Skip to content

Don’t You Trust Me?

An old problem has caused new headaches in my office. While upgrading from Windows 7 to Windows 8 (and eventually Windows 8.1), I occasionally encountered the following error message when a user needed to reset their password on a domain-joined machine:

The security database on the server does not have a computer account for this workstation trust relationship.

You’ll find plenty of fixes for this online like this one, discussions about the issue, and even a Microsoft KB article. Unfortunately, none of the recommended solutions seemed to solve the problem, in my case. Here’s what finally did:

  1. Log on to the affected device with a local admin account.
  2. Disjoin the device from the domain and reboot.
  3. Log on, as a user with rights to add/remove computer accounts from the domain and manage user’s passwords, to a domain controller in the domain to which you want the device joined.
  4. Open the Users and Computers snap-in.
  5. Find the computer account for the device that you just disjoined from the domain and delete it (right-click > Delete).
  6. Find the user which requires a password reset and manually reset the password (right-click > Reset Password…).
  7. Log off of the domain controller.
  8. On the affected device, log on with the local admin account again, re-join the domain, and reboot.
  9. Log on to the affected device with the domain account that needed the password reset, using the new password that you created.

I hope these instructions are clear. Please comment if they need some clean-up.

Advertisements

ROS on BeagleBuntu

This isn’t strictly a sysadmin post but I needed a place to put it until it could be thoroughly tested and posted on the ROS site. This post is about how to get ROS Groovy running on a BeagleBoard-xM. I am a member of a local robotics club and am attempting to use the BeagleBoard-xM as our sole piece of on-board computing power for a self-navigating robot we intend to enter into a competition. If you live in central Illinois and are interested in robotics, you might want to check out http://www.circpeoria.org/. Now, on to the instructions.

In order to carry out these instructions, you must have access to a PC with a Linux distribution installed on the hard drive (not using VirtualBox or any other virtualization software) or use a live CD of any distro. This PC must have either a built-in SD card reader or an attached USB SD card reader. Once logged into your linux partition, do the following (lines beginning with $ are commands for the terminal/command line):
Read more…

Exchanging Squids

Even though my organization has switched to Office 365, I thought it might be good to post a solution I found previously to using a reverse proxy for our Exchange server. It took me quite a while to get this one right since I was unaware of a disagreement with how Apache and Microsoft handle the HTTP protocol that keeps Apache from being able to handle RPC over HTTPS (required for Outlook Anywhere). SO, the only working solution that I’ve found for an Exchange reverse proxy that isn’t ISA/Forefront is Squid with some special config options. Here is the config that worked for me:
Read more…

Rollin with My GAL

We have been looking everywhere for a solution in Office 365 that will allow for a contact list with the following properties:

  • Can be shared and edited by all people in the organization.
  • Can be added to everyone’s address list.
  • Allows for Contact Groups or DLs to be created.

According to Microsoft themselves, this is impossible. However, you can get most of this using the GAL. It isn’t editable by everyone (and not at all using Outlook), but it was a worthwhile compromise. However, getting all of your old contacts into the GAL can be a bit of a pain. The simplest way is to export your existing contacts list to a CSV file and import it using a PowerShell script. Except… no one seems to be willing to share a PowerShell script which can handle empty fields in the CSV as well as add extra email addresses if they exist in the CSV – until now.
Read more…

A Tail of Mail

My organization is just changing over to Office 365 from an internal Exchange setup. As I’m writing this, we’re in the final stages. Just yesterday, I decided that it was finally time to get a blog to write down the solutions I find to all the ridiculous little idiosyncrasies I’ve run into recently during this transition as well as those that I come across in the future. So, on with the one I ran into yesterday:

To facilitate the monitoring of our internal and external servers, we use Nagios. We are mostly a Microsoft shop where I work but I have a couple of Linux servers dedicated to important tasks such as this. However, after we switched over to Office 365, the forwarding of notifications from Nagios obviously stopped working. Previously I had notifications being relayed from Nagios by Postfix to our Exchange server and over to my mailbox. However, with the Office 365 transition, I needed to use Postfix as a relay to Office 365. I thought this would be as simple as modifying my main.cf to relay to the Office 365 server, having Postfix authenticate with my email address, and having Nagios send mail as if it was me. This was the correct course of action. However, what I had not planned on was that I continued to get error messages when trying to change the “FROM:” address on the notify-host-by-email and notify-service-by-email commands in Nagios. The exact error messages I was getting were:
Read more…