Error 0x80005000 using LDAP in VBScript

Logon Error

While rolling out a new logon script, I started getting reports of an error message like this one showing up. Error 0x80005000 with a source of (null) isn’t particularly helpful.  The particular section of code referenced in the error dealt with pulling a user’s group membership from LDAP, and mapping drives accordingly.

After stepping through the script, I found that it was bombing out on a group with a forward slash (/) in the name.  The / was throwing off the LDAP query, since it is a reserved separator character.  There are 2 fixes for this.  You can either do a substring replace, and replace ‘/’ with ‘\\/’ (yes – double backslash slash), or you can do what I did and just rename the group in ActiveDirectory to not contain a /.

RAID is not Backup – My Experience

It’s a common theme you read on many sysadmin forums – ‘RAID is not backup!’ I have always agreed with that statement, but it didn’t hit home until recently.

A little over a month ago, I was on site in Kentucky to switch some T1 lines around. When I got there, I noticed one of the drives on their server had failed. I requested a replacement drive from the corporate office. Since I was stuck on hold with the telco during the data line switchover, I ran a backup of the server. The next morning, the replacement drive had not arrived. I left instructions to just swap the drive out when it did show up, and started on my drive back up to Michigan, with the backup tape in my laptop case.

A few hours later, my phone rings. “Jim, I switched out the drive, and now everyone says all their files are missing.” I walk through a couple of checks, and come to the conclusion that this is pretty much the worst case scenario – one of the other RAID drives failed during the array rebuild, and took the entire array down. Worse yet, I have the only full backup tape, and I’m on the road almost halfway between Michigan and Kentucky. A long weekend was in store for me.

Fortunately, the server that went down was ‘only’ their file & print server, and not the Exchange server or only DC for that domain. Another plus was that the server was down over a (relatively slow) weekend, as opposed to the middle of the week. To work around some of the issues, DHCP services were moved to the primary router at the Kentucky site, and DNS was repointed to Michigan. Users could still access email and the terminal system. Corporate IT began building a new server in Michigan, so I could start restoring data as soon as I got back.

After 6 hours of restoring the tape, the replacement server was mostly back up and running, with users losing less than 12 hours of saved work, and no email. Printing was an issue on the new server, as it was loaded with newer drivers that caused problems for some of the older PCs.

Lesson learned: RAID is not backup. As drive capacities become larger, the likelyhood of having additional drives fail during the rebuild increases. To help work around this, build your RAID arrays with at least 1, preferably 2 hotspare drives for automatic failover, and configure your server to send email or text alerts when it detects hardware issues.

UNetbootin – Create Linux & Utility Bootable Flash Drives

Out of blank CDs? Is your burner giving you nothing but coasters?

With UNetbootin, you can download almost any of the common Linux distros or  various utilities such as NTPasswd or SystemRescueCD, all from within one small program, and create a bootable USB flash drive. It also works with any GRUB or isolinux based CD image.

Not only does it automatically download the distro of your choice, but it also provides version history, and builds for x86 or x64.

The Sorry State of Updates

Automatic updates suck. While it is important to keep your OS and installed software up to date, everyone wants to do it ‘their way’, which usually ends up being annoying, pointless, and time consuming. I’ll start off with a couple pet peeves of mine, and then list some examples of how they could be better handled.

First on the list – Adobe. Reader updates are annoying enough, but at least they install rather quickly. Creative Suite updates however, are a different beast. Oh look, there’s an Illustrator update. Close out of Outlook and Firefox before installing it.  Wait, what? Close Outlook and Firefox for Illustrator?

Fine, so I close out of the 2 most used programs on my system to allow the update to complete. Thankfully, Adobe provides a progress meter. But not just any progress meter, it’s a useless one. It will keep going up to about 60% and then restarting, for about 30 minutes, before it just disappears and says it is done.

Recommendation for Adobe: Make the progress meter actually display progress, and possibly an ETA for completion.

Next up – Java. Sun has made some improvement here. Java updates will now remove the previous version, so you won’t have (as many) Java folders in Program Files.

