Posts made by notverypunny

@PhlipElder said in Multiple Tombstoned DC's:

@Fredtx said in Multiple Tombstoned DC's:

@notverypunny said in Multiple Tombstoned DC's:

@Fredtx does the isolated site still exist in Sites and Services? What's the plan for that location if the ideal end goal is to have the vpn tunnel down and no site to site connection? (apologies if this was already covered)

Yes, the site still exist. I'm just confused as to why the KCC is adding the connection to the link when there is no network connectivity to that site. From my understanding, the whole purpose of the KCC is to create connections with the best paths, which this one would NOT be the best path since there's no network connectivity.

Is the defunct site's subnet set up in Sites? That's what is going to need to be changed or removed.

This is where my idea was headed, but wanted make sure that the OP realized that without AD connectivity it's going to be entirely off the domain and that his other domain machines are going to tombstone as well (if they haven't already)

@Fredtx does the isolated site still exist in Sites and Services? What's the plan for that location if the ideal end goal is to have the vpn tunnel down and no site to site connection? (apologies if this was already covered)

@WrCombs said in Task Schedule Failed:

SO Iknow whats causing the issue, I'm just not sure how to fix it.

Windows 11 device, Task is scheduled to start a program

c:\program files (x86)\Parent Director\Subdirectory\program /switch1 /switch2 /switch3 

It shows Last Run results 0x4 Which I find out means "System can't access path/file"

I Changed user, and tried running it again (different admin user) no change, same status.

I go to CMD to see if I can path to it - Can't find path specified - tried writing it a different way (with spaces, without spaces)

Having a hard time understanding why it can't run this program - it's needed to import sales into a different system every day.

The owner of the software suggested making sure DotNetFramework 4.5 or higher was installed and repair it. which it is, 4.8 is installed currently.

Any ideas how I can resolve this?

Ideas:
1- try using single or double quotes around the path, simple way to get the "proper" path is sometimes to use tab-completion

2- if the above doesn't work, maybe try having your scheduled task call a batch or .cmd file (or powershell) which invokes the executable

Depending on your workflows it might be best / easiest to leverage the "Teams" setup and mentality. The teams to which a user belongs are automatically listed in their teams view and they can either access the team files directly within the teams app or there's an "Open in SharePoint" option.

Watch out for moving groups that are heavy excel users. It's been my experience that they love to link to external documents with drive letters or paths that will throw you for a loop and they'll deny (or be completely unaware) that's why they hate the new file setup.

Good luck and keep us posted, we've got a similar undertaking on the radar here at my new gig.

@scottalanmiller said in Tactical RMM:

@dustinb3403 said in Tactical RMM:

@notverypunny said in Tactical RMM:

@scottalanmiller said in Tactical RMM:

TacticalRMM is no longer completely free. It's open source, so I'm not completely unhappy about it. But it is at least $50/mo for full functionality (unless you alter the code yourself to disable the fee... which they even say that you can do.)

https://docs.tacticalrmm.com/code_signing/

I don't think that the code-signed agents were ever available free of charge....

Correct, they haven't ever been.

Scott simply isn't paying attention.

Non-signed agents were available before. Now only limited platforms. It's VERY different.

Maybe something that was available in the beginning or that I missed along the way. My understanding is that TacticalRMM was only ever usable with Windows endpoints. I seem to recall reading that there was a possibility of some Linux functionality being developed but I can't recall it ever having been rolled out on Tactical. I know that the mesh agents have been available for many more platforms for quite some time, but this is the first mention I can recall seeing that TRMM was ever available for anything other that Windows.

@scottalanmiller said in Tactical RMM:

TacticalRMM is no longer completely free. It's open source, so I'm not completely unhappy about it. But it is at least $50/mo for full functionality (unless you alter the code yourself to disable the fee... which they even say that you can do.)

https://docs.tacticalrmm.com/code_signing/

I don't think that the code-signed agents were ever available free of charge....

I've gotten too used to KeePass over the years and have a hard time getting used to or trusting anything else

If you're starting from scratch I'd suggest taking a serious look at leveraging TacticalRMM (or something paid if you really want to spend money) instead of WSUS. (As mentioned by others)

If you do have to go the WSUS route for whatever reason(s) make sure to automate the maintenance scripts that microsoft references / provides in their online documentation. Why they don't integrate those scripts into the core product is something that I'll never understand but hey, they're making $$$ and I'm just a sysadmin.

