| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | 31 |
| Months | ||
|---|---|---|
| Jan | Feb | Mar |
| Apr | May | Jun |
| Jul | Aug | Sep |
| Oct | Nov | Dec |
Sun, 29 Jan 2006
[09:18] Windows network connections and "net use"
I had a problem a few months ago which I have finally managed to sort out. In the end it was mind numbingly obvious and simple to fix but it had myself, and several others, well confused for some considerable time so I figured I'd note it down as an aid to my memory and hopefully someone else will find it useful. I've stuck in a reasonable amount of detail thus this post is rather long and, I daresay, rather boring if you're not interested in such things. Sorry.
PS: IPs, username/passwords, directories, etc are sanitised throughout, otherwise all commands are displayed as they exist.
The Background
We are using a software delivery product from CA called Unicenter Software Delivery (USD). It works in a similar fashion to the software deployment functionality seen in Microsoft's Systems Management Server. USD can be remotely installed if you have admin rights on the box using a utility called sdsweep and this is how we deploy it. Software can then be deployed by wrapping each piece in scripts and adding a procedure to a package group. These proceures are then run locally on the box by the Software Delivery service and error levels are used to determine the success/failure of the installation.
The Problem
I'm working on a rollout project and the the installation of USD is a pre-requisite, providing a means of installing the software we actually want to install. The normal installation procedure is:
- Install USD
- Install other software
The failure was caused by a net use command. This is the offending command:
net use * \\x.x.x.100\BuildDir$ /user:x.x.x.100\RemoteUser RemoteUsersPasswordand when it ran this is what happened:
C:\>net use * \\x.x.x.100\BuildDir$ /user:x.x.x.100\RemoteUser RemoteUsersPassword System error 1219 has occurred. The credentials supplied conflict with an existing set of credentials.For some reason this error has its own MS knowledgebase entry. It's pretty obvious what to do to fix the problem: disconnect from the share you're already connected to and try again. It was at this point that my ignorance let me down. I logged on and looked for already mapped drives:
C:>net use New connections will be remembered. There are no entries in the list.Hmmm, that's odd. No connections. I went and had a look at the open sessions on the server (the .100 machine). There was a connection and it was with the "wrong" user ID. Problem solved I figured, "I'm not sure why that connection is there but if I get rid of it we're OK". So, I tried closing the session and running the install again but it failed with the same error. I checked the open sessions again and the session that I had terminated was back! I knew it was the old/original session because it had a different user ID to the one used by the install scripts. I went back to the box we were installing on and looked for connections. Definitely none showing up with net use but I ran netstat and:
C:\>netstat -an Active Connections Proto Local Address Foreign Address State TCP x.x.x.50:2135 x.x.x.100:445 ESTABLISHEDWhere the heck was that coming from!! Due to time constraints I had to leave it because it was an intermittent problem and only affected 5%-10% of the install base. When the error occured I broke out the mop and bucket and I cleaned it up. Recently however, this particular task has been handed over and I REALLY didn't want to have to a) admit to such shoddy work and b) explain the manual process because, even with my documentation, it's a pain in the ass. So, I took a little time and I re-visited the problem.
The Solution
I worked out that the extra connection was being left behind by the installation of the USD service. I still haven't figured out why, but for some reason, on some boxes, the install software doesn't clean up properly behind itself and leaves a connection back to the Software Delivery server. The primer installation connects using a different set of credentials to the generic software installation process, hence the error message. The reason the old connection kept getting renewed is because when you attempt to connect to a share that you already have a connection to (albeit a disconnected one) Windows attempts to renew this connection, even if it uses different credentials to the ones you supplied. I'm not sure why someone thought that this was a good idea. The reason I wasn't seeing the "renewed" connection is because of a subtle difference between what I thought net use did and what it actually does. Here's what the Microsoft help page referenced above has to say: Use net use to connect to and disconnect from a network resource, and to view your current connections to network resources.
