Error connecting to external SQL Server from Virtualbox: "Cannot generate SSPI context."


I have a Windows 7 Ultimate guest running on Virtualbox under an OS X (10.9) host. I use the default NAT networking because it's convenient, especially when I need to connect to our corporate network on the VPN, and want both guest and host to have access. Recently, under NAT mode, I started getting this error when connecting to a remote SQL Server instance:
The target principal name is incorrect. Cannot generate SSPI context.
Apparently this is one of those generic authentication failure errors that can happen for dozens of reasons, so tracking it down was a beast.


Changing the Virtualbox NAT connection to "Use the following DNS server addresses" and specifying the same DNS servers the host was using did the trick.


One of the first things I tried was changing the Virtualbox network mode to "bridged", instead of "NAT". That worked. In fact, when I switched it back to NAT, the Sql Server connection still worked. It wasn't until later that I discovered that a system reboot in that state would cause it to fail again.

I tried disabling Ipv6 for the connection (per this post), checked the server name returned by ping -a ipaddress_of_sql_server, as suggested by the official troubleshooting article, and querying the DNS from the OS X host machine. I strongly suspected a DNS issue.

Finally, I learned about `dig` and began trying it on the host and guest (via cygwin in the `bind-utils` package) to query the DNS servers. The query against the Virtualbox-provided DNS,, had a warning that the host query against my organization's DNS servers did not:
;; Warning: Message parser reports malformed message packet.

I now realize that the root cause was running the following command, after experiencing some internet connection issues while using a new version of the Cisco VPN:
VBoxManage modifyvm "VM name" --natdnshostresolver1 on
(Suggested at https://supportforums.cisco.com/discussion/12085546/anyconnect-3104072-wont-allow-internet-connectivity-virtualbox-vm.)

For whatever I was trying to achieve, it sounds like using `--natdnsproxy1 on` may have been a less-intrusive choice, as the Virtualbox docs say about the hostresolver option:
"Note that this setting is similar to the DNS proxy mode, however whereas the proxy mode just forwards DNS requests to the appropriate servers, the resolver mode will interpret the DNS requests and use the host's DNS API to query the information and return it to the guest." (https://www.virtualbox.org/manual/ch09.html#nat-adv-dns)

Other references

  • https://www.virtualbox.org/ticket/7711
  • http://serverfault.com/a/627670/174855


Recovering from a failed BIOS update on a Dell Latitude E6500

While working on a friend's Dell Latitude E6500 I decided to update the BIOS, just for kicks. After using the Windows executable to kick off the update, it eventually failed. The computer wouldn't boot (not even to the BIOS splash screen). Instead, it would simply emit one beep, then turn off. Usually, it would turn itself back on, spin the CPU fan, then turn off again. Finally, I found some instructions in the DELL forums (http://en.community.dell.com/support-forums/laptop/f/3518/t/19506901) to recover from the failed update. In summary:
  1. Download the BIOS installer from the dell website. For example, http://downloads.dell.com/FOLDER01530518M/1/E6500A29.exe
  2. Drag and drop the file to a CMD window, hit space once, then type /writeromfile
  3. Drag and drop the file to a CMD window again, hit space once, then type /writehdrfile
  4. Rename the .hdr file to include just the machine name, in this case E5600.hdr
  5. Put on a FAT32 formatted USB drive
  6. Remove the battery
  7. Plug in usb to the left side slot (try each other slot if that doesn't work)
  8. Hold end key and power button, then plug in power cord.
The computer then read the file and repaired itself. Presumably, this works by using "Boot Block protection":
Most BIOS manufacturers (Award, Phoenix, AMI and Insyde) now include an option known as Boot Block protection. The Boot Block sector is write protected, thus it can only be damaged if the flash utility is explicitly directed by a command line switch to overwrite this EEPROM memory range.

Another post for a Vostro laptop contains very similar instructions: http://en.community.dell.com/support-forums/laptop/f/3518/p/19593398/20675627#20675627.


Using Autorandr for Undocking Goodness in Linux

[Note: this post has been migrated from its original home at http://rockycode.com/blog/using-autorandr-undocking-goodness/, posted 09 Feb 2011.  It is outdated, but perhaps still useful.]

If you, like me, are sick of having to restart the XServer when you undock/dock your laptop in order to get the display to reconfigure (ok, so I've only undocked once since I installed Linux; still, I was bugged), your days of wo are numbered.

X RandR is a command line tool allowing the XServer to dynamically change the configuration. To save you from writing your own shell script utilizing xrandr, two tools have been created:
  • Disper: http://willem.engen.nl/projects/disper/
  • autorandr: https://github.com/wertarbyte/autorandr
Disclaimer: I am new to Linux, not a seasoned veteran like many of you, so I can't tell you exactly what these tools do, just how I use them. But they work.

