Sysadmin

This is an automated archive.

The original was posted on /r/sysadmin by /u/itz_cool_247 on 2024-01-21 23:52:37+00:00.

I am running on Windows 2008R2 enterprise. I've made three DCS: DC1 (ROOT), DC2 and DC3.

For some reason when I do netdom query fsmo. All 5 fsmo roles are inside dc2 as well as dc1, while dc3, has three of its roles (RID, PDC, INFRASTRUCTURE) all run by dc1. While the other two (Schema,Domain) are run by dc2. What could have caused this? How can I fix it so it's all by dc1.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Mysterious_Goal_2476 on 2024-01-21 22:45:05+00:00.

What advice would you give someone who's planning to go to the next step after working in the help desk for 2 years as T2? I have high goals and I've been preparing myself these past 2 years to gain enough knowledge and experience to move to the next level.

I have Bachelor's degree in IT, CompTIA Trifecta, AWS CCP, AZ-900, and MD-102. Currently studying for CCNA which I plan to complete in Q1 of this year. My current role doesn't expose me to any infrastructure work due to the separation of duties and access level so it's hard to get exposure to other systems and responsibilities beyond my role.

I've been the top performer in my team in terms of end-user support and ticket resolves but that isn't enough. I also tried reaching out to my manager and the System Admins in my team for shadowing, cross-training, or assisting them with projects but they've been busy with projects which I completely understand.

I want to take control of my career and I'm willing to put in the time and effort in leveling up. I've been mapping out courses and home labs I will do after I finish my CCNA to gain relevant experience outside my work. I also plan to automate things in my job after I successfully apply them in my test home lab environment.

Courses:

I know we have a dedicated wiki but I want to know your thoughts and opinions to guide me to the correct path. I am fully aware of the job market right now and it will be hard to compete with experienced admins. I'm not currently looking for a new job now, I just want to learn and be prepared when the opportunity comes which I have to create for myself. I don’t have to get this role in 2024, but I want to work towards this goal this year just to get me prepared. Thank you.

This is an automated archive.

The original was posted on /r/sysadmin by /u/supercilious-pintel on 2024-01-21 21:44:47+00:00.

I've been managing our "service desk" through an Outlook inbox, but due to our ongoing ISO 27k1 efforts, we're required to formalize our incident handling approach and transition to using a helpdesk system.

I'm in need of a system that can:

Receive tickets via email and link them to the sending user.

Allow the creation of tickets against a specific service or asset.

Be hosted entirely on-premises.

Offer a web GUI to technicians and users.

Be 'free' or at least offer the above features as part of a free plan.

After exploring various options, I've noticed that many "free" offerings are cloud-only, and others are filled with features we've already covered elsewhere (like network monitoring, etc.).

It's been a while since I've implemented a helpdesk system, but I'm considering making a case for Halo ITSM. However, it seems a bit overkill for our current needs. I did contemplate developing something in-house, but time constraints and approval processes make it unfeasible.

Is anyone here in a similar situation, managing a helpdesk as a one-person team, and has implemented a "minimalist" approach successfully? Open to any suggestions and insights.

EDIT: Thanks all. Looking into osTicket, as this looks absolutely ideal!

This is an automated archive.

The original was posted on /r/sysadmin by /u/imadam71 on 2024-01-21 21:08:33+00:00.

Hi,I am looking for KVM over IP, with 2 remote users (local users are not important) and 8 to 16 ports. I am at place where we can't order or get demo so any recommendation is welcome. I am looking something which actually has no lags, works well for servers/pc troubleshooting purposes. I know there are number of devices out there but they tend to have really different user experience. I managed to test Vertiv device and it wasn't Ok.

Any recommendations?

This is an automated archive.

The original was posted on /r/sysadmin by /u/jnievele on 2024-01-21 13:53:31+00:00.

I'm using PiHole, and among others I use OpenDNS as resolver... today I noticed the Twitter client on a tablet acting strangely, and after some checking the Twitter webpage failed to load due to a HSTS error.

