My wife & I began subscribing to the MetroWest Daily News back in 2002. At the time they published in the afternoons, so it was the paper I read when I’d get home from work in the evening. When we moved from Framingham to Westborough back in 2008, we opted to keep subscribing to the MetroWest even though it’s Framingham-centric paper and there are probably better candidates for local news. As everyone knows, I’m a craft beer geek and always look forward to Norman Miller’s Beer Nut columns on Wednesdays. If you’re reading this and wondering why we subscribe to a physical newspaper in the Internet age, well, I’m not going to convince you why it’s worth it. Suffice it to say we like the routine of knowing there’s morning news in our driveway, and we also enjoy supporting quality reporting by paying that subscription fee. Of course, the subscription fee also funds the delivery of the paper. Which leads me to my story…

We enjoyed reliable delivery service for most of the 8 years we subscribed. Then, a couple months ago, our regular delivery person was replaced. It’s still unclear to me whether it was just a new person from the existing delivery service or an entirely new delivery service. Apparently the MetroWest Daily News farms the delivery part out to a 3rd party, which I’m sure is much cheaper for them in the long run.  We knew the carrier had changed on that first morning when our newspaper wasn’t there (we later discovered it in our neighbor’s driveway). The next day we didn’t get any paper at all and it wasn’t in our neighbor’s driveway either. In the days that followed we had some days where we got the paper, some where we got the wrong paper, and some with no paper at all. I grew accustomed to calling the MetroWest’s Circulation Dept to report the problem. Within a couple of weeks I had their phone menu options memorized because I had dialed in so frequently (side note- why does one option say “to have your paper REdelivered, press..”? How can a paper be redelivered if it wasn’t delivered in the first place??). It was not going well.

After several days of issues a MetroWest manager called the house to apologize. He gave us his direct dial line to call if we had further issues, and he even called on some days to check and made sure we got the paper. This was the GOOD side of dealing with the problem. Unfortunately there was a BAD side too. The delivery service itself called our house a couple of times. They were rude, abrupt, and apparently suspicious of our motives. On one call they implied that we were inventing the issues (did I miss the announcement that one can use accumulated newspaper credits toward their kids’ college savings plans?). On another day when the service had already “redelivered” the paper because they’d missed the morning delivery, a 2nd driver showed up to give us a 2nd copy. When I politely explained that we’d already gotten the paper, the driver commanded in an annoyed voice “just keep it because I don’t want to have to come back out here.”

I’m guessing we had at least ten days of newspaper delivery issues over the course of 6-8 weeks. We’re

not high-maintenance people, but our patience was wearing thin. Eventually we decided “1 more strike and they’re out”. That final strike happened last week when I went outside and found no MetroWest Daily News. I was tired of calling their circulation desk at least once a week, and I didn’t understand why our service went from excellent to miserable so quickly. I made the final call to the subscription desk to cancel. When the woman I spoke with politely asked why, I made things very clear: “I love your newspaper, your staff has been great to deal with, but your delivery service has been awful lately.” She immediately saw my list of calls and was very sympathetic. A manager is supposed to call us at some point, no doubt to regain our business. At this point I don’t see that happening.

Here’s what I learned from this whole saga:

1. Don’t take excellent service for granted. We always sent tips to our old carrier, but I would have sent more had I realized how much aggravation his reliability saved me.
2. If you outsource any aspect of your business to partners, choose wisely. Partners share as much responsibility for representing your business as your employees do. Chances are your clients/customers won’t make the distinction between a full-time employee and a partner when something goes wrong. More often than not, your business will pay for your partners’ mistakes. If you don’t believe me, just ask the MetroWest Daily News.
3. If you or your company resells or performs a service on behalf of another entity, you should strive to represent them in the best possible light. This will help to differentiate you from other partners. If you end up making a poor impression, you risk costing them money. Go the extra mile and you’ll be recognized and appreciated.

