Best posts made by marcinozga

There's not enough info here to give you accurate answer. How are printers deployed? With group policy?

I just did an upgrade from 2.4.5 to 2.5.1 few minutes ago, it was flawless. As far as disaster recovery, if it hits the fan, just install from scratch and restore backup from xml file. It really is no different that rebuilding docker containers for example.

That's why I despise anything proprietary. Give me open standards hardware or go pound sand. Supermicro is my choice for servers, none of that paywall crap, and I can use any drives with them. Quanta and Hyve servers look promising too, but I have no idea if their support is any good. Dell doesn't hide anything behind a paywall, but I'm not sure they won't follow HP in the future.

@jaredbusch said in Any pfSense users? Are upgrades smooth?:

@marcinozga Any issues with 2.5.1?

Their forum is full of issues. But I have zero trust of the ability of those posting failures.

None. But I also use hardly any packages. Basic firewall and NAT work just fine.

@ambarishrh said in PDQ Link:

@jaredbusch said in PDQ Link:

@Ambarishrh said in PDQ Link:

The only catch I could see is the mandatory port 443 as per their site

The majority of work for Link is done with our installer, but there is one bit that will have to be done by you or your network team. Your external firewall will need to route incoming TCP 443 to your PDQ Link server. 443 is the only port SSTP can utilize. This configuration is mandatory to allow your external clients to connect.

If you already have another service on 443 with a public IP, we need to use an additional IP for PDQ link.

That is what inbound proxy servers are for.

digging an older topic as I am testing this now. Regarding inbound proxy
, what would you suggest to be used?

This isn't that simple, you need a proxy that supports TCP streams, unless SSTP behaves just like HTTPS. You'd need to talk to PDQ support to get more details. If you do end up needing TCP streams, I think Nginx, Traefik, and Haproxy all support that, and there's a mod for Apache too, but if I recall it correctly, it was specifically for MSRPC, so Exchange OWA or RDS.

They need to get rid of IE mode and introduce some kind of kill switch, to completely remove IE 11. Otherwise legacy apps will never get updated. Unfortunately nobody at Microsoft has any balls to do that.

I see few issues above.

• LVM is not a filesystem.
• You don't need to shutdown VM to extend its disk size.
• You don't need to boot from any installer CD to resize partitions, you can do it from within live system with fdisk, although if you have some unusual partition layout you're probably better off doing it offline.
• You can also extend filesystem on a live system, no need for shutdown.

https://hak5.org/ - anything from here. Although those devices are for pen testing, they can be useful in troubleshooting too. For scanning nmap and Fing on phone/tablet. What else, flashlight, multitool, a knife, crocodile Dundee size.

I'm almost inclined to say it's Windows issue and Veeam resistance to releasing Linux version, or Linux based virtual appliance. I use Veeam agent for Linux and never had any issues there.

@travisdh1 said in Need backup solution to replace Veeam:

@marcinozga said in Need backup solution to replace Veeam:

I've had nothing but issues with Veeam recently, and literally every time I had to restore a vm, I had to call support, because Veeam is unbelievably slow. If I got hit with ransomware, it would probably be cheaper and faster to pay than wait for Veeam to restore backups. Throwing more resources at it does nothing, Veeam just takes hours to do any restores. Backing up works flawlessly, but I can't rely on a product that simply fails when it's needed the most. My renewal is up in little over 3 months and I'm at the point where I'm willing to switch to another solution.

Any recommendations for image based backups for Vmware vsphere? Ideally with support for Wasabi object storage.

You might be able to change backup vendors, but with Veeam restores taking so long, I'd be checking my infrustructure first. Do you know it is an issue with Veeam and not iops/network/wan causing the slowness?

Yes, for sure. WAN is out of the picture as I'm restoring from local backups, and other factors would affect backups too, but they don't. It's just restores, Veeam just gets stuck at various steps and sits there for hours before even getting to actual restore. Veeam database might be an issue, but that's for Veeam support to sort out.

@dustinb3403 said in Linux Dig Finding cname records:

Okay so this may be a stupid question (I'm sure many of my questions are).

Shouldn't dig +nocmd domain.com cname +noall +answer give me all alias for my domain?

I'm getting no response back at all, just a blank return.

It doesn't work that way. You need to perform zone transfer to get all cname records. So unless you admin DNS server you try to query, you're sol.

@dustinb3403 said in Linux Dig Finding cname records:

@eddiejennings said in Linux Dig Finding cname records:

@dustinb3403 Are you an admin of the DNS server itself? If so, maybe grep your BIND zone file for CNAME records or use Get-DNSServerResourceRecordon your Windows DNS server.

I'm am, but this is public dns records I was hoping to pull.

Not happening. I should have been more specific, you need to host DNS records for that domain on your own DNS server.

@eleceng said in Local Administrator Accounts Security:

On the various server VM's the customer wants a local admin account in addition to the domain admin account.

For security though should we disable the administrator account and create a different named local account with admin privileges instead?

Are we gaining a lot of security by doing this?

Thinking of using LAPS for these also.

Security through obscurity. Yeah, no. You're better off implementing some form of 2FA.

I had 2 of ER-X, first one was bricked with 2.0 firmware update, 2nd I left at 1.9 if I remember correctly. The throughput numbers mentioned above just don't look right, this router will handle 1Gbit/s with some caveats. You need to enable hardware offload, and it kind of behaves like half-duplex. I constantly had download speeds exceeding 900Mbit/s, but if my upload spiked, download suffered.

@pmoncho said in ER-X firmware Upgrade:

@marcinozga said in ER-X firmware Upgrade:

It probably is bricked. The same happened to my ER-X when firmware 2 came out. I got it booted eventually over serial cable, and if I remember correctly it displayed something about internal storage.

I noticed others have had the same issue in the past.

I just saw the serial connection setup. Did you just use the USB-TTL device to connect?

The part that bugs me is I had check the storage issue prior to upgrade. Had 58% free so I figured I would be ok.

I used this cable:
https://www.amazon.com/gp/product/B00QT7LQ88?psc=1

I didn't bother with recovery, I just wanted to see what the issue was. I bought another ER-X and kept it on 1.x firmware.

Linuxserver.io images are safe and very well maintained. Some are safer (Plex for example) and better documented than official images. And since all their sources are on Github, it's easy to verify them. I run their Unifi controller at work and at home.