Alexander’s Blog

Microsoft recently posted this Knowledge Base article 2588513: Vulnerability in SSL/TLS could allow information disclosure. The actual Security Advisory is posted here. According to the advisory:

“Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0 and TLS 1.0, affecting the Windows operating system. This vulnerability affects the protocol itself and is not specific to the Windows operating system. This is an information disclosure vulnerability that allows the decryption of encrypted SSL/TLS traffic. This vulnerability primarily impacts HTTPS traffic, since the browser is the primary attack vector, and all web traffic served via HTTPS or mixed content HTTP/HTTPS is affected. We are not aware of a way to exploit this vulnerability in other protocols or components and we are not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers.”

There are at least two mitigating factors:

1. The attack must make several hundred HTTPS requests before the attack could be successful.
2. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.

Workaround

Microsoft offers the following workaround. In Windows 7, disable the TLS 1.0 protocol and enable TLS 1.1 and TLS 1.2 because they are not affected. Unfortunately, in Windows XP the Internet Explorer doesn’t offer TLS 1.1, or TLS 1.2.

NOTE: Neither Mozilla Firefox nor Chrome supports TLS 1.1 and TLS 1.2. Therefore, your best bet is to use Internet Explorer 9 on Windows 7 or Opera 10, which also supports TLS 1.2.

In Internet Explorer 9, go to Tools, Internet options, and on the Advanced tab clear the TLS 1.0 check box and select the TLS 1.1 and TLS 1.2 check boxes. Your screen should look something like this.

Does Fix It Really Fixes Things?

If you use the Fix it solution in the KB article that automatically creates a restore point and then supposedly fixes the problem, you will notice that it DOES NOT clear the TLS 1.0 box. I am not sure why when the entire hoopla has to do with TLS 1.0 and SSL 3.0 in the first place. All it does is enable TLS 1.1. Perhaps enabling TLS 1.1 takes precedence and therefore TLS 1.0 is not used but I don’t feel comfortable using any scripts or wizards created by a vendor because there is no way for me to know exactly what the wizard does behind the scenes. Besides, I have been burned in the past by one of Microsoft’s wizard that installs a security template so I am pretty hesitant when it comes to wizards. I’d much rather make the change manually so I can reverse the process manually if necessary.

One challenge that you might have to face is whether the Web sites you visit support TLS 1.1 and later or not. Until there is a solution (remember this is only a workaround) I would rather implement the workaround just to be on the safe side and take my chances with Web sites not supporting the newer version of TLS.

As a best practice, always sign out of the Web site and then close your browser to ensure that your SSL/TLS session is properly terminated.

Today I noticed the following error when I tried to create a new library in SharePoint 2010. I am running SharePoint Server 2010 and was using IE9 on my Windows 7 Ultimate x64 client.

Error: An unhandled exception occurred in the Silverlight Application

Here’s how I was able to resolve the problem.

1. Go to Central Administration site.
2. Go to Manage Web Applications in Application Management section.
3. Highlight your Web application and select General Settings from the General Settings drop-down box.
4. Turn on the Web Page Security Validation. The Web Page Security Validation establishes an amount of time after which the user is required to retry the operation. By default it is set to on and the expiration time is 30 minutes. I don’t recall turning it off on my Web application but somehow it was set to off. I looked at all the other Web applications and discovered that it was set to on. It might be some kind of bug in SharePoint but because I haven’t done any research on this issue I can’t say for sure.

   

5. Now you should be able to create new libraries.

There is no need to restart any services, browser, or your computer. Your change should take effect immediately.

I recently noticed that I was unable to open PDF files in SharePoint 2010 when I used Internet Explorer 9. I didn’t have the same problem in Mozilla Firefox 5. If you have encountered similar problem, here’s one solution that might help you.

1. Start Internet Explorer.
2. Go to Tools, Internet options, Advanced tab.
3. In the Security section, clear the box Do not save encrypted pages to disk. I tend to check this option on most of my computers running Internet Explorer but noticed that clearing this option lets me open the PDF files. Because my site uses SSL, by disallowing the ability to save encrypted pages to disk, SharePoint is unable to open PDF files.
   

If you go to Google or Bank of America’s Web site you will notice that your browser displays a custom logo to the left of the URL. It’s nice to have a custom icon or logo for a SharePoint 2010 site so when visitors add the site to their Favorites in Internet Explorer or Bookmarks in Mozilla Firefox it displays the custom icon/logo. I wrote about this last year but in this blog I have added numerous troubleshooting tips that will come handy. You can follow the procedure described below to change the browser icon for a SharePoint 2010 site.

There may be other methods of achieving this but this is the method that I use. The procedure is very simple but it requires you to use SharePoint Designer 2010. The good news is that SharePoint Designer 2010 is a free download from Microsoft. The bad news is that if you don’t know what you are doing you can completely destroy your site by “messing” with your site in SharePoint Designer.

