[Solved] Application Insights not working on Sitecore 9.1 PaaS

A couple weeks ago I’ve asked a question in Sitecore Stackexchange explaining that the Sitecore 9.1 PaaS our team has provisioned in Azure was not providing data to the Application Insights.

I went through the existing post Accessing log files in application insitghts for Sitecore 9 in Azure app service which allowed me to execute some sort troubleshooting, and in summary here are the steps I reproduce

1.Check appinsights.instrumentationkey in ConnectionStrings.config

The idea is to verify if is not going to a different Application Insights or a typo occurred somewhere. Please check the Instrumentation Key from Azure Portal and at the ConnectionStrings.config

mav9i

2.Check the Daily Cap

adfd7

3.Check showconfig.aspx

9qvq1

4.Enable Live Metrics Stream

vaijx

5.Enable Application map

On all roles, in the wwwroot/ApplicationInsights.config, uncomment the line containing the DependencyTrackingTelemetryModule. A caution though – it nearly doubles your ApplicationInsights data usage.

t9ugp

6.Querying Application Insights

– Go to the Application Insights resource and click the Analytics button on the Overview tab.
– The query builder will open. Paste in the following query:

traces

| project timestamp, message, severityLevel, customDimensions.Role, customDimensions.InstanceName
| order by timestamp desc

Select the time range and click Run

gbd2k

Another thing is that the Search shows results from Sitecore

3tzdm

Michael Baranov suggested the following

It’s a bug in 9.1.

To fix this you need:

Add telemetry module to ApplicationInsights.config

<Add Type="Microsoft.ApplicationInsights.Web.AspNetDiagnosticTelemetryModule, Microsoft.AI.Web"/>

Add module to web.config under system.webserver

<add name="TelemetryCorrelationHttpModule" type="Microsoft.AspNet.TelemetryCorrelation.TelemetryCorrelationHttpModule, Microsoft.AspNet.TelemetryCorrelation" 
        preCondition="integratedMode,managedHandler" />

And I did what he said but an Yellow Screen of Death showed up “Could not load file or assembly ‘Microsoft.AspNet.TelemetryCorrelation’ or one of its dependencies. The system cannot find the file specified” and I never heard back from him.

Frank Rosario, a colleague of mine here in Valtech, opened a ticket with Sitecore and they sent a hotfix for us.

For your reference if you face the same issue Ticket #527731

IMPORTANT: The following approach DOES NOT work without the hotfix provided by Sitecore, don’t give a shot by simply changing the files specified in the step “after the hotfix has been installed”

Accordingly to the Sitecore response

Be aware that the hotfix was built specifically for Sitecore XP 9.1 Initial Release, and you should not install it on other Sitecore versions or in combination with other hotfixes, unless explicitly instructed by Sitecore Support.

Note that you need to extract ZIP file contents to locate installation instructions and related files inside it.

Unless stated differently in the installation instructions, the hotfix should be installed on CM instance and then synced with other instances using your regular development practices

The hotfix should be install as a package, and will replace the following DLL libraries:

/bin/Microsoft.AI.Web.dll

• /bin/Microsoft.ApplicationInsights.dll

• /bin/Microsoft.ApplicationInsights.TraceListener.dll

• /bin/Microsoft.AspNet.TelemetryCorrelation.dll

• /bin/System.Diagnostics.DiagnosticSource.dll

After the hotfix has been installed these steps must be taken

1.Edit ApplicationInsights.config. Under the ApplicationInsights\TelemetryModules paste the following line at the bottom of the section

<Add Type="Microsoft.ApplicationInsights.Web.AspNetDiagnosticTelemetryModule, Microsoft.AI.Web" />

AppInsightsConfig

2.Edit web.config. Under the configuration/system.webServer/modules after <remove name="ApplicationInsightsWebTracking"/>, insert the following string:

<add name="TelemetryCorrelationHttpModule" type="Microsoft.AspNet.TelemetryCorrelation.TelemetryCorrelationHttpModule, Microsoft.AspNet.TelemetryCorrelation" preCondition="integratedMode,managedHandler"/>

WebConfig

Once you modify the files, restart the App Services and try to access it again to generate data for the Application Insights

mzwoh

References and thanks

Mark Gibbons to write a terrific answer in how Application Insights works, and ways to troubleshoot it

Frank Rosario for opening the ticket with Sitecore

Sitecore for the amazing support

I hope you liked it, and I’ll see you on my next post!

