabled SSL on localhost for IIS 7.0!

    Migration to SharePoint 2010: Part 1 - SOAP Service Connection

    At work we began the path of changing from a PHP and Java shop into a .NET shop.  Specifically migrating over to use SharePoint 2010 for both internal and external facing websites.  A large undertaking for a company that has traditionally avoided .NET.  In other words, an IT staff that doesn't know the framework at all (including myself!).

    Before going any further I should warn you, the reader of this blog post, that at the time of writing this I was the only developer that my company had.  Therefore,  I really had no other team member that I could bounce questions off of in my pursuit to conquer .NET and SharePoint.

    I took the initiative to learn as much as I could as quickly as I could.  Training and books on topics such as ASP.NET, C#, SharePoint 2010, Visual Studio 2010, and so on.  All of that training preparing me for the moment where I would be handed that first official .NET related development project.  That time had come...

    I was assigned a task to connect SharePoint 2010 to a set of WSDL files using SOAP on another server where our billing software resides.  Essentially with two goals from management with a primary objective of confirming this would even work:
    1. Allow a customer to authenticate their account via form submission on a page within SharePoint's publishing portal (public website).  The Web Service should take the username and password, returning a valid or invalid authentication attempt.
    2. Expose data through Web Services into SharePoint lists on our internal (intranet) facing SharePoint site.
    Whether right or wrong I performed the steps listed below.

    The first step I took was to try connecting to these services by using SharePoint's native "SOAP Service Connection" tool under SharePoint Designer's "Data Sources" object.
    1. Open Microsoft SharePoint Designer 2010.
    2. Click on Open Site.
    3. Under Site name enter the location to the SharePoint site you wish to connect too.  Click Open.
    4. Under the quick launch area (located to the left of the screen) expand the Site Objects tab.
    5. Click on Data Sources.  The summary area should now show you a list of data sources that are inside SharePoint.  Such as lists, document libraries, etc.
    6. Click on SOAP Service Connection in the ribbon, located at the top of the screen.  You will see the following:

    7. The Service description location is where you will want to put the path to your WSDL.
      1. A good sample Web Service is http://www.w3schools.com/webservices/tempconvert.asmx?WSDL.
    8. Click on Connect Now or Reconnect.  You should see your other fields light up.
    The rest is pretty self-explanatory.  You can edit your parameters by clicking Modify at the bottom of the screen.  Or you can flag them to be set during runtime.  Under the General tab you can place a name and description to your SOAP service.  I didn't experiment with the Login tab, but it sounds simple enough.

    To test the Web Service and make sure all is well I had to get creative.  Keeping in mind I am new to SharePoint Designer and the such.
    1. Still remaining in SharePoint Designer, click on the Site Pages option under Site Objects.
    2. Add a new ASPX page.  Call it something like WSTest.aspx or whatever is easy to distinguish it from the rest of your SharePoint site.  You can add this page by:
      1. Click on the drop-down menu for Page from your ribbon at the top of the screen.
      2. Select ASPX and rename the file.
    3. Right-click on the newly created file from your summary screen.
    4. Select Edit File in Advanced Mode from the context menu.
    5. You will see some code but, what you are interested in is the code between the <form> tags.  Click and place your cursor between those tags.
    6. From your ribbon you will want to select the Insert tab.
    7. Under the Data Views & Forms category you will want to select Data View.  This will present you with a list of options.
    8. Scroll down until you find the SOAP service you created under Data Sources earlier.  If everything is successful, you should see a new DataFormWebPart that contains data fed back from the Web Service you just called.  If you get an error you may need to check your logs to determine why.

    This attempt to connect to the third-party WSDL files was a huge flop though despite my best efforts.

    The first issue lie in the WSDL files themselves.  The vendor for our billing software was using a RPC style rather than a Document style on their generated WSDL files.  Which isn't supported by the type of service connection we were trying to create.

    We worked with the vendor and they upgraded their format to a document format which could be consumed by SharePoint.  Now we are getting somewhere!

