We have been migrating all of out physical server to virtual ones running inside Hyper-V. There are two beastly machines running with a SAS shared between them, that way if one of them dies we can just grab the image and spin it up on the other server.
And when I say we, I mean a developer who has taken over most IT stuff (which I thanked him for, I don't have the time).
Everything has been running relatively smoothly. I just got my trial of ArcServe Backup running (which is awesome) and felt good about my disaster recovery options. The phone rings this morning at 7:00 AM. It was the developer.
"I was installing some updates on the two host machines and rebooted them. When they came back up the two virtual servers were simply gone."
They were gone. The folders were empty. This is the worst possible thing that could happen. Ever. He had grabbed a snapshot of one of the servers about 14 days ago, restored that, and started to restore files from my last backup, which was just under 24 hours old. The other server he rebuilt from scratch but it wasn't working yet.
This is what I walked into this morning. Suddenly I really don't trust the SAS, but I have no idea why a reboot would destroy multiple virtual servers.
TBH, sounds like someone hiding their mistakes.
I thought of that, but I have no proof because I did not set up the Hyper-V servers or the SAS (frankly, because I don't know how), I am just batting clean up when things go bad.
what does this mean:
"The other server he rebuilt from scratch but it wasn't working yet"
he was building VMs from scratch; or, he had to rebuild one of the host hyper-v servers?
regardless, if the san/sas was setup properly, as was the cluster. this could pretty much never happen (without doing some major damage to both hosts at the same time).
Oh hey there 10 second delay. I didn't know we had an office on the fucking space station.
VOIP is fine as long as your network infrastructure is tight. You basically need to have managed switches with VLAN and QoS capability, properly set up, and fast (<200ms) pings between sites. If you can dedicate WAN bandwidth between sites, that's good; if you can have VLANs and QoS function between sites, that's even better.
But you have to have that infrastructure. It's not optional. Dropped packets, out-of-sequence packets, slow pings are a minor annoyance when browsing the web and are usually completely invisible to back-end services like email; but with VOIP they will kill you. And everybody will blame the VOIP vendor, not the shitty infrastructure.
Feral on
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
Apothe0sisHave you ever questioned the nature of your reality?Registered Userregular
edited October 2010
So, anyone know why the domain controller or exchange server might submit a new CSR every day (and why granting the request seems to have no effect, and by extension why no one is complaining about whacked our or otherwise missing certs?)
Will be keeping an eye on this thread. I'm basically the junior programmer who also has to take care of server stuff. We're such a small IT company (~15 people) that we basically have no dedicated sysadmin.
theSquid on
0
Options
lwt1973King of ThievesSyndicationRegistered Userregular
So, anyone know why the domain controller or exchange server might submit a new CSR every day (and why granting the request seems to have no effect, and by extension why no one is complaining about whacked our or otherwise missing certs?)
It might be corrupted? I had that on a DC that had a bad restart. The cert got corrupted and I had to create a new one.
lwt1973 on
"He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
0
Options
lwt1973King of ThievesSyndicationRegistered Userregular
Anyone with experience using Blackberry Enterprise Server 6's web piece know if there's a better way to monitor when a server has problems communicating with attached devices? One of mine gakked in the wee hours this morning and we had no idea until help desk started taking calls twelve hours later. Currently the only way I know of monitoring all users on a particular server is to use the advanced search, select a server, and sort by last contact time.
I have BES 4 running here. You can set it to alert someone when an event level happens through smtp. The configuration is under server properties.
lwt1973 on
"He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
0
Options
mrt144King of the NumbernamesRegistered Userregular
edited October 2010
So I'm about to roll out Win 7 to all my babies towards the end of Q4;
I have Symantec Ghost 10.x.x but it's not working for Win 7 images. Is there any other imaging software you guys use that is Win 7 compatible?
AIK has many tools. And since when has disk space been an issue?
Since I didn't know that USMT 4.0 was required for a Win7 migration and I had to download the entire toolkit while on-site :P
TL DR on
0
Options
TL DRNot at all confident in his reflexive opinions of thingsRegistered Userregular
edited October 2010
So I've been working on this Cisco 871 firewall for a few days now, and I'm not really getting anywhere. It was set up for one of our clients by their previous (incompetent) IT company, accessed through the server by this SDM software. After a power surge it was suspected dead and reset to factory defaults by a 'helpful' ISP tech.