However, Java loves to stick around in other ways. Take a moment to check Task Manager for jusched.exe. That’s your Java updater running.

When there is a Java update, you get a popup that a ‘New version is available’, with buttons for ‘Download Now’ or ‘Download Later’. If you click Now, it disappears, downloads the update in the background, and then pops up again – ‘New version is ready to be installed’. During the update install process, you have to opt out of the Bing (or whatever other company) toolbar they’re pushing this time around.

That updater does something else too – It rebuilds caches of frequently used Java objects every 30 seconds or so. Watch your disk IO with it running vs. having it closed. Good luck keeping it closed. If you disable the Java Update service, it will be reenabled the next time you install an update.

Recommendation for Sun/Java: Don’t have an updater running in the background as a service (or at all), and don’t turn it back on if I disable it. When I go to a website that uses Java, do an update check, and offer the update on the first load for that day.

How could some of these issues be avoided? Microsoft already provides a way for 3rd parties to provide updates through their Windows Server Update Services product. 3rd party vendors could tie their updates into the WSUS API to push out updates, transparently and controlled via group policy.

Aliasing a Windows File Server

You’ve consolidated 2 servers down to 1 after hours. Great. Then you recreate all the file shares on the new server, and test mapping them using the new name. They work great.

Then in a sudden flash of brilliance, you update DNS and WINS to point the old server name at the new server, so that any scripts that still reference the old name won’t break. And that’s when you start getting this error on your clients:

System error 52 has occurred.
A duplicate name exists on the network.

Duplicate name? On the clients? Whats going on? You might check the server, and be surprised to not see any ‘Duplicate name exists’ errors anywhere. The error actually makes some sense when you think about it:

Client sends SMB request to OldServer > OldServer is an alias for NewServer > NewServer sends reply to request > Client receives reply from NewServer and not OldServer, and assumes that a 2nd machine is responding to the request, and throws the duplicate name error.

To fix this, Microsoft KB281308 tells us to add a new registry key on the server side,  HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters, called DisableStrictNameChecking.  Set it to be DWORD:1, then restart the server.

‘Class Not Registered’ in VS2008 on x64

Took a while to figure this one out, but in hindsight, it’s painfully obvious. I switched from XP 32-bit to Win7 64-bit last week, and just got Visual Studio loaded back up. I opened up one of my projects, hit run, and started getting COM exceptions about a class not being registered.

After a while, I finally found that the default compile options will compile for ‘Any CPU’, which will compile your project for the CPU you are on currently. You can change this by going into your project properties, Compile tab, and clicking Advanced Compile Options. Setting the Target CPU to x86 solved the problem for me.

Not all COM components will require this. It just so happened that one I was using was designed for 32-bit development environments only.

Wyoming Police Citizen’s Academy – Week 7

Week 7 covered gangs and crisis negotiation, and was the last class in the academy (the 8th week was a graduation ceremony). It was also 2 weeks ago, so this is a bit overdue. Unfortunately, no slides were handed out for either one of these topics, so I am running off memory.

Gangs are an issue in the Wyoming area. There are over 30 gangs currently active in the Wyoming area, ranging from east coast & west coast gangs, to local, independent gangs. Gangs are not tied to any one race or ethnicity, and in fact, some gangs will include members from another race in the local ‘branch’ of the gang, and then run into problems when members from larger cities arrive and aren’t used to a racially homogeneous group.

Wyoming has a crisis negotiation team, which was formed in 1992 (I think) after an incident involving a hostage situation, in which the police had to rely on a news reporter who could act as a translator (Bulgarian of all languages) to defuse the situation. The majority of the CNT’s calls however, are not hostage situations, but domestic issues or suicide threats. Contrary to what you see in movies, you will not get a chopper in 20 minutes if you demand it, and they will not trade another person for the release of a hostage. CNT works closely with TACT during an incident, and both provide input to the site commander, who eventually decides to keep negotiating, or to send in TACT.