    Alas, the victory was short lived.  It appeared that the operation names within the WSDL did not match the input names.
    <wsdl:message name="sampleMessageName">
        <wsdl:part element="impl:sampleMessageName" name="parameters">


    <wsdl:operation name="sampleOperationName">
    When SharePoint was looking for "sampleMessageName" to be "sampleOperationName".  The above is a very crude example.  This caused the request packets to be incompatible with what the vendor was looking for.

    The vendor gave up trying to resolve this and informed us that their Web Services just won't work with SharePoint the way we were attempting too.  If we wanted it to work we would have to customize each WSDL their tool was generating.  And we would have to do it ourselves after they delivered the WSDL files to us.  They wouldn't do it for us.  In short, we were on our own.

    Okay, so back to the drawing board it is.  We wouldn't be able to add a simple "SOAP Service Connection" inside SharePoint Designer.

    I decided that I would now attempt to create a "ASP.NET Web Service" project inside Visual Studio 2010 and use that as a bridge between SharePoint 2010 and the incompatible WSDL files.  I would hit my own web services that would in turn send the correctly formatted packet to our vendor's web services.

    The details of that project will be included in Part 2 of this Migration to SharePoint 2010 series.  More to come, wish me luck...

    Monday, September 26, 2011

    Honda Service Center Review - Harrisonburg, VA

    The below post is a copy of an email sent to the General Manager, the Service Manager, and a Service Adviser for Harrisonburg Honda located in Harrisonburg, VA.  It detailed a horrible customer service experience that my wife and I had over the course of a few years in dealing with that dealership.  I wanted to share it here so others could be warned to steer clear of that dealership.

    I also have listed here the files that were attached to the email as evidence of the experience.

    Diagnostic - 09082011.pdf
    IMA Warranty - 09202011.pdf
    Invoice - 06112009.pdf
    Invoice - 09202011.pdf
    Invoice - 12282010.pdf
    Product Update - ECM Update (Sept 2011).pdf
    Warranty Extension - Oxygen Sensors (Sept 2011).pdf


    Good Morning Mr. Horne -

    This email is to first and foremost inform you of the horrible service that my wife and I have received while having our vehicle serviced at your service center.  This level of service has occurred multiple times in our dealing with your team.  And I have taken notice of other upset customer reviews spread across the internet that directly mention your team.  I must also inform you that I am in no way looking for any type of reimbursement or compensation due to this lack of service.  I simply want for you and Honda to be aware of this terrible service being provided.

    I also wish for you to know that I will be, in fact, printing out this message and all corresponding paperwork (attached) to send to American Honda via certified mail.  This way the Honda corporation is also aware of the happenings in your service department.

    Around June of 2006 our Civic's engine light came on which prompted us to bring the vehicle in to your service center to have it diagnosed.  At the time the vehicle was still fully covered under warranty.  We were, however, told that if the diagnostic and visual inspection revealed that physical damage due to our negligence was the cause of the error, that my wife and I would be responsible not only for the repairs but also a charge for the diagnostic.

    Regardless of the potential charge, we requested the diagnostic ran.  It was revealed that an error code of P2000 came up.  We were told that the catalytic convertor would need to be completely replaced and we would not be charged.  As it was covered under warranty.  We had the convertor replaced on June 11th, 2009.

    Roughly a year and a half later the engine light came on again.  This prompted us to again bring the vehicle in to the service center to be diagnosed at a cost of roughly $60 as we were told that we were no longer under warranty.

    Much to my surprise, the error code came up as P2000 again.  This time, I was told that I would have to pay for parts and labor for the convertor to be replaced.  Parts alone a little over $1200.

    I asked that an emissions test be performed but, I was told that they do not perform that kind of test to confirm or deny if the convertor is actually the problem.  I debated with Doug Meadows, a technical adviser, about the validity of the sensor reading.  Stating that I felt the sensor or computer might be the issue.  I did not feel a newly (1 1/2 years) installed convertor could go bad that quickly.  I was also told there was no warranty on the convertor itself.