I've managed to get into the damn thing with a serial -> ethernet adapter cable, but it seems that the internal workings are the stuff of voodoo and mystery. It locks up if I try to connect a patch cable while in a serial PuTTY session. It loses the config, even if I "copy running-config startup-config", defaulting to the ethernet ports being administratively down.
It doesn't respond to the SDM software, giving a message that I'm supplying the wrong credentials or there's a firewall issue or the router isn't configured properly (pretty frustrating, since I copied in the config we saved from the week before). I've gone through the help documentation and made all the configuration changes without incident, although it returns an error on one step:
Router (config) # line vty 0 4
Router (config-line) # privilege level 15
Router (config-line) # login local (unrecognized command, only wants to let you point to an access list)
Router (config-line) # transport input telnet
Router (config-line) # transport input telnet ssh
Router (config-line) # exit
Have you got the right serial settings set? Specifically, are you using 7 or 8 bit? I've seen that happen when people use 8 bit on it.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
0
Options
TL DRNot at all confident in his reflexive opinions of thingsRegistered Userregular
edited October 2010
I was told to use 8. I'll try 7, thanks.
This is frustrating in part because the commands and interface are so unintuitive and non-standard. Want to reboot? Guess what the command is. If you guessed 'shutdown', 'reboot', or anything else you may have seen in a modern system, you're wrong. It's reload because Cisco has to be a unique snowflake.
Personally I prefer using linux and setting up IPtables and using it as a firewall, so much more you can do with it and it tends to be cheaper. I think our CISCO cost about $1,000 with only DES for VPN.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
0
Options
TL DRNot at all confident in his reflexive opinions of thingsRegistered Userregular
edited October 2010
We've been using SonicWALLs and have been transitioning to pfSense, it's just this one client that has the Cisco. And I just got word that our new, very large client has Cisco infrastructure as well.
And now that I've been wrestling with this thing all week, I'm pretty much the 'Cisco guy'
I ended up resetting the thing to factory defaults, but still can't get into it via SDM. Gives me a general 'check your IP address, check your firewall, check if it's a valid image' message.
My current headache has been Symantec 10 clients that scan their own definition updates...with Symantec's suggestion of "please update to a newer version to fix"...
Cause you know, clients LOVE to pay for new stuff, especially magical licenses.
We've been using SonicWALLs and have been transitioning to pfSense, it's just this one client that has the Cisco. And I just got word that our new, very large client has Cisco infrastructure as well.
And now that I've been wrestling with this thing all week, I'm pretty much the 'Cisco guy'
I ended up resetting the thing to factory defaults, but still can't get into it via SDM. Gives me a general 'check your IP address, check your firewall, check if it's a valid image' message.
on the bright side at least that's sure to come in handy down the road since the vast majority of the market uses cisco ;-)
Now if you had told me that three days ago I could've fixed it. Instead I get angrily attacked by my boss because people have been complaining all week of it being slow. Slow. The first time I actually heard of it was today when they were like "so what's going on with everything being slow?" And I go "uh what?"
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
It took me all of 10 minutes to fix the problem that was causing the slowdown. So instead of telling me right away and me fixing it in the same day, they decided to wait a week and complain to the boss.
Thanks, that's really swell of you.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
You just need a helpdesk email that they can send ALL their problems too, including running out of staples, cause thats IT's job...
Ticket based IT is easier to manage, but some users don't seem to get what all IT does...
My favorite ticket of all time was the mailroom clerk whose job description apparently also included inspecting the bank every week. We got a gem that indicated the ceiling fan in the lobby was dirty and needed to be cleaned "because it's very unsightly when customers are nearby."
Yeah lemme dispatch a field tech, lady.
IronKnuckle's Ghost on
0
Options
TL DRNot at all confident in his reflexive opinions of thingsRegistered Userregular
edited October 2010
"Hey this this has been vaguely broken for weeks, why are you dropping the ball" is my favorite IT complaint
Here's a good question for other IT people. We've been trying to find some good video conference software so that the IT department can have a weekly meeting. We've got offices in Seattle, Portland OR, and Monaco, along with a dude that occasionally shows up in Australia.
