DK2what is the best practice for vpn @ windows server 2012?
DK2it doesnt have IPSEC so i have to go PPTP?
visceraWhy aren't MSAs supported for DHCP DNS updates? $cred=(Get-ADServiceAccount -Identity FOO); Set-DhcpServerDnsCredential -Credential $cred
visceraIt fails with "Cannot process argument transformation on parameter 'Credential'. userName"
visceraI've done Insatll-ADServiceAccount -Identity FOO on the host in question and that worked
visceraLike isn't this a very common place where you'd want an MSA?
visceraAnd if I try and set it via the GUI it complains about a missing password
visceraACTION gave up and used a non-MSA account
CptLuxx[07:40:57] <DK2> it doesnt have IPSEC so i have to go PPTP?
CptLuxxipsec with l2tp ..
CptLuxxplease dont use pptp
CptLuxxms released another patch for win xp..
DK2CptLuxx but windows doesnt support native ipsec
CptLuxxand?
CptLuxxuse ipsec with l2tp or use third party client
DK2like openvpn'?
CptLuxxor a third party ipsec client..
dan_jHi. Has anyone here used SPLA licensing? There seems to be a difference for OEM vs SPLA with regards to the number of VMs you can run on Windows Server 2016 Standard when using SPLA licensing and I want to see if anyone else has noticed that.
dan_jjessec: thanks for your help the other day. I reinstalled that VM and it's all working fine.
dan_jjessec: fyi, it seems that SPLA licensing only allows one VM with the standard edition license, not two. I think it's OEM that allows two vms.
BrskiHey, does anybody know if it's possible to install KB2966870 without having KB2919355?
cbauerdoes the "trustedhosts" property for winrm service accept an Ipv4 address or only a hostname?
helloNLHey, when uploading a file with PHP on IIS I get that the realpath is false, anyone know why?
helloNLI am not able to find it on google
scotepiI am trying to set up replication between 2 Hyper-V Core servers. I have it working from vmsv01->vmsv02 full failover and fail back, but not from vmsv02->vmsv01. Get-VMReplicationServer & Enable-VMReplication fail with "You do not have the required permission to complete this task"
scotepiI am in a workgroup setup and have certificate's set up (omg are there a tone of outdated guides)
scotepihttps://pastebin.com/GfJagC9s however trying the same Get-VMReplicationServer on vmsv01 with -ComputerName vmsv02 now fails, it did work before. however replication is still going from 1->2
HyP3rHello Everybody, I have here just a question about: "How can I do this in a good way". We need to host our Contacts which we are NOW having in a Shared Folder inside our Exchange and editing them with Outlook, in LDAP. The reason for that is our PBX need to access them, and the PBX is only to able to read LDAP Objects.
HyP3rSo my quetsion is: "Whats a good way to solve that?". In the best case all useers should be able to edit this catalog of contacts (with outlook) AND it should be stored inside a LDAP (Active Directory).
HyP3rIs there a way to do this?
compdocon the server, if someone were attempting to guess a password, what log would I check to see activity?
bewbssystem log
oumsecurity I think
bewbserr esecurity
oumlook for failed audits
bewbsyou know
bewbsi wish they'd make that stupid window expandable
bewbsshows 3 lines
bewbshas 300 lines of data
HyP3rIs there a way to export the shared folder contacts with some scripting language
HyP3rpowershell e.g.
compdocthere are never any failed audits. maybe I need to enable something
HyP3rcompdoc: in some infrastructures controlled by domain controllers there gpos which is controlling this
HyP3rcompdoc: maybe you have to enable this there
HyP3rcompdoc: we have especially for this a gpo
compdocim googling it now
helloNLHow can I change permissions on C:\Windows?
naph-WTake ownership
helloNLI do not see the option for that when going to the security tab
helloNLNevermind
bewbswhy do you want to take ownership on c:\windows
kuaharaWhy is it that I'm having nothing but trouble using diskmgmt.msc to accomplish anything lately? Used to never have problems with it. Now it's never able to delete volumes, shrink volumes, extend volumes, etc... options are always backlit and unusable.
bewbsthere's a security tab that will let you explicitly define the rules
helloNLbewbs: I must as changing php.ini to change the location of the temp folder doesn't work
helloNLAnd getRealPath returns false because the server doesn't have the permissions on all underlying folders
bewbsi'm sure there's a better way to do that
bewbsif you take ownership that means that you are removing ownership from a system user
kuaharawas having a problem using it to rejoin two partitions on a thumb drive, both unallocated. diskpart, select disk 1, clean wouldn't work. file not found problem. a google search result suggested using the chromebook recovery tool to remove and recreate the partitions would resolve that issue.
