Passw0rd1sOv3rU5anyone know why id get 14sec clock drift on ntp
Passw0rd1sOv3rU5C:\Windows\system32>w32tm /stripchart /computer:0.us.pool.ntp.org /dataonly /
Passw0rd1sOv3rU5ples:5
Passw0rd1sOv3rU5Tracking 0.us.pool.ntp.org [74.120.81.219:123].
Passw0rd1sOv3rU5Collecting 5 samples.
Passw0rd1sOv3rU5The current time is 6/14/2017 7:10:55 PM.
Passw0rd1sOv3rU519:10:55, -14.2328963s
Passw0rd1sOv3rU519:10:57, -14.2065443s
Passw0rd1sOv3rU519:10:59, -14.2311967s
Passw0rd1sOv3rU519:11:01, -14.2328797s
silentfury-s4provm or physical
Passw0rd1sOv3rU5wm
Passw0rd1sOv3rU5vm
silentfury-s4prothere's a registry enrty for vm's
silentfury-s4prosec
silentfury-s4prohyper-v or vmware
Passw0rd1sOv3rU5hyper-v
sine0small question, some staff have 2 inboxes in outlook exchange and share another email address, this needs to be removed, would this account have been physically added or done at the group admin level
_root_Hi
_root_I was wondering how could I run a SIP server on windows server.
_root_possible?
linerrorany requirements?
linerrorthere's about a dozen foss solutions and 3 dozen paid ones...
_root_free ones is always better :d
_root_linerror, just a software that gives my a SIP server .
_root_*/my/me
linerror_root_, http://www.officesip.com/ would be a good start if you have no requirements other than free and runs on windows
Dus10Skype for Business
Dus10it is SIP-based
Dus10you can drop a SIP-trunk onto it
maddawg2what the hell is this Windows 10 Creator update aboot?
linerrora fancy name for service pack 1
naphtaliUnfortunately there is so little online information available about the Creators Update
naphtaliACTION rolls eyes
kuaharaMicrosoft really is taking the World of Warcraft approach.
Dus10howso?
Dus10I think I see where this is going
Dus10I like it...
Dus10but i need a narrator
kuaharawell, now they're naming their major updates to make them more attractive
Dus10the the expansion packs?
kuaharaPatch 5.8.4 Siege of the Desktop Experience
Dus10I have been out of WoW for a long time
Dus10oh
Dus10well, the next revenue stream is expansion packs, then
Dus10we'll make you pay for an update to a game that you have already bought AND pay a subscription for
maddawg2thy sent me a popup about checking my privacy settings
maddawg2i turned off pretty much everything that invades my privacy in win10 i suspect that check simply changes them back
maddawg2bastards
Dus10Use Windows Server 2016 as your desktop OS
Dus10ACTION does
blkshpmaddawg2: watch the language please :)
kuaharaDo you also game from the company DC?
Dus10uh, it is my personal PC
Dus10not a work system at all
kuaharaACTION can't tell a good joke
maddawg2language?
maddawg2not allowed to use english?
blkshpPlease dont swear in channel, thanks
maddawg2what swear?
maddawg2i'm confused
maddawg2i never said a swear
kuaharago be confused somewhere else
linerrorDus10, advantages over 2012 r2?
Dus10it is 2016
Dus10so everything that it has
linerrorother than the 6
Dus10and it makes it more compatible with Windows 10 drivers
Dus10everything works on my desktop
Dus10Now... my desktop is a Core i7 with 24GB of RAM
linerrordid you have to jump through the same hoops as 2012 r2?
Dus10it also has 1GbE and a wireless adapter... and a nice AMD Radeon with 8GB of RAM
linerroror did you not use e2?
linerrorr*
Dus10what hoops?
Dus10I installed it
Dus10I installed my drivers
Dus10all was well
Dus10I did use Windows Server 2012 R2 as my desktop for some time on my old system
linerrorr2 has things like Audio disabled at the service level by default
kuaharaI love that they're centralizing many of the popular device drivers with Windows Update, but I wish the Windows Update button when adding a new device would just populate Mfr/Model only, then only download the driver you need after you've select the device you're installing
Dus10and I have previously used Windows Server 2008 R2 and 2003 R2
Dus10linerror: that isn't a big deal at all
kuaharainstead of spending 20+ minutes downloading drivers for every model device a mfr makes
Dus10just enable it
Dus10if that is a hoop, then you are safe
Dus10A server doesn't often need sound... so I don't see that being a big deal
Dus10you enable it for VDI solutions...
Dus10and things like this
Dus10it works fine
linerrornot a big deal, no, but the hassle of things i have to deal with, no sound, disable dep and sehop, missing dlls... things like driver packages and applications seeing an odd windows version and puking
Dus10if you can't be bothered to enable a service, how do you work up the nerve to install an OS to begin with?
linerrorevery -- asus -- utility -- failing to install without a greybeard
kuaharathe discomfort of never seeing your OS in the list of supported OS's for desktop software you're paying for
linerrorthe joy of having to manipulate logs to keep paid support from rejecting you...
BobFranklyyou know this channel is logged right?
linerrorby the good users at least
BobFranklyit may not be published, but it is logged :P
kuaharado we sell the logs to vendors?
Dus10well, if you use it as your desktop... you can also talk about your desktop here in this channel and stay on topic
CptLuxxsome people log this to websites..
linerrorACTION has logs going back almost 23 years...
