@brrabill said in Windows Server - AppCmd crashing:
Are there any printers installed on it?
I had server once that kept randomly crashing and it turns out it was a printer driver of all things.
No printers installed... but I had wondered the same thing as I found that on some forums.
@obsolesce said in Windows Server - AppCmd crashing:
@bbigford said in Windows Server - AppCmd crashing:
@obsolesce said in Windows Server - AppCmd crashing:
What OS?
Server 2012 R2
Is it fully up to date? Did it start happening soon after a patch? Does the fist occurrence of the error line up with any installed patches?
It's fully up to date, but it's actually been happening for a very long time from what I can see. This is a system that was neglected by the previous IT provider so it's hard to say if it was ever healthy.
@black3dynamite I forgot to upload a screen shot example of an error. I added that.
@black3dynamite said in Windows Server - AppCmd crashing:
@bbigford said in Windows Server - AppCmd crashing:
This one has me stumped. I have a terminal server which continues to either crash (completely turn off), not display disks in Disk Management and show signs of VSS issues because Veeam will say it failed to use VSS for backups.
I've looked in event logs and found appcmd.exe (appears to be related to IIS as the directory it references is inetsrv). Searching through forums suggests there is a permissions issue for the log file being written to a certain directory.
Just trying to do some troubleshooting before completely rebuilding as an absolute last resort.
Virus scan is clean.
Network Service has proper permissions over directory where log writes from what I can see.
System file checker returned no errors.
Already tried temporary disabling the antivirus?
Yes
This one has me stumped. I have a terminal server (2012 R2) which continues to either crash (completely turn off), not display disks in Disk Management and show signs of VSS issues because Veeam will say it failed to use VSS for backups.
I've looked in event logs and found appcmd.exe (appears to be related to IIS as the directory it references is inetsrv). Searching through forums suggests there is a permissions issue for the log file being written to a certain directory.
Just trying to do some troubleshooting before completely rebuilding as an absolute last resort.
Virus scan is clean.
Network Service has proper permissions over directory where log writes from what I can see.
System file checker returned no errors.
Disable anti-virus
Disable firewall
I stopped using Google quite a while back. I like the interface on DDG a bit better. Along with uBlock, works well.
Someone made a mistake... StorageCraft sites are all unreachable and have been for a while this morning (tried from multiple networks). Hope it comes up soon so I can troubleshoot offsite backups!
Edit: Main site is back online, but any replication/MSP portals are still offline.
Edit: Everything is back online now.
@scottalanmiller said in Kid's GPS watch:
@bbigford said in Kid's GPS watch:
@scottalanmiller said in Kid's GPS watch:
I think Samsung has cellular in their latest watch, too. But haven't tried it.
Indeed they do. Doesn't require a phone at all.
I'm waiting for a fourth gen one before I consider getting one.
Slimmer with better battery, or some issue you're wanting them to correct?
@scottalanmiller said in Kid's GPS watch:
I think Samsung has cellular in their latest watch, too. But haven't tried it.
Indeed they do. Doesn't require a phone at all.
Geez, can't find anything today. Quite a few people reporting an issue with searching things on Amazon. Currently can't find a certain SSD.
@scottalanmiller said in Is RD Gateway useful?:
@bbigford said in Is RD Gateway useful?:
"I would be looking into Guacamole, but no one has requested a web client." -What does that have to do with anything? Do you want to use Guacamole, or Windows Server RDS? Now is the time you should pick one.
Guac is a front end to RDS. It's not one or the other.
Ah, I thought it could be stand alone. My mistake then.
@flaxking said in Is RD Gateway useful?:
@bbigford said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
I know we've talked about RDP security before, but I'm bring it up again.
Is there a use case for RD Gateway in a single RDS server setup? (assuming we don't want to use the html5 web client) In this scenario it would be installed on the same server.
To me it seems like it would be only really be useful if it was on the edge separate from the RDS host server. RDP can be already be configured to only use TLS (though it looks like TLS 1.0 is the highest it uses).
