@Eltolargo said in Auto-ban outbound email filtering?:

@BBigford said in Auto-ban outbound email filtering?:

As far as going through SendGrid, the recipient sees it comes from SendGrid, but the reverse lookup in the header does show the single public IP that they are using now. Things look a lot better now, but still a little work to do

Do you have the Barracuda doing rate limit per user to 500 per hour or less? When I setup Barracuda devices I make sure that is select and to get notification on high queues. You might want to also have them look into setting up monitoring for the barracuda as when there is many messages to be scanned they tend to lock up and constant firmware updates or patches (Although support is always good).

Setup an Mxtoolbox account to monitor their IP addresses on blacklists. Also make sure they use their cloud barracuda spam filter as well for incoming email.

Yep, done all that and a bit more with SendGrid. I've set a rate limit on their users, MxToolbox is monitoring their IP addresses, and also monitoring the Barracuda for abusers who have had devices compromised internally, so their accounts will be disabled until further review.

Got a good donated computer from a local college (older Core2Quad with 16GB of memory). Threw Linux Mint on it. Pulled a monitor, keyboard, and mouse from my spares and I was good to go. I then purchased a Netgear WiFi Range Extender from Amazon for ~$45 at the time.

My goal was not to install a home run as our walls are not cable friendly, but at the same time not using a Powerline adapter. I put it in extended mode so that my desktop can use the available network port and provide extended wireless upstairs as well.

I hadn't used this model before and found something really weird and interesting... You get through most of the setup and apply your changes, the thing reboots and is completely inaccessible. I thought I made a mistake so I factory reset it (twice) and did this a few more times. I finally looked up a YouTube setup and the person explicitly said "you will HAVE to set this up with a wireless device, as a desktop without wireless will not be able to complete the setup".

So I grabbed my girlfriend's Chromebook and completed the setup without any issues. I thought that was weird that it is explicitly required to have a wireless device, to setup a wireless networking device.

The only reason I can come up with about this being required (haven't found rock solid evidence in documentation), is that when the extender reboots, it kills the session with the desktop, and the desktop cannot re-establish the session because it requires Internet connectivity to verify the setup is complete, prior to accessing the device for final setup confirmation. Whereas the wireless device (in this case, a Chromebook) is constantly connected to the the network and does not have to reestablish any session with the network, but rather just the networking device when it becomes available. But even then, when the networking device boots back up, the setup should be able to complete with a wired desktop doing the setup, at least I would think.

Thoughts?

What's your reasoning for one or the other? I know with some who choose multiple, they say it has more security and you can configure resources to be more granular per instance. Others say that is a waste of time and should be handled in one instance for more simple management.

Thoughts?

@MattSpeller said in Restoring SBS after cryptoware infection:

SBS is the IT O.G. of "all eggs in one basket"

That's how you know it's good.

@momurda said in Restoring SBS after cryptoware infection:

Wasnt there an SBS version where the only way to join a doimain was using IE on a client?

I think I remember there being an option, but not necessarily required. Maybe there was a requirement at some point though.

@JaredBusch said in Veeam refusing connections:

@BBigford reboot

Didn't want to reboot until I tried some other things. Had to manually disable all the services and then set them back. All fixed... but very weird. Not the first client we've seen this at I guess.

I don't think I've ever saw 2 check boxes next to actions before. If you check both boxes, you get an error that "user can't have password changed during next login, and user can't change password set".

But Can't Change Password is a totally different line... Box on the right is only selectable after you select the one on the left.

Any input?

@MattSpeller said in AD - multi user password reset:

WTF?

So I'm not crazy?

@MattSpeller said in AD - multi user password reset:

@BBigford said in AD - multi user password reset:

@MattSpeller said in AD - multi user password reset:

WTF?

So I'm not crazy?

You're definitely crazy, but not about this.

Touche.

@NetworkNerd said in Looking for an online flow chart maker:

I really like Gliffy for flowcharts.

Also like Gliffy, or Lucid.

A while back, I posted a topic about matching tempdb files with physical cores. It was a posed question if anyone is doing that, since I haven't heard of anyone having to do that in a decade, but one person was saying you always do.

There's someone else that is saying that the tempdb file, should be given its own drive. Since this is SAN storage, carving out a LUN just for that is pretty valuable (he's requesting 100GB). He said "whoever set this server up obviously doesn't know anything because you do not leave the tempdb on the same drive as the other databases".

