Not sure anyone mentioned HostiFi. You can get a free account for a single site.

https://hostifi.net

@Dashrender said in Folder Redirection - GPO - W7 to W10:

@PhlipElder said in Folder Redirection - GPO - W7 to W10:

@Joel said in Folder Redirection - GPO - W7 to W10:

@Dashrender Always giving me sound advice. Thanks Dash. I actually figured this out whilst on site earlier today and just saw your responses.
Adding the computers into the security group we had for FolderRedirection and forcing a GPO update did the trick. Cheers

It's better to place the GPO on the User side not the Computer side. Any membership changes are instant not waiting for the 90 minute refresh threshold for Computer policies.

I use both. Some items are machine dependent some are user.

For user endpoints we only use User based policies. It's a lot easier to manage especially if changes need to be made. Log off, log on. Done.

I've seen issues with search for the last week or so. A few people here have been unable to search public folders or their inboxes on and off. Supposedly resolved. We'll see...

@hubtechagain said in Need a Nextcloud Guru:

this is a paying gig.

@JaredBusch

@brandon220 said in how does this work? Modems/IPs/PCI Scans:

@JaredBusch example also is great for home use if you have IoT devices. I have an ERL behind a cable modem and this keeps everything I want separated from my normal LAN.

That is a good way to practice this for business use

@Dashrender said in Netgear Insight Managed Switches:

@pmoncho said in Netgear Insight Managed Switches:

@Dashrender said in Netgear Insight Managed Switches:

For $100, yeah I'd just do it. Otherwise you're looking at 2-4 (or so) 1 Gb/s teamed connections....

Exactly. I was thinking something similar also.

I don't need HA but am looking for a little more speed and more simple setup going forward. One cable vs 2-3 (tiny, tiny part of larger plan), consolidating hosts (soon), creating midday backup plan without penalizing daily workers, plus other changes I am contemplating for the future.

I do want to put the available budget to the best use to get the best value, plus a small morsel for the future too.

yeah, really it does come down to more than just this single port for this server -

Do you need two connections in case one fails? Do you need two switches in the backplane in case one fails? How many other SPF+ ports do you need?

We don't know how many ports you need where.

I try to keep things simple but not any simpler as the phrase goes.

We are an SMB with about 30 users and about 25 external clients that use our servers.
I don't have a need for multiple connections to multiple switches. I do have two separate racks though.

One two post rack that holds Patch Panels for PC's and phones, Switches for phones (on a separate network), switch for pc's/printers and main router.

Second rack has all servers (4 total), two NAS's (old and new), SSL-VPN, switch for servers (currently connected via SPF+ to pc/printer switch)

I was thinking, three SPF+ for three vMware Hosts (one is backup server) and one SPF+ over to 2nd switch for PC's and Printers.

I don't NEED SPF+ just like I don't NEED SSD's in the new server (purchasing soon) but if the extra cost is small why not spend it and be done while also keeping things a little more simple.
Extra $150 for 10Gb simplifies two or three 1Gb connection. Extra $200 for two SSD's in RAID 1 vs 6 10K SAS in RAID 10.

We keep our equipment around a long time, especially servers (7 years with Dell's warranty). This, IMHO, helps me get the value out of the extra money spent.

This is an ERL with a bridge.

The site is a home office. The site needed exactly 1 ethernet port (desk phone) and 1 ethernet port (wireless AP).

The user had no desire for extra devices to be plugged in to fail. This is a good use case for a bridged port. Also speed is not an issue on site, the limitations of the bridge are not slowing the user's speed.

That said, this was also put in place before the ER-X existed. Today I would use an ER-X for this. There is not good use case for a bridge on a router now.

jbusch@fsl-fl# show interfaces bridge br0 { address 10.202.199.1/24 aging 300 bridged-conntrack disable description LAN firewall { in { name LAN_IN } local { name LAN_LOCAL } } hello-time 2 max-age 20 priority 0 promiscuous enable stp false } ethernet eth0 { bridge-group { bridge br0 } duplex auto speed auto } ethernet eth1 { bridge-group { bridge br0 } duplex auto speed auto } ethernet eth2 { address dhcp description WAN dhcp-options { default-route update default-route-distance 210 name-server no-update } duplex auto firewall { in { name WAN_IN } local { name WAN_LOCAL } } speed auto } loopback lo { }

@Dashrender said in UniFi AP XG - Anyone running one yet?:

@MattSpeller said in UniFi AP XG - Anyone running one yet?:

@coliver anyone published an eta on that? I don't have to make a move on this for a year

Then why even talk about it now? Tech moves so fast who knows what could change?

That's not true. Infrastructure hardware is years in development.

@Dashrender said in Remove-Item cannot remove crap in Documents folder:

@Obsolesce said in Remove-Item cannot remove crap in Documents folder:

@Dashrender said in Remove-Item cannot remove crap in Documents folder:

@Obsolesce said in Remove-Item cannot remove crap in Documents folder:

@JaredBusch
I had a little bit of fun... whether useful to you or not.