Dus10yeah, some people have no respect
Dus10ACTION looks at Luxx
Dus10I really wish Microsoft woud have better support for clearing the Skype for Business profile from a client
Dus10these cutover migrations can be a pain if a company has multiple versions of the client installed
Dus10you can easily script to have it cleared, but then you have to account for the different versions and their registry paths being different
linerrorBobFrankly, i have logs of this channel back to 3 months of its creation almost 10 years ago :P
Dus10I just deleted my logs
Dus10my logs were too big
CptLuxxyou have quassel
CptLuxxit cant be to big....
Dus10yes
Dus10the database cries, Luxx
CptLuxxeh?
CptLuxxi have 10gb
Dus10the Windows install uses SQLite
CptLuxxand he only cries if you use sqlite
CptLuxx:3
Dus10it cries a lot
Dus10I couldn't get a Linux VM running on my Hyper-V...
Dus10so...
Dus10otherwise, I could run the Linux install of quassel core
Dus10and postgresql
Dus10I imagine I could install postgresql on Windows
linerrorDus10, 240tb online and growing :P
Dus10but, eh... oh well
Dus10linerror: all on OneDrive for Business?
Dus10I wonder if Microsoft would get upset by that
Dus10they offer "unlimited" storage
linerrorDus10, local
Dus10eh, I see no utility in that
Dus10I mean, if you compress it, it should still be around 50TB
Dus10that is a lot of disks to have
Dus10is it all online storage, or do you have some turned off?
linerrorlol that's with dedupe and compression
linerrorand yes, it is a lot of disks...
Dus10so, with dedupe and compression, what is the raw storage like?
Dus1025TB?
Dus10well, dedupe should not matter with compression, anyhow
Dus10compression is dedupe
bewbsdamn
bewbs240tb is a lot
bewbsi only have 45tb online
Dus10not as difficult to do if you have the 4TB disks
Dus10but still
bewbsi have 14x4tb hdd's in my DAS
bewbsi need another MD1000 if i want to expand
Dus10are there larger SATA HDDs yet?
bewbsthere's 8tb out
bewbsfor $189~
kuahara6TB has been out for a while
kuaharabewbs is it reliable?
bewbshasn't proven itself yet afiak
bewbsto new to trust that much data for me
kuaharaI have a bunch of disks in this machine (home PC) that add up to a total of around 5TB. Would love to consolidate
bewbsi have 7x4tb toshiba 7200rpm 128mb cache hdd's that have been in raid5 for 2 years and regularly abused
bewbsand not a single failure
bewbsso i'd say i'm confident in them
kuaharaI've just been buying really mature 1TB disks
mines5_mobileSounds like my laptop before I retired it
bewbsyou can get them from 109-129 based on promotions
mines5_mobileIt was 7 years old I think
Dus10hmm
kuaharadang. didn't know 4TB WD Blues were only $99 regular price now
Dus10I will have to flex my Amazon discount
kuaharaI'm still used to 1TB being $80, but I haven't bought in a long time
linerrorDus10, 240tb of data online in my house right now, about 300tb usable, 360tb raw. 240tb is compressed with dedupe. that's not counting workstation storage (about 60tb direct on this machine alone)
Dus10Are you making money with that?
Dus10If so, I could understand
Dus10but otherwise, I wouldn't be doing that
Dus10or, saving money
mines5_mobileI mean, for personal content storage it might be useful
mines5_mobileBut only if he has a butt load of 4k content
Dus10yeah
Dus10I mean, you would need.... a ton
Dus10like a personal archive of the Internets
Dus10well, of useful stuff off of the Internet, at least
mines5_mobileLTT has nearly a petabyte just for such a reason
kuaharawhere are you finding 8TB?
linerrora lot of media, video and a ton of audio, mixed media
kuaharabest drive I can find is a 6TB WD black for $359
Dus10yikes
Dus10not worth it, yet
Dus10for that price
kuaharathat's for black
Dus10if you can get 4TB for <$100
kuaharaa 6TB red is $194
linerrorkuahara, shucked a few dozen wd 8tbs and got some nice hgst helioshpere drives
bewbswhat
Dus10linerror: do you have something wiretapped?
bewbsare you in europe or something crazy
kuaharabewbs who? me?
bewbsyes
kuaharaTexas
Dus10same thing
bewbsthen you definitely should be able to find better prices
linerrorDus10, i have a raw packet capture of my wan traffic on a 14 day loop... but no...
Dus10I just do packet capture of DNS
bewbshttp://www.frys.com/product/8919543
bewbshttps://www.newegg.com/Product/Product.aspx?sdtid=10229656&SID=5b43e53451da11e78b260e86e249807d0INT&AID=10440897&PID=1225267&nm_mc=AFC-C8Junction&cm_mmc=AFC-C8Junction-_-cables-_-na-_-na&Item=N82E16822178951&cm_sp=
linerrorkuahara, 8tb mybooks are about $200
bewbsyou can toss the enclosures and put it in any computer
ne_nehi guys
kuaharathat newegg one is poorly reviewed
bewbsi love/hate those reviews
bewbsMy biggest complaint is that it's advertised as "8TB" but there's only 7.27TB available. I've owned 4 other externals in the past so I realize it's not uncommon for there to be a discrepancy. But c'mon...nearly 3/4 of a TB!? I feel cheated. That much space missing warrants advertising this as 7TB & not 8.
ne_nedoes anyone know about file dedup with win2012r2 servers ?
bewbsif you read the reviews, the people are mostly just retarded
ne_nei've enabled it and i'd like to know where i can find the list of deduplicated files
ne_nemany thx
kuaharabewbs, the review system that hasn't failed me yet for amazon/newegg that I use is this: Add up the 5 and 4 star reviews for the product. If it is 80% or more of the total reviews, it's probably worth it. Provided there are a reasonable number of reviews.
bewbs3 star 3 out of 5 eggsWorks But I Don't Trust It
CptLuxxyou dont understand how this works ne_ne
kuahara1 review at 5 stars doesn't mean anything
CptLuxxits not file based... dedup
Dus10ne_ne: files aren't deduplicated
bewbsit works, he gave it 3 stars for working because he didn't trust it
Dus10blocks are deduplicated
bewbscome on
kuaharabewbs, my system allows you to ignore all that stupid crap
kuaharayou don't have to worry about someone dinging the product 1 star for the blue light being the wrong shade of blue.
ne_neblocks are deduplicated, right, but is there any file or log that contains a list of dedup files ?