WARNING! Always backup your site before you make any modifications to your site in SharePoint Designer 2010.

1. Create your site icon and save it as favicon.ico. There are lots of free programs that you can use. I have been using an old program called Easy Icon Maker. Keep in mind that you don’t have to use such a program. You can use any application (MSPaint, Word, etc.) to create the icon then copy it to MSPaint program and save it as a JPG or PNG. Then convert it to .ico file using a convert utility. More on that in the Troubleshooting section.
2. Upload the favicon.ico file to the SharePoint site. I prefer to upload it to the SiteCollectionImages library so it is available to me for all the subsites.
3. Go to the SiteCollectionImages library and open the favicon.ico file.
4. Copy the path to the clipboard.
5. Open SharePoint Designer 2010.
6. Open your SharePoint site.
7. In the Site Objects section select the Master Pages folder. You will notice a default.master page and v4.master page.
8. Select the v4.master page.
9. Under Customization, click Edit File.
   
10. When prompted to check out the file, select Yes.
    
11. On the toolbar, in the Page Views section click Code.
12. Notice the line that starts with SharePoint:SPShortIcon. The path in this line determines which icon will be displayed in the browser. By default, it points to the favicon.ico file in the images library.
    <SharePoint:SPShortcutIcon runat=”server” IconUrl=”/_layouts/images/favicon.ico”/>
    
13. Change the path for the IconURL to your custom favicon.ico file. For example for my winnetusergroup.com site I would change it to http://www.winnetusergroup.com/SiteCollectionImages/favicon.ico.
14. Save the v4.master file.
15. You will prompted by a warning that once you save the file your page will not longer be based on the original site definition. Did I mention that you should always backup your site before you make any modifications to your site in SharePoint Designer 2010? If you have backed up your site, select Yes.
    
16. In the left hand pane right-click v4.master page and select Check In.
17. Select an option for the version. If you are not sure what to select, accept the default option of Check In a minor version and click OK. You will notice that the green check mark changes to a blue icon with an “i”. This means the page is no longer based on the site definition. If things get messed up you can right-click the file and select Reset to Site Definition.
18. Close SharePoint Designer.
19. You should now see your custom icon when you refresh your browser screen. When visitors add your site as Favorite they will see the custom icon in the listing. In addition, the address bar will display your custom icon instead of the default icon.
20. Here’s a sample of SeattlePro’s Web site displaying custom space needle icon in the address bar as well as the Bookmarks toolbar.
    

NOTE: If you are working with a standard HTML-based Web site (not a SharePoint site) then all you have to do is copy the favicon.ico file to the root of the Web site, e.g. wwwroot folder, and your icon will be displayed automatically. The root folder is where your home or index file is located. There is no need to edit any files.

Troubleshooting Tips

If your icon is not displaying properly, here are some troubleshooting tips.

1. Make sure that you modified the v4.master page and not the default.master page.
2. If your site is using SSL, depending on how you configured your site, you may see the custom icon when you add it to the Bookmarks toolbar in Mozilla Firefox or Favorites bar in Internet Explorer if you do not add the s after http. However, it will not display the icon in the address bar. To see the icon in the address bar you must use https in the URL when you edit the master page.
3. In Mozilla Firefox your icon will always be displayed properly. If you want to test your icon use Firefox. In Internet Explorer (all versions) it’s hit and miss. In my experience, Internet Explorer displays it only about 5% of the time. And that 5% is completely random. Do not waste too much time trying to get this to work in Internet Explorer.
4. If your site gets messed up because you modified the master page, reset it to the site definition. Just right-click the master file and select Reset to Site Definition. It will create a copy of the current master page and reset the site definition.
5. If your icon is not displayed, you may have forgotten to check in the master page. Unless the page is checked in, visitors cannot see the changes.
6. If your icon is not displayed, you may have to login to the SharePoint site. For example, if its a public site the icon may not be displayed but if you login to the site with your account the icon will show up right away.
7. If you have an existing icon and then you change the icon by uploading a new favicon.ico file you may have to clear the cache and restart the browser. Sometimes the old icon will be cached and you must restart the browser while other times your new icon will be displayed right away. A lot depends on which browser you are using and how you have configured your browser.
8. The icon has to be certain size or else it may not display at all. Check out my blog post.
9. You can’t just rename a jpg, bmp or png file to favicon.ico. You must either use a utility that allows you to save files with .ico extensions or use a tool that allows you to convert it from other formats to .ico format. There are a number of free utilities available to do the conversion. The quickest way is to use an online conversion tool like this one.
10. Although I have used GIFs (including animated GIFs) and you can also use PNG files, I would suggest you stick with ICO files because all the browsers support ICO files. The name of the file must be favicon.
11. If your custom icon is not working, make sure the size of the favicon.ico file is 16×16 pixels. Sometimes you can have a larger file, such as 64×64 pixels and you can try and convert it to ICO but in my experience the smaller size icons work the best. I often reduce it to 32×32 pixels, save it, and then convert it to ICO format. Larger file sizes tend to cause problems.
    

