I played with it a bit to see if it was worth deploying and it was more than we were looking to deal with at the time. Can't comment on the multi-tenant / multi-customer aspect but it seemed like a decent solution for someone looking to run a SIEM or compliance-monitoring solution. Also has a few of the better-known compliance base-lines configured and available out-of-the-box if my memory is correct.

To answer your initial question, I think it comes down to what functions you're using in those other products.

@wirestyle22 said in Ipad guru/ Site connectivity issue:

@travisdh1 said in Ipad guru/ Site connectivity issue:

@Dashrender said in Ipad guru/ Site connectivity issue:

@scottalanmiller said in Ipad guru/ Site connectivity issue:

If the issue is from a volume of devices, it's not the devices that are the issue. This isn't related to them using iPads, other than they are using lots of devices on wifi all at once. It's not an iPad issue, but a wifi/network issue.

Too much power, overlapping APs, too many APs, all kinds of things can cause issues. Or too few, bad signal, etc.

I thought I read he had 18 iPads, but I don't see that here anymore... that doesn't seem like to many, even for a single AP...

Keep in mind that there are probably gobs of patrons using a guest network on those same APs. It really could be an issue of to many devices using a single AP if they are busy.

I was just about to write this

Ditto.... It's all well and good having separate SSID's and networks behind the AP to isolate traffic, but the radios in the HW might just be getting thrashed if it's busy and patrons are monopolizing the infrastructure. Keep in mind that for a restauant setting each patron is likely to have at least 1 device connecting to wifi, perhaps more if someone is working on a laptop and having a bite at the same time.

Nothing specifically for testing, the calendar module in Thunderbird should at least let you test connectivity though. Don't know what kind of logging options it provides but that's where I'd start

@bishnitro Assuming that they support SNMP as @Dashrender inquired, Zabbix can do this for you. Nedi is great for managing switches, not sure if it can alert on individual ports or just the device as a whole.

@Pete-S said in Defective Laptop - how to get browsers bookmarks:

Yes, you can copy the files directly if you want - assuming the drive isn't encrypted.

For Firefox for instance:
https://support.mozilla.org/en-US/kb/restore-bookmarks-from-backup-or-move-them

Encryption - this is going to be your go/no-go element. Although if it's bitlocker I've been told that if you plug the drive into another windows machine it's supposed to prompt for the bitlocker key. Haven't had a chance / reason to test it out though.

@openit So for your POTS fax line, I don't think you're going to be able to monitor that unless it's actually a VoIP ATA or something that you can monitor.

We've recently moved from NagiosXI to Zabbix and I'd strongly suggest looking into it. Might seem daunting at first, but it's only as complex as you want it to be. Lots of great templates out of the box, tons more available online / in the community and overall just a really great tool. If you're only using ping to check for up/down at the moment the visibility you can gain with SNMP as well as the windows server agents will blow your mind. You can go from reactive to pro-active, as well as using it to validate what users are telling you (for example, zabbix snmp on our xerox MFCs will flag if a door or cover isn't properly closed)

@hobbit666 You could do that, or it can also be setup as a network bridge. Unsure of site to site, but I did a quick PoC with a Linux VM at HO that was allowing a remote laptop to connect in as if it was onsite. The remote machine was even pulling a dhcp address from the HO dhcp server since the bridging was all at L2. You could probably do a VM at each site more or less as a "VPN endpoint" and the IP ranges properly configured and routed.

There's a few different ways you can do that too. You can go the firewall route or you can use ZeroTier to deal with remote connectivity off the top of my head.

Like Scott said, most (all?) business-oriented firewalls (hardware appliance or linux distro à la Untangle) have built-in firewall VPN capabilities.

Some things to have on your radar:

• VPN topology (hub+spoke, full mesh or a combination of both).
• IPSEC throughput on the appliance (our old sonicwalls at some remote-offices were a bottleneck for the ipsec back to HO)
• If replacing firewall appliances, what other functions do you need / want

Ubiquity is pretty solid from a hardware perspective but their support is lacking, based on both personal experience and speaking with some other IT folks. I use it at home, and would definitely consider it for a business upgrading over consumer, soho or ISP gear, but if you're big enough that you've got to connect multiple sites over ipsec and it's business-critical you might want to look at something like sonicwall, fortigate or meraki.

So I realize that CentOS is more or less dead for most folks, but have you tried spinning up the equivalent CentOS version to compare apples to apples? I'll admit that I've never touched Oracle Linux and haven't had need for CentOS in a while but big performance differences shouldn't really be a thing between modern linux distros.... Maybe your Oracle install has additional encryption (full system ?) or something with the filesystem or mount options that's making it work harder?

@Danp Hey Dan, I don't think it's on the xcp-ng forum but I had come across something on the XO forum about it. Don't have the post nearby but it's a known issue.

@dbeato It's a full VM delta backup. I was able to restore the whole VM to another host and boot it without any problem, but it restores the borked volume as-is (which is what we'd expect, but doesn't help my situation).