At CoreBlox we’ve been fortunate to be part of some productive strategic partnerships. I think a big part of that success comes from taking the lessons we learn as individual consumers and applying them to our business. This experience with my local newspaper has reminded me that when it comes to partnerships, there’s no substitute for reliability and professionalism.

– Newspaper photo courtesy of DRB62 on Flickr

– Handshake photo courtesy of aroberts on Flickr

Error: No registration on File

I’m one to usually skim through documentation and like to just start installing software, especially when it comes to something that I’m already familiar with. As it turns out, SiteMinder WAM R12 requires additional steps in order to complete the installation and configuration of the Policy Server. After a number of failed attempts, I finally walked through the SiteMinder WAM R12 online documentation and figured that I was missing a few steps so I thought I’d pen it here to save others some trouble.

The title of this blog post pertains to the error you get when you try to launch the SiteMinder R12 Administrative UI and try to log in using the Siteminder user. As it turns out, it basically means that the Admin UI managed to contact the Policy Server and verify that it is allowed (trust) to act as the Admin UI. The Policy Server does a check and finds no trusted relationship between the two and returns the “No registration on File” error.

The normal route to resolve this issue is to run the XPSClient command (see Quick Guide to installing SiteMinder WAM R12) to register the client (this is done on the Policy Server machine). However, if you didn’t install the Policy Server properly, you will run into issues, which will result in the same error message.

A good indicator that your Policy Server is incorrectly configured is to look at the output when running the XPSRegClient command to reg:

As you can see in the output above, the command executed failed to register the client. If you attempt to log in using the SiteMinder Admin UI Client after running this command, you’ll get the “No Registration Found on File” error. This error is also logged in the smps.log file.

SiteMinder 6.x

For those with previous SiteMinder experience, you probably know the general steps in installing a new instance SiteMinder Policy and get the Policy Store up and running in a few minutes. In a nutshell, this were the basic steps:

1. Configure the Schema for the Policy Store
   1. For LDAP stores:    run smldapsetup ldgen & ldmod <schema.ldif>
   2. For SQL:      execute SQL queries with the specific sql files provided in the /db/sql folder
2. Set the super user(siteminder) using smreg to establish the password.
3. Import the base objects in the smpolicy.smdif file with the ‘smobjimport’ command smpolicy.smdif file
4. Restart the Policy Server and verify from the smps.log that SiteMinder has successfully started.
5. You’re done at this point and can launch the SiteMinder Admin UI or if you didn’t opt to configure the SiteMinder UI with an existing web server during the install, you would run the smps-config script.

SiteMinder R12

Here is the new way of installing and configuring the SiteMinder R12 Policy Server

1. Configure the Schema for the Policy Store
   1. For LDAP Stores:
      1. Run smldapsetup ldgen & ldmod <schema.ldif>
      2. Run smldapsetup ldmod /xps/db/<ldap directory type.ldif> <- This is NEW & a REQUIRED step.
         1. IMPORTANT: This is the step to extend the current schema to include the XPS objects.
         2. NOTE: For some directories (ADAM, AD), you will need to modify the ldif file to specify the root (eg dc=coreblox,dc=com) or the guid (eg B34F9AA5-C669-48E4-B8CF-DF3F5E9EFD20). The guid replacement is the value of the root of the ADAM directory that contains the cn=Configuration object.
   2. For SQL Stores:
      1. Run the sql query (Oracle/MSSQL) located in the /siteminder/db/SQL directory against the designated database instance.
      2. Run the SQLServer.sql or Oracle.sql script located in the /siteminder/xps/db directory to create the XPS objects. <-This is NEW & a REQUIRED Step.
2. Set the super user(siteminder) using smreg to establish the password.
3. Import the base objects in the smpolicy.smdif file with the ‘smobjimport’ command smpolicy.smdif file
4. Import the SiteMinder Policy Store Data Definitions  <- This is NEW and a REQUIRED step
   1. According to the documentation, the sequence in which you execute the steps are important. It warns that not following the sequence will result in a failure to import other objects.
   2. The executable that is used to run the import is XPSDDInstall its located in the siteminder\bin directory.
   3. The data defintion files are located in the siteminder\xps\dd directory
   4. Here is the sequence that needs to be executed:
      1. XPSDDinstall SmObjects.xdd
      2. XPSDDinstall  EPMObjects.xdd
      3. XPSDDinstall  SecCat.xdd
      4. XPSDDinstall  FssSmObjects.xdd
5. Restart the Policy Server and verify from the smps.log that SiteMinder has successfully started.
6. Proceed to installing the SiteMinder Administration UI component or run the XPSRegClient to register a new SiteMinder UI client if you already have installed the SiteMinder Administration UI client.

