|
Biggest problem would probably be the 2012r2 box defaulting to newer things in SMB that 2000 doesn't support. Also any Group Policy things you depend on that don't exist in 2000. I have a Windows 10 Pro machine and a 2000 Small Business Server DC and everything pretty much works
|
# ? Feb 4, 2016 20:41 |
|
|
# ? Apr 25, 2024 06:30 |
|
Moey posted:I have domain joined 2000 boxes. All DCs and functional level are 2012 (non-R2). Have not hit any issues. Thanks thebigcow posted:Biggest problem would probably be the 2012r2 box defaulting to newer things in SMB that 2000 doesn't support. Also any Group Policy things you depend on that don't exist in 2000. That was one thought I had, I highly doubt SMB 3.02 is supported in 2000. Might take a bit of modifying
|
# ? Feb 4, 2016 20:44 |
|
CLAM DOWN posted:e: like, in your very link, it says that 2000 isn't supported on a 2012 R2 DC I can't actually find where it says that in the article but chances are I'm just being blind. It mentions things like no NTLM support for authentication so you might need to do something with local policy to get the 2k box talking, but all the official stuff I can find says you can join a 2k client to a 2012 R2 domain.
|
# ? Feb 4, 2016 20:55 |
|
Thanks all, I think I'll have to do some fucky poo poo for SMB and authentication but it might still work.
|
# ? Feb 4, 2016 21:00 |
|
CLAM DOWN posted:Thanks all, I think I'll have to do some fucky poo poo for SMB and authentication but it might still work. Probably. Make sure the 2K box can do NTLMv2 128 bit, and I wouldn't even know where to start with SMB and Kerberos. Microsoft doesn't test stuff that old, so who knows. A workaround I saw online was to have a 2003 domain for the legacy stuff and setup a trust.
|
# ? Feb 4, 2016 21:45 |
|
Has anyone used DFS with Namespaces for highly-available fileshares? I'm try to architect storage that would replicate between two points and be accessible even if one host was down. For example, - Server 1 - Server 2 Both servers have a 10+ TB Data Disk that's shared out to "Data D:" that's then carved into a namespace of \\Contoso.com\NS\Share0 My questions are, exactly how reliable is this sort of setup? I was experimenting with simulating an outage by turning of one of the servers and it seemed to work however Windows Explorer did become unresponsive at certain points. tl;dr - I need a gigantic mapped drive that's geographically dispersed.
|
# ? Feb 5, 2016 02:54 |
|
Never trust DFS.
|
# ? Feb 5, 2016 05:11 |
|
Swink posted:Never trust DFS. Good luck changing any permissions EVER on anything on that.
|
# ? Feb 5, 2016 05:17 |
|
I uae DFS-N for any share I make, even when not using DFS-R.
|
# ? Feb 5, 2016 06:52 |
|
DFS actually owns
|
# ? Feb 5, 2016 06:54 |
|
Yeah, I mean as long as you're not putting user profiles or folder replication without doing manual fail over or have super large files I don't really see the problem.
|
# ? Feb 5, 2016 07:03 |
|
Ignoring the replication issues you'd get when two people connected to two different servers try to edit the same file, DFS takes a bit to have clients switch to another server when one fails. It's not very graceful and hardly seamless.
|
# ? Feb 5, 2016 12:18 |
|
I've always seen DFS as a nice way of managing file sharing and abstracting away the actual file servers, and keeping file servers at branch locations in sync, not as high availability.
