@dafyre said in hyper-v bad physical NIC? - vswitch or NIC teaming?:

What does the windows event log look like? (You said this was a gui install, right?)

My lab server is a GUI install, but the production server is non GUI.

@scottalanmiller said in FIPS 140-2 compliance and Ubiquiti VPN:

OpenVPN is FIPS compliant.

It's a cryptographic module that can be inside solutions so the term would be "FIPS 140-2 Inside" technically (As the implementation hasn't been validated).

The G4400 will probably be fine for you then. It's a bit of a slouch but for what you're describing only the power users will notice.

@JaredBusch ZeroTier for the win! Once we got the Ubiquiti VPN configured and working, it proved to be unreliable. At first we thought it was the user, but after watching what he was doing and checking the stats on the ER, we found it was nothing he was doing - it just wasn't reliable.

I tried ZeroTier myself and then set it up for the client and it works just like I wanted it to.

@jaredbusch said in trying to connect to US sites from Germany getting blocked:

@scottalanmiller said in trying to connect to US sites from Germany getting blocked:

@jaredbusch said in trying to connect to US sites from Germany getting blocked:

@scottalanmiller said in trying to connect to US sites from Germany getting blocked:

@jaredbusch said in trying to connect to US sites from Germany getting blocked:

@scottalanmiller said in trying to connect to US sites from Germany getting blocked:

It does,

It does not. Expand your quote of his post and read it again.

@scottalanmiller said in trying to connect to US sites from Germany getting blocked:

my point was that replacing the device he can see mights till not fix things, since the blocking might be at the other end of the WAN link.

Your point is correct, everyone knows that by replacing the router it could potentially make the problem go away or at verify that the router is not the problem. I am not arguing that. But I am arguing how you think you got to that point.

0_1499971993385_Screenshot from 2017-07-13 13-53-06.png

I was responding to what I thought. He mentioned that he couldn't replace that device. And I pointed out that because if there is that filtering going on it's possible to be at the other end of the WAN rather than his end. More likely his, but not certain. A lot of smaller carriers in Europe have their own last mile gear and can filter along the path. For example, in Italy, even with a DSL connection, the DSL originated in my house AND terminated there. It connected to a wireless link next door.

But nothing in any of that text implies that "it is even doing it on the device"

You cannot have it both ways. Your tear the fuck out of people for using the wrong words and responding to someone's words in a way other than what has been wrote.

He was talking about replacing the existing device for the purpose of hopefully removing the filtering with the presumption or hope that that was teh location where it was happening.

No you were.

Nope, read from the top. First mention of port blocking was in the OP. First mention of replacing the gear was by the OP in this one:

0_1499973573480_Screenshot from 2017-07-13 14-19-06.png

The real solution is just don't do bitlocker... Use file level encryption or something similar. I just don't see much utility for bitlocker outside of personal devices.

@momurda said in Why BitLocker with USB key on a server?:

@JaredBusch said in Why BitLocker with USB key on a server?:

Also who the hell updates shit at 3am?

All my clients have backups running at 6-7pm and updates around 9 or 10.

Why the hell wait to find out shit is broke in the morning. No one is left in the office after 7.

Microsoft by default, in the middle of the week as well.

So you let a random MS default setting dictate your business schedule? WTF?

The recommendation I see for this are:

The backup target should be accessible from only very specific accounts. Those accounts should be used for nothing other than the backup software itself or administration of the backup targets. i.e. no one should ever log in as them, etc.

So as long as the hack/virus isn't able to compromise your backup software or authentication mechanism, the backup target should be safe.

@Mike-Davis I have the previous generation of this model, without the LCD panel:
https://www.tripplite.com/OmniSmart-LCD-120V-1500VA-810W-Line-Interactive-UPS-Tower-LCD-display-USB-port-Energy-Star~OMNI1500LCDT
Keeps the wife's desktop, monitor and IP phone (as well as our router) up for a good hour before the battery runs low. Tripp Lite's PowerAware software is OK, it does shut the desktop down when it reaches a threshold (I think I have it set at 50%) and does show all cool status of the power incoming to the UPS itself including spikes and sags.

So HP shipped Enterprise HDDs instead of the desktop labeled drives they had in there from the factory. It took a few hours to mirror each drive and it was totally uneventful. - which is exactly what you're looking for in these types of things.

@Mike-Davis Possibly this https://community.spiceworks.com/how_to/133316-how-to-control-windows-10-and-server-2016-updates-with-wsus

@scottalanmiller said in dual factor auth for screen connector or other remote access?:

https://docs.connectwise.com/ConnectWise_Control_Documentation/Get_started/Administration_page/Security_page/Enable_two-factor_authentication_for_host_accounts

Thanks. Don't know why I didn't look there first.

