Slashdot

Had a day from hell yesterday. Had a power failure Friday night which affected two of our four Active Directory controllers. As luck would have it, the emergency generator which is supposed to power the room at times like this failed to start too. Bottom line, two ADs went dark for an hour.

When they came up, for whatever reason, the BIOS on one of them lost its time and came up as year 2003. It was quickly noticed, fixed, and rebooted with correct time. All was well, or at least I thought.

Our four ADs are across two sites with a replication path resembling a box...

a1 <----> b1
/\ . . . . /\
| . . . . . |
\/ . . . . \/
a2 <----> b2

Site a and b are connected via a wan link and are in different AD "sites."

A few days later, it's noticed that site b isn't getting replicated data from a. Some playing around reveals that b can replicate to a but not visa-versa.

"repadmin /showreps" reveals numerous auth errors saying "logon failure target account name is incorrect."

Doing a "repadmin /syncall" throws a similar error if run on the site b machines.

Google searches on this indicate problems with machine account password, a duplicate machine name, or even dynamic dns problems. I note that if a DC at site b just accesses \\a1.domain.name\c$ it gives the same error, but not if done via \\a1\c$ or \\ipaddr\c$ so that makes me believe it's not an auth issue but a name resolution issue.

So much time is spent checking DNS, the guid version of each dns machine's name, comparing the guid on each box to see if it's identical, etc, etc...

ok, all works there, so time to think about the machine acct password. Find references and kb articles saying how to use "netdom resetpwd" where each article details the steps like purging the kerb ticket list at different places. Arrggh...

Since b can't talk to a, try resetting the password on b boxes. No go. Then try an a box, still no go. Was missing a vital step that took digging through usenet posts to find and which isn't clear from the microsoft tech docs.

Syntax for the netdom resetpwd command is:

netdom resetpwd /s:servername /userd:domainadmin /passwordd:*

... where domainadmin is a domain admin account. Well, the "servername" specified is critical to making it work. The netdom command will reset the machine account password on that box (and in the case of an AD box, its own AD records) PLUS record it into AD on the box specified by /s. We were setting that to the local AD server.

So the key to making it work was doing this on each box on site a and specifying the server as its replication partner in site b to inject a good password record there.

After that was done, credentials worked again and replication started happening again.

The steps required to do this include purging the ticket list and starting and stoping the kdc service.

Example:

net stop kdc
klist purge
netdom resetpwd /s:b1.domain.name /userd:domain\admin /passwordd:*
net start kdc

I'm hoping this gets indexed into google and helps someone else out with this problem someday.

The Lower Manhattan Development Corporation (LMDC) recently "freed the LMDC 5201" and set up a website displaying the boards of all 5,201 entries for the World Trade Center memorial.

My wife's entry is up there.

The entire 9/11 event had a very deep impact on my wife, and I believe working on this memorial helped her out a lot. She, and three of her students (she teaches architecture) worked on the model for much of last summer. It cost us a good chunk of change for their salaries, but they got some good experience out of it and seemed to enjoy it.

Anyway, I'm quite proud of the ole girl, even if she didn't win! :-)

A fun time was had by me yesterday, and very interesting too. A call went out on the SCOX investing board for someone in Delaware to head to the U.S. District Court and get a copy of SCO's motion to dismiss the Redhat suit against them, motion filed Sept 15. Beings I live and work in Wilmington DE, I stepped up to the plate and volunteered.

I had never done something like that before, so heading into the court's clerk office and figuring out what to ask for, the procedures for getting copies, examining various dockets (learned a new word!) on the case, etc, was fun.

Equal fun was getting to read it before most everyone else of course, then OCRing it and getting it posted.

I sent it to groklaw site and they posted it for commentary. I was going to post it on my own site, but it's best served from there. It's great to read the commentary on the board from various paralegals and law students. Interesting stuff!