Logs:

Example of a successful Client registration:

Here are errors in the smps.log that indicates that you failed to import the XPS objects into the SiteMinder Policy store. See the steps above on how to rectify it

I hope you find this article useful and as usual, please don’t hesitate to let us know if you’ve got any questions, comments or tips!

For those of you who are not aware, R12 allows you to install SiteMinder Administration UI ‘clients’ that can exist on remote servers separate from the Policy Server instance. We’ll be installing everything on the same machine for this tutorial.

Just keep in mind that that you might need to run a client command utility called XPSRegClient to create a trusted relationship between the Administration UI client and the Policy Server when launched for the first time. The most common error that you’ll get is the “no registration on file” message when attempting to log into the Administration UI. See the ‘tips’ section for when you need to run this utility.

The goal of this mini-tutorial is to guide you through how to set up SiteMinder in a Windows environment using ADAM as a policy store (you should be able to use any other supported policy stores) and using built-in application server that ships with the installer – all on the same machine. This is especially useful for those that do not have time to comb through the installer guide.

NOTE: This tutorial should be applicable to the other installers available for Solaris, Linux, HP-UX and AIX.

1. Make sure you have JRE/JDK 1.5 (I’d recommend the most recent JRE/JDK 1.5 version to stay on the safe side) installed on the system that you are about to install SiteMinder on. This is a requirement for the SiteMinder Policy Server.

2. Go to http://support.ca.com and download the following installers:

a. CA SiteMinder Policy Server r12.0 SP2 for Windows-32-(ESD only)

b. Administrative UI Prerequisite Installer for Windows-32-(ESD only)

c. CA SiteMinder Administrative UI r12.0 SP2 for Windows-32-(ESD Only)

3. Configure a new ADAM instance (follow steps 1 through 4 in the Configuring ADAM as a SiteMinder Policy Store guide)

4. Unzip the CA SiteMinder Policy Server r12.0 SP2 for Windows-32 installer and run it.

5. Install SiteMinder R12 SP2. The installation should be straightforward.

a. Just make sure you choose the option to initialize the instance.

b. In the “Create SM Key Database”, it wouldn’t hurt to choose to import the default CA certificates (Certificate Authority).

6. Unzip the Administrative UI Prerequisite Installer for Windows-32 and CA SiteMinder Administrative UI r12.0 SP2 for Windows-32 installer into the same directory.

NOTE: This is important because the Administrative UI prerequisite installer requires the layout.properties file from the Administrative UI installer and if it does not find it, it will abort the installation by indicating that it was unable to find the layout.properties file.

7. Run the adminui-pre-req-12.0-sp2-win32.exe installer.

8. The only options you’ll have to specify is the location of the installation and the server and port number for the Administrative UI to exist on.

9. Once you’ve completed, the prerequisite installer will kick off the ca-adminui-12.0sp2-win32.exe installer automatically. If not, run it.

10. There is no additional configuration parameters to be entered during this install and might take a while to install as it compiles and configures the UI components on the application server.

11. Once completed, the installer will attempt to launch a browser and display the SiteMinder Administrative login:

Note: Under the covers, this step starts the application server and registers the SiteMinder Administration UI with the Policy Server.

