@scottalanmiller said in Converting Second Domain Controller from Physical to VM:

@wirestyle22 said in Converting Second Domain Controller from Physical to VM:

@Texkonc said in Converting Second Domain Controller from Physical to VM:

@wirestyle22 said in Converting Second Domain Controller from Physical to VM:

I'm most likely going to need to create another thread this weekend. Going to make a from scratch domain + domain controller as if we were just establishing a business.

Why?
Starting from scratch will mean the users will have to join a new domain, meaning their user profile will be changed on the desktops. You know how users fear change...

I'll be doing it at home (weekend). Sorry. I have a test environment at my place.

This falls under "one of those tasks you should definitely have on your home lab list" if you want to work in Windows, SMB or desktop administration arenas. A lot of people who work with AD at work will run AD at home full time. I've had AD (or its predecessor) for my home machines since 1997 or 1998. I've never run stand alone machines at home.

servers paying dividends

I only perform my non-secure bank transactions on public wifi...

Fastest possible internet connection ever! So fast in fact that no one can steal my private data...

@stacksofplates said in What is DevOps?:

@scottalanmiller said in What is DevOps?:

@stacksofplates said in What is DevOps?:

@scottalanmiller said in What is DevOps?:

@stacksofplates said in What is DevOps?:

@scottalanmiller said in What is DevOps?:

@stacksofplates said in What is DevOps?:

@scottalanmiller said in What is DevOps?:

@stacksofplates said in What is DevOps?:

@scottalanmiller said in What is DevOps?:

Two very common SDI tools are Ansible and Salt, but two that are extremely different. Ansible works purely through agents that run on individual servers. Salt uses a central console to control agents. This oversimplifies both, but gives us an idea of the diversity in the way that different systems work.

A common way for smaller shops to work with Ansible is to install agents locally and those agents do nothing more than pull their own configurations from a central Git repository. In this way, in order to manage individual systems, all that needs to be done is for the correct state definition to be stored in the right Git repo. Ansible handles the rest. It looks for updates and applies them when they appear. This is a pure "pull" structure.

Salt works differently. The Salt Master can push commands, almost instantly, to Salt Minions (endpoints.) With salt you can issue traditional commands in real time and see the responses in real time on the master. This makes Salt very powerful for monitoring, in addition to control. State configurations are stored on the Salt Master, rather than on a separate change repository, and when applied can be pushed out instantly to all nodes that are currently online, no need to wait for a polling interval. This is a pure "push" structure.

Ansible is all push through SSH (they have some kind of pull mechanism but I don't think anyone uses it), it doesn't use any agents at all. You can also run commands directly with Ansible. Ad hoc commands are a big help with Ansible, it fixes the weird workarounds you have to use to get sudo to work with remote SSH commands.

Now you just run

ansible host -m shell -a "whatever you need to do" -b -K

One of their big selling points is that you can do pure push, all agent, no server 🙂

It doesn't use any agents at all. It's all Python. There is no "server" like with Puppet (there is a server in the sense that there is one or multiple machines you do everything from), but there is a machine(s) you push from to other machines.

Servers are typically pull, not push.

No. Agents are pull. The server holds the configs and the agent checks in and pulls the config. Ansible is push and specifically states that on their website.

Not necessarily. Salt is an agent but push. The agent doesn't pull. At least not by default.

It's the exception then. Chef and Puppet both pull. I really like the pull system for CM. I use Ansible for orchestration.

Yup. The push is their huge selling point. No other major player does it. And no open ports either. Doesn't need SSH which is huge.

How does the agent know to interact? Just heartbeat every few seconds?

Open connection. They always talk.

@Dashrender said in Cost Study: 3 Node Scale vs. 3 Node VMware IPOD:

@wirestyle22 said in Cost Study: 3 Node Scale vs. 3 Node VMware IPOD:

@Mike-Davis said in Cost Study: 3 Node Scale vs. 3 Node VMware IPOD:

@Dashrender yes, I was thinking of agentless solutions like Veeam. So if it has KVM support it will work with Scale?

I wish I could help you with this. No place that I've worked at has needed something that big 😞

I came really close - I just missed the Scale boat. 3 years ago when looking at a replacement EHR I posted about some ridiculous needs. Many conversations with Scott - and Scale never came up. Looking back, I have to assume that Scale wasn't something we knew about quite yet. Instead I was looking at a $100K two server setup with something like 20 disks each (mainly for IOPs - this was pre acceptable SSD pricing). Management went with another solution (one they hate today) because the startup costs where so high.

Found my old crazy thread.
https://community.spiceworks.com/topic/310103-new-greenway-install?page=2

Yeah I was reading your thread earlier. It's interesting.

Any lockups since the fix?