    I was told to discuss this further with Larry Trainer, your service manager, to see if I could make any special arrangements as I was only 2 weeks over the warranty expiration date on the vehicle.  I was told, after calling him, that he would discount $200 but couldn't do anything else.  And the same story regarding reading sensor output only and no emissions testing.

    My wife and I discussed the matter in private and decided that the readings were likely wrong.  At that point I monitored, over the course of another year, the emissions myself.  And also monitored my MPG.  Neither of which indicated a catalytic convertor malfunction.

    Imagine my surprise when I received a letter from Honda in September of 2011 indicating an ECM update to improve issues related to... you guessed it... error code P2000.  And that I would reimbursed if I had previously paid to have the catalytic convertor replaced.

    I will be, shortly after mailing this to Honda, submitting to be reimbursed for the $60 diagnostic charge.  This leads me to my next experience with your service center staff and their inability to listen to the customer.  Who I believe, in my opinion, they treat as always wrong and never right.

    Around September of 2011 the IMA indicator light came on in addition to the engine light.  We decided to avoid your service center by taking the car to an independent mechanic.  They ran their diagnostic (for FREE!) and found that error codes P1600 (malfunctioning IMA) and P1433 (high voltage battery) were the culprits.

    We were informed that the high voltage battery had lost it's charge and needed to be replaced.  They told us that special tools were needed to perform this task which only Honda has.  Therefore we were, in lack of a better term, forced to come back to the dealership.

    I called in and spoke with a person who referred to themselves as Lloyd or Floyd.  They gave me an estimate of $2,400 for the work to be done and told me they could replace my battery at 9:15am on September 15th, 2011.

    I arrived right on time to be told by Doug that they did not order the battery nor have one there at the shop.  I was told that they have to run the diagnostic themselves or they are not allowed to order the battery.  Your service manager, Larry, sitting right behind Doug throughout the entire conversation.

    I told Doug that this was not what I was told over the phone.  He proceeded to tell me that Lloyd or Floyd did not work there.  Now at this point, I really don't care who works there or not.  The person who scheduled me is the one who told me.  So this mysterious employee gave me incorrect information regardless.

    I asked why the second diagnostic, which I have to pay for, was required.  The answer I was told was that American Honda required it for parts to be ordered.  I informed Doug to go ahead with the software update (remember that ECM update I mentioned earlier?).  I signed to have that update done, though I didn't sign anything stating to do the diagnostic yet.

    I then proceeded to go outside and call American Honda.  I was informed over the phone, by a CSR named Tiffany, that the inability to buy parts without a diagnostic is untrue.  She told me that they only require a diagnostic like that in the event warranty work is being requested.

    So with that knowledge and a recommendation from her to speak with the Service Manager I went back inside.  I asked to speak with Larry (remember the guy sitting right behind Doug?).  Larry proceeded to inform me, and I quote, "I don't have time to talk to you, I have six orders to finish up. So?".

    I informed him I would be more than happy to wait in the waiting area until he "had time".  Around an hour and a half later, Larry came into the waiting area.  He didn't say "Mr. Allen..." or "Sorry for the wait..." or anything remotely close to this.  The words out of his mouth were "So, did you need to still speak with me?" in a very impatient tone.  My response was along the lines of "Yes, but not out here.".

    It was at this point that we contacted American Honda on the phone in Larry's office.  He argued with them on the phone regarding a bulletin he received that contradicted the requirements of a diagnostic for parts.  After some time debating I finally gave in and said I just wanted to get this over and to run the diagnostic.

    Again the service center never ceases to amaze me as Larry comes back into the office and told me that they had already run it because I approved it.  I am sure if you pull your records you'll see a signature for the ECM update but, not for a the diagnostic.  I argued with him about that too!

    I gave up and asked out of curiosity what codes they got.  Yup, P1600 and P1433.  $60 for something I already knew.  So they ordered the battery and rescheduled to come back in on September 20th, 2011 at 9:15am.

    I decided before leaving I better inquire about the estimate on the repair.  Since our mysterious scheduler quoted me at $2400.  I was told by Larry and Rick Turner (manager in the parts department) that I was looking at a cost of around $5,000+.  Woah!

