In case anyone else runs across this same issue, I got this resolved with a simple command:

dracut --regenerate-all -f && grub2-mkconfig -o /boot/grub2/grub.cfg

After doing this, everything booted up properly.

I then installed hyperv-daemons, rebooted, and everything works great.

@pete-s said in FreePBX DAHDI card not connecting:

@wls-itguy said in FreePBX DAHDI card not connecting:

@pete-s

Doesn't FreePBX use their own distro though? Or is that something different?

I don't know. I was always under the impression it was CentOS, which until recently is the same as RedHat Enterprise Linux.

I'm sure @JaredBusch knows more.

FreePBX is Sangoma 7, a fork of CentOS 7.
They had a private alpha of FreePBX 15 or 16 built on CentOS 8 that was never public. That was killed when RedHat killed CentOS 8.

FreePBX 16 is still Sangoma 7, but with PHP 7.4 ported in and a few other updates.

There has been no announcement yet, but a few threads on, choosing a new fork to go forward with.

@pmoncho said in Email retention for non-regulated businesses?:

@dashrender said in Email retention for non-regulated businesses?:

@pmoncho said in Email retention for non-regulated businesses?:

@dashrender said in Email retention for non-regulated businesses?:

@scottalanmiller said in Email retention for non-regulated businesses?:

@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.

Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.

I like many of the replies I get about cleaning out email. "Why, its free!" "Why, my 50 GB of email is nothing when we have 16TB drives for $200" "Why do I have to remove email older than 13 years, it isn't hurting anyone" "Why would I do that, I may need it later (Medicare Newsletters prior to 2010)" and the list goes on and on.

Exactly!

Then my next question is - if something is so important that you need to keep it - why is it in email in the first place? Why can't you get that data someplace else more related to whatever it is you're saving it for? (That said, I realize that other documentation for something simply don't exist).

Don't you dare get me started down this path. I had HUGE arguments about this with an ex-employee over the period of 10 years. The user could not/would not understand her email box is not a document database / DMS. The last I counted, she had over 300 different nested folders in her email.

Now that the user is gone, their mail copied to a shared mailbox for management to hunt/search and waste their time with if they choose.

It probably easier to have retention policy in place from the start.

If you know email retention is time-limited, you'd have to come up with some other way to store things.

But some people are just hopeless no matter what...

@openit said in Offsite backup and CentOS Upstream - looking for suggestions.:

CentOS Upstream: Isn't okay for Production Servers anymore?

I assume you mean CentOS Stream?

Honestly it is a more viable solution for a Linux server than CentOS ever was as it is no longer so out dated.

But, I would give the entire RHEL ecosystem a wide berth at this point.

@dashrender said in Volume Management Device (VMD) on HP devices:

@pete-s said in Volume Management Device (VMD) on HP devices:

On linux you have the vmd module in the kernel. ESXi also have drivers.

Damnit - it's been awesome for several years with Windows 10 where no external drivers were needed during install because they were all baked into the default ISO... since the VMD stuff has been around since 2018 (though only in laptops since Gen 11 Intel Core processors) I really wish MS would include it in new ISOs.

Maybe Windows 11 has it....there is always hope at the horizon.

went with a simple synology 2 bay and 2 x 6TB disks.

I could have used old hardware, but nah.

Thanks everyone.

@dashrender said in New customer - greenfield setup:

@pmoncho said in New customer - greenfield setup:

@dashrender said in New customer - greenfield setup:

User education is next thing - and we do provide user education at hiring and then once a year. I really wonder - for the average worker - how effective is it? I think the answer to this comes down to your employees themselves. Again, someone also already mentioned that as well.

In my company, KnowBe4 has been really good. Users get yearly and quarterly videos and are encouraged to ask questions. Plus I setup a random monthly phishing scam test in addition to my very targeted bi-annual spear phishing tests I setup.

I really like it when users ask for help to decipher whether an email is phishing or not. We go over the potential red flags and if it is a Phishing test, I will let the user decide whether to click the link or not. 99% of the time they pass. If they click it, we have a small chat right then and there about what just happened.

Management only gets serious about it when they hear something in the news or through the client grapevine. Then its all hands on deck until.....

IMHO, it has been pretty effective when they see demonstrations of what is possible as compared to letting them read a PowerPoint, answer a couple questions and move on. Kind of like the great Medical - Fraud, Waste and Abuse presentation. All I hear is, "Ugh, anyone have the answers?" or similar statements.

Yeah, I've been asking for a solution like this for years. I even did one of their free tests, and the amount of people (and the specific people) who failed it was staggering (OK not really - come on, we know users). But the board just said - come on, can't you just train them? which I replied - no, I can't. it's not my skillset and the other features included in these packages would take ages for someone like me to develop, etc - they still said no.

Now fast forward to now - new CEO, new board members - those two groups have decided to buy into training solution because of other reasons.. and this solution does include some computer smarts type training.

We have KB4 Gold package that is good enough for us. No need to go above that for the medical field IMHO.

