Tuesday, November 16, 2010

I’m typing in the correct password but SQL says login failed!

Did you notice that every task in Windows 2008 requires more clicks than Windows 2003? If you try to start the SQL Management Studio in Windows 2008, you’ll get the following error message.

Cannot connect to MYSQLSERVER\MYSQLINSTANCE. Additional information: Login failed for user ‘MyAdminAccount’. (Microsoft SQL Server, Error: 1846)

image

The extended error message is

TITLE: Connect to Server
------------------------------
Cannot connect to MYSQLSERVER\SQL001.
------------------------------
ADDITIONAL INFORMATION:
Login failed for user 'MYSQLSERVER\sqladmin'. (Microsoft SQL Server, Error: 18456)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476
------------------------------
BUTTONS:
OK
------------------------------

Cause: The cause is that you didn’t click enough! In Windows 2008, you have to use Run as administrator to launch the SQL Server Management Studio. What a deceptive error message!

Database owner privileges error during vCenter Update Manager install

Another vCenter Update Manager install problem!

The DB user entered does not have the required permissions needed to install and configure VMware Update Manager with the selected DB. Please correct the following error(s) : The database user “ does not have db_owner privilege on the MSDB database.

image

Cause: You’ll encounter this problem if you are using a service account to install VUM. To solve this, temporarily give the service account the sysadmin server role. To do this, perform the following tasks.

  1. Open the Microsoft SQL Server Management Studio
  2. In the Object Explorer, navigate to Security > Logins
  3. Right-click on the user you’re using to install VUM then click Properties.
  4. Click Server Roles
  5. Select sysadmin then click OK.

image

Once you’ve installed VUM, you can remove the the sysadmin role from the service account.

Bits of ODBC advice for vCenter Update Manager

VMware vCenter Update Manager is a 32-bit application. If you install VUM on a 64-bit OS (ie. Windows Server 2008 R2) you’ll need to use the 32-bit ODBC Data Source Administrator tool to create the database connection. If you use the 64-bit tool, you will receive the following error message.

The DSN, ‘VUM’ does not exist or is not a 32 bit system DSN. Update Manager requires a 32 bit system DSN.
(where VUM is the name of your ODBC connection)

The DSN, 'VUM' does not exist or is not a 32 bit system DSN. Update Manager requires a 32 bit system DSN.

Cause: Using the ODBC tool in the Control Panel will create a 64-bit DSN. You need to use the 32-bit ODBC tool which is located at C:\Windows\SysWOW64\odbcad32.exe. Do NOT use the odbcad32.exe located in the C:\Windows\System32 folder. While it has the same file name, they are two different files.

Links
Creating a 32bit DSN on a 64bit Windows machine, VMware Knowledge Base

Database problems with the vSphere Update Manager Download Service (UMDS)

While running the vmware-umds.exe tool, you might encounter this error message.

INFO -  [440] SQL execution failed: select id from VCI_SEQUENCE where name = ?
INFO -  [441] Bind parameters:
INFO -  [446] datatype: 11 size: 30
ERROR – [main, 565] “ODBC error: (42S02) – [Microsoft][SQL Server Native Client 10.0][SQL Server]Invalid object name ‘VCI_SEQUENCE’.” is returned when executing SQL statement “select id from VCI_SEQUENCE where name = ?”

INFO -  [440] SQL execution failed: select id from VCI_SEQUENCE where name = ?

Cause: The default database for the user has not been set to the UMDS database. To change the default database, perform the following tasks.

  1. Open the Microsoft SQL Server Management Studio
  2. In the Object Explorer, navigate to Security > Logins
  3. Right-click on the account you’re using to perform UMDS downloads/your UMDS service account then click Properties
  4. Change the Default database to your UMDS database then click OK.
  5. Screenshot of Login Properties in Microsoft SQL Server 2008 Management Studio

Thursday, November 4, 2010

Unzipping ISOs with WinZip? Bad Idea! Microsoft Expression Studio Setup error


One of my new year goals has been to learn a new programming language. Having been on the infrastructure side of IT, I haven’t had to program on a daily basis since university. I downloaded the Microsoft Visual Studio 2010 and Expression Studio 4 to get back in the programming groove, but nothing in IT is that simple! Upon trying to install ES, I received the following error message:

