Best posts made by notverypunny

So a couple of things I'd be looking at if it were me:

• RAID card config: write-through / write-back will have performance impacts (but should hit S2019 and W10 equally)
• Network vs storage:
  -- iperf3 only runs in memory, so it completely removes storage from the troubleshooting equation, if you see the same type of drop-off testing with iperf3 you know that there's a networking gremlin somewhere that needs to be dealt with.
  -- something like LANSpeedTest actually writes and reads a file on the far-end storage, so it should provide the same results as your typical file transfer, you can also arbitrarily set the transfer size, just in case you want to test something bigger than what you've got as a static file.
• What's actually running in the OS at the same time
  -- use something like processhacker to see what else might be using the network or other IO when your file transfer slows to a crawl.
  --Maybe there's security configs being applied to your servers and not the W10 guests that aren't being taken into consideration.

Dashlane is what we had as a major contender the last time we looked at this

Is refusing the delivery an option? If you've got the cancellation request in writing then I'd simply refuse to pay any sort of restocking fee.

Forgetting the PCI stuff for a second, will the tablet even connect with / play nice with a wireless that doesn't have internet access? I can't speak to W10 but recent experience with Android and Apple has them refusing to use the wireless unless it can do a connectivity check out to 8.8.8.8 or another reliable resource.

@scottalanmiller said in Recovering SQL Server 2005 Databases:

Let's assume no hardware failure. Is there a good path? We have the data, intact. It's just really old and needs to be updated.

FWIW I'd mount on 2005 then backup/restore on the current version of your choice.

https://dba.stackexchange.com/questions/222868/upgrading-sql-server-2005-to-2016

@Dashrender said in MSTP with multiple instances - Yea or Nay:

@notverypunny said in MSTP with multiple instances - Yea or Nay:

@scottalanmiller said in MSTP with multiple instances - Yea or Nay:

Are the VLANs needed? What are they for?

Traffic isolation / functional separation / security. Servers / Management / endpoints / VDI / Wifi / telephony etc etc etc

One would ask if any of those are needed today?
Functional separation I could see if you have two desperate networks but need to use a single ethernet fabric. I have that, my Guest WiFi has it's own firewall and own internet connection, yet we share the APs. it's on it's on VLAN with no routes between prod and guest.

But on the prod side, in a LANLess world, is that really needed? Of course, few of us likely actually have LANLess set ups.

Skimming through the LANLess explanation @travisdh1 posted a while back, I think we're somewhat a mashup of it and segmentation. Some of the VLANs in question are end-point only and as such the security isn't as tight as the ones that are used in the server-room / data center functions. If I were designing something from scratch, LANLess would certainly be something to consider, but since this is far from a new build, I doubt I could start to justify the headaches that changing VLANs and IP addressing would entail.

To come back around to my initial question, can anyone point me to any pros / cons with regards to having multiple instances of spanning tree given that we no longer have 2 devices acting as root bridges?

@Dashrender said in Windows Domain join issue:

@fuznutz04 said in Windows Domain join issue:

Nothing that stands out for this. I am getting replication errors that I need to solve. (having issues replicating to this DC to my COLO DC, but I wouldn't think that this would cause issues with me joining a PC to the domain at this location.)

Yeah, your PC had flipped DNS to the external one - so no surprise on the replication errors.

Target account name is incorrect - huh..
not sure what would be about...

Hate to be the bearer of bad news but you might have to fix AD first...

https://support.microsoft.com/en-ca/help/2183411/active-directory-replication-error-1396-logon-failure-the-target-accou

EDIT: just came across this:
https://atherbeg.com/2017/01/04/error-while-joining-machine-to-domain-logon-failure-the-target-account-name-is-incorrect/

https://www.wilsonsignalbooster.com/

From what you're saying it'll probably take a custom solution. I'd hazard a guess at a high-gain directional antenna on the roof (to get connection with the cell network) with omni-directional repeaters to cover the yard

1. Download the current firmware to your laptop.
   https://dl.ui.com/firmwares/edgemax/v2.0.8-hotfix.1/ER-e50.v2.0.8-hotfix.1.5278088.tar

Just got one for home last week and I had to downgrade to the v1 firmware to get VLAN tagging to work, just a heads up. It might work on the v2 firmware but I didn't have the time, patience or inclination to arse around with it more than necessary. No more ISP gear in the home network except for the SFP that I had to move from their CPE to the ERX-SFP.

@scottalanmiller

Yeah... just did the whole IT Crowd turn it off and turn it back on routine and now it's working again.... going to email their support to see about re-instating the article

Just because it's what I know, and am reasonably confident will work:

Hypervisor : XCP-ng (OK, so I know Citrix XenServer, but from what I've seen it's more or less the same)
backup/restore: Veeam agent for Windows (free will do what you need)

Not sure how legit licensing will be, I'd have to guess that it's going to depend on the actual licenses and specific versions of server that you're dealing with.

another vote for iperf3
even better 'cause it's available via chocolatey

@choppy_sea said in Server 2019 randomly DNS stops:

@notverypunny said in Server 2019 randomly DNS stops:

DNS server / Domain Controller

No I inherited this unfortunately ! I'm sure we've all been here..

