As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
[SYSTEMS ADMINS & IT MONKEYS] TrackPoint is trademarked. Call it a clit mouse instead.
Feral
MEMETICHARIZARDinterior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
MEMETICHARIZARDinterior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
This is the Moe-approved systems administration and IT monkey thread.
Want to vent about how much Exchange sucks? Can't get your SSL cert to work in Apache? Want to take your SQL server out into the old barn and pummel it with a crowbar? Is your Sharepoint not sharing or your firewalls misfiring?
Whether you look at this and think "Ahh... looks like home!" or "Auugh... looks like jail!," this is the place to be.
It's like Expert Sexchange without the trannies!
FIRST TOPIC: Recommend on! Give me a centrally-managed antivirus platform for Windows that doesn't suck! Symantec Endpoint Protection Manager seems to have a seizure half the time I try to just add a new server to an existing site, and I'm getting sick of its bullshit.
Want to vent about how much Exchange sucks? Can't get your SSL cert to work in Apache? Want to take your SQL server out into the old barn and pummel it with a crowbar? Is your Sharepoint not sharing or your firewalls misfiring?
Whether you look at this and think "Ahh... looks like home!" or "Auugh... looks like jail!," this is the place to be.
It's like Expert Sexchange without the trannies!
FIRST TOPIC: Recommend on! Give me a centrally-managed antivirus platform for Windows that doesn't suck! Symantec Endpoint Protection Manager seems to have a seizure half the time I try to just add a new server to an existing site, and I'm getting sick of its bullshit.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
the "no true scotch man" fallacy.
the "no true scotch man" fallacy.
Feral on
0
This discussion has been closed.
Posts
Me too but in the opposite direction. Trying to get out of IT.
the "no true scotch man" fallacy.
the client will not work in conjunction with Office 2007 at all. It just hangs during the install at registering modules, and we're using two e-mail clients because idiots make decisions instead of me.
Thank you Feral, you're a hero to us all
Yeah, we only use Symantec/McAfee for AV on Windows boxes. If the customer actually needs gateway security, we resell Juniper and Barracuda products with those features and manage them through their own tools.
the "no true scotch man" fallacy.
I like trend micro personally
Anyway. I had a reaaaaally fun time last night! Seven hours of overtime!
Here are my notes.
Would also like to note that the phone in question worked fine on the non PoE
2960. One of the things I did not test was to see if it was a PoE problem
_only_ and if the phone would behave if “power inline never” was applied to
the interface and the power adapter reapplied.
Last night I swapped out the 2960 for the PoE 3750. I copied over the
interfaces exactly so it would be a 1:1 transfer of the patch cables. This
worked fine for everyone except [Name4]'s additional phone line, which I had set
aside to occupy the single empty int on the 3750.
Plugged 3750 in, came up, green across the INTs. Checked phones. They
powered fine but did not pull an IP address. I checked the VTP status and the
Revision number was 0. VTP was set to server, so I changed to transparent.
I set the trunk 1/0/24 on [edit] Sw2 B to encapsulation dot1q and turned it up.
On [edit] Sw2 Master 2/0/19 I did the same. [edit] Sw2 B did not pull the Vlans.
I set the VTP domain to [edit] (I was not aware of a password for that domain
name either, which had a hand in the problem) and vtp mode to client. Still
no vlans. I reloaded the switch.
Switch came back up, all ints were orange. [edit] Sw2 B still did not pull Vlan.
Called [Name3], who suggested manually creating vlan4 and vlan8. Did so. Then
[edit] sw2 master, [edit] sw3, [edit] sw1 master, warehouse, and the [edit] wlc went down.
The signs of a spanning tree loop were predictable. All of the interfaces
would blink rapidly in unison. After about five seconds of this, [edit] would go
down. Five minutes would pass, the network would converge, and everything
would run smoothly for a few minutes before the ints would begin blinking again.
NOCC came to check on the issue as well. They said they would update [Name6]
on what all happened.
I disabled trunk. Everything came back up.
