Active Directory Hell

First, I must state up front that I know next-to-nothing about Active Directory and that I only think the problems I've been fighting for the last week or so are AD related. Secondly, This post is mostly a rant. I will share the workarounds I have used to address my problems, such as they are, but this post shares no great wisdom. So, if you've got better things to do with your time, you can stop here.

I moved my production desktop machine from Detroit to Virginia and nothing has been the same since.

I used to work on my Tablet out of the office and now that I think about it, I had many of these same problems. DJ, though, swears that he took his development machine to a hotel for 8 days, connected over the VPN and everything worked just as it did in the office.

I think all or most of my problems are tied to my credentials not being sent properly to the domain controller.

We're not using a standard Microsoft VPN connection. We're using the MUVPN client that came with our Watchguard SOHO box (or some more recent version.) It is my understanding that when you use the MS VPN client, you can authenticate when logging into the machine just as you would if you were on the network.

In my case, I'm logging into the machine using cached credentials. This gets me into the machine, but that's about it.

The first problem was easy to fix: machine names weren't being resolved. Added some entries to LMHOSTS and HOSTS files and I could then at least double click on the entries in "my network places" and get a response that indicated that those locations did indeed exist - I just didn't have rights to access them.

I'd get a password prompt and enter my username and password and get an error that said basically "hey, do you think I'm stupid, I already tried that user name and password. Try something else." So I did, I tried an admin user name and password and sure enough I could get into those shares. For whatever reason, our admin can see stuff, just not change it.

So, I still needed to authenticate as me but couldn't figure out how to do it. In my various searches someone asked if they could gain access by issuing a NET USE command. I tried that today and sure enough, I can now access all my shares as me.

That got me past all of my day-to-day admin problems. I can open files on the server, edit them, create new ones, yahoo!.

So, my next problem - actually the first one I discovered other than name resolution - is that I can't use MS Office Accounting 2007. I had several related problems and now I think I have just one: I can't use it. MSOA07 uses a simple text file to tell the application what files to use for a particular company.

database= filename
server=servername\instancename,5356

All these values seem to be correct.

When I launch MSOA I get prompted for a file (normally it just opens the last one used.) I select the little SBC file and I get an error:

The company could not be opened or access was denied. Please ensure that access has been granted and that the company database exists.

Well, I've Googled this six ways from Sunday and I don't have any answers. I have access to the SBC file. I can open it in Notepad, change it, save it, no problem. I cannot get past this.

I can fire up SQL Server Management Studio and query the database directly. This does seem to be a bit inconsistent depending on whether or not I'm setting the database to support connections over TCP/IP. What I've read about this is over my head, but has something to do with Kerberos and NTLM authentication and the various protocols. In any case, even when I can connect from SQL Server Management Studio, I still cannot connect from MSOA.

Then today, of all things, I discover that I cannot connect to my local SQL Server instance using an ODBC connection that worked perfectly in the office. I can access the data from Management Studio, just not through the ODBC connection I've been using for well over a year. I'd come across something about this in my various searches about using '127.0.0.1' instead of 'localhost' which wasn't quite the same as my problem, but pretty close. The post I found was specifically about an error I have seen on and off the last few days: "Cannot generate SSPI context" and this was specifically about trying to connect to a local SQL Server outside the domain. I'm not entirely sure that I was experiencing the same problem described there, but nevertheless it lead me to my solution: When reviewing my DSN settings, the "Server" had the name of my machine which had been working just fine. Not entirely understanding the issues (still don't) I tried to put in the localhost IP address and that failed as well. I noticed that one of the values was "(local)" and that failed. I then noticed that one of the pre-filled choices was '.' ( a period) and that worked. Cool. I still get a "trusted connection" prompt when I first fire up the app, but everything is good after that.

So, I'm still struggling, but I've made some progress:

1. Name resolution - solved by HOSTS/LMHOSTS entries
2. Shares - solved by issuing a NET USE with my credentials. I only have to do this for one share on one of our servers and then the rest of my shares (under the same AD structure) work just fine.
3. Office Accounting 2007 - no solution. (Other than I use RDP to connect to a machine on the network and get my work done that way. This is still a big problem because it doesn't get me past the stumbling block of having Outlook tied to MSOA which is how we do our time-billing.)
4. Connecting to local SQL server - solved by using "." instead of machine name or "localhost" or "(local)" or IP address in ODBC connection. Still get prompted for trusted connection.

My biggest remaining problem is getting OA2007 to talk to Outlook and ideally run on my machine. If the one person that has read this far knows any OA experts, I'd love to get their advice.

Full Story

Word Clouds

Cool tool for creating "Word Clouds" from any RSS feed or any text you cut and paste into the tool. http://wordle.net/

Full Story

Almost two months...

... since I've posted. Wow.