This seemed rather strange, so I checked the Certificate - and noticed it was issued by OpenDNS, with a CN "Cisco Umbrella Secondary SubCA fra-SG"

Disabling OpenDNS fixed the issue, but WTF is going on there? Why would OpenDNS try to hijack traffic?

This is an automated archive.

The original was posted on /r/sysadmin by /u/anime_is_ded on 2024-01-21 20:56:00+00:00.

So we are in the process of finding another MSP(or Outsourced company) as current one have screwed up multiple times. we have inhouse IT as well but there are parts like VM hosting and Connectivity between sites etc are managed by this outsourced company

wondering anyone in the community has experience in terms of what all they had to do and what pitfalls we can avoid

Top of my head i would imagine that we need to have same IP ranges for Networks and Server else we will be in big trouble.

Cutover needs to occur as bing bang with major outage.

any ideas would be greatly appreciated.

This is an automated archive.

The original was posted on /r/sysadmin by /u/crankysysadmin on 2024-01-21 20:50:06+00:00.

This is all new to me. Need to centralize data from other systems for reporting purposes. Do you use anything dedicated for this purpose or just another database?

This is an automated archive.

The original was posted on /r/sysadmin by /u/AdFair845 on 2024-01-21 20:37:54+00:00.

Hello - this problem has been eating at me for days and I think I'm completely out of options for this.

When some users remote onto a server, their drive doesn't (correctly) pass through with them. When trying to access it, it just says "\tsclient\drive is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions."

Only a couple of users have this problem (out of about 30) that use remote desktop to connect to a server. Now, all of these users have a client drive that they get from a synology. The server is not on the same network as the drives, so we can't just map it. It has to pull through RDP - which it does perfectly fine for other users.

Restarting the user's pc hasn't worked; windows update worked once for a couple of hours, then the problem came back. I unchecked the option to pull through the drives on remote desktop, opened it up, signed them out and fully closed the session, then re-checked it. This worked for about an hour, then went back to not working. Tried signing them out of the session through the server, this didn't work.

The drive IS there, it does show up - but it's inaccessible.

There's no issue with permissions, as they all have the same permissions, nothing with the firewall either.

The server was recently rebooted and had updates (server 2019). I feel like if that's an issue, it would be an issue for everyone?

This is an automated archive.

The original was posted on /r/sysadmin by /u/punppis on 2024-01-21 20:26:39+00:00.

Im looking for a solution to host wordpress sites on multiple nodes but only one node at a time due to filesystem use. Just a basic Wordpress for customer to do what what he wants so it needs to be on os/container level.

Wordpress uses MySQL which is straight forward to scale/HA but Wordpress stores files too, which is hard.

Sites have fairly low traffic so one node is enough to serve traffic for multiple sites.

But in the case of node going offline, I need to have redundancy.

I tried using network storage before but that was very slow. I was thinking about having rsync to copy latest fs state on node startup. Then again the files in WordPress are few megabytes and most so that could work with some kind of SQL layer. But I want to support larger files too.

Should I keep the ”master copy” on network share and copy it when needed? Is there any other way to distribute file system easily when you know only one node is using the files and most are reads?

On Azure using Docker (looking at container app service atm). Docker volumes are not synced between nodes.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Mailstorm on 2024-01-21 20:26:05+00:00.

We have a goal to move what we can to a "cloud first" approach. That is, if there is a cloud/SaaS of a solution we should try it first (assuming price is reasonable). Our next project is patch management of servers.

We are going to use WUfB for user endpoints. However this doesn't cover servers. We started looking and saw that Microsoft has Azure Update Manager. But after researching it's stupid expensive for what it is. $5 per server per month just to essentially manager updates? We have almost 200 VMs. For $1k a month we'd expect a lot more than just..patch management. We're looking at other products so I don't need suggestions. But I'm just wanting to know...

Does anyone actually use AUM for arc-enabled servers that don't live in Azure? Why?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Drylnor on 2024-01-21 20:05:14+00:00.

We have an AVD setup with a few VMs for our CC agents. Up until a few months ago everything was runnign smoothly, then we started to get a storm of authentication errors bearing the code 1001.