You can run this script as a regular user that has permissions to create and run scheduled tasks and create a file in specified directory.

This will create a powershell script, and a scheduled tasks to run the script as the SYSTEM account. Then it will delete the script and the scheduled task.

I could test most of it, but not some of it for obvious reasons.

<#---- CHANGE THESE VARS: ----#> # Users to exclude from profile manipulation script, separated by pipe: $excludedKnownUsers = "Administrator|SpecialUser1" # New Script: $newLocalScriptPath = "$ENV:SystemDrive\scripts" $newLocalScriptFile = "testScript.ps1" # SID ending: (likely 21 if domain users) $sidEnd = 21 # Scheduled Task Name: $TaskName = "_Test Task 1" # Scheduled Task Description: $Description = "This is a test scheduled task that runs as the SYSTEM account and will be ran and then deleted at the end of this script." <#-------- END CHANGE --------#> # New Script: $newLocalScript = "$newLocalScriptPath\$newLocalScriptFile" # Gethers list of user profile paths: $userPaths = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*" -ErrorAction SilentlyContinue | Where-Object {($_.PSChildName -split '-')[3] -eq $sidEnd -and ($_.ProfileImagePath -split "\\")[2] -notmatch $excludedKnownUsers} # Creates a 'script in memory': $testScript = $null foreach ($userPath in $userPaths.ProfileImagePath) { $testScript += "Remove-Item -Path "$userPath\Documents" -Force -Recurse`n" $testScript += "New-Item -ItemType Junction -Path $userPath -Name 'Documents' -Target '$userPath\Nextcloud\Documents' -Force`n" } # Create a PowerShell script and save it as specified in vars: if (-not(Test-Path $newLocalScript)) {New-Item -Force $newLocalScript} $testScript | Out-File $newLocalScript -NoNewline -Force # Task Action: $Action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-ExecutionPolicy Bypass -File $newLocalScript" # Task Trigger: (task will be manually run immediately and then deleted, so keep 1 year out) $Trigger = New-ScheduledTaskTrigger -Once -At (Get-Date).AddYears(1) # Task Compatibility: $Compatibility = "Win8" # 'Win8' is 'Windows 10' in the GUI # Task Settings: $Settings = New-ScheduledTaskSettingsSet -Compatibility $Compatibility -StartWhenAvailable -AllowStartIfOnBatteries # Run task as local SYSTEM account with highest privileges: $Principal = New-ScheduledTaskPrincipal -UserId 'S-1-5-18' -RunLevel Highest # Create the scheduled task: Register-ScheduledTask -TaskName $TaskName -Description $Description -Action $Action -Trigger $Trigger -Settings $Settings -Principal $Principal -Force <#--------------------------#> # Run the scheduled task: Get-ScheduledTask -TaskName $TaskName | Start-ScheduledTask # Remove the created script: Remove-Item $newLocalScript -Force # Delete the scheduled task: Get-ScheduledTask -TaskName $TaskName | Unregister-ScheduledTask -Confirm:$false

This seems like a HUGE security problem - normal users can schedule a task to run as SYSTEM? Then any virus could do the same thing. So what am I missing?

I assume regular user would need elevated privileges at least... But I didn't test as a non-local admin, which is different than elevated privileges. But either way, that script can be automated and run as a user in the local admin group too with successful results.

I think your script affects every user on the machine - assuming that's Ok for the envivronment - yep, have the local admin run it - and done.

Yeah I designed it like that on purpose, because if users are using the device, whether it's one or 10 (unlikely), IMO they should all be redirected. But that can be changed no problem. But at least if it's one main person using it, it'll hit that one. If others do, they can be excluded. But you can always get the current signed on user and use that as in JB's original script, or in an automated way using other means I could add in if needed.

@Pete-S said in PoE issues with Unifi switch:

@marcinozga
Have you measured if there is any power on those ports?

From what I could find from UBNT materials:

24VDC Passive PoE (Pins 4, 5+; 7, 8-)

I didn't, but I don't have to, all devices are powering on just fine with unshielded cables. The most bizarre thing is that cables from switch to patch panel are unshielded already, it's cable between panel and couplers. And I don't think I mentioned it before, but initially there was a shelf on the wall and all cables were plugged in directly into switch, with same end result. I'm strongly leaning to the fact that shield on all cables are connected with unifi switch or patch panel, and that's the root cause of the problem. Otherwise why would everything have worked on 5xp switch (isolated ports) or when cables going to patch panel are unshielded.

@wrx7m said in Fedora - Automating Config File Modifications:

Without using a CM tool, what is the easiest way to automate modifications to several config files across 7-8 servers? I was looking at sed, but am not sure if there is a better tool that isn't a CM.