In Ubuntu you should already have xrandr installed. Install Disper using the Debian package above (or build it from source, if you'd like). Update: The version above is 0.2.3, which has worked great for me, even in Ubuntu 11.04. The newer disper, 0.3.0, does not work for me. Disper sounds like it is geared towards NVidia cards. While it (or the plain autorandr alone) may work fine for ATI cards, you may want to take a look at this page (http://www.thinkwiki.org/wiki/Script_for_Dynamic_Display_Management_with_fglrx) if you have an ATI card.

Once xrandr and Disper are both in place, download the autorandr script from the link above, and place it where you'd like to run it from. The most documentation I've found for it is within the comments of the script, so read through those. It is suggested on this issue page (https://github.com/wertarbyte/auto-disper/issues/issue/5) to use the auto-disper symlink if you have an NVidia card. The basic usage is:

auto-disper --save <profile_name>

Then to toggle profiles:

auto-disper --change

Again, the comments in the script explain this and a bit more, so read through those. Set up your typical docked display configuration and save that as something like 'docked'. Then do what you need to to set up your typical undocked configuration and save that as something like 'undocked'. The names are arbitrary unless you call them with `--load docked`, which I do not.

Finally, I have added a global keyboard shortcut in gnome so that Shift+Ctrl+F7 calls `auto-disper --change`. I have tried to get the FN+F7 switch display button to work for this (per these instructions: http://www.thinkwiki.org/wiki/Sample_Fn-F7_script), but haven't yet succeeded. The ACPI event is triggered and arbitrary scripts I write are called, but for some reason calling auto-disper in that way still doesn't work.

Update: When saving a profile you may get the error: `could not get scaling for screen CRT-0, reverting to "default"`. Something out there lead me to believe that was irrelevant, but in any case I have thus far ignored it with no noticeable issues.

Using Ubuntu PPA Repositories Behind a Firewall

[Note: this post has been migrated from its original home at http://rockycode.com/blog/using-ubuntu-ppa-repositories-behind-firewall/, posted 24 May 2011.  It is outdated, but perhaps still useful.]

This post describes a quick and dirty way to configure apt-add-repository to use port 80 instead of port 11371.

Ubuntu Personal Package Archives (PPA) are an easy way for developers to make their source packages available to the common user (like myself) through APT, Debian's great package manager. Packages from the default repositories are often out of date, where the developer has published newer versions that may have fixed serious bugs. In order to ensure that the ppa is trusted, an encrypted connection over gpg is used. However, apt by default connects via port 11371, likely to be blocked if you are behind a corporate firewall. When you try to add the ppa you're likely to see the following error:

gpg: requesting key 34EF4A35 from hkp server keyserver.ubuntu.com

?: keyserver.ubuntu.com: Connection refused

gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused

gpg: no valid OpenPGP data found.

gpg: Total number processed: 0

The simplest way I found to configure apt to use port 80 instead of the default was found in this launchpad bug, post #9:
 To make add-apt-repository use port 80 by default, the /usr/share/pyshared/softwareproperties/ppa.py file used by add-apt-repository can be modified to use port 80. Edit the file /usr/share/pyshared/softwareproperties/ppa.py Search for "keyserver.ubuntu.com" Replace it [with] "hkp://keyserver.ubuntu.com:80" and save the file. add-apt-repository should work behind a proxy now.
The downside to a code change, like we're doing here to `ppa.py`, is that a typical upgrade would overwrite our changes. However, according to the thread referenced above, this change has already been made in Ubuntu 11.04 and up.


Dreamforce 2011

I'm here getting ready for the afternoon keynote address at Dreamforce, salesforce.com's premier conference event, with Mark Benioff, CEO of Salesforce.com, and Eric Schmidt, Executive Chairman at Google.  This is an interesting combination as it seems to me that cloud provider Salesforce, with offerings like Force.com and Heroku, is a direct competitor to Google's App Engine.  We'll see what goes on in this interaction.

My view from 50 yards.
With 45,000 registered attendees, Dreamforce is one serious sales pitch conference.  I've come to appreciate where salesforce.com excels...and where it does not.  While Force.com is touted as a fully-featured cloud platform on which to build any application you can dream of, it feels wrong.  Salesforce is a highly successful CRM turned customizable.  Then had feature upon feature added until it became an extendable platform.  But just because you can build anything* you want on it, doesn't mean you should.

* A salesforce sales executive was quick to point out that you can't build a 3D first-person shooter.  I love contrived examples which skirt around real issues.

On to the interview.

Eric Schmidt:

A flexible platform allows you to continually get better.  That's against all engineering

Picking the best data centers helped Google attract the best talent.  Location = success?

The people who want the benefit of the platform have...a high incentive to stay within the boundaries of the api. [Also motivated to help the momentum of the platform.]

Latest Android OS internally known as "Ice-cream Sandwich."

Apple is the rare company that can move to a new platform, and get it right.

Mobile, Local, Social

Mobile first...the top programmers are developing mobile apps first.

The thing I love about the Internet is that everyone feels like they can be heard, and nothing changes.  ~Being heard is no longer a sign of activism.