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@dashrender said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@dashrender said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@dashrender said in Whack a mole: Dealing with Spam/Phishing:

@pete-s said in Whack a mole: Dealing with Spam/Phishing:

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@pete-s said in Whack a mole: Dealing with Spam/Phishing:

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

The problem is the process... why would someone be reporting spam and why is someone blocking it? That doesn't make sense. Get a good spam filter, configure, train people how to delete, done

"But this is the way we (they) have always done it... "

You mean they are "reporting" as in actually reporting it to someone? And not by marking it as spam in the email client?

Yeah, that doesn't make any sense. Far too time consuming.

Outlook Toolbar.. Reporting
d4517c20-ac54-44fd-a195-1b6ef87caf87-image.png

OK, but that just ends up sending an alert email to the designated phishing mail contact, which is IT right?

It would have made more sense if those emails had been forwarded to Trend Micro automatically and their adaptive algorithm would have learned how to detect them.

Right now Trend Micro doesn't have a clue what emails their user are classifying as spam or phishing attempts. Because that happens way after the email has passed through their gateway.

That's interesting.

With Appriver - we forward emails to [email protected] and appriver deals with it. Other than constantly reminding people that's where the report needs to go - I don't really deal with it.

Thought as Scott mentioned - so much spam is a once and done situation - so reporting it is often pointless.

That's not a bad process. But still a bit more than just "mark as spam" which is really simple.

oh, that most definitely is. and it's an option we have in O365.... but we now have two layers of spam filtering - appriver and MS...

So people have to report to O365 AND AppRIver? Do they really catch enough different to justify filtering twice?

no, they don't - and likely they aren't. I've shown nearly no one how to report to MS - so that's the one that's skipped. Everyone has been told about forwarding email to spam@appriver - and yes, it's more work than just right click - mark as spam, but not so much so that people don't do it.

Why report to that one when O365 is the important one and the one that's like 10x more likely to be permanent instead of being clearly in the "should be removed" category? Less work, better results, less long term risk.

Time, the old process is already in place. It's just a matter of informing people at this point - it just hasn't happened yet.

@travisdh1 said in sending custom CDR from FreePBX:

@dashrender said in sending custom CDR from FreePBX:

@travisdh1 said in sending custom CDR from FreePBX:

@dashrender said in sending custom CDR from FreePBX:

@pete-s said in sending custom CDR from FreePBX:

@travisdh1 said in sending custom CDR from FreePBX:

@pete-s said in sending custom CDR from FreePBX:

@jaredbusch said in sending custom CDR from FreePBX:

@pete-s said in sending custom CDR from FreePBX:

Long time since I saw that one 🙂
It had a name but I have forgotten it. What was it called?

7486da1c-22aa-415c-8db4-3a991a471da4-image.png

I was serious this time.

I looked it up - it was called Clippy (or officially Clippit).
https://en.wikipedia.org/wiki/Office_Assistant

You're too young to remember the horror of Clippy?

Get off my lawn! Consider yourself lucky!

I am lucky! Not because I'm too young but because I'm too old - too old to remember every irritating thing Microsoft managed to come up with...

Clippy - how could you possibly forget about Clippy? Now - if you said you forgot about MS Bob - that I could understand.

You just had to bring up MS Bob, didn't you! I spent an evening while working as an intern for my high-school installing that **** ******* piece of **** software in an entire classroom. Nobody could figure out how to use it, even with the teacher's manual to refence.

What's even funnier - I have no clue what MS Bob is - other than quite possibly the worse piece of software MS ever put out. and I only know that by reputation.

Youtube Video

thanks, I'll kill 10 mins another time.

SAM-SD anyone?

@pete-s said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@dave247 said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@voip_n00b said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@dave247 I use certificates to only allow company owned and managed devices to connect.

Interesting, can you elaborate more on how you achieve that?

It's common to have certificates with VPN.

A OpenVPN client for example without any MFA is usually setup so that it needs a client certificate and a username and a password as well as the connection info. The same goes for Cisco AnyConnect and others.

The VPN connection uses mutual authentication so the client authenticate that the server is who he is suppose to be and the server authenticate the client is who he says he is.

If you install the certificate on your company devices you can't connect to the VPN just by downloading and installing the client on another computer and enter the credentials. Because you don't have the certificate.

So that's how you can control what device is allowed to connect. For more security the certificates can also be stored on smart cards, hardware devices or even the TPM module inside the computer.

You should have something similar on NetExtender. Look for client certificate or client authentication.

Another thing with certificates is that you can prevent VPN access by revoking the client's certificate. And also certificates expire so you can give someone a short term access if you like.

Nice, I will check it out. I have opened a few tickets and asked around other places regarding NetExtender and nobody has said anything about this, so I don't know if its possible with the Sonicwall NSA / NetExtender setup, but I will find out.

@gjacobse said in Launching Windows settings, screen shot etc from URI:

Interesting - I created a batch file that launches all of my daily applications in the office. It'll be interesting to see what I can move to this method...