Are you providing tempdb with its own drive?

I have to share the absolute worst Asus experience I've ever had in my career.

Let me preface this by saying I've been an Asus fan boy for as long as I can remember. That has drastically changed.

A few months ago, I built a professional desktop for a local content creator. I built their desktop with an Asus Sabertooth Z170 S (I've built with lots of Asus boards, and rarely have any issues. Support resolved issues as needed). Things were different this time. The PC constantly froze and shut down. After checking parts, I determined it was likely the motherboard and not the PSU, CPU, or RAM. I got an RMA started, 2 weeks passed, and no box showed up (advance replacement was approved since this was business and not a consumer level RMA, determined by Asus). Called them back and they then sent the box (another fail).

Second board was received and right away there was visual damage, DIMM_A1 was bent at an angle but I installed it anyway to see the outcome. The computer froze and shut down. I advised the client that another board be purchased, to which they agreed. I installed a MSI Z270 and things have been rock solid for weeks, obviously another bad Asus board.

So I submitted another RMA and received a confirmation email, which said I needed to call or chat for an RMA to be completed. I chatted Asus and guess what I received "our RMA system is currently not allowing chat agents to complete the process. Please chat us back in 48 hours." So I called in and I've now been on the phone for over an hour. Once I got connected with someone, it was so hard to hear the guy as he sounded very muffled and spoke terrible English. I asked if he could fix at least the muffled portion, to which he wasn't able to.

The agent on the phone said I would need proof of purchase to complete the process. I said this was not possible as enough time has passed that the receipt was discarded. After fighting with them, they put me on hold to complete the RMA process which took 20 minutes. To top it off, I get to pay for shipping after this whole process. Unbelievable.

I'm not recommending Asus anymore, which really sucks cause they were awesome for a long time, in my experiences.

When I hear "our backups are fine, the server is configured with RAID." To which I respond that "RAID is not a backup. Backups are backups."

I'm surprised at how many environments I walk into and they have zero backups setup.

@dashrender said in eh? you want to what? something about my DNS and Domain?:

@bbigford said in eh? you want to what? something about my DNS and Domain?:

Option 1: Stop doing any kind of business with us.

Option 2: Only do business with us.

I'd go with option 1 if they are trying to force me into doing something I don't want to do.

huh - yeah I don't read it that way at all... that said - it is one of the worst technical written pieces I've seen in a long time!

How could you not read it that way? You have DNS with Remedy and your site with GoDaddy... they say in option 1 "with this option, you can just move your DNS off to GoDaddy", effectively no longer doing business with them, or option 2 "with this option, you agree to move your domain from GoDaddy over to us. We will then control your DNS and domain services." effectively cutting off that much more business with GoDaddy and giving Remedy even more business.

I've only ever saw people using a VPS like Vultr, Linode, and Digital Ocean for FreePBX. First saw people on here using it for that, because of the very low cost. Wondering what people might be using a VPS for, beyond a PBX...

@scottalanmiller said in New laptop recommendation - Mom compatible:

@fuznutz04 said in New laptop recommendation - Mom compatible:

I need a new laptop for my mother.

Requirements:

• 15" screen size - Touchscreen is preferred but not required.
• SSD HD
• 8-16 RAM
• i5 is plenty of processing power.
• Windows 10, because there is no way I teaching how to use other things.

Nothing is harder than Windows 10. If you want to avoid teaching new things, you must avoid Windows 10. Windows 10 updates every six months and is insanely confusing.

Why not keep it simple and avoid constant support needs with a Chromebook?

My mother (rest her soul) had 2 laptops side by side. This was because she did not yet have a Google Cloud ready printer (it was very very new at the time and she already had a fairly new printer). She had a Windows netbook and a Chromebook... she despised using Windows because all she really used was Google Chrome. The netbook, as they all do, ran very slowly and Windows was very clunky for her.

Do your mom a favor and just get a Chromebook. I have yet to meet a parent that uses anything but a web browser and printing.

Situation: Website is reachable externally, but not internally. There's a few different directions I can go in. Not sure which is the best long term choice. Here's some high points...

