Sysadmin

This is an automated archive.

The original was posted on /r/sysadmin by /u/deucemcsizzles on 2024-01-20 05:19:16+00:00.

So, I'm not necessarily a sysadmin, but I've been around the block in the IT biz.

I was in a team meeting and we were discussing an ongoing issue with an internally developed application and conflicts it was causing with o365. To keep a long story short, it was brought up maybe doing things the old fashioned way they were done prior to said software being a thing might be a good triage item.

I said in the meeting (roughly) "It sounds to me like there needs to be a clearly defined business continuity plan in the event our department has an issue such as this."

My supervisor said shortly after "What was that word you just used? Business what-y what-y?"

I don't expect management to be on my level technically, but for them to not understand business concepts like that when I'm just a tech guy is disconcerting.

Have you folks had to deal with a supervisor or manager who didn't understand the business end better than you did and how did you compensate/manage up/deal with it?

EDIT: Thanks for the feedback everybody. I may need to give my supe the benefit of the doubt instead of assuming he is an idiot going forward after reading the comments lol. Appreciated nonetheless.

This is an automated archive.

The original was posted on /r/sysadmin by /u/AtTheRogersCup2022 on 2024-01-19 17:04:29+00:00.

RIP Father Time.

Some further reading:

This is an automated archive.

The original was posted on /r/sysadmin by /u/ovway39 on 2024-01-18 22:35:59+00:00.

How do you all handle keeping your servers up to date? I just joined an org on a 2 year contract and found they've got 50+ servers running old versions of CentOS and Debian. Many of the systems are running custom code. None of these systems are on the public internet.

How would you handle this? Upgrading them to the latest OS get us nothing tangible in terms of features/performance. We do have firewalls, IDS/IPS and the like. Do we isolate those old systems and leave as is or put money into modernizing them? Or something else? What strategies do you guys use?

EDIT: Most (95%+) systems are running custom in-house built applications. No real concern of a vendor dropping us. The auditor comments are spot on though. Some of these systems will naturaly phase out and EOL on their own due to no longer being a business need.

2nd EDIT: All the systems are VMs

This is an automated archive.

The original was posted on /r/sysadmin by /u/patriotaki on 2024-01-18 19:53:45+00:00.

Hi all,

So I have a dedicated server with IP e.g. 123.456.78 , the hostname of the machine is "malta12345.example.com"

On the server, I also have a domain "mydomain.com", which the A record points to the server. I am trying to send emails via SMTP through this domain.

Hostname: malta12345.example.com

IP: 123.456.78

Domain: mydomain.com

The rDNS record of the servers IP was pointing to "malta12345.example.com" however I was getting blacklisted by matrix.spfbl.net with the reason

"Register a valid rDNS for this IP, which points to the same IP."

I have now changed the rDNS records to point to mydomain.com (I don't know if that is correct) and now I get the following error:

• valid FCrDNS.*

This IP was flagged due to misconfiguration of the e-mail service or the suspicion that there is no MTA at it.

For the delist key can be sent, select the e-mail address responsible for this IP:

non-existent.

Is this correct? If I delist it will the rDNS be correctly set up?

How can I set up this properly so my domain is not blacklisted? (emails are landing in spam folders in yahoo, hotmail and outlook mail servers - probably because of that).

PS: My Spamassasin/Mail-tester score is 9.5/10

This is an automated archive.

The original was posted on /r/sysadmin by /u/TKInstinct on 2024-01-18 19:39:29+00:00.

I've known about this for a few months but I haven't had a lot of time to do research on it. I have a user who is randoly seeing their file explorer instances close during the day. It's an inconvenience for them but it's not killing their workflow for more than a minute or two at a time. Apparently there are more but no one else has reported the issue, the user in question mentioned that someone had mentioned it ot her.

There doesn't seem to be any event viewer logs generating for it, it's not a crash so much as it's just closing. The machines are up to date on Win 10 and receiving monthly patches along with Dell updates. Anyone else heard of this? I'm at a loss on what to do.

This is an automated archive.

The original was posted on /r/sysadmin by /u/thegreatcerebral on 2024-01-18 16:44:47+00:00.

Needing to rebuild data infrastructure for "reasons"...

