• Ubiquiti ES48-500W
• Netgear GS724Tv3
• 2 x PowerEdge R210II running HA Sophos UTM 9
• 1 x PowerEdge R210II used for family remote backup
• 1 x PowerEdge R210II for the teenage kid to run Minecraft and some other war game for he and his friends
• PowerEdge R710 & MD1000 Veeam backup target (52TB RAID6)
• Spare MD1000
• PowerEdge R510 Hyper-V host running Plex media server (60TB RAID6)
• PowerEdge R420 Hyper-V host running a bunch of VMs including various desktop OS for testing as well as FreePBX, Sophos iView, Fastvue
• PowerEdge R610 spare server. Will probably get sold off as I haven't used it in some time.
• 2 x Dell 1000VA UPS
• Not pictured is a Synology DS2415+ as offsite backup target (80TB RAID6)

@kelly said in What is your perspective on the overall tone of interactions here on ML?:

Am I being too sensitive, or can this be a somewhat hostile place at times? (Telling me that I'm wrong here is not being hostile, btw.)

Nope, not oversensitive. It's very true that this can be quite a hostile place.

Two things I try to keep in mind.

1. I'm an adult. I can choose to participate in the animosity or choose to ignore the assholes. I pick and choose what is useful here and to be honest, the useful stuff far outweighs all the other bullshit I see.

2. I'm a professional. I know more than some, and some know much more than I. So I don't care too much if someone is going to be an asshole. Because if I post a question and I get useful information, I'm ahead, despite any animosity or hostility. If I post a response to a question, hopefully it's useful to someone. Of course, if I post a response and it is technically incorrect, I appreciate the responses that allow me to learn. Everything else gets ignored (most days).

ClamAV is available for Nextcloud.

https://docs.nextcloud.com/server/12/admin_manual/configuration_server/antivirus_configuration.html

Is it just me or are we hearing about these things almost every other day?

https://www.theregister.co.uk/2017/05/05/intel_amt_remote_exploit/

I've been complaining about my current Ubiquiti ES48 switch only having 2 SFP+ ports for 10G and I've had a few Intel X520-DA2 cards installed on my home lab servers for a while just waiting for a reason to make the full move to 10G. Looks like I found it.

https://store.ubnt.com/beta/unifi-switch-16-xg.html

Beta, true, and I may have a few headaches but it's for the home lab so I figured, at $299 for a 16 port 10G switch, I had to do it. Cross my fingers it doesn't turn out to be a dud.

@DustinB3403 said in CP - Dell vs HP server quotes:

I've received two quotes for new server hardware - one from our local reseller and one directly from Dell. As far as I can tell, the two quotes are identical spec-wise but the local reseller is almost $12k more expensive. Here are the two quotes:

Quote from Dell:
2x Dell PowerEdge R430 servers $6,665.60

• 2x Xeon E5-2630 v3 CPUs
• 2x 32 GB RDIMM
• Diskless configuration
  1x Dell SCv2020 iSCSI SAN $10,303.26
• 14x Dell 1.2 TB SAS 12GB, 10k, 2.5" HD
  1x Dell N2048 gigabit switch $1,693.49

TOTAL: $18,662.35

HP Quote from local reseller:
2x HP ProLiant DL360 servers $7,266.00

• 2x Xeon E5-2630 v3 CPUs
• 64 GB RAM (unknown configuration)
• Diskless configuration
  1x HP MSA 2040 SAN $20,932.00
• 14x HP MSA 1.2 TB 10K SAS 2.5in drives
• includes $5,850 in labor so actual price
  is only $15,082
  1x Cisco Catalyst 2960-X gigabit switch $2,320.00

TOTAL: $30,518.00

Difference: $11,855.65

Is there any reason why I should choose the HP solution over the Dell solution? I will be running vSphere 6 on these servers. I'm not familiar with managing either server line so either way I'll be learning new management tools. When it comes to support I think I trust my local reseller more than Dell but $12k extra is hard to stomach just for that.

[Edit: CP Code M.]

Unless that OP is restricted to 1U hosts, I would go with the quote from Xbyte for Dell 730xd with same specs as in quotes is

Multiply by 2, add Starwind's vSAN and a couple 10Gb NICs and he's done. Especially if only 2 hosts. Same(ish) price, way more reliability, better performance all around. I'd post that reco on SW but would likely get banned lol.

The one thing not mentioned is if there are other hosts connecting to the SAN.

