Posts made by Shuey

Not sure how other admins feel about this approach, but depending on the size of the environment, I like to have one DC handle all the DHCP services, keep regular dhcp backups, and have the DHCP role installed on the other DCs, but in an inactive state. If the DHCP server dies for any reason, you can easily assign another DC to handle this, do a quick DHCP restore, and you're back in business.

@momurda said in Printer Using WSD vs IP:

You can try disabling WSD on the printer itself, if it isn't a service for Windows to see perhaps it wont try to use it.

This is the same thing we do to avoid this nasty printer plague

I've heard from multiple friends who code that C (C11) is a great foundational language for anyone interested in pursuing programming or even just for developing better logic skills.

Depending on how important it is to management, and how much money they might be willing to spend, Netwrix Auditor can track all of the information you're wanting to track, and then some.

Great advice Jared, and thanks for the detailed perspective!

So I won the $60,000 makeover contest from HPE (https://community.spiceworks.com/topic/1878399-getting-pumped-for-spiceworld-enter-to-win-a-60-000-makeover-from-hpe)

Since I've never worked with equipment this new (lol), I wanted to see what ideas people have. My initial thought is that it'd be great to build a VMware test environment that I can beat up and learn on. Up until now, I've learned everything I know about VMware in the enterprise in our production environment that I built myself and have grown and learned on over the last 3 years. It'd be great to use this new equipment to build a modern "lab".

@Jason said in Great site to track OpenFire releases!:

there is no bug free version of any software. It does not exist.

Wow, basically shot down by three people within a very short amount of time :D.

I could try to defend my thinking and what I was trying to share, but you guys either already know it, or don't care. Either way, I did my good deed for the people who DO use OpenFire and actually care of seeing version details

We've been running an OpenFire server here for years. And in that time, I've upgraded the server more than once. On one of those occasions, we upgraded to a version that was listed as the "latest release" on Ignite's website, but we had no idea that there were unresolved bugs in that particular version. We ended up having to revert back to an older version of the server in order to bypass all of the trouble we were having.

That led me to finding this site address:
https://issues.igniterealtime.org/projects/OF?selectedItem=com.atlassian.jira.jira-projects-plugin:release-page&status=all

You have to have an account in order to view that information, but it's free to register and gain access.

This is a perfect way to track the server releases to make sure that you're choosing versions that are 100% bug free. I've also noticed that they've stopped posting "buggy" versions as a "latest release". But it's still nice to have this link I mentioned so you can track the details of each version ;).

@Dashrender said in How Do So Many People in IT Not Know What a Database Is?:

@RojoLoco said in How Do So Many People in IT Not Know What a Database Is?:

A database is the plastic feet under my desktop PC, right?

Wait, you mean the harddrive?

No, you must mean the "modem", right? Wait... now I'm confusing myself... the screen thingy on the desktop is the computer, isn't it?

@IRJ said in Migrate and/or replace old cert server?:

I figured somebody would have yelled at you for running anything else on a DC already in 6 pages of replies.

I would build a new 2012 R2 DC, then transfer all roles then demote your old DC. I would just keep sharepoint on the old DC and call it a day.

We already have 5 other DC's. This last DC that I wanted to demote and remove cert services from is the last DC left in the original forest/domain that the admin before me built. I'm pretty much going to have to spend the next several weeks learning how to setup Sharepoint and migrate our existing server/data to a new member server. And trust me, I know it's stupid to run all that stuff on a DC, but I didn't set it up :-S

What the junk O_o!?.... this guy said in this post that I "need to move Sharepoint to another server first. The problem is that SQL Server, when installed on a DC, then uses that DC and that DC only for authentication purposes."

If that's true, I wish I had known that from the beginning, lol.

@momurda said in Migrate and/or replace old cert server?:

Is the CA service running when you run that CA url removal command? you might need to fix the CA removal problem before you can demote.

The CA service was running when I ran through the removal of cert services, but at the very end of the removal process, it threw that error. Since cert services have now been removed, the service no longer exists :-S...

@momurda said in Migrate and/or replace old cert server?:

You might want to check your domain admin user rights on some ad containers and see if you have the power.
I think user needs Trusted for Delegation right on that user.

Also, on that failed ca removal, i dont think you need quotes around the url, as it is a url and no spaces are allowed.

I tried the URL with and without quotes; same failure message both times

The account I'm currently using to attempt the demotion is the same account I've used everywhere in the domain. In the 4+ years I've been here, I've built 5 other domain controllers, I've demoted domain controllers, I've transferred FSMO roles - I've never had permissions issues with any of those tasks with this same account I'm using now

@momurda said in Migrate and/or replace old cert server?:

Your domain admin credentials might not have full permissions to do that operation, depending on configuration. How long has the domain existed?

The domain has existed since before I started working here over 4 years ago. It's also changed a lot though in the time I've been here. "ADMIN-SERVER" is the ONLY domain controller from the original domain that was built before I started here.

So I wasn't able to delete the enrollmentServerURL. I decided to go ahead and move forward with the demotion, but I'm stuck there as well. Every time I try to complete the process, it fails with this:

I verified in ADUC and ADSS that NONE of my servers have the "protect this object from accidental deletion" checked, and I've tried rebooting the server again, but the process continues to fail. I've tried it with and without the "Remove DNS Delegation" option, but it continues to fail...

Am I going to have to do a forced demotion?....

Good times... I first followed Microsoft's instructions to revoke any existing certs with a "cease of operation", and then removed the role. Before the reboot, I was prompted with this error:

I included in the screenshot the command that I ran, which also gave an error...

I'm going to reboot the server, but I'm not feeling great about this so far, lol.

@scottalanmiller said in SpiceWorld 2017 Austin Grey Breakfast:

@jmaurelli awesome. Will see you there! Maybe @Shuey can join us this time, too.

I likely won't be able to attend next year, but I have a feeling I'll make it in 2018!

@JaredBusch Thanks for the reply and info Jared!

I've had certificate services stopped and disabled for the last two weeks (in case anyone rebooted the server). I've not seen or heard of any issues, so I wanted to ask again: Do you think it's safe enough now for me to remove the cert services role from the server? Is there anything I might still be missing or haven't thought of?

@Breffni-Potter said in Synergy - Software KVM:

@Shuey said in Synergy - Software KVM:

The Pro version now offers SSL support

Security should be part of the product. I know the price difference is tiny but It's never great when a company charges more for the security of their clients.

I definitely understand where you're coming from, but I think there have actually been a lot of Synergy users over the years who really haven't been concerned (or even cared at all) about the security of the data between the server and clients. The reason that they finally added support is likely because it wasn't until recently that they started to get a larger number of customers requesting it. And since they're providing a for-profit service, it's not out of the ordinary at all for them to charge extra for it (especially since some of their customers are large corporations who specifically require it, while other customers such as families or small businesses would rather pay less for a version that doesn't include anything extra that they woudn't need or care about).