|
So I have very little experience with KMS style licensing. I set a server up on a whim when my VDI project called for it, so it's always been a source of "I dunno" when I had issues. I started installing some machines with Win10 2004 and I'm having the "You don't have enough activations" error message when they are trying to activate. Does Windows 10 count each version number as a separate count for activations? I should have a bunch of Win10 machines out there activating. Is there a quick way around this if thats the case? Thanks guys, appreciate any input. I've had to interact with it so drat little and now it's coming back to bite me.
|
# ? Jul 30, 2020 16:13 |
|
|
# ? Apr 23, 2024 07:33 |
|
Any reason you're not doing active directory based licensing? Same key as KMS just choose AD based. But to answer your question though before you actually activate the KMS server you need X amount of active computers. Not sure what the count is for Windows 10 but Windows 7 was 25 active PCs on the network trying to activate via KMS before it becomes an active KMS. Server OS is like 5 active servers. But go AD activation if possible, it's the new thing and easier.
|
# ? Jul 31, 2020 06:38 |
|
lol internet. posted:Any reason you're not doing active directory based licensing? Same key as KMS just choose AD based. Is it fairly easy to switch over, and it won't screw with VDI in any way? (Horizon) For the record it is still 25 for Windows clients, and 5 for Windows server clients. I'm still getting the standard "You don't have enough client activations" even though when I run a slmgr /dlv it showed 50 on the count. Ugh. edit: Eh, I just decided to do it once I read the KMS and AD style can exist together. At the very least it immediately resolved by test machine. So... yay and thanks for the suggestion. To answer your question, we used to use KMS before I was hired here, so on the fly when I was told it was required I just seamlessly went that route. Comfortador fucked around with this message at 16:03 on Jul 31, 2020 |
# ? Jul 31, 2020 15:18 |
|
I've come across a problem in Azure that has been pretty hard for me to google. I've got a WVD Hostpool and a Standard Load Balancer so my VMs can share a Public IP Address Somehow I've broken it so that when I add new VMs to the hostpool they have no external internet access, until I add them to the Backend Pool of the Load Balancer This is preventing the VMs from having the Windows Virtual Desktop Agent and Bootloader installed, which means they don't join the hostpool automatically. Azure considers the VM deployment a failure because of this As a result I have to add the VM to the Load Balancer Backend Pool manually, and then manually install the agents and register it with the hostpool Life is hell
|
# ? Aug 4, 2020 00:18 |
|
snackcakes posted:I've come across a problem in Azure that has been pretty hard for me to google. Are you putting them behind a restrictive Network Security Group? Are they being joined to a working subnet? Are they being joined to the RIGHT subnet?
|
# ? Aug 4, 2020 01:01 |
|
Wizard of the Deep posted:Are you putting them behind a restrictive Network Security Group? Not a restrictive NSG, definitely a working and correct subnet Someone who wasn't me setup a basic load balancer for old VDIs (which are gone now) which I replaced with a standard load balancer. I see no reason why this would be an issue but... the problem started soon after. It's probably something stupid and unrelated that I'm not seeing
|
# ? Aug 4, 2020 02:17 |
|
snackcakes posted:I've got a WVD Hostpool and a Standard Load Balancer so my VMs can share a Public IP Address What is the need for e single inbound public IP to be associated with the VMs in a WVD hostpool?
|
# ? Aug 4, 2020 16:59 |
|
Zaepho posted:Would this not be what a NAT gateway would be used for? More of an outbound thing. One of the web apps they use is locked down so you have to get your IP address whitelisted and this is how we cut costs I guess. Anyhow I took a break from it today. Tomorrow I'll look into it again and let y'all know when(if) I discover the problem
|
# ? Aug 5, 2020 03:18 |
|
When it comes to Office add-ins, am I missing something, or are the main options 1) centralized deployment or 2) give everyone access to the add-in store? (Add-ins can be added to a SharePoint app catalog, but Office for Mac can't access it, so that's a non-starter.) Is there really no way to make a curated portion of the add-in store/AppSource available to users?
|
# ? Aug 5, 2020 16:26 |
|
I have a corporate domain in an Office 365 tenant but we aren't using Exchange Online for email, a small team wants a domain adding to that tenant and they do want to use Exchange Online (as it's linked to using Teams for meetings with a certain set of clients). Is there any way to tell Office 365 that the corporate email needs to be sent over to Gmail, or is it always going to try delivering internally if the domain exists on the tenant? Edit: Looks like the magical search term is Internal Relay Domain, I'll try it out this evening https://docs.microsoft.com/en-gb/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains Thanks Ants fucked around with this message at 17:01 on Aug 5, 2020 |
# ? Aug 5, 2020 16:57 |
|
My first instinct is to try to do it with a transport rule.
