Sander Berkouwer on 3 years of blogging

I like the blog post from Sander on his 3 years of blogging. Especially these excerpts :

“I’ve always believed in information equality.”

While hundreds of companies charge their customers for services with knowledge and experience as unique selling points (USPs), I’ve sat on the sideline enjoying the view. I heard these companies (most of them Microsoft Partners) complaining about shifting expectations and a changing landscape. They fear becoming obsolete, because customers wise up and Microsoft (among others) supply standard tools, frameworks and even products to replace their tools, frameworks and products. Lately even with Online Services. I’ve known information is dynamic in nature. I expected nothing less in this line of business.

“It’s why I started blogging.”

I felt information can be made available freely, without repercussions. Standard practices may be shared without cost, product pitfalls may be found easily and demos can be shown indefinitely. In the end for business it’s not information that counts, but relationships and reputation. I feel a customer should connect without you, not because he knows you’re capable of doing the job, but because you’re granted the job.

“It’s why I kept blogging.”

My employer benefits from my blog. Not in a direct financial way, but in an indirect relationship-based way. Because when I speak to a client I direct them to information I’ve shared here.  Because when the (potential) customer reads the information he is reminded of the ways of his current IT partner. … and not just customers. Other IT Pros started reading this blog as well… and linking back to it. As a company we could have generated more revenue on the short term (if our sales force would be up to spec) but in the long term we’re seeing increased deal sizes, etc.

Read his ful post on http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2009/06/26/a-dream-come-true-looking-back-at-3-years-of-blogging.aspx

I hope Sander will keep on posting for a long time to come.

The Active Directory Management Gateway Service

Still wondering where to find the download though. Nothing to download in the support kb (http://support.microsoft.com/kb/969041) or on the downloads page it refers to …

When a Windows NT 4.0-based computer tries to use the NETLOGON service to establish a security channel to a Windows Server 2008-based domain controller, the operation may fail

Mouthfull huh? Some background…

We introduced a couple of months ago in our main data centres a few Windows 2008 domain controllers. Mails started dripping in from our Linux/Unix friends, claiming they had authorization issues on their SAMBA systems. And if we performed any major changes lately? First of all you inquire into the more detailed nature of the actual problem. And (with the 2008 domain controllers in the back of your mind) you ask politely how their auth modules are configured. Because that last question proves to be a ballbreaker when talking to the “X” guys. They have the irritating habit of hard-coding a couple of domain controllers in there, preferably two that are configured to go down at the same time when patching No but all jokes aside it turns out their talking  to one of the upgraded machines and that the get the following errors :

“[2009/02/16 08:22:14, 0] auth/auth_domain.c:(170) domain_client_validate: Domain password server not available.

 [2009/02/16 08:22:20, 0] auth/auth_domain.c:(118) connect_to_domain_password_server: unable to setup the NETLOGON credentials to  machine XXXXXXX. Error was : NT code 0xc0000388.

 [2009/02/16 08:22:20, 0] auth/auth_domain.c:(118)”

Woops. The XXXXXXX. machine is a W2K8 one. We never took the time to investigate this properly (found some “pre-auth” messages in the security logs but what the hell, who doesn’t) as the “X” guys claimed the SAMBA systems in trouble had -and I quote- “old software versions” . They would initiate an upgrade…

One week ago we were installing a fresh 2008 forest and there the question was raised if we wanted to provide support for SAMBA? What the hell, SAMBA? And were kindly referred as well to a support article : http://support.microsoft.com/kb/942564 with the ringing title as seen above in the blog subject. So instantly the SAMBA ordeal sprung into my mind. And last but not least. During those exciting months and weeks (see above) we were contacted by some of our customers for which we upgraded their forest to a W2K8 FFL. They were not able to add machines via the RIS installation sequence anymore. MMM strange and when properly investigating (yes we did do that this time) we came upon the same ‘pre-auth’ failures as well. So we put one and two together and started adding those “Allow cryptography algorithms compatible with Windows NT 4.0.” settings to our customized domain controller policies in the customer’s forest. And bang away was the RIS problem . Once we added the same in our corporate forest , the SAMBA problem was gone as well…

Makes you wonder doesn’t it…