@Danp My humble homage to Gilda Radner and Roseanne Roseannadanna.

@Danp Hey Dan, I don't think it's on the xcp-ng forum but I had come across something on the XO forum about it. Don't have the post nearby but it's a known issue.

@scottalanmiller

Yeah... just did the whole IT Crowd turn it off and turn it back on routine and now it's working again.... going to email their support to see about re-instating the article

This is a configuration I have for AD with Unifi APs using RADIUS

SSID
c8fc6bbc-4100-43a0-b22a-a9ed6602bd50-image.png

RADIUS Profile in UNifi
c0cefead-a9e5-43d5-ae0b-7514a24654b1-image.png

NPS Connection Request Policies
APs are configured under RADIUS Clients with the Authentication password used on the RADIUS profile in the Unifi Controller.
b1ae5e7f-9929-4bb0-9201-f611c134f126-image.png
Policies
efbc0274-d174-4a78-891d-97d2f0bf3b0c-image.png
e845192a-8846-4136-b7fc-091d4e294bb7-image.png
Nothing to change here
2560bb73-6b15-4872-970c-1f34f105b3d0-image.png

**NPS Network Policy **
c5099fb8-2878-4a6d-986a-938dbda77e54-image.png
e25485fb-3694-4d97-94f9-67a515551531-image.png
7264e0ad-dfe8-4a35-8f92-36b68db0ac7f-image.png
Under the Editing of the PEAP settings make sure to select your CA Certificate Authority
5804bed9-4d88-48cd-a5f4-336a82bb7f88-image.png
cb1a9740-a219-4a60-8786-2f7cc21b4bb9-image.png

@Dashrender said in MSTP with multiple instances - Yea or Nay:

@notverypunny said in MSTP with multiple instances - Yea or Nay:

@scottalanmiller said in MSTP with multiple instances - Yea or Nay:

Are the VLANs needed? What are they for?

Traffic isolation / functional separation / security. Servers / Management / endpoints / VDI / Wifi / telephony etc etc etc

One would ask if any of those are needed today?
Functional separation I could see if you have two desperate networks but need to use a single ethernet fabric. I have that, my Guest WiFi has it's own firewall and own internet connection, yet we share the APs. it's on it's on VLAN with no routes between prod and guest.

But on the prod side, in a LANLess world, is that really needed? Of course, few of us likely actually have LANLess set ups.

Skimming through the LANLess explanation @travisdh1 posted a while back, I think we're somewhat a mashup of it and segmentation. Some of the VLANs in question are end-point only and as such the security isn't as tight as the ones that are used in the server-room / data center functions. If I were designing something from scratch, LANLess would certainly be something to consider, but since this is far from a new build, I doubt I could start to justify the headaches that changing VLANs and IP addressing would entail.

To come back around to my initial question, can anyone point me to any pros / cons with regards to having multiple instances of spanning tree given that we no longer have 2 devices acting as root bridges?

@warren-stanley said in chocolatey by any other name???:

Just had a quick look at whats available, I'm on an Insider build so winget is installed

PS C:\> (winget search).count 169

Apparently there's issues with dependency-resolution though.

Nothing MS comes out with is a viable production-usable solution for at least a couple years.

@notverypunny said in Disabling Spectre Mitigations in 2020:

My understanding was that they were essentially a shared code-base so I'm at a loss as to why such a performance difference.

Same basic code base, but with different settings, limits, and features.

@scottalanmiller said in OpenManage Enterprise Gotcha:

@dbeato said in OpenManage Enterprise Gotcha:

@notverypunny said in OpenManage Enterprise Gotcha:

@dbeato said in OpenManage Enterprise Gotcha:

@notverypunny said in OpenManage Enterprise Gotcha:

OpenManage Enterprise

That's why we put it on a VM.

Yep, it's a vm.... but the VM and the iDRAC were set to share the same NIC on the host (whoever did the initial hardware setup didn't want to / couldn't use the iDRAC's dedicated NIC)

Weird, We use dedicated iDRAC all the time.

I think "didn't want to" is the key language there 😉

Yeah... dealing with things that someone else setup is always interesting to say the least

@JaredBusch said in ipv6 @ home:

@Obsolesce said in ipv6 @ home:

@notverypunny said in ipv6 @ home:

Thoughts on using IPv6 at home? Pros and cons? I'm not running it at present and was wondering if anyone has any recommendations either way.

Chances are that your router already has a public IPv6 address and block from your ISP and your computers are already using them.

WTF? Using the ISP router? Because that is the only way for that to happen by "chance"

Huh? No idea what router he is using. Mine wasn't from the ISP. I bought it off of Amazon many years ago and ipv6 was g2g by default.

@Pete-S said in SAS to USB:

@scottalanmiller said in SAS to USB:

@Pete-S said in SAS to USB:

Always best to replace with identical drives with the exact same firmware - which you're not getting if you are buying new drives.

I've never had this experience. What's the concern? I'm not saying I have lots of experience one way or the other, just never seen an issue like this and wondering what happens.

You might have to upgrade the firmware on the older drives as well as firmware on the controller just because you want to replace one old drive.

It also depends on what you mean with "new" drive. Is it new model or new old stock.

In my experience, new as in shipped from Dell as a replacement, so it could be either.

And I have never had an issue plugging in a drive and it just working and beginning a rebuild. Unless the drive was not empty.

Connecting the drive to anything, starting DBAN for a moment, and then cancelling out works enough.

Theoretically there could be a link aggregator somewhere down the line that is putting loads of smaller connections together to create this effect by accident.