I have several posts running around in my head. It will be interesting to see what bubbles to the top first. Possibilities include:

• The Move
• Real Estate in Detroit
• Working from Home
• Rancho Mirage, CA
• Churches in Virginia
• First Look - living in Williamsburg
• Twitter
• Office Away launch - working with "a marketing guy"
• Office Away launch - shooting our first "You Tube" videos
• Office Away launch - cheap fast printing options
• Centex Homes

I'm hoping that I'll have some time soon to post something for real. The move has taken much more time and energy than I anticipated. That coupled with a fair amount of travel (for me, anyway) has left me desperate for time just to catch up. I do see a light at the end of the tunnel, and I'm pretty darn sure it isn't a train.

Full Story

Southwest Fox - reasons to go

Although I'm certain that anyone that reads this blog and has interest in VFP already knows about the fabulous Southwest Fox conference, it is possible that they might not have seen the new brochure the organizers have posted.

They crafted this brochure to help would-be attendees convince decision makers that this conference is worth attending. (If the low cost and modest hotel prices weren't enough.)

I think they've done two great things in this brochure. First, they published the GLGDW style session abstracts which tell you exactly what you'll be getting out of the session. Instead of just reading the title "Introduction to Transact SQL" and having to guess for yourself whether you're ahead of or behind the session concepts, you can see exactly what the speaker is going to discuss.

There have been many times I've attended a session at a conference because the title sounded like something that might be of interest but turned out to be some other interpretation of those words that I hadn't imagined.

The other thing they've done is to post the speakers bios, which is fairly common, but demonstrates something that should be emphasized: Many of the speakers posted contact info right in the bios.

I think the brochure should have emphasized a couple things more strongly. One is that these speakers are all very accessible. I'm certain that nearly all, if not all, of the speakers will post their contact info during the session if they didn't do it in the bio. I've often heard - even at this conference - that the speakers seem to be "clique-y" (how the hell would you spell that word if it existed?) With some rare exceptions, this is far from the truth. I once might have even shared this opinion, but found that it was my perception that was wrong, not the speakers' attitudes. The fact that they all stand around in groups laughing with each other and talking about things both professional and personal demonstrates their inclusiveness and nothing else. Each of these people started out as some sort of attendee or "outsider" and got to know the others in person or online over time.

Any attendee should feel free to approach any of the speakers throughout the conference, whether it be around sessions, social events or the bar.

The second thing that should be enhanced is the value of networking. Some employers might see networking as an opportunity for an employee to find a better job. (And this is true.) The thing that the employer needs to recognize, though, is that this network gives a developer a peer group with which to bounce things around. There are countless shops that have a single developer or perhaps a pair. If these people aren't familiar with or don't have access to local user groups or online resources, they may be living in a vacuum. A developer really needs to be exposed to other ideas and procedures. (Also an argument for the conference.) Interacting with this peer group at the conference and after the conference can yield incalculable benefits for the employer in terms of better productivity, better code, and new resources that can save time and money down the road.

Finally, it might not happen to every developer, but I'm sure that it happens at least once per conference where an attendee feels that one session "paid" for the conference. This may sound ludicrous, but it does happen.

So, if you know someone who needs help getting approval, steer them towards the brochure and tell them to emphasize the openness and accessibility of the speakers and the long-term benefits of networking.

(Oh, the brochure is a PDF! It drives me nuts that the registration form is a Word Doc for the nth year in a row.)

Full Story

CTRL-TAB

I'm sure that pretty much everyone knows you can press ALT-TAB to move between open applications in Windows. I have often found myself trying to use ALT-TAB to move between open tabs or windows within applications such as Visual Studio and Visual FoxPro.

Some time ago, I was watching a video by Beth Massi on VB.NET's refactoring tools. In the video, I noticed that they were using CTRL-TAB to move between open tabs in Visual Studio. I didn't realize you could do that and thought it was pretty cool. When you do, you get a dialog like the one below and as you continue to press TAB the selection moves down the "Active Files" list until you let go of the CTRL key, just like ALT-TAB. This has already saved me a great deal of time and aggravation.

Not surprisingly, this also works in SQL Server Management Studio.

Just today, I decided to try CTRL-TAB in VFP. Guess what, it works! It doesn't bring up any sort of dialog but it does cycle through all the open windows. I'm sure all you veterans already knew this, but I just discovered it for the first time and I'm really happy to know it is there.

Full Story

Hamsterdam

My wife had to travel to Iowa for a short trip and brought back some minor gifts for the boys. My 5 year old has wanted a pet for some time and has been particularly interested in hamsters and guinea pigs and things like that.

So my wife found a stuffed hamster and brought it back. When she gave it to him, he was very excited. After a while, he asked "Where did you go? Hamsterdam?"

Full Story

Allowance Chair

We were fortunate enough to be swimming, outside, in Michigan, in early October. We had this wonderful spell of warm weather in the earlier part of the month.

As we were enjoying the warm weather, poolside, there were various chairs available. My wife and I were both reclining in the sun when my 5 year came up to us and said he'd like an "allowance chair" too.

Full Story