|
# ? Feb 5, 2016 12:24 |
|
Okay, how the hell do I backup DFS? Safely Virtualizing DFSR quote:Virtual Machine Saved States/Snapshots. When virtualizing DFSR, start the virtual machine, run DFSR and if you need to stop the virtual machine, fully shut down the guest OS. Do not use saved states or snapshots. Okay, what the hell do I use then? Obviously, I'm in a virtualized environment. Would do I need to put the servers in clusters? Or what do I lose without clustering? Windows Server DFS Clustering
|
# ? Feb 5, 2016 15:43 |
|
I like DFS-R for things like keeping IIS websites in sync, file shares have always been a bit flaky for me though. DFS-N doesn't really have any downsides that I've seen though.Tab8715 posted:Okay, how the hell do I backup DFS? Basically the same idea as domain controllers (although I've read you can snapshot DC's in 2012?) wyoak fucked around with this message at 17:24 on Feb 5, 2016 |
# ? Feb 5, 2016 17:13 |
|
Tab8715 posted:Okay, how the hell do I backup DFS? Curious on this as well. We have 3 virtualized FS (one per main site). No DFS. They are backed up/replicated for DR and file restores, but I still take them down for patching during maintenance windows. Would be nice to be able to not take that outage.
|
# ? Feb 5, 2016 18:27 |
|
Moey posted:Curious on this as well. We have 3 virtualized FS (one per main site). No DFS. They are backed up/replicated for DR and file restores, but I still take them down for patching during maintenance windows.
|
# ? Feb 5, 2016 19:43 |
|
wyoak posted:If you're looking for redundancy / rolling maintenance windows, just setup a failover cluster (so don't worry about DFS) I feel like I'm approaching this entirely wrong and should do something with Windows Server Clusters with File Sharing. I'll be experimenting and report back later with my results. Note - Everything in hosted in Azure.
|
# ? Feb 5, 2016 19:56 |
|
WSFC is fun as poo poo when you have multiple subnets.
|
# ? Feb 5, 2016 20:34 |
|
CLAM DOWN posted:WSFC is fun as poo poo when you have multiple subnets. And it adds a can of worms (slightly) for me within a VMware environment. I think that has been cleaned up a ton with ESXi 6, but I have not done any testing yet.
|
# ? Feb 5, 2016 21:34 |
|
I spent a day looking at all the nitty-gritty details of WSFC in Vmware 5.5 for a new SQL cluster build and said gently caress it, i'll eat the SAN space and just implement AlwaysOn Availability groups. Don't forget to modify SameSubnetDelay and CrossSubnetDelay properties though! devmd01 fucked around with this message at 21:40 on Feb 5, 2016 |
# ? Feb 5, 2016 21:38 |
|
Over the next few months we will be consolidating users and PCs from two separate forests down to a brand new one. About 140 users/PCs in one, and 200 users/PCs in the other. Trusts exist, infrastructure is in place, group policies, etc. etc. User migration will happen by doing an exchange forest move to a new Exchange 2013 environment while preserving SID history, which will take care of access issues until we rebuild file servers, etc. For the computers though, is it really worth bothering with ADMT? I really don't give a poo poo about migrating user profiles, i'd rather have them start with a fresh profile and just copy any files over from their old one. We'll additionally need to rename PCs in one company to a new standard, since theirs is all over the place instead of based upon asset tag. Since we'll need to be hands-on with people anyways, why not do it manually?
|
# ? Feb 9, 2016 18:19 |
|
Received an agency-wide email earlier informing everyone that a coworker from another department passed away last night after a long bout with some terminal disease. My first thought, "Hmmm, guess I can disable his AD account now"
|
# ? Feb 11, 2016 21:56 |
|
I'm in a position where I need to learn how certificates work quickly. Is there an easy guide somewhere to turn me into an expert in a day?
|
# ? Feb 16, 2016 07:47 |
|
Dr. Arbitrary posted:I'm in a position where I need to learn how certificates work quickly. Uh, what specifically do you want to know? Where are you starting from? Do you know what PKI is? How SSL/TLS work? Key exchanges? Algorithms? Ciphers?
|
# ? Feb 16, 2016 07:53 |
|
CLAM DOWN posted:Uh, what specifically do you want to know? Where are you starting from? Do you know what PKI is? How SSL/TLS work? Key exchanges? Algorithms? Ciphers? Well, I get it from a mathematical point of view. I just need to figure out how to get an IIS server to stop saying that my certificates are hosed.
|
# ? Feb 16, 2016 07:54 |
|
Dr. Arbitrary posted:Well, I get it from a mathematical point of view. I just need to figure out how to get an IIS server to stop saying that my certificates are hosed. What errors are you getting? How is it currently configured?
