Best posts made by Mike Davis

I'm looking at a wireless job in a mall. They have a Rukus system in place. They started off with two wired access points and two other access points running mesh. Then they moved the location of one of the wired APs and now it has to relay the signal down to the last AP where they are having connectivity issues.

From where the internet connection comes in to the event center where they need to improve the wifi signal, it's about 1000', so outside what can be done with copper, but fiber is an option. The problem is that due to the construction of the building, the fiber would need to be run up on the roof and back down to the location where it's needed.

I started to think about running a wireless bridge inside the building. I've used the Ubiquiti NanoBeam AC on a couple projects and figured that would work pretty good. I have line of sight from one end of the mall to the other, but I wasn't sure if I have enough room around the direct line for the signal to travel. I think this is called the Fresnel zone.

Has anyone tried a project like this? Over a relatively short distance like this, do I need to be concerned about the Fresnel zone?

@travisdh1 said in indoor wireless bridge - Fresnel zone

No provision to run more wires, that's an architect I'd have a few words with/for.

I don't think that's fair. They didn't have network cabling back when these buildings were built.

If you consider a residential house, just as fast as people started running network cables to the backs of TVs, manufactures started building in wifi adapters that make the network cable unneeded. Right now people are putting in conduit between their entertainment center and the back of their wall mounted TV for all the cables. 5 years from now we'll probably have a wireless HDMI cable that will make that obsolete.

@scottalanmiller said in Unifi switch - tagged traffic issues:

You think that your guests in the office are attacking your DNS and DHCP services? And you feel that your DNS and DHCP are that fragile to be a concern to that degree?

Conceptually, it wouldn't take much for a whole bunch of devices to request enough DHCP leases that it would prevent legit devices from obtaining a lease. If your guest wifi DHCP server is separate from your production subnet, you mitigate that threat.

Are you using the latest version of AAD sync manager? It pretty much syncs when it notices a change. The old DirSync forced you to sync manually when you wanted to force a change like you described above, but if you ran the powershell command:

cd "C:\Program Files\Windows Azure Active Directory Sync\DirSync"
.\importModules.ps1
Start-OnlineCoexistenceSync

it would do all those things with one command.

When you fire that power shell script off, if you go back to the sync manager, you'll see it does all 6 things.

I've been using scanstate and loadstate from the Windows Automated Installation Kit to go from 7 to 10 and 10 to 10. I like it better than easy transfer because it's command line and scriptable.

Last night I had a server that Zabbix seemed to think was fluctuating between 8% and 20.55% free disk space. This caused the trigger to generate 700+ emails. The emails started when Zabbix came out of maintenance mode. If it had went over 20% and stayed there we would have got one email per hour, but since it kept toggling back an fourth, it was kicking out two every minute. Has anyone ever had anything like this happen before? I'm still investigating.

The plot thickens. This is the 12 hour graph:

You can see when I added space, but it still keeps going up and down. I'm going to restart the zabbix service.

I've read over a few "Cyber Insurance" policies. Some of them only seem to be concerned with how many credit card/social security numbers are stolen and covers you when you get sued for that. Those policies seem to offer no coverage if you get cryptolockered and lose all your data.

I was asked to review one for my own business as an example. Basically it's $2,753 a year and offers the following coverage:

I'm thinking the only way you're going to "recover" from something like a crypto infection is to restore from backup or pay the ransom. I think the cost of the insurance is way more expensive than either one of those, and you have to have good backups regardless of whether you have insurance or not.

Does anyone have any experience making a "cyber insurance" claim?

So now that the general public thinks they need a VPN to hide their browsing, does anyone have any recommendations? Does anyone have any clients that put their entire site behind a VPN?

@Dashrender I think along the same lines as you. In addition, if some cookies are dropped google has more information than you can imagine, so does it really make a difference if your ISP can see the urls you connect to? My concern supporting it professionally is that their banking site might not work if they are behind a VPN. For a client that I have that was using a load balancer, I had to write rules so that traffic to that site would only go out one interface. Their site couldn't handle the fact that our connecting IP might change. I imagine with the VPN it would be the same type of problems.

I've seen two virtual machines get cryptoed, so no, it makes no difference. The recovery was quicker, but that's about it.

In the case that someone shared from reddit yesterday, the hacker got on one system and then installed a password cracking tool on the VM to scan for other passwords on the network. To answer @openit 's question, it makes no difference physical or virtual.

So far we haven't seen a case where if a VM gets hacked the attacker gains access to the hyper visor unless passwords are shared, etc.

I've had auto updates hose stuff before, but this one takes the cake. I took on a client with a Dell T310 server with Server 2008 R2 Standard on it. It's physical, not virtual.

I'll spare the play by play, but basically 3 updates installed and after that the server was stuck in a loop where it would try to roll back the updates for 3 hours, and then reboot only to repeat the reboot loop. I restored from backup and now if I log in to the desktop, it pretty much locks up the server. If I don't log in to the desktop on the server, all the services run fine.

Any ideas on what to try? I can get in to safe mode, and I've tried a selective boot where 3rd party services were disabled.

