@nerdydad said in MS Windows Server 2016 Datacenter not activating:

@aaronstuder said in MS Windows Server 2016 Datacenter not activating:

@nerdydad any firewalls in the way?

No firewalls this go around. There have been some network changes, but nothing in the way of firewalls.

@tim_g said in MS Windows Server 2016 Datacenter not activating:

@nerdydad said in MS Windows Server 2016 Datacenter not activating:

Have a MS Windows Server 2016 Datacenter that won't activate. I have tried GUI in system properties and settings and have tried DISM. Ran for updates and all patched up. Tried activation again, and not working. Anybody have any ideas?

What's the error you get?

Typically it was that it can't upgrade the server to that licensing because it was already there.

@black3dynamite said in MS Windows Server 2016 Datacenter not activating:

Have you tried activating using Windows Software Licensing Management Tool?
slmgr.vbs

I didn't know this existed, but will hold on to it for the future. Thanks.

The SLMGR is awesome
https://blogs.technet.microsoft.com/askcore/2016/10/19/windows-server-2016-volume-activation-tips/

@scottalanmiller

Yes, we have two DC SAN and DR SAN both configured with storage replication,Now, Failover cluster disks placed from DC SAN to Node1 and Node2 and When DC SAN goes down state, We will plan to map replicated windows quorum disks from DR SAN , if i will add replicated windows quorum disks means, it is possible to windows cluster start without any issues, ?? or replicated windows quorum disks is possible ???

Uber, like pretty much anyone their size, probably uses a combination of their own datacenters and cloud for scaling. Some large players go purely cloud to keep things simple and consistent. Others do a mix so that they don't have to pay for their own scaling.

@jaredbusch said in Linphone:

@dustinb3403 said in Linphone:

@jaredbusch said in Linphone:

@stuartjordan your sip domain contains your password.

sip:ext:[email protected]:5061

But not according to the windows interface. . . it should put the info in there. . .

F windows.

It's F#

Veeam just announced this week that they now consider ReFS to be ready for production use for the first time due to last week's WIndows Server patch that addressed some ReFS issues.

@syko24 said in Freepbx Trunk Randomly Goes to Rejected Status:

@jaredbusch said in Freepbx Trunk Randomly Goes to Rejected Status:

@syko24 Here are the instructions for making a CHAN_SIP trunk.

https://mangolassi.it/topic/12327/setting-up-a-sip-trunk-in-freepbx-13/2

Thanks again! So I assume you are using pjsip from phones to pbx and chan_sip on your trunks? Or have you completely switched everything to chan_sip at this point?

PJSIP on phones to PBX. Always.

The key differences in PJSIP are server side enhancements. Nothing removed a SIP communication bit.

I use both SIP and PJSIP for trunks. I always try PJSIP first. If I have issues with a provider, I will switch it to SIP.

@jaredbusch said in Interesting Take On A Wiki - Testing Now:

@tim_g said in Interesting Take On A Wiki - Testing Now:

@guyinpv said in Interesting Take On A Wiki - Testing Now:

That's right. 9 steps to install it via Composer. All that worked except for forcing https which didn't work on my WAMP.

I'm doing it again on cPanel but have to finish tomorrow.

why don't you do it on Linux following JB's guide?

Because this guy is worse than @Dashrender about doing things the hard way.

That's funny. Their tutorial was far less hard than yours, and yours didn't cover my environment. But thanks anyway.

I was on a WHM/cPanel setup on a VPS. While I did have SSH access as root, I used my cpanel user only at first. Apache and MySQL, not Nginx and MariaDB. But anyhoo.

Problem 1: Changing documentroot for Apache. I had the host do this, even though I could do it from root. Otherwise use of /public folder wouldn't work. Anybody on a cPanel would have to do this. If the site is an "addon" domain, it's easy, but if it's the primary domain (as mine was), the process is a little more involved.

Problem 2: I got a "No input file specified" blank page when trying to open it. This apparently had something to do with using fastCGI or PHP-FPM or something. Again the host made a server change, I believe all they did was turn off PHP-FPM. (this site is using PHP 7.2).

Problem 3: After fixing that, the site was redirecting to the /login address but simply went to 404. To fix this, I had to do a bunch of Composer things, update Composer itself, global self-update, enable fopen urls until finally Composer had no warnings or errors when updating. When I first ran composer update, it downloaded everything and created the vendor folder, but apparently it still couldn't work because of version issues between Laravel and artisan and composer or some weird nonsense. I needed su ability to get composer updated here.