I changed encapsulation from dot1q to isl on the trunks between [edit] 2 B and
[edit] 2 Master hoping that would have some affect, but it did not. I checked
cdp neighbors and was able to see [edit] Sw2 b was able to see [edit] Sw2 Master.
It was. Checked root ID. It was right.
Turned up trunks again. Crash.
[Name] texted me when he noticed the alerts and let me know that there was a VTP
password on the VTP domain. Set the vtp password with the "vtp password"
command. [edit] Sw2 B pulled down all vlans, but was still crashing. In between
the crashes the Netcracker phones were pulling an IP and getting a dial tone.
[Name2] came to help out and began checking root bridge and interface
priorities. [Name2] did a test dial to his cell phone from one of the
Netcracker phones and was able to make a call.
We checked root bridge for the vlans only on [edit] Sw1 Master. Everything
looked good. [Name3] later noticed that on [edit] Sw2 Master, some of the vlans on
it were labeled at having [edit] Sw2 Master as the root.
I unplugged everything from [edit] Sw2 B save the trunk and the network returned.
I started plugging interfaces in a few at a time and monitored. Everything
stayed up in this process from int 1 to 12. I plugged 13 to
16 and the network immediately crashed. I did a shutdown on 14 and 16.
Network came back up. Plugged everything else back in. Network stayed up.
I plugged 14 on [edit] Sw2 B in again and the network immediately went down.
Shutdown 14. Let network re converge. Brought 16 without the phone
plugged in. No problems. Plugged phone in. No problems. Narrowed issue
down to either int 14 or the phone plugged into it.
I also applied a "switchport trunk allowed vlan add #,#" on [edit] Sw2 Master 19 (the trunk) to filter out the unneeded vlans.
Shows:
switchport trunk allowed vlan #,#
On the interface.
Don't think it worked because [edit] Sw2 B still has all of the other vlans on
it. May need to apply it to the trunk on [edit] Sw2 B as well.
Since network was stable we began packing up.
[Name2] noted that on [edit] Sw1 Master the second 3750 in the stack would
actually POWER OFF when we were experiencing issues. The master switch would
just shut down all of the interfaces, but switch 2 would actually power off
and on.
I hung around while [Name3] made some changes on [edit] Sw2 B just in case something
happened. Everything was good. I hooked my laptop up to one of the phones we
were not having issues with and pulled a correct IP and was able to get
outside of the network.
Throughout all of this I kept 1 and 2 on [edit] Sw2 B unplugged. They
were not experiencing issues. However, I did not know where these interfaces
went and the user's phone still had the power adapter and the logging on [edit]
Sw2 B was becoming a hindrance. Hence, removing them for testing purposes.
[Name2] reported that they were working this morning. Assuming someone else
took care of that.
These notes are from [Name2] this morning:
"As soon as I plugged in that VOIP phone from [Name5]'s cubicle in to a
different port than 14, it crashed the network again. Kyle had actually told
me last night that it was either a bad interface or the phone, and I
completely forgot about the phone possibility. So kudos to Kyle..
On a positive note, I had everything up and running again before anyone
experienced any related symptoms. Kyle and I are up and I will be
getting another IP phone from [Name4] for [Name5]. I suspect the card was bad and
was flooding the switches with giants. Since the research I did stated that a
cable could do this as well, I will wait until after 5pm to try to plug a
phone in for him again"
Edited out switch names and coworkers.
That was a random GIS. I don't really have an office, I have a desk in an 'open office environment' which is a nice way of saying 'we're too cheap to spring for cubicles or a decent space, so we're just going to put everybody on desks in an open floor.' I keep thinking about throwing my boss a copy of Peopleware and saying "You're doing it all wrong!" but I know that nothing will ever happen from it.
That's two good recommendations and one "doesn't suck too bad" for Trend Micro.
the "no true scotch man" fallacy.
Norton was terrible.
But we also completely blocked MySpace around that point in time as well.
The UI alone puts Trend leagues ahead of Symantec.
Norton was terrible.
But we also completely blocked MySpace around that point in time as well.