We have tried every online fix we could find. For example lots of reports regarding the oneauth folder deletion and all that it entails.

We have tried replicating the error but to no avail, bevause it keeps coming up at random! There's no common denominator in any of the incidents we encounter. It affects different users, using different machines at all times of day. It doesn't matter if the VM the user's on is full or if there's only one person on it.

It's all random and we 've ran out of ideas.

As this affects the client login for Teams and Outlook, we have instructed our colleagues to simply go to the web version of those apps, but the problem is that their business flow involves opening .msg and .eml files. It is also important for our users to be able to access a saved email's attachments. But this does not work if they get the 1001 error.

Has any brave soul here stumbled upon a life-saving article that maybe I was unable to find? Is there a solution to this problem or do we have to wait for Microsoft to issue an update?

This is an automated archive.

The original was posted on /r/sysadmin by /u/imadam71 on 2024-01-21 19:32:34+00:00.

Hi, for some retail ops, I need rack which is server rack, floor, but server goes in to vertical like in this lenovo

why not lenovo: they want to charge for this rack cca €5000 which is insane. I don't know if there are alternatives on market

This is an automated archive.

The original was posted on /r/sysadmin by /u/haventmetyou on 2024-01-21 19:25:00+00:00.

anyone experiencing "cannot connect to repository" for Wasabi cloud storage? Our backups are failing, can't seem to find a Wasabi status page

This is an automated archive.

The original was posted on /r/sysadmin by /u/Nil729 on 2024-01-21 19:15:36+00:00.

Hey r/sysadmin community !

I'm a network administrator who's developed NetDoc, a web application to simplify network infrastructure documentation. Created non-profit, NetDoc is currently in beta, and I genuinely seek your opinions for improvements.

Key Features:

• Intuitive device management.

• Simplified network configuration.

• Clear documentation of connections.

Questions for You:

• Do you see real potential in NetDoc?

• How could NetDoc benefit your work or projects?

• Would you like to see additional features such as visualization in the form of automatically network map?

Your opinions are the compass that will guide the future of NetDoc. Thank you for being part of this community and sharing your ideas!

https://netdoc.dev

This is an automated archive.

The original was posted on /r/sysadmin by /u/TheCrazyPhoenix416 on 2024-01-21 18:15:53+00:00.

Question

I have two pgp public keys for the same company - one from their website, the other from the hockypuck keyserver.

These keys are different! 😨😱

Though, at least, the session encryption modulus (n) and exponent (e) are the same.

How do I verify if either key is trustworthy?

Details

I was browsing through IVPN's website and came across their warrant canary report with a link to their pgp public key to download. The question is, how can I verify the public key I download is trustworthy.

I downloaded this key from their website, and found the same pgp public key on the hockypuck keyservers. If they match, the key is probably trustworthy, but they aren't the same.

I've looked through the pgp key packets (using ), and they're mostly the same. The RSA session encryption keys (i.e. modulus n and exponent e) are the same. However, they have mismatched signature packets (though most are the same too).

Can anyone explain what this means?

This is an automated archive.

The original was posted on /r/sysadmin by /u/TexasJoey on 2024-01-21 17:25:37+00:00.

I have an engineering client who wants to RDP into his high-performance workstation at the office. I have him connecting to the internal network with VPN and then using the defacto 'mstsc' program to connect to his physical desktop. Much of his work involves a CAD program that utilizes the system's GPU, but when connected via RDP the system defaults to emulated (poor performing) graphics. There are lots of guides out there for forcing use of the GPU when connecting remotely. I've made a slew of local group policy changes but nothing seems to work. One thing we did notice is that if he starts the CAD program locally, leaves it open, then later connects remotely via MSTSC, the program retains its GPU performance. However, if the program is closed and then re-opened remotely the GPU performance reverts to emulated.

Has anyone else encountered and successfully overcome this issue?

Edit... changed the word "registry" to "local group policy"

This is an automated archive.

The original was posted on /r/sysadmin by /u/iceland46 on 2024-01-21 16:16:50+00:00.