Problem 4: Nothing worked yet, because when the host messed with PHP it generated a new htaccess file and left out all the stuff in the default one. I fixed that up.

Problem 5: Site now loads without 404 error, but instead just throws a server 500. The Illuminate package had permission errors writing in the Storage folder even with 755 permissions. To fix this (as other suggested online), I set folders to 777.
Then I had to run artisan cache:clear and composer dump-autoload. In general I always thought 777 was anathema but that's what everybody said to do.

I finally got the freaking login after that.

Problem 6: It still couldn't upload files to the uploads folder, so again had to go set 777. For the heck of it, I went and set bootstrap/cache to 777 too since that is the third folder they wanted to ensure write access. Now pictures could upload.

Now finally the installation is working.

Just by way of reference for anybody else who uses a cPanel setup. Composer was just there already on the VPS, but not up to date. And when using su, the Composer path is not set in globals so I had to reference full path.
Documentroot needs changed (including addition config if using SSL).
Potentially FastCGI issues. Some of this can be changed from WHM.
Give full 777 folder permissions.

Profit.

I will be removing web mangement secure from accessing remotely once I have spoken to the consultant who this if for and enabled a dyndns update client, at least this will lower the attack service as well.

Like Scott said, this is a server side feature and has nothing to do with Outlook, it never did. What you have in Outlook is an exposed setting in Exchange, and it's the Exchange server responsible for sending out of office replies. Email client is never responsible for that.

@nashbrydges said in Is it possible to get Hola VPN to work on a Chromecast or Amazon Fire TV?:

Are you having issues because of locality (videos only play based on your location)? If you have a server/PC at home running, would ZeroTier be a viable solution for this?

Nevermind. Re-read your original post. I clearly didn't pay attention.

@dustinb3403 said in Virtualizing Your Cudatel Appliance:

@scottalanmiller said in Virtualizing Your Cudatel Appliance:

Go ahead, download FreePBX and start playing with it. You could have installed it while reading this article!

Any good installation guides here on ML?

@JaredBusch has a great series of posts for FreePBX here.

https://mangolassi.it/topic/11805/freepbx-13-setup-guide

@jaredbusch said in HAProxy fails to start on reboot:

@scottalanmiller said in HAProxy fails to start on reboot:

In /etc/sysctl.conf can you add this line?

net.ipv4.ip_nonlocal_bind = 1

Or just do...

echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf

That did it.
WTF did I just do? I can read, so I get the general idea.

For load balancing it needs to be able to bind to non-local ports. For some reason the install did not set this which it seems like it should have done.

@markferron said in Licenses for APs and Switches:

@scottalanmiller said in Licenses for APs and Switches:

@storageninja said in Licenses for APs and Switches:

@markferron said in Licenses for APs and Switches:

@scottalanmiller said in Licenses for APs and Switches:

@markferron said in Licenses for APs and Switches:

@scottalanmiller said in Licenses for APs and Switches:

@storageninja said in Licenses for APs and Switches:

@dafyre said in Licenses for APs and Switches:

With that campus the size that it is, I would definitely recommend finding something to handle the Layer7 stuff.

I'm relatively certain you could drop in Ubiquiti APs, and possibly grab a Palo Alto that could work and still come out cheaper than doing the licenses for the Meraki gear.

Palo Alto does far better layer 7. If this is a school you need to meet CIPA compliance.

Private college, should be free to avoid CIPA.

Muhaha... Yes we are free to avoid CIPA, but it would still be nice to comply. It would look great on accreditation.

To the accrediting board, you mean? I suppose that makes sense, with the things out there that they are willing to give accreditation to, clearly education isn't what they are focused on.

Yeah no kidding. I saw a few items on the list of of things they wanted to know about our college and it made me laugh. Wish I could remember what they were...

Do you offer dual credit classes to high school students? Curious if that trips the need for CIPA?

Only likely if they are on campus. My nieces do that but they don't go on campus, so while the classes are for high school students, they aren't on the campus networks (but that is Texas.)

Our school is close to a few high schools in the area so professors actually will go to their school and teach in their classrooms.

Nice! 😄 I didn't realize they had started that.