TLoFPbewbs: don't you love the ones that go: "Nice item. Not what I wanted. 1 star"
bewbsyup
Dus10there aren't deduped files, ne_ne, that is the point
bewbsthe manufacturer should be allowed to petition reviews like that being removed
Dus10so since there aren't deduped files, there can be a list of deduped files
bewbsfor people just being retarded
Dus10*can't
TLoFPbewbs: I think amazon should do that
CptLuxxi can give him a list
mines5_mobileOr a unuseful review threshold
CptLuxxALL
TLoFPbut then you run into review censorship...
Dus10there yo go
bewbsthreshold would work
mines5_mobileIt reaches a certain point and it's removed
ne_nethx Dus10
bewbsso many people say it's bad then it's no longer counted in the aggregate
kuaharaseriously. if 4 and 5 star reviews > 80% for products with 200+ reviews, it's probably fine
TLoFPfair enough as long as it is still there
kuaharaproducts with only 3 reviews aren't mature
TLoFPjust have a checkbox for me to select. something like "Show dumb-a$$ reviews."
TLoFPby default this could be off
bewbsi think i've only ever given a product a 1 star in my lif
bewbse
Dus10well, some folks are rather free with their 1 stars
bewbsit was a motherboard that listed SLI support. when i asked the seller to verify he said "yes, it has it". i only bought it for that purpose. when i got it, no SLI support.
kuaharathere's a mom joke just waiting to be told here
mines5_mobileThat justifies a one star in that case
TLoFPbewbs: but is that a product review or a seller review?
mines5_mobileBecause false advertisement
bewbsboth
TLoFPbewbs: seems you should have knocked the seller, not the item
bewbsi flat out asked him
bewbsi specified everything in the review
TLoFPbewbs: unless the item ACTUALLY claims support
khelpwis it bad that in those situations I'll post a 2 star review and then write in the text of the review "Should really be 0 stars, but if I rated it 1 people wouldn't believe me"
TLoFPbewbs: fair enough
bewbsit was a solid board, i liked it
bewbsbut it's one feature i needed it didn't have
TLoFPbewbs: I think this is an amazon problem. There is no difference between seller review and product review, they are all lumped together
kuaharabewbs, why didn't you just look that up for yourself before you bought it?
bewbsi did
bewbsit said sli
kuaharayou can look up what chipset each motherboard has before you buy
bewbsbut it wasn't a name brand
kuaharadoesn't matter
mines5_mobilePeople lie on Amazon all the time
bewbsSLI support requires a hash key purchased from nvidia in the bios
TLoFPbewbs: right so from a product perspective you bought the wrong thing. Can't knock the product. (Not saying you made a mistake: the seller was horrible.)
kuaharapeople lying doesn't matter either
bewbsthere's no hardware enabling it
mines5_mobileFinding the right product can be torturous sometimes
bewbsit's a software thing
kuaharaYou just look up what chipset it has. If it supports SLI, that's all you needed to know.
kuaharathe motherboard mfr and the chipset mfr aren't the same
kuaharaand for years, if it was SLI, it was going to be one of nvidia's
bewbsthe bios is where it's enabled
bewbsnot necessarily the chipset
bewbsbecause there are c602 chipsets with sli, and some without
kuaharaalso, the only SLI boards worth buying are eVGA's
kuaharanot buying eVGA is a mistake there anyway :)
bewbsi ended upwtih an asus sabertooth x79
bewbsevga's solid though
bewbsbut hard to find x79/c602's
kuaharaerr... sorry
kuaharayes, asus for the board. eVGA for the video card itself
kuaharaI won't buy video cards made by anyone else
kuaharaand I love Asus' sabertooth boards
mines5_mobileWhy though?
bewbsmy video cards are msi and nvidia atm, previously i had all evga's
kuaharamines5_mobile why only evga for the video card?
bewbslifetime warranty
mines5_mobileAh, I see
kuaharabewbs not anymore, but everything evga used to sell was lifetime warrantied
bewbsah
bewbsshame they ended that
kuaharaand their customer service was absolutely solid. you could have spilled coolant onto a motherboard they made, admitted fault in destroying the product
kuaharaand they'd overnight ship you a new one, no questions asked
kuaharaand they'd cross ship so you didn't have to do without hardware for a few weeks
kuaharathey don't do lifetime warranties anymore. They do really long warranties, but I think they got tired of replacing 10 year old cards with 2 year old cards
kuaharaso you have to pay extra for 10 year warranties now. It's not unreasonable.
bewbswell at 10yr...
