Sysadmin

This is an automated archive.

The original was posted on /r/sysadmin by /u/mekkiyo on 2024-01-23 09:35:46+00:00.

Hi guys,

im trying to supress Sharepoint Site backup warnings by using the KB Article

The article describes how the proxy.xml file can be edited.

After I have edited the file as described and restarted the Veeam M365 service, the proxy.xml file is overwritten again. The newly added parameter no longer exists.

Does anyone know how to fix this problem or is there another way to suppress the messages?

Thank you!

This is an automated archive.

The original was posted on /r/sysadmin by /u/psychoticapex on 2024-01-23 09:35:35+00:00.

I am a Global Administrator of a tenant but I still cannot access all the SharePoint sites.

Users keep asking me to share individual files with people outside our organization but when I try to access the site I get: "You need permission to access this site."

So I usually add myself as an owner of the site, share the file and then remove myself.

Is this limitation by design or I need to assign myself a different specific role to be able to see all the contents of all the SharePoint sites?

What's the best practice in this scenario?

This is an automated archive.

The original was posted on /r/sysadmin by /u/konikpk on 2024-01-23 09:25:33+00:00.

Hi all

we have 4 servers with pretty powerful configuration in cluster used for Microsoft file share.

They are in geo cluster.

CPU - Xeon Silver 4208

RAM - 64GB

But CPU don't go behind 20% a RAM usage is around 20% too.

So i looking for some ideas how use this server in our infra.

Did you have some ?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Devin1405 on 2024-01-23 09:13:24+00:00.

Hi,

I currently have a storage space of 3 drives. (two for storage, one for "parity" or whatever Windows calls it)

I am on 8.1 at the moment. Is it safe to upgrade to Win 10 or 11? Will my data remain intact/no issues if I upgrade?

TIA!

This is an automated archive.

The original was posted on /r/sysadmin by /u/Awesome22_44 on 2024-01-23 09:11:58+00:00.

We are a 300 people company and have faced malware and ransomware issues in the past and although EDR solutions provide protection, management is keen on implementing ZTNA solution to manage and define access to company resources.

What are your thoughts on ZTNA? Does it work well for threat protection? How are you using ZTNA in your organization?

This is an automated archive.

The original was posted on /r/sysadmin by /u/wahlmat on 2024-01-23 09:05:37+00:00.

I'm trying to install a clean windows 11 copy on a brand new machine. This will be used for work, hence I would like it to prompt for a Work or School account like I've seen so many times in the past. Each time after setting region, it tells me to log in, but it will only accept a private account. Normally you're prompted for whether you want to set up the device for work or private, then log in, but this step is skipped.

What is the cause here? From pretty much all the other computers I've installed the last year it's automatically come up whether I want it to or not, now the one time I want it, it doesn't show up.

I have downloaded the Windows Media Installer or whatever it's called and let that create the USB for me.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Hudson0804 on 2024-01-23 08:27:51+00:00.

Hi All,

I have some doubts about the way our cluster has been configure dn the past and now looking at moving forwards with new hardware maybe I have an opportunity to change this.

Currently we have 2 "data" sites - 4 servers plus nimble storage on each site, 8 servers in a failover cluster with cluster shared volumes. The nimble storage replicate between the two sites and presents the storage via iscsi.

We have been told that this is an unsupported setup having a cluster span two sites - due to the way the storage is configured. I am not in anyway sure that this is correct or not but essentially the argument is that even though the storage is all on the same logical network the distance between sites introduces a potential issue with delay if something were to happen at site 1 and site 2 had not yet received the updates.

Is the current setup we have supported?

We are looking at introducing some new hosts and retiring the old ones, we're also planning on removing the old hosts and effectively spinning down site 2 - apart from the nimble storage which will continue to replicate data for "DR" purposes, whilst also having a couple of servers cold ready to start up and manually configure essential services if site 1 was to go offline.

Is there anything that you would advice on before I push ahead with this?

Thanks for reading.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Simple_Click8989 on 2024-01-23 08:22:18+00:00.

Good morning,

Hope you admins are all well, I would be really grateful for some advice on my AD delegation setup that in its current form is a mess which I have come into and would really like to get sorted for the team. Its a team of 6 with two in first line, two in second line and two in infrastructure.

We have the following accounts in our environment which I have now setup,

Daily driver account (everyone has this, not any kind of admin)

WA account - workstation local admin in the local admin group on all endpoints (1st line/2nd line and infrastructure have this)

SA account - server local admin in the local admin group on all servers excluding DCs (2nd Line and infrastructure have this)

DA account - domain admin account that can only be logged into DCs with (infrastructure only have this)

What I would like to do is now delegate roles in AD to only allow the minimum access to active directory users and computers to carry out tasks. I guess my first question would be which accounts are best to use to administer active directory users and computers from the ones I have created above?

I have created the below structure at the root of the domain.

Admin Accounts

DA accounts

Server admins

Workstation admins

Infrastructure will have access directly on the Admin accounts OU to reset passwords/unlock accounts and create new users when required.