Current Setup:

• Single Host with storage local
• Housing small amount of VMs (DC, FS, VCenter)
• No redundancy
• Can't really expand
• Backups are D2D that are on a hosted server in the rack

What I am thinking is the more traditional:

• 2 to 3 (probably 2 to start) Hosts
• Shared Dedicated Storage (Example: Dell ME5012)
  • This has two controllers inside of it so there is some redundancy built-in
• Want to have 2x DCs even though it may not be worth it if I were to setup FT in which case a dedicated smaller bare metal DC as redundant would serve better possibly...
• Will still run FS
• Have some new VMs to spin up for various tools required for the "reasons" above.
• I don't want to go VMWare but I'm not familiar enough with the other options to not go with them and the new pricing model which sucks because I'll be a system short for the licensing seeing as you must license like you have the full cores anyway.
• This is a more elastic install as we can grow to another host if needed as well as grow out the storage if needed as well as customize the need (speed vs. density)

My question is first... is this still the better way to go? Technically speaking we don't NEED to make it more robust and the business would love to not look at a higher bill for hardware costs. We do have some NEW needs that have arisen but growth beyond the required things is minimal right now. I would just build a larger build like the existing to house MORE things: RAM, Storage, CPU Cores probably.

Next question is that one of the servers we are needing to implement is a SIEM server. I was looking at OSSIM for the community edition due to cost however I am open to something else if it serves the purpose. The question still stands and that is, am I better served having a dedicated server, most likely bare metal for a SIEM solution? Should I put it in the VM environment? I don't want it to kill the IOPS on ingesting of logs. I am not running one now so I'm not sure what all I will be looking at with full implementation. For servers, you have the number of what we have. With the new situation just say you will be looking at 8 servers overall, We have Meraki hardware: 1 MX, 2 MS, and 1 MR, 30 desktops, and lets put the number at 12 "other" network connected devices. Note: the other VMs from the other requirements, due to our size will be VERY small footprints just to cover some utilities that we need to have and use from time to time.

I don't think the data will be tons but I have no idea. I have only seen scenarios where someone is paying a company to do the SIEM and they usually are paying for the full service but have a local machine for ingest and then push to the cloud. This may still be an option for us however in the interim, I may need to house this box in an effort to offset any other costs.

Lastly, due to the restrictions of things, really the cloud isn't an option right now unless after pricing all of this out it becomes viable. Sorry if I'm being vague... CMMC 2.0/NIST 800-171 stuff and GovCloud type stuff.

This is an automated archive.

The original was posted on /r/sysadmin by /u/B1tN1nja on 2024-01-18 15:46:37+00:00.

We have a hyper-v guest that's Windows Server 2019 Standard that will randomly lose network connectivity until we reboot it.

This happened once a few months ago, then on Tuesday, and again just this morning (Thursday).

Clearly it's a repeating issue and something we need to get to the bottom of.

I was able to get into the server via the host OS and run a ping from the guest to the host but it flailed with

"no resources"

I have not yet re-created the virtual switch yet, but it's just using a dedicated NIC port and NOT sharing that with the host OS

Event logs don't show anything of interest over the past hour in system or application on host OR guest OS

Any advice on where we can look and what might be causing this?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Shujolnyc on 2024-01-19 13:33:43+00:00.

TL;DR: have you used your companies cyber coverage? How did it go?

We’re diving into our cyber coverage and leadership and even my boss are slowly irking into what is surely an ill advised stance - “when” something happens, not “if”, our cyber insurer will step in and take over. It’s their responsibility to lead the recovery efforts, negotiations, and to tell us what to do, etc.; it’s risk transference. We don’t need to spend more on tools and people for prevention.

I am frugal given our industry and I know we can’t do everything perfectly.

Where we end up will be a risk management exercise and I’m happy to even be having these conversations. I will get things in written and I am an avid believer of the Amazon principles of having a backbone and disagree and commit.

My questions for all of you are (which ever you can answer):

Have you engaged a cyber provider ever? If so, how did it go? What resources did they pull in? Did they take ownership? How involved was IT or Cyber? Were their disagreements between leadership and the provider on response? How did that go?

This is an automated archive.

The original was posted on /r/sysadmin by /u/RW2005 on 2024-01-19 13:14:55+00:00.

I was inherited a mess. I have two domain controllers. They're both on Server 2003.I figured it would be easy...just install a temporary 2012 R2 server and migrate to that first.