• An engineer at our company left abruptly for personal reasons.
• The client then moved over to my weekly schedule.
• About a year ago, the client merged with another company and there was a name change on the domain.
  • The old domain is olddomain.local still.
• They have their company website hosted with GoDaddy. https://www.newdomain.com
• GoDaddy is also acting as their registrar.
• They wanted to incorporate SMS into their on-prem, legal software.
  • Internal legal system is on Windows Server. I configured IIS with a site binding and a 3rd party certificate.
• Created a record with GoDaddy, pointing to one of 3 public IPs they have allocated, this one is just for the legal software, and points at their firewall. The record is sms.newdomain.com
• Configured NAT and access list on Cisco ASA firewall, the sms.newdomain.com/virtualdirectory site is reachable.

The issue I see here is I can't create an internal DNS zone, newdomain.com, because then internal requests wouldn't go out to the GoDaddy web server because of an authoritative answer internally. But I don't want them to keep having to use their current bookmark, for simplicity. The current bookmark is https://hostname/virtualdirectory.

Any input is helpful here.

@scottalanmiller said in How to Topics Get Forked:

@bbigford said in How to Topics Get Forked:

@jaredbusch said in How to Topics Get Forked:

@bbigford said in How to Topics Get Forked:

@jaredbusch said in Website internal/external:

@bbigford said in Website internal/external:

I've heard people talk about forking a thread when things get off track. How is that done, rather than just starting a new thread?

For normal users like you and me, we click the arrow after reply to reply as topic.
Then you can go up and click quote on the post you want to start from to get that info populated.

When you do that, how is the title of the new thread determined?

I entered it. It is simply a new topic.

I hadn't tried the Reply As Topic before as I didn't stop and think about what it really meant. That is very cool and easy to keep things on topic.

Yes, very odd that more communities don't leverage tech like that. It makes for some seriously drifting conversations.

Or extra work by posting a link to a new thread and saying "I started a new thread about this." Just quoting the thread is super easy.

@thwr said in IIS on prem to hosted migration:

@bbigford said in IIS on prem to hosted migration:

@thwr said in IIS on prem to hosted migration:

@bbigford said in IIS on prem to hosted migration:

@thwr said in IIS on prem to hosted migration:

@bbigford said in IIS on prem to hosted migration:

Re: How would you move an IIS workload from on site to a VPS

I'd honestly have to gather more info before I say one way or another. Slowing down and thinking about it, I believe this app only exists in inetput and is asp.net... I'd have to jump into their server and take a look.

Is it by any chance .NET Core? Runs great as Docker on Linux, for example.

I'm not sure off the top of my head to be honest. I would guess no, just based on some characteristics of the client. But I will be gathering more details.

Damn. How old is the application? .NET Core is relatively new (approx. 2 years or so)

Ah, I didn't know it was a newer version. I thought it was just different. Know that I do not know a lot about .NET/ASP.NET/.NET Core. I haven't had a need to support many web services, so learning the exact underlying differences is something I have on my continuing list of things to master.

It's not just a new framework version, it's Microsoft's take on cross platform without compromises.

I just logged in and checked, that app uses ASP.NET

@thwr said in IIS on prem to hosted migration:

@bbigford said in IIS on prem to hosted migration:

@thwr said in IIS on prem to hosted migration:

@bbigford said in IIS on prem to hosted migration:

@thwr said in IIS on prem to hosted migration:

@bbigford said in IIS on prem to hosted migration:

@thwr said in IIS on prem to hosted migration:

@bbigford said in IIS on prem to hosted migration:

Re: How would you move an IIS workload from on site to a VPS

I'd honestly have to gather more info before I say one way or another. Slowing down and thinking about it, I believe this app only exists in inetput and is asp.net... I'd have to jump into their server and take a look.

Is it by any chance .NET Core? Runs great as Docker on Linux, for example.

I'm not sure off the top of my head to be honest. I would guess no, just based on some characteristics of the client. But I will be gathering more details.

Damn. How old is the application? .NET Core is relatively new (approx. 2 years or so)

Ah, I didn't know it was a newer version. I thought it was just different. Know that I do not know a lot about .NET/ASP.NET/.NET Core. I haven't had a need to support many web services, so learning the exact underlying differences is something I have on my continuing list of things to master.

It's not just a new framework version, it's Microsoft's take on cross platform without compromises.

I just logged in and checked, that app uses ASP.NET

There it goes, your chance of a docker container Sorry.

The goal here, is to make this as difficult as possible. Quit trying to make things easy!