Topics created by bbigford

@obsolesce said in Who's hosting this website?:

Maybe it only knows who the authoritative name server hosts are, not the web server company?

Example:
webserver = godaddy.com
name server = hover.com

Here, the @ DNS record on hover.com simply points to the IP of the web server hosting the website (godaddy).

...or some type of confusion around that.

Oh absolutely that's part of the issue with some tools; the verbiage can be misleading about what the tool is actually looking for. Sometimes their intended use is looking at name servers and seeing who's hosting a domain, not a web server.

Also makes it nearly impossible if a company is using a proxy, like CloudFlare.

@dbeato said in vSphere power supply count:

@bbigford said in vSphere power supply count:

@dbeato said in vSphere power supply count:

How many Host though you have in Vcenter? Or is it just one server with Vmware.

3 hosts, but the hardware status that is showing is only for the one host.

I found this:
https://kb.vmware.com/s/article/1010716
might not apply but it is where I am going to.

Hmm... appears to be a known bug then due to lack of support for certain things. Maybe it'll change in 6.7 but only an upgrade will tell.

That generates another question then... Are you using HP/Dell tools (thereby having to configure VIB with the tools being on a management/LOB VM), are you relying on 3rd party systems monitoring tools/vmware/etc?

I wonder if urbackup would be able to do what you want. If it's exclusively for backup.

@scottalanmiller said in Microsoft support - downhill?:

@bbigford said in Microsoft support - downhill?:

@scottalanmiller said in Microsoft support - downhill?:

This we hear a lot. Bad communications, unable to speak English, lots of passing the buck and run around, and then delay after delay presumably to push you to find an alternative to them actually doing something.

It's gone way downhill in the past year. Even our channel reps have been pretty shocked. The lack of English has been an issue for some time (obviously not the only company outsourcing though).

Offshoring. It is extremely unlikely that they are outsourcing. Outsourcing means going to another company. Offshoring is what sends stuff to India.

They might be doing both. Or neither, a lot of Indian call centers are in New Jersey.

Lol, my kinda of town 😉

It just goes to show that your server rack is a good indication of how your company is going...
😉
 
 
(Works on two levels!)

@dbeato said in Office 365 PowerShell question:

@bbigford said in Office 365 PowerShell question:

@dbeato said in Office 365 PowerShell question:

@bbigford said in Office 365 PowerShell question:

@dbeato said in Office 365 PowerShell question:

@bbigford said in Office 365 PowerShell question:

@dbeato said in Office 365 PowerShell question:

@bbigford said in Office 365 PowerShell question:

While in an Office 365 PowerShell session, anyone know what the 'name' value refers to? I think what a client did was simply rename an account when someone quit, and here is the result.

Amanda quits, backfilled by Jane. Display name, UPN, SAM, alias, everything shows as Jane, except 'name'. Going through Exchange mailbox and MSO user properties via the GUI, no trace of the word 'Amanda' anywhere.

Anyone know what that value actually refers to? Before today I thought it was probably UPN, until today I saw there is a separate value for UPN.

Can you show an example?

0_1525112201908_2018_04_30_12_13_26_Administrator_Windows_PowerShell_ISE.png

0_1525112210220_2018_04_30_12_15_24_Office_Admin_center_Home.png

That's the SamAccountName attribute that cannot be changed.

You were correct after I double-checked. What I find odd though, is the samAccountName doesn't show as emilyr, it shows as emily59172-558041006 ... where does it even pull emilyr from do you think?

0_1525363051932_c0112f04-4f56-445f-9a35-78a571753053-image.png

Edit: I've tried marking this as solved, but can't find an option for that.

Have @scottalanmiller do it.

Ah, I'm guessing that is not a function everyone has the ability to use I'm guessing.

It is an issue in NodeBB here that we cannot mark other answers ans the resolution of the issue.

You can quote the post that is the answer, and mark your quoted post as the answer.

That's what we've been doing.

I don't see IE going anywhere. We have all the same need for IE in the future that we have n the past. Sure now it is DevOps rather than Snowflake, we are using more tooling, but things are also more complex and bigger.