12. Use SiteMinder as the username and enter the super-user password that you specified during the SiteMinder Policy server installation. Leave the ‘server’ blank as it will default to using the local server and port (unless you have specified otherwise)

13. And you’re done! You should be able to proceed with importing your SiteMinder 6.x policies and viewing them in the new Administration UI.

Tips:

If the time difference between the time you installed the Policy Server and the time you installed the Administration UI is greater than 24 hours, you might need to run the following command if you see this error when trying to login to the Administration UI for the first time:

c:\CA\Siteminder\bin>XPSRegClient siteminder -adminui-setup -t 1440 -r 5 -cp -l c:/logs/ -e c:/logs/error.log –vT

• (run XPSRegClient.exe without any parameters to get the catalog of option).

• The parameter ‘siteminder’ refers directly to the super-user

• You’ll be prompted to enter a passphrase, use the super-user password

This step is necessary to create a trusted relationship between the client and the policy server.

-Team CoreBlox

[photo credit: optical_illusion @ Flickr]

Are you interested? Do you know someone else who might be? Please help us spread the word via Facebook, LinkedIn, Twitter, good ol’ fashioned e-mail, or word of mouth! No recruiters please.

Today we are pleased to announce the launch of our new website.  For those curious as to why we redesigned our site, here are a few reasons:

• We wanted a cleaner, easier-to-use site
• We wanted to change the focus to reflect what we have been spending most of our time working on (professional services, social/community sites, etc.)
• We wanted to convey a small company vibe and inject our personality into the site
• We wanted to showcase the clients and partners we work with, some of which are Fortune 500 companies
• We wanted to integrate our use of Twitter

I don’t think anyone would disagree that our current class website needs some work. It was released within a year of our graduation, and it hasn’t really changed since then. Our class notes are grossly outdated and our events page still lists info about our 5-Year Reunion. About the only reason I have to visit this page is to pay my dues online, and even the links from that page are outdated since they show dues at $5 cheaper than what they should be.

Obviously the web has evolved since our class site was released in the mid-90’s. That’s why the thought of a redesign for this sites makes so little sense to me. A traditional static “web page” for a site that’s meant to help our class maintain personal relationships just isn’t going to cut it. What drives users to make repeat visits to a web site? Fresh content. Who better to provide content to a college alumni class than the community members themselves? That’s why I believe this redesign is crying out for a social network. And that’s why I’m going to suggest Ning.

I first heard of Ning when they began to get coverage on TechCrunch. In case you haven’t heard, Ning allows you to create your own social network. For free. Were you going to hire developers to build your own social network from scratch? If so, call and cancel. You can have your own mini-Facebook up and running in minutes, complete with custom branding, widgets from other sites, member profiles, events, groups, discussion forums, photos, videos, and probably 10 other things I’m forgetting. If you’re unhappy with the “out-of-the-box” look & feel options that Ning gives you, you can pay those same developers to customize it. Or do it yourself. Trust me, it’s not that hard.

With Ning, the Dartmouth Class of ‘96 could:

• Give each member his/her own custom profile page to keep classmates up to date on what’s going on in their lives
• Convert the class newsletter to blog format
• Allow posting of videos & photos
• Publicize alumni events and any interesting tidbits from the college calendar
• Create custom pages that link out to related college sites and PayPal for dues collection
• Encourage class-related conversations via the discussion forums (this would have been a great way to debate the recent controversial trustee election)
• Create groups to focus on specific interests or geographic regions

The possibilities are virtually endless, and the best part is that all of the items I just described are available out-of-the-box with Ning. This way, the class officers can focus energy and budget on encouraging participation rather than driving technology projects.

Oh- I saved the best part for last: Ning works on the iPhone! This is a great way to counter that feeling you get when you look at your newsletter and realize you graduated before anyone had heard of Google, YouTube, or Twitter. Thanks to Ning you can flash your iPhone and show younger classmates that despite your advanced age, your class is still up with technology.