I'm doing IT consulting for small businesses, so web filtering isn't always an option. Either they don't want to pay for a real web filter, or they have other reasons not to do it. We've also got some clients on Untangle which is not remotely granular enough... you can have a per-site pass list, or a per-user pass list, but not both. So if you have the marketing guy who needs access to social media, you can't just say "Bob can have Facebook." you have to say "everybody can have Facebook" or "Bob can have everything."
the "no true scotch man" fallacy.
I don't do Cisco IPT stuff enough to be able to parse these tech notes very well. I understand the concepts, and I can troubleshoot it (with the help of documentation) but I'm not clear on exactly what happened. Is this the thing you were telling me about the other day where a bad pin on an interface can cause the entire stack to power off?
the "no true scotch man" fallacy.
We use Hyper-V extensively.
Our typical Small Business Server 2008 setup is a Hyper-V host machine running the Active Directory + Exchange on one VM, and a file server on the second VM.
(We have to put Active Directory and Exchange together because that's what SBS wants. One of the many reasons I strongly prefer to not sell SBS, but not many small business clients want to spring for the licensing for a proper Exchange implementation when there's the lite version available.)
I don't have much VMWare experience yet though.
the "no true scotch man" fallacy.
groupwise has always sucked. i havent had the displeasure in 10 years, though.
Joe's Stream.
Tall-Paul MIPsDroid
Nah. Different level of bullshit all together. Those are stack cables, which are proprietary high bandwidth cables. If a pin on them goes bad, apparently the entire stack will completely shut down.
This was an issue with, to my best guess, the NIC on an VOIP phone literally sending a broadcasting packet across the entire network that was large enough in file size to shut down every interface.
it was structured by some sort of madman who derived pleasure from a) making sure that it is impossible to find anything then b) somehow deploying the site in such a manner as to completely break search
when it comes time to purge it to death with righteous fire, that will almost certainly be the Best Thing To Happen To Me That Year
unfortunately, it is a bit down on the to-do list
Are you just going to rebuild it using Sharepoint, or are you going to move to a different platform?
Because I've found that... um... getting into Sharepoint is a lot easier than getting out of it.
the "no true scotch man" fallacy.
For anyone who hasn't heard small businesses with 10 PCs or less can now use MS Security Essentials free.
I'm also a big Astaro fan, I'll be building a free home system for my mother soon. Because I can't baby sit her & my brother anymore.
Lastly Clear OS looks interesting, I just don't know anyone who has tried it. Sadly I no longer have a test box for this stuff. http://www.clearfoundation.com/
Yep. I run the client app on my home computer and my work laptop and I love it. (Unmanaged, though. We haven't set up a management server yet.) Double edit: and I haven't seen anything solid comparing it's detection rates to other products, which is why we're not rolling it out at customers.
The Forefront spam filtration service for Exchange is pretty great, especially since it syncs with Active Directory.
Speaking of Microsoft's hosted offerings, my company is now a reseller for Exchange Online and... it's not quite mature yet. It's like 90% there.
the "no true scotch man" fallacy.
I've been very impressed with MS's security drive in recent years. Upgrading everything to Vista and then Win7 I haven't had serious security comprises in years. I was using Eset for awhile now I just have everyone on MSE since it's home use. I also use DynDNS to filter sites at the DNS level. This seems to help a bit and I don't have to deal with Comcast's DNS issues in my area.
When I get my own place in the next year I'll either build a small business server or home server "vail" for my systems. Depending on pricing I'll be looking to give Forefront a try then.
I want to give Barracuda's new hosted service a try because the Barracuda spam filtration devices are awesome. They give you the level of control and reporting I'm used to only getting out of SpamAssassin, but in an appliance. But I'm generally opposed to on-premises spam filtration in principle, because why do you want to waste your own bandwidth when you can waste somebody else's?
The problem with Exchange Online is that it uses a sign-in app that looks and feels like an instant messenger application but auto-configures Outlook 2007/10 to connect via Outlook Anywhere to the remote Exchange server. The problem with this? First, the sign-in system is kind of flaky. Sometimes the Exchange servers will be up, but the sign-in systems are down, so anybody currently connected can stay connected but new connections will be refused. Second, no Active Directory integration. There's a sync tool that pushes your current user list up with their email addresses as defined in AD, but that's a manual sync, and doesn't sync passwords. That's a dealbreaker for most of our clients who are used to single sign-on.