@Dashrender said in Active Directory change logging / auditing:

@Obsolesce said in Active Directory change logging / auditing:

@scottalanmiller said in Active Directory change logging / auditing:

@notverypunny said in Active Directory change logging / auditing:

@JaredBusch said in Active Directory change logging / auditing:

Netwrix works well. I know people that have purchased it and love it.

The product looks good, but from an IT perspective I don't like the licensing as it's on a per AD user model, (which IT has no control over) whereas ManageEngine is based on a per DC model which is much easier to manage.

Is there a reason IT should have control over that? All IT expenses are just business expenses anyway. Just make it a per-seat cost like other per-seat costs. You already have to pay for Windows, Office, CALs, and whatever else "per seat", it's just another line item for whoever is paying for those.

So why dig a deeper grave?

Why not lay out exactly what you are talking about, what you consider the option to be?

Because I'm not an IT buyer and don't just buy the first turn-key product with a pretty web interface I find. I can see the appeal, especially for a smb with no staff, or an MSP with no time. The thing is, for those solutions, you may end up doing and maintaining more in the end anyways. Not always, but depending on the environment and how it changes over time. Yeah, maybe a turn key solution is best, I don't know the environment at all, just one requirement, which is literally no need for third party product and can be completed in an hour, without needing much if any maintenance.

@Dashrender said in MDT Resources:

I make an image once per major update from MS, so twice a year - roll out that image, install the latest Cumulative Update

I also just do that - I just import the stock WIM from the MS iso and use that. Everything else is GPO, PS and PDQ Deploy.

@IRJ said in All in one backup appliances:

@scottalanmiller said in All in one backup appliances:

@notverypunny said in All in one backup appliances:

OK, maybe I mis-spoke. Nothing community / unsupported.

Oh, that's entirely different. No connection to open source there. Open source has more support, not less.

Community versions of commercial products definitely help find bugs. Support is generally well searchable and many people are knowledgeable about it since it is more widely used than paid versions. Being able to have a community product where you then add support and features to it, is ideal.

Absolutely.

C'mon guys, I might as well just join Reddit if everyone is going to be so touchy.

@notverypunny said in Have computers gotten boring, or is it just me?:

@IRJ said in Have computers gotten boring, or is it just me?:

@Pete-S said in Have computers gotten boring, or is it just me?:

@notverypunny said in Have computers gotten boring, or is it just me?:

So, all kidding aside (about me becoming the boring thing) is there something that I'm overlooking or missing out on or have computers and OSs in general gotten really boring over the last few years? I used to recall getting interested in new features, a new distribution or a DE's latest release not so many years ago. Now it seems that things are more or less the same across the board... a boring game of IT theme and variation. Anyone else seeing the same thing(s) out there?

It's your age (as in experience). And the fact that the technology is becoming relatively mature.
It's natural to not feel enthusiasm when you see something similar for the 15th or 30th time.

If some completely new mind-boggling technology showed up, you'd probably feel like a kid again!

He should go play in the clouds 😉

Ouff, cloud..... being forced to play there but not exactly enthusiastic about the whole idea.... damn I'm starting to sound (and feel) like an old curmudgeon 😛

Cloud DevOps is pretty damn cool. You can spin up complex and secure environments in automated fashion that IT people only dreamed about 15 years ago.

Cloud Infrastructure and Autoscaling is definitely interesting as well. You think differently about deploying servers and can easily restore things in a disaster.

Cloud DR is awesome.You could potentially have your entire infrastructure in warm storage that you can deploy very quickly, and only pay storage costs.

Cloud Security is all whitelist only and is very granular. Cloud is much more secure than on-prem in most cases

When you price systems on their site, they have options to select for this purpose. Although, I don't know if they charge a service fee or subscription on top of the cost of options they list. This is for a Latitude 7400 2-in-1. More info: https://www.dell.com/en-us/work/shop/help-me-choose/cp/hmc-prodeploy-client-suite

081e83b1-3d19-46b5-9a25-95eb302d7c3f-image.png

@Dashrender
Yeah, further troubleshooting shows that DMZ1 can't initiate communication to anything that's on the other side of the FG. Will be testing against stuff in the management subnet tomorrow. Also going to try enabling asymmetric routing as a short-term test. Otherwise it's going to have to be an all-at-once move, which we were hoping to avoid.

Thanks to all for the suggestions and just for a place to get this out of my head and somewhat organised.

@notverypunny said in XenServer Supplemental Packs:

@DustinB3403 said in XenServer Supplemental Packs:

@notverypunny said in XenServer Supplemental Packs:

@DustinB3403 Going through the 7.1 version of the same thing right now. Not much is making it through this sinus headache / migraine though.... Maybe another coffee will help. From what I see on the XCP-ng forum they're trying to move away from the notion of supplemental packs in favor of standard rpms.

Yup, because SPs are essentially private, where as the entire XCP-ng project is FOSS. It makes it way easier to just run yum install <something> and keep it all updated with the yum upgrade

Makes perfect sense for the XCP-ng project, but playing with yum and adding repos would put our hosts in an unsupported state with Citrix. Other way I might be able to do this is some sort of query over SSH from a linux machine to the bare-metal (Dell idrac) and / or the XenServer install. FusionInventory does wonders with SNMP for network devices and printers but I haven't seen anything that applies to my setup.

You'll have to build an SP, and use that to ensure you can maintain your support from Citrix. Nothing else would fly with them.

@Pete-S said in May 2019 Patch Tuesday Problem(s):

Classic stupid mistake by Microsoft.

Classic clueless end user mistake!