Obviously lag is the issue, and we've not had too much trouble with the video by using Adobe ConnectNow. It's audio though is crap, we think it trys to sync audio with the video and its just not possible, with audio skipping in and out, or people sounding like robots or they are underwater.
We're currently using Skype for audio, and its okay, but we've yet to have a meeting where it doesn't freak out on someone, or have connection issues, etc.
Ventrillo = 8 people on a free server max, so thats out. (we average 12+)
I tried to get them to give Mumble a shot but the one persons computer it decided to freak out on was my Bosses...so that killed that plan.
Feel free to suggest free/pay software, though likely it would have to be free to get it put into use in my company.
So I've been working on this Cisco 871 firewall for a few days now, and I'm not really getting anywhere. It was set up for one of our clients by their previous (incompetent) IT company, accessed through the server by this SDM software. After a power surge it was suspected dead and reset to factory defaults by a 'helpful' ISP tech.
I've managed to get into the damn thing with a serial -> ethernet adapter cable, but it seems that the internal workings are the stuff of voodoo and mystery. It locks up if I try to connect a patch cable while in a serial PuTTY session. It loses the config, even if I "copy running-config startup-config", defaulting to the ethernet ports being administratively down.
It doesn't respond to the SDM software, giving a message that I'm supplying the wrong credentials or there's a firewall issue or the router isn't configured properly (pretty frustrating, since I copied in the config we saved from the week before). I've gone through the help documentation and made all the configuration changes without incident, although it returns an error on one step:
Router (config) # line vty 0 4
Router (config-line) # privilege level 15
Router (config-line) # login local (unrecognized command, only wants to let you point to an access list)
Router (config-line) # transport input telnet
Router (config-line) # transport input telnet ssh
Router (config-line) # exit
Chances are something got fried. You can test whatever it uses for data storage by creating a junk file and tftping it to the default folder on the cisco equipment. Or you could simply try renaming the config file, do another copy run start, and then reload it.
Check the directory again after the reload and see if your renamed file is still there. If it's not then your memory is having issues.
Does it not accept any changes, even without a reload, or does it just not accept them period? Firewall's aren't 100% my thing yet, and I dunno how old the iOS is on the unit, but check and make sure that the interfaces are either down/down or administratively down/down.
If you don't have anything plugged into it on the other end then the interface will stay down in the config.
Your "login local" issue may be due to not having a password set for the firewall itself or an enable password, which would be setup with "enable secret 7 password". Go to the config level and input "username username password 7 password"
Once you get that setup, you can do an "enable password service encryption" or something similar to that. If it asks for an encryption level/number always choose 5 as it is the better encryption.
Now that you have a local username/password setup you can try "login local" and see if it takes it.
Oh hey there 10 second delay. I didn't know we had an office on the fucking space station.
VOIP is fine as long as your network infrastructure is tight. You basically need to have managed switches with VLAN and QoS capability, properly set up, and fast (<200ms) pings between sites. If you can dedicate WAN bandwidth between sites, that's good; if you can have VLANs and QoS function between sites, that's even better.
But you have to have that infrastructure. It's not optional. Dropped packets, out-of-sequence packets, slow pings are a minor annoyance when browsing the web and are usually completely invisible to back-end services like email; but with VOIP they will kill you. And everybody will blame the VOIP vendor, not the shitty infrastructure.
That's not even the most difficult part either. You have to have special equipment. The Cisco side just requires dedicated routers/switches that you can upgrade to the correct iOS. Then it's just tagging a VLAN with a DHCP pool, running QoS at the global level and then putting each individual interface into the phone VLAN with QoS running.
The hard part is tagging phone mac addresses with IPs and phone numbers, running the proprietary switches from companies like Lucent along with Occam or Cisco backend. And then there's the server that actually handles the VOIP handshake. Basically you dial a number, your IP phone hits the server with a number and it points it in the right direction and makes the sync and acknowledgment and then removes itself from the equation and lets the switches do the work from there.
The worst thing to come into work with on Monday is some one freaking out that they lost an important file. Okay that will be easy I'll just restore from the backup. 9 time out of 10 though the user saved it on their hard drive and not the 10 millon network drives we provide them.