When I went to promote the 2012 R2 server to a DC I kept getting an error saying "The wizard cannot access the list of domains in the forest. This error is: The target account name is incorrect." Every time I try to promote I get different random errors saying access denied, etc. I'm guessing this is a replication issue.

I log in to the domain controllers and run a DCDIAG.

Testing server: Default-First-Site-Name\DOMAIN1Starting test: Replications[Replications Check,DOMAIN1] A recent replication attempt failed:From ROOT01 to DOMAIN1Naming Context: DC=DomainDnsZones,DC=domain,DC=localThe replication generated an error (8614):The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.The failure occurred at 2024-01-17 08:55:23.The last success occurred at 2023-09-12 04:59:36.3133 failures have occurred since the last success.

This is the error I get from the DC that DOES NOT have the FSMO roles. I then run another DCDIAG on the DC with FSMO roles and this is what I get.

Testing server: Default-First-Site-Name\ROOT01Starting test: Connectivity......................... ROOT01 passed test ConnectivityDoing primary tests

Testing server: Default-First-Site-Name\ROOT01Starting test: Replications[Replications Check,ROOT01] A recent replication attempt failed:From DOMAIN1 to ROOT01Naming Context: DC=DomainDnsZones,DC=domain,DC=localThe replication generated an error (8614):The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.The failure occurred at 2024-01-17 08:58:25.The last success occurred at 2023-09-12 04:53:49.3040 failures have occurred since the last success.

I've been reading online, and what I'm reading is the best thing to do is demote the server that doesn't have the FSMO roles. DOMAIN1 is the DC without the FSMO roles...so would the best thing to do is demote DOMAIN1? Then go ahead and try to promote my 2012 R2 server again.

Thanks in advance.

Edit: And of course I backed up both servers using NT Backup with system state!

This is an automated archive.

The original was posted on /r/sysadmin by /u/SpringOreo on 2024-01-19 13:13:00+00:00.

Going through STIGs I need audit rules on my machines to be an exact way. In my audit.rules file they show as

-a always,exit -F path=/bin/su -F perm=x auid>=1000 -F auid!=4294967295 -k

But when during the check and running auditctl -l the rules show up as

-a always,exit -S all -F path=/bin/su -F perm=x -F auid>=1000 -F auid!=-1 -F

I'm having trouble figuring out why the rules I created are different from the ones that are loaded and being listed?

This is an automated archive.

The original was posted on /r/sysadmin by /u/flyguybravo on 2024-01-19 13:07:11+00:00.

Short and sweet. We have one problem employee that creates 60%+ of the work for our team out of a company of around 150.

Not two months ago, this individual kept calling for "problem" after "problem" with their machine before we finally issued them a brand new one. Last Saturday, we get this email:

Hello Team,

I have been off work a couple of days. Decided to work today but when I closed my laptop shut didn't realize I had left a pen in it. I heard something so opened it. Attempted to turn it back on but the screen isn't working.

I think I broke it :(

Fast forward a couple of days to when their laptop comes in for us to check out, and this is what we receive:

Before I raise yet another issue about this particular employee, I'm trying to take a step back and consider whether this really is just accidental. I have zero idea what they'd be hoping to achieve by intentionally doing this -- but the damage to the machine looks more substantial than a simple, "I left my pen on my laptop when I closed the lid." It looks more like they slammed it closed to me.

Am I wrong?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Disastrous-Title-911 on 2024-01-19 12:53:43+00:00.

So im doing some decom at my new workplace snd there is this "avaya server" that is running on w10 with apache, the server should stay in the office as a kiosk of sort unplugged from the network in case we need to retrieve call recordings

Im trying to connect to localhost ( in multiple ways. https://server ip/sysadmin , https://server ip/sysadmin/login , https://server ip/sysadmin/servlet , https://server ip/awfos , the loopback address , among others )but when i put in the ip i get a error message that says "we are sorry. Something went wrong!!!"

• Ive checked that apache is running
• ive checked the httpd-ssl.conf file and it has listen *:443 and virtualhost default:443
• ive checked the httpd-vhosts.conf file and it has listen *:80 and virtualhost default:80
• i tried using the loopback address and it gives the same error
• i installed IIS but i dont think this is required
• at the moment im trying to install the windows process activation service as when i tried to "start" the website in IIS i got a "service WAS was not found on the computer" error
• the /inetpub/wwwroot/ folder is empthy, i believe there should be html files here no?