Advertisements

Solved Unicorn issue with Sitecore Identity

I’ve started to work at the Continuous Integration & Continuous Delivery part in a Sitecore project. As I am not familiarized with the process, I decided to create my very first Sitecore project/solution in Visual Studio, and also following the requirements of the project, installed Unicorn on it.

While I was installing Visual Studio, I have provisioned a Sitecore 9.1 locally, and a Platform as a Service in Azure.

Eventually, I got everything up and running, and my project was being deployed successfully to my local environment and to Azure. It’s time to check Unicorn, and see how things works, let’s test in my local environment first

Unicorn_Aspx

Looks like I have to sign in to Sitecore as an administrator

Unicorn_Sitecore_Admin

Now, let’s back to Unicorn.aspx

Unicorn_Aspx_Admin.png

Looks like it works, AWESOME! Now, let’s check in Azure…

Unicorn_Aspx_Azure.png

….And as expected it is asking to sign in to Sitecore as an administrator

Unicorn_Azure_Loop.gif

Weird! I am getting an infinite loop

I decided to use Sitecore Slack, so I accessed the #Unicorn channel, raised my issue and faster than I thought Kam Figy replied

Looks like you are using Sitecore Identity, please enable IdentityServer configuration file

Not sure if you heard that Sitecore 9.1 has introduced Sitecore Identity, “a mechanism to log in to Sitecore providing a separate identity provider, and makes it possible for you to set up SSO (Single Sign-On) across Sitecore services and applications

In my Sitecore PaaS in Azure, I have installed Sitecore Identity during Sitecore provisioning while in my local environment I didn’t, that’s the reason it was working fine locally!!!!

The file Kam Figy mentioned is located at ..\..\Include\Unicorn and named Unicorn.UI.IdentityServer.config.disabled, you should simply remove the .disabled to reload Sitecore page!

Please note that

This file enables the Unicorn control panel to work with authentication in Sitecore 9.1 and above.

This file should not be enabled on versions of Sitecore prior to 9.1

And just for the record, the sentence above is the comment line inside of Unicorn.UI.IdentityServer.config file!

I hope you liked it, and I’ll see you on my next post

 

Sitecore announces 2019 MVPs

WOW! Cannot believe it is that time of the year again when Sitecore announces 2019 MVP.

I remember exactly how my day looked like when I was first awarded as Sitecore MVP back in 2017, and once again in 2018, now for the third time in a row I have been awarded with such honor in be part of the Sitecore MVP group.

Of course, I am celebrating the moment….

giphy

Again, I am proud, glad and excited with the new challenges and responsibilities that a new award brings and can’t wait to share some good content and lead you through Sitecore world.

As part of my thanks list, cannot forget my wife, Raquel, for all support, understanding and love during the journey! I LOVE YOU RAQUEL!

Secondly, I’d like to thank Sitecore, Sitecore community and Sitecore MVPs to believe in my potential and how helpful I am within the community.

And last but not least, a HUGE thanks to all readers.

As usual, thanks for reading, and I’ll see you on my next post!

Sitecore connecting to MongoDB using SSL

After configuring valid certificates to configure MongoDB for SSL/TLS it is time to establish the communication from Sitecore to MongoDB, and unfortunately Sitecore does not communicate with Mongo using SSL Out of the box.

I found a good article that explain how to achieve it, however, I don’t have any experience on it and had to ask for help to my colleague Leonardo Faggiani

Our first successful attempt was using a PFX file that requires a password but the problem was

Nobody wants to expose password in config files, specially for a PFX file!

