Posts

Follow-up to yesterday’s Musing

Posted on by Geoff / 0 Comment

This morning, my colleague shared the following news story:

KRXQ Sacramento Radio Hosts Encourage Violence Against Transgender Children

[…] The hosts, Rob Williams and Arnie States, devoted the segment in question to a vicious diatribe against transgender children, some as young as five, focusing in particular on the case of one Omaha family raising a gender dysphoric child, and their decision to support her transition from male to female.

No compassion. No humility. No sense of responsibility. Taking pleasure in the misfortune or suffering of others… I think that these guys have a constitutional right to espouse their intolerance. Do they have a right to encourage people to beat children?

I do take with Michael Rowe’s closing remarks:

But if anyone ever called my godson a "sick little freak," or a "nut," or a "freak of nature," or beat him with a shoe for being himself, I could not, and would not, be held accountable for my reaction, or my inevitable response.

I wouldn’t hesitate to respond or intervene. But that wouldn’t absolve me of responsibility. I’m always responsible for my actions and choices.

When someone’s little boy is beaten senseless because the attacker heard the show, will the hosts sack-up and accept some responsibility for the crime?

What does it take to penetrate the intolerant cultural crust to touch the caring and compassionate part of these men? Would they be more empathetic if someone they truly love struggled with gender role issues? I don’t wish this upon their children, but if they have sons and one of their sons was queer-bashed, would they tell their kid that they shouldn’t have acted so gay?

/sigh

What responsibility do I have as a citizen, a man, a father, a queer to respond?

As Marlin said to Dory, “Good feeling’s gone.”

Posts

Thanks, jesse Liberty

Posted on by Geoff / 0 Comment

I’ve been skimming books on C# as I prepare to learn a new language.  As I was starting to read O’Reilly’s Programming C# 3.0, 5th Edition, I saw author Jesse Liberty’s dedication:

This book is dedicated to those who come out, loud, and in your face and in the most inappropriate places. We will look back at this time and shake our heads in wonder. In 49 states, same-sex couples are denied the right to marry, though incarcerated felons are not. In 36 states, you can legally be denied housing just for being queer. In more than half the states, there is no law protecting LGBT children from harassment in school, and the suicide rate among queer teens is 400 percent higher than among straight kids. And, we are still kicking gay heroes out of the military despite the fact that the Israelis and our own NSA, CIA, and FBI are all successfully integrated. So, yes, this dedication is to those of us who are out, full-time.

The marriage rights established in Vermont and Maine, and soon I hope in New Hampshire, are very encouraging. As I live my life in the progressive bubble of Chittenden County, Vermont, it’s easy to think that things are getting better. At the same time, young people are killing themselves because of anti-gay harassment, even in states with anti-discrimination laws.

Well, it was quite a nice surprise to see a technical book with a pro-queer political message. Thanks, Jesse.

—Geoff, out since February 14th, 1990

worklog

Monday – June 1

Posted on by Geoff / 0 Comment

It’s June! Cold and rainy?! Gah!!

On the list for today:

  • AD Domain Services on Server 2008 and Operations Manager 2007

Operations Manager – verifying current version

Post regarding installing hotfixes on the Management Server using SetupUpdateOM.exe. Never heard of it before. Doesn’t exist on my system. Perhaps it’s part of OPs Mgr 2007 R2?

I decided that the KB956184 patch looked the most promising. Because the installation involved manual replacement of msi files in the AgentManagement folder on the Root Management Server, I could back-out the changes if things went South.

After renaming the original 64-bit OOMADs.msi files and replacing them (AMD64 and IA64 versions) with the ones from the hotfix. Then I used the OpsMgr console to uninstall the agent from my four Windows server 2008 AMD64 domain controllers, one at a time. For each I verified that the new AD MP Helper Object was installed, checking appwiz and Program Files\Common. Then I checked the Operations Manager Event Log. This time, there were no errors running the DSDiscovery script. Health explorer on each DC is now clean. Yes!!!

The only lingering issue is the presence of five errors in the event logs on each DC, complaining about the inability to locate Performance Counters for DirectoryServices: “DS Search sub-operations/sec”, “LDAP Client Sessions”, “LDAP Searches/sec”, “LDAP UDP operations/sec”, and “LDAP Writes/sec”. I verified that I could see these counters within Performance Monitor on the DC. This thread in the OpsMgr Management Pack newsgroup seems germane, though the Live login isn’t working for me at the moment.

