RESOLUTION

Security Patch Information

Download Information

The following file is available for download from the Microsoft Download Center:

Release Date: April 30, 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Prerequisites

To install this patch you must be running Microsoft BizTalk Server 2000 Service Pack 2 (SP2) and you must be logged on as the system administrator. Microsoft recommends that you create backup copies of the .asp and .htm files that are listed in the "File Information" section of this article before you apply this patch. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

Installation Information

This patch introduces new database tables and stored procedures that are defined in BTS_Reporting_security_patch_QFE493.sql. The new stored procedures are invoked by the Submit.htm and Results.htm pages. As a result, Submit.htm and Results.htm now have dependencies on these new database objects. For the DTA user interface to function, you must first run BTS_Reporting_security_patch_QFE493.sql on the BizTalkTracking database (the default database name is interchange_DTA) to create these database objects.

1. Make backup copies of the .asp and .htm files listed in the "File Information" section of this article.
2. Run the Bts2000-815207-en.exe package to extract the files to a folder of your choosing.
3. Open SQL Query Analyzer, connect to the BizTalkTracking database server, and then change the database to the BizTalkTracking database (the default name of this database is interchange_DTA).
4. In SQL Query Analyzer, open the BTS_Reporting_security_patch_QFE493.sql file, and then run the contained SQL statements.
5. Copy the .asp and .htm files to the %BizTalkDir%\BizTalkTracking folder.

6. The script that is included in this hotfix does not include the required statements to grant execute permissions to the appropriate stored procedures. To correct this issue, paste the following script in SQL Query Analyzer and run it against your tracking database:

   if exists (select * from sysobjects where id = object_id(N'[dbo].[dta_ui_cookies]') 
       and OBJECTPROPERTY(id, N'IsUserTable') = 1) 
   drop table [dbo].[dta_ui_cookies] 
   
   if exists (select * from sysobjects where id = object_id(N'[dbo].[dta_ui_get_cookie]') 
       and OBJECTPROPERTY(id, N'IsProcedure') = 1) 
   drop procedure [dbo].[dta_ui_get_cookie] 
   
   if exists (select * from sysobjects where id = object_id(N'[dbo].[dta_ui_verify_cookie]') 
       and OBJECTPROPERTY(id, N'IsProcedure') = 1) 
   drop procedure [dbo].[dta_ui_verify_cookie] 
   GO 
   
   CREATE TABLE [dbo].[dta_ui_cookies] 
       ( nvcCookie nvarchar(40) NOT NULL, 
         dtTimeStamp datetime NOT NULL DEFAULT GetDate(), )
   GO 
   
   CREATE PROCEDURE [dbo].[dta_ui_get_cookie] 
   AS 
   SET NOCOUNT ON 
   declare @nvcCookie nvarchar(40) 
   set @nvcCookie = CAST(NEWID() as nvarchar(40)) 
   select @nvcCookie as N'Cookie' 
   insert into dta_ui_cookies (nvcCookie) values (@nvcCookie) 
   SET NOCOUNT OFF 
   return 
   GO 
   
   CREATE PROCEDURE [dbo].[dta_ui_verify_cookie] @nvcCookie nvarchar(40) 
   AS 
   SET NOCOUNT ON 
   declare @nSuccess int 
   set @nSuccess = 0 
   if exists ( select * from dta_ui_cookies where nvcCookie = @nvcCookie AND DATEDIFF(ss, dtTimeStamp, GETDATE()) <= 60 ) 
       begin 
           set @nSuccess = 1 
       end 
   select @nSuccess as 'Success' 
   delete from dta_ui_cookies where nvcCookie = @nvcCookie OR DATEDIFF(ss, dtTimeStamp, GETDATE()) > 60 
   SET NOCOUNT OFF 
   return 
   GO 
   
   GRANT EXEC ON [dbo].[dta_ui_get_cookie] TO dta_ui_role 
   GRANT EXEC ON [dbo].[dta_ui_verify_cookie] TO dta_ui_role 
   GO

7. Locate the Connection.vb file on your BizTalk Server computer and rename it to Connection.vbs. This file is located in the \Program Files\Microsoft BizTalk Server\BizTalkTracking\VBScripts\ directory of your BizTalk Server computer.
8. Use Notepad to open each of the following files in the \Program Files\Microsoft BizTalk Server\BizTalkTracking\ directory of your BizTalk Server computer and replace any references to Connection.vb with Connection.vbs:
   • BrowseQuery.htm
   • QueryBuilder.htm
   • ViewInterchangeData.asp

The Bts2000-815207-en.exe package file supports the following Setup switches:

• /? : Displays the list of installation switches.
• /t:<path> : Specifies a temporary working folder.
• /c : Extracts files only to the folder when you use /c with /t.
• /q:u : Specifies user-quiet mode. This mode presents some dialog boxes to the user.
• /q:a : Specifies administrator-quiet mode. This mode does not present any dialog boxes to the user.
• /c:<path> : Runs the command.
• /r:i : Restarts the computer automatically if it is necessary to complete installation.
• /r:s : Restarts the computer after installation without prompting the user.
• /n:v : Does not check the version. This switch installs the program over any previous version.

Deployment Information
To extract the contents of the patch without any user intervention, use the following command line:

Restart Requirement

You do not have to restart your computer after you apply this patch.

Removal Information

To remove this update, replace the files in the %BizTalkDir%\BizTalkTracking folder with the ones that you backed up before you installed the patch.

Patch Replacement Information

This patch does not replace any other hotfixes.

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The following files are installed in the %BizTalkDir%\BizTalkTracking folder unless otherwise noted.

   Date         Time   Size    File name
   ---------------------------------------------------------------------------------------------------------
   06-Mar-2003  23:27   1,431  %BizTalkDir%\BizTalkTracking\Database\Bts_reporting_security_patch_qfe493.sql
   31-Mar-2003  19:41   3,245  Interchangeworkflowstatus.asp
   31-Mar-2003  19:55   2,018  Rawcustomsearchfield.asp
   31-Mar-2003  19:55   2,276  Rawdocdata.asp
   31-Mar-2003  19:55   1,849  Rawinterchangedata.asp
   31-Mar-2003  19:56  62,313  Results.htm
   31-Mar-2003  19:56  57,746  Submit.htm