The reason I couldn't see the connection is because it belongs to the user that the service is running as. In this case, the user is the built-in "Local System" account. Next question, how do I become that user? There is no "Local System" user so you can't use runas, and logging in as the local administrative user just gives you the local administrative users account. There are two ways that I now know:
- Use the "Task Scheduler" service to kick off a cmd process for you.
- Use psexec.
LOCAL C:\>time
The current time is: 14:12:17.00
Enter the new time:
LOCAL C:\>at 14:13 /interactive %COMSPEC%
Added a new job with job ID = 1
LOCAL C:\>at
Status ID Day Time Command Line
-------------------------------------------------------------------------------
1 Today 14:13 PM C:\WINNT\system32\cmd.exe
Then, at 14:13 a command prompt will spring into being - ON THE CONSOLE. There are two main problems with this approach. If you're using Terminal Services to connect you will NOT see this new window, it spawna on the console, not on your virutal desktop. Secondly, a lot of the time the Schedule service is disabled and it is annoying to re-enable it, do your stuff and disable it again. This method is helpful, but only if we can get to the console. Let's have a look at option two instead:
psexec is another one of the eternally useful tools to be found on the Sysinternals Freeware website. Essentially, psexec allows you to run a command on a remote machine. The handy thing is: you can specify if you'd like to use the System account with the -s flag! So:
C:>psexec \\x.x.x.50 -u DOMAIN\USERNAME -s %COMSPEC% PsExec v1.70 - Execute processes remotely Copyright (C) 2001-2006 Mark Russinovich Sysinternals - www.sysinternals.com Password: Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp. C:\WINNT\system32>net use New connections will be remembered. Status Local Remote Network ------------------------------------------------------------------------------- Disconnected \\x.x.x.100\BuildDir$ Microsoft Windows Network The command completed successfully.Ah HAH! There's that pesky durned connection. It can now be removed and the world is a safer place for innocent installations to go about their business.
The solution (for the symptoms anyway) is disgustingly simple and obvious now. I created a new procedure that was embedded in the install package that simply deletes the connection if it's there:
net use \\x.x.x.100\BuildDir$ /deleteIf the connection is there, it is removed. If it isn't, no problem, the delete command just does nothing. This obviously doesn't stop the problem occuring in the first place but, as I have no test equipment (and no time to test anyway) this is the best solution I've got for now.
It was interesting looking at how services run and interact with the system and I'm thinking I should really look at doing an MCSE just so I know what is out there and available to play with, especially since all of this is about to change again with the way Windows 2003 deals with local system service accounts.
category: /life | permalink | Comments suspended due to spamwhores
Fri, 27 Jan 2006
[08:59] I Name You Shona Of The Gainfully Employed
Congratulations to Shona for her triumphant return to world of IT Support. After an interview earlier this week she was offered a position with Attenda as a *nix Level 2 Support technician! Goodbye call centers!
This was no small feat for a person with no higher education paperwork (no Uni degree) and no formal industry qualifications. Pieces of paper mean EVERYTHING in the UK job market, so to even get an interview without them is an uphill battle. To then get through the interview and technical test without having touched a computer for 7 months proves that (despite what she says) she really CAN do this stuff :)
category: /life | permalink | Comments suspended due to spamwhores
Thu, 26 Jan 2006
[09:15] Happy Australia Day!
Well, no holiday for me this year - for some reason the English don't recognise Australia Day as a legitimate holiday. C'est la vie. I hope everyone back home had a great day!
In other exciting news: a) I'm a genius and b) I have a "new" phone.
- According to this here Intelligence Test I am a certifiable genius. I'm not sure how reliable that actually is so I'm not going to add it to my resume just yet! For those of you who'd like to compare geniusnesness I've managed to nut out 21 of the 33 questions over a 24 hour period (that's 24 hours since discovery and posting that also included sleeping and working - I haven't dedicated my life to it or anything).