bewbsthough my gtx580 died
linerror5 year is plenty
CptLuxxwe a far away from topic
bewbsthe 580 was 2010, so 7 years
bewbsthat was the only reason i upgraded a couple months ago
kuaharaif I start knowing things, we're definitely off topic
bewbsone card of my sli died
kuaharaI think that's how we measure how close to topic we are
bewbsanyway
bewbsstorage spaces and 7x4tb hdd's has worked extremely well for me
bewbsi'm going to set up teams of teams for nic's this weekend
bewbs2x1gb copper nic's teamed, then failover team that team with a 10gb fiber
bewbsbecause my 10gb switch went down the other day and my whole network crashed
bewbsbecause my hyper-v servers are on the 10gb switch
linerroreak
bewbsso if i put the 2x1gb into the 96port gbit switch it will fail over if the 10gb goes down again
bewbs10gb lost it's stack connection and tried to reboot to regain it
bewbsunsuccessfully
bewbsturns out the link went down at the other switch, but the other didn't realize it
bewbsstacking bandwidth is 144gbps
bewbsIn a full, pure Stack of ERS 5600 models (a Stack of eight Switches), the Stacking bandwidth is an Industry-leading 1.152Tbps.
bewbsstunningly fast
bewbsi just have 2 though
mines5_mobileGotta go fast?
bewbsalways
bewbsfire off 15 vm's who's storage is on the storage server, the hyper-v servers need those vhd's right away
bewbshighest i've seen it is around 700MB/sec
mines5_mobileThat's fairly impressive speed
bewbsit's 6x480gb ssd's in raid5
mines5_mobileIt'd probably go faster if the HDDs were SSDs
mines5_mobileNvm then
bewbsthat hits 1.9GB/sec in disk speed tests
bewbsi'm trying to figure out where the next bottleneck is
bewbsspeed within vm's is actually pretty shitty
mines5_mobileProcessor/RAM may be at fault
mines5_mobileBut I can't really say on that because I don't have as much expertise in that field
sepeckACTION smacks bewbs with a rolled up language newspaper
bewbsif i copy an ISO from the ssd array to a vm(who's vhd is on the ssd array), i get like 40-60MB/sec
bewbs*crappy
bewbsgranted it's pretty much going up the 10gb line and back down but that shouldn't be the limit
_root_ACTION says there is no good and easy software to run a SIP server on windows o_O
TLoFPbewbs: could it be because it is a dynamic disk?
bewbshonestly i don't know. i'm at about the edge of my knowledge on this subject
TLoFPbewbs: also what OS is the host?
bewbsserver 2012
TLoFPguest?
bewbswin8
TLoFPI have the same issue different setup
TLoFPhow do you copy from disk to VM btw? via network drive?
TLoFPand what does your performance counter tell you about the disk usage?
bewbssmb share
bewbslooking at resource monitor it shows disk queue length at 5 for the T: volume
TLoFPI am guessing that SMB share is installed on the Host?
bewbswhile D: is 0.05
bewbsyes
bewbsT: is pretty busy though
TLoFPT is your SSD array?
bewbsyes
TLoFPand what is D:
CptLuxxfloppy raid
bewbs7x4tb
TLoFPso you copy from D to T?
TLoFPand T has your VHDX?
TLoFPhow many other VMs have their vhdx on T?
bewbsit's all vhdx
bewbsi copy from D: or T: to vm and it's all about 30-50MB/sec
TLoFPthe raid of ssds is for a single VM?
bewbsthere are ~20 vm's with vhdx's on T:
TLoFPcan you shut them down?
bewbscan't
TLoFPwell
TLoFPlook at their disk usage with performance monitor
TLoFPone or many of them are likely hogging the disk
bewbsthat's what i was looking at. T: is showing disk queue length of 5, while others were < 1
bewbsthe biggest hittes are the sql servers to t:
bewbsbut i have 300 applciation servers utilizing the sql servers
bewbsnot large data, just lots of small ones
TLoFPlook at the "Hyper-V Virtual IDE Controller"
TLoFPthen see which one of your VMs is going insane on the IO
bewbsunder what
bewbsi'm in perf mon
TLoFPthis is where others might help more. I plot "normalized" throuhgput
TLoFPright
TLoFPnow add counter
bewbsi'm not seeing where to do that
TriptichI'm having a rough time migrating our kms server from 2003 to 2012.. the new server doesn't seem to be compatible with Win7 kms keys, our Win8 kms keys work fine.... anyone been down this road before?
TLoFPif you right click then you see "add counter"
TLoFPthen on the left side under "avialable counters"
TLoFPyou actually want to look for "Hyper-V Virtual Storage Devices"
TLoFPexpand that
TLoFPselect Normalized THroughput
TLoFPthen select all of the vhdx that you have
bewbsright click what, i'm not getting anything like that under performance monitor
TLoFPand hit add
TLoFPright click your graph in perf mon
bewbsi can add/hide columns
bewbsnothign happens when ir ight click the graph
TLoFPimg of what your look at pls
TLoFPoh
TLoFPI think I know what you are looking at
bewbshttps://i.snag.gy/8f1BGu.jpg
TLoFPthats resource monitor
TLoFPnot perf mon
bewbsah got it
bewbsthat only lists vhd's hosted locally
TLoFPyes
bewbsadding the other servers
bewbsi have error, flush, read bytes, read count, write bytes, write count
TLoFPbetween read and write counts you can probably find the problem
bewbslooks like sql is doing the brunt of it
TLoFPmy guess is that it is an IO issue
TLoFPso if you pause that vm, probably your throughput will go up
bewbs150m/sec
TLoFPnice
bewbsnot mb
bewbsthe read/write count is 150,220,797/sec
bewbssorry write count
bewbsread count is 89mil/sec
bewbsi'm not even sure i'm reading this right
bewbssql does more htan every other server combined
bewbsmaybe sql should get it's own ssd
bewbsi should note that not within the vm, i get screaming fast speeds between hdd's
bewbsD: and T:
bewbssolid 200MB/sec between D: and T: and D: and E:
Dus10hmm
Dus10so... does anyone know how many days of service a Microsoft DPS voucher equates to?
Dus10I have never really paid attention to it before
ZewWhat are people using for end device A/V?