    So I asked "Well, what are you doing with the spent core?".  And I get a response of "Well, Honda will refurbish it and resell it.".

    After much conversing back and forth, and me arguing about giving the core over from the car as it was.  They found that there is a IMA trade-in program from Honda.  You give over your core for the new one and get a discount.  Seems that Floyd or Lloyd was right, because the price tag was back down to $2,400.

    I gave great thought when I got home to calling, cancelling the order, and taking my business to Staunton or Winchester to avoid the dealership.  I clinched my teeth and trudged through.  I arrived at the scheduled time and gave over the car for the replacement.

    Now, I am sure you are wondering at this point how could this experience get any worse.  Well it does.

    After the work was done I received only an invoice of the work performed.  I asked Doug, "Where is the warranty paperwork for the new battery?".  At which point he tried to convince me that the invoice was the warranty.

    Nice try!

    I told him that he needed to go check and so he went back out into the service area.  At which point he returned with the warranty paper I have attached to this email.

    That is the end of my dealings with your service department.  Again, I am not interested in any type of reimbursement or compensation for the awful experience I have had to endure dealing with your service team.

    One would only hope that you will find a suitable action for your service department to let them know that behavior such as this is in no shape or form a reflection of good customer service.  This is likely the reason you get an "F" rating from the Better Business Bureau.  You can see for yourself at http://www.bbb.org/western-virginia/business-reviews/auto-dealers-new-cars/harrisonburg-honda-in-harrisonburg-va-3255/.  I promise to you that your service department will be the sole reason for my not purchasing another Honda.  I will also, by word of mouth and posting of reviews on the web, never encourage anyone to purchase from Honda because of this as well.

    I have decided in closing of this email that I would go ahead and post some other customer reviews floating around the web.  Particularly the ones detailing your service department.

    Some other reviews:

    Nick F wrote: http://www.yelp.com/biz/harrisonburg-honda-harrisonburg
    I had the worst experience at a dealer/shop ever here.  I had just moved to the area, and needed to get a recall performed on my Honda.  I called the dealership(the only place that can do the recall within an hour away) and tell them the problem with the car and that it was the recalled part(ignition switch) that was the problem and i needed the recall performed.
    The service writer(i guess this is the name of the position) that dealt with me on the phone immediately questioned if I knew what I was talking about and had a slight attitude.  I immediately informed him of the symptoms and what the symptoms of the recalled part were and that they matched.  He accepted what I told him, but I could tell he didn't have much faith in what I had to say.  I should have knew it was going to be a rough REQUIRED RECALL REPAIR from this point.

    I brought the car in as scheduled, dropped it off after hours and wrote a short note saying "RECALL REPAIR, ignition switch" then quickly listed the symptoms and that these were the exact symptoms of the faulty recalled ignition switch.

    I get a call the following day saying it was not the ignition switch that was bad, but something else, that happened to cost $500 to fix.  I told them no way, but then they said since it wasnt a recall that was the issue, that I owed a "diagnostic fee" of $40.  I was a little stunned, but I figured they must be right, they are the dealership, so I paid via credit over the phone.  My mistake.

    I called back 5 minutes later and said that regardless if they think the problem was the recalled part or not, they needed to do the recall, after all it is a SAFETY recall, and they are required to do it when I specifically request it.  They didn't like me calling back, MISTY SCOTT, the service person I spoke with, was VERY rude, even bitchy at times, and eventually told me "your not getting your money back" and that it wasnt her problem.  I was so pissed.  I called back to speak with a manager and of course I got voice mail.  As I did the next few times I called. Surprise...

    I wound up writing a LONG email to the manager and owner of the dealership.. It has now been 2 months and I have yet to get a response from any of them...

    So long story short, I was "robbed" and had the worst experience of my life there.  Ecspecially from Misty Scott in the service department.