Or am I missing something here? Is there something else that makes RD Gateway inherently more secure? I'm not too interested in the additional resource access configurations.
Are you going to use it external and configure your registrar to use something like remote.domain.com? If not then there is no purpose for it in your case. If you are, then it would give you better security if you did place it at the edge.
Yes. Basically we want to host our application for some of our clients. We have a hosting partner that has been figuring out the details for our clients, but our clients have been requesting things outside of their experience so it has come back to us to figure out some of the implementation details.
So the networks will basically be a RDS server and a database server (not actually sure where they put AD). I'm trying to figure out the smoothest setup for our clients with the lowest cost.
I would be looking into Guacamole, but no one has requested a web client. But presumably, our partner will be using Datacenter, so maybe an additional Windows Server for RD Gateway wouldn't be the cost increase for our clients that I would expect.
However, I simply don't have a grasp on what additional security it is going to provide. I assume it is going to sit at the same place on our hosting partner as the RDS server, just now the RDS host won't have a port exposed, the Gateway will. And if it was on the same server, what's the difference between the gateway port being exposed or the RDP port?
I mean, if it actually sat on edge infrastructure, I see the use. But otherwise, what's the point?
Honestly, you're all over the place.
You have some questions that need answered.
"I mean, if it actually sat on edge infrastructure, I see the use. But otherwise, what's the point?" -Security, as a proxy. That's the point. You're planning on exposing this to the outside; I would argue you absolutely need a gateway.
"However, I simply don't have a grasp on what additional security it is going to provide." -It's acting as a proxy, basically, that's the additional security.
"I would be looking into Guacamole, but no one has requested a web client." -What does that have to do with anything? Do you want to use Guacamole, or Windows Server RDS? Now is the time you should pick one.
"But presumably, our partner will be using Datacenter, so maybe an additional Windows Server for RD Gateway wouldn't be the cost increase for our clients that I would expect." -Are you concerned with cost, or functionality? Getting lost in this area as you had randomly thrown in Guacamole so I can't tell if you're going for cost or functionality as the bottom line because both have their strengths. What are you more familiar with, Linux or Windows Server?
@flaxking said in Is RD Gateway useful?:
I know we've talked about RDP security before, but I'm bring it up again.
Is there a use case for RD Gateway in a single RDS server setup? (assuming we don't want to use the html5 web client) In this scenario it would be installed on the same server.
To me it seems like it would be only really be useful if it was on the edge separate from the RDS host server. RDP can be already be configured to only use TLS (though it looks like TLS 1.0 is the highest it uses).
Or am I missing something here? Is there something else that makes RD Gateway inherently more secure? I'm not too interested in the additional resource access configurations.
Are you going to use it external and configure your registrar to use something like remote.domain.com? If not then there is no purpose for it in your case. If you are, then it would give you better security if you did place it at the edge.
@mattbagan said in Apple ID on Company-Issued iOS Devices?:
It took me 6 months to setup DEP and VPP. It was a pain. So many hoops to jump through. With DEP, you do not have to worry about having one master AppleID. Users can use their own. The whole point of DEP is to supervise devices better so you can clear that damn activation lock.
With Jamf we did it in about 2 hours.
@jt1001001 said in Barracuda vs Meraki - firewalls:
We have deployed 10 Meraki Mx 84 firewalls in a mesh VPN configbeith minimal fuss so far. Bandwidth on the tunnels between sites has been great and all. Where I have had issues was with content filtering turned on, some necessary ports over the VPN (port 587 to exchange server for our mfp devices) were blocked for no reason. Also the interface is not "logical" in that certain items are not obvious to where they are located.
Now we have added a MX 250 into the mix and it's VPN tunnel bandwidth is beyond poor it's dreadful. I have yet to open a case with Meraki as I'm still troubleshooting but it is nowhere near claimed capabilities; it is on a fiber delivered 1 gig circuit, I am getting less than 50 meg bandwidth.
