Search This Blog

Friday, September 16, 2016

Server Unwilling to Perform - PHP/LDAPS/Active Directory

This issue is fairly common and there are plenty of articles and guides on how to debug this particular problem.

Most often the issue with this error is that either the certificates in use are not correctly setup either at the ldap.conf or within the Active Directory store.

But, I recently dealt with an issue that took me down a rabbit hole that I would never have expected.

While debugging this error from within a web app I had checked all of the common issues and everything should have been working without issue, but it was still failing with the unwilling to perform error.

The actual fault was that the RID Master FMSO role was on a un-contactable server for the domain and the domain controller that was left in the directory had ran out of the allocated SID from when the RID master was last contactable, this was causing the error when trying to create a new account.

The fix to the was fairly simple, seize the role, clean up the dead server details in sites and services and all was good.

Moral of this story, be confident in the setup, if you are sure the certificates and permissions for the user being used, run dcdiag on your target domain controller and check for errors specially around the roles and replication.

Sunday, March 25, 2012

CBR Headlights

Just finished the fun task of my first head light replacement on my Blackbird.

Something that I noticed that appears to cause some confusion online is the type of lamp it uses.

The lamp is a Phillips H7 White Halogen 12v 55w lamp, BUT, and this is the kicker, there is a converter attached to them for the prongs which is a Stanley SN911-01200 (that is the model number of the converter).

The H7 lamp is extremely common but if you made the initial mistake I did and start looking for a Stanley lamp you will quickly find out that they dont make lamps and be scratching your head :D

So In summary - the Lamp is a H7 12v 55w the converter which you just pull the lamp out of once getting it out of its housing is the Stanley SN911-01200 which really shouldnt ever need replacing unless you have serious corrosion or damage.

From my reading these lamps are used in VFR's, CBR's and Goldwings amongst others.

Wednesday, January 4, 2012

Decimal to Hex of a 64bit int on a 32bit PHP System

A small issue raised its head today and required some furious action.

Given a 32bit PHP binary not capable of running dechex() on a 64 bit decimal, how would you convert said 'string' to a hex 'string'.

Enter the cool little code snippet below.

The only requirements for this to function is core php + BCMath.

$id = '1388944919774473767';
$fred = '';
while (bcdiv($id,'16','0') != 0) {
$base = bcdiv($id,'16','0');
$re = bcmod($id,'16');
$fred .= dechex($re);
$id = $base;
$fred .= dechex($id);
echo strrev($fred);

This produced the required result over many many tests. The basis of this base conversion was pulled from here


Tuesday, August 2, 2011

Salesforce.Com - Visualforce Rerender Pain

The story is basically, I had a visualforce page that was based around a table, with multiple nested apex:outputPanel tags.

Now this was an inherited page for myself, but to cut this short, basically a button on the page should submit a ajax post, add an opportunity line item and rerender the whole table to show the new item.

Ontop of this certain cell columns in the table should be hidden based on a flag stored within salesforce.

Now, 5 days of beating my head against the issue that when you hit that button, the table didnt rerender, eventually this was the resolution.

All tags within the table should be set as layout="none" on the apex:outputPanels and around the table, having a standard block layout outputPanel and rerendering this panel solved the issue.

The reason behind this was discoved to be that a refresh of a div or span that is outside of a TD or TR tag will not rerender the content inside that tag, which makes sense consider div/span tag wrapping TD or TR's is techinally invalid HTML.

The code:

<apex:outputPanel id="Refresher">
<apex:outputPanel layout="none" rendered="{!showFlag}">
<td>This field may or may not be here</td>
<td>This field will always be here</td>
<apex:outputPanel layout="none" rendered="{!showFlag}">
<td>Optional Data</td>
<td>Required Data</td>

<apex:outputPanel layout="none" rendered="{!showFlag}">
<td><input type=text name="OptionalInput"></td>
<td><input type=text name="RequiredInput"></td>


<apex:commandbutton action="{!save}" rerender="Refresher" value="DO IT"/>

So from this code (which is by no means complete) clicking on the button will do a save action in your controller but will rerender the data in your table, including a repeat tag, but based on the value of showFlag, a whole verticle column will be hidden.

I hope this helps someone out there, cause man my head still hurts from the desk banging.

Friday, September 24, 2010

Best site ever...

It is official, I will have no free time any more, if you miss the challenge and awesomeness of some of the best games ever released check this out!

Friday, August 20, 2010

Dell Service Tags from AD and WMI

This will probably be a very niche issue but if you are in the situation where you have a stack of Dell servers within your AD structure and need to grab all their service tags here is a fairly easy solution:

This was all done on a linux server.

Run a query against your AD LDAP server (this cannot be done against the GC because the GC doesnt store information about operating system for computer accounts).

basedn = dc=my,dc=domain,dc=internal
This basically should be set to the root of your directory so to capture all machine accounts.

searchfilter = (&(sAMAccountType=805306369)(operatingSystem=*Server*))
This will find all machine accounts (sAMAccountType) and of those machine accounts only ones that are running a Server operating system, all windows server OS's have the name Server in them (2000, 2003 and 2008).

When gathering your returned values make sure that you return the attribute dnshostname so that you can connect to the machine with your wmi client later.

To query the LDAP directory you only need a Domain User account.

You can use your own choice of ldap api, personally I use php ldap interface but perl's Net::LDAP will do the trick as well, I am sure there would be a python LDAP class as well.

Next is the interesting part, WMI (which is basically a Microsofted version WBEM).  There are a couple of places to get a WMI client for linux, the more common is to use a wbem client that talks to a WMI gateway on your windows box, but to do this you would need the gateway on all machines, not very practical for this situation.

The other option is the wmi client that comes with Samba 4, but if you dont want to go through the whole Samba install Joseph Kern has published an article and gzip to do exactly that. 

One note about this post is that there is an updated gzip file with the wmic source it is located at

Once you have your wmic binary up and running you will need a domain admin account to do the query itself.

The command is:

/path/to/wmic -U DOMAIN/adminuser --password='password' //HOST.NAME "Select SerialNumber From Win32_SystemEnclosure"

This will return you a multi line output that will contain the text similar to:

CLASS: Win32_SystemEnclosure
XXXXXXX|System Enclosure 0

A bit of regex madness later /Tag(.*)\|/si and you should have you service tag from all Dell servers within your domain.

Enjoy :D