I Came to Drop Bombs

Just fixed a problem that had been (unbeknownst to me) plaguing this place for who knows how long.

After rebooting a domain controller, the SQL servers would start throwing logon errors until it came back up.  Most of the errors were from IIS that use windows auth, a few errors even came from the app servers.  What made it especially tricky was that it really looked like a kerberos problem.  Depending on what machine you were looking at, you’d get an error like

Login failed for user ”. The user is not associated with a trusted SQL Server connection.

or maybe

Logon Failure:
Reason: An error occurred during logon
… it’d go on to tell you what was wrong with Kerberos

and one

The Kerberos subsystem encountered a PAC verification failure

I saw a few

The failure code from authentication protocol Kerberos was The specified user does not exist

Long story short – I looked and poked and Googled… I couldn’t seem to find anyone that had reported this problem before (and I’m usually pretty good at putting together search terms that get me what I want) until I finally found a KB article that fit my hunch of what was happening.  I don’t think I saw the “NO_SUCH_USER” code in any of the logs I looked through (maybe that’s what you get if you’re using NTLM?) but the rest of it sure sounded good.  I tried the work-around on the domain controllers first – stopping the netlogon service before rebooting – and didn’t get a single error.

I deserve a raise. 😀

‘Splain This

I’m adding a Windows 2008 RC2 (x64… if it matters) to an existing 2003 domain.  Join the domain, everything’s happy, run all my forestprep & domainprep goodness… but dcpromo kept shitting itself with:

“Failed to examine the active directory forest.  The error was: The operation cannot continue because the LDAP connect/bind operation failed: error: 58”

The only thing I could find was this page which suggested the local admin account password had to be the same as the forest root domain password.  Before I went through all the account renaming and hunting down the password (all your admin accounts get renamed, right?  And no one really has that password?) I decided to just disable the local admin account on the 2008 server first.  It worked.  “WTF?O” indeed.

Blockbuster vs Netflix

So I’m doing this again.

I’ve been a Blockbuster Online member pretty much since they launched… late 2004 I think.  I tried Netflix at the same time – they both offered free two week trials.  I started with Blockbuster because they gave me 2 coupons a month that I could use in the store for movies or games.  I’ve stayed with them because of that and the in-store exchanges of movie.  I rarely use either of those features of the plan, but when I do I’m really glad I have that ability.  I don’t think new customers can even get the coupons anymore (or if they do, they aren’t good for games) but if they ever take it away from me, I will switch to Netflix in a heartbeat.

Netflix mailed me a ‘Hey, come back, try us again!” flyer a few weeks ago.  Right about the same time they announced that they could stream your ‘Watch Instantly” queue to a PS3.  I called to ask if I could get a streaming disc for my trial (you need to have their disc in the PS3 for all this to work) and they said no problem.  I signed back up, and they actually still had all my account info from from back when.

So far their shipping speeds are faster than Blockbuster.  It’ll be interesting to see what their turn-around times are.  One of my complaints about Blockbuster lately has been how long it takes them to ship one after the get one back from you.  One time it was almost 5 days – they had all 3 that I sent back and had yet to send another out.  Every time I asked about, they’d blame it on some system bug and send me a coupon for a free rental or something.  I think last time they actually just sent me a ‘rental bonus’ – so basically I had 4 out at a time, the bonus one didn’t count against my plan.  That’s better I guess.  I don’t like going to the store, I like things just showing up in the mail :D  Blockbuster is also horrible at having enough Blu-Ray stock.  This is not an exaggeration:  The first 12 titles in my queue right now are on some kind of wait.  Two “Long Wait”, two “Very Long”, the rest are “Short”.  I have 7 titles in my Netflix queue, including the 4 that are Long/Very Long from Blockbuster, and they’re all available now. Netflix’s site is faster, cleaner, and I think more personalized.

We’ll see what happens.  Their plans are about the same price once you factor in Netflix’s extra charge for Blu-ray access (which I think is stupid) so it’s going to come down to store vs. streaming.  I really want to love Netflix – if they started letting me get games in the mail too, I’d instantly be theirs.  Or course, as soon as they do that, Blockbuster probably buys Gamefly and competes.