Microsoft keeps promising AD integration... someday.
the "no true scotch man" fallacy.
I guess it would make sense if you didn't want to hire another Exchange guy (or if you wanted to get rid of your current Exchange guy) but all the companies I work with are small enough that they don't have dedicated Exchange guys.
the "no true scotch man" fallacy.
Yeah, I was thinking to myself "does a general megathread make sense with all the different OSes and platforms out there?" and I decided that I really wanted to see how other people manage similar problems with other platforms.
I mean, if I'm complaining about Exchange and somebody else is like "Man, Exchange is that much of a pain in the ass? We use Kerio and it's great!" then that's a conversation I want to have.
And on that note... what kind of environment do you support?
the "no true scotch man" fallacy.
That's interesting. I didn't know that.
My company is a Barracuda reseller. We happen to be pretty close from their main corporate office.
I love every product they offer except their backup servers. The backup servers aren't bad, they're just really black-boxy. They'll throw a generic error message like "couldn't connect to share" and we'll have to call support to find out what the error really is because they have some supersecret way to access the device on an OS level rather than the obfuscated GUI they gave us.
To their credit, they've been improving that with every firmware update. I still wish they'd just give us the tools to support the devices we resell rather than force us to call them for every stupid little problem.
Spam filters, web filters, load balancers, SSL VPN? Great devices. Love them.
the "no true scotch man" fallacy.
Most of our actual workstations are running Ubuntu, the backend is hodgepodge of pretty much every *nix server known to man (and one windows virtual server for BES, god i hate RIM)
We used to use Open Xchange for collaboration, and kind of still do, but it's getting phased out with an inhouse package we've been working on for awhile. The nice thing is that it's a fairly small company (130-ish employees) and pretty much everyone is tech savvy since we make SAN storage solutions, it happened before I got here but apparently it was the programmers who are the vast majority of the employees who pushed for the switch to linux desktops, and when that happened the Admins said "welp, we might as well switch everything over"
That makes sense... development-heavy environment sounds like a good match for Linux.
What did you think of Open Xchange?
the "no true scotch man" fallacy.
Pretty slick for the most part, we outright broke it a few times during updates but it was usually our fault and i've heard the initial configuration/integration can be rather frustrating (i wasn't here for the initial deployment) It's GUI isn't quite as slick as Outlook but it's fairly similar so people can get a grip on it easily. Really what it comes down to for us though is while its not as feature rich as exchange it does everything we need, and the price is right (free, if you opt for no support and setup everything yourself)
I wouldn't reccomend it for large companies though simply because the little things its missing aren't a big deal when you can go down a floor and talk to someone in person, arranging large meetings across different geographical locations etc could get tricky though.
I really don't hate Exchange that much, especially 2010, I'm just always interested in other options.
the "no true scotch man" fallacy.
Yeah, BES was the bees knees in 2006 but 5.0 sucks and there are other products (like Exchange 2010) that compete on the management front.
the "no true scotch man" fallacy.
The government client I work with uses it and its terrible or they're terrible with it. They have it push down updates. Which isn't so bad, until all those updates want to run at the same time.
Adobe's update will run at the same time as Novell's client update and if adobe finishes first it restarts the PC without waiting for the other updates. So now the machine is fucked.
I can't imagine that there are no options for staggering install/updates or I don't know delayed restarts, but I mean Canadian Government, the land of the lazy and stupid.
I'm doing the EXACT same thing as you, we just started using WDS and it works awesomely. Well sorta the same, I'm using MS Virtual PC and using the Deployment Workbench, which is very similar?
Do you have it integrated with your AD?
Are you deploying Vista or 7 or XP?
How many model's of PCs are you supporting?
Do you install using a usb stick or push over the network?
How many images do you have?
How are you supporting single core vs multicore PCs if you're using XP?
How are you converting your VMs to WIMs?