I have very little documentation and the supplier wont help because my company basicallh burned that bridge with gasoline

Ive never worked with avaya so im pulling my hair atm please help :(

This is an automated archive.

The original was posted on /r/sysadmin by /u/Tom12089886 on 2024-01-19 12:18:38+00:00.

Hi,

Wondering if someone can help, we have one phone in our office that allows you to pick up incoming calls by lifting the handset. Whereas the other phones you need to push the line and then pick up the phones.

Does anyone know how to programme the other phones to allow pick up calls on lifting the headset?

Any help is much appreciated

This is an automated archive.

The original was posted on /r/sysadmin by /u/ExecuteArgument on 2024-01-19 12:04:01+00:00.

Hi all, would anyone be able to recommend what should be done in this scenario.

We have a hybrid on-prem AD synced to the cloud (Azure/365/whatever) environment, users are created on-prem and then synced to the cloud, their mailboxes are created in Exchange Online. We do a similar thing for Shared Mailboxes and Room Mailboxes/Calendars (create user on-prem, sync it, license it, a mailbox is generated, change the mailbox type to SharedMailbox, then remove the license and keep the on-prem account disabled).

I've noticed that some mailboxes have been created in the cloud first, likely by someone who didn't know what they were doing or wasn't trained properly, and I'd like to try and convert those cloud 'native' objects to on-prem ones, so they then sync back to the cloud. I could simply delete the cloud object, wait a bit, and then re-create it on-prem and wait for it to sync. However my concern is that any emails, calendar appointments, etc in that mailbox could be lost by doing so.

Has anyone else had to do this and how did you rectify it? TIA

This is an automated archive.

The original was posted on /r/sysadmin by /u/Divochironpur on 2024-01-19 11:33:36+00:00.

Hey All,

Hope your Friday is going great.

Firstly, I just want to say thanks to all for my last post on this sub. Corp under new management who decided to move to MSP, which actually violated their compliance agreement, so I’m still around.

Funnily enough, they emailed me on my blocked work email to tell me my role is still active. 😵‍💫 The new management also awarded themselves a 7 figure bonus for their efficiency, and are about to be replaced themselves, but I digress.

Anyway, just wanted to post this resource that tracks tech layoffs. I know many are updating their resumes, studying for certs etc so good luck.

Finally, just a reminder that tech is a cycle. Non tech execs make decisions based on a spreadsheet number, get their bonuses and leave, new execs come in and then undo their decisions. We’re in the layoff cycle now so keep your hats on your head. If you’re wary about out sourcing, I suggest moving to defence and govt sectors.

Use your free time to learn but don’t forget all the other things like your health, family and hobbies. I found skiing is a fantastic way to turn my mind off.

Thanks again and have a good year!

This is an automated archive.

The original was posted on /r/sysadmin by /u/Capable_Working_2054 on 2024-01-19 11:24:00+00:00.

I have this week started to purchase and deploy Copilot licenses to business premium users.

I have followed everything MS says to the T, all users Office and Windows are bang up to date.

Yet none of the users have managed to get it yet.

Has anyone managed to deploy it yet.

I have noticed on the Reports > Usage > Copilot screen that the last update was 3 days ago and the licensed users do not appear on there yet

This is an automated archive.

The original was posted on /r/sysadmin by /u/AdmiralPain on 2024-01-19 11:20:06+00:00.

Hi all, trying to understand the nuances of Task Scheduler conditions - specifically 'Start only if the following network connection is available'

Workflow:

1. Device first connects to SSID (let's call it SSID_Temp) which has no internal network connectivity - just internet connectivity
2. User logs in to device
3. User connects to VPN to connect to internal network
4. GPO kicks in which generates and pulls down a machine cert from internal CA, allowing connectivity to corporate wifi (SSID_Corp) (we use machine cert wifi authentication)
5. Task Scheduler kicks in to delete SSID_Temp wifi profile
6. Device automatically switches over to SSID_Corp as it now has the necessary cert & wifi profile

I'm struggling with step 5 - currently the scheduled task is configured to delete SSID_Temp 1 hour after the user logs in. This, in theory, should buy the machine enough time to grab the cert from the CA however in testing, this is not always the case.