    Hopefully my incident was isolated, otherwise i have no idea how they have any business.
    kwikstix wrote: http://www.dealerrater.com/dealer/Harrisonburg-Honda-review-16393/
    On 5/2/08, I took my 96 Prelude to Harrisonburg Honda (HH) for service on a minor oil leak, AC problem, and inspection. I had diagnosed the AC problem to be a faulty condenser fan switch, which caused the fan not to run. After about an hour, a service rep at HH called. The tech said the condenser fan did run, and the AC problem was due to low refrigerant. I didn't believe this was the case, because I had observed the fan not running, and had refrigerant level tested by a licensed HVAC tech, and the level was normal. (The car has never needed a refrigerant recharge since I’ve owned it.) I declined service on the AC, but still had the car inspected. Just before lunch, I arrived and paid for service. As I approached my car, I heard it hissing. I went back inside and asked
    the Service Manager (Larry) to accompany me. To diagnose the hiss, he called a service tech, who found that pressurized refrigerant was escaping from a hole in the condenser. Larry verbally quoted just over $500 to replace the condenser. I declined the service, told him I would think about it, and left. It occurred to me that there was no mention of the hissing leak or condenser replacement in my service ticket. I drove back to HH and confronted Larry about this. I said the evidence indicated that the hole in the condenser was created while the car was in the care of HH, and asked that the damaged condenser be replaced. He denied liability, and said that I would need to speak with the General Manager (GM), who was not in. I went back to my car and again
    heard the hissing and saw moisture on the frame below the condenser, which was not there when I first heard the hissing, indicating the hole had been punctured not long before I first heard the hissing. I met with the GM on 5/6, and was told that the issue would need to be addressed by the owner, who was out of town until 5/11. As of 5/15, I still had not heard anything, so I called, and was told that the owner had been too busy to review my issue, and that it would be several more
    days. I let them know I intended to contact the BBB, and they hung up on me. Today is 5/29, and I still have not heard anything from anyone.

    Wednesday, September 21, 2011

    Buyer Beware! Hewlett Packard Products and Service...

    This is a review that I wanted to make sure I shared with anyone willing to listen.

    I bought my wife an HP Pavilion DV6809wm NoteBook on December 9th, of 2008.  While the laptop was reliable for a time, the reality of this horrible company and its products quickly sank in May of 2011.

    The laptop has a known issue by the manufacturer where the motherboard shorts out specifically in regards to the video card's connection to the board.  The timing is completely random but, the event itself is very well known.  Not only to other consumers (do a search on Google) but, also to HP.  Here are the symptoms for this problem...

    My wife was working on the laptop when it suddenly powered off immediately.  Any attempt from that point forward to power it on resulted in all lights, including the quick buttons, flashing on for only 1 to 2 seconds.  After much frustrating trouble shooting and investigation on the internet, I was able to determine that this is a widely known issue with almost all models of the Pavilion product.  What follows is the service experience of contacting HP.

    To start, we must travel back in time to the dawn of the purchase.  The laptop only comes with a 90-day limited warranty.  So, that being said, HP only backs up the quality of this product about 3 months.  At this point I know, as the consumer, I should have probably done a few things different.  Such as thrown a red flag at the warranty length as an indicator of the product quality and service.  Or, purchased an extended warranty.  But, that is neither here nor there.  The tale must continue.

    My wife first attempted to contact HP through their support number 800-474-6836.  After waiting a lengthy amount of time on hold, she spoke with a non-technical representative.  Explaining the problem to the phone representative, she was told it would be a minimum charge of $50.00 just to talk to a technical support representative.

    It was at this point that I spoke with the representative myself.  I explained that this is a known problem with these laptops and we were simply looking for an answer: Can it be fixed? If so, how much does it cost and do we send it to HP?  I did, and still don't, feel that you should not have to pay for an answer to such questions.

    It was at this point that I was placed on hold for around 50 minutes before a click and the hold music died.  At which point I was hung up on.  I then took it upon myself to detail the entire situation and email it Executive Office contact form found on HP's site.

    A very helpful woman put me in direct contact with a Case Manager on the escalations team.  Free-of-charge!  Here is the conversation that developed.

