Sometimes technical, sometimes not, never a kitty

The following error is a new thorn in my side.  It’s showing up in SSIS 2005 packages which are scheduled, but does not happen when I run the packages manually.  I changed the message slightly to remove identifying characteristics.

Executed as user: <MachineName>\SYSTEM. ...n 9.00.3042.00 for 32-bit  Copyright (C) Microsoft Corp 1984-2005. All rights reserved.    Started:  4:00:00 AM  Error: 2008-06-17 04:01:28.67     Code: 0xC001405D     Source: Script Task      Description: A deadlock was detected while trying to lock variables "<comma delimited list>" for read access and variables "<comma delimited list>" for read/write access. A lock cannot be acquired after 16 attempts. The locks timed out.  End Error  Error: 2008-06-17 04:01:28.67     Code: 0x00000005     Source: Script Task      Description: The script files failed to load.  End Error

The SQL DTS Wiki has some talk of the issue:

This error happens when two processes are trying to get a lock on the same variable. It is not a deadlock in the same way as a SQL Server, to use that terminology it is just a blocking scenario. When blocked, the process will have 16 attempts and then fail with this error. Certain problems exacerbate this issue, the obvious being time the locks are held, and write locks over read locks. Several issues have been addressed with the post-SP1 update, KB918222 Cumulative hotfix package (build 2153) for SQL Server 2005. System variables are now only read locked, which makes sense as they are always read-only anyway. If you encounter this problem, try SP1 + KB918222 to start with, then try and look at your package design and minimise locks taken, and minimise parallel processes that use the same variables

(full entry at http://wiki.sqlis.com/default.aspx/SQLISWiki/0xC001404D.html)

The recommendation to install SP1 + hotfix rollup is an issue, since I’ve patched the machine to SP2 already, and am seeing the error.  A contributor to the page offered the following suggestion on her blog:

I eventually realised that the only other place I had added the variable was to to the ReadWriteVariables list in the properties of the Script Component:

…

As soon as I removed this variable name from that field, I was able to get my script component to successfully run.

Full post at http://blog.cybner.com.au/2008/03/ssis-script-component-error-with.html.

There is a script task with ReadWriteVariables, but removing them threw a different error, since the script needs access to the variable.

After picking through the post-SP1 hotfixes, KB918091 seems likely to be the one which resolves this issue.  The error messages are different, but the symptoms are similar:

If you try to run a Microsoft SQL Server 2005 Integration Services (SSIS) package, you may receive an error message that resembles one of the following error messages:

Error message 1

The variable "User::MyVariable" is already on the read list. A variable may only be added once to either the read lock list or the write lock list.

Error message 2

Reading the variable "User::MyVariable" failed with error code 0xC0010009. The expression "@[User::MyVariable]+"\\"+ @[User::MyType]" on property "ServerName" cannot be evaluated. Modify the expression to be valid.

The error messages may be reported in several locations:

• When you try to run an SSIS package by using the dtexec command-prompt utility, the error message may be reported in the console window of the command line.

• When you try to run an SSIS package by using SQL Server Business Intelligence Development Studio, the error message may be reported in the Business Intelligence Development Studio output window.

• When you try to run an SSIS package and you use a log provider to redirect the execution output, the error message is reported in the redirected output.

The list of bugs fixed in SQL Server 2005 SP2 does not include this hotfix, so it’s the next step. 

<update>

Microsoft has a new process for delivering hotfixes.  After completing the process and downloading the file, the following error was thrown when I executed the downloaded file:

“This self-extracting zip file is part of a multidisk zip file.  Pleas insert the last disk of the set.”

I replied to the e-mail with the download link, but the reply bounced back.

<update>

After spending 90 minutes on the phone with Microsoft tech support (thanks Anu for the help!), we determined the original download was corrupted.  They sent me a new link, and I redownloaded the hotfix.  The install started correctly, but the hotfix threw a new error:

06/19/2008 11:58:30.235 ================================================================================
06/19/2008 11:58:30.235 Hotfix package launched
06/19/2008 11:58:32.985 Version level check successful for product instance MSSQLSERVER
06/19/2008 11:58:33.001 This update requires service pack 0. The service pack for product instance MSSQLSERVER is 2. Download the update for service pack 2.

Some more research led us to KB 918222, which does list this bug as being fixed (note that the SP2 list uses KB article, while this list uses bug report numbers).  Take home message from my 90 minutes of MS help is:

Take it for granted if your hotfix is in a previous compilation, it’s in the SP, even if it’s not specifically listed in the Kb article for that SP.  When an SP is rolled out, it includes all hotfixes in the previous SPs and cumulative rollouts.  The KB article for an SP lists only the hotfixes not included in any of the previous compilations. 

The next step is to submit another bug report for my error and do some more debugging with MS.

Continuing story, watch this post for edits.