Cut to going over to their computer and opening up "My Computer"....."What are all these letter things I have never seen these before!?"....
Guy has 5 gigs of documents on his C drive. Sometimes I wonder how people do their jobs and have no idea how to work with documents in the network drives......D:
"Hey this this has been vaguely broken for weeks, why are you dropping the ball" is my favorite IT complaint
Yeah. I get this a lot, especially since I'm often going into clients where I'm taking over for crappy/lazy/incompetent former IT guys. So the employees have basically lost any hope that their problems will ever be fixed.
I like to just walk around my offices and ask random people, "Hey, how's it going? With your computer, I mean? Anything bugging you?" Usually people open up. And every so often I'll ask key people, official management or the unofficial really active leadership types, "Hey, I've been wondering... are there any longstanding problems I might not know about? Say, something that runs slow or is kind of glitchy, but everybody just tolerates it without complaining?"
That's with my contract clients, though. Obviously if somebody only calls me when they need occasional break-fix support, I can't do that.
Feral on
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
The worst thing to come into work with on Monday is some one freaking out that they lost an important file. Okay that will be easy I'll just restore from the backup. 9 time out of 10 though the user saved it on their hard drive and not the 10 millon network drives we provide them.
Cut to going over to their computer and opening up "My Computer"....."What are all these letter things I have never seen these before!?"....
Guy has 5 gigs of documents on his C drive. Sometimes I wonder how people do their jobs and have no idea how to work with documents in the network drives......D:
Are they desktop computers?
Redirect their My Documents and Desktop to the server. You can do this with a roaming profile, or you can do this with the User Shell Folders registry key. (I prefer the regkey. It's a little harder to manage, but performance is a lot better.)
Yes, that means you're going to be wasting storage on people's iTunes Music folders and crap like that, but storage is cheap. Just add iTunes and iPhone related strings to the exception list in the backup.
If they're laptops... that's a little harder. One free and easy solution that I've made work well is to remove the "My Documents" icon from the desktop and replace it with a shortcut that says "Laptop Documents." Then I'll also add a shortcut right next to it that says "Server Documents." Then when I give the user the laptop I impress upon them that the laptop documents are on the laptop and the server documents are on the server.
The vast majority of users get the message.
There are technical ways of solving the problem too but I've never found one I've really loved. I prefer just strong user education and constant reinforcement.
Feral on
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
I know that I get a lot of complaints that the internet is slow.
Thanks, I'll get right onto fixing that.
Or, you know, maybe sharing a DSL line that was downgraded to 128k with an office of 7 people is not going to be speedy.
Block Facebook.
Seriously.
Facebook is bandwidth-murder. Especially since peoples' excuse is "well, I only check it a few times a day." Sure, but you leave it open all day long, and even if it's in the background it's continually checking in with Facebook's servers.
When I put in web filters and start running metrics, it is without fail the biggest bandwidth hog every single time. The combination of facebook.com, fbcdn.com, farmville.com, and zynga.com often accounts for 20-30% of the total http traffic.
Feral on
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
Posts
what does this mean:
"The other server he rebuilt from scratch but it wasn't working yet"
he was building VMs from scratch; or, he had to rebuild one of the host hyper-v servers?
regardless, if the san/sas was setup properly, as was the cluster. this could pretty much never happen (without doing some major damage to both hosts at the same time).
Infrastructure at main office: 4 dumb 100M switches, 2 dumb gigabit switches. Only one switch supports VLANs or QoS.
VOIP tech: "Yeah, 80% of VOIP deployments in flat networks just work fine without QoS. So I said 'let's try it and see what happens!'"
One does not simply walk into Mordor, and one does not simply "just try VOIP" in production to "see what happens."
the "no true scotch man" fallacy.
Oh hey there 10 second delay. I didn't know we had an office on the fucking space station.
VOIP is fine as long as your network infrastructure is tight. You basically need to have managed switches with VLAN and QoS capability, properly set up, and fast (<200ms) pings between sites. If you can dedicate WAN bandwidth between sites, that's good; if you can have VLANs and QoS function between sites, that's even better.
