Best posts made by taurex

Honestly, anything higher than the 1080p resolution on a 13-inch laptop is a gimmick. The screen size is simply too small for any practical case of higher resolution. And even with 1080p, I have to scale my 13.3-inch laptop to 150%.

I have to deal with this from time to time. Usually, some crappy legacy client-server LOB apps. The workloads are normally so tiny and simple that suggesting server hardware for them is a waste of money. Some of their vendors don't even add server O/Ses in the technical requirements. Most small shops don't even have enough physical space to run server hardware properly let alone willing to spend a few grand on a server, MS licencing and the labour to set it all up for them.

I remember the advice @Obsolesce gave the other day, just buy the least expensive Server Essentials licence and stick it on a Win 10 box where the app runs. This won't help anyone with more than 25 users or devices, though

On a side note, why on Earth are you using SMB1 protocol? Turn it off everywhere, It's insanely insecure. Ransomware loves SMB1. Also, turn on SMB support on the Synology all the way up to SMB3.

Try iPerf. It definitely puts storage out of the equation. Try using it with parallel threads to get more accurate results what the link can really handle. Also, it would only test TCP throughput by default but you can test UDP on a client side with -u switch. There are tons of guides on it online.

I came across this WTF configuration in one of the local medical centres. Two low-end Sophos boxes are behind a $20 switch that is also connected to the single fibre Internet connection provided by an Ethernet demarc device (not shown on the image). Apparently, each firewall is set up to serve 50% of the available WAN bandwidth to their tenants...

Hi All,

I'm having a rather interesting issue here. There is a Unifi network I recently set up with dual WANs. One is the main one - PPPoE WAN1 (FTTP) and another is WAN2 in a failover mode using a Dovado Tiny AC router in bridge mode with a Huawei E3372 4G USB modem. There is also a couple of SIP phones - Yealink T46S and T48S, all on a single LAN registered with a Cloud Asterisk-based PBX. When WAN1 failovers to WAN2, the Yealink SIP phones easily re-register with a 4G public IP but when Unifi fails back to WAN1 the phones still keep WAN2 IP registration even though every 120 seconds they re-register with the cloud PBX. After a fail-back, traceroute from the USG to the cloud PBX shows that the traffic is, indeed, exiting via WAN 1 but on the Unifi controller dashboard, it still shows the WAN2 public IP as the gateway address.

Has anyone experienced any such behaviour with a similar setup? Is this usual for SIP registered phones to specifically route VoIP traffic out of WAN2, even though all other traffic has failed back to WAN1? Or is SIP registration process separate from the actual route the SIP traffic uses to reach the hosted PBX? Why the default gateway on Unifi controller dashboard still shows WAN2 public IP after it's failed back to WAN1, is this a Unifi bug? Thanks.

I believe you need to define another ESP and IKE group for the site-to-site Tunnel 2. Also, your remote L2TP pool overlaps with one of the existing interface's IP range. It might overlap with the existing DHCP lease or a static address on your 192.168.4.0/24 network. I would make the remote pool totally different.

Do you have static public IPs on both ends? If yes, I'd do route-based site-to-site VPN with VTI interfaces instead. It stays always on as long as there's network connectivity between the peers. No need to define multiple individual policies either.

@JasGot said in GPO question:

@taurex said in GPO question:

From my experience, BYODs make resetting AD passwords for students a time-waster for IT. You should delegate this to non-IT staff like school librarians and teach them how to use a password reset app like Wisesoft's Password Control (with giving them appropriate permissions like only for students OU, of course) or get your software developer to create a web-based password reset kiosk for students and staff with BYODs.

We've learned since the original post, this is not an AD/OU environment. Your point about 3rd party password control is a great option for domain admins though.....

But those students still have accounts in OP's AD, right? It's only their devices are BYOD.

Normally, I start with 2 vCPU and 4 GB RAM for GUI-enabled Windows guests and 2 vCPUs with 2 GB RAM if they're GUI-less. Lots of trivial AD workloads like DC, DHCP, DNS, NPS etc. run fine with 1 vCPU but I found assigning one extra virtual CPU does make updates running somewhat faster. In most cases in my experience where VM CPU usage jumped above 75%, the spinning rust was the culprit, especially if a SAN was in use, it had nothing to do with the actual host's CPU power.

@jim9500 said in New IT update 60TB / 60 mil files / 20 people - HP Equipment:

D3700

I'd add one thing that sometimes gets overlooked with all-flash storage. A lot of software or hardware-based storage solutions offer inline dedupe and compression that helps save even more storage with SSD.

@scottalanmiller Thank you. It's good to be here!

Thanks everyone for your advice and suggestions. It looks like, despite the Yealinks still register with WAN2's IP, all packets including SIP use the WAN1 to reach the hosted PBX. I'm not sure how the hosted PBX sends out the SIP traffic back to the phones, though, but the counters on WAN2 show a very little amount of sent and received packets, much less than a typical SIP traffic for a day there.
When I disable WAN2 the phones have no trouble re-registering with the main WAN. The problem is the soft fail-back when WAN2 doesn't get disabled, it just gets a higher metric on the USG routing table. Last time when the 4G data expired, all Internet traffic was unaffected except the phones.
I do like Unifi Controller in terms of remote management but the WAN fail-over feature seems to be too raw at the moment.

Just remember @WrCombs that you can set up static routes both on the client VMs or the router VMs. Most of the time, you'd want this to be set up on your routers because it's more manageable this way plus you can use dynamic routing protocols at scale. However, in some real-life scenarios like remote access VPN with split tunnelling, a route to the secure remote network needs to be added on the client machine itself (with L2TP at least).

@scottalanmiller that's exactly I was trying to point out. Storage for the camera footage is important not just in terms of available space. There may be a case where the OP would need to directly access his recordings in case of emergency to provide them to the authorities when the host is no longer available (stolen) or damaged. Having them stored on a separate NAS inside a shared folder would certainly make the above job easier. Having said that, this can also be done by simply backing up the video files elsewhere or syncing them offsite.

You should disable time sync in the Hyper-V integration services on all your DC VMs but make sure your Hyper-V host is syncronising its time with the same external source. When your VMs are restarting they can only fall back to the hypervisor's time since there is no real CMOS for obvious reasons.

Check if UDP port 123 is not blocked by the VM's Windows firewall, on your network or by your ISP.

AFAIK, only internal licenced O365 users can have access to a shared mailbox. The client needs to keep their domains (and emails) on the same O365 tenant alongside each other to make it work. Seems like a desirable feature, though.

@justin867

There is no such thing as the best backup product. For instance, Veeam is great but it doesn't back up network shares. Unitrends is good too but its appliance needs Hyper-V installed as a role and so on. It all comes down to finding the right product to suit particular needs, rather than trying to look for ones with all bells and whistles.

Regardless, you simply can't properly propose or suggest anything related to backups without knowing organisational RTO/RPO for the said services (file servers). Business continuity and disaster recovery documentation should include these objectives. Otherwise, work with the finance dept to find out how much downtime are they're able to sustain without much harm to the business and go from there.

@CCWTech You'd likely need something that's known as Backup as a Service (BaaS) app. You might have to rely only on agent-based backups for VMs without a backup appliance. I believe the main reason behind backup appliances/servers is agentless VM backups.

Hey @Donahue. Have you looked at free Starwind Tape Redirector by any chance? It basically allows you to present a tape drive attached to the host as an ISCSI LUN to your Veeam B&R's Windows Server VM so the backup software would see it directly installed. Wouldn't this solve your problem?

HA doesn't come cheap most of times.