From the mailbag, in response to Exporting to Excel in Crystal Reports .NET - Perfect Excel Exports

Hi, I was searching in the internet about how to solve a problem I have and found your name in an asp alliance article, I left a post there but I prefer to email you.
The problem is this:
Im developing a project with VS 2005 and Crystal Reports, I need to export two reports to Excel but not in just two different xls files but just one with different sheets, if you know how to help me please

Crystal Reports isn't designed for this.  If you want to easily create Excel from data, you need to look into a product like Spreadsheet Gear, OfficeWriter or ActiveXLS.  I've used the free ExcelXmlWriter with great success.

My first DotNetSlackers article has been published: Review: SQL Server Integration Services Using Visual Studio 2005 – A Beginners Guide.

Occasionally in life, the right thing shows up at the right time.  I was just ready to start some work in SQL Server Integration Services, and like a lot of DTS developers, my mind was boggled when I first opened the SSIS workbench.  My tasks looked daunting.

That same week, I received an email from Packt Publishing asking if I'd like to review this book.  Oh boy would I!  Long story short, this book was a significant help in my project.  I went from being an overwhelmed DTS guy to a pretty fair SSIS developer in a short period of time.  Check out the review for more about the book.

Like the other Packt books I've read, it's an easy read, partly because of the writing style and partly because of the typography.  I don't know how much time they spent researching the font style, kerning, etc., but their printed materials are easy on the eyes.  There are a lot of screenshots in the hands-on chapters, and being a beginner's guide, background information on using the relevant parts of VS 2005 is included.  There are no major changes to SSIS in SQL Server 2008, so this book will be relevant for a while.

Get it at Amazon: SQL Server Integration Services Using Visual Studio 2005 – A Beginners Guide

A few years ago, I was looking for a version control system that would be easy to implement and not cost a fortune.  I was splitting my time between my laptop and my desktop, and was always forgetting my thumb drive somewhere else.  I did not have a separate NAS device at the time, so that was out of the question.  I was paying for shared hosting, and was greatly underutilizing my disk space allotment.

Enter FtpVC, a version control system that works via FTP.  It was perfect for my needs!  I installed the client on both machines, configured it to use a folder on my hosting account, and got back to work.  Setup was very easy, and the shared hosting space was accessible to either machine, and offsite.  At $50, it was not a budget breaker, either.  All the usual version control features are there, including history and comparisons.  If you're a lone ranger picking up the odd client job, or a small development shop, FtpVC could be a great solution for you.

There's a new version out, and their announcement e-mail reminded me I should blog about it.  No relation other than happy customer.  As a matter of fact, I've since moved on to another solution, but I still recommend FtpVC as a lightweight and inexpensive way to get into version control.

The Internet Explorer team should be proud of themselves this week:

Many people are switching from Internet Explorer to alternative browsers such as Firefox and Safari. Though that might make them feel more secure, the shift has also opened new doors for bad guys.

Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard.

However, if you're feeling ten feet tall and bulletproof because you're using FireFox, you might want to reexamine that idea and make sure you get the auto-updates installed:

In a somewhat dubious recognition of Firefox's growing popularity, hackers have focused their attention on it, leading to a rash of newly discovered holes. The folks at Mozilla recently released two Firefox updates in less than six weeks, fixing a total of five critical security vulnerabilities. All five can be exploited by planting a poisoned JavaScript file in a Web site and waiting for you to stumble across it.

The scary thing here is that you don't have to do anything to engage this exploit, and JavaScript is all but invisible to any user not really looking for it.

Likewise, Apple cultivates the image of security to every fanboy's peril:

Safari 3.1 patches 13 holes affecting Mac OS X, Windows XP, and Windows Vista.

Think you're safe because you don't have Safari? You may have it without realizing it. Apple now distributes its browser with iTunes updates. Forget to uncheck a box in one of these updates, and it's there.

The Safari holes could allow an attacker to trick you into thinking that a fake site is really your bank site, or to take over your PC via a poisoned page.

Remember it was Safari that led to the hacking of a MacBook Air in a recent contest.  Add in the insult of sneaking Safari onto machines via iTunes updates and Safari in most corporate environments would be defined as malicious.  The distribution policy has recently been changed to be more clear about what is being installed, but some damage has been done, and you still have to refuse the automatic installation.

There is a reason corporate IT departments prefer software we can control via Group Policy, and why we have policies against anyone installing anything.

Although this attack targets websites powered by Microsoft SQL Server, databases such as Oracle are also vulnerable to this attack.

The attacks "are a very sophisticated form of SQL injection," Qualys CTO Wolfgang Kandek told TechNewsWorld. "Normally, SQL injection is targeted to one table. With this attack, they used a generic mechanism of the underlying database to make it work on a much broader set of applications."

The attacks have targeted sites running IIS and ASP that have an MS-SQL database. However, they are not exploiting a particular flaw in these applications -- the exploit could have been written to target any database -- Oracle or WebSphere, for example.

Rather, the code exploits what security researchers are bemoaning as an elementary lapse in Web security on the part of developers installing the databases.

In addition to this attack, the article mentions another one, specific to SQL Server, on the horizon:

"The underlying database servers are often misconfigured to have an extended stored procedure xp_cmdshell enabled," Belani told TechNewsWorld. "This setting allows an attacker to execute commands at the operating system level post compromise via SQL injection. This level of access is hard to come by in other database servers like Oracle."