bewbswhich could create it's own set of issues
helloNLWell I am stuck with this some time already
kuaharaHowever, after using it to select the thumb drive, it went ahead and shrunk my system volume by 11GB and started formatting that instead. The disk for the thumb drive was clearly selected before I began
kuaharanow I can't rejoin that new part back to the system volume either
bewbswhy not edit the permissions of php.ini's containing folder to add r/w access for the user trying to access it
helloNLWell the problem is that IIS_IUSRS user needs execute permissions on the temp dir and everything underlying it :/
naph-WTaking ownership of C:\Windows is a sure way to end up with problems
helloNLAnd Well I tryed changing the temp folder to D:\Temp and have the permissions on there but it still uploads to the Windows directory
bewbsif you're running IIS, there should be nothing in windows that it needs access to
bewbsyour IIS dir should be C:\inetpub\
helloNLWell it uploads to C:\Windows\Temp
bewbsthat's where everything should be happening
helloNLWell the tmp files from the uploads don't get there
bewbssounds like something in IIS is configured wrong
helloNLWell I try changing it in php.ini but that does not work :/
bewbsbecause i'v ebeen running IIS for years in windows with all sorts of stuff and never had to grant permissions to c:\windows
bewbsdid you change the correct php.ini?
bewbsther'es often multiple
helloNLsys_temp_dir = "D:\Temp" is in my php.ini and well it ignores it
helloNLI changed the wrong one
bewbsbingo
helloNLupload_tmp_dir makes a lot more sense
bewbsdo it right and you only have to do it once
helloNLIndeed, just didn't know this
bewbsthere's nothing you should need to change hte permissions of windows dir for in iis
GaurhothI'm looking for a HA solution for CIFS/SMB without using MSCS (our storage backend no longer supports RDMs so we can't use shared storage for MSCS in vsphere). Anyone seen such a beasty I can research?
helloNLbewbs: thanks for the help
helloNLIt works now
helloNLOnly question, how do I change ownership back to TrustedInstaller on C:\Windows, the user does not exist in the list :/
maddawg2hey all, hoping someone can help me. I'm trying to migrate an exchange server to a new server and I happen to notice that the previous exchange server had no limit on mailbox sizes but now I want to set a 4GB limit. However the first step is to get everyone's mailbox under 4GB. I have some users who are upwards to 10GB in mailbox size. I thought about doing the autoarchive function for emails older than 3 years but for some reason it seems
maddawg2odd that it only archived 124MB worth of emails
maddawg2that would mean this user i tested with 6GB mailbox increased the vast majority since 3 years ago
maddawg2is there a tool that I might be able to use that might give me a way to archive mailboxes based on mailbox size... like set a target size and have it archive messages until the mailbox is below the target size
kuaharameh. minitool free partition wizard app kicked Windows' butt something diskmgmt.msc used to be able to do just fine.
TheRabbitmaddawg2, users will have to archive
Toaster_StrudelIn office 365 online you can add a shared folder to your mailbox that persistently shows up. How do you do this with the outlook 2016 client?
Toaster_StrudelStrange thing is that it continues to show in the online version, but will not sync to the outlook config
bewbsToaster_Strudel https://pics.onsizzle.com/Instagram-Oh-7c9e0e.png
bewbsevery time i see your name
xnomarhaha
bewbsi was going through my security logs and don't have any failed login attemps on this box
bewbswhich i find odd because it's accessable via rdp externally on 3389
Passw0rd1sOv3rU5whats the problem?
bewbsnothing, just find it odd
Passw0rd1sOv3rU5are you auditing succeful connectoions?
Passw0rd1sOv3rU5cause you might wanna check those too
bewbsyeah i see me logging in
bewbsi just don't see anyone else trying
CptLuxxoh a dutch person helloNL
sepeckwell, it's you. People just don't like you enough to hack
bewbsi'm ok witht hat
CptLuxx[17:48:12] <bewbs> i was going through my security logs and don't have any failed login attemps on this box
CptLuxxmaybe you are already hacked
bewbsthey're really not doing anything interesting hten
helloNLEvery hour copy logs to a different server. Makes it a lot easier to see if someone changed the logs when they did hack you :P
helloNLAnd hey CptLuxx
Toaster_Strudelso...
