@obsolesce said in Wsus for remote vpn and on-premise users:

@scottalanmiller said in Wsus for remote vpn and on-premise users:

There is little different between an MSP and internal IT.

They are basically the same thing. In many cases the internal IT is a separate entity that basically bills the company and/or child companies, but is on the payroll of the company.

Yup, the key difference isn't their relationship to the rest of the org, effectively MSP, ITSP, Internal IT, etc. are all external in how they are approached. Only how they are paid really differs and the staff don't always see that.

What makes the two different is that an Internal IT department (even one treated as a consulting group) has only a single top level customer and MSPs have multiple. That's really it.

And that doesn't always make a real difference. If the top level internal IT customer doesn't force all underlying groups to unify under a single IT strategy you get an effective situation of multiple customers, sometimes as you said, even with separate billing.

@jaredbusch said in jira + nginx - can't login via https:

@pete-s said in jira + nginx - can't login via https:

You're using https but you don't have any information for proxying tcp 443 assigned in the nginx config.

It is, you even quoted it

My bad. I thought his internal server running jira was setup to use https (self-signed certificate) on port 8443 (with redirect on 8080).

@jasgot said in Dymo vs. other print servers:

@ccwtech said in Dymo vs. other print servers:

Is there any particular advantage or reason to use their print server over just another vendors print server?

What did you end up doing? I need to make a Dymo a networked printer and I have learned the Dymo printer server does not handle multiple subnets. I don't know why, just a common complaint.

I would like to toss any old usb printer server at it and have it work.

I've been using Dymo print servers across subnets for 3+ years, no issues that I'm aware of.

@jaredbusch said in Locking down vendors:

@scottalanmiller said in Locking down vendors:

@dashrender said in Locking down vendors:

They MIGHT have an internal team for this, but since we have our own IT department, my management has decide to take the costs internal versus paying the new vendor to set up remote access for themselves.

That doesn't really make sense as this is all questions about THEIR IT. All your team can do is get in the way 😉

Right, I have no idea WTF you think you are doing here @Dashrender.

The most you should do is setup a VLAN or actual separate LAN with no access to your network. The other company can deal with putting something on this shit old device that reaches to their support infrastructure.

No one on there side has even breathed a word about something like that.

As I previously mentioned - the old HVAC vendor did all of their own management - I only provided them an internet connection, they managed everything else.
I can see the advantages of that - time to toss this at the new vendor similarly.

@jclambert said in MangoPI:

So, will these be give-a-ways at the next MangoCon? It is not an all-inclusive device, as it will require a carrier board of some type. For somethings this may be ideal.

https://www.techradar.com/news/mysterious-new-raspberry-pi-alternative-is-the-size-of-an-sd-card

That's a great idea!

@voip_n00b said in Internal SMTP Relay:

Anyone have a good guide for setting up a internal smtp relay?

Exchange on-premises?

http://blog.mpecsinc.ca/2018/06/exchange-2013-set-up-receive-connector.html

That's the method we use to allow anonymous relay for devices on the network.

@mr-jones said in "Site not secure" | Self-signed Certificate?:

@pete-s said in "Site not secure" | Self-signed Certificate?:

I'm not sure how you set up CA on Windows AD but I believe you can. Don't know if you can use that for non-Windows appliances.

I ended up using this approach. As usual, it took a bit of reading and research along with poking at the server, but I was able to use this approach.

Awesome! Yeah, I bet it took a bit of research to get it up and running.

I should say, not even a personal customer. It's just a friend who needs support. 🙂

@michiganbb So you thought that necro-posting and whining about a 3yo post would be useful? Give it a try and see if that fixes your issue. You would have to do this anyway. Even if something works for one, doesn't mean there's a guarantee it works for you,. Backup the PC and try the changes. If they don't work...move on to something else.

There was NO resolution here. Client was one of those who was difficult getting payment from so we terminated the relationship before we did anything else.

@dashrender said in Windows send only specific domains to proxy?:

@scottalanmiller said in Windows send only specific domains to proxy?:

Easiest thing is to override DNS for that domain and point to the proxy. Then the proxy can point on to whatever is real.

How do you propose doing that? remember these are laptops to be used from anywhere, I won't be able to control DNS in most places.

Are you suggesting putting an entry in hosts?

But an EASIER answer, I think, is to make your own CNAME.

@JaredBusch yes it's a contact center

Well - this vendor has called me back this morning (last bit of information was passed from the owner from a conversation they had with the vendor).

The vendor knows we are looking for remote access - specifically so we can run reports from home.

rep said - oh, you need that OK sure, fine - give me the user and their home IP and I'll get that added.

me - uh - home ISPs change IPs, sometimes daily - how are we supposed to keep you updated?

rep - oh - they'll have to give us the new IP so we can add it

me - /sigh - does your system support dynamic DNS based OK I screwed up - I should have just asked - Can you put an internet resolvable host name in your list instead of an IP?

rep - oh yeah I know what DDNS is

me - ok do you support it?

rep - well if you're attaching to your server using some type of VPN

me - no, that's not what DDNS is, I explain DDNS

rep - oh, I don't know if our system supports hostnames

me - can you check?

rep - sure

click

Of course this kinda flies in the face of the licensing issue the owner was told, but there's still hope - though very very little.

@dafyre said in NIC issue windows 7:

In the Network Adapter options, disable anything that says power managment.

There's a couple of power management options on the NIC, but IIRC there's some bus-related power management options in the power-profiles. I've seen the NIC-related options take an interface off-line, but where you're saying that it's disappearing completely, I'd be more inclined to look at PCI or chipset drivers and settings.

@pete-s yeah i guess im going to have to do that, it just bugs me that NGINX wont pass though the real IP

Completely defaultedChrome by deleting the entire Default folder. I only copied back the bookmarks file from there.

Other than starting to sign into my daily sites, I signed in for bookmark syncing….

Maybe in three months this won’t happen yet again.

However, all the concerns about licensing should raise red flags about your system. Yes, there are times that having something require licensing is okay or even desired. But you should always see it as a truly huge risk and one that you have to consider carefully. Licensing makes the most sense higher up the stack. For example, the application itself is the most likely object to justify licensing. The cabling is the least. Imagine how ridiculous it would be if your rack, desks, and cables required that you have a special license for each use!! It would be insane and you'd never stand for it (you might have to stand if your chair was licensed only to someone else's butt.)

Your hypervisor and operating system are closer to the cables, rack and desk than they are to the application in this way. These aren't components that you want to have at risk due to a need for licensing. Sometimes you have to, but it is rare and a "have to" would only be caused by an application and if an application puts you in that position for many companies that alone is a reason to question the viability of the developers behind said application.

At a minimum, something like ESXi introduces totally unwarranted complexity and risk and is something that can be quietly, transparently, removed and fixed during this process.

@mr-jones said in Help Sorting out a Firewall Issue:

@scottalanmiller Do you recommend any books that deep dive into this stuff? I know there's always google, but I feel like you would know of some really good reads.

It's been so long. Sadly I don't know a good one anymore. I am sure that there are lots, I just don't know which ones are good today.