CptLuxxme trendmicro
TheRabbitTrend, but it doesn't matter
ZewI found trend was slow on the ball
Zewfrom the latest attempts of attchements in emails I generally find Sophos is the main one picking them up on VirusTotal
CptLuxxslow?
ZewI know its a bad file, used Trend A/V to scan, returns clean
Zewput in VirusTotal shows its not clean by other AV vendors
Zewso yes, slow
CptLuxx.....
CptLuxxif thats your test okay
ZewHow do you test agaisn't multiple AVs?
Zewplease provide an alternative method
CptLuxxi read some test like av test#
CptLuxxlol
CptLuxxand well
CptLuxxevery av sucks and its snakeoil
CptLuxxbut hey.. some people want it
Zewhence VT is a good option
CptLuxxvt?
ZewVirusTotal
Zewits not an agent
Zewbut you can check against multiple AV vendors
Zewam I the only one who uses VirusTotal?
CptLuxxno
qbrixnever heard of it
qbrixoh weird, apparently I have visited their site
qbrixI guess we do use it!
qbrixnot my team specifically
TLoFPwhat parts of the motherboard use -12V?
CptLuxx##hardware
BobFrankly^
linerrorTLoFP, parts that need 24v...
NonSecwitteror the parts that need +12v if you put the leads in the wrong place
dopiwanDumb question but here goes... what happens when an AD account becomes Expired, can you Un-Expire it?
BobFranklyyou have to throw it away or heavily discount it before the FDA catches on
tang^I don't know what happens exactly, but yes you can change the expiry date
tang^lol @ BobFrankly
linerrordopiwan, the account is disabled.
dopiwanwhen an AD account hits expiration date it goes to an Expired state so how would changing the expiry date reset the Expired state?
BobFranklyACTION wonders if you can simply delete the expiry date
dopiwanset-aduser -accountexpirationdate $Null ?
BobFranklynaybe
tang^expired state might be an active check if (expiry date is passed) expired=true
tang^change/remove the expiry date and re-enable the account
BobFranklymy guess (lit a guess) is login? | if (check-expirydate -eq $true){disable-account}
dopiwanGuess i'll make a test account
linerrorTLoFP, old ISA, Vesa and PCI slots had a -12v pin for 24v and 17v power options, some old hardcards used it but as of agp and pci-express nothing.
BobFranklyACTION re-reads his psuedo-code and shakes his head
tang^I am only familiar from the user standpoint. I have a test account that's had to get it's expiry moved a few times now.
dopiwanInterestingly enough I dont see an Expired attribute or any relevant booleans but technet plebs saying "Expired" seems to be a thing
tang^oh, I can't log in. hey, IT, is this expired? yes? can you give me two more weeks please??
BobFranklyget-aduser dopiwan -properties * #look at the first 2
sepecktang^: please submit a security ticket to enable the test account fo the new date.
sepecktang^: we're seriously hard cases on this :) For this very reason. This nickle and dime crap. Then when they try and blame us fo rwhatever, we have a documentation trail
tang^sepeck: I'm glad I don't work at a company with that kind of request structure
tang^sepeck: but fair enough
CptLuxxi wish i would work at a company with that kind of structure
tang^I just have to point one of our nerf guns at IT and fire to get their attention
sepeckwe have several hundred devs who fail at planning and communications but seem all about pointing fingers
tang^and, probably, a return volley
sepeckalso,l Security team is responsible for accounts, so not IT :) which helps.
dopiwanBobFrankly: Correct, again Technet nerds saying there's an "Expired" attribute but doesnt seem to exist
sepeckAccountExpirationDate and accountExpires
sepeckI see it. first two items
dopiwanRight
dopiwanso what actually happens when an account hits it's ExpirationDate ?
sepeckgranted,t he number is AccountExpires seems to need some decoding
dopiwanwhat nmechanism prevents logon
sepeckyou can no longer log on with it
dopiwandoes it get DIsabled?
tang^yes
HarlockCptLuxx would you know why, in a shadowprotect backup job that has been running fine for months, "sbcrypt" would no longer ask for the encryption password?
CptLuxx?
CptLuxxhow you mean?
CptLuxxwhen you create the job.. you enter the encryptin password and done
Harlockyep
CptLuxxit nevre asks you for it
Harlockin the log you see it
Harlocksbcrypt asking for the password
Harlockin a normal running job
CptLuxxah hm
CptLuxxdont know
CptLuxxi never check the logs :x
Harlockeven when jobs fail?
CptLuxxonly if an error occurs or the restore dont work
Harlockso you have never run into such a log
CptLuxxyes
Zewwho ever wrote the original dsacls, did an amazing job
Zewpress f7 for current cmd window history
Zewthings you learn
CptLuxxwat
Zewif only there was a persistent cmd history
CptLuxxWAT
CptLuxxi never.. seen this
ZewStart -> type "CMD"
Zewtype a couple cmds
Zewpress f7
CptLuxx...
CptLuxxi know cmd Zew
ZewWat
CptLuxxnever seen this f7 function
ZewWAT
Zewi know me either
blkshpI tought that to a Microsoft Trainer once!
Zewthings you learn
CptLuxxZew
CptLuxxyou know alt+f4
CptLuxxtry it
ZewNoo? WAT
ZewI used to say that in gaming chats all the time
Zewcmon
ZewUnlimited ammo, press ALT+f~
Zewf4
xnomarwow i never knew about F7 in cmd prompt. sweet
ZewI just wish it was persistent
xnomarahh that would be real nice
Zewhttps://serverfault.com/questions/95404/is-there-a-global-persistent-cmd-history
Zewif only MS would implment clink
xnomarhmm might not be a good idea for delete cmds
Zew?