So, we started thinking about using the Windows Certificate Store to retrieve the certificate! And in order to accomplish that, we need to extend UpdateMongoDriverSettingsProcessor class to update Mongo Driver Settings with the SSL certificate.

public class EnableSSL : UpdateMongoDriverSettingsProcessor – This method allow users to turn on/off the SSL settings.

private bool UseSSL()
        {
            string value = Settings.GetSetting("UseSSL");
            return !string.IsNullOrEmpty(value) &amp;&amp; Convert.ToBoolean(value);
        }

Self-explaned method
private StoreName? FindStoreName()
        {
            StoreName storeName = StoreName.My;
            try
            {
                storeName = (StoreName)Enum.Parse(typeof(StoreName), Settings.GetSetting("SSLCertificateStoreName"));
            }
            catch (Exception e)
            {
                Log.Error("Error loading store certificate: Settings.GetSetting(SSLCertificateStoreName) " + e.Message, this);
                return null;
            }

            return storeName;
        }

The Certificate Store must be opened in order to find the certificate.

        private X509Certificate2 FindX509Certificate2()
        {
            StoreName? nullableStoreName = FindStoreName();
            if (nullableStoreName == null) return null;

            X509Certificate2 firstCertificate = null;

            StoreName storeName = (StoreName)nullableStoreName;
            X509Store store = new X509Store(storeName, StoreLocation.LocalMachine);

            try
            {
                store.Open(OpenFlags.MaxAllowed);

                var certificates = store.Certificates.Find(X509FindType.FindByThumbprint, Settings.GetSetting("SSLCertificateThumbprint"), false);
                firstCertificate = certificates.Count &gt; 0 ? certificates[0] : null;

                if (firstCertificate == null)
                    Log.Warn("Cannot find certificate with thumbprint " + Settings.GetSetting("SSLCertificateThumbprint"), this);
            }
            finally
            {
                store.Close();
            }

            return firstCertificate;
        }

Overridden method join all the pieces

        public override void UpdateSettings(UpdateMongoDriverSettingsArgs args)
        {
            if (UseSSL())
            {
                X509Certificate2 x509Certificate2 = FindX509Certificate2();

                if (x509Certificate2 == null) return;

                args.MongoSettings.SslSettings = new SslSettings();
                args.MongoSettings.SslSettings.ClientCertificates = new[] { x509Certificate2 };
                args.MongoSettings.SslSettings.CheckCertificateRevocation = false;
                args.MongoSettings.SslSettings.EnabledSslProtocols = SslProtocols.Tls12;
                args.MongoSettings.UseSsl = true;
            }
        }

Finally, we need a .config file in order to add those configurations and push the code in the Sitecore’s pipeline

<configuration xmlns:patch=”http://www.sitecore.net/xmlconfig/“>

  <sitecore>

    <settings>

      <setting name=”UseSSL”>

        <patch:attribute name=”value”>true</patch:attribute>

      </setting>

      <setting name=”SSLCertificateStoreName”>

        <patch:attribute name=”value”>My</patch:attribute>

      </setting>

      <setting name=”SSLCertificateThumbprint”>

        <patch:attribute name=”value”>33d567ffc26697605c31ebd4bd87c7254128f049</patch:attribute>

      </setting>

    </settings>

    <pipelines>

      <updateMongoDriverSettings>

        <processor type=”Custom.MongoDriver.EnableSSL, Custom.MongoDriver” />

      </updateMongoDriverSettings>

    </pipelines>

  </sitecore>

</configuration>

Once we’ve applied it to the Sitecore installation, it didn’t work from beginning and after couple hours troubleshooting here’s what we found to solve it

The Solution

Open Certificate Store

1. Open a Command Prompt window, and type mmc then press Enter
2. On the File menu, click Add/Remove Snap In

mmc-add

3. Double click Certificates

double-click-certificates.PNG

4. Select Computer Account, and click Next

computer-account

5. Select Local Computer, and click Finish then click OK to exit the Snap-in window

local-computer

Manage Private Key Permissions

Assuming you have the private key installed already, and Certificate Store still open, please follow the steps below

1. In the left pane of MMC, expand Certificates (Local Computer) node, expand the Personal node, and then select the Certificates subfolder

personal-certificates-mmc.png

2.  In the right pane, look for your certificate – in my case it is NLCVD2LAP @ Valtech – right-click in the certificate, choose All Tasks, and then choose Manage Private Keys.

manage-keys-certificate

Permissions window shows up, and you have to add the user that is running the Application Pool of your Sitecore instance which could be either ApplicationPoolIdentityNetworkService or a special account just for that.