That stuff is really good to know, thanks.
If you could go back and redo everything, whether it is a different (specific) manufacturer in mind, or different model within Meraki, or different architectural design, etc... What would you have changed, specifically?
While the discussion doesn't have to focus only on Meraki vs. Barracuda, the only thing mentioned other than a casual "if you need to spend money, buy PAN" has been a profound "anything other than UBNT is a huge waste of money".
While I deploy UBNT for many orgs, it isn't the only solution. It doesn't even fit with this deployment. Does UBNT offer a comprehensive firewall? No, USG is garbage. Captive portal offering sucks, zero hand off is buggy at best, limited support, and limited warranty. Can't manage multiple CloudKeys under one portal, no WIDS/WIPS from what I've looked at (handled by separate system). But, it's reliable, inexpensive WiFi; I especially like their point to point wireless gear for campus buildings for either primary or failover.
What about Meraki firewalls are "underpowered"? Of course, you have to size according to the need. If it's underperforming, it's the wrong appliance for the application. Someone had pointed out in another discussion that a MX84 throughput is 500Mb where a competitor was rated at 1Gb. But the competitor was listing as stateless, and Meraki was listed as stateful. Comparing stateful, they actually were rated as higher throughput.
I love PAN, but they also have their problems. I've witnessed some of their more expensive firewalls literally (physically) melt down in front of us. But, there are many cases where PAN fits nicely into a given solution.
So is that it... Nothing but UBNT to discuss? They have a solid product for a given application, but the needs of this project extend beyond those capabilities.
Comparing a Barracuda F18 vs Meraki MX84 for an upcoming project.
We've been replacing all client Cisco ASAs with Barracuda F18s this last year. Their price for features is really enticing.
I've dropped in and configured a lot of Meraki gear in the past (various switches and WAPs), except firewalls. Expensive, and a never ending licensing model. Clients are perfectly fine with that.
I have a highly scalable client that I've been assessing Meraki with Barracuda. Long term goals will likely be cloud systems, but for the next few years everything is on premises. This is also a client that will pay a lot more for better support/features/hardware/automation/etc.
The reason for Meraki is central management. This client is spread across many states. I've been fortunate in the past to see their MSP setup; it's amazing and I might like to get back to it.
My question is this... Anyone actually implemented both Barracuda and Meraki, and found any "gotchas" from either, aside from cost or never-ending licensing (lapsing causes loss of functionality)?
@manxam said in Office 365 Public Folder Cannot Receive Mail:
@scottalanmiller said in Office 365 Public Folder Cannot Receive Mail:
On with MS again. Their support is just googling the same stuff that I have, but more slowly. Running through all the same MS docs that I already used, and already reported as wrong to MS yesterday. Argh.
Funny, I'm going through this EXACT thing myself. We lost the "Partner" link within our O365 tenant so can't perform delegate admin actions and none of our customers show as having a partner associated despite having the correct POR.
I've been at it for 3 days with Microsoft and they keep sending me links that they appear to have gotten off of
The language barrier isn't helping either as they don't seem to be clear on what we're asking and why.
Ugh...
Going basic here as it disappeared on me in the past... Guessing you tried snagging the Partner app from the list of all apps again?
Mine used to be in the top bar, MS removed that functionality until I hunted the list of all apps and added it to the side "blade".
@dbeato said in Facebook - 2FA question:
@bbigford said in Facebook - 2FA question:
Meh, whatever. I'll probably end up dropping Facebook again soon anyway.
2FA does work, I don't use Logon Approvals, it does it from any device that I use it. If you set the device to be remember it will remember it and no prompt you, but if you select to not save the browser it will prompt your 2FA everytime.
2FA for Facebook works on your Duo, their own Facebook App and other 2FA authenticator apps.
If I select to not remember the browser, it prompts every time, to which I keep specifying don't remember. I have been trying to find a way to stop promoting if I'd like to remember the device