Passw0rd1sOv3rU5yeah just set up centralised windows logggin gthough group policy
Toaster_Strudelanyone know what I'm talkin bout with my question?
Passw0rd1sOv3rU5https://www.loggly.com/ultimate-guide/centralizing-windows-logs/
Passw0rd1sOv3rU5@toaster you question was?
bewbs[2017.06.14-11.43.12] <Toaster_Strudel> In office 365 online you can add a shared folder to your mailbox that persistently shows up. How do you do this with the outlook 2016 client?
TheRabbitYou probably can't
Toaster_Strudelthx
TheRabbitor not easily
Passw0rd1sOv3rU5google knows how
Passw0rd1sOv3rU5ask it outlook 2016 add shared folder
Toaster_StrudelI google food it
Toaster_Strudelit doesnt' answer my question
Toaster_StrudelYou can do it in 2016 client, but it's not persistent
Toaster_Strudelas soon as you click out of the shared folder it goes away
Toaster_Strudeldesign oversight
Toaster_StrudelI think in older versions they used public folders or some bizz
TheRabbitOutlook team is more loath to make changes to their product then Office365 OWA team
Toaster_Strudelbut not really what they are going for with this
Toaster_Strudelit should be a pretty basic function
Passw0rd1sOv3rU5you an admin or a end user?
Toaster_Strudelboth?
Toaster_StrudelI'd expect the end user to be able to do this in outlook 2016 if they can do it in 365
Passw0rd1sOv3rU5just use a distro group in exchange to permintly add your user to their mailbox or something
Toaster_Strudelwell maaybe
Passw0rd1sOv3rU5https://4sysops.com/archives/managing-shared-mailboxes-in-office-365-with-powershell/
Passw0rd1sOv3rU5that way you just change your account info at the sever lvl to have the stuff in it instead of in the client
Passw0rd1sOv3rU5or just have the exchange servers auto map it i guess
CptLuxxnaphtali
diabillictoaster_strudel: shared mailboxes auto map in outlook
diabillicno additional steps required
Harlockanyone pushing a timezone registry entry via gpo?
Harlockseems like the entry doesn't get written to win10 1703
maddawg2TheRabbit we are archiving them the problem is we cant give a target size for the archive function onyl years
maddawg2the issue we have is that even if we archive every message they received that's older than 2 years it barely makes a dent in their inbox size
Harlockn/m i think i found the issue
maddawg2i want a way to archive based on a target size
maddawg2specify a way to autoarchive conents until the mailbox size is under 3GB in size
BobFranklyjust start deleting mail items over a certain size, warn them that mail isn't thier dropbox
maddawg2oh good idea.. i'm sure the CFO would live having 48MB email deleted lol.. i might jsut arcihve their entire mailbox
CptLuxxthen why is my inbox name dropbox?
maddawg2i read that if a PST is over 4GB it's not suggested as they tend to become corrupt
BobFranklywell obviously you delay the CFO
maddawg2is that still the case
BobFranklyjust give him an extra 40 minutes
BobFrankly:P
TheRabbitmaddawg2, where are you getting these sizes?
TheRabbitand mailbox sizes are laughable
CptLuxxlol 4gb
CptLuxxnaphtali has 99gb
grrrrr99 problems but...
CptLuxx germans.. im going to install exchange next week for 5 users
maddawg2TheRabbit, sorry.. I used the command: Get-MailboxDatabase | Get-MailboxStatistics | Select-Object displayname,totalitemsize |Sort-Object totalitemsize -Descending | Format-Table -AutoSize | Out-File -PSPath C:\path\to_file.txt
maddawg2that lists the mailbox sizes of each mailbox
maddawg2but if i go and look at the mailbox size in the outlook client it shows a completely different size
TheRabbitthat's because Outlook reports OST size which doesn't match mailbox size
maddawg2so what is in the OST that's not in the mailbox?
maddawg2errr excuse me what's in the mailbox on exchange that isnt in the ost file rather
CptLuxxwhite space? :x
maddawg2huh?
