To enable the feature that is described in this article,
follow these steps.
Note To successfully apply the update, you must perform these steps on
the BizTalk RFID server as a local administrator.
- Extract the hotfix package to a local temporary folder.
Apply the update by running the Setup.exe file.
- Create a user group that is named RFID_ADMIN, and then add the users who have to perform BizTalk RFID-related
administrative operations to this group.
Note After a user is added to this group, the user has permissions to
perform all operations that are provided by BizTalk RFID. - Grant the Full Control permission to the RFID_ADMIN group
for the following directories:
- %RFIDINSTALLDIR%
- %RFIDINSTALLDIR%\bin
- %RFIDDATADIR%
- %RFIDDATADIR%\Processes
- %RFIDDATADIR%\Providers
- %RFIDDATADIR%\Logs
Note You must explicitly grant permissions to the RFID_ADMIN group for these directories. This is because the sub-directories do not
inherit permissions from their parent directories. - If you use Business Rules Engine (BRE), you must modify SQL Server to let you use the Rule Engine Policy Executor that
is included with BizTalk RFID. To do this, follow these steps:
- On the instance of SQL Server that hosts the BizTalk Rule Engine database, create a SQL Server �RFID_ADMIN� logon that uses Windows Authentication.
Note BRE does not support the rule engine database if the rule engine database is located on a remote
computer. - Add the RFID_ADMIN logon to the BizTalk Rule Engine
database. By default, the name of the database is
"BizTalkRuleEngineDb."
- Add the RFID_ADMIN logon to the RE_HOST_USERS database
role in the BizTalk Rule Engine database.
Managing RFID server from a remote computer
If you must manage the RFID server from a remote computer, you must perform the following additional steps. These steps involve several command prompt commands, the PsGetSid tool, and some string editing that you can perform in Notepad.
- Download and install the PsGetSid tool. This tool will retrieve the SID of the RFID_ADMIN group that you created earlier. To obtain the PsGetSid tool, visit the following Microsoft TechNet Web site:
- Open a Command Prompt window. At the command prompt, type the following command, and then press ENTER:
psgetsid RFID_ADMIN
This command outputs the SID of the RFID_ADMIN group. The SID is located on the last non-empty line of the output. For this example, we'll use the <SID of RFID_ADMIN> placeholder for the SID. Copy the SID into Notepad. - At the command prompt, type the following command, and then press ENTER:
sc sdshow msbiztalkrfid
This Command outputs the Security Descriptor of the BizTalk RFID service in SDDL. Copy the descriptor into Notepad. - Add permissions for the RFID_ADMIN group.
The SDDL string is typically a concatenation of a DACL and an SACL. Every ACL is a concatenation of ACEs. The SDDL string is a concatenation of these two parts in the following format: D:(<DACE_1>)(<DACE_2>)�S:(<SACE_1>)�
Note In this string, D represents the DACL, and S represents the SACL.
To add permissions for the RFID_ADMIN group, follow these steps:- Compose the DACE that you want to add for the RFID_ADMIN group. For example, the DACE string of "A;;GR;;;<SID of RFID_ADMIN>" is the DACE to grant the RFID_ADMIN group "Generic Read" access to the service.
This access is enough to query the status of the service from any computer. This process will work by connecting to the RFID Service from a remote RFID Manager. However, if you have to enable members of the RFID_ADMIN group to also start, stop, or configure the service, you must grant this group full access. To do this, use the following DACE string: A;;GA;;;<SID of RFID_ADMIN>
You can vary the string to grant different kinds of access to the RFID_ADMIN group to the BizTalk RFID service. In this example, the DACE string that you have selected is represented by using the <RFID_ADMIN_DACE> placeholder.
Note The semicolons in the DACE string are important. You should replace only the SID and Access mask parts of the string. Do not change any other parts of the string. - Add the DACL that you created in step a to the end of the list of DACLs in the SDDL string. This will prepare a new SDDL string. The new string should resemble the following:
D:(<DACE_1>)(<DACE_2>)�(<RFID_ADMIN_DACE>)S:(<SACE_1>)�
Note The parentheses around the <RFID_ADMIN_DACL> placeholder are important.
- At a command prompt, type the following command, and then press ENTER:
sc sdset msbiztalkrfid <The SDDL string prepared in step b>
This command applies the new permissions to the BizTalk RFID Service object.