Not something I usually do and just need a very inexpensive way to just basically know if a laptop is ON, maybe last time a worker logged into it. If I can see the location of it would be amazing.

Something like a cloud anti-virus that maybe gives all this info??

This is for a small company, maybe 15 laptops. No IT budget. This isn't corp America lol. SMB problems here.

Again I don't normally handle something like this so any ideas are very welcome.

Thanks

This is an automated archive.

The original was posted on /r/sysadmin by /u/sageRJ on 2024-01-21 16:08:18+00:00.

Trying to determine a good frequency to be performing consistency checks. We have quite a few storage servers and the LSI MegaRaid cards are configured by default to perform a patrol read and consistency check once a week. If these arrays were of a smaller size, I’d just leave the default schedules alone. My worry is that due to the size, and therefore time it takes to compete, it’s doing more harm than good.

Each server has 46 18TB hard drives spread across two RAID6 arrays, each totaling 327TB. The patrol reads take 1-2 days and the consistency checks take 3-4 days to complete. It’s CCTV storage, so they’re being written to close to 24/7 if that matters. Basically, the arrays are spending a majority of the time checking themselves. I’d like to switch the consistency checks over to once a month, and was looking for some insight as to whether or not that’s a good idea.

I don’t have a lot of experience with hardware raid. And realize the answer is probably that it depends on a lot of things. But just in case, I wanted to make sure there wasn’t some general consensus on this. Like that it should absolutely be doing the check at least once a week. Or no, once a month is completely fine.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Cheese-Owl on 2024-01-21 14:50:40+00:00.

The staffing agency called me on Friday evening, and they explained how their original candidate that they originally submitted had failed a background check. They called and asked if I could start ASAP, as early as next week. The recruiter liked my willingness to work, submitted my profile and scheduled me to interview on early Monday morning. They were ready for me to interview on Friday and start me on Monday, but the company didn’t have time to interview me on Friday. The recruiter is hoping that the interview goes well and that I can start on Wednesday.

Is this a good sign? It is a short term contract but they talked about possible extensions, plus it pays very well. LinkedIn shows there to be 140 applicants but am not sure how many of them are real, qualified or ready to start immediately.

This is an automated archive.

The original was posted on /r/sysadmin by /u/General_Importance17 on 2024-01-21 11:55:03+00:00.

EDIT: TLDR for all you poor "reading-is-hard" people, courtesy of u/themastermatt: "People who cant communicate work for people who can."

EDIT2: Another nice TLDR from u/SlapcoFudd: "Work on your soft skills, you smelly nerds."

DISCLAIMER

I want to rant about communication. Most IT professionals can’t communicate for shit, so here it goes. This is a rant so I won’t sound very friendly, and obviously these words don’t apply to every single one of you here. So just pretend I’m u/crankysysadmin and you’ll be fine ;-)

INTRODUCTION

In many cases, people go into IT because it’s what they were doing in their youth anyway, which in turn is because they had a hard time dealing with people. It’s a self-reinforcing feedback loop, a vicious circle which leads to your being today what I like to term a “professional autist”, someone who lives in the corporate world despite the absence of social skills. So there are a couple of things that I want you to understand.

First, communication is a learned skill. You heard that right. It’s not something some people were magically gifted with and others just weren’t. It’s something you learn and understand and practice. You’re constantly figuring things out on the fly and getting proficient with new technology, so there is absolutely no reason for you to not become good at this.

Second, communication is an important skill. Possibly the most important skill you could ever learn in your life. It’s universally useful no matter what you’re currently doing, and it will drastically improve the QoL for yourself and for everyone around you.

Third, communication is only superficially about exchanging information, and is actually much more about understanding perspectives and viewpoints. You might think what your interlocutor thinks is stupid, but his thoughts are the result of a reasoning, which is the result of the presence (and lack) of specific information. How can you address his concerns if you don’t understand where they’re coming from?

So, here’s a couple of things for you to take with you, maybe mull over, and start actively paying attention to.