1. DHCP scope is configured with Router, DNS Servers (as the AD DNS ONLY) and DNS domain name of domain.co.uk - I mean it looks correct.
2. Clients get DNS from AD DNS server through DHCP as above and to my knowledge noone is capable of changing it on their desktops.
3. AD DNS server isn't set to loopback no, its set to its own IP (which is what I thought was properly configured)
4. Forwarders are set to Google and OpenDNS

I totally agree about the host reboot thing, its is in my opinion the most puzzling thing. Maybe I should retest that theory encase the times it hasn't worked is a fluke...the internet is a wireless link provided by a small ISP here in the UK and I'm not familiar with their service.

The whole thing is a huge headache. I've tried uninstalling my RMM tool encase that is the issue. I have noticed that when I teamviewer in sometimes that seems to either trigger it or I'm super (un)lucky...

Yeah, sorting out an inherited mess is never fun.

When things stop working, can you still ping out to known good IPs? I.E. 8.8.8.8 1.1.1.1 etc? Maybe DNS isn't the problem. You mention that it's a small WISP, maybe their CPE can't handle the connection load and similar to my rate-limiting theory it's just a coincidence that the time taken to reboot the host and guests is enough to clear the CPE's session table.....

I'll add my vote to those strongly recommending a deep dive on the DNS server's logs, and I'll throw the Host system's logs in there too for good measure.

@choppy_sea said in Server 2019 randomly DNS stops:

@Obsolesce DNS logs show one interesting one linked, the log says that its transferred the master role from itself to itself https://imgur.com/a/4I75qnB if you mean somewhere else I apologise!

@Dashrender It happens for every device on the network!

@JasGot Yes the AD server does DNS and DHCP too, yes the Host on the domain

@notverypunny When I ping a known good IP i.e. 8.8.8.8 I get "...unreachable" rather than the "Ping request could not..."

OK, so if you can't even get out by IP, then strictly speaking DNS isn't the issue. Lower level TCP/IP or something else in the network is a problem before DNS even comes into play. Even if your DNS is completely offline you should be able to ping 8.8.8.8 or 1.1.1.1

I'd setup a standalone machine on the network with a static IP and have it pointed to external DNS. If it stops working when everything else does, then you know that it's something in your LAN > WAN setup. If it keeps working when everything else goes sideways then you're looking at the possibility of something wrong along the lines of the rogue DHCP that you've alluded to or other LAN-side gremlins. Don't rule out the possibility of a user having connected something that's doing all kinds of fun DHCP garbage.... Users can be... "special"

We ditched MPLS ~2 years ago and run everything over site2site vpns now. Costs are down, speeds are up and visibility is better. We're using fortigates for the firewalls but you should really be able to use anything you're comfortable managing for a firewall. Similar usage profile, with regards to trafffic type (citrix ICA). We're doing hub and spoke as far as vpn topology and it works for us, what's best for you will depend on what the rest of your infrastructure topology looks like.

So I think I know what the fix is, and just want to see if anyone here has any simpler ideas.

Problem: XO can't do FLR on one of my backed-up VMs. Complains that partx can't read the partition table. Further investigation shows that the file system is directly on /dev/xvdb and not in a partition.

Context: Luckily this is a 2nd drive that's used for NC data and it works fine as-is.

Possible (Only?) Solution:

1. Add another drive to the VM equal or greater in size than the one that's causing problems
2. format new volume / drive properly with partition table goodness and appropriate fairy dust
3. copy everything at file level (permissions, timestamps etc etc) from buggy volume to new volume
4. change /Data mount to point to new volume
5. Fin

If anyone out there has a simple one-liner or something nice that I'm not aware of, please share.

Thanks

• Subnet masks set properly across the board?
• Multiple IP addresses set on the adapters on the windows hosts?
• Ping by hostname vs ping by ip?
• AV or security software that's only on the Windows machines?

A strange one for sure, but it's got that weird "of course that was the problem" vibe.... let us know what it ends up being, I'm curious now

@justin867 Is there anything else as far as print-management going on? We use papercut-ng on our printservers, with one central server and the remote sites configured as secondary servers. If things are set too tightly, the secondary server will refuse print jobs if it can't call home to the master..... just some food for thought since most everything else seems to be working.

@mr-jones

OK, so it sounds like it's back to basics time:

• Multiple networks / segments or all on a common network
• use something like advanced IP scanner to see if there's anything unknown on the network it's self
• Keep in mind that printer sharing / publishing also has smb / samba in the loop, not just the print-spooler

Where I'm going with this is that there could be something publishing on the network with upnp or, zero-conf, bonjour or some other automagic protocol that your endpoints are only picking up based on one of the options (or defaults) in the GPO. The other thing to check (if not already done) is the protocols and services that are enabled on the printers themselves. Best thing is to disable all of the ones that you aren't using like bonjour, air-print, etc etc

@joel Are you using the video and chipset drivers from the dell support site with the device's service tag or are you using the ones from the chipset / video vendor?

With Dell machines my go-to sequence is

• update to the latest bios
• run the initial driver restore in command update
• install all available updates in command update

if you're still in trouble after that, use command configure to comb through the bios settings to see if there's anything funky