Managed to chime in on that thread. We’ll see if anything useful comes of it.

worklog

Opsmgr Friday

Posted on by Geoff / 0 Comment

Having successfully deployed some agents to some recalcitrant hosts, I’m now trying to address a false positive issue on a DC. I’m getting an error regarding “AD Op Master Respone [sic] Monitor”. The host has a recurring error:

AD Op Master Response : The script ‘AD Op Master Response’ failed to create object ‘McActiveDir.ActiveDirectory’.  This is an unexpected error.
The error returned was: ‘ActiveX component can’t create object’ (0x1AD)

This led me to a blog post suggesting that the AD Helper Object needed to be installed. So I look in the OpsMgr host’s AgentManagement location and find the msi. When I tried to install that msi package, I received an error that the “this installation package is not supported by this processor type.” The host is running AMD64 Windows, and the file came from the AMD64 part of the AgentManagement tree.

I checked the list of installed apps on another x64 DC, and saw that the “System CenterManagement Pack Helper Objects” item had been installed. So I tried repairing the agent install from within Ops Manager. Error persists.

Checking the hotfixes required to make Ops Manager agent work on Server 2008, and they are missing. Stay tuned…

UPDATE:

Applied the hotfixes and still no love. I did dig into the eventlog, and saw that it appear the ADDiscover script failed in some way. I tried running the script manually (using the arguments from the eventlog entry), but it still failed. I fell back to google and found the following promising KB article: Alerts are issued from the MOM Active Directory Management Pack after you install an Operations Manager 2007 SP1 agent over a MOM 2005 agent on a domain controller that is running a 64-bit version of Windows.

Now this KB article describes a set of circumstances that don’t match my situation. I didn’t install MOM 2005 agent and then the OpsMgr 2007 agent on the same host. This system was built from the ground up with server 2008 x64 and Operations Manager 2007 was deployed here way before server 2008. However, the constellation of symptoms and architecture issues make it sound interesting.

Just found Kevin Holman’s blog and his list of hotfixes. I must go read about these and OpsMgr SP2 before doing anything drastic. Nothing like breaking the server late on a Friday…

worklog

Wins and SCOM

Posted on by Geoff / 0 Comment

Spent much of today wrangling with System Center Operations Manager and my new backup WINS server. There’s a list of hotfixes that are pre-requisites for running OpsManager, including the agent, on Server 2008. One of the prereq’s requires .NET framework, so I’m ignoring that one (KB954049). My primary WINS server, also Server Core, has the OpsMgr Agent deployed just fine. I’ll figure it out, but my forehead is sore from bang on the brick wall.

Also noticed an occasional WINS EventID 4224, which represents a WINS db error which “This may or may not be a serious error.” I dug deeper, following the steps in KB168595 to take the two’s complement of the error value reported in the event to find the Jet Database error. The article links to a list or errors for the JetPack utility (not the Jet DB header file—I’m not downloading an SDK for this), the error cited in the example corresponds with the error code listed here. So my error code means “JetInit already called.” These codes also align with the current Extensible Storage Engine error doc at MSDN.

Since the service is functioning fine, I’ll call this a cosmetic error for now. But I wanted to record the detective work for posterity.

Also did some network troubleshooting and dope-slapped the WDS server. And spent much time banging head on Ops manager.

Glen Elder passed away. I didn’t know him personally, but as a member of the LGBTQA community, I felt his presence. He will be missed.

Posts

Changing Boot drive with BCDBoot

Posted on by Geoff / 0 Comment

Scott Hanselman is a consistently good source of useful info and commentary. Recently, he needed to change which drive his computer used as its System drive, which is to say the drive containing the boot loader and configuration.

( N.B. For some reason, the “System Drive” contains the boot info, and the “Boot Drive” contains the operating system. Why could this not have been corrected?!)

Scott points out his options:

Approach 1: Nuclear Option. Wipe and Start Over.

Approach 2: Copy the Hidden/System Boot Manager and Boot Folder over to the C: drive and run a tool called BCDEdit to move things around in 12 short steps. 😉

This was a scary prospect for me, because from my point of view, while this was a fairly advanced operation, I just wanted to switch where the boot info comes from.

Turns out there is a new (profoundly advanced, you have been warned) command line tool called BCDBoot.

See Scott’s blog post for more info. /me wonders if one could copy the bcdboot executable to a Vista system and perform the same operation.

worklog

Tuesday – May 5

Posted on by Geoff / 0 Comment

Spurred by some recent traffic on the Windows-HiEd list, I have looked into the Windows Update process on some of our Server 2008 Core systems. The thread was specifically with regard to KB article 953631, and that some folks have found that it installs repeatedly on Server Core instances and blocks other updates.

