@justin867 said in Domain Controller Question:

@dashrender said in Domain Controller Question:

What exactly is failing? So far only Print Server, mapped printers is showing access denied

Here's a thought - do you have local DNS? Yes That might be the whole issue here.

If your local DC doesn't have DNS, and you can't get the central DNS servers, that would explain why you can't get to some functions.

But beyond that - I think we need more details on what exactly does and doesn't work. Is printing the only thing affected? Yes Do you have file shares? Yes can you get to the internet? Yes
Can you log into the Print Server server? - Yes
Please tell us about your server setup - is it a single VM host with two VMs (a DC and a Print Server)? DC and Print Server is separated What OS is are the servers? 2012

Can you access the web interface of the printers?
Are the printers mapped via GPO?
Have you tried re-deploying any of the printers (just as a test)?

@jaredbusch said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

@dave247 said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

Of course backups can be encrypted. Anything physically attached to the network is vulnerable to malware/ransomware. The point of all this was clearly explained in my original post.

FFS, think a little.
They cannot be encrypted if the datastore is not accessible to anything except the application making the backup.

Thanks for your rudeness, Jared, it is so helpful.

Yes, I do understand what you are saying, however if a system is connected to a network and other systems, it is not air-gapped / truly segregated from the environment and therefore not 100% safe in a total ransomware situation. All applications have vulnerabilities and a skilled hacker (or insider) or well-made ransomware could still potentially get at it.

Additionally, I am not looking at this as any kind of main backup method - I am just trying to mull over ideas for a very last-ditch, fail-safe, "shit hits the fan but we have offline backups though" setup.

@jaredbusch said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

What is the point of all of this? Crypto does not affect backups. That is why they are backups. They are static.

If you are worried about your backup being encrypted, then don't use a common access. Only give the the Veeam credentials with write access to the backup storage location.

Use Veeam to write to B2 or something similar.

Of course backups can be encrypted. Anything physically attached to the network is vulnerable to malware/ransomware. The point of all this was clearly explained in my original post.

@scottalanmiller said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

@dave247 said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

Yes, its not perfect or ideal, but given that I have stated that I already have thorough backups and am only seeking to add offline/air-gapped copies as an added precaution, I don't think its that big an issue.

The biggest issue is the hardware. How do you plan to connect and reconnect drives because no business class system that does RAID is meant for this to happen. So you either use business class devices that get abused and aren't expected to remain reliable. Or you use consumer gear to get the hotswap portion but don't have overall good hardware.

It can be done, everyone suggests doing it, and there is a reason that it's considered a horrible idea that should never be done. Trust me, there are simple, better ways to do something similar, rule this out and never think about it again. RAID is close to, but not the actual correct tool. The idea of copying the data to another drive is good, but RAID isn't a file copy and that's the underlying problem... this is triggering a disaster recovery mechanism designed for something totally different.

yeah good points.. I just wanted to entertain the idea by posting here and have you guys sway me... a more attractive idea that I had been mulling around was basically a Veeam copy job to a repository with a scripted on/off network connectivity switch on a schedule. That or I just manually plug and unplug the network cable as I mentioned above. LMAO hey it would technically work.

@dashrender said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

@dave247 said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

@scottalanmiller said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

@dave247 said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

I would even think an SSD setup would be more stable in this situation since write time and life time would be a lot better. I only mention spindle drives since its a big blob of data.

SSD is faster, and that helps, for sure. But the real issue is the physical connections and the RAID mechanism, not the drives themselves. Physical drives are a perfectly valid media for your use case. It's RAID being used as an archival mechanism rather than as a disaster avoidance mechanism that causes the problems both in software and in hardware.

Maybe I will just have to set up a network repository and simply plug the network cable in to let backup file copy to sync, then disconnect. That would probably be the easiest way to be honest.

I just wanted some mechanism that forced us to always have a full backup of data sitting offline/air-gapped... but F it lol

Yeah, it’s called tape. And it’s $8k price tag.

Yeah I'm not doing tape and I think the alternate mechanism I proposed is roughly fine, depending on how its approached.

@scottalanmiller said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

To do basically the same thing, what you want is a NAS with local storage (with or without RAID, in this case you are without RAID even though you are using RAID, so no need to have RAID at all) and having a hot swap drive in a mechanism meant to handle this, like a USB style drive, and a script that does a file copy of just the backup, not a block mirror of the drives, to copy the backup to the second drive.

Actually, I just remembered that with the Highly Reliable system, they had Windows software RAID 1 which did a good job in this kind of setup. Yes, its not perfect or ideal, but given that I have stated that I already have thorough backups and am only seeking to add offline/air-gapped copies as an added precaution, I don't think its that big an issue.