TheRabbitExchange and OST don't match size, I assume the file storage is different
maddawg2but some are like 5GB difference
maddawg2that seems very odd
maddawg2i think that'd make sense if the differences were much smaller but the differences are all over the map.. for example exchange reports a mailbox size of 7.5GB but in outlook the same mailbox shows as 3.2GB
maddawg2another was shown as 11GB but the actual size of the mailbox was 4GB
maddawg2(or in outlook it reported 4GB)
CptLuxxyou can configure how mutch months you want in outlook..
maddawg2that's for cached exchange
maddawg2we're not using cached mode
CptLuxxoh
maddawg2and that's also kept locally
maddawg2not on server
CptLuxxbut why?
maddawg2the issue is that the server is what's too large enabling cached exchange mode doesnt change the mailbox on the server side
maddawg2it only stores a local copy basically
CptLuxxi mean more.. why cached mode?
CptLuxxis there any good reason in 2017 for it? TheRabbit ?
maddawg2for cached exchange mode?
maddawg2like why would you use it?
CptLuxxfor non cached...
TheRabbitany good reason for what?
CptLuxxany reson not to use cached mode
maddawg2the main flaw i have with cached exchange mode is the fact that if i mark something as read on a mailbox that is shared on multiple user's outlooks (like our customer service mailbox) it doesnt always reflect read on the other clients
maddawg2but also address book changes or dist groups dont show with cached exchange mode if you make a change in the middle of the day
maddawg2you have to wait for the clients to resync
maddawg2but even then cached exchange isnt the reason why the mailboxes are smaller on the local client but much larger on the server
maddawg2the only thing i can think of is the retention time for recovered files and deleted items
maddawg2i think the server keeps them for some days after they are removed from the client side
maddawg2so i'd expect mailboxes to be larger, but not as large as they are reporting
maddawg2not with that much of a difference unless the retention time is insanely long
naphtaliLuxxi
CptLuxxwas up duded
TheRabbitACTION backs away
TheRabbitI can't handle this
naphtaliSame ol same ol
TheRabbitI'm afraid of whatever this is is contagious
naphtaliDon't give it to your MSP coworkers
c0mradeIf I want to upgrade my VM size let's say from A4 to D-Series of F-Series, what's the process of doing so?
TheRabbitI think just cahnge it out and reboot?
c0mradeThat won't work since changing from one series to another doesn't support a simple resize operation like resizing from lets say A1 to A4.
c0mradeThe hardware cluster the VMs reside support only A-Series VMs.
c0mradeYou can resize from A0 to A4 lets say but not to D or F or other types.
c0mradeThe physical hardware hosting my VM should support other VM sizes and because the VM size is A4, there's no option to resize from the portal.
CptLuxxopen a ticket?
TheRabbitMicrosoft is going to say "What you see in the portal is what you get"
TheRabbitso probably just new server, port applications, move on
CptLuxxwhat you see is what you get?
TheRabbitwith Office365/Azure, yep
TheRabbitif it's not available in powershell/Portal, you can't do it
TheRabbitend of discussion
TheRabbitMicrosoft makes money by not tolerating special snowflakes
c0mradeWell it's not available in the portal. But there's a way to do it. What am thinking is taking a snapshot or backup or clone the VM...
shadowRAMAnyone use the Acronis ManageEngine suite?
CptLuxxi stay away from aconis
shadowRAMany particular reason?
CptLuxxlots of features.. none of them works right
CptLuxxspeaking of theire backup product
c0mradeNow what's the process of doing so, I have a reserved IP attached to the VM instance and it has a persistence disk attached to it as well. I've done VM cloning once, but that was when I had to change the reserved IP and not the VM size, if I clone the VM would I be able to restore the cloned imaged to another larger VM size/type, I think no since the specs are different
shadowRAMinteresting, I've been testing out their patch management software, it seems to work pretty straight forward.
shadowRAMDoes 3rd party app patching, which is why we are looking into it.
CptLuxxeven the patch management on "comodoe one" works good
CptLuxxand that is free..
CptLuxx(for third party software)
shadowRAMso is the aconis patch management, free for 25 devices
shadowRAMi'll check out the comodo one stuff too though, thanks for mentioning it.
shadowRAMI've grown to hate wsus
CptLuxxwell its free for unlimited?
kuaharac1 is free for unlimited
CptLuxxand you can do more with it than just patches
CptLuxxwhat mister commodore kuahara says
CptLuxxbtw i tested the "mobilde device" stuff from comdoe one last week
CptLuxxwell.. it works ^^
shadowRAMinteresting.
naphtaliAcronis is listed above Altaro here Luxxi: https://www.itcentralstation.com/categories/backup-and-recovery-software#top_rated
CptLuxxdude
CptLuxxthats for backup software
CptLuxxwait what.. acronis is over commvault and altaro?