Zewwouldn't you want to know if there ever was a delete cmd run
Toaster_Strudelhttps://www.google.com/search?q=persistent+shared+%2Bfolder+outlook+2016+-mailbox+-cookies
Zewif there was a persistent cmd log between different users, that would be one amazing helpful auditing feature, no?
Toaster_StrudelI'm not trying to connect to another mailbox!
Toaster_StrudelI just want a specific shared folder in that mailbox
ZewToaster_Strudel: Your issue sounds familiar, but I don't know the answer
Toaster_Strudelsomoene help my google foo here?
Toaster_StrudelI was talkin about it yesterday but got pulled away
compdocits exchange?
Semt-xcan anyone imagine the problems that ocure when a customer combines an Active Directory migration with a windows 10 upgrade, and a file serrver migration
Semt-xall at once
Semt-x2500 users, ~90 locations worldwide
furmeladewell yes?
furmeladeeverything breaks
Semt-xhalf of which are satelite connected ships
furmeladelol
furmeladegl hf
CptLuxxSemt-x i can go onsite if you need one :P
Semt-x:)
Semt-xcustomer ignored all the warnings, and now the fun starts
weqyou don't do them all at once, but stuff like SCCM & branch cache makes easier. I've done a ton of migration on satelite ships like that.
Semt-xheldesk has no idea where to look for the problem
Semt-xweq me too :) this is my second offshore company i do
Semt-xbut the first one, listened and we did everything step by step
Semt-xthis customer decided to combine three steps at once
Semt-xand ignore all the warnings
dopiwanSome customers need hand holding, some need a bullet...
khelpwWhat's that saying again? You can lead a horse to water, but sometimes it's easier to drown it than lead it all the way back again thirsty?
khelpwpretty sure that's how it goes.
pun844Is there a tool that would show whether or not a PC is fully up to date when you've got a WSUS server in place? I am just trying to confirm that my WSUS server isn't missing critical security updates
t0fu|workyeah, check for updates from MS update
t0fu|workif it shows up to date before, then you check ms update and it pulls a bunch of criticals you can cross check wsus
SysTompun844: https://www.microsoft.com/en-gb/download/details.aspx?id=7558
Toaster_Strudelcompdoc: 365
Toaster_Strudelpun844: used to be one..
Toaster_Strudelcalled MBSA
Toaster_Strudelwill check security patches
pun844AWESOME, this is exactly what i was hoping to find thanks - ill give it a shot
pun844Ah, its not for windows 10 ? :(
Toaster_Strudelhttps://answers.microsoft.com/en-us/windows/forum/windows_10-update/microsoft-baseline-security-analyzer-mbsa-for/507bcb52-63e3-4712-b494-ef74c395d8c6
Toaster_Strudel:(
Toaster_Strudelyou could probably make a script fairly quickly with QFE
Toaster_Strudelhttps://msdn.microsoft.com/en-us/library/aa394391(v=vs.85).aspx
Toaster_StrudelI'd imagine that still applies to windows 10
Digzwindows 10's update system has changed, so it may not apply... but I don't know :)
Toaster_Strudelif they got rid of QFE I'll be pissed
Toaster_Strudelwe haven't made the full switch yet
Toaster_Strudeldoesn't say it doesn't work
Minnebohow fast does DFS sync?
Toaster_Strudelbut I wouldn't expect documentation to be updated on microsoft.com
Minneboor how fast should it sync
Toaster_StrudelDFS sucks
MinneboI know :p
Toaster_Strudelunless you are running ALL windows file servers
Toaster_Strudelit depends on sites and services
Minnebojust two servers (used it for migration)
Toaster_Strudelit shouldn't have to sync many times. How ofted does sites and services change?
Minnebowanted to make sure all files are copied so I made a folder in the old server
Minnebowaiting like 15 min, and folder didnt show yet on the new one O_o
Toaster_Strudeloh, that is a different question
Toaster_Strudelthat will depend on a number of factors
Toaster_Strudelbut it sounds like something isn't working correctly
Minnebomkay
MinneboThe DFS Replication service stopped replication on volume E:. This failure can occur because the disk is full, the disk is failing, or a quota limit has been reached. This can also occur if the DFS Replication service encountered errors while attempting to stage files for a replicated folder on this volume.
Minnebobut the E is not full :(
Toaster_Strudelcheck the server logs
Toaster_Strudelcheck the service
CptLuxxMinnebo
CptLuxxThis failure can occur because the disk is full, the disk is failing, or a quota limit has been reached
CptLuxxfailing.. quota or something other
Minneboits a vmdk, 50GB free... never use quoata's :(
CptLuxxmh
Toaster_Strudeltroubleshooting
Toaster_Strudelkeep checking them off the list
Toaster_Strudelwhat else?
Toaster_Strudelyou may find dfsutil.exe helpful
Toaster_Strudelmaybe not for this specific falure, but worth mentioning
MinneboSERVER_EstablishSession Failed to establish a replicated folder session. connId:{FC377100-92BA-47A1-9067-4210C7DFF04D} csId:{8B404C99-B21A-4DE6-A918-FFB4965CD42D} Error:
Minnebo+ [Error:9028(0x2344) UpstreamTransport::EstablishSession upstreamtransport.cpp:808 11676 C The content set was not found]
Minnebogetting further!
Stryykercheck event viewer for any other issues detected near then
ZewWoooooo! My buddies Web Application is Live! WooooHoooo!