But you have to have that infrastructure. It's not optional. Dropped packets, out-of-sequence packets, slow pings are a minor annoyance when browsing the web and are usually completely invisible to back-end services like email; but with VOIP they will kill you. And everybody will blame the VOIP vendor, not the shitty infrastructure.
the "no true scotch man" fallacy.
It might be corrupted? I had that on a DC that had a bad restart. The cert got corrupted and I had to create a new one.
I have BES 4 running here. You can set it to alert someone when an event level happens through smtp. The configuration is under server properties.
I have Symantec Ghost 10.x.x but it's not working for Win 7 images. Is there any other imaging software you guys use that is Win 7 compatible?
Edit: From what I understand, Win7 installs are already image-based.
and it comes with 2008 (R2) i do believe
Can we talk about how the User State Migration Tool for Windows 7 now requires the installation of the 3.5GB Windows Automated Installation Kit?
Since I didn't know that USMT 4.0 was required for a Win7 migration and I had to download the entire toolkit while on-site :P
I've managed to get into the damn thing with a serial -> ethernet adapter cable, but it seems that the internal workings are the stuff of voodoo and mystery. It locks up if I try to connect a patch cable while in a serial PuTTY session. It loses the config, even if I "copy running-config startup-config", defaulting to the ethernet ports being administratively down.
It doesn't respond to the SDM software, giving a message that I'm supplying the wrong credentials or there's a firewall issue or the router isn't configured properly (pretty frustrating, since I copied in the config we saved from the week before). I've gone through the help documentation and made all the configuration changes without incident, although it returns an error on one step:
Router (config) # line vty 0 4
Router (config-line) # privilege level 15
Router (config-line) # login local (unrecognized command, only wants to let you point to an access list)
Router (config-line) # transport input telnet
Router (config-line) # transport input telnet ssh
Router (config-line) # exit
This is frustrating in part because the commands and interface are so unintuitive and non-standard. Want to reboot? Guess what the command is. If you guessed 'shutdown', 'reboot', or anything else you may have seen in a modern system, you're wrong. It's reload because Cisco has to be a unique snowflake.
Personally I prefer using linux and setting up IPtables and using it as a firewall, so much more you can do with it and it tends to be cheaper. I think our CISCO cost about $1,000 with only DES for VPN.
And now that I've been wrestling with this thing all week, I'm pretty much the 'Cisco guy'
I ended up resetting the thing to factory defaults, but still can't get into it via SDM. Gives me a general 'check your IP address, check your firewall, check if it's a valid image' message.
Cause you know, clients LOVE to pay for new stuff, especially magical licenses.
on the bright side at least that's sure to come in handy down the road since the vast majority of the market uses cisco ;-)
"What's slow?"
"Everything"
"The database system?"
"No Everything else"
"The form manager?"
"No just faxing"
Now if you had told me that three days ago I could've fixed it. Instead I get angrily attacked by my boss because people have been complaining all week of it being slow. Slow. The first time I actually heard of it was today when they were like "so what's going on with everything being slow?" And I go "uh what?"
Ticket based IT is easier to manage, but some users don't seem to get what all IT does...
It took me all of 10 minutes to fix the problem that was causing the slowdown. So instead of telling me right away and me fixing it in the same day, they decided to wait a week and complain to the boss.
Thanks, that's really swell of you.
My favorite ticket of all time was the mailroom clerk whose job description apparently also included inspecting the bank every week. We got a gem that indicated the ceiling fan in the lobby was dirty and needed to be cleaned "because it's very unsightly when customers are nearby."
Yeah lemme dispatch a field tech, lady.
Obviously lag is the issue, and we've not had too much trouble with the video by using Adobe ConnectNow. It's audio though is crap, we think it trys to sync audio with the video and its just not possible, with audio skipping in and out, or people sounding like robots or they are underwater.
We're currently using Skype for audio, and its okay, but we've yet to have a meeting where it doesn't freak out on someone, or have connection issues, etc.
Ventrillo = 8 people on a free server max, so thats out. (we average 12+)
I tried to get them to give Mumble a shot but the one persons computer it decided to freak out on was my Bosses...so that killed that plan.
Feel free to suggest free/pay software, though likely it would have to be free to get it put into use in my company.