It's not a major stress by any means, was just hoping that on top of having been a dummy for messing up the initial setup, I was overlooking or unaware of a simpler / easier way to fix things.

Cheers!

Coffee, lots of coffee...

@dbeato But if I restore the volume it'll restore the "bad" version that's missing the partition table so I'm no better off, right?.... Unless there's some other restore mechanism?

So I think I know what the fix is, and just want to see if anyone here has any simpler ideas.

Problem: XO can't do FLR on one of my backed-up VMs. Complains that partx can't read the partition table. Further investigation shows that the file system is directly on /dev/xvdb and not in a partition.

Context: Luckily this is a 2nd drive that's used for NC data and it works fine as-is.

Possible (Only?) Solution:

1. Add another drive to the VM equal or greater in size than the one that's causing problems
2. format new volume / drive properly with partition table goodness and appropriate fairy dust
3. copy everything at file level (permissions, timestamps etc etc) from buggy volume to new volume
4. change /Data mount to point to new volume
5. Fin

If anyone out there has a simple one-liner or something nice that I'm not aware of, please share.

Thanks

We ditched MPLS ~2 years ago and run everything over site2site vpns now. Costs are down, speeds are up and visibility is better. We're using fortigates for the firewalls but you should really be able to use anything you're comfortable managing for a firewall. Similar usage profile, with regards to trafffic type (citrix ICA). We're doing hub and spoke as far as vpn topology and it works for us, what's best for you will depend on what the rest of your infrastructure topology looks like.

Any developments on this? Curious to see what the end result is...

@choppy_sea said in Server 2019 randomly DNS stops:

@Obsolesce DNS logs show one interesting one linked, the log says that its transferred the master role from itself to itself https://imgur.com/a/4I75qnB if you mean somewhere else I apologise!

@Dashrender It happens for every device on the network!

@JasGot Yes the AD server does DNS and DHCP too, yes the Host on the domain

@notverypunny When I ping a known good IP i.e. 8.8.8.8 I get "...unreachable" rather than the "Ping request could not..."

OK, so if you can't even get out by IP, then strictly speaking DNS isn't the issue. Lower level TCP/IP or something else in the network is a problem before DNS even comes into play. Even if your DNS is completely offline you should be able to ping 8.8.8.8 or 1.1.1.1

I'd setup a standalone machine on the network with a static IP and have it pointed to external DNS. If it stops working when everything else does, then you know that it's something in your LAN > WAN setup. If it keeps working when everything else goes sideways then you're looking at the possibility of something wrong along the lines of the rogue DHCP that you've alluded to or other LAN-side gremlins. Don't rule out the possibility of a user having connected something that's doing all kinds of fun DHCP garbage.... Users can be... "special"

@choppy_sea said in Server 2019 randomly DNS stops:

@notverypunny said in Server 2019 randomly DNS stops:

DNS server / Domain Controller

No I inherited this unfortunately ! I'm sure we've all been here..

1. DHCP scope is configured with Router, DNS Servers (as the AD DNS ONLY) and DNS domain name of domain.co.uk - I mean it looks correct.
2. Clients get DNS from AD DNS server through DHCP as above and to my knowledge noone is capable of changing it on their desktops.
3. AD DNS server isn't set to loopback no, its set to its own IP (which is what I thought was properly configured)
4. Forwarders are set to Google and OpenDNS

I totally agree about the host reboot thing, its is in my opinion the most puzzling thing. Maybe I should retest that theory encase the times it hasn't worked is a fluke...the internet is a wireless link provided by a small ISP here in the UK and I'm not familiar with their service.

The whole thing is a huge headache. I've tried uninstalling my RMM tool encase that is the issue. I have noticed that when I teamviewer in sometimes that seems to either trigger it or I'm super (un)lucky...

Yeah, sorting out an inherited mess is never fun.

When things stop working, can you still ping out to known good IPs? I.E. 8.8.8.8 1.1.1.1 etc? Maybe DNS isn't the problem. You mention that it's a small WISP, maybe their CPE can't handle the connection load and similar to my rate-limiting theory it's just a coincidence that the time taken to reboot the host and guests is enough to clear the CPE's session table.....

I'll add my vote to those strongly recommending a deep dive on the DNS server's logs, and I'll throw the Host system's logs in there too for good measure.

Before going off on tangents, are you 100% sure that AD DNS is properly set up for your environment?
-- DHCP is only serving your Domain DNS servers with the leases
-- Clients are ONLY attempting to use the Domain DNS
-- DNS server / Domain Controller is set to loopback on the NIC
-- DNS forwarders are set to reliable, known external DNS (nothing internal on the forwarders)

It's strange that a full host reboot fixes things while rebooting the guest / DC doesn't.

Could there be a firewall / edge device in the mix that's blocked based on source or rate-limiting and the extra time taken by rebooting the whole host is enough to allow it to clear it's block list / criteria?

There's a whole lot of funky things that could be happening here.....

Just a thought, maybe we should start a revolution and all move to opensuse? </troll>