Full story at http://www.technewsworld.com/edpick/62783.html?welcome=1209477802.

The root cause of these attacks is insecure web application design, which allows SQL code to be inserted into a page request and executed in the following database query.  This is an old technique known as SQL Injection.

If you're not familiar with SQL Injection, you need to be, since it's a very basic flaw with serious ramifications.  I recommend highly reading 19 Deadly Sins of Software Security for very good introductions to some very basic design issues.

Following up yesterday's post (http://rjdudley.com/blog/WindowsXPNotDeadYet.aspx):

Microsoft says Windows XP sales will end June 30 despite comments by Microsoft CEO Steve Ballmer. Microsoft says it's listening, but petition author Galen Gruman says Microsoft counts a Windows Vista sale even with an option to downgrade to Windows XP. Galen's petition has more than 170,000 names asking Microsoft to save Windows XP.

Full story at http://www.newsfactor.com/story.xhtml?story_id=121009GB4QVS&nl=2

The recent outcry from fans of Windows XP -- or at least from people who hate Vista so badly they don't want to buy it -- appears to have reached the ears of Steve Ballmer. The Microsoft CEO said the company would listen to its customers if they want to continue to buy XP.

full story at http://www.technewsworld.com/edpick/62741.html

There's a new user group in town:

IS Network: PGH DW Group
Please attend this year’s first Pittsburgh Data Warehouse and Business Intelligence User Group Meeting. The morning will begin with a brief planning session on the goals and purpose of the group followed by a demonstration in building a data warehouse right before your eyes using Microsoft SQL Server 2005. The final presentation titled, "A Single Source of Truth: Implementing Enterprise Profitability" will cover the design and implementation of the enterprise profitability system utilized by Alcoa.

Coffee and light refreshments sponsored by IQ Inc.

Date:        Thursday, April 24
Time:        8 a.m. - 12 p.m.
Venue: Pittsburgh Technology Council
Cost:         Free
Register: Online | E-mail | 412.918.4229

The full error reads:

Parser Error Message: Could not load file or assembly 'Microsoft.ReportViewer.WebForms, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified.

This error means you're using the SQL Server Reporting Services ReportViewer control in your web application, and the server can't find the proper DLL.  All you have to do is deploy them to your server.  With Visual Studio 2008, the location of the ReportViewer DLLs has changed.  You now find them at C:\Program Files\Microsoft Visual Studio 9.0\ReportViewer.

The first way to get these on your server, and this only works if you run your own server, is to directly copy them into the C:\Windows\assembly folder, and reboot the server (this reloads the GAC).  If a reboot is out of the question, you can use GACUTIL.EXE to copy and register the DLLs.

If you're in a shared hosting environment, reference the DLLs from the VS 9 path listed above, and set the Copy Local=True (select the DLL and open the Properties tab).  This will copy the DLLs into your applications BIN folder, and look for them there first.  You can then deploy to a shared host, making sure to copy all the contents of BIN.

All attendees to a "Heroes Happen Here" Launch even receive a software pack, but it's not without its limitations.  Here is what's included, and restrictions:

1. Windows 2008 Server, Enterprise Edition, both 32-bit and 64-bit.  Full version with keys, 1 year time bomb.
2. SQL Server 2008.  This is a CTP, not the final release.  I'd avoid installing this on any machine you like--use a virtual machine or something you can throw away later.  There is a registration code in the pocket with the EULAs for a license of the final version.  No mention of a time bomb.  I just tried to register, and the site craps out when you submit your form.
3. Visual Studio 2008 Standard Edition.  This is the version one step above Express.  It's most notable feature limitation is the Office development.  That's right--all that cool MOSS/Office 2007 integration and workflow they demonstrated, well, you can't do that with this version (you need the Professional version at least).  A version comparison is at http://msdn2.microsoft.com/en-us/vs2008/products/cc149003.aspx.  No indication of a time bomb.
4. Windows Vista Ultimate with SP1.  This was a nice surprise.  The full kitty, no expiration (the Windows Live One Care has a time limit, though).
5. Microsoft Forefront and Microsoft System Center.  Two infrastructure tools marked as "Limited-Time Trial Software", but no indication of the time limit.  Forefront is Microsoft's network security suite, rolling up Antigen and other tools into one product.
6. Windows Mobile 6 Developer Resource Kit.

Useful links from Launch:

If you want to review the presentations (or in our case, see them working), check out the Virtual Launch at http://www.microsoft.com/virtualevents/.  You need a Windows Live ID and Silverlight.  Apparently you can choose from several cities, but each time I selected something other than LA, I got a Silverlight error.

Download lab manuals for each demo at http://heroes.labmanuals.virtualwide.com/.  This is totally cool.  Get these and actually do what you saw (or would have seen if the demos didn't keep crashing).  Subject to the limited features of the Standard version, unless you have a better version handy.

In addition to VS2008 Professional, Sql Server 2008 Developer and Windows Server 2008, there's also Vista Ultimate in the software pack.  If you haven't signed up yet, you need to.