You can look at what URI are registered to what applications by searching for protocol and you'll find "Choose default application by protocol".

That's how Windows knows what program to launch when it finds something like mailto:

You can also add your own URI to launch whatever app you want. That's done in the registry.

BTW, ubuntu and others have the same capability to handle URIs.

@pete-s said in What do you think about .app domain names?:

@scottalanmiller said in What do you think about .app domain names?:

If it is under the hood, why bother. If it isn't under the hood, I think customers get confused.

So you mean if it's customer facing it's better to stick to .com and there will be no confusion?

That is the only aspect that matters tbh, what people / customers think of it. All other aspects have zero impact.

If you upgrade to FreePBX 16, the script handler needs updated to reflect PHP7.

The git repository is updated, but if you have an existing install, this will fix it for you

sudo sed -i "s/php5/php7/" /etc/httpd/conf.d/yealink.conf sudo systemctl restart httpd

If you upgrade to FreePBX 16, the script handler needs updated to reflect PHP7.

The git repository is updated, but if you have an existing install, this will fix it for you

sudo sed -i "s/php5/php7/" /etc/httpd/conf.d/yealink.conf sudo systemctl restart httpd

Scale Down

###################################### ## Save Deployment State (excludes kube,mongo,k8 pods) ###################################### kubectl get deploy -A --no-headers | grep -v -E 'kube|mongo|k8s-api-proxy' > deploy_state_before_scale.txt ###################################### ## Copy Deployment State to GCS Bucket ###################################### gsutil cp deploy_state_before_scale.txt gs://app1 ####################################### ## Scale Deployments to zero ####################################### kubectl get deploy -A --no-headers | grep -v -E 'kube|mongo|k8s-api-proxy' | awk '{print \$1,\$2}' | while read NS DEPLOY; do kubectl scale --replicas=0 deployment/\$DEPLOY -n \$NS; done ####################################### ## Scale Daemons to zero ####################################### kubectl -n <namespace> patch daemonset <name-of-daemon-set> -p '{"spec": {"template": {"spec": {"nodeSelector": {"non-existing": "true"}}}}}' ####################################### ## Turn off Autoscaler on GKE nodepools ####################################### gcloud container clusters update <app1-cluster> --no-enable-autoscaling --region <region> --node-pool <app1nodepool1> gcloud container clusters update <app1-cluster> --no-enable-autoscaling --region <region> --node-pool <app1nodepool2> ####################################### ## Resize Node Pools to zero ####################################### gcloud container clusters update <app1-cluster> --num-nodes 0 --region <region> --node-pool <app1nodepool1> gcloud container clusters update <app1-cluster> --num-nodes 0 --region <region> --node-pool <app1nodepool2>

Scale Up

####################################### ## Resize Node size to 1 for each node pool ####################################### gcloud container clusters update <app1-cluster> --num-nodes 1 --region <region> --node-pool <app1nodepool1> gcloud container clusters update <app1-cluster> --num-nodes 1 --region <region> --node-pool <app1nodepool2> ####################################### ## Turn Autoscaling Back on ####################################### gcloud container clusters update <app1-cluster> --enable-autoscaling --region <region> --node-pool <app1nodepool1> gcloud container clusters update <app1-cluster> --enable-autoscaling --region <region> --node-pool <app1nodepool2> ##################################################### ## Copy Saved Deployment State from GCS bucket ##################################################### gsutil cp gs://<app1>/deploy_state_before_scale.txt . ##################################################### ## Scale deployments using the previously saved state file ##################################################### awk '{print \$1,\$2,\$4}' deploy_state_before_scale.txt | while read NS DEPLOY SCALE; do kubectl scale --replicas=\$SCALE deployment/\$DEPLOY -n \$NS; done ##################################################### ## Scale Daemons back up ##################################################### kubectl -n <namespace> patch daemonset <name-of-daemon-set> --type json -p='[{"op": "remove", "path": "/spec/template/spec/nodeSelector/non-existing"}]'

@jaredbusch said in Restoring a Windows MS SQL Server Database to Linux With Move SQLCMD:

@scottalanmiller I have not had to do that before with a normal backup to a .bak and then restore. Not some an place move like it seems you are doing.

Happens if going to a space with a different storage layout. If you are coming from Linux you are probably fine. But Windows injects the drive letter into the path (obviously) and so going from one machine to another that doesn't keep identical storage path names causes the issue.

Was wondering if anything like NGINX or HAProxy have a suitable solution we could use. Maybe we could point the public DNS entry to HAProxy hosted somewhere in a datacenter and if the traffic is 80/443 protect with WAF, and if any other suitable port allow through.

The paid HAProxy seems to have a WAF. Not sure on the cost though. As long as we keep citrix/back end patched, and keep it behind our MDR platform, and only allow traffic from the proxy, maybe that will be ok.

2530-8G-PoE+ Switch (J9774A)
5355fe2f-0801-4920-b4f2-e1c01a93ee95-image.png