3. Click Add in the Permissions window, and let’s grant privileges to our Application Pool user

application-pool-user

Please note that in my case the Sitecore was running using the ApplicationPoolIdentity using an ApplicationPool named sc82u3

4. Ensure the permissions are Full Control and Read for testing purposes only, then click Ok

permissions-certificate

Once we have done the permission stuff, the solution provided by Leonardo, started to work right away!

I hope you liked it, and thanks for reading!

And I’ll see you on my next post!

Using Valid Certificates to Configure MongoDB for SSL/TLS

I was told to configure MongoDB for SSL/TLS for a production environment which means I would have to use VALID CERTIFICATES!

For production use, your MongoDB deployment should use valid certificates generated and signed by a single certificate authority.

And as I wanted to go fancy, I choose to setup MongoDB with Certificate Validation that requires the creation of two .pem files – one to use as PEMKeyFile and as CAFile parameters in my Mongo configuration file.

Accordingly to MongoDB’s tutorial page, here is what you need to know about them

  • PEMKeyFile with the name of the .pem file that contains the signed TLS/SSL certificate and key.
  • CAFile with the name of the .pem file that contains the root certificate chain from the Certificate Authority.

The first thing to do is to work with the valid certificate you have, usually a PFX format which contains the Public Key and the associate Private Key.

Exporting PFX

Working with certificates sometimes is tricky, I’d recommend to use DigiCert® Certificate Utility for Windows which I use on my daily basis and it is a time-saving tool! Or you can use OpenSSL – that is another GREAT tool.

Moving on… assuming you already downloaded, executed DigiCert Certificate Utility, and that your PFX is already installed in your machine, let’s continue

1. In the DigiCert Certificate Utility for Windows©, click SSL (gold lock), select the certificate that you want to export as a .pfx file, and then click Export Certificate.

1

2. In the Certificate Export wizard, select Yes, export the private key, select key file (Apache compatible mode), and finally click Next

2

3. Choose a location and file name where you want to save the key file, click Save, and then, click Finish

3

4. Navigate to the location you saved, note that the folder should contain the Public Key (wildcard_nonlinear_ca.crt), Private Key (wildcard_nonlinear_ca.key) and Intermediate Certificate (DigiCertCA.crt)

5

PEMKeyFile

In order to generate the PEMKeyFile we will have to use Notepad++ or any other text editor of your preference.

  1. Navigate to the location where are the exported keys, and open the Private Key – in my case wildcard_nonlinear_ca.key6
  2. The Private Key should looks like this7
  3. Copy the entire body of this certificate, including —-BEGIN RSA PRIVATE KEY—- and —-END RSA PRIVATE KEY—-
  4. Open a new tab (or a new text editor), and paste the content you just copied8
  5. Now, let’s open the Public Key (wildcard_nonlinear_ca.crt) that should look like as follows9
  6. Copy the entire body of this certificate, including —-BEGIN CERTIFICATE—- and —-END CERTIFICATE—-
  7. Go to the new text you just created (step 4), and paste the Public Key content in the next line after —-END RSA PRIVATE KEY—-10
  8. Then save this document as .pem file

11

CAFile

The process is pretty much the same listed for the PEMKeyFile, however, the CAFile must have the Root Certificate on it as well. Please ensure to keep the following order:

  1. The Private Key (wildcard_nonlinear_ca.key)
  2. The Primary Certificate (wildcard_nonlinear_ca.crt)
  3. The Intermediate Certificate (DigiCertCA.crt)
  4. The Root Certificate – you should be able to get it directly from the place you issued your certificate, in my case it is named TrustedRoot.crt

Make sure to include the beginning and end tags on each certificate, then save the using .pem extension as well.

MongoDB configuration

Assuming you already have a MongoDB up and running, in order to enable SSL/TLS you must change couple things on the mongod.cfg

net:
ssl:
mode: requireSSL
PEMKeyFile: F:\ssl\SysAdmin.pem
CAFile: F:\ssl\ca.pem

Once you modified it, try to stop/start the MongoDB service and ensure it backs up.

To connect to MongoDB from now on using CMD, you should include the following options

  • –ssl
  • –host
  • –sslPEMKeyFile
  • –sslCAFile

mongo –ssl –host mongodb.mydomain.com –sslPEMKeyFile F:\ssl\SysAdmin.pem –sslCAFile F:\ssl\ca.pem

Sitecore connecting to MongoDB using SSL

I’ve raised the question on Sitecore.Stackexchange and Hishaam Namooya, and Amitabh Vyas were able to address my problems.