"Setup encountered an error: An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework. This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous. If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch. See http://go.microsoft.com/fwlink/?LinkID=155569 for more information."

ew1

To make a long story short, it isn’t Microsoft’s fault! I had downloaded The Expression Studio ISO from MSDN and unzipped it with WinZip. Turns out there is a bug in WinZip’s support for ISO files: if you attempt to extract an ISO with WinZip, the output will become corrupted. This doesn’t just apply to Expression Web: I’ve encountered this problem unzipping SQL Server 2008 R2, ANSYS 12 and countless other products.

The solution is to either burn the ISO to CD (a waste of disc), extract the ISO using another program (such as WinRAR), or mounting the ISO as a drive using DaemonTools or PowerISO (both have freeware editions).

In the future, Microsoft should consider delivering their client software as MSI bundles or WIMs, similar to how Apple distribute software in Disk Image (DMG) format. This way, they control the package distribution end-to-end without need for third party extraction tools.

Links
Problems installing Expression Studio 4, Microsoft Expression Forums

Tuesday, November 2, 2010

AUSkey: Australian Government’s attempt at SSO

The Australian Government’s Standard Business Reporting program is attempting to roll out single-sign (SSO) on across all Federal government departments and some state government departments.

You know that problem of having too many different usernames and passwords to remember? Single sign-on is the solution to that. The concept behind SSO is that a user should only have one credential to access multiple services from the same entity. AUSkey is the Australian Government’s attempt at SSO.

Using an AUSkey is simple enough. When a user attempts to access a participating government e-service (i.e. the ATO Business Portal), they are prompted to select an AUSkey (digital certificate).

auskey

After selecting a digital certificate, you are prompted for a password.

auskey1

After entering the password and clicking continue, the user is directed to the resource on the participating site.

For reasons unknown, SBR have chosen to use a Java applet to provide the authentication dialog. This Java applet must be installed on each device used to access AUSkey-authenticated systems.

Because an AUSkey might not always have the ability to install the AUSkey client (i.e. corporate environments), there is a ‘install to a USB’ capability. This installs a standalone/portable Firefox browser to a USB drive and preinstalls the AUSkey certificate (the AUSkey browser.exe file is visible but the AUSkey and AUSkey software for USB folders are hidden).

auskey2

The Firefox browser is ATO branded and returns the user string
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (AUSkey Mobile Access)

auskey3

My observations so far:

  • The sign-up process is overly complex. True to government form, there are too many unintuitive forms to fill out. People are familiar with the sign up/e-mail confirmation/login concept. AUSkey needs to be as easy to use as Microsoft Windows Live ID for for people to be enthusiastic about it.
  • The AUSkey installer is just as convoluted. The Nullsoft MSI installer crashed upon first run, and appeared to stall repeatedly during the installation.
  • AUSkeys aren’t portable. For an unknown reason, my desktop browser could not find the certificate installed on my USB key. I had to signup for an additional AUSkey.
  • You should be able to use AUSkey without an installer. AUSkey uses Java-based browser plug-ins for the certificate selection. There are methods of requesting client certificates that don’t require Java applets. This is especially important since Microsoft doesn’t include it with Windows 7. and Apple is unlikely to bundle Java with their next MacOS release.
  • Lack of browser support. The AUSkey software does not support Google Chrome or Internet Explorer 9 beta (yes, I know it’s beta! But one of the reasons Microsoft release beta products is to ensure day-one compatibility when the RTM version is released)
  • Lack of multiplatform support. If you’re using Windows or MacOS X, you’re in luck. Linux, iPad, iPhone, Windows Phone 7, Telstra tablet? Sorry guys. I get the feeling SBR developed the user requirements five years ago and haven’t updated them since.
  • Business users only. I’d like to use this on other government websites like Medicare Online. It’s silly that the authentication used to access my medical records is weaker than my tax records. I guess that shows who values IT more.
  • Low amount of participating sites. I thought ASIC would be a number one citizen with AUSkey. If ASIC don’t support AUSkey, I have very little hope for the Department of Fair Trading NSW.
  • The government is competing with…itself. According to the AUSkey website, “You'll no longer need different user IDs and passwords for each government agency that you have to deal with - the one AUSkey will work for all!”. According to the Australia.gov.au website, “Dealing with the Australian Government online just got easier, with a single [Australia.gov.au] account to sign on to multiple agencies”. Perhaps the government are trying a two-prong strategy: AUSkey for business and australia.gov.au ID for citizens? If so, what a waste of infrastructure!