- I've been given a new phone! Someone at work felt sorry for me (and got sick of the ear piercing ring tome) and donated it. He goes through at least 4 phones a year so he has plenty of spares!
The details: it's acutally an old phone, a Sony T610. If you've been paying attention you'll know that this is the same model as the one I lost - my favourite phone ever! I am VERY happy to have put the detestable Samsung A300 to bed!
The menu system has beenmauledcustomised for the Orange phone network over here (in a similar fashion to the way Vodafone "value added" to my one back home) but now that I've got no money (or warranty) invested in the thing, I'm going to have a go at upgrading the firmware and see if I can get back to a vanilla install. I just have to work out how...
category: /life | permalink | Comments suspended due to spamwhores
Tue, 24 Jan 2006
[08:14] Prepare for hardcore home-knit envy
As promised, here I am in my nice new jumper:
In case you're wondering, I call that look "Turgid Magenta" and yes, it is patented.
category: /life | permalink | Comments suspended due to spamwhores
Sun, 22 Jan 2006
[10:21] We return you to your regularly scheduled broadcast
Well, I think (hope) that I've just had the most stressful two weeks of my life. I had some pretty long, hard days back on the ole CCF project but that was truly nothing compared to the mental and emotional wringer I've just been through.
Banking experience is highly prized in the job market over here, mostly, I think, because it proves that the person in question has worked in an environment where teensy little mistakes can cost thousands of pounds a minute and survived. Unfortunately, I can't comment on why I've had such a godawful time of it because it would involve providing details of my current job and environment that I'm not keen on providing in this day and age of vindictive sacking of blogging types.
So, it's going to have to suffice to say that I think I'm out the other side of "it", credibility intact and technologically victorious :)
There's not a lot of news because I've been pulling 10-12 hour days every single day of January since my last post with the exception of Sunday the 8th. The news in brief is:
- I got a cool jumper knitted for me by Shona. It's her first completed big project. She warmed up on a couple of baby jumpers that she gave to someone at work. I've got a picture that I'll upload shortly. It fits perfectly - there was a slight head/neckhole issue but that's been resovled peacfully.
- I went to a funeral. This was one of the more bizarre events of the month. My grand-uncle Felix died on Sunday the 8th and as he was Jewish, the funeral was mere days later.
I'd never met, or even heard of Felix but as the sole living relation in the country, I went along.
After a hectic morning I nearly missed the train but I managed to make my way out to a nice little place called Rainham in time. I learned a lot about jewish death rites that day too. I was the only relative but the Jewish Refugees Association had arranged to gather an minyan. There was a brief ceremony, we rolled the coffin out, lowered it into the hole and then filled the hole in before returning to the hall where I said the kaddish (with a LOT of assistance from one of Felixs friends).
category: /life | permalink | Comments suspended due to spamwhores
Tue, 03 Jan 2006
[14:46] ...which is when my head exploded Officer
Man, what a day. I love the holiday season. Not because I go on holiday, but because everyone else does. Today was the first day that most everyone was back on board at work and the fragile peace of the last two weeks was brutally and incontrovertibly shattered. I also noticed that the cough that I'd been carrying and finally lost last week came back today, I don't know if that's something to do with the air-con or if I'm allergic to people or what.
Apart from getting all kinds of crazy e-mails and phone calls, today was also the day when a lot of the jobs that I wrapped up and distributed over the last several months (because they weren't "my" job, that's why) all came back and landed in my lap. No-one told me we were playing pass-the-damn-parcel and I think it's a little unfair that ALL of the packages came back with just one layer of paper left :)
On the bright side, I got bites on two lines, both baited with reasonably significant job possibilites, hmmm, with that analogy perhaps I should be biting on their line, or maybe I'm the bait and the jobs are the fish....OK so I got that a bit backwards and it didn't really work out - lets all smile and skim over that, move along, nothing to see here.