naphtaliYeah, I was searching for shadowRAM's ManageEngine thingy
naphtaliBut this came up in the results
CptLuxxi need to register and downvote acronis
CptLuxxnvm
CptLuxxits not based on rating naphtali
kuaharaACTION is willing to bet without looking that it is based on who is paying a commission to the review people
kuaharaaffiliate marketing /whatever
naphtaliHP Data Protector delivers comprehensive data protection, real-time intelligence, and guided optimization to ensure simple, reliable, intelligent and cost-effective backup and recovery that is just as agile as your current and future IT environments.
naphtaliThat's smooth
CptLuxxi copy that for the nlc site
naphtaliI wish LNC had someone on it's team who could write like that
CptLuxxwe just steal it
shadowRAMlol
naphtaliIt tells you absolutely nothing but you still feel good after reading it
CptLuxxhttps://naphtaliandluxx.de/what-customers-say
CptLuxxdone
naphtalishadowRAM, Acronis bought this place? https://www.manageengine.com/
CptLuxxthis?
CptLuxxi heard of it but i never thougt its from acronis
naphtaliNeither did I
naphtaliSo I looked it up
CptLuxxand what product?
CptLuxxhttps://www.manageengine.com/products.html?MEtab
CptLuxxso mutch?
naphtali[15:17] <shadowRAM> Anyone use the Acronis ManageEngine suite?
naphtaliThat statement led me to believe Acronis had a patch management solution
CptLuxxso you mean this https://www.manageengine.com/patch-management/?MEtab
CptLuxxStay 100% secure by defending against vulnerabilities in your 3rd party applications.
CptLuxxright..
CptLuxxLarge repository of patches for common applications such as Adobe, Java, WinRAR and more.
CptLuxxgood lord
naphtaliWinRAR?
CptLuxxyes
CptLuxxcant believe
naphtaliI don't think Acronis has any such product
naphtaliMaybe he just threw that in there to get your attention
CptLuxxi think naphtali is right
loptaWe're between IT people (they don't stay long). Is there a special Windows 7 image to use if we have software licenses handed out by a server, rather than typed into each computer?
shadowRAMYea, I got mixed up with two different products
shadowRAMAcronis is something I'm looking into for our Macs to connect to file share using AFP instead of SMB
shadowRAMManageEngine is for Patch Management.
CptLuxxah that thing i showed you
shadowRAMCptLuxx: correct.
CptLuxxdid you test it already?
shadowRAMTesting both of them now.
shadowRAMAcronis with the AFP works as designed, lightning fast over SMB for the OSX users.
CptLuxxrealy
shadowRAMnot over SMB
shadowRAMvs SMB
shadowRAMAFP > SMB
CptLuxxi... cant believe
shadowRAMI'm a mess, too much caffein
shadowRAMSo we have a situation where our OSX users are working over OpenVPN, then use Word to open a document and then save it. This process over SMB1/2/3 takes forever.
shadowRAMIt started being a problem with OSX 10.0
CptLuxxi know
CptLuxxi just cant believe it works
shadowRAMoh, that part.
CptLuxxi mean.. afp is sooo old
shadowRAMSlowly trying to move users to W10. :)
shadowRAMthey get a "choice" which is usually told to them by their Director
loptaDoes AFP date back to System 7?
lopta...or is that a MacOS X thing?
CptLuxxbtw did you try "smbup" shadowRAM ?
shadowRAMno. never heard of it.
CptLuxxhttp://eduo.info/apps/smbup
TheRabbitlopta, AFP is old as hell, however, it's gotten updates over the years
TheRabbitjust like SMB
CptLuxxreplaces the crappy smb impementation if i read this nright
shadowRAMlooks like it, but we are trying not to install 3rd party applications on the end clients machines.
CptLuxxk
shadowRAMconfuses them
shadowRAMthey wonder the hallway for days, no understanding where they are or what they are doing
TheRabbitthere is some third party SMB application that works a metric ton better
loptaTheRabbit: I might try it. :-)
loptaTheRabbit: Oh, Samba?
TheRabbitCan't remember what it's called but we bought it for all MAC users
TheRabbitno, it's made by some company
loptaOh.
TheRabbitDAVE!