More specifically, I have several Fedora servers running squid proxy. From time to time, I need to modify the config file to whitelist a particular domain. Because I will soon have a few more servers, I would like to automate these type of file updates so I don't have to manually go into each server's config and copy and paste stuff in to certain sections; some information is specific to a particular server, where as this section would be universally necessary on all servers. So, I would be inserting lines in specific sections.

I intend to move to some sort of CM for this stuff in the future, but I need to get these going sooner than I could learn the CM tool.

Sync with a s3 bucket hourly. Then you only need to update on s3

East DC was less affected by this. The West DC had way more issues.

@marcinozga said in Massive Searchable Document/File Repository:

Actually, MayanEDMS might be what you're looking for. It does OCR and indexing. I have a running instance, but I haven't used it at all yet.

This looks interesting. I wonder how well it can catalog other digital assets (images, video, etc)

@JaredBusch said in Veeam Active Full or Synthetic Full?:

Because I sync Veeam’s backup target (a Synology NAS) to B2, I do not use the synthetic full that daily recreates the full backup. That would cause the entire vdk to need to be uploaded to B2 every day.

In my case I set up active full to run on Fridays. A different server each Friday. Stacking various serves on the same Friday to balance the load over the month.

Then daily incrementals.

This is also exactly why I don't do this.

@Jimmy9008 said in VMQ issues/Veeam/Windows Server 2019...:

@dafyre said in VMQ issues/Veeam/Windows Server 2019...:

@Jimmy9008 said in VMQ issues/Veeam/Windows Server 2019...:

@dafyre said in VMQ issues/Veeam/Windows Server 2019...:

@Jimmy9008 said in VMQ issues/Veeam/Windows Server 2019...:

@dafyre said in VMQ issues/Veeam/Windows Server 2019...:

@Jimmy9008 said in VMQ issues/Veeam/Windows Server 2019...:

Hi folks,

I am having VMQ issues on my 3 x Windows Server 2019 host. I am using a team of Intel X550 NIC (3 x 10 GbE interfaces to 3 x Stacked switch). The Team has been configured using Switch Independent mode.

Now, VMs are on the LAN perfectly and communicate. Rock solid.

Now to the issue. When I use Veeam with Application Aware turned on, the hosts get stuck creating checkpoints for VMs at 9%. The only option is to kill the host, restart and turn the VMs back on. It happens every time. (Strangely, checkpoints run fine native).

Veeam have looked at the logs and have said its an issue they have seen before, and to turn off VMQ initially on NICs and VMs as that often solves the issue. No worries. I do that, and the backups then run fine - perfect!

However, VMs over time then drop off of the network. I can connect to them in Hyper-V, but nothing I do will bring them back on the network. Initially they are on the network, just at some point in time many drop off, whilst others stay on.

The only resolution is to turn VMQ back on and reboot. I cant really keep testing this either as it causes much downtime! Not good. Of course, when VMQ is back on... Application Aware backups then fail and kill the host like I said at the start 😕

Any idea why some VMs drop off of the network with VMQ disabled on the VM and NIC? Host, fully patched. NIC, latest firmware. I thought you didnt have to use VMQ...

Best,
Jim

Is the the same VMs that drop off the network every time?

What OS are the VMs that get dropped off the network?

What kind of switches are you running?

Uncertain. I've noticed a few are the same, but I've had no time to really look in to it. Too many users. I'm trying to get ideas that could be the issue to do proper testing with downtime around Dec 20th when a lot are on holiday.

I think 2012 R2. Possibly 2016 too. Can't recall any 2019.

Dell N4064 Stack.

Try the ArpRetryCount trick. You'll have to reboot each VM or host after you make the change.

Ok, I can try that. So:

disable VMQ physical disable VMQ on all VM NIC change registry reboot

Sound about right?

change the registry on any machine that is down.

But yeah, that sounds about right.

Do I need to change the reg on the host too?

I would go ahead and do it, yeah.

My reasons for a low-end switch with SFP ports was also due to warranty. Most of the stand-alone media converters have a 1 year warranty. I can get Netgear, D-Link, etc with a Lifetime Warranty. Made sense in my application.

@Dashrender said in 2-in-1 laptop for a C-Level:

Around these parts you'll get no love for anything Lenovo - After SuperFish, that company is blacklisted - if not for life, for a long while yet.

I have used a few Surface Pros - they seem fine for the most part. My wife has an SP5 - she seems to like it. I just rolled out an SP6 to my boss 6 months ago - no issues so far.

I agree with sticking with the Latitude series on Dell - this is a company laptop, so go with business gear.

I know JB has an XPS, and as far as I know, he likes it.

No, mine is an Inspiron, bought at MicroCenter when my previous machine died a day before an international trip to a client.

I try to stick to the latitudes for clients.

It looks like it may be possible if I connect to the DB servers, which isnt what I wanted. The binary audit file is being written to s3. I want someone just to be able to review it like that.