OK, I’ll stop pitching Ning to you now. Hopefully the points I’ve made here will be enough to convince my classmates that this is the right move for us. Big thanks to Twitter user @kfred85 for inspiring me to write this up.

By the way- if you’ve used Ning to create a social network for an alumni site or any other purpose, we’d love to hear about it in the comments!

We landed in Denver on Wednesday and headed to Estes Park after having a quick bite and picking up our baggage and rental car.  The car was a mini van, but it wound up being OK.  We just left it a little further away when parking and pretended to be in a different vehicle.  Wednesday night we went to dinner at the Rock Inn Mountain Tavern.  It was a nice meal and we had fairly good service.  The place is definitely a hangout spot for the locals which is always a good sign about the quality of a place.  We also walked around Estes Park to explore a little and went grocery shopping for our daily meals.  For some reason everyone seemed very perturbed by my desire to walk down each aisle to get ideas for what we needed.  Overall, we got a good selection of stuff and then headed back to the house.

Thursday morning we went for a ride with Sombrero Ranch.  It was a nice ride up into the hills behind the ranch.  We saw some great views of the mountains and some of us could make out what was called Beaver Rock.  To me it just looked like a rock, though.  After the ride we headed into Estes Park for lunch and had great burgers at Penelope’s.  Afterwards we headed back to the house to talk about company planning and next steps.  We went to dinner at Mary’s Lake Lodge which was very nice.  The dinner was excellent.  That evening we had a nice campfire while smoking cigars.  Next time we have to remember the marshmallows.

Friday morning we had a little bit of a later start.  After spending the morning continuing our company conversations, we headed out to Boulder to explore the town and have dinner.  The walk around Boulder was nice and we were able to do some good shopping damage.  We met up for dinner at Sunflower restaurant.  The dinner and service was excellent.  Afterwards we met up with several friends and then headed back to Estes Park for our ping pong tournament.

Saturday we headed into the park for a nice hike up to Emerald Lake.  We saw quite a few great scenes which were breathless not only for their beauty, but also for the lack of oxygen for us non-mountain folk.  After the hike we had a nice picnic at Hollowell Park.  We headed back to the house for some rest and then out to Estes Park for a walk around town to pick up stuff for our BBQ and one last walk around town.  That evening we had a nice BBQ and then after more ping pong relaxed in the hot tub.

Sunday morning, we headed back to the airport and back home.  Overall it was a great trip.  It was perfect timing for a company excursion and was definitely filled with excitement.  We could really call this the trip of firsts.  It was the first CoreBlox offsite, first time for many to Colorado and Rocky Mountain National Park, the first time for some on horseback and even the first time one person ate duck.  I already can’t wait for the 2009 offsite.

Thanks everyone for taking the time to have this adventure.

Todd

Normally I would end that last paragraph with “And the rest is history…”, but it’s important to recognize a major component that has allowed our start-up to defy the odds and celebrate three years as a self-funded business: SiteMinder. There’s no doubt that having a strong, smart, versatile team has been a key to our success, but it would be difficult to pursue our Web 2.0 initiatives (such as our I Have Kids app which is up to 60,000 users!) if we were unable to find consistent sources of revenue to fund them. Our team’s SiteMinder expertise has allowed us to establish ourselves as a boutique firm in a niche market, and it has opened doors in other spaces such as directory virtualization and SAML/federation. In a down economy, IAM spending has remained strong enough to provide us with the engagements we need to drive our business forward:

“… the number of organizations planning to roll out identity and access management solutions in the next 12 to 18 months increased 11 [percentage points], moving from 49 percent in 2006 to 60 percent in 2008.“

As with any product or service that one works with on a daily basis, it’s easy to focus on gaps and frustrations. Sometimes we need to step back and recognize that what makes the solution complex leads to the opportunities that those who know it well can enjoy.

So on behalf of the entire CoreBlox team, I’d like to offer a sincere THANK YOU to SiteMinder. May you continue to send great opportunities and clients our way!