@JaredBusch said in supporting an office of computers with full drive encryption:

@scottalanmiller said in supporting an office of computers with full drive encryption:

@Mike-Davis said in supporting an office of computers with full drive encryption:

@wrx7m said in supporting an office of computers with full drive encryption:

I saw this marked as solved but can't seem to find the post that mentions the solution/what the OP ended up doing.

I was wondering how much time it would add to my job if I took on a client that was using full disk encryption. After a few posts it was clear that it would be additional overhead.

Yeah, definitely some for sure.

But potentially tiny amounts if you tell them that they must be present for any reboots you need to make.

Possibly. They might be okay with that.

@BRRABill said in best hosted Windows server:

@wirestyle22 said in best hosted Windows server:

@scottalanmiller said in best hosted Windows server:

@Tim_G said in best hosted Windows server:

@dbeato said in best hosted Windows server:

See Vultr is a great thing from NJ 🙂

I never heard of NJ until I heard of Vultr.

It's the warehouse of NYC.

It's also the sewer of NYC

Easy now, Jersey Boy.

😄

@Mike-Davis said in Checking on patch levels with multiple clients. ninite pro?:

For those of you running a WSUS server in the cloud, who should I consider? AWS EC2? Azure? How do I estimate the bandwidth etc that's going to be required each month to keep 140 machines up to date?

If your WSUS server is in the cloud, then you will tell the workstations to download direct from Microsoft. The Cloud instance will have next to no traffic other than checkins.

You setup your clients to talk to your cloud WSUS instance. to know what to update, but tell them to download direct. Why download things twice? Once to WSUS, then once to client.

Your WSUS instance will not download anything except the listings for approval.

Thank you for your feedback on 5nine Manager, guys.
Our goal is to provide an intuitive yet powerful product for complete centralized Hyper-V management experience.
It is now de-facto standard for managing environments with up to 20 Hyper-V host.

Now we are going even further, and prepared a great product, that can help you scale, segregate user management roles with RBAC, automation support and even more. Enjoy!

Beta program for 5nine Manager Datacenter is now open to public:
http://try.5nine.com/beta-5nine-managerdatacenteredition/

@scottalanmiller said in where to find free hyper-v product key:

@JaredBusch said in where to find free hyper-v product key:

No one should ever be buying OEM server licensing today.

Or in the past really, either.

Pre virtualization, it really did save a little money because you left it on that server till it died anyway. Most SMB would never reuse it. By the time their server died, they would be getting a new OS anyway. There was little point in going to VLSC back then for the SMB

@Mike-Davis said in add Google Analytics to Wordpress?:

From what I read, Google says you have to add code to every page. It's advised that you don't edit your theme code.

I know I'm not well versed in this area, and others are, so I thought I would just ask someone that has done it.

There are many popular plugins for it.

There is a bit of a delay since the admin had other services running on his domain controller. He has a SQL that he has to address before he can reboot the other domain controller. I got AD replicating between the domain controllers and DHCP/DNS working properly, but as far as the AD certs, I'm bowing out of this one at this point. I don't know enough about the underpinnings to know how to test it properly since an attempt to set it up was botched halfway through.

I'll be interested to hear myself how it is resolved.

@Mike-Davis said in AD CS hosed - anyone have any experience?:

@scottalanmiller said in AD CS hosed - anyone have any experience?:

So the SBS is the one and only AD in this case?

Sorry, I think we're interpreting the word cluster differently here. When I read that I though you were talking about Microsoft Cluster Server - which is a different technology than multiple domain controllers. He had three domain controllers.

In that case, how do you recover from something like this? Since the FSMO roles are on a 2003 server, do you start running through the various esentutl.exe commands?

Right, I'm talking about an AD application cluster (the set of domain controllers for one domain.) SBS has to be the root controller in order to work. And if you have a cluster (this isn't AD specific but is a general thing about clustering) you can't do restores. If you restore a cluster node like this, you corrupt the entire cluster in many cases, if you are lucky just one node. AD DCs form a database cluster under the hood, which is how they handle failovers, but that means that you have to protect them like a normal database cluster and let them resync from a rebuild, never do a restore.

https://community.spiceworks.com/topic/1988106-ad-logins-dont-work-after-baremetal-restored-windows-2008-dc

Yes, you'll likely need to seize roles on one of the 2012 R2 machines and just retire the SBS 2003 machine.