Amitabh Vyas said that

OOTB Sitecore does not communicate with Mongo using SSL, we need to implement a custom pipeline for such communication.

Customize the Sitecore.Analytics.MongoDB.Config by defining a new Pipeline.

Now you have two approaches to establish SSL connection between Mongo and Sitecore.

  1. SSL Integration using physical PFX file
  2. SSL Integration reading Machine Key

Please have a look at my blog post for more details.

I hope you liked it, and thanks for reading!

And I’ll see you on my next post!

Sitecore 9 update 1 XP0 topology ‘sqlcmd’ is not recognized error [SOLVED]

A week ago, I was trying to provision a Sitecore 9 Update 1 XP0 topology and everything was great, until the step

CreateShardApplicationDatabaseServerLoginSqlCmd

error-xp0.PNG

As you can see, it complains about sqlcmd is not recognized as the name of the cmdlet. This is way weird as Sitecore 9 Installation Guide does not mention anything about it.

I was not convinced that it would be sqlcmd, so posted a question on the Sitecore StackExchange – as usual, when get myself stuck after couple tentatives… you should also try whenever you get yourself stuck (don’t be shy :))

While was waiting for the community, started dig in and googled “sql server 2016 sqlcmd download” with a hope to be able to easily install the sqlcmd without need the full SQL Server installed at the web server, right?

I found that two things would be necessary

Once I got both installed, it was just a matter to re-run the XP0 and get my Sitecore 9 Update 1 up & running smoothly!

Of course I posted this as an answer in Sitecore StackExchange, check out here! And as soon the answer was there, a Sitecore employee – Kieran Marron – commented saying that

“Unfortunately this was missed off the docs for update 1. We’re aiming to have this corrected soon.”

Thanks for your reply Kieran, really appreciate it! So, stay tuned to see a fix for that anytime soon.

I hope you liked it, and thanks for reading!

And I’ll see you on my next post!

 

Sitecore 9 – Reporting not working after install [SOLVED]

Couple days ago, I was installing a new Sitecore 9 XP1 topology and during my post-installations tests I received the following error while accessing the Reporting piece

error1

C’mon! You got to be kidding me… and I was telling Sitecore 9

am-i-wrong-dude-am-i-wrong

Well, didn’t solve my problem… SOOOOOOOOOOO, let’s dig in!

Let’s re-run the Reporting piece in Powershell

  • First of all import SitecoreFundamentals SitecoreInstallFramework
  • Then execute Install-SitecoreConfiguration and point to sitecore-XP1-rep.json full path

I was prompted to provide the Package and LicenseFile location but NO SqlDbPrefix as you probably noticed from other packages like Content DeliveryContent Management, and so forth. 

powershell1

Let’s check the ConnectionStrings.config post-installation

  • Navigate to Reporting installation path, usually C:\inetpub\wwwroot\ and the name you provided for the instance
  • Go to App_Config and find ConnectionStrings.config

Well, looks like something is wrong! Did you noticed that Initial Catalog= contains only an underscore + Database (e.g. _Core, _Master, etc)

connectionstrings

An easy workaround would be rename the Initial Catalog= with the correct name of those databases and solve the case BUT not so fast buddy, let’s find the reason for this typo!

Let’s check the JSON file

  • Navigate to Sitecore configuration files path, in my case is C:\SitecoreInstaller\XP1\Configuration
  • Find sitecore-XP1-rep.json and open in Notepad
  • Look for SqlDbPrefix

WOW! There’s a DefaultValue set to “” which means you won’t be asked to provide a SqlDbPrefix

jsonfile

and the concatenation throws a blank value, resulting in the underscore + database (e.g. _Core, _Master)

json-concatenation

So, the quickest way to fix that is to remove “DefaultValue”: “” and the comma after the Description value.

json-fixed

EASY PEASY, isn’t it? From now on, you will be prompted to provide SqlDbPrefix when provisioning the Reporting piece!

I hope you liked it, and thanks for reading!

And I’ll see you on my next post!