This is from the same government that wants to insert backdoors into all encrypted communications? Gotta love the duplicity of that kind of bull$hit! Let me poke holes in your security but if you get breached, I'll punish you. Lol

@Helen No one in their right mind is going to click on a shortened URL. No reason for a shortened URL here. I get you may be wanting to get your click reporting out of this but I think you've chosen the wrong community for a bitly link.

https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

The Nextcloud advisory:
https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/

1. What are the right questions a first-time colocation seeker should be asking?
2. How should colocation facilities be compared against one another? Pricing is obviously important but when services differ between offerings, what can be used to provide a valuable, effective comparison.
3. What are the most common "gotchas" that need to be considered in colocation?
4. Are there things that come up with tenants that surprise you on a regular basis? Perhaps things they should have known?
5. What's the dumbest thing you've seen from a tenant?

@NashBrydges Guess you can take a horse to water but you can't force him to drink.

@Pete-S The modules have all been reseated and swapped around to other slots and still the same thing. The same 6 slots remain unidentified (or unoccupied according to iDrac).

The CPUs are E5-2650 v1.

I've already had the conversation with the owner. Looks like we're going to keep things as they are since everything is operating normally (with the obvious missing RAM). We have good tested backups with another server to migrate the workload to in under an hour should something fail. He's unwilling to spend the cash on a new server and a deep diagnosis will be pretty pricy to pay for my time so...status quo for now.

@Pete-S That's what I also thought. I will have to spend some more time digging all the module numbers out tomorrow once I'm back there. There has to be something mismatched somewhere. Can't imagine anything else at this point.

@Danp I did, yeah, no quad rank dimms.

Here's a weird one. A new client with a Dell PE-R720XD SFF has 24 x 16GB sticks occupying every available slot in the server. As part of my inventory discovery work, I noticed that there are 6 slots that do not recognize the memory installed. Checked all modules and they are all the same Samsung ECC RDIMMs @ 16GB 1333Mhz memory so it isn't a compatibility thing. Spent a few hours moving modules around but appears as though the same slots are not recognizing memory regardless of which stick I have in there. It appears to be channel related because all unavailable slots are Processor 2 Channels 0 and 1...essentially 2 channels are not recognizing memory on that second processor.

The weird thing is that the server is running "perfectly". I add the quotes because while there are no errors and all VMs are working well with no degradation in performance, there is obviously an issue.

B1 = Processor 2 Channel 0
B2 = Processor 2 Channel 1
B5 = Processor 2 Channel 0
B6 = Processor 2 Channel 1
B9 = Processor 2 Channel 0
B10 = Processor 2 Channel 1

To make sure I wasn't missing anything, I checked the manual and for 2 processor setups, the memory currently installed should work properly. I've also reseated every single module just in case.

There are absolutely no log entries indicating any issues with memory going back over a year and the server has been rebooted a number of times since I've been looking at the memory issue.

I've also run the Dell diagnostics utility on boot-up and everything checked out ok with a PASS on everything.

Before I start dismantling the server to diagnose, any thoughts as to what to test next?

These are the troublesome slots.

@Pete-S No external access so they are golden. Password has been changed to a 20 character one as well.

@NashBrydges Yep, changed it to yes and now I can access via SSH!!! Thank you for the help!

@Pete-S Ah, I see that line is commented out. I suppose I need to change that to "yes" and uncomment?

Here is the full content...

cat /etc/ssh/ssh_config
#	$OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,[email protected]
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k
#
# This system is following system-wide crypto policy.
# To modify the crypto properties (Ciphers, MACs, ...), create a  *.conf
#  file under  /etc/ssh/ssh_config.d/  which will be automatically
# included below. For more information, see manual page for
#  update-crypto-policies(8)  and  ssh_config(5).
Include /etc/ssh/ssh_config.d/*.conf
> cat /etc/ssh/sshd_config
#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# To modify the system-wide sshd configuration, create a  *.conf  file under
#  /etc/ssh/sshd_config.d/  which will be automatically included below
Include /etc/ssh/sshd_config.d/*.conf

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
# problems.
#UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	/usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server

@NashBrydges
The 'include' location has a single file named '50-redhat.conf'

That files contains...

# The options here are in the "Match final block" to be applied as the last
# options and could be potentially overwritten by the user configuration
Match final all
	# Follow system-wide Crypto Policy, if defined:
	Include /etc/crypto-policies/back-ends/openssh.config

	GSSAPIAuthentication yes

# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
	ForwardX11Trusted yes

# Send locale-related environment variables
	SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
	SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
	SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
	SendEnv XMODIFIERS

# Uncomment this if you want to use .local domain
# Host *.local

@Pete-S

> cat /etc/ssh/ssh_config
#$OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,[email protected]
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k
#
# This system is following system-wide crypto policy.
# To modify the crypto properties (Ciphers, MACs, ...), create a  *.conf
#  file under  /etc/ssh/ssh_config.d/  which will be automatically
# included below. For more information, see manual page for
#  update-crypto-policies(8)  and  ssh_config(5).
Include /etc/ssh/ssh_config.d/*.conf