|
# ? Feb 16, 2016 08:01 |
|
Buy new certs and they'll tell you how to install them. If you already have them, just hit up the digicert KB.
|
# ? Feb 16, 2016 08:33 |
|
Swink posted:Buy new certs and they'll tell you how to install them. He might using an internal PKI
|
# ? Feb 16, 2016 08:38 |
|
10 bucks says he's got errors *because* of the internal CA.
|
# ? Feb 16, 2016 09:01 |
|
I'll try to figure out an explanation for the problem tomorrow at work. I was working through an IIS book and when it got to setting up certs, it said basically that it was beyond the scope of the book. I know there's some sort of process for getting certs in the production environment, but since I'm working with dev servers I was hoping to just make something work with self-signed certificates or something.
|
# ? Feb 16, 2016 09:08 |
|
Microsoft has a half-rear end step by step guide for building a LAN ADCA, pushing it to clients and installing it into IIS. It might be helpful. https://technet.microsoft.com/en-us/library/gg314532(v=ws.10).aspx
|
# ? Feb 16, 2016 09:17 |
|
Methanar posted:Microsoft has a half-rear end step by step guide for building a LAN ADCA, pushing it to clients and installing it into IIS. This might be what I'm looking for. I'll give it a shot and maybe it'll sorta work.
|
# ? Feb 16, 2016 09:21 |
|
Anyone have success with Surface Book & SCCM PXE boot? I am having a hard time getting it to boot with both the surface book brick dock and USB\Ethernet adapter. Essentially what happens is it sees the PXE server, says it downloaded the wdsnbp.com file and quickly goes to boot afterwards. PXE works fine for any other machines. That being said, I have had issues with 3/3 Surfacebooks I've gotten so far. One machine just stopped turning on, one machine has a discolor on the LCD, and the undock button on the keyboard wouldn't work on the last one. So much for a $3500 machine, stay away for now if possible.
|
# ? Feb 16, 2016 16:06 |
|
Is the Surface Book UEFI only or booting in UEFI mode? wdsnbp.com is a 16 bit executable for BIOS booting machines, you need to get UEFI PXE booting working.
|
# ? Feb 16, 2016 17:31 |
|
lol internet. posted:Anyone have success with Surface Book & SCCM PXE boot? I am having a hard time getting it to boot with both the surface book brick dock and USB\Ethernet adapter. Essentially what happens is it sees the PXE server, says it downloaded the wdsnbp.com file and quickly goes to boot afterwards. PXE works fine for any other machines. Not sure if this directly applies, but when we imaged our Surfaces with SCCM we had to turn off the secure UEFI boot for everything to function correctly. After that PXE boot and all other functions were normal.
|
# ? Feb 16, 2016 17:32 |
|
I assume that's "Secure Boot" on the surface book. I set it to none and it creates this giant red box with a unlock keypad at boot up but it still doesn't seem to work.
|
# ? Feb 16, 2016 20:08 |
|
lol internet. posted:I assume that's "Secure Boot" on the surface book. I set it to none and it creates this giant red box with a unlock keypad at boot up but it still doesn't seem to work. Yup, that is what I was talking about, after that we were all set. Very odd as that resolved our SCCM imaging issues for Surfaces. Is the USB adapter a genuine MS Surface approved one? I only had success using the dock / official addons with PXE booting devices in general.
|
# ? Feb 16, 2016 23:00 |
|
bigdookie posted:Yup, that is what I was talking about, after that we were all set. Hmm I can seem to boot with USB now after upgrading to Windows 10 ADK. Still can't PXE boot but I read an article that says you need to use IP helpers on the switches to point at the PXE boot on a UEFI\Legacy PXE setup. Will try that next.
|
# ? Feb 17, 2016 17:45 |
|
|
# ? Apr 25, 2024 06:30 |
|
What's the best way for me to have a Windows user account that can READ anything a domain admin can, but cannot make changes to the environment?
|
# ? Feb 18, 2016 21:59 |