CptLuxxlets hack it Zew
JedicusMy web dev is using a mac to get to an IIS7.5 web server using SMB. I think it's something the mac is doing, or perhaps in concert with IIS, but he keeps locking files and folders and then can't rename, delete, etc. I used handle.exe and the only processes that have handles to the files/folders are w3wp.exe and system-pid4. What would make IIS or system lock files it's serving? This is a big web site, so I can't really
Jedicusbe stopping the worker process.
Minnebopfff
ZewCptLuxx: Probably had a better chance at hacking the PWM implementation when it was live
Minnebocan't I just make a copy job to copy the missing files
Minneboused dfs for a migration anyway
Zewthe amount of attacks my IPS picked up on, was disturbing
Minnebobut I don't want to overwrite stuff
CptLuxxi see
ZewJedicus: using impersonation auth?
ZewAlso I'd blame the fact their using a mac :P
Zewthey're
naphtalithe air
Digzoops of the day: right-click on OU, do group policy update, send it to 600 workstations..... of which most of them get the message: "policy has updated that requires a logoff, log off now? Y/N" - oops. That's it, I am going home! :D :D
MinneboCptLuxx,
Minneboxcopy source target /d /s
blkshpDigz, I once moved all preproduction servers into a McAfee HIPS deployment group and installed individual client configured firewalls to 200+ servers rendering them all unable to connect. Luckily automatic process was in place and it knew after 30 minutes it wasnt a server and uninstalled
blkshpcould have been worse, could have been the procutions ones!
ZewCan't say I've ever seen a "do group policy update" context menu on an OU
CptLuxxMinnebo
CptLuxxi never used xcopy
Zewwho uses xcopy
ZewRobocopy ftw
DigzZew: From Group Policy Editor. I don't think it shows on regular ADUC.
furmeladexcopy is deprecated
furmelade...
CptLuxxyep only on the editor
Zewso you are right
Zewinteresting
ZewGPMC has the context menu
jcottonhttps://www.petri.com/microsofts-moves-windows-server-rapid-release-releasing-two-feature-updates-per-year
Digz1:30 PM: Digz does group policy update to 600 computers. == 1:40 PM ServiceDesk: Hey, did you do something, users calling they get a GPO update message?
Digz*hides behind monitors*
DigzPEBCAK event of the day. I'll stop touching stuff today! :D :D
jcottonactual blog post https://blogs.technet.microsoft.com/hybridcloud/2017/06/15/delivering-continuous-innovation-with-windows-server/
TheRabbitbasically pay monthly or get stuck with your old versions
jcottonTheRabbit: there's LTSC
TheRabbitI know
TheRabbitat least they are committing to LTSC
jcottonthat being said WHY DOES SERVER INSIDER NEED AAD CREDS?
jcottonhuff
MinneboZew,
Minnebowhat is the command for robocopy?
TheRabbit.\Robocopy /?
Minneboto copy only files that are not in target or where the target is older?
Minnebojust want to be sure >_< didnt use it before, its 5TB of data, can't f it up ;p
furmelademake a test run before?
furmeladeand read the documentation?
Minnebothanks
Minnebojust say
MinneboI don't know either
khelpwso for those of you who were present for my stupid failover cluster testing questions yesterday I figured out the missing piece to the puzzle. The storage server cannot be a part of the cluster.
Minnebokhelpw, google
khelpwdespite the storage from that storage server being applied as a cluster disk.
Minnebomake a testrun
khelpwthis was the test run...I did google...
khelpwbut this is a stupid setup to begin with, it's basically HA between 2 instances of MS SQL across a couple of VMs on the same host, my difficulty came from the fact that I was trying to keep it entirely contained on that host without using a NAS or other external shared storage device.
sauli just created an AD account on one DC
saulbut i cannot find it in the list of users on a client machine
furmeladeoh wowe someone got mad
furmeladefor not getting spoonfed
sauli cant see it on my other domain controller actually
sauldo DCs take some time to synchronize ?
khelpwYeah it can take a couple minutes, saul
furmeladeyes
furmeladeyou can force a replication tho
furmeladeeither via AD sites and services or repadmin
sauli'll wait a bit i guess then
saulwell i see why it's not replicating, i tried to replicate through ad sites and i get an error
saul"The naming context is in the processof being removed or is not replicade from the specified server."
sauli imagine it wont replicate on its own if it doesnt work manually
khelpwYep, safe bet.
saulso now i have an actual problem
saulhttps://support.microsoft.com/en-us/help/2023704/troubleshooting-ad-replication-error-8452-the-naming-context-is-in-the-process-of-being-removed-or-is-not-replicated-from-the-specified-server.
saullol "Wait."
saulor "Make originating changes in the right places"
saulhow specific lol
saulshould it matter if the DCs are on different 24 bit subnets ??
xnomarofcourse it does
sauli had no idea
saulthey can reach other though, there's a route between them
xnomarcan't replicate to something you can't contact
saulof course but they are reachable to each other
saulmy cisco switch handles routing between the subnets
sauli find it hard to believe you're not allowed to have DCs across more than a single subnet heh
kidn3yserrr, there is nothing wrong with having DCs on different subnets as long as they are reachable
kidn3ysain lab uplinks for MPLS purposes terminate on a metro cluster on bvi's, over which I run more cross connects to points to link in hardware, and on top of that, I still managed to run another cross connect terminating in a PW-HE
kidn3ysdoh
sauli went ahead and added the new DC's subnet to the list of 'subnets' in AD sites and services
kidn3yssaul: is this at the same physical location?