Anyway, both jobs are infinitely more funarific (I suspect) but are probably going to pay less because they're not contracting but there's only so much Excel one man can do in a day and I'm pretty sure I'm ODing right now. I'm freaking out now because I'm going to have to do interviews and neither of the jobs are in a field that I've worked in for at least the last six months. I'm hoping that I'm not going to be asked any mind-numbingly precise technical questions because the potential question field is, for all intents and purposes, infinite which means I need an infinte period of time to study, which I don't have.
Either way, the next few weeks are going to be an interesting and educational experience and I'll get to see if my year (well six months) in the wilderness has garnered any useful new skills!
category: /life | permalink | Comments suspended due to spamwhores
Mon, 02 Jan 2006
[12:35] A Dancing Bear - Rating: 4/5
A Dancing Bear is the debut book of one Mark Osher. Sadly it seems that it could be his last as, due to repeated rejections from publishers, he has taken the somewhat drastic measure of disappearing!
I finished it this afternoon after spending about 15 hours over the last four days dedicated to devouring it - the only thing that stopped me reading it any faster is the fact that it is online and it's hard to curl up in bed with the internet.
The story is set in Australia and centers on a portion of the life and times of Fenton Brand, a university student whose life gets a little "complicated". Every theme you could ask for is contained within: unrequited love, revolution and radicalism, sex, political correctness, poetry, blundering ineptitude, serial-killers and terrorists and it is unrelentingly funny from Chapter 1.
If comparisions had to be made, the closest literary allusions I could make would be to Tom Sharpe. A Dancing Bear, like the work of Mr Sharpe, does come with a bit of a language warning but it's all part of the vernacular of the people at the core of the story.
The only reason I haven't given A Dancing Bear five out of five is because I'm hanging on to the slender hope that Mark shall re-appear and produce another, even better, book.
category: /reviews | permalink | Comments suspended due to spamwhores
Sun, 01 Jan 2006
[14:09] Happy New Year!
 |
 |
This year the complete arbitrariness of celebrating New Years really hit me. I've been in a non-Europen country for New Years before (we were in Alexandria, Egypt for the Millenium Milarkey) but that failed to really make any impact despite the fact that (due to them being on a completely different calendar) no-one in the city seemed to even notice that it was a "special" night!
This year, as I sat at work looking at a webpage with all of the timezones in which my friends and I are scattered across (London, Australia and various portions of the US) I realised that it's mostly just an excuse for a party (well, duh). None of it even really makes sense to me; How can Australia celebrate New Years (ie 00:00:00 01/01/2006) when time is measured from Greenwich, here in the UK (he said displaying a grotesquely deficient and malformed knowledge of how timezones function)???
Anyway, What did we do to celebrate New Years? Well, we ended up walking down the end of the road to Lambeth Bridge to watch the fireworks spin of the giant catherine wheel that the London Eye was modified into. Despite the drizzle, it was a pretty good hour or so. Whilst we waited for the fireworks we did a bit of crowd spotting.
Amongst the throbbing crowd was a REALLY pissed bloke who put on a special one-act play for us that I found enourmously amusing (WARNING: Distasteful, but amusing none the less, story coming up):
The gentleman staggered into view, leant casually on the wall and vomited most prodigiously for about five minutes onto the pavement and his boots. OK not obviously funny but I found it somewhat odd that he chose to bespatter his boots and the causeway whilst standing RIGHT NEXT TO THE RIVER! He was leaning on the wall that separated him FROM THE RIVER. It then got even MORE humorous when his wife rocked up, video camera in hand and small son in tow. She seemed to be under the impression that all was well and was merrilly videoing right up until he let rip with another serve of hearty irish stew, at which point she killed the camera...and their son decided to check out what daddy had had for dinner. Hahahahaha. Also there were fireworks.
category: /life | permalink | Comments suspended due to spamwhores