This past weekend, I drove my motorcycle from Newark DE to Manassas VA and back using "back roads." Below is my "too much information" report (some of this is for me so I don't forget so I can do this again!).

First of all, let me say how useless AAA is for trip planning for this tipe of trip. The AAA person wanted me to use the Interestate. When I said I wanted backroads, she drew a pink line down US 1 to the Baltimore Beltway. I explained I wanted to go north of Baltimore, then around west of DC. She basically just connected dots on the map and not a good path either. And despite me saying I wanted to use the Ferry, she said "Oh, you don't want to do that," and drew me a route that went down US 15 over the Potomac.

Well, forget that, so I tried Mapquest. That took a lot of fiddling around, even with plotting various intermediate points so it too wouldn't force me down the turnpike. Mapquest will send you way out of your way to get some interstate miles in.

So I had to plot several subtrips...

• Newark to Blue Bell MD
• Blue Bell to Hickory MD
• Hickory to Hapstead
• Hampstead to Damascus
• Damascus to Martinsburg
• Martinsburg to Catharpin VA
• Catharpin VA to Manassas

Summary of my outbound routing (5 hours)
MD 273 - US 1 - MD 23 - MD 137 - MD 138 - MD 482 - MD 27 ~ MD 109 ~
... white's ferry ...
US 15 - VA 232

Summary of return trip (4 hours, 10 minutes, southern leg different)
VA 234 - US 15 - VA 7 - VA 9 - VA 287 - MD 79 - MD 180 - US 15 - MD 27 - MD 26 - MD 482 - MD 138 - MD 137 - MD 23 - US 1 - MD 273

Interesting tidbits:

• No congestion entire trip. Yippee!
• A Beautiful relaxing drive
• Three Maryland Roundabouts!
• White's Ferry - neat
• Maryland state route system is illogical and not real helpful at times

Details:

Left Newark, DE heading west on SR 273 towards Conowingo Dam. A bit of a boring road that hasn't change much in the 30 years I've been going down it except for one neat thing. Just after Rising Sun at 276 there is a new roundabout! This must have been a new installation within past year. It would be the first of three that I saw during my trip.

Joined up with US 1 and head across the (toll free) Conowingo Dam towards Hickory. At Hickory, headed west on MD 23. The next hour or so was the most difficult, navigation wise. Idea was to head west towards Westminster, then southwest on MD 27. But getting to Westminster is not easy.

Took MD 23 towards Jarrettsville. An interesting curiosity. I don't think Maryland cares much for multiplexed routes. Something I concluded on this leg of the trip and saw other examples as I went. When MD 23 hit MD 165 in Jarretsville, it should multiplex with 165 north for about a mile, then continue west from there. Dog leg or zigzag if you will. But at the T junction, instead of pointing right for MD 23, it had a "TO 23" sign with a right arrow. As I head north to Jarretsville, I saw another sign that said "Junction 23". I turned left there. On the return trip through this area however, when I hit 165 from 23, there was no corresponding "TO 23" pointing south. No signs whatsoever. Had I not known from the prior day's trip in opposite direction, I would have continue straight at that interesection.

Looking at a map later, I saw that that road that continue straight is called Jarretsville Road and continues to US 1, pretty much paralleling 23 which was south of it. At one time Jarretsville Road must have been MD 23 and that's why the discontinuous segments of MD 23 happened. They should really sign it better.

But enough of Jarettsville. Continued west on MD 23 for about 3 miles, then turned left on MD 138. Except for the first mile or so, it's a fairly narrow road, speed limits around 30 to 40. It snakes around until Hereford where I had to go north for about 1/10 mile on 45, then left on 137. Life would have been simpler had 137 and 138 been given the same route number, but that would have meant having a multiplex for 1/10 a mile on 45, so I guess we can't have that. Sigh...