An option that nobody has mentioned is doing split-brain dns for your WSUS.

Assuming that you've got a domain, setup something like updates.company.com with the appropriate security and forwarding externally and the necessary entries on your internal Windows DNS. Make sure that everything is setup with SSL and you're golden. So if the folks are out of the office, they'll still be pulling updates from your WSUS server, under your control. Hell, depending on how your firewall handles hairpinning, it might be best to forget about the entries in the internal DNS and just have everyone connect to the public IP, eliminating any instances of it having to deal with VPNs.

@scottalanmiller
I don't have anything to test with at the moment, but what about

https://mirror.csclub.uwaterloo.ca/ubuntu/dists/impish/

I can navigate through the directory structure, and it seems to have the same overall content as the other releases.

Would manually pointing the apt sources at impish indri and running dist-upgrade work at all? I'd definitely want a full system backup before trying something like that, and since the other posts say no external storage it's likely off the table. Option to get around the no drives issue would be a cloud backup of the docs and such that would need to be copied back and forth... unless there's another PC / laptop / workstation that could be used as a backup repository.

@dafyre said in NIC issue windows 7:

In the Network Adapter options, disable anything that says power managment.

There's a couple of power management options on the NIC, but IIRC there's some bus-related power management options in the power-profiles. I've seen the NIC-related options take an interface off-line, but where you're saying that it's disappearing completely, I'd be more inclined to look at PCI or chipset drivers and settings.

Thanks for the input everyone, it's pretty much in line with my own thoughts on the subject. In case it wasn't clear, the points outlined in my initial post were a simplification / summation of the arguments that I've previously come up against with regards to using ZT for anything more than a hobbyist type of setup.

Wondering what the overall opinion(s) are with regards to ZeroTier and information security / confidentiality when using a hosted controller.

I've had cursory discussions with other IT folks in the past and they seemed to be wary of ZT with regards to confidentiality and information security because:
-- Point 1 - ZT, in their own docs claims to basically emulate a L2 switch
-- Point 2 - L2 switches can be sniffed via span / mirror ports
-- Point 3 - As an IT pro you wouldn't connect your endpoints directly to someone else's L2 switch without due-diligence / NDA etc etc etc legalese necessary for colo and datacenter setups due to Point 2

They (ZT) also make the claim that data is E2E encrypted, "and can't be read by roots or anyone else"

So FWIW, my previous gig (changed 3 weeks ago) was full on VDI for the office workers.

Without getting into anything that could risk confidentiality here's what was working and was being built on....

Citrix VDI infrastructure (Netscaler, storefront, director etc)
Non-persistent VDI
Nutanix hosts (clustered) with their AHV hypervisor
User profiles managed with Citrix Profile management on dedicated profile servers

There's much more detail that could be explored, but those are the main elements of the 3rd iteration of VDI.

Not sure if the option of Windows / Azure / cloud VDI makes sense unless your workload is in the could as well. Assuming that the main reason that you need / want VDI is to keep the endpoints near your ERP or workload so having the VDI off-site would defeat the purpose and probably cost an arm and a leg.

Anyone tried it out yet?

https://chromeenterprise.google/os/chromeosflex/

What about using a refurb (or new) full tower with 2 or 4 drives and a simple server OS install (Ubuntu, Fedora, opensuse or a more focused system like rockstor, freenas etc etc). That way you've got easily replaceable commodity hardware and eliminate dependancies on proprietary HW and probably reduce the timeframe for availability / application of software patches and security fixes.

With it being for a school, are you able to get discounted education pricing?

@jimmy9008 said in Cloudflare Spectrum alternative:

@dashrender
There are a range of TCP/UDP required ports for the solution to work. Once example is EDT. Our DC team have that on to help the user experience for remote connections. I think that is UDP 2598. There are other examples too.

TCP / UDP : 2598
TCP / UDP : 443
TCP: 8008
UDP: 16500 - 16509

I'm not the citrix expert in our shop, but we're full VDI (XenDesktop) with S4B and Zoom both running HDX and the only thing that we have to have open to the internet is HTTP and HTTPS incoming. I'd ask the questions surrounding why those other ports have to be open inbound (and make sure that the answers make sense) before spending anything or adding more moving parts into the picture than you've already got.

2530-8G-PoE+ Switch (J9774A)

@dashrender said in Random Thread - Anything Goes:

@nadnerb said in Random Thread - Anything Goes:

Context is everything.

I took it more as globally defining variables is bad