TheRabbithttp://www.thursby.com/products/dave
shadowRAMwish apple would get their crap together and stop working on a dang car
CptLuxxwat
CptLuxxdave
TheRabbitMac OSX product we use to replace the crappy OS X file sharing client not working well with WIndows
shadowRAMexpensive
CptLuxxwell
CptLuxxthe acronis product is the same price range
TheRabbitshadowRAM, less expensive then putting up with Cxx levels complaining
TheRabbitonly people with Macs are CEO/CFO and few directors
CptLuxxhttp://www.acronis.com/en-us/mobility/mac-windows-compatibility/ TheRabbit
shadowRAMDave is twice as expensive
TheRabbitCptLuxx, that requires us to install something on Windows Servers
TheRabbitlet me be real clear what I think about that
TheRabbitF***
TheRabbitTHAT
deceptionWhat, you don't trust acronis to write secure software :)
shadowRAMI don't trust MS to write secure software :)
TheRabbitI hate doing stuff at server level for 4% of oxygen thieves we employee
bewbswindows server backup
bewbsit's built in and works great
TheRabbitI mean Cxx/Directors
bewbsand i install nothing but hte bare miniminum on my bare metal boxes
shadowRAMFair enough, 4% of staff. We are 80% OSX Lapytops
bewbsanything/everything is on vm's
TheRabbitshadowRAM, dear god why?
shadowRAMBecause the CEO convinced the COO, then they started having compatability issues between Office versions. Then the IT Manager who is a Mac fan boy told them they wouldn't have these issues if they were all on OSX. Then once the directors have OSX, they ensured their underlings had OSX.
CptLuxxACTION face palms#
bewbswhat IT manager could actually like mac's
bewbsour help desk is on mac's
bewbsand they're infinitely less efficient because of it
bewbsall they do is rdp into windows boxes
deceptionmacs are a huge waste of money in most corporations
shadowRAMI've tried explaining to them that MS solved this management of fleet of servers/clients with AD a long time ago. Now we can't even put the same user accounts on all of the linux servers properly.
loptaACTION is really confused
shadowRAMAnsible here, Puppet there, test of Chef overe here....
deceptionso is nano server ready for production?
shadowRAMWannacry hits and CTO is like "Patch all of the things" I reply "Its already done" ...He doesn't understand, IT Manager gets it but it doesn't click to him that 1 Windows guy does the work of 8 Linux Admins.
TheRabbitdeception, if you understand it's limitations throughly and are ok with them
shadowRAMForce Multiplyer isn't me, its the tools I use.
deceptionTheRabbit, I'm in the research phase. I like the reduced attack surface a lot
TheRabbitI've messed with it in lab, about only use I see as worthwhile right this second is HyperV
deceptionI imagine for something like a DC it's a pretty safe bet
ZewHeyo
TheRabbitNano Server cannot serve as an Active Directory domain controller.
ZewQuestion in reguards to AD group membership and web applications
Zewhttps://serverfault.com/questions/558157/why-sometimes-is-required-to-log-off-and-log-on-back-again-adding-a-group-to-a-u
deceptionwhat about file services?
ZewIf I have AD users, that only access a web application
shadowRAMyea, nano is cool, if you work for a company that developes software. I don't see it replacing AD or DHCP services
TheRabbithttps://docs.microsoft.com/en-us/windows-server/get-started/getting-started-with-nano-server
deceptionTy
Zewand that web application has been coded to use an AD group, and I just added the user to the group
Zewhow do I apply the sid to the account for the web aplpication
Zewthere's no computer to log off/on to adjust the token
TheRabbitshadowRAM, even if you run IIS, IIS on Nano has alot of limitations
ZewNano is good for DNS or other small services (file servers, etc)
ZewNano has plenty of limitations, too many to go through here
ZewTheRabbit: Thoughts on my question?
shadowRAMim out ya'll, cya on the flip side... or if I get drunk and jump back on IRC.
TheRabbitZew, what question? Web Application, I'm not a developer, ask one of those code monkeys
CptLuxxgood joke
ZewIt has to do with security tokens
ZewTheRabbit: I expected you to know all
ZewACTION stops praynig to stuffed rabbit
TheRabbitWeb Application all depends on how it handles AD and checks
TheRabbitdoes it use the user AD token, does it grab a new one, does it just read via LDAP when a user logins in it's membership
TheRabbitI have n oidea
deception"Nano Server cannot be configured to use a proxy server to access the internet." Strange limitation
Zewwell the web app I know was built to check for an AD group
CptLuxxsecurity token gets not refreshed zew ...
Zewbut the SID can't be applied to the user instantly
ZewLSA handles that on next request
loptaI'll have to come back. Thanks!