First line will have access to unlock accounts in only the workstation admin OU

Second line will have access to unlock accounts in only the workstation admin and server admins OU

The next OU is the employee OU

Employees

Site A

Site B

Site C

First Line have access to reset passwords/unlock accounts and create new users directly on the employees OU

Second line have same access as first line

Infrastructure has the same as second line but also have the ability to delete users

The last OU is Endpoints

Endpoints

Workstations

Servers

Only Infrastructure have access to delete any objects in these OUs. New objects can be created by our MDT user account to join new machines to the domain as part of the image process (this account only has the domain join privilege)

This is how I have started to look to delegate, appreciate any advice on how I could look to do it better to keep it as clean as possible.

Thank you admins

This is an automated archive.

The original was posted on /r/sysadmin by /u/Disastrous-Title-911 on 2024-01-23 08:19:28+00:00.

Good morning, i have this server that is running apache and some avaya software, the server works perfectly fine IF its connected to the network but when i unplug it from the network and try to access localhost an error site loads the error says "we are sorry something went wrong"no error code or anything

Im not sure what is wrong im assuming that since an error page loads there IS an app listening so the connection is working but its not resolving properly ?

Ive already made a bunch of test if possible please check my last post in my profile as im on mobile and cant link it myself

This is an automated archive.

The original was posted on /r/sysadmin by /u/Sysadminbvba777 on 2024-01-23 08:03:17+00:00.

Is it possible to disable this warning in the register?

Kind regards

This is an automated archive.

The original was posted on /r/sysadmin by /u/Apprehensive-Mix-103 on 2024-01-23 07:46:02+00:00.

I have a very strange problem with win11 same website, accessible in chrome but not in Edge, Outlook cannot connect, other apps also can not connect to servers, only chrome works.

I tried resetting win firewall to default settings, Netsh winsock reset Netsh int ip reset Ipconfig /release ip/config /renew Ipconfig /flushdns, connected to a LAN cable or another wifi device but the result is the same.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Bowlen000 on 2024-01-23 07:32:58+00:00.

So we've had Copilot for about half a week now (since it was properly released to sub-300 tenants). So far, it's been very underwhelming. Haven't really found a good need for it. It's ability to summarise emails/teams chats for the day is cool. I've not had to use it in production however.

Struggling to find a use for it. It's ability to draft emails is pretty poor. You can basically tell when there's a GPT-drafted email. So end up needing to change a lot of it anyway.

What's everyone else finding?

This is an automated archive.

The original was posted on /r/sysadmin by /u/ArcherAdmin on 2024-01-23 07:25:01+00:00.

How to go about setting up a VPN where there is no on premise system? Any suggestions are appreciated

From a laptop to a given m365 subscription

This is an automated archive.

The original was posted on /r/sysadmin by /u/Verukins on 2024-01-23 06:23:29+00:00.

Hi all,

as per the title.

Working in a mid-size org with a couple of hundred TB of data across lots of file servers - which have been horrendously badly set up.

I'm currently writing a re-design document which will be the basis of standardizing servers, back-end storage, DFS-N namespaces, DFS-R replication groups, classifying data etc etc.

One thing im a bit stuck on is data tiering.

Azure files with Azure File sync takes the approach of storing everything in cloud and using file servers as a local cache.... leaving behind pointers (which is good) and with our amount of data the $ is just too much.

Azure Blob storage cant automatically tier and doesnt allow the use of NTFS ACL's - so while the $ are much better - its not going to be a fit for us.

We can buy cheap storage for on-prem and use scripts to move data into archive - but that could be messy, as the data age doesn't necessarily correspond to how often its used - and with no pointer left behind - it will cause grief.

So - has anyone out there in reddit land found a file data tiering solution that works really well for them ?

This is an automated archive.

The original was posted on /r/sysadmin by /u/icedutah on 2024-01-23 05:25:52+00:00.

We have a web based CRM suite that is only for internal network use. Not reachable from the outside unless using a vpn. It's made up of about 12 Windows hyperv virtual machines. Most running Ubuntu.

Would like to be able to move this to some place that hosts VMs on the cloud. But biggest worry would be that it's behind a firewall and only way to connect is through a vpn. Is it possible to create a vm on some hosting site like Amazon. Create a firewall vm like pfsense for example. Then create many other vms behind this?

The reason to move this To the cloud would be to increase uptime. If the main/current location hosting this has an internet outage then every other remote site and users are not able to connect.

This is an automated archive.

The original was posted on /r/sysadmin by /u/HauntingReddit88 on 2024-01-23 04:58:49+00:00.

We use AWS and IPv4 extensively due to our software requirements... we have about 130 v4 addresses currently, AWS are going to add a $4 per month charge for each v4 address which will raise our infra costs by ~$530 per month

I'm looking around at the price for a block, it seems AWS do have BYOIP and a /24 block is ~9k on a certain private auction site (has anyone found lower?)

To me it makes sense to pitch that we just buy a block and route it to AWS, it'll pay for itself within 18 months and we can sell it again if our software devs ever figure our ipv6

Are there any pitfalls here I'm unaware of?

This is an automated archive.

The original was posted on /r/sysadmin by /u/rahvintzu on 2024-01-23 04:21:45+00:00.