America needs to be a manufacturer.  We have to. [...] We have to find a way to get the quality up.  "Activism should be judged based on outcomes"

Internet vs. oppresive regimes: Internet has a pretty fair fight.  Shutting down Internet in Egypt was probably a mistake because it signaled to the average citizen of Egypt that something was really wrong.

Americans were really harmed in 2008, and yet no one has really had to pay a price for that.


Summary of a session of the Utopia Conference at ITESM

Historia, Sociedad, y Utopía:
Anarquismo y Socialismo Como Experiencia Utópica en México.

Congreso Internacional Utopía
26 de Agosto de 2010

Anarquismo: una palabra que usualmente asociamos con caos y con violencia, pero ¿podría ser que este es la senda hacia Utopía? Así pensaron varios revolucionarios históricos como Ricardo Flores Magón o Andrea Villarreal. Para ellos, el anarquismo era más que simplemente hacer lo que quiere uno, era una forma auto-gobernanza, auto-control, y libertad. Era Utopía.

Ricardo Flores Magón nació en Eloxochitlán, Oaxaca, el 16 de septiembre de 1874. Su papá fue militar mestizo quien servía a Porfirio Díaz. Flores estaba en contra del régimen de Porfirio Díaz, y participaba en protestas contra el mismo. También publico sus ideas liberales en varios periódicos, uno de los cuales lo fundó junto con su hermano, acción que resultó múltiples veces en su aprehensión.
Con su hermano Enrique y algunos otros, Ricardo fundó Partido Liberal Mexicano que usaba como voz al periódico que habían formado, ‘Regeneración’ (que hoy ha sido publicado en el Internet[3]). Participó en la Revolución Mexicana desde 1910 hasta su muerte en la prisión en 1922.

En 1918 publicó en su periódico un manifiesto a “los anarquistas de todo el mundo y a los trabajadores en general.” En el, Flores hace una llamada a todos los que “estamos convencidos de que gobierno ... es tiranía” que se juntaran para propagar lo que llamó el “santo ideal anarquista” diciendo que era “el único humano, el único justo, el único verdadero”. En este Manifiesto vemos esta ideal de la igualdad de la gente, y la propuesta que es una estandarte de la vida más alta.

Otra anarquista muy notable fue Andrea Villarreal quien apoyaba al Partido Liberal Mexicano que Flores había fundado. Andrea también tuvo la misma visión alta del anarquismo.

Por su oposición al Porfirato, tuvo que huir a Tejas con su hermana. De allí publicó dos periódicos en 1910: “La Mujer Moderna” y “El Obrero”. En 1911 publico un artículo titulado “¿Qué Hacéis Aquí Hombres? Volad, Volad Al Campo De Batalla”, junto con su hermana. En el Andrea y su hermana Teresa instan a los mexicanos residentes de los Estados Unidos que compraran armas para llevar a México a fin de ayudar a los Revolucionarios.

Ahora, ¿qué tiene que ver esta ideal anarquista con la ciencia, tecnología, y sociedad? Contesto que mucho. Muchas de las tecnologías que tenemos hoy vinieron de proyectos del gobierno. El anarquismo, como lo propusieron estos dos revolucionarios, está en contra del capitalismo, que tiene como fin aprovechar de las nuevas tecnologías e ideologías.

Es probable que si viviéramos en una sociedad anarquista, no tendríamos los avances tecnológicos que disfrutamos hoy en día. El internet provee acceso personal a casi toda la información del mundo, que para mí es la libertad. Esta no existiría sin los proyectos del gobierno y la inversión de dinero que puso. Qué ironía que la fuente de tanta información libre tal vez no existiría en un mundo anarquista, que tiene como base la libertad del individual.

John Coulter

Fuentes citados:

1. Ricardo Flores Magón y sus compañeros: ¿precursores de la Revolución Mexicana o “adelantados del porvenir”? Margarita Carbó. (Universidad Nacional Autónoma de México, México)

2. Construyendo una nación: la voz utópica de Andrea Villarreal. Griselda Zárate. (Tecnológico de Monterrey, Campus Monterrey, México)

3. Manifiesto (Regeneración): http://www.archivomagon.net/Periodico/Regeneracion/CuartaEpoca/PDF/e4n262.pdf


Transition to Google's blogger.com

It pays not to ignore information on a website. So I created an account on Blogger around February of 2004, perhaps even earlier. The following is reposted for the sake of nostalgia:
First blog here at blogger.com
I may use this service instead of easyjournal.com, so here's the test-run! If I decide to switch, I'll upload my other entries here...
Nothing more; no posts nor anything useful at all. At the time I was simply browsing around for a good place to keep a journal online. I never really got in that habit, preferring to hand-write a paper journal.

However, I was just trying to reclaim this blog (raztus.blogspot) and it took me nearly fifteen minutes of trying to login/recover my information before I saw this link, right on the front page of Blogger.com: https://www.blogger.com/legacy-claim.g. Once I found that page, I was able to try some different accounts I thought were mine (sorry to those who got a "forgotten password" email!) and finally found the right one! I even remembered the password!

So, this post now officially establishes my presence in the Blog world.