So here we are. One holiday, and a severe lower back injury later. In the last post we discussed setting up LogAnalyzer. Today I will try to get through setting up the actual QuickLook piece, while squirming and writhing in agony in this god-forsaken, non-ergonomic chair I have at my desk. See how important this topic is? I do it all for my viewing audience. :) NOTE: In the extreme off chance that this post helps the CEO of a ergonomic chair manufacturing company that has realized that they are over their factory allowable chair limit by one single chair, and are going to throw that chair away, please send that chair my way. What!?! It could happen! :)
For those of you with long term memory failure, like me, LogAnalyzer was the piece that we setup last time, that gathers and consolidates data, from all of your RMS dbases. Quicklook is the viewing piece of that.
To setup QuickLook (most of this I will steal from the documentation..but make it Mo' Betta):
- Create an account for the QuickLook service to use to query the database.I just used the RMSService account, however you probably actually want to create an account that has RMSQuickLook permissions (created later) to the database. The reason is because the RMSService account pretty much has full rights to the databases, so if this app is going to be used (or modified), by your help desk personnel then you probably want the minimum rights.
- Copy the RMSQuickLook folder from the C:\Program Files\RMS Toolkit directory, and put it somewhere that can be reached by the web server. I just stuck mine in the C:\InetPub\WWWRoot directory, since I know that the IIS service can reach this without me having to make all sorts of permission adjustments. Obviously it all depends on how secure you want to be. The folder should contain these files: * Default.aspx * Failure.aspx * Global.asax * UserCertification.aspx * Web.config * bin\RMSQuickLook.dllContrary to the documentation there is not an Error_Loading.htm
- Go into the IIS MMC console and Right-Click on Application Pools, and select New>Application Pool. I just called mine RMSQuickLook, but feel free to be creative. 'BoogerLooker' was my next choice. Leave it at 'default' settings and hit 'OK'.
- Right-Click on the App pool that you just created, and click on Properties. Go to the 'Identity' tab, and choose configurable, and enter the account information that you made in step 1, then click 'OK'
- The next step in the documentation tells you to either create a new website, or add this directory to an existing website. I just added it to the default website, by right clicking on 'Default Web Site' and clicking on New>Virtual Directory. Call it something creative. Again, it must have been a pretty bland day, because I just named it 'QuickLook'. I pointed it to my C:\InetPub\WWWRoot\RMSQuickLook directory, kept everything else at default, and hit 'OK'.
- Now the documentation seems to skip an entire step in the hopes that by some divine intervention the next things will happen automagically. Well not being one to leave this to a miraculous event happening, go ahead and right-click on the VirtualDirectory you just created and click on 'Properties'. On the 'Virtual Directory' tab, in the 'Application Settings' section click the 'Create' button. For 'Execute Permissions', choose 'scripts only', and for 'Application Pool', choose the AppPool that you created a few steps back, then click 'OK'
- Go into your Computer Management Settings by Right-Clicking 'My Computer'>Manage. Expand local users and groups, then click on the Groups folder. In the right-side pane, double-click on the IIS_WPG group, click the 'Add' button, and add the account you created for Quicklook to this group, then click 'OK'. Since I just used the RMSService account it was already there.
- The next step in the documentation tells you to 'Allow the web service 'run as service' rights on the server'. I have no idea what they are talking about, but I didn't do it, and my QuickLook still worked, so either the doc writer was sniffing fumes that day, or I'm missing something.
- Open the web.config file in your C:\InetPub\WWWRoot\RMSQuickLook directory and fix the SQL connection string to point to your SQL server. It should look something like this:
<add key="sqlConnection.ConnectionString" value="Initial Catalog=DRMS_Log_Admin; Server=RMSSQLSERVER; Integrated Security=SSPI; Trusted_Connection=SSPI; Connect Timeout=45" />
Note: I bolded the two things you need to change.
- The next step in the documentation tells you to run some ADSUtil script to remove Kerberos authentication from your metabase. That's crap. I skipped this step. you can however go into the Properties of the VirtualDirectory you created, go to the 'Directory Security' tab, click Edit for authentication to set security. I just set mine for Window Integrated Authentication only.
- Now go to your SQL server, and run the .sql file that will be found in the C:\RMSLogAnalyzer folder called RMSQuickLook.sql. (If you followed Pt. 1 of this series, you will have this folder). This is going to add a role to your SQL server called 'RMSQuickLook'
- Now open SQL Enterprise Manager, expand the DRMS_Log_Admin database (it should be there if you followed Pt. 1 of this series), then Security>Roles>Database Roles. Right-Click on the RMSQuickLook role (created in the last step), and click 'Properties'. Add the account that you created for the QuickLook service.
Thats it! You have setup QuickLook. If all went well you should be able to go to http://IISServer/QuickLook. It will ask you for an alias. Enter in some alias that you know has been activated, or has opened some RMS protected content, and wallah. A history of that user will appear. If it didn't work, go through the steps again and make sure you didn't miss anything. If it still doesn't work, post a comment and I'll see what I can do.
OK. My back is throbbing, and I probably won't be able to stand up. You're welcome. :)
Next time, we will discuss how to use QuickLook effectively to troubleshoot issues.