In light of SPF limits and the benefits of segregating for improved reputation scoring.

How are people handling subdomain naming?

Originally i was considering generic subdomains so you could have a few vendors under one subdomain.

Example

newsletters.domain.com

Then define three newsletter services under 'newsletters.domain.com'.

The issue here is some providers will want to define their own MX for bounce back and MX validation will fail if multiple are listed.

Is everyone else just going with a one to one mapping for third parties to subdomains?

Example

productname.domain.com

This is an automated archive.

The original was posted on /r/sysadmin by /u/BruBruMan on 2024-01-23 03:38:37+00:00.

Hey guys, so I have an application hosted on IIS. It is accessible by a public url ( eg: mysite.com) which has already propagated to all DNS servers and managed to resolve to machines externally and internally.

The issue is when the client is coming from an external Network, it manages to load the app via the Public URL(mysite.com) . HOWEVER, when clients coming from the internal network. It doesn't load the app and firewall traffic shows server-rst . Have already restarted the web servers but internal users still cant access the app via the Public URL(Obviously via IP Address works )

What seems to be happening here? Thanks.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Creative_Clue5550 on 2024-01-23 03:19:24+00:00.

I have a zebra ZTC 105SL-200dpi loaded with 10cm x 3cm orange labels, configured via CUPS (has two queues, one uses zebra's driver for printing ZPL and the other is configured as a Local Raw Printer for printing PDF labels). all was working fine until now our PDF labels started to appear downscaled by around 1/3. I notice whenever i set the label length manually on the Zebra web interface it gets reset back to 250 when printing to the PDF queue. our PDF labels are generated by programs written in C using the pdfgen library. i've never had any issues printing these until now. Anyone have any suggestions for troubleshooting/resolving this?

This is an automated archive.

The original was posted on /r/sysadmin by /u/Fit-Ground5191 on 2024-01-23 02:59:14+00:00.

We currently have deep freeze installed in our environment of 160 PCs. I am not a fan and would like to move in another direction. What are you guys using to manage lab computers?

This is an automated archive.

The original was posted on /r/sysadmin by /u/IT_addict_1984 on 2024-01-23 02:17:33+00:00.

I have just run a Gsuite to M365 migration for a client using the inbuilt Microsoft migration tool. It has gone successfully and all users mailboxes appear to have come across. The migration batch shows as completed. I have not changed MX records yet as the tech onsite has not had a chance to go onsite to reconfigure the users machines (company is in another country). They can't do all users onsite for a couple of days.

Can I re-run the migration batch again somehow or keep them synced for a few days? I did an IMAP migration for another client the other week and that seemed to stay synced each day until I stopped it. This Gsuite one however just says completed with no option to rerun or sync?

This is an automated archive.

The original was posted on /r/sysadmin by /u/BookkeeperOptimal246 on 2024-01-23 01:47:29+00:00.

Hey Guys and Gals,

I have an odd issue with a client of ours that started when we could not join machines to the domain over the VPN. Initially we thought the engineer pointed the machine at the wrong dns but we have the correct dns server and able to access it, the problem lies in the dns itself I believe.

Their current domain name is Widget but not widget.local or .com like a normal domain in the dns manager. When we do a nslookup from a machine in their local network it comes back as widget.widget and pointing at their DC ip address.

When we attempt the same on the other side it comes back as unknown with the ip of their local DC, we inherited this client without any historical info so not quite sure how it got to this point.

Any ideas what we should do to correct this or transition them to a proper fqdn domain?

This is an automated archive.

The original was posted on /r/sysadmin by /u/vegiemite on 2024-01-23 01:40:07+00:00.

Trying to help an older parent move from the old Windows 10 built-in calendar app to the new Outlook being heavily pushed in the app.

Tried it out and it would be a good move except the calendar in Outlook does not show any of the events from the old calendar app…

Anyone figured out how to migrate that data - it seems a big fail for it not to be done automatically and will be an even bigger issue if they force migrate users this year.

Thanks for any advice.

This is an automated archive.

The original was posted on /r/sysadmin by /u/dartdoug on 2024-01-23 01:34:10+00:00.

Link to ARS article:

Gotta go with the top rated comment:

cough, cough Bullshit. cough, cough

This is an automated archive.

The original was posted on /r/sysadmin by /u/thotpatrol on 2024-01-23 01:29:16+00:00.

Any sangoma/freepbx people out there?

So I've scripted changes regarding SMTP settings and mappings for our freepbx servers that I ran on the back end that works great, besides the fact that it does not seem to update the settings on the freepbx GUI. Particularly, the SMTP settings. They remain what they were even though they have been changed. I've rebooted the system and cleared local browser cache. Even the debug for email option in the GUI works, but the visible settings in the GUI remain the old, even though they are indeed changed.

Is there a way for me to refresh these settings so the GUI reflects the real config? Should I be configuring a PBX config file first and then push the settings down? I want to automate this as much as possible. This would be for multiple servers and for techs who may frequent the GUI to do their maintenance/troubleshooting. I want the GUI to reflect the changes I made so there's no confusion for them, and also me and anybody else in the future.