Chances are something got fried. You can test whatever it uses for data storage by creating a junk file and tftping it to the default folder on the cisco equipment. Or you could simply try renaming the config file, do another copy run start, and then reload it.
Check the directory again after the reload and see if your renamed file is still there. If it's not then your memory is having issues.
Does it not accept any changes, even without a reload, or does it just not accept them period? Firewall's aren't 100% my thing yet, and I dunno how old the iOS is on the unit, but check and make sure that the interfaces are either down/down or administratively down/down.
If you don't have anything plugged into it on the other end then the interface will stay down in the config.
Your "login local" issue may be due to not having a password set for the firewall itself or an enable password, which would be setup with "enable secret 7 password". Go to the config level and input "username username password 7 password"
Once you get that setup, you can do an "enable password service encryption" or something similar to that. If it asks for an encryption level/number always choose 5 as it is the better encryption.
Now that you have a local username/password setup you can try "login local" and see if it takes it.
That's not even the most difficult part either. You have to have special equipment. The Cisco side just requires dedicated routers/switches that you can upgrade to the correct iOS. Then it's just tagging a VLAN with a DHCP pool, running QoS at the global level and then putting each individual interface into the phone VLAN with QoS running.
The hard part is tagging phone mac addresses with IPs and phone numbers, running the proprietary switches from companies like Lucent along with Occam or Cisco backend. And then there's the server that actually handles the VOIP handshake. Basically you dial a number, your IP phone hits the server with a number and it points it in the right direction and makes the sync and acknowledgment and then removes itself from the equation and lets the switches do the work from there.
What you'd need is expensive software and possibly even more expensive hardware to go with it.
And then they ask you, again, 'wait, which click?'
And the computer that you are trying to get the files from is so borked that the customer can't even get GoToAssist running?
I am trying to accomplish this right fucking now, and it is not going well.
Cut to going over to their computer and opening up "My Computer"....."What are all these letter things I have never seen these before!?"....
Guy has 5 gigs of documents on his C drive. Sometimes I wonder how people do their jobs and have no idea how to work with documents in the network drives......D:
Yeah. I get this a lot, especially since I'm often going into clients where I'm taking over for crappy/lazy/incompetent former IT guys. So the employees have basically lost any hope that their problems will ever be fixed.
I like to just walk around my offices and ask random people, "Hey, how's it going? With your computer, I mean? Anything bugging you?" Usually people open up. And every so often I'll ask key people, official management or the unofficial really active leadership types, "Hey, I've been wondering... are there any longstanding problems I might not know about? Say, something that runs slow or is kind of glitchy, but everybody just tolerates it without complaining?"
That's with my contract clients, though. Obviously if somebody only calls me when they need occasional break-fix support, I can't do that.
the "no true scotch man" fallacy.
Thanks, I'll get right onto fixing that.
Or, you know, maybe sharing a DSL line that was downgraded to 128k with an office of 7 people is not going to be speedy.
Are they desktop computers?
Redirect their My Documents and Desktop to the server. You can do this with a roaming profile, or you can do this with the User Shell Folders registry key. (I prefer the regkey. It's a little harder to manage, but performance is a lot better.)
Yes, that means you're going to be wasting storage on people's iTunes Music folders and crap like that, but storage is cheap. Just add iTunes and iPhone related strings to the exception list in the backup.
If they're laptops... that's a little harder. One free and easy solution that I've made work well is to remove the "My Documents" icon from the desktop and replace it with a shortcut that says "Laptop Documents." Then I'll also add a shortcut right next to it that says "Server Documents." Then when I give the user the laptop I impress upon them that the laptop documents are on the laptop and the server documents are on the server.
The vast majority of users get the message.
There are technical ways of solving the problem too but I've never found one I've really loved. I prefer just strong user education and constant reinforcement.
the "no true scotch man" fallacy.
Block Facebook.
Seriously.
Facebook is bandwidth-murder. Especially since peoples' excuse is "well, I only check it a few times a day." Sure, but you leave it open all day long, and even if it's in the background it's continually checking in with Facebook's servers.
When I put in web filters and start running metrics, it is without fail the biggest bandwidth hog every single time. The combination of facebook.com, fbcdn.com, farmville.com, and zynga.com often accounts for 20-30% of the total http traffic.
the "no true scotch man" fallacy.