AUSkey is promising but has a lot of progress to make. It will become a more compelling offering when more government online services support it. Until then, I’ll use it once a quarter to authenticate with the ATO for online activity statement submission.

Wednesday, October 27, 2010

How to transfer a domain from a RegistrarPDQ reseller

Recently I’ve experienced a lot of frustration with my webhost. In an attempt to move my domain and hosting away from them, I’ve had to deal with their RegistrarPDQ-rebranded domain registration system.

RegistrarPDQ is a domain registration system used by many small webhosts. Webhosts and resellers rebrand the RegistrarPDQ site with their own logo and colour scheme, but essentially they’re all the same. Unfortunately, the RegistrarPDQ site layout is unintuitive and many experienced users find it difficult to disable the reg-lock and find the EPP code: the two crucial items you need to transfer a domain to a new registrar! After a few frustrating minutes, I’ve figured out how to do it.

The first step is to disable reg-lock. Reg-lock prevents you from moving the domain to another registrar. To disable reg-lock, perform the following.

  1. Login to your account
  2. On the left-hand side, click Domain Names
    image
  3. Click You have x domain names with us.
    image
  4. Click on the domain name you want to change to another registrar.
  5. Click Set Auto-Renew/Registrar-Lock Options for Domain Names and Services
    image
  6. Uncheck the box next to Do not allow this name to be transferred to another registrar then click Save Changes
    image

The second step is to get the EPP code. The EPP code is used to verify the domain owner wants to move the domain to another registrar. To get the EPP code (also known as the Authorization Code or auth code), perform the following.

  1. On the left-hand side, click Domain Names
  2. Click You have x domain names with us.
  3. Click on the domain name you want to change to get the code for.
  4. Click Contact/WhoIs Information
    image
  5. Ensure the Registrant Contact details are correct, in particular the e-mail address (the EPP code will be e-mailed to the registrant contact so it must be correct!) If you update your e-mail address, click Save Changes.
  6. Scroll to the bottom of the page and click Email Authorization Code to Registrant.
    image
  7. Check your e-mail. The EPP should arrive quickly (it only took a minute for me)

I hope this assists you in moving to a more responsive, flexible and cheaper domain registrar (GoDaddy!)

Monday, October 4, 2010

Cannot complete the configuration of the HA agent on the host. Unable to contact a primary HA agent.

I don't like this error. It means that vCenter pushed config to ESXi, but ESXi didn't provide acknowledgement in time.

If an individual host is having a HA configuration error, simply right-click on that host and click Reconfigure for VMware HA. However, if the error is appearing on every host in your cluster, disable VMware HA on the cluster then and reenable it. Once you've done that, right-click on each host and click Reconfigure for VMware HA. There, done.

Friday, October 1, 2010

To install FIM portal, the setup needs to run under SharePoint Farm administrator account.

What is it with Microsoft and unintuitive setup error messages? When attempting to install the FIM Service and Portal component of Microsoft Forefront Identity Manager 2010, I received the following error message.

"To install FIM portal, the setup needs to run under SharePoint Farm administrator account with at least Open permission that allows users to open a Web site, list, or folder in order to access items inside that container. Please make sure you are a SharePoint Farm administrator with Open permission then click "Retry". Click "Cancel" to abort setup."

The problem? I was not in the SharePoint Site collection administrators group. To add yourself to this group, open Central Administration (Start > Administrative Tools > SharePoint 3.0 Central Administration), click Application Management, then Site collection administrators. Change the Primary Site Collection Administrator to the account used to install FIM.


Links
Installation Error while configuring FIM Service & Portal, Microsoft TechNet