    ---

    Copyright ©2011 Zubair Alexander. All rights reserved.

Today I ran into something strange while editing a list item on one of my SharePoint 2010 sites. I was using Chrome version 10.0.648.204, which is the latest version available at the time of writing. What I discovered is that when I edit a list, or create a new item in the list and enter a comment in the comments box, my text is wiped as soon as I stop typing and my cursor moves back to the beginning of the box. Apparently Chrome functions on a half second rule. I can keep on entering text and as long as I don’t pause for more than half a second it keeps my text but as soon as I move my mouse and click the Save button to save the item it’s too late. All my text is wiped out.

Obviously, out of curiosity I tried to edit the same list item in Internet Explorer 8 and Firefox 4.0 and everything worked fine so I knew the issue has to do with the Chrome browser. I updated my browser to the latest version, which I mentioned above is 10.0.648.204 and then restarted the browser but encountered the exact same issue.

Upon digging further into the issue I realized that the Comments column, which is a built-in Core Documents Column at the site level, was a based on multiple lines of text and all the other columns in my task list were based on either single line of text or one of the other options. The built-in Comments column is based on plain text, rather than rich text or enhanced rich text.

I decided to create another column based on the enhanced rich text at the “List” level to see if it will behave differently. Surprisingly, the column that I created worked just fine and doesn’t wipe the text after half a second as I type. Okay, so it seems that the problem is with the built-in Comments column. Next, I wondered if my column worked because it was based on multiple lines of text rather than plain text. I created another column, this time at the “Site” level (not the List level), based on rich text and Chrome had no problem with that. Then I changed the column type to Enhanced rich text and Chrome had no problem with that either. Hmmm?? May be it has something to do with using site columns. Naah….that’s too weird to even comprehend.

Finally, I switched the column type to match with the built-in Column type, which is plain text, and bingo! Chrome started to spit out text as fast as I could type. Okay, almost as fast. I think I’ve finally nailed the problem.

The moral of the story is that Chrome doesn’t support plain text multiple lines columns in a SharePoint list. Notice I said plain text multiple lines columns. Chrome seems to be perfectly happy with plain text single line columns. In the title of this post I wondered if this is a bug. These days vendors don’t like to use the word “bug”, instead they prefer to use the word “incompatibility.” When was the last time you heard any major vendor claim that there was a bug in their software?

Perhaps this is just an incompatibility in Chrome. Call it whatever you want, the fact is Chrome doesn’t support SharePoint as Internet Explorer (IE) does. The nice thing about browser-based software, from the vendors’ perspective, is that if anything doesn’t work right you can always blame it either on the browser-compatibility or user’s settings.

I know Microsoft claims that Firefox is a “Supported” browser for SharePoint 2010 with known-limitations, which is borderline humorous. In the article Plan browser support (SharePoint Server 2010), Microsoft states that Firefox is supported and then lists 17 SharePoint limitations that makes Firefox useless for all practical purposes. The fact is that only IE (32-bit) is fully supported and works with SharePoint. Microsoft’s own IE (64-bit) browser isn’t supported either and no other browser properly works with SharePoint, which is unfortunate.

Workarounds

Here are some of the workarounds that you can try.

1. The simplest workaround for this problem is to use IE or Firefox, if you want to call it a workaround, because the other browsers do not have this issue, only Chrome does.
2. The second option is not to use the plain text type when you create, or use a built-in column that is based on multiple lines of text. For multiple line columns either use rich text, or Enhanced rich text.
3. The third option is to use columns based on single line of text, instead of multiple lines, if single line of text will work for you.
4. If you have to use multiple lines of text with rich text or Enhanced rich text then here’s what worked for me. I slowly typed the text with my left hand, making sure I am not pausing for more than half a second during the keyboard entries, while keeping my right hand on the mouse and clicked Save as soon as the last character was entered. This worked for me each time and I was able to save the item. Once I discovered what exactly the problem was, I just created another column at the site level (that’s the best practice), and added it to my list. The column type was multiple lines of text based on Enhanced rich text. Problem solved!

I know the list of issues with SharePoint compatibility in Chrome is pretty large. In this article I have only mentioned one but there are too many issues with using SharePoint in Chrome to even document. The only reason I blogged about this problem is that the workaround for this issue became a challenge for me and I got really curious as to why my text magically kept on disappearing.