In examining the event logs on a couple of our Server Core system, I found that the update is indeed re-installing repeatedly, but it doesn’t appear to be blocking other updates.

First, I ran the systeminfo command to display the installed updates. KB953631 was not listed. I grabbed the WUA_SearchDownloadInstall.vbs script from Microsoft (I renamed it to Get-WindowsUpdates.vbs, in keeping with the sound PowerShell naming conventions). When I ran the script, it found and downloaded two updates, the KB953631 update in question, and KB955430. I confirmed that I wanted the updates installed, and the first update installed successfully, but the second failed (my initial searches didn’t explain the 0x800f082f error code). I reproduced the same behavior on another server core instance.

I tried rebooting the host, and running the Get-WindowsUpdates.vbs script again, and this time both updates installed successfully. (yes, the KB953631 update installed again). I reproduced this success on the other host as well.

So it appears that in our environment, the KB953631 update isn’t blocking other updates. I’ll confirm this after Patch Tuesday.

At the very end of the KB article is the following:

Note for WSUS administrators
If you approve this update for deployment in a WSUS environment, be aware that after you run the update, it will not be reported as "Installed." The update itself is not installed on client computers. The update scans for missing files and replaces them as appropriate. If a computer requires a missing file, the 953631 update will be reported as "Needed.”

Also, Server Core is not mentioned specifically in the list of affected operating systems. It might be worth asking what the expected correct behavior should be in this situation.

In my investigating, I also found an article in the Scripting Center the describes a PowerShell approach to manipulating Windows Updates. This might be nice when Server 2008 R2 is availabel and .NET and PowerShell are included, or other update-wrangling tasks.

worklog

Wednesday – April 29

Posted on by Geoff / 0 Comment

Some Microsoft updates released yesterday, including Office 2007 SP2. TSGateway server Web and Terminal services didn’t restart gracefully. Investigating, I find some weird behavior from our Networker backup software. However, installing two outstanding updates and rebooting resolved the issue TS issue. Now I have two Networker issues to follow-up on: restoring .Net config files, and NDMP file restores missing ACLS.

Client with Dell Latitude d630. LiteTouch deployment created BDEDrive at S:, which conflicts with our standard drive mappings. Tried booting to Vista DVD, deleting the volume and then repairing, but that recreated the same system volume. Found a KB article that described renaming a registry key to change the drive letter that the system drive was using. Moved it to Z: and things started working normally.

Began deployment of new DC; drive cloning is s-l-o-w, and so is drive formatting.

Went on a wellness walk on Nation Walk @ Lunch Day; had a nice conversation with a friend from Health Promotion Research.

Checked-in on MSPSS issue; support engineer didn’t receive my email and data sent yesterday. Re-sent.

Some discussion of Vista software compatibility.

Added another laptop to test Wireless group policy.

Developed initial server admin group policy.

worklog

Wednesday – April 22

Posted on by Geoff / 0 Comment

I’ve been working on revising and refactoring a Perl application that I wrote about four years ago to handle our domain account provisioning. Originally, it was a monolithic application, running on ActiveState Perl. Now it needs to run on a Windows Server 2008 x64 host. I use a couple of additional modules that are available from the excellent repository at UWinnipeg that include some compiled code. Rather than run the Perl64 version, and then having to compile my own DLLs, I decided to just install the 32-bit version of Perl, and continue using the modules.

The application is feature-complete, I believe, and is ready to be tried in production. When I attempted to run it under a service account, though, I encountered an error that I hadn’t received running it under my working account. I could repro the error with a simple one-liner:

C:\Perl\bin>perl -MNet::SSLeay
Can’t load ‘C:/Perl/site/lib/auto/Net/SSLeay/SSLeay.dll’ for module Net::SSLeay:
load_file:Access is denied at C:/Perl/lib/DynaLoader.pm line 202.
at – line 0
Compilation failed in require.
BEGIN failed–compilation aborted.

I checked my PATH, and verified rights to the file indicated. Things were in order and I was stumped. Some google searches turned up advice to check my PATH variable and confirm permissions. OK.

I used Process Monitor from SysInternals and filtered on the perl command line. Toward the end I found a couple lines indicating ACCESS DENIED to C:\Perl\bin\libeay32.dll.

procmon-perl-libeay32

Now this is not the file that was mentioned in the error, but I checked this one, and the SSLeay.dll that was there, too, and wouldn’t you know? They had different ACLs than the rest of the files. Perhaps the ppm installer didn’t assign the rights when it installed them? Whatever. I granted the service account appropriate access and that fixed the problem.

Huzzah!