In the Scheduled Task, if I tick 'Start only if the following network connection is available' and select SSID_Corp, does this mean the task will only start if the device CAN connect to SSID_Corp (i.e. if the machine cert is downloaded from the CA) or if SSID_Corp is simply broadcasting and the machine can see it? Is the task clever enough to understand that whilst SSID_Corp is available, it can't actually connect to it until it gets a cert from the CA?

I understand moving machine cert deployment to the cloud would solve all our issues but that's sadly not currently possible. Or if anyone has a smarter way we can approach this then let me know!

TIA

This is an automated archive.

The original was posted on /r/sysadmin by /u/AutoModerator on 2024-01-19 10:00:55+00:00.

There is a great deal of user-generated content out there, from scripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from scripts and software to tutorials and videos.

We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!

In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.

This is an automated archive.

The original was posted on /r/sysadmin by /u/wubarrt on 2024-01-18 22:02:58+00:00.

My tenant has a group naming policy which uses an attribute which contains a space in the value. Recently users with the New Teams client became unable to create new Team spaces. They receive a "team prefix or suffix is incorrect..." message. Of course everything works well with the classic Teams client. I reported it as an issue, but it was just dismissed as not being found.

Is anyone else experiencing this issue?

This is an automated archive.

The original was posted on /r/sysadmin by /u/_17chan on 2024-01-18 22:02:35+00:00.

So, I've learned the hard way that a free ticketing system is either not *actually* free OR it's unusable for what I'm looking to do, so I'm going to try and simplify this the best way possible:

I just started working for a small business that currently does NOT use a ticketing system. I've mentioned the benefits, but due to cost cutting measures, it's out of the question. I know, I know, but in my current position, I don't have much pull here.

So, what I'm looking for is either: A good recommendation that would work for only 1-2 people to use (we'd be entering the tickets ourselves instead of having the users do it) OR some kind of software that's like a decent ticket / task tracker for one person so at least *I* can keep track of the tasks I'm working on. I've been trying the old school pen and paper route (the way my wife keeps track of everything) but for a number of reasons, going digital is just way easier for me.

So, anything along the lines of what I mentioned above would help. Thanks so much in advance! :)

This is an automated archive.

The original was posted on /r/sysadmin by /u/OtiseMaleModel on 2024-01-18 21:42:41+00:00.

Looking for help here.

My first sys admin role and working out what these ad groups do and are used for is an upcoming task and I'd just like to know how a veteran would approach the situation.

K12 environment If that makes a difference

This is an automated archive.

The original was posted on /r/sysadmin by /u/wintory on 2024-01-18 18:06:37+00:00.

I'm new so bear with me. I'm considering deploying two windows file servers and using Storage Replica to continuously replicate data from server #1 to server #2. What would happen if server #1 gets attacked by ransomeware? Would the encrypted data replicate and overwrite the healthy data on server #2? If so, can this be prevented?

This is an automated archive.

The original was posted on /r/sysadmin by /u/sowen911 on 2024-01-19 09:16:09+00:00.

Good morning everyone,

TGIF

I am reviewing a backup solution for Dropbox in the interim while we work on migrating the data over to O365.

I was curious if anyone has any first hand experience with CloudAlly backup solutions for work environments at a scale of small to medium businesses.

Primarily we are using Dropbox at the moment but will be working on moving to an integrated MS product

This is an automated archive.

The original was posted on /r/sysadmin by /u/yejisooyah on 2024-01-19 09:06:57+00:00.

It’s able to send to everything but hotmail.

Device: Canon image runner advance

Things I’ve checked:

1. Setup gmail as smtp by enabling 2FA and using app password.
2. Job log says it sent but hotmail acc not receiving it.
3. Used ISP smtp and domain email & password(still not working)
4. Made sure network settings on mfp are correct (ip, subnet, gateway, and dns)
5. Tried different ports: 25, 587, 465

This customer refuses to use gmail or any other email as an alternative. Refuses to use scan to folder.

This asshole told me if i can’t get hotmail to work he’ll change to a different company to scare me. I’m at a lost here. I could use some help if any. Thanks in advance.

This is an automated archive.

The original was posted on /r/sysadmin by /u/vishnu_47 on 2024-01-19 06:52:47+00:00.

Is there a powershell script to get details of a linux server like os details from a windows server. (Both servers are in different subnet)