Continued west on 137 until it dead ended on a road with no indication of what direction 137 took. From the map I had, it seemed like 137 continued to Hampstead, but that was not the case. There *was* a sign that said "TO MD 30" pointing left. I took that and eventually after a couple of turns that thankfully also said "to MD 30" found my second roundabout at MD 88. A 1/2 mile further was was Hanover Pike, which I went north on for about 1/2 mile, then west on MS 482 until I reached "Mexico."

At Mexico I piked up MD 27. Finally, roughest part done. I took MD 27 south to Damascus. The route from Damascus to White's Ferry isn't very straightforward. ie, not an easy set of signed routes. I branched off onto Oak Road, then Kingstead Road, Burnt Hill Road, north on MD 355 for about 1/2 mile, then west on Comus Road (under I-270) to -- Comus! The plan at that point was to turn left on MD 109, but the bridge was out, and scheduled to be reopened on 8/26. Sigh, few days too early. So I continued west and found the entrance to Sugarloaf Mountain Park. Nice.

Heading south towards MD 28, then followed MD 28 towards Beallsville, down W Hunter Road, Wasche Road, then right on White's Ferry Road.

White's Ferry had a nice queue of cars waiting for it that backed up outside their property limits. I didn't think I'd make it on to the next Ferry, but when it pulled up, there was plenty of room for everyone. A short ride across for $2.00 (m/c fare) and I was in Virginia!

White's Ferry Road dumps out onto US 15 near Leesburg. South on that around Leesburg to VA 234 about 20 miles later. A short 6 mile drive down that road and bango, soon as I go under I-66, congestion, traffic, massive civilization. First mess I was in during the entire trip, and thankfully my destination.

For my return trip, I altered the southern leg of the route somewhat. I headed north towards Leesbug on US 15, but then went west on VA 7, then branched off to VA 9. then north on VA 287 towards Brunswick MD. A nice road, and the bridge over the Potomac offered nice views.

And lo and behold, soon as you enter Brunswick, yet another roundabout! I must be back in Maryland! Coming north out of Brunswich was a fairly decent climb with speed limit 30 MPH. I saw two police officers "camping" and running radar for the poor folks coming south down the hill.

I continued north on MD 79, then east on MD 180, which must have been the old US 340 route. Over I-70 (no junction) and onto US 15 north again, but not for long. Branched off onto MD 26 and took that until MD 27, then retraced my steps back using same route I went out on.

The trip down took me just shy of 5 hours, with about 30 minutes spent waiting or riding on the White's Ferry. The return trip was 4 hours and 10 minutes, and if I had just remained on US 15 instead of the scenic ride through Brunswick, I probably could have got it down to 4 hours.

Total mileage each way was around 165-175 miles compared to 130 miles using I-95, I-495, and I-66. When using the Interstate, I can do the trip in 2.5 hours, provided there are NO traffic slowdowns. On really bad congested days, it can take over four hours. Given the choice of interstate and congestion, or a beautiful country drive, I'd go for the scenic drive unless I was in a real hurry and felt like taking a chance on the Interstate route.

Since my sister now lives in Manassas, I'll be taking more trips. The drive is longer, but far more pleasant, although I'm not sure how pleasant it will be if I am doing that run over and over! :)

Dear Microsoft,

You could go a long way to making me happy if you just standardize the hotfix install programs to use the same command line arguments. I have to run a batch of these things after an install to automatically bring a desktop up-to-date.

The way it is now, it's ridiculous. Here's some actual examples:

Msjavx86.exe /c:"javatrig.exe /exe_install /l /qq" /q:a /r:n
q307274 -u -n -z
vbs56nen /q /r:n
start /wait q318202 /q /c:"dahotfix /q /n"
start /wait vm-sfix3 /q /r:n

Why can't there be a standardize hotfix installer? Please.... If not, at least document the unattended install procedure in the kb article describing the hotfix. As it is now, I have to hunt all over to find it if one of the old methods doesn't work. Like look at that java vm update. My God, where did THAT come from?