ON SMALLTALK

You might consider smalltalk as this pointless waste of time people do. Start viewing it as the useful tool that it is. The reason every interaction must start by exchanging meaningless pleasantries is because it allows you to gauge your interlocutor’s mood and frame of mind. It will allow you to see whether he is happy or angry and everything inbetween, which is invaluable for tailoring your subsequent speech when discussing the thing you’re here to talk about.

Learn to conduct the kind of superficial and meaningless smalltalk you so despise. Have a 30-60 second conversation with everyone you encounter. Ask them if those are new shoes they’re wearing, complain about how hot/cold it is, I really don’t care and neither do they. Get your practice in until you sound natural.

ON CONTEXT

Anything we say is stated within a specific context, context which is usually fully implicit. Certain things matter, others don’t. Some things you know, and some you don’t. You consider some things a given, and others not. Only in the rarest cases will you share this implicit context with your interlocutor.

So what does this mean for you? Figure out where the other person is coming from, and adapt your speech accordingly. Simplify areas that aren’t relevant. Elaborate on areas that are. Make an effort to understand the other person’s perspective, where their priorities are coming from, what they are worried about, what are their view on, and understanding of, the matter at hand. Then, make an effort to bridge this gap between your perspective and his, by helping him understand yours aswell. Only then can you come to a fruitful exchange with a mutually satisfying conclusion.

ON CONTENT

You might be tempted to give people any and all information in your posession. That is a mistake, and I can tell you from experience that it is very tiring. I don’t care about how you found the problem, but I can’t tune out your droning either in case some actually important piece of information is buried in the middle of it.

You might think that you’re giving them the full picture, but what you’re actually doing is infodumping them without any regard to their priorities, their worries, their issues, etc, and requiring them to spend significant effort just parsing this waterfall of TLDR you’re currently spamming them with. Stop it. Focus. What is important to them? Which information matters and which doesn’t?

ON EXPECTATIONS

Since you might now be tempted to explain DNS to your project manager since “you said he needs to understand my perspective”: You are one of the company’s SMEs. You are being paid to understand and deal with $thething, so that other people don’t have to. They don’t want to deal with $thething, and they shouldn’t have to, because that’s your job. They don’t even need to understand $thething. That again is your job, understanding it and presenting it to them in a way that makes sense.

So when they come to you about $thething, what you will not do is expect them to develop the same level of insight and expertise that you have. Rather you will help them make the right decisions for their own situation, by giving them rundowns and abstracting things away. These are the options, these are their consequences. This is the good, this is the bad, these are the risks and their potential fallouts. They don’t give a fuck about the intricacies of MDM and never will, and they’re not supposed to anyway.

ON PROVIDING SOLUTIONS

Sometimes people will come to you with requests that can’t be fulfilled. What they want might be technologically stupid. It might be organizationally impossible. Or it might simply require way more time and effort than you could spare. So you reject their request, and snicker to your colleagues about “that dumbass wanting something stupid again”. Except the dumbass here is you.

Why did they ask for this thing that is stupid? What made them think that was the right solution to their problem? What in fact is their problem in the first place? What are alternative, more sensible approaches that they could pursue? You let your users run against walls and then wonder why you have a reputation for being unhelpful. Start solving problems instead of addressing things at face-value. See also: XY problem.

ON REPUTATION

Speaking about reputation, it might just be the most precious thing in your professional life, it is the lens through which people view you and your actions, and the frame of reference in which they will approach you. Any contrast between your reputation and your actual actions is automatically mentally justified by those you interact with.

If you are reputed to be an unhelpful prick, then that is who you are. And even if you’re not, they will think your boss is forcing you to be nice to them, or some other thing along those lines. Similarly, if you are reputed to be kind and helpful, the justifications for your not having been any help will flow aswell: maybe you’re just having a bad day.

CLOSING WORDS

There are a litany of other aspects one could touch on, all I’ve done here is barely scratch the surface. If you continue to let your communication skills atrophy, you will always be left by the wayside, excluded from decision-making and other such meetings, and will always feel underappreciated. All this for the simple reason that there is more to life than just systems and networks.