Even though I know that it is there, I get this...

salt 'minion' ps.cpu_times minion: 'ps' __virtual__ returned False: The ps module cannot be loaded: python module psutil not installed. ERROR: Minions returned with non-zero exit code

@stacksofplates said in If all hypervisors were priced the same...:

@storageninja said in If all hypervisors were priced the same...:

@stacksofplates said in If all hypervisors were priced the same...:

Also, decisions are often more nuanced than simple TCO decisions. If you have compliance requirements this often shifts to commercial solutions that have validated FIPS 140-2 modules/solutions. If you need a DISA STIG at a given level paying some money and being able to deploy a single VIB to harden compliance vs. go through checklists and argue with auditors can be a big deal. How do you quantify the cost of applying with NIST for validation with a do it yourself setup vs. a turnkey solution?

RHEL/RHV have a good solution here. Auditors go through OpenSCAP scans with nice HTML reports and we justify any “failures.” It’s a pretty nice system.

That just audits if it was set. What I'm talking about is a single package you deploy that goes ahead and sets the configuration settings up for you.

On ESXi you can use Update Manager to track compliance with the DISA VIB, and use that for tracking it. Just attach as a baseline to your clusters and let Update Manager keep it up to date. Ed Groggin I think has a tool that will do an auto-generation of a report on the hardening guidelines.

Looking online, I'm not seeing Server 2016 in STIG viewer yet. Has Microsoft not gotten a STIG out yet?

Also Redhat Virtulization licensing cost as much (or more) than vSphere Standard. At that point if you don't need/want Redhat support VMware looks a lot more attractive. Oddly the only STIG for Suse I'm seeing is for Z series.

Well yes and no. They have built in remediations with OpenSCAP, so you can have it auto remediate your machine. We ran an auto remediate to get the correct settings and then pushed it all out with Ansible since we can apply specific rules or not based on the type of machine since they are all RHEL based (workstations, servers, hypervisors, etc). We don’t use RHV, but they have a subset of rules for RHV which is why I mentioned it. We use bare KVM for systems and it works out pretty well. Ya I’m not sure about 2016 but I wouldn’t be surprised seeing how slow they are.

The remediations are in Bash, Ansible, and I think Puppet? Anyway I have written a few of the Ansible remediations for them and have had them pulled into the project.

@scottalanmiller said in Audits, and more audits:

@bbigford said in Audits, and more audits:

@scottalanmiller said in Audits, and more audits:

@bbigford said in Audits, and more audits:

@scottalanmiller said in Audits, and more audits:

We specifically proposed "audit reductions" in some system changes that we proposed for a client just last week.

Can you clarify on how you plan on reducing audits?

In our case, removing all Windows products so that MS can't call for an audit.

How many random Microsoft audits have you had so far in your career? Random as in not triggered by a disgruntled employee calling something in (heard of that happening many times), or anything else that forces a trigger.

My personally, believe it or not, zero. But I have so little Windows in my environments and/or are in environments with licenses that keep audits from happening.

Sorry, I don't mean you personally (as in your personal assets, businesses you directly own or co-own, etc). I mean you as in the consultant for businesses you have no investment in beyond what they are paying you as a consultant. Basically, Company X doesn't have internal IT or development, and they hire you or the company you're employed by and consulting/designing/implementing for. Do any of those clients require PCI/SOC2/HIPAA/CIPA compliance? If so, I'd definitely like to fork this thread and cover some of that because those compliance standards are not really up to me (PCI, HIPAA, and SOC2 auditors reach out annually), so I'd be interested in how you're handling beyond annual (legally). I prefer SOC2 because SOX is a joke. Not sure if you are currently supporting SOC2 since I'm not entirely sure how NTG is handling certain client data as either a fully managed provider, strictly hosting solution, or anything else specifically. Very interested in more aspects though.

@mike-davis said in KB4073701 kills QuickBooks:

@BBigford glad I could save you some troubleshooting time.

If you're using a Venmo style delivery for drinks and/or strippers, I am willing to contribute for your helpful post to the community that directly impacted me. It has to be explicitly used on something such as strip clubs that take this type of gift card or similar. I cannot, by my own community standards, simply send money to you directly which could be spent on anything. It has to be a payment method that is only redeemable in the form of alcohol and/or strippers.

@mike-davis said in EdgeRouter not handing out addresses on VLAN:

What about this:
set service dhcp-server shared-network-name FSL_LAN authoritative disable

That was it. Thanks @JaredBusch - you the man.