@travisdh1 said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

@dave247 said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

@travisdh1 said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

@dave247 said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

In its simplest form, I am looking to add offline/rotated backups to our 3-2-1 backup chain. I just want an offline copy as a final failsafe.

My thought is to get a server or NAS appliance with 2 x 15TB+ drives in a RAID1 which would act as a backup repository for ALL backups, and then have a 3rd drive with which to rotate out with one of the RAID1 pairs. Basically we'd pull out 1 drive and insert the free one and let the mirror complete and then swap it out again the next day, back and forth. This way, there would always be an air-gapped drive with a full copy of all our backups.

The only issues are mirror write-time for ~10TB and actually making sure the mirroring is automatic.

My company used to have a BNAS appliance from Highly Reliable which did just this, and it seemed to do an ok job, except mirror times were pretty long. This was 5+ years ago though.

Any ideas? I'm just trying to get the ideas flowing. I'm sure I could probably do a custom server build for something like this if I have to.

Whatever you do, mucking with the RAID is not what you want to be doing. That is something that would guarantee data loss due to someone entering a setting wrong.

I wouldn't call it mucking with RAID. Its just drive rotations.

Each time you add/remove a drive from the array, you chance clicking the wrong drive, the wrong action, etc. I'd call it unnecessary, mucking about where you shouldn't, and very risky as a few of the more friendly terms.

Not if you follow the correct steps and know what you are doing. Its not anything terribly difficult.

Why do you feel like the removable drives need to be a part of the RAID array?

Because the RAID1 mirror would write the changes to the swapped disk.

The idea is to have Drive 1 and Drive X in a RAID1 mirror, where Drive X = both drives 2 and 3 which would be swapped out daily.

@scottalanmiller said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

@dave247 said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

I would even think an SSD setup would be more stable in this situation since write time and life time would be a lot better. I only mention spindle drives since its a big blob of data.

SSD is faster, and that helps, for sure. But the real issue is the physical connections and the RAID mechanism, not the drives themselves. Physical drives are a perfectly valid media for your use case. It's RAID being used as an archival mechanism rather than as a disaster avoidance mechanism that causes the problems both in software and in hardware.

Maybe I will just have to set up a network repository and simply plug the network cable in to let backup file copy to sync, then disconnect. That would probably be the easiest way to be honest.

I just wanted some mechanism that forced us to always have a full backup of data sitting offline/air-gapped... but F it lol

@travisdh1 said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

@dave247 said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

In its simplest form, I am looking to add offline/rotated backups to our 3-2-1 backup chain. I just want an offline copy as a final failsafe.

My thought is to get a server or NAS appliance with 2 x 15TB+ drives in a RAID1 which would act as a backup repository for ALL backups, and then have a 3rd drive with which to rotate out with one of the RAID1 pairs. Basically we'd pull out 1 drive and insert the free one and let the mirror complete and then swap it out again the next day, back and forth. This way, there would always be an air-gapped drive with a full copy of all our backups.

The only issues are mirror write-time for ~10TB and actually making sure the mirroring is automatic.

My company used to have a BNAS appliance from Highly Reliable which did just this, and it seemed to do an ok job, except mirror times were pretty long. This was 5+ years ago though.

Any ideas? I'm just trying to get the ideas flowing. I'm sure I could probably do a custom server build for something like this if I have to.

Whatever you do, mucking with the RAID is not what you want to be doing. That is something that would guarantee data loss due to someone entering a setting wrong.

I wouldn't call it mucking with RAID. Its just drive rotations.

@scottalanmiller said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

If you want a hard drive as your air gapped backup, you need something that can be plugged and unplugged thousands of times before failing. Otherwise, consider tape which is meant specifically for this purpose.

I would even think an SSD setup would be more stable in this situation since write time and life time would be a lot better. I only mention spindle drives since its a big blob of data.

@scottalanmiller said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

If you want a hard drive as your air gapped backup, you need something that can be plugged and unplugged thousands of times before failing. Otherwise, consider tape which is meant specifically for this purpose.

It wouldn't really need to be thousands of times... its not something so crucial. I'd probably order a couple extra drives to have on hand and replace them as needed or every couple of months or once per year. Theoretically the drives would only be removed M-F, so 310 times per year.

Its more of a low-ish priority type thing where as long as we have some form of recently taken offline backups just in case we have a total ransomware incident, then we're good. I already have multiple backups and replications spread out locally and with a cloud connect storage provider.

@scottalanmiller said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

@dave247 said in offline, air-gapped backups / backup rotation (looking for hardware & ideas):

Basically we'd pull out 1 drive and insert the free one and let the mirror complete and then swap it out again the next day, back and forth.

This is one of those "being weird" situations that comes up a lot. Breaking RAID to try to do a disk copy is a very bad idea. The software isn't built for this, the hardware isn't build for this. It's something everyone has thought of, and no one that has tried it is happy with the results.

