Posts made by Markferron

Our domain users are currently synced over to Azure using the Azure AD Connect tool. Our workstations are not synced over to Azure but we were thinking about finally rolling over to Hybrid Azure so that we could have MFA setup as a log in option for specific machines. If we make the switch over to hybrid and start syncing workstations over will that change the way all users log in? The reason I ask is that we have two domains on our O365, let's call them 1.com and 2.com, but only one domain on our local AD server (1.com). When I sync the workstations over I am worried that 2.com will somehow replace 1.com as the log in option for the machines that are on the domain on campus. Is there a way to scale the sync down to a few select users and machines to test?
For any clarification, I've screenshot our current AD Sync settings https://postimg.cc/YjqFP2QY

Appreciate any help and insight!

With the recent hurricane that came through we've been talking about purchasing and installing a 4G LTE adapter for our firewall. We host a few sites on campus for our school that are dependent on a few static IPs we have from our current ISP.

1. Would we have to purchase a block of static IPs from whatever carrier we use?
2. If 1 is a yes all we would have to do is point that new additional IP address to our managed DNS?

Thanks ahead.

@Dashrender said in Printer and UniFi AP:

Does that printer have a bunch of unneeded protocols running on it?

Might. I'll take a look at it again and maybe to a packet capture.

I think I finally figured it out! I made a test SSID and turned off "Multicast and Broadcast Filtering" and all of a sudden I am able to ping it. I'm not sure why this would make such a difference.

@Dashrender said in Printer and UniFi AP:

@Markferron said in Printer and UniFi AP:

Can't believe I forgot this piece of info.
If I ping the printer from my laptop for an extended period of itme it's almost always ends up being a 50% packet loss. So I can access it on WiFi, but for maybe only 15 seconds at a time before it drops out again.

If you have two pings going - one to that printer, and a second to a printer you don't have issues with, do both pings stop replying, or only one?

Only the one to the problem printer stops.

Can't believe I forgot this piece of info.
If I ping the printer from my laptop for an extended period of itme it's almost always ends up being a 50% packet loss. So I can access it on WiFi, but for maybe only 15 seconds at a time before it drops out again.

@scottalanmiller said in Printer and UniFi AP:

You can ping everything else on the VLAN?

Yup. I have other printers and devices already on that network. Everything shows up just fine.

Oh and all of this testing I've been doing is on the same VLAN/subnet of the printer.

I have a Sharp MX-C301W printer connected thought Ethernet that I am having issues connecting to on my UniFi access points. All wired clients (including the UniFi APs) can consistently ping the printer or bring up the web interface without any issues. However, I had an old Meraki AP laying around and I was able to connect to the printer on a similar SSID.
I've checked the cable, no problems, changed to another network jack, no difference. I can connect a device to the jacks and they work flawlessly. So far, I haven't noticed any other issues accessing wired devices from my UniFi APs. My APs are on the latest firmware (UAP-AC-PRO 4.3.21.11325) and my controller is on 5.14.23.

Any suggestions on things to test?
Thanks ahead.

@scottalanmiller said in Blocking spoofed emails O365:

https://support.knowbe4.com/hc/en-us/articles/212679977-Domain-Spoof-Prevention-in-Exchange-2013-2016-Office-365

Actually that might work. If the sender is outside the organization and the sender address includes our domain, just put in junk. I'll test this out tonight and see if it works right. Thanks!

We have our SPF protection setup on our DNS system and that's working fine. I even have it where all external emails have a giant red warning saying that it's external, but I still get users asking us if spoofed emails are legitimate. The spoofed email addresses nowadays looks something like [email protected]. Our emails are always just [email protected], or something similar. I know for a fact people are responding to the fake emails. Do you guys know of any way I can finagle a O365 rule to quarantine any email addresses that have our domain in the local-part?

@EddieJennings said in NGINX config issues:

I want to make sure I understand the problem. When you request http://my.testingtesting.com you receive a 301 redirect https://1.2.3.4 ?

...You know what. I think I have bigger problems. My machine off campus all of a sudden cannot ping the FQDN. When I remote into campus and ping the website I get the public IP address. Ugh, well I guess ignore this, maybe it'll straighten itself out once I fix this issue.