saulyeah
saulthe old DC is a physical box, the "new" one is a VM, they're feet apart, just on different subnets
kidn3ysshould be fine as long as their is reachability
sauli took over a really old setup that uses win2k3 as their main DC
sauli segmented the network and added a win2012R2 machine, but im using the 2003 functional level because of the old DC
kidn3yswe typically do two dcs per site for redundancy, and each on a separate subnet to limit the affect of individual failure domains
saulthat's kind of what im trying to do kidn3ys
HEROnymoushaving all yer DCs on a single subnet would be nuts
saulbut these guys are not talking to each other apparentlyl
HEROnymoussaul, is it because 2003? :/
saulHEROnymous: i dont see why, you can add new DCs and keep the 'functional level' at 2003
saulor whatever it's called
kidn3yswas the new DC built on that subnet?
saulyes kidn3ys
sauland joined the domain no problem as a domain controller
HEROnymousI dunno, I mean in theory, but I've never tried any leap that large (assuming you're doing 2012r2 or 2016 now)
saulit has the users and OUs and everything, i just noticed the issue when i added a user on the 2012r2 box and it never showed up in the 2003 machine
saulor on any client machines, for that matter
kidn3ysYou might also consider checking out the firewall rules if windows firewall is enabled, I've found a lot of the rules only allow traffic from the local subnet that the server resides on
saulkidn3ys: good call
kidn3yssaul: and you said you tried to manually replicate via sites and services?
saulthey can ping each other but that's not enough
saulkidn3ys: indeed
saulkidn3ys: that's where i get the error i mentioned
HEROnymousyou may also have acls/rules on your layer3 gateway for packets traversing different networks, too
kidn3ysand that fails?
saulHEROnymous: good call as well but im sure it's full access
sauli will check firewalls though
sauli detest the 2003 DC, not for being old but for being in Spanish
saulfinding things is really hard because it's all translated
kidn3yslol
saulok the firewall isnt active
HEROnymousso many jokes... but far too racist to share...
HEROnymoussomething about picking up sysadmins in front of home depot
saullol
kidn3yssaul: which direction were you attempting to replicate?
saulkidn3ys: from 2012r2 to 2003
kidn3ysso you created the user on the 2012 box?
saulkidn3ys: if i go into sites/services on the 2003 machine, and enter the 2012 machine and go to "ntds settings" i dont even see the new 2012r2 machine lited
saulkidn3ys: right
saulcreated user on 2012r2, cant find it anywhere else on the domain
kidn3ysdoes the 2012 box show up in AD on the 2003 box?
saulkidn3ys: yep
saulit's under "domain contollers" in 'users and computers' app
kidn3yshrm
CptLuxxi bet he is still on frs
kidn3ysbrb, beer.
sauli'm an AD newb, i will admit it, but it doesnt make sense heh
saulmaybe i should have just added another 2003 machine in english and used that ;/
furmeladelol yeah good idea running unsupported OSs
saulinteresting
sauli tried to replicate, on the 2012r2 machine, from 2003 to 2012r2 and i get a different error
saul"RPC server is unavailable"
saul"condition may be caused by a DNS lookup problem"
furmeladeits always dns....
furmeladehttps://www.isitdns.com/
CptLuxxis this.. the best website in the internet?
furmeladeyes
saulman this issue is going to put me into a coma
kidn3yssaul: have you tried replicating from the 2003 box first?
kidn3ysand then back the other direction?
sepeck2003 is EoL you WILL have problems. However, check that they are both can communicate on the same version of SMB
sepeckthere are sites that will answer how.
saulkidn3ys: i get different errors
kidn3yswhat errors?
kidn3ys2003 still holds all the FSMO roles, right?
saulright
saulsepeck: for what it's worth, this is all going to be legacy very soon
TLoFPso... is it possible to run a VPN on a desktop you are connected to remotely?
sepeckwell, it's legacy now. Just not where you work
TLoFPor will the VPN by necessity destroy your connection to the remote desktop?
kidn3ysTLoFP: depends on the type of VPN. if it's a split tunnel, more than likely
sepeckTLoFP: depends on the VPN and options in the VPN, but yes, most defautl settings will nuke your other connecctions by default
TLoFPdamn
CptLuxxyou want split tunneling TLoFP
TLoFPyea. I am afraid my work probably didn't implement that one right
TLoFPnow I have to go home and hope the VPN works on my VM
TLoFPbut what about the Hyper-V itself, will it be able to connect to the VM once the VPN is launched?
saulthis ancient AD crap is there to support an even more ancient ERP software. once we migrate i'm going to enjoy scrapping all of it
sauli'll just create a new forest/domain using 2012r2 and it'll be peachy as can be
saulall servers in english!
saul(i'm in latin america, but sysadmins and engineers who cant handle english can gtfo)
Alagargood evening all
Alagaris any good free windows patch management like wsus ?
CptLuxx"free"
diabillicspiceworks do patching?
CptLuxxcomodo one
AlagarCptLuxx: thank you,
AlagarCptLuxx: compare than wsus, Comodo one is good ?
CptLuxx*sighs*
VaevictusAlagar: what's wrong with wsus?
AlagarVaevictus: Thank iam sorry, iam new to wsus, so just iam asking, could you please help me to get one good online learning link for wsus ?
AlagarVaevictus: Also could you please recoment one good free patch management
Vaevictuswsus is free patch management, and what most of us use.
Vaevictusi don't have good learning tools for it, and don't have any other recommendations
Vaevictusinstall it, approve all the patches, done.
CptLuxxread the topic
BobFranklyalagar: microsoft virtual academy is the usual "learning" resource we point to around here. Not sure if they have classes specific to WSUS in there
CptLuxxthere are some links to read.. and mva
BobFranklyif there's nothing specific to "wsus" on MVA, then it's likely a subtopic of their Windows Server classes
deceptionsolarwinds has messed up their monthly billing once again
deceptionnever have i seen an accounts receivable department more disconnected from the rest of the company