RAID is never meant to be intentionally broken as part of the production process. If you want a full copy, make a copy using copy tools and hardware meant to be plugged and unplugged regularly. Hot swap bays are designed to have drives replaced a handful of times in a lifetime.

Yeah that's kind of the general feeling I get. I hear a lot about having "air-gapped" backups now and I've just been trying to think how that would work without using tape.

In its simplest form, I am looking to add offline/rotated backups to our 3-2-1 backup chain. I just want an offline copy as a final failsafe.

My thought is to get a server or NAS appliance with 2 x 15TB+ drives in a RAID1 which would act as a backup repository for ALL backups, and then have a 3rd drive with which to rotate out with one of the RAID1 pairs. Basically we'd pull out 1 drive and insert the free one and let the mirror complete and then swap it out again the next day, back and forth. This way, there would always be an air-gapped drive with a full copy of all our backups.

The only issues are mirror write-time for ~10TB and actually making sure the mirroring is automatic.

My company used to have a BNAS appliance from Highly Reliable which did just this, and it seemed to do an ok job, except mirror times were pretty long. This was 5+ years ago though.

Any ideas? I'm just trying to get the ideas flowing. I'm sure I could probably do a custom server build for something like this if I have to.

@Mr-Jones said in Exchange 2016 Environment DNS entries help:

So either a firewall issue or your isp may be blocking port 25. Is this business internet with a static ip?

Yes. Time to look at the Firewall.

and check your NAT settings ^^

@scottalanmiller said in Trouble with open files/folders on Windows file server?:

This kind of thing is something where stuff like Nextcloud shines, because it has a check in/check out and workflow process. Sharepoint, too.

Yeah actually we recently went to M365 and have Teams and SharePoint. We haven't grown into using everything yet but I suspect there is a better way to do this with those tools.

There are no other network issues and this problem just seems to occur every so often. Sometimes its multiple times a day for a few days, then its all good for a week. I just wanted to know if there is some good solution I'm not aware of.

I'm running into an issue with user's not being able to move documents and/or folders because they are still open by someone, somewhere.

Basically, users have built a process where they have a network mapped drive that contain a bunch of folders and sub-folders that contain various documents (Word, Excel, PDF, etc). Multiple users access those folders and files as different employees have different parts to do in the process. Then, when everything is done and ready, someone will move files and/or entire folders from one place to another as part of this workflow.

The problem here is that many times users cannot move the files or folders sometimes because they get the message that someone has them still in use. Then, I get a call back in IT to request I see who has the file open and/or if I can close those files.

I have to go into Windows Computer Management > Shared Folders > Open Files and then manually search for the folder path and file and then see who has it open. Many times the user reports that they in fact do not have the file open and then I have to manually close the session.

My question is: is there a reason that the file/folder would still be open by the user or computer (perhaps and unrelease file handle in memory) even though they've closed out, or what? What is the cause of this if the user doesn't actually have it open? Are there any tools or settings I can change on the file server, the user workstation or the Microsoft Office apps to fix this?

Never mind - found out that it was one of the October Windows updates that knocked out Bit Locker to go on USB flash drives...

I just recently found out about BitLocker To Go and encrypting USB drives, so I tried it out on a spare 16GB ADATA drive and it worked well. I just had to start up the BitLocker Drive Encryption service in Windows and then right click and enable it on the drive and set password, etc.

Next, I grabbed a couple brand-new Kingston DataTraveler 100 G3 (32GB) drives and attempted to encrypt those - but to my surprise, it didn't seem to be an option. The Windows 10 BitLocker menu didn't show the USB drive as an option and I didn't have the BitLocker option when right-clicking the USB drive. Strange I thought. So I grabbed a couple more random drives I had laying around and it didn't seem like anything would work with BitLocker.

Finally, I grabbed 2 more additional 16GB ADATA drives and tried those and only one of them showed up in BitLocker and would encrypt.

So now I'm just trying to figure out what the heck is going on. Are there only certain drives that will work with BL? Does the drive need to be normal formatted (not quick format) or anything else? BTW I did try that but it didn't seem to make a difference.

I've tried on 3 different computers running Windows 10 Pro (at work and at home), all connected directly to USB 3 ports on the PC. Doesn't seem to matter.

Any thoughts???

Scratch all this. I just had to reach out to my SP/reseller and have them open a ticket with MS, who got back to them right away with a download link and license key.

@Dashrender said in Can't find where to download System Configuration Manager as an M365 admin:

@dave247 said in Can't find where to download System Configuration Manager as an M365 admin:

e MSVLC but in this case, we purchased M365 through a MSP/reseller and the software does not show up in the portal. That said,

ug, more problems because you bought through a third party...

Who was I supposed to buy it from?