Tag Archives: hpoo

there is no such object on the server

Gee. Thanks, Active Directory.

This is one of the more useless error messages you can get when trying to programmatically access AD.

Feel free to Google (or DuckDuckGo, or Bing, or whomever) that error message. Go ahead, I’ll wait.

Your eyes bleeding, and gray matter leaking from your ears yet? No? Then you obviously didn’t do what I just told you to – go search the error message, I’ll be here when you get back.

Background for how I found this particular gem: I have a customer (same one I was working with on SAP a while back where I had BAPI problems) that is trying to automate Active Directory user provisioning with HP Operations Orchestration. As a part of this, of course, I need to verify I can connect to their AD environment, OUs are reachable, etc etc.

In this scenario, I’m provisioning users into a custom OU (ie not merely Users).

Provisioning into Users doesn’t give this error – only in the custom OU. Which is weird. So we tried making sure there was already a user in the OU, in case the error was being kicked-back by having and empty OU (if an OU is empty, does it truly exist?).

That didn’t help.

Finally, after several hours of beard-stroking, diving into deep AD docs, MSDN articles, HP forae, and more … customer’s AD admin says, “hey – how long is the password you’re trying to use; and does it meet 3-of-4?” I reply, “it’s ‘Password!’ – 3-of-4, 9 characters long”. “Make it 14 characters long – for kicks.”

Lo and behold! There is a security policy on that OU that mandates a minimum password length as well as complexity – but that’s not even close to what AD was sending back as an error message. “There is no such object on the server”, as the end result of a failed user create, is 100% useless – all it tells you is the user isn’t there. It doesn’t say anything about why it isn’t there.

Sigh.

Yet another example of [nearly] completely ineffective error messages.

AD should give you something that resembles a why for the what – not merely the ‘what’.

Something like, “object could not be created; security policy violation” – while not 100% of the answer – would put you a lot closer to solving an issue than just “there is no such object on the server”.

Get it together, developers! When other people cannot understand your error messages, regardless of how “smart” they are, what field they work in, etc, you are Doing It Wrong™.

sap bapis and hp oo

Couple quick notes:

  • SAP is not designed for automated / programmatic access – their “BAPI”, or binary application programming interface, requires additional licensing beyond just the product to use
    • I made the naive assumption that a “BAPI” was like a WSDL – and it is, but it’s proprietary, not open (and it’s binary, not plaintext XML)
  • HP Operations Orchestration requires an additional, ie not out-of-the-box, content pack and wizard to import SAP BAPIs to make operations

That said, the power of OO can be brought to bear with SAP and imported BAPIs – with the following gotchas:

  • You can only have one BAPI call in a given flow
  • If you want to call more than one BAPI for a given task, you need to have them split into their own subflows, and call the subflows

Hopefully you won’t need to know this. But if you do, I’m happy to save you some of the headaches I have experienced interoperating with SAP & OO.

thoughts on vilt

Over the years, I have taken (and given) a lot of training.

I’ve had self-paced tutorials (printed and electronic), in-person lectures, hand-on labs, small groups, formal classes, one-on-one tutoring, and virtual instructor led training (VILT).

I’ve seen two distinct types of VILT – good and bad. I have yet to see any “ok” training. It’s either great or horrid.

This week I took the VMware vSphere 5 Install, Configure, Manage (ICM) class to begin the preparation to become a VMware Certified Professional.

Some initial thoughts on this class:

(this class was excellent, btw – only matched by the HP Operations Orchestration 7.0 training I took 3.5 years ago shortly after the product had been renamed post-acquisition of Opsware by HP)
  • Our instructors, Steve & Rebecca, did a fantastic job both in playing off each other, alternating to keep the class interested, and presenting the material
  • Labs are always problematic – some folks are fast, others slow; some have issues, others none
    • Team / partner labs are even more problematic – making sure that both partners are learning in the process and neither is outstripping the other
  • Formal organization is good – ability to change based on class needs / interests is better
  • Engaging the class with humor, “relevant” Q&A, and other interaction is vital
  • Learning your [randomly-assigned] partner’s strengths, weaknesses, background, and expectations is important as early as possible

Other pros that should be taken and applied to all classes:

  • Clear learning objectives – stated and repeated throughout
  • Labs which directly connect with the lessons
  • Labs which logically build upon one another
  • Team labs that are still workable by an individual if there is no available partner
  • To the point slides and lectures
  • Few enough slides in each lecture to keep our attention
  • Few enough lectures between labs to be able to apply what we have just covered
  • Presenter/Lecturer/Teacher with appropriate knowledge of the material being presented
  • Remember what it’s like to not know the material

Cons from this class (which I think are true of all VILT classes):

  • Keeping attention on the lectures is entirely up to the student – it can be easy to get distracted, especially if taking the class from home (this also applied to telecommuting – a topic for another time)
  • Lab time is given on an as-needed basis … so once most of the class has gotten it done, a timer is set (eg 10 minutes)
    • For those in the class who finish rapidly, this can give a great opportunity to study, get work done, or goof off
    • For those having issues and/or who work more methodically etc, it can artificially limit their efforts
  • Because of the semi-random nature of lab length, some days can run long and others short

Characteristics of bad VILT classes I have attended:

  • Unclear objectives – if any
  • Overly-long presentations
  • Unrelated labs
  • Long separation from lecture to lab
  • Too much lab, too little lecture
  • Too much lecture, too little lab
  • Presenter with poor / non-existent knowledge of material (ie, read from slide only)
  • Broken labs (often related to poor product base, over-subscribed lab, etc)
  • Inflexibility with regards to lab and lecture start/end times

Conclusion

I really liked the vSphere ICM class – I learned a lot, and finally saw what I knew connected in an organized way that brought into focus my extant knowledge and helped me apply it in more useful ways in the future. Personally, I cannot recommend the trainers higher – Steve and Rebecca did a fantastic job, and I think we were fortunate to have good trainers: it made the material far more fun to learn, helped keep our focus, and made the whole week a positive experience.

Given the opportunity, I think all system administrators and system integrators should take a class like this one – even if virtualization is not in play: seeing the concepts, understanding the architecture, and learning how to design a virtualized environment will carry-over well to other arenas in the IT world.

My lab partner is a DBA for Yahoo – never saw virtualization before, hasn’t been a sysadmin, etc: but seeing how the environment works, how to build it, and how to apply architecture to systemic thinking helped open his eyes a bit to the world beyond data … and, I think, will make him a better DBA.

certifications and dependencies

Last week I participated in a beta class for HP’s new Cloud Service Automation 3.0 product release (ok, so it’s a prerelease, and “product” is a strong term). 3.0 is a full rewrite from 2.x, so there is no upgrade path. Also, not everything that “appears” to be in place OOB is actually working – and there is no way to grey-out options that are unavailable.

We were told this should be addressed in a patch sometime in the next 6 months. Yay us. Oh, and did I mention I’m involved in a project to implement this currently? Woot!

After taking this class, I found out that a prerequisite for the class is some Operations Orchestration training from HP – without which HP will not certify I took the class. Right. So, I have to take those classes via HP University over the next couple weeks so that by the time the CSA 3 class is “live” next month I can be officially-verified as having taken it.

And, if I’m going to take those classes, I might as well also go for the certification from HP to add to my CV 🙂

Also by about my birthday, I will be taking the VCP week-long class and test to learn and be certified on VMware’s vCenter, vSphere, and ESXi product lines from an architectural and implementation standpoint.

These next several weeks are going to be a blast 🙂