Zewguess i'll try a kilst purge
Zewon the web app front end
Zewthanks anyway
deceptionWith nano server running hyper-v on a r720xd I would lose some of the management features since I can't install dell's software. iDrac doesn't show everything. Guess nano isn't for us.
Zewas well as other limitations
deceptionthat's all I can think of that would actually change anything
ZewMS needs to do a fair amount of polishing yet on Hyper-V nano
CptLuxxbrb need to polish naphtali
ZewVMware has been in teh game longer and has built ESXi (I think) way better
CptLuxxyes and you need to pay for it
ZewThere's free too
CptLuxx(well if you can live with the limiations.. its free)
Zewwhich has more features than Hyper-v Free
Zewbut whatever there mango
CptLuxxWRONG
ZewYou can say whatever you like, I've played with both
SCHAPiEthere's other hypervisors out there as well
CptLuxxlive migration in free? backup api? nope
CptLuxxi have both in production
deceptionYou can't even backup in free, that's a pretty bad one
ZewI'm sure you hve multiple productions
CptLuxxsorry but doing a backup with esxi free is.. 1: use backup agent on every machine.. or none
Zewor if you need backup pay for a legiit hypervisor
CptLuxxno thanks im setting up hyperv with altaro
deceptionI get cranky if I can't use veeam
ZewVeeam is great
deceptionStill want to try the windows/linux agents
deceptionEnd point backup worked great for a year
ZewYeah nice of them to release those for free
ZewThe Exchange and SQL exploreres... liek wow
CptLuxxthe linux agent is great
CptLuxxi use it since the beta
ZewOnly way to get backup of physical is useally via an agent
TheRabbitNano is fine without iDrac
TheRabbitNano assumes you are using blades or something with full feature management card
Zewmmmm intereting
Zewwhats a full featured mgmt card
CptLuxxilo idrac....
TheRabbitCisco UCS Blades with their management software who name escapes me
Zewthats what I thought so the first statment made the second one a bit confusing
TheRabbitbut Dell iDRAC generally show everything
TheRabbitAt least the newer ones
deceptionthere are still somethings I wouldn't be able to see unless I installed Dell's system admin software
deceptionYou can see them in bios tho
ZewiLO 4 is nice, at least it finally has its own SNMP stack
TheRabbitBasically when talking to Cisco about using Nano on UCS
Zewno passthrough anymore
TheRabbitwe would install Nano and keep Cisco Utility health CD on hand when we thought individual blade needed hardware fixing
TheRabbitand since we can KVM/ISO boot from UCS Manager.... problem easy resolved
TheRabbitWe stuck with ESXi anyways
Zew:)
deceptioniso booting over management interfaces is such a life saver
ZewYeappp
ZewWhat, you don't want to use LEDs on servers and find them physically to insert a USB/DVD
Zewbut thats teh fun of Datacenters :P
deceptionThe drive of shame at 3am to the datacenter is no fun
TheRabbitwe have enough blades that failure of individual blade isn't escalated
ZewI had to come in to complete updates cause my laptop battery died
TheRabbitit's dealt with by early bird VMware admin
ZewI think I'll have to talk to my dev tomorrow on how the code was written, I have a feeling this erro (like others) are due to his coding
deceptionHyper-v really likes this nvme drive, just wish they weren't so expensive
deceptionthe latency is very nice
khelpwHey guys, I know this isn't really the _right_ way to do things, but I'm trying to learn about setting up failover clustering/HA for MSSQL servers
khelpwI've got a single hyper-V host with plenty of HDD space running 4 VMs, SQL1, SQL2, DC1 (domain controller) and Storage
khelpwCurrently only SQL1, SQL2, and storage are members of a cluster and I'm trying to figure out how I can get some sort of shared storage set up using only this single box if possible. Anyone have any hints?
TheRabbitHyperV shared storage?
khelpwIs that the same thing as the Virual SAN manager?
TLoFPkhelpw: network storage?
khelpwthis is strictly a test environment consisting of ONLY a single host.
khelpwit's just an old hyper-V host that we decommed a while ago.
khelpwbut my initial thought was to use the 'storage' VM and a normal windows SMB file share as storage which didn't really seem possible.
TLoFPkhelpw: why not?
khelpwI can't seem to find a way to add it under failover cluster management.
khelpwdoes the storage need to be outside the cluster?
khelpwI was trying to set up the storage VM as an iscsi target, but that seems impossible if it is part of a cluster
khelpwI suppose I'll come back to it in the morning, it's quitting time.