Going forward I'd like to virtualize the server. Does anyone know if you can do a P2V migration without logging in to the desktop? My other thought was to restore from backup to a virtual machine. Has anyone tried that before with Veeam Endpoint? It would be simple enough to build a new domain controller, but I'm affraid when I get to the last step of dcpromoing the old server out, I won't be able since I can't log in to it. I could hack it out of AD with ADSIedit, but I'd rather avoid that if I could.

Update for all those that suggested ideas. I took @dafyre 's idea to restore it to a hyper visor. I went on site and I'm not sure why, but it took like 11 hours to copy the backups 1TB+ to an external USB drive. I brought that back to my office and started the restore. That took about 7 hours each time I did that. The first time I just restored the drive. After messing around with bcdedit I still couldn't get the thing to boot. Veeam said that the M: drive was a system drive to, so I created another VM and restored the and M: drive. This time I could boot to the Dell system installer setup, but still couldn't boot the OS.

Then I decided to restore to another physical Dell server I had on the bench. It booted no problem. Veeam boots you to Directory Services Restore mode and then you have to use msconfig to tell it to do a normal boot and you're good. I did that and it seemed like it was having the same issue where I logged in and it showed the desktop but wouldn't respond to the keyboard. The mouse moved, but wouldn't let me click. I just left it and came back an hour later. At that point it was fine. Not sure what the deal was.

There were a few variables to take in to consideration. Since the NIC was different, none of the network services came up. I also disabled a few things like CrashPlan because when the NIC does come online, I don't want it to try to backup to the cloud since it's a clone of the real server that is still on production.

At this point I'm going to try to P2V the thing.

I installed one automatic update, and now the system is blue screening. I knew there might be an issue since that's what started this whole thing, so I created a checkpoint before installing the update. I tried a couple things to clear the STOP: 0x0000006B blue screen that didn't work so I decided to revert to my checkpoint before the update.

I'm still getting the STOP: 0x0000006B and it keeps booting to the recovery option.

Building a new DC is looking better every minute. I can still log in to the old physical one I restored to DCpromo it out when I'm done.

@dafyre said in Autoupdates Killed My Windows Server 2008 R2:

Will it work enough to replicate the AD stuff to the new server?

yes, Yesterday I restored one backup to a physical server and restored one back up to a VM. In the end, I had both working, but decided to move ahead with the virtual one. I can now power on the physical one, create a new VM, join the domain, etc and move forward with that. Of course I say this and most of what I have been working on for the last week should have worked...

I received a builtin today because I support an agency that works with New York State. It was an advisory about some IP addresses to watch out for. They recommended keeping my system patched up to date and said I should consider blocking the suspicious IP addresses from third world countries they have identified. The real joke was that this information was coded "TLP:Amber" meaning these IPs shouldn't be shared with the public. Maybe someone from the public should tell them about geo-blocking. This is the first alert they have sent me. Has anyone else received these "alerts" before? Are they all like this?

BTW, I didn't check them all, but the IPs I did check are already registered in the https://www.abuseipdb.com so it's not like this is secret information.

That's what I get for posting before I'm totally awake. This is what I get when I run the command on my group:

BackupTarget> show member
Name       Status  Version    Disks Capacity   FreeSpace  Connections
---------- ------- ---------- ----- ---------- ---------- -----------
16TB       online  V7.0.7 (R3 16    11.34TB    6.72TB     2
                     97085)
syr-8TB    online  V7.1.2 (R4 16    5.66TB     3.69TB     3
                     02088)
4TB        online  V7.0.7 (R3 16    2.83TB     1.84TB     2
                     97085)
BackupTarget>

I think the command is showing the free space on the volumes after creation, not before since I think I have mine fully provisioned.

Just type:
show
and it will scroll through all the things under the show command and you should be able to figure out the size of your member. This is just the first of like 4 pages:

BackupTarget> show
______________________________ Group Information ______________________________
Name: BackupTarget                     Group-Ipaddress: 192.168.100.21
DateAndTime: Thu Apr 20 03:32:04 2017  TimeZone: America/New_York
TotalVolumes: 3                        VolumesOnline: 3
VolumesInUse: 3                        TotalSnapshots: 0
SnapshotsOnline: 0                     SnapshotsInUse: 0
TotalMembers: 3                        MembersOnline: 3
MembersInUse: 3                        TotalCapacity: 19.83TB
VolumeReserve: 7.58TB                  VolumeReportedSpace: 7.58TB
SnapReservedSpace: 3GB                 SnapReservedSpaceInUse: 0MB
ReplicationReservedSpace: 0MB          FailbackReservedSpace: 0MB
DelegatedSpace: 0MB                    DelegatedSpaceInUse: 0MB
FreeSpace: 12.24TB                     TotalDisks: 48
OnlineDisks: 45                        SpareDisks: 3
OfflineDisks: 0                        FailedDisks: 0
Collections: 0                         Snapcols: 0
CustomSnapcols: 0                      ThinProvFreeSpace: 122.49TB
TotalSpaceBorrowing: 0MB               Connections: 7
_______________________________________________________________________________