@maalmeida said in I cannot get any invitation from Spiceworks:

@Romo Exactamente. Con el dns no me dejaba entrar y ahora con la ip si pero me muestra eso

Si te muestra eso por que la configuracion por default en servidores del explorer es muy restrictiva, lo cual es normal y recomendable puesto que realmente no se debe navegar desde los servidores.

Lo importante es que con la ip si te intenta cargar el acceso a OWA, si trataras con el puro nombre del servidor tambien te deberia de mostrar lo mismo que con la ip.

That's Alpha, I don't normally even both with Alpha in the lab.

We use Cisco Any Connect that authenticates against AD, but is not tied to any kind of GPS and it works for us just fine. Except for deployment, I see no need in using GPS.

If we use GPS for anything, it's with RADIUS for our wireless network. That works in one location but not the other. And this is only because both locations have different wireless systems and in how each system implements RADIUS and authenticates a laptop against an OU.

@scottalanmiller not yet. But the user will be in my office tomorrow and will test on WIFI there.

@aaronstuder said in EDGE E3 SSD Drives:

My boss will be talking to the Directory of Sales today.....

Any update?

A bit shorter

wget -qO- icanhazip.com

@aaronstuder said in LINUX 5 FOR $25 BUNDLES:

@scottalanmiller How do they compare to O'Reilly?

Not as good, but decent. O'Reilly is pretty good in general.

@aaronstuder said in Latest server arrival:

@scottalanmiller

Seems to only support 2012 releases.

Hypervisor:* Microsoft Hyper-V Server 2012 R2 or Windows Server 2012 R2

My guess is that's just from a testing perspective.

@kooler ?

@RojoLoco said in Ransomfree:

Download link: https://ransomfree.cybereason.com/download/

edit: Hooray, it's an .msi file! Easy deployment, here we go....

With training your staff to read? I wish you luck!

@thwr here is what the info page had to offer:

Problem Description:

If you sometimes see this error on a zaptel card, this might be caused by a network card or a harddisk taking an interrupt for too long. This will cause the calls to be dropped.

This might be caused by:

Too much I/O activity bad hardware bad drivers

If you see this error non stop scrolling on the asterisk CLI, you probably made a configuration error,

Doublecheck your coding / framing specified in zaptel.conf.
The below settings worked.

Possible solutions:

If you are using an intel 100mbit network card, try replacing the standard drivers with the drivers from the intel website. The drivers included in the kernel have some latency problems

replace on board nics with some add-in cards

Try looking if you have any shared interrupts, and try playing with disabling onboard network cards and plugging in new ones.
See also here

Try replacing SATA controllers with IDE controllers and tweak the hdparm settings. see this tutorial

Stop using the harddisk on the server as much. (get rid of updatedb lines in the cron jobs).

upgrade to a dual cpu system, more cpu's = an extra cpu to take an interrupt if the first one is busy with an interrupt that is waiting too long.

If you are using a dual port or quad port PRI digium card, you could try to do the hdlc in hardware instead of in software.

enable ACPI in the kernel config

enable your chipset in the kernel config

large.jpg

@scottalanmiller said in NextCloud LDAP Error:

It's already TWO YEARS past the end of mainstream support!

Remember that the contract is to people who don't want to spend $12 a year on a domain.

Thanks for the input, I'll stick with FreePBX for my learning endeavors for now

@stacksofplates said in Snap, Flatpak or App image what are their pros and cons?:

@scottalanmiller said in Snap, Flatpack or App image what are their pros and cons?:

@stacksofplates said in Snap, Flatpack or App image what are their pros and cons?:

I want to clarify. When I say they just aren't there yet, I mean they aren't there as the cross platform solution. They do awesome stuff, but I don't think we have a clear cross platform solution yet.

Snap "works" in Fedora, but requires setting SELinux to permissive, so I'm not sure if that counts as working.

Flatpack only works with GUIs.

I don't know anything about AppImage but from what I've seen it's easier to run, but less isolating (secure).

I'm not sure how much of the goal(s) are security versus just replacing traditional linked dependency deployments with self contained ones.

They really tout it as a big thing. The first page on the Snap website has a whole section dedicated to Snaps being read only with dedicated storage for more security.

Flatpak also mentions it in a called out section on their site. (Realized I was spelling it wrong ha.)

True, they do mention it a bit. Seems like such an odd thing for them to care about. I mean, it's nice that they make part of it read only but... who cares? The big deal is the packaging. All the rest is just distraction.

@IRJ said in Unlocking a Wiped iPad:

I would just get rid of the device. Selling it for parts could possibly get him in trouble if the 2nd owner came up with it in a shady way.

Yeah, I don't know all the details. I was just asking. I agree it sounds shady but I honestly don't know what the details are.