    My name is Wallace and I am a Case Manager on the Hewlett Packard AMS TCO Escalations team responding to your request to speak to someone concerning your recent Hewlett Packard support event.  I just tried calling the phone number listed in your customer record (***) ***-**** and unfortunately was unable to reach you.  I will make several additional attempts to contact you via phone over the next 3 days.
    Please feel free to respond to this message to provide a better contact number, to let me know the best time to reach you, or to provide additional information about your issue.  Please do not change the subject in the subject line so I can locate your e-mail quickly.
    You may call me at 1-877-917-4380 Extension # 93  You may ask for me by name, if I am not available, the Case Manager taking your call will work with you to resolve your issue.
    Our office hours are Monday - Friday 7:00 AM – 10:00 PM Central time.
    Please keep this message as a reference so you will know how to reach us as we work to resolve your case.
    Your case # is: **********
    Thank you,
    Wallace R
    HP Case Manager
    HP AMS TCO Escalations TeamTel: 1-877-917-4380 ext. 93

    At this point I replied with the following:

    Good Afternoon Wallace -

    I am sorry that I was unable to accept your call.  I am typically unavailable from 8:00am through 5:30-6:00pm EST.  So you can reach me anytime after that time.  I am not sure how much of the details you have been given regarding our particular issue.  So you may or may not be able to provide me some further details without even having to call.

    My wife's laptop, which is a Pavilion DV6809, started experiencing the exact same symptoms listed in the following link:


    She currently gets a blue indicator on her power input.  If she hits the power button or the quick start button her LED lights throughout come on for about 1 second.  Then shut off immediately.  This problem is reported numerously through out the internet and we are just trying to get some assistance in figuring out if...

    1. ...she needs a new laptop due to a faulty motherboard or some expensive component.
    2. ...this is something can be reset or corrected simply by performing some troubleshooting steps provided by HP or a parts manufactorer.
    3. ...she can send the laptop in to be repaired.
    Please feel free to contact me either here on email or anytime after 5:30pm EST.  Thank you again.

    And the reply I received was as follows (not during the times I listed in the previous message):

    I attempted to reach you today, My name is Jaime, I work 1:30 until 10pm EST. I have reviewed the email you sent to Wallace as well as the account, at this time we can offer a repair for the notebook at a cost as it is out of warranty. If you would like to discuss the option feel free to call me at 877-917-4380 Ext 93, case number 7501955506 or by repling to this email.
    Jaime S
    Case Manager
    Hours: 1:30pm-10:00pm M-F EST
    Phone #: 877-917-4380 ext 93

    And I again replied with the following:

    Good Morning Jaime -

    Before I commit to sending the laptop in for repairs (at a cost) I would like to see if you can answer some questions for me first.

    1. This issue I am having with my wife's laptop, is it a known issue that you all have to take certain measures to correct?  In other words, do you have other cases similar to this which have been successfully repaired in the past?
      • If so, what was the ultimate solution (video card replaced, mobo replaced, etc)?
    2. What will the repair costs be?

    Thank you all again for your assistance.

    Which at last I was replied too with the following:

    From what you have stated about the issue, we may be looking at the Motherboard to be replaces, which would also include the video card. Unfortunately I have not had this exact issue with this notebook before but with the repair there should be no issues after repair, you will get a 90 re-repair warranty if the issue comes back up, where we can have the notebook back in for repair with no additional cost as long as there is no physical damage to it with in the 90 days.
    This notebook, the regular cost for a motherboard replacement would be $329.00 plus your local taxes, I can discount that by 100.00 making it $229.00 plus taxes.

    To me, as a consumer and also an experienced provider of products + customer service, this is a horrible company.  I have in the past championed HP, Compaq, and even Palm products but, no longer.

    An automobile company will issue a recall notice on faulty products but, this does not apply to HP.  Most laptop companies give a 1 and even sometimes up to 3 year warranty on their products.  Not HP.  And most will not make you pay just to talk to a human about your problem.  Not HP.

    I personally will no longer purchase any products from that company and, I would recommend that each of you reading this note also do the same.  Or, at the very least make sure you read and purchase extended warranties on their products.  Do your homework so you can prevent a situation like this from happening to you.