Deploying RFID processes
An RFID process must be deployed before it can be started.
Note Deployment is usually a one-time process that may require special
permissions. You should deploy the RFID process as a user who has elevated
permissions. After an RFID process is deployed successfully, it can be started
and stopped by members of the RFID_ADMIN group.
To deploy a process that
uses the Out-Of-Box event-handler components that are provided with BizTalk
RFID, you must have permissions as shown in the following table:
| Event-Handler Component Name | Required
Permissions |
|---|
| SQL Server Sink | You must have "sysadmin"
permissions for the installation of SQL Server where the rfidsink database is deployed. |
| Rule Engine Policy Executor | You must have
"securityadmin" permissions for the installation of SQL Server where the BizTalk Rule Engine
database is deployed. Additionally, you must have administrator permissions on
the computer that is running BizTalk RFID. |
How to enable or disable a process deployment in RFID Manager
RFID Manager tries to deploy an RFID process every time that a user tries to start a process. Therefore, when a user who is a member of the RFID_ADMIN group tries to start a process from RFID Manager, RFID Manager first tries to deploy the RFID process. However, this deployment will fail if the user does not have appropriate permissions. Therefore, the process will not start. To work around this issue, you must change the RFIDTools.config file so that RFID Manager skips the deployment step.
The RFIDTools.config file contains a new AutoDeployProcessesOnStart flag. If this flag is set to false, the deployment step is skipped. Therefore, you can successfully start an RFID process in RFID Manager by using an account that is a member of the RFID_ADMIN group.
To do this, after you apply the hotfix, set the <AutoDeployProcessesOnStart> element under the <RFIDToolsConfig> section of the RFIDTools.config file as follows:
<AutoDeployProcessesOnStart>false</AutoDeployProcessesOnStart>
- The RFIDTools.config file is located in the %RFIDINSTALLDIR%\bin
directory.
- The <AutoDeployProcessesOnStart> flag may be
missing from RFIDTools.config file after you apply this hotfix. In this case,
RFID Manager will deploy the RFID process before the process is started.
- RFID Manager must be restarted for any changes to the
RFIDTools.config file to take effect.
Hotfix information
A
supported hotfix is available from Microsoft. However, this hotfix is intended
to correct only the problem that is described in this article. Apply this
hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download
available" section at the top of this Knowledge Base article. If this section
does not appear, submit a request to Microsoft Customer Service and Support to
obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required,
you might have to create a separate service request. The usual support costs
will apply to additional support questions and issues that do not qualify for
this specific hotfix. For a complete list of Microsoft Customer Service and
Support telephone numbers or to create a separate service request, visit the
following Microsoft Web site:
Note The "Hotfix download available" form displays the languages for
which the hotfix is available. If you do not see your language, it is because a
hotfix is not available for that language.
Prerequisites
You must have Microsoft BizTalk RFID 2006 R2 or Microsoft BizTalk Server RFID 2009 installed to apply
this hotfix.
Restart requirement
You may have to restart the computer after you apply this hotfix if
the affected files are being used during the installation.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
File information
The English version of this hotfix has the file
attributes (or later file attributes) that are listed in the following table.
The dates and times for these files are listed in Coordinated Universal Time
(UTC). When you view the file information, it is converted to local time. To
find the difference between UTC and local time, use the
Time
Zone tab in the
Date and Time item in Control
Panel.
| File name | File version | File
size | Date | Time | Platform |
|---|
| Microsoft.rfid.util.dll | 3.6.5028.0 | 87,912 | 22-Apr-2009 | 14:07 | x86 |
| Microsoft.rfid.util.dll | 3.6.5028.0 | 87,912 | 22-Apr-2009 | 14:07 | x86 |
| Rfideventmessages.dll | 3.6.5028.0 | 32,616 | 22-Apr-2009 | 14:07 | x86 |
| Rfidservices.exe | 3.6.5028.0 | 354,136 | 22-Apr-2009 | 14:07 | x86 |
| Rfidtools.dll | 3.6.5028.0 | 2,828,120 | 22-Apr-2009 | 14:07 | x86 |
Because of file dependencies, the most recent hotfix that
contains these files may also contain additional files.