Tuesday, November 16, 2010

I’m typing in the correct password but SQL says login failed!

Did you notice that every task in Windows 2008 requires more clicks than Windows 2003? If you try to start the SQL Management Studio in Windows 2008, you’ll get the following error message.

Cannot connect to MYSQLSERVER\MYSQLINSTANCE. Additional information: Login failed for user ‘MyAdminAccount’. (Microsoft SQL Server, Error: 1846)


The extended error message is

TITLE: Connect to Server
Cannot connect to MYSQLSERVER\SQL001.
Login failed for user 'MYSQLSERVER\sqladmin'. (Microsoft SQL Server, Error: 18456)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476

Cause: The cause is that you didn’t click enough! In Windows 2008, you have to use Run as administrator to launch the SQL Server Management Studio. What a deceptive error message!

Database owner privileges error during vCenter Update Manager install

Another vCenter Update Manager install problem!

The DB user entered does not have the required permissions needed to install and configure VMware Update Manager with the selected DB. Please correct the following error(s) : The database user “ does not have db_owner privilege on the MSDB database.


Cause: You’ll encounter this problem if you are using a service account to install VUM. To solve this, temporarily give the service account the sysadmin server role. To do this, perform the following tasks.

  1. Open the Microsoft SQL Server Management Studio
  2. In the Object Explorer, navigate to Security > Logins
  3. Right-click on the user you’re using to install VUM then click Properties.
  4. Click Server Roles
  5. Select sysadmin then click OK.


Once you’ve installed VUM, you can remove the the sysadmin role from the service account.

Bits of ODBC advice for vCenter Update Manager

VMware vCenter Update Manager is a 32-bit application. If you install VUM on a 64-bit OS (ie. Windows Server 2008 R2) you’ll need to use the 32-bit ODBC Data Source Administrator tool to create the database connection. If you use the 64-bit tool, you will receive the following error message.

The DSN, ‘VUM’ does not exist or is not a 32 bit system DSN. Update Manager requires a 32 bit system DSN.
(where VUM is the name of your ODBC connection)

The DSN, 'VUM' does not exist or is not a 32 bit system DSN. Update Manager requires a 32 bit system DSN.

Cause: Using the ODBC tool in the Control Panel will create a 64-bit DSN. You need to use the 32-bit ODBC tool which is located at C:\Windows\SysWOW64\odbcad32.exe. Do NOT use the odbcad32.exe located in the C:\Windows\System32 folder. While it has the same file name, they are two different files.

Creating a 32bit DSN on a 64bit Windows machine, VMware Knowledge Base

Database problems with the vSphere Update Manager Download Service (UMDS)

While running the vmware-umds.exe tool, you might encounter this error message.

INFO -  [440] SQL execution failed: select id from VCI_SEQUENCE where name = ?
INFO -  [441] Bind parameters:
INFO -  [446] datatype: 11 size: 30
ERROR – [main, 565] “ODBC error: (42S02) – [Microsoft][SQL Server Native Client 10.0][SQL Server]Invalid object name ‘VCI_SEQUENCE’.” is returned when executing SQL statement “select id from VCI_SEQUENCE where name = ?”

INFO -  [440] SQL execution failed: select id from VCI_SEQUENCE where name = ?

Cause: The default database for the user has not been set to the UMDS database. To change the default database, perform the following tasks.

  1. Open the Microsoft SQL Server Management Studio
  2. In the Object Explorer, navigate to Security > Logins
  3. Right-click on the account you’re using to perform UMDS downloads/your UMDS service account then click Properties
  4. Change the Default database to your UMDS database then click OK.
  5. Screenshot of Login Properties in Microsoft SQL Server 2008 Management Studio

Thursday, November 4, 2010

Unzipping ISOs with WinZip? Bad Idea! Microsoft Expression Studio Setup error

One of my new year goals has been to learn a new programming language. Having been on the infrastructure side of IT, I haven’t had to program on a daily basis since university. I downloaded the Microsoft Visual Studio 2010 and Expression Studio 4 to get back in the programming groove, but nothing in IT is that simple! Upon trying to install ES, I received the following error message:

"Setup encountered an error: An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework. This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous. If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch. See http://go.microsoft.com/fwlink/?LinkID=155569 for more information."


