@alesribic said in MeshCentral2 Let's Encrypt cert not created:

i notice that meshcentral-events.db starts from scratch everytime service runs. But i can not find a way to browse this events database.

This suggests that maybe you don't have write access to the database with the user that you are kicking off MC with.

What DB are you using? The default or MongoDB?

I'd be willing to bet that this university had the students setup their network without any oversight or understanding of how it was setup.

"For today's class we'll be setting up AD 2003 and getting the entire school to use it - You get an A!" and they just let it run and run and run.

I'm just taking a guess at the AD version, wasn't listed

@scottalanmiller said in PCI Compliance with Centurylink Modem:

Have you tried testing the port to see what happens?

Got busy, assigned it to Val for the team.

@JaredBusch said in Remote Access & HIPPA:

@Dashrender said in Remote Access & HIPPA:

@rjt said in Remote Access & HIPPA:

I would second what @JaredBusch said about the HIPAA site and automatic control of the desktop. I would hope if you need control after hours, you could simply reboot the machine and then no consent is necessary.

You either have consent on or off, you don't flip flop without having what seems like a clear workaround to what is supposed to be a security benefit.

I have not, yet, looked back at the MC consent setup once it was implemented. Assuming it was done correctly, consent is permission based, so you could have an account that does not require consent. But you would need auditing on any use of the account.

I was pretty much assuming the use of two accounts - or (more crazily) log in with admin - change the permission, etc... but again, that would be crazy.

But the ability to do that more or less defeats the purpose... because you can choose to be a bad guy and just change that setting as you want and see what you want.... yeah logs are supposed to show what you're doing - but still.

But you have clients who have you in that spot, do you have a during hours and after hours account you use to support them?

@RojoLoco said in Experience with off-brand SAS cables?:

I think our external SAS cables came from monoprice or Cables 2 Go, both generic brands. No issues, and they are actually pretty well made.

Monoprice makes no sense up here due to exchange and duties.

We use C2G for network cables and some drive connectivity cables. We've used SuperMicro for their adaptive style cables for SATA and SAS as they are relatively inexpensive compared to any others out there and available in the distribution channel.

@wirestyle22 said in Breakdown of what is installed and running in RHEL:

@DustinB3403 Appreciated

You're welcome.

@notverypunny, had some wishful thinking after seeing references to netDMA and Andy Grover, the developer of the iSCSi targetcli freebranch and now stratis who posted all the benchmarks and papers on ioat, and speeding up iSCSi type IO using RDMA / RoCE between Hypervisors is my goal. But then could not find Andy Grovers actual ioat patches or benchmarks to look for myself - 404s.

C'mon guys, I might as well just join Reddit if everyone is going to be so touchy.

@DustinB3403 said in Veeam Licenses Quandry:

If you aren't sticking with Hyper-V, what are you considering? ESXi, KVM, XCP-ng, Scale? This could have an impact if you need Veeam at all.

Scale is on the list for sure.

This is like an extension of "goal level thinking". Stay focused on the goal when asking questions.

@Dashrender said in Meeting software - how do you handle it?:

My boss had an online meeting today - and of course this presenter wanted to use Skype, plain ol' Skype, not Skype for Business.
Skype for Business is installed on Windows 10 by default (which I have not removed) but seemingly, Skype for Business will only allow logons from MS business accounts (which I suppose makes sense).
So - my boss couldn't do her meeting because she was missing the needed software.

So let's get back to the original issue...

Only the boss can determine what software she is going to allow. Nothing that she says, requires, demands, etc. matter, because she's the boss and her actual decision is what goes. Period. No amount of IT banter in this forum can change that, it's fact. Your only way to change this, is to get her removed. So if "do what is needed, instead of what is said" is done, then obviously the correct action is to get her fired. That's not going to happen, so let's not talk like that's an option. She's the boss, she makes the rules, and using these products are her decision, end of story.

Skype for Business isn't a factor here.

Your boss could do her meeting. That she didn't is, again, all on her. Yes, you can help here if she tells you what she has decided to use and asks you how to use it. But she wasn't missing software, she just didn't know how to use a product she agreed to use and presumably didn't ask for help early enough on it.

In this one case, the fix is training the head of IT how to use a web based Skype interface. That's easy if she is okay with that. This assumes many things, though, as it seems that many of the problems come from the boss being capricious and illogical. So any given fix may or may not make her happy, we can't tell.

In other cases, there is no universal answer. We fix this by not allowing other companies to dictate our software stack. Things like Skype are allowed specifically because they work in any browser. But things like Webex are not because... we simply don't have the infrastructure to make them work and it is on the vendor to provide viable systems.

At the end of the day, she is the boss and her actions not her words are her actual rules. Words that conflict with actions aren't your mandate, they cannot be.

@marcinozga said in Why containers are free and easy but managing them is hard and costly:

You're comparing apples to oranges. Hypervisors vs k8s makes no sense. And what makes you think that running containers in production is only viable with tools like k8s? That's like saying running vm in production only makes sense on openstack. Docker for example can easily be managed with Ansible, or if you want web tool, Portainer, including managing swarm clusters.

Nomad is another popular one that does not only containers but a few different types of jobs.

Anyone? I went thru manuals evrything seems ok but no success. LetsEncrypt subfolder is not created even if production is false

This is my config.json

{
"settings": {
"cert": "MyDomain",
"wanonly": true,
"_minify": true,
"letsencrypt": {
"email": "MyEmail",
"names": "MyDomain",
"rsaKeySize": 3072,
"production": true
},
"webrtc": true,
"allowhighqualitydesktop": true },
"domains": {
"": {
"title": "RDP support"
}
}
}

@pattonb said in spf include option:

se cidr notation for an include record in a SPF record, or is a fqdn acceptable ? or both ?

Both are acceptable.

As an additional option, if you don't want your workstation to automatically connect to this network (on startup, while roaming etc) use this

networksetup -removedpreferredwirelessnetwork Interface SSID

That disables the autojoin functionality on OSX 10.14.6, but you would still have connected to the network from the initial answer.

choco got into the mix as a reliable way to keep Firefox up to date, thus allowing the OP to get rid of Chrome

What subject matter?

Vultr got back to me last week with an email -

"Hello,

We apologize for the delayed response to this ticket, while we investigated this matter further.

We are continuing to review our OS template and application images, and should be applying comprehensive changes across all available deploy images in the near future.

Your continued patience and understanding is appreciated in the meantime.

If you have any followup questions or concerns, please feel free to reach out."