Also AmA about communication and human relations and soft-skills and such I guess.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Due-Builder-6684 on 2024-01-21 10:25:46+00:00.

Lost all my Defender for Identity sensors within the last hour? Is anyone else seeing disruptions?

This is an automated archive.

The original was posted on /r/sysadmin by /u/overwhelmed_nomad on 2024-01-21 10:08:50+00:00.

Hi,

I'm trying to figure out what my logical next step should be both for personal growth and to help the business I currently work for.

I've got a solid understanding of networking, configuring firewalls, switches, WIFI set ups etc. I'm very familiar with Windows, O365 etc. Reasonable with Linux, mainly Ubuntu servers. Reasonable understanding of Azure and AWS. I've got myself to a place where I am pretty comfortable with Terraform having created lot's of resources in Azure and AWS and also importing our remaining infrastructure into Terraform, storing the configs in git and the backend encrypted in Azure blob storage.

I want to get even more focused on working with cloud technology and IAC but I am looking for the next technology I should be learning to move upwards in the world. Should I be learning some CI/CD tools? How does that even fit in with Terraform. My current environment is quite static, we have a lot of applications on VM's that haven't been moved to containers yet. Maybe that's another avenue I should look at? I've never been a dev type really. I have basic python skills I wouldn't even know where to begin with that side of things.

Of course every organisation differs but what tends to be the hand off point? Developers write the code, compile it then hand it over to the team that creates and deploys the containers? Or do devs often create the container image and then hand it over to the team that deploys it? Presumably this is all done via some kind of automation. I'm just a bit lost at the moment.

I feel like Docker/kubernetes and some kind of CI/CD tool would be ideal next steps for me to move in the direction I want. I learn well from books so maybe someone out there has some reccomendations on books that could point me in the right direction.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Time-Mountain-9848 on 2024-01-21 09:35:11+00:00.

Hello everyone, I'm contacting you regarding the SAGE BOB 50 accounting software. A company does not need a server except to use SAGE BOB. Is there a way to use this software on several computers (4) without having a server? The cost of a server seems excessive for the use of a single program. If not, what would you recommend as an efficient and cost-effective server for this purpose? At the moment, we've contacted a number of companies to get quotes for servers. Unfortunately, they seem to be too powerful for our needs, and therefore far too expensive (several thousand) to store just a few gigabytes. I look forward to reading your comments and wish you all the best!

This is an automated archive.

The original was posted on /r/sysadmin by /u/tiskrisktisk on 2024-01-21 09:18:53+00:00.

I’m looking for a solution where we can limit Windows computers to a few key applications and save files to a limited number of folders. Hope to lock down the desktop with only a few applications as well.

Is a type of Kiosk mode what I’m looking for or is there another name for this type of configuration or application?

I sysadmin for a small non-tech business chain with 20 locations. All computers are maintained individually. The main computer in each location is in the manager’s office and we want to replicate the experience between locations.

We’d like all the computers to organize and operate almost identically. Desktop shortcuts, browser bookmarks, limited internet access, same folder paths. Central management is a plus but not a must.

We had started looking at the Windows Kiosk mode, toying around with Fences, looking at Hexnode or InTune, but I’m not sure if a “Kiosk” is the best description for this.

Am I looking in the right direction?

This is an automated archive.

The original was posted on /r/sysadmin by /u/maxcoder88 on 2024-01-21 07:51:42+00:00.

Hi,

I’m also finding that 2024-01 CU update for server is failing on servers due to the same issue. Recreating the recovery partition seems to fix the problem, when its possible. Some vms have a recovery partition before the system partition and the partition is too small, which seems to be the issue.

Is it a viable way to do it on 500+ servers?

In our case, our VMware Template has not got a NO recovery partition.

I don’t see the purpose of us creating a recovery partition to patch a vulnerability that currently doesn’t exist for us…

I have 10 Windows 2022 servers without recovery partitions that all failed to install this KB. It makes no sense for me to create a vulnerability to just patch it…

thanks,