CptLuxxhttps://blogs.technet.microsoft.com/exchange/2017/06/13/net-framework-4-7-and-exchange-server/
jcottonthe exchange and .net teams really need to get on the same page
CptLuxx!
BobFranklybut then that github repo would just be too cluttered
jcottonhaha
jcottonvery funny
TheRabbitjcotton, why would they
TheRabbit.Net team wants to put out new features
TheRabbitExchange team is little bit more slower
naphtaliLuxxi, I can't find Exchange 2003 and .NET 4.7 on the supportability matrix
DrZakfid you write 2003?
CptLuxxmaybe we can use win to run it naphtali
naphtaliwine you mean?
CptLuxxyes
naphtaliAnything is possible with wine
BobFranklybut it's not an emulator
ckindleyAny way to dump the IP addresses of SMB clients on a file server?
BobFranklyget-opensmb....
BobFranklyACTION has to look it up
BobFranklyget-smbopenfile | select clientcomputername -unique
ckindleyThis is a win7 box. IFH this client.
BobFranklythat's not a file server then
ckindleyYou ain't just whistling dixie.
BobFranklyACTION looks up the notes for dixie
ckindleyHere's the garbage I'm forced to use for this garbage machine... https://stackoverflow.com/questions/29209972/monitor-shared-file-access-using-powershell
ckindleyThanks, heh...
Harlocknetstat filtered by the smb ports only?
ckindleyI want to make sure these people know I exhausted all options before I tell them 'you need a server... a REAL one... cheap bastards'
Harlockoptions for what?
BobFranklyhosting files on a win7 share is just begging to be a victim of the next ransomware wave
BobFranklyactual server + isolated backups
Harlockthey are typically affected by the same exploits
BobFranklyactual server would imply *not* being on 2008, rather 2016
BobFrankly"I got this CD of server 2008 at the flea market" isn't going to fly
CptLuxxeh
CptLuxxthere are some limitations if he realy uses win7 as a fileserver...
CptLuxxsome connection limits :3
naphtaliA flea market is a public sale Luxxi
BobFranklyand a slug is a public snail
naphtaliWhere junk ramsch? is sold
naphtaliDon't confuse him BobFrankly, I am helping him with his US slang
CptLuxxi was out on "flea"
naphtalibuntgemischtes altes Zeug
CptLuxxim.. amazed
naphtaliUsing the internet I can be a German speaker in the same way I can be an IT admin
CptLuxxyou used translate right?
naphtaliExactly
CptLuxxhahha
CptLuxxyou are the jenny of languages
naphtaliLOL
ckindleyheh
CptLuxxinsider joke
ckindleyYeah, our 'real' clients run 2012 r2 or newer, FSRM deployed and updating nightly extension lists for screens, bigger ones use Varonis for extra compliance. Plus BitDefender! (don't BitDefender, not even once)
Harlockfrance is bacon
naphtaliTested, offsite backups are your friend
naphtaliNo AV is going to be enough
ckindleyoh, and storagecraft for backups. I like storagecraft. lots.
CptLuxxfine
naphtaliI see what you did there Harlock
Harlocki regularly wipe our production machines to test the backups
ckindleyNightlies to sans in two datacenters, Glacier if requested
CptLuxxwat
ckindleylol
naphtaliHarlock could do sales for LNC?
CptLuxxman i could write a new blog post for him
Harlockwhat is LNC?
CptLuxxbtw storagecraft has some cool new features.. like retore in azure
CptLuxxor was it there own datacenter?
CptLuxxdont remember..
Harlocki can't say i am a fan of storagecraft
naphtaliIs StorageCraft the fork for NetJapan?
ckindleyYeah, you can spin up VMs to their cloud, or to our hosts. We have them spin up vms and send screenshots of successful boots/login screens so we stay comfy...
CptLuxxalmost naphtali
CptLuxxnetjapan was the fork
naphtaliWait, I am confused on where to place the fork
naphtaliIn StorageCraft or in NetJapan?
CptLuxxbetween
naphtaliThe original being StorageCraft?
CptLuxxstop confusing me
naphtaliOK, I think I get it
Harlockit feels kludgy to me
ckindleywell Harlock can have r1soft :)
Harlockdon't know it
ckindleylucky you
Harlocki back up evrything to qic tapes
Harlockqic-80 tapes
naphtaliWere Travan part of the QIC spec?
Harlockyes