To make a long story short, it isn’t Microsoft’s fault! I had downloaded The Expression Studio ISO from MSDN and unzipped it with WinZip. Turns out there is a bug in WinZip’s support for ISO files: if you attempt to extract an ISO with WinZip, the output will become corrupted. This doesn’t just apply to Expression Web: I’ve encountered this problem unzipping SQL Server 2008 R2, ANSYS 12 and countless other products.

The solution is to either burn the ISO to CD (a waste of disc), extract the ISO using another program (such as WinRAR), or mounting the ISO as a drive using DaemonTools or PowerISO (both have freeware editions).

In the future, Microsoft should consider delivering their client software as MSI bundles or WIMs, similar to how Apple distribute software in Disk Image (DMG) format. This way, they control the package distribution end-to-end without need for third party extraction tools.

Problems installing Expression Studio 4, Microsoft Expression Forums

Tuesday, November 2, 2010

AUSkey: Australian Government’s attempt at SSO

The Australian Government’s Standard Business Reporting program is attempting to roll out single-sign (SSO) on across all Federal government departments and some state government departments.

You know that problem of having too many different usernames and passwords to remember? Single sign-on is the solution to that. The concept behind SSO is that a user should only have one credential to access multiple services from the same entity. AUSkey is the Australian Government’s attempt at SSO.

Using an AUSkey is simple enough. When a user attempts to access a participating government e-service (i.e. the ATO Business Portal), they are prompted to select an AUSkey (digital certificate).


After selecting a digital certificate, you are prompted for a password.


After entering the password and clicking continue, the user is directed to the resource on the participating site.

For reasons unknown, SBR have chosen to use a Java applet to provide the authentication dialog. This Java applet must be installed on each device used to access AUSkey-authenticated systems.

Because an AUSkey might not always have the ability to install the AUSkey client (i.e. corporate environments), there is a ‘install to a USB’ capability. This installs a standalone/portable Firefox browser to a USB drive and preinstalls the AUSkey certificate (the AUSkey browser.exe file is visible but the AUSkey and AUSkey software for USB folders are hidden).


The Firefox browser is ATO branded and returns the user string
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv: Gecko/20091102 Firefox/3.5.5 (AUSkey Mobile Access)


My observations so far:

  • The sign-up process is overly complex. True to government form, there are too many unintuitive forms to fill out. People are familiar with the sign up/e-mail confirmation/login concept. AUSkey needs to be as easy to use as Microsoft Windows Live ID for for people to be enthusiastic about it.
  • The AUSkey installer is just as convoluted. The Nullsoft MSI installer crashed upon first run, and appeared to stall repeatedly during the installation.
  • AUSkeys aren’t portable. For an unknown reason, my desktop browser could not find the certificate installed on my USB key. I had to signup for an additional AUSkey.
  • You should be able to use AUSkey without an installer. AUSkey uses Java-based browser plug-ins for the certificate selection. There are methods of requesting client certificates that don’t require Java applets. This is especially important since Microsoft doesn’t include it with Windows 7. and Apple is unlikely to bundle Java with their next MacOS release.
  • Lack of browser support. The AUSkey software does not support Google Chrome or Internet Explorer 9 beta (yes, I know it’s beta! But one of the reasons Microsoft release beta products is to ensure day-one compatibility when the RTM version is released)
  • Lack of multiplatform support. If you’re using Windows or MacOS X, you’re in luck. Linux, iPad, iPhone, Windows Phone 7, Telstra tablet? Sorry guys. I get the feeling SBR developed the user requirements five years ago and haven’t updated them since.
  • Business users only. I’d like to use this on other government websites like Medicare Online. It’s silly that the authentication used to access my medical records is weaker than my tax records. I guess that shows who values IT more.
  • Low amount of participating sites. I thought ASIC would be a number one citizen with AUSkey. If ASIC don’t support AUSkey, I have very little hope for the Department of Fair Trading NSW.
  • The government is competing with…itself. According to the AUSkey website, “You'll no longer need different user IDs and passwords for each government agency that you have to deal with - the one AUSkey will work for all!”. According to the Australia.gov.au website, “Dealing with the Australian Government online just got easier, with a single [Australia.gov.au] account to sign on to multiple agencies”. Perhaps the government are trying a two-prong strategy: AUSkey for business and australia.gov.au ID for citizens? If so, what a waste of infrastructure!

AUSkey is promising but has a lot of progress to make. It will become a more compelling offering when more government online services support it. Until then, I’ll use it once a quarter to authenticate with the ATO for online activity statement submission.