@scottalanmiller said in Synology cloud backups:

@bbigford said in Synology cloud backups:

@scottalanmiller said in Synology cloud backups:

@bbigford said in Synology cloud backups:

@scottalanmiller said in Synology cloud backups:

@bbigford said in Synology cloud backups:

@scottalanmiller said in Synology cloud backups:

@bbigford said in Synology cloud backups:

@scottalanmiller said in Synology cloud backups:

@bbigford said in Synology cloud backups:

@scottalanmiller said in Synology cloud backups:

@bbigford said in Synology cloud backups:

Ended up just going with BackBlaze B2 for the cost.

And there is Wasabi.

I do like that company for many reasons other than cost. But what throws me off is the method to connect the appliance is to use AWS S3. Any idea why that is?

That's not what it says at all. You are seeing the S3 API being chosen and thinking of Amazon's S3 service. Wasabi is just S3 compatible, that's all. It doesn't require a special API like other services.

The logo is what is throwing me off. I'm assuming the S3 API was created by Amazon, but then they are just allowing other companies to use it?

From what I've read about S3, it isn't proprietary; which makes me think Amazon doesn't have any kind of patent on the tech...

S3 is a service. A patent isn't possible on a service. That's not how patents works. An API is an interface and can't be patented either. That would be like patenting a language.

S3 the product is totally proprietary. S3 the API must be public or it is useless.

Got it. Thanks for clarifying. The 3 block logo was throwing me off as I thought it would be somehow using specific stuff for AWS since that has appeared to be their branding/logo; obviously it isn't an issue or Wasabi would have legal issues to deal with.

Where are you seeing that? I'm poking around on Wasabi's site and don't see it used.

Sorry, on the Synology Cloud Sync tool.

Right, that's Synology using it, not Wasabi. The tool is for "connecting to S3". It's definitely Amazon S3's logo. Why would Synology using it in any way cause legal trouble for Wasabi who didn't use it?

It wouldn't. I misspoke in that regard now that I am thinking about it more.

I dislike when they use logos like that. Because you can never tell if they mean it is integrated with the service, like the logo implies, or if it just uses a certain API that they are incorrectly associating.

I fully agree with that.

@dbeato said in Silently take screen shots:

I have used ActivTrak
https://activtrak.com/

Same here, it works well.

@bbigford said in GoDaddy cert pricing - wow:

@dbeato said in GoDaddy cert pricing - wow:

So what is this SSL for a website or just shopping around?

Just shopping around... but, I tried a different browser. It was showing USD but the currency was not correct, I checked back after looking at Chrome and it was showing Icelandic kr. Lol wtf

Starts a $99.99 the first year and then renew is $199 a year. Most of the sites I have been securing are in Let’s Encrypt or Cloud Flare.

@zachary715 said in Shrink VMDK - VMware:

Option 2 would be to migrate the VM to a different datastore with dissimilar block size and specify "Thin Provision" when moving. If you have or can create a datastore with a block size different than your current config, then you can do this without downtime.

Funny you mention that. I had forgotten about that method until this morning. I ended up using that method on the server (after creating a datastore using NFS share on a Synology appliance), using it strictly as a backup for a couple days to make sure things are good. I'll likely not use the conversion in the future; though they both took around the same amount of time to complete, the conversion was such a pain.

Docker in general IT is great for immutable server design. If you want to do OS updates, config changes, etc you roll out a new container.

The downside is if it's not for software you write yourselves, deploying a new version of the software might not be so smooth if the database or backing data storage has to also be updated. You can't design it to be able to be able to do a rolling update, or to be able to rollback, so it's not quite as useful then.

@bbigford said in VPN and Exchange:

@jaredbusch said in VPN and Exchange:

@bbigford you are totally overthinking this.

They obviously have on site Exhange. That will require some kind of DNS entry for OWA and OA to work.

They chose to use exchange.domain.com, this is perfectly normal.

They only have a single IP, or only have their router configured to use a single IP. This is also very common.

Then someone wants to use a VPN. They enable it in the firewall, or whatever device, and just use the existing FQDN that resolves to the site IP.

This is also perfectly normal and 100% ok.

Could they have added a CNAME, such as vpn.domain.com? Sure, but there is no technical reason to do so.

I don't think they have web services, but if they were to, those wouldn't be able to use 443 I'm guessing since that port is already forwarded. I am definitely overthinking that one.

L2TP VPN does not need port 443.

@dbeato said in Synology NAS - Can't delete:

@bbigford said in Synology NAS - Can't delete:

@dbeato said in Synology NAS - Can't delete:

As an aside question, do you have it that it recycles the storage after certain time with Synology to Synology backuP?