I'm trying to get a moodle website up but I can't figure out why my HTTPS redirect isn't completely working. When I go to my.testingtesting.com (changed for privacy) it changes it to https://my.testingtesting.com but it replaces the URL with the local IP address no matter if I am on campus or off campus.
I have an A record (through dnsmadeeasy) pointing my.testingtesting.com to one of the public IP addresses we have, and on my firewall I have a 1:1 NAT entry pointing that public IP to our private IP (10.0.0.40). Here's what I have in the /etc/nginx/sites-available/moodle configuration:

server {
    listen 80;
    server_name my.testingtesting.com www.my.testingtesting.com;
    return 301 https://my.testingtesting.com$request_uri;
}

server {
    listen 443 ssl;
    ssl_certificate  /etc/nginx/bundle.cer;
    ssl_certificate_key /home/itmoodle/server.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    root /var/www/moodle;
    index  index.php index.html index.htm;
    server_name my.testingtesting.com;

    location /dataroot/ {
      internal;
      alias /var/www/moodledata/;
    }

    client_max_body_size 100M;
    autoindex off;

    location ~ [^/].php(/|$) {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        }
}

Thanks in advance.

@Grey said in Issues uninstalling Windows Server 2012 R2 Key:

You mean sfc /scannow? Or DISM.exe /Online /Cleanup-image /Restorehealth?

@op Check your event logs for more information, and try running the commands above.

Ran both, so far nothing, but I will run chkdsk tonight to see if that fixes anything. So far I can't find anything in the logs but I'll keep looking.

@ITivan80 Hmm...nope didn't work. Still giving me the 0x80070005 Access denied error. Oh I forgot to mention that I was running cmd as administrator as well.

Trying to fix an issue with one of my Server 2012 R2 Enterprise servers. For some reason the key kicked itself out. Last time this happened I just open CMD with administrator and run slmgr.vbs /cpky and slmgr.vbs /upk and then manually reinstall the key. The /cpky command runs just fine but /upk gives me an "0x80070005 Access denied: the requested action requires elevated privileges" error. I've tried running this on local admin and domain admin accounts and sfc /scannow ran with no issues. Any suggestions?

@dbeato Perfect, thanks.

Wanted to run by a potential issue I had for upgrading the SYSVOL replication to DFS replication.
A few years ago we had our PDC running on Server 2003. We also had an AD/DNS server running 2012. I promoted the 2012 server to the PDC (and raised the domain function level to 2012) and a around a year later created a Server 2019 AD/DNS server. Before I could officially decommission the 2003 AD server it physically died and I did my best to manually go through and clear it out.
Currently the 2019 server cannot see the sysvol file properly. When I try to go to \\server2019 it shows that the folder is empty. When I go to \\domain.edu it initially shows as empty, but if I change it to \\domain.edu\sysvol it shows the files. On the 2012 server everything shows as fine. I'm assuming that this is because my 2019 server cannot support FRS correct? Just trying to eliminate any other underlying issues.

@Dashrender said in PoE powered lighting:

@scottalanmiller said in PoE powered lighting:

@Markferron said in PoE powered lighting:

@travisdh1 said in PoE powered lighting:

I haven't dealt with it myself, but Ubiquiti makes one that is priced close to what you'll pay for normal lighting. The big difference is that you're not paying an electrician to wire the things in, "just" network cable installers. Which can be a big difference in certain areas of the country.

I'm curious to see how far the PoE industry will go. It'll be cool to see in 10 years what the average person can power over PoE.

Why? What's the reason for wanting that? You can basically power any super low voltage DC device with it today. And that's handy for data devices where that reduces a cable since it needs a connection to the switch anyway. Other than that, sounds not just boring, but just bad.

I'm kinda in the same boat - why do I want my lights tied into my switches costing me money on ethernet ports? Why not just have those lights tied directly into AC power?

I mean remote access to control the lights, sure I get that - but giving them power via POE? why?

Also, it's just funny to think of IT being in charge of the lights.

@Dashrender said in PoE powered lighting:

@scottalanmiller said in PoE powered lighting:

@Markferron said in PoE powered lighting:

@travisdh1 said in PoE powered lighting:

I haven't dealt with it myself, but Ubiquiti makes one that is priced close to what you'll pay for normal lighting. The big difference is that you're not paying an electrician to wire the things in, "just" network cable installers. Which can be a big difference in certain areas of the country.

I'm curious to see how far the PoE industry will go. It'll be cool to see in 10 years what the average person can power over PoE.

Why? What's the reason for wanting that? You can basically power any super low voltage DC device with it today. And that's handy for data devices where that reduces a cable since it needs a connection to the switch anyway. Other than that, sounds not just boring, but just bad.

I'm kinda in the same boat - why do I want my lights tied into my switches costing me money on ethernet ports? Why not just have those lights tied directly into AC power?

I mean remote access to control the lights, sure I get that - but giving them power via POE? why?

Yeah, even then I'm not sure why you need remote access to the lights. Annoying pranks.