What do you mean recycles? It's not doing an offsite move-delete if that's what you mean, it's copying it in case either building is lost. Maybe I don't understand the question.

So when I setup the backup between Synology devices, I make sure that after a certain time/age the backup device deletes the older snapshots/backups.

Ah, got it. What are you using for backup software that you'd rather your backup software not delete it? Also, are you using Synology CLI for that? I don't know that I've noticed that option in the GUI as part of the task creation.

I might still have support for two years, but I'm pretty sure "life" ended quite some time ago 😉

@bbigford said in SPF issues:

@dbeato said in SPF issues:

@bbigford said in SPF issues:

@dbeato said in SPF issues:

@bbigford said in SPF issues:

@dbeato said in SPF issues:

@bbigford said in SPF issues:

@dbeato said in SPF issues:

@bbigford said in SPF issues:

@dbeato said in SPF issues:

@bbigford said in SPF issues:

This one is stumping me. I resolved another engineer's issue, but I don't see why there was an issue to begin with. Here are some high points:

On-premises Exchange server. Another provider needed to be added to SPF, as they are a service that sends on behalf of the client's domain. v=spf1 mx a include:exchange.ourdomain.com include:mail.sendingproviderdomain.com ~all Above SPF record was present when issue was happening. I looked up their spf record, which was v=spf1 ip4..... many IPs. PTR for exchange.ourdomain.com resolves, using MXToolbox. Forward lookup is fine as well. Removed mx a include:exchange.ourdomain.com and added ip4:<OurPublicIP> v=spf1 ip4:<OurPublicIP> include:mail.sendingproviderdomain.com ~all

What I don't get is why the first SPF doesn't check out. There is a PTR record in GoDaddy, and a host record pointing at the correct IP. SPF should read "any MX records, and IPs, for exchange.ourdomain.com are allowed to send; including a provider, and for spoofing there will be a soft fail".

Where am I wrong?

SPF does not neck the mx records of the includes, it checks only the A and MX records of the domain with the SPF record. You should add the SPF record of the exchange.ourdomain.com Email Servers (Namely Office 365, G-Suite or any other email vendor).

On-prem Exchnage. I also saw a vendor that has theirs written as mx:<email.domain.com>... I've saw some written with a:<hostname> but not mx: ... Didn't know that was a thing.

So how would you write an spf record for our instance to have validation? It works now with the public IP, but I can't figure out why the FQDN doesn't work.

Is your exchange.ourdomain.com hsoted elsewhere than Internally?

Hosted? I'm not sure I understand the question. It's internal Exchange, record is in GoDaddy.

Yeah, l was wondering if it was Office 365 or same type outside the office. But in short having include:exchange.domain.com it is looking for all the SPF records on that subdomain which causes the failure on lookup.

Why does that cause a failure? Can you explain a little further?

Okay, so this is the SPF you had and was failing

v=spf1 mx a include:exchange.ourdomain.com include:mail.sendingproviderdomain.com ~all

Now this record was stating that the following records were allowed to send on behalf of your domain:
1-The MX records of your domain
2- The A records of your domain
3- The SPF record of exchange.ourdomain.com
4- The SPF record of mail.sendingproviderdomain.com.

Since you did not have an SPF record for exchange.ourdomain.com it was failing to register that as an allowed Sender.
If you wanted to include the exchange.ourdomain.com on your SPF it should be as below:

v=spf1 mx a ptr:exchange.ourdomain.com include:mail.sendingproviderdomain.com ~all

A PTR is what search for domain names on the SPF.

See more here:
http://www.openspf.org/SPF_Record_Syntax#include
http://www.openspf.org/SPF_Record_Syntax#ptr

Thanks for the clarification. At a very basic level, would it be correct to say include:exchange.ourdomain.com is creating essentially a circular lookup, since the SPF record there includes a sub domain that it is already trying to look up? Because of that reason, ptr:exchange.mydomain.com is looking at the IP... I could put ip4:<ourPublicIP>, but if I put ptr:exchange.mydomain.com I can change the public IP lookup in less places... this being one less place.

Is my thinking correct?

Yes, your thinking is correct.

Cool, thanks.

You got it anytime.

Uber, like pretty much anyone their size, probably uses a combination of their own datacenters and cloud for scaling. Some large players go purely cloud to keep things simple and consistent. Others do a mix so that they don't have to pay for their own scaling.