|
# ? Aug 5, 2020 17:02 |
|
You have to set the domain to an internal relay for it to even put things through transport rules/connectors. Seems to be sending stuff into Gmail as plain text and attaching winmail.dat for some reason though but I don't care about that. Edit: And again, as soon as I post here the magical search terms come to me and I find the right document https://support.microsoft.com/en-gb/help/2487954/how-to-specify-the-email-message-format-that-s-used-for-external-recip Thanks Ants fucked around with this message at 18:21 on Aug 5, 2020 |
# ? Aug 5, 2020 18:13 |
|
snackcakes posted:More of an outbound thing. One of the web apps they use is locked down so you have to get your IP address whitelisted and this is how we cut costs I guess. Anyhow I took a break from it today. Tomorrow I'll look into it again and let y'all know when(if) I discover the problem This update is more in case anyone is curious than me looking for answers, but I found that if I build a new WVD hostpool and deploy it using the same image it will deploy the VMs just fine. If I add an additional VM that works too. Once I add the existing VMs in the hostpool to the backend pool for the load balancer, that's when the problem starts for future VM deployments. Getting Microsoft support involved because this is weird
|
# ? Aug 5, 2020 22:09 |
|
snackcakes posted:This update is more in case anyone is curious than me looking for answers, but I found that if I build a new WVD hostpool and deploy it using the same image it will deploy the VMs just fine. If I add an additional VM that works too. Good loving luck. I'm actually curious as to how this ends up. We need our traffic to come from IPs for application whitelisting, but our WVD is currently small enough we can just assign them from a pool. I looked at load balancers and I assumed it would interfere with traffic to the WVD management infrastructure.
|
# ? Aug 5, 2020 22:25 |
|
Could you let WVD manage its own networking and then peer that Vnet to another one with a NAT/virtual router image running and then shove routes to the web app into the route table of the WVD Vnet?
|
# ? Aug 5, 2020 22:31 |
|
The web app isn't ours, it's just a vendor who protects access by whitelisting IPs. I'm starting to think the NAT Gateway that Zaepho posted about might be the way to go, but it seems like it's pretty new. The problem is that I'm deploying these WVDs for about 150 people and internal IT is fast tracking this so it's in production way faster than it should have been. My hands are kind of tied now because the only way I can make changes would be after hours. Just for fun, because my company has a bunch of Azure credits, I might build out a test deployment with a NAT gateway and see how well it works It's not like this is really stopping me from rolling out more WVDs, it just sucks that I have to manually register them to the host pool which means an extra 5-10 minutes spent per VM
|
# ? Aug 6, 2020 01:36 |
|
I meant just route traffic to the web app out via the NAT gateway or virtual firewall appliance you deploy by chucking the route into the route table for the WVD Vnet. Or if the web app uses multiple IPs just set the default route to your appliance. Means you can leave all the inbound load balancing in place.
|
# ? Aug 6, 2020 11:01 |
|
Thanks Ants posted:I meant just route traffic to the web app out via the NAT gateway or virtual firewall appliance you deploy by chucking the route into the route table for the WVD Vnet. Or if the web app uses multiple IPs just set the default route to your appliance. Means you can leave all the inbound load balancing in place. I am sure this would work, just sucks to have to stand up more infrastructure for it.
|
# ? Aug 6, 2020 15:23 |
|
I volunteered to take a look at a non-profit's issues with Sql Server/2008 Access setup to see if I could help them out and I'm running in to some permissions issues. Basically, I can set permissions via Sql Server all I want and it works fine, but then logging via the Access side for a theoretically admin user I'm still restricted to what I can interact with. This is an issue of Access-level policies, right? Nothing else is broken like file permissions, at least as far as I can tell. Broadly speaking their issue is that somebody left the company with the keys to Access and not much good will. So I'm trying to unbreak it as much as possible but am starting to think that this is going to involve either getting the keys from them, or doing some grey-hat stuff that's outside my pay range/skill level.
|
# ? Aug 7, 2020 19:36 |
|
Are you using sql auth or Windows auth? Is access passing through the current user or using stored credentials? Is there an odbc connector that could be causing issues?
|
# ? Aug 7, 2020 19:39 |
|
Auth appears to be via sql. I'm not quite sure about whether access is using stored creds, but I appear to have the same permissions regardless of changes in the sql tables. ODBC connector data I can't access on account of Access being fairly locked down
|
# ? Aug 7, 2020 19:49 |
|
I just started a new job as head of IT (also the only IT person) for a company with 8 locations and about 70 users/computers across the company. Their IT situation is pretty non-existent at the moment. For example, many locations aren't even site-to-site VPNing to the main location (where the servers are) as they're using lovely asus home router/AP combos and each computer is individually VPNing with client software. So, part of my job is essentially starting from scratch and cleaning this up. They do have a domain that was originally created with SBS and so it's using a .local TLD. I know Microsoft now recommends against this and so my question is, as the sole IT guy with more pressing poo poo to be doing, should I just leave this as is or should I really be considering re-creating the domain and migrating away from the .local? What would you guys do? Will leaving it cause me more headaches in the future? edit. Also, over half the computers are not currently joined to the domain and are using local accounts which makes the situation a bit easier. We do have one piece of software (the main ERP software) that does AD auth though. kiwid fucked around with this message at 13:58 on Aug 14, 2020 |
# ? Aug 14, 2020 13:56 |
|
I'd get all the sites on a VPN back to your main location (or mesh if there's traffic that goes between branches) before doing anything with the domain. Meraki MX appliances are really basic and poo poo in lots of ways but if you need to connect a bunch of branch locations together and they have different ISPs, dynamic IP addresses etc. then they're really good at that.
|
# ? Aug 14, 2020 14:04 |
|
Thanks Ants posted:I'd get all the sites on a VPN back to your main location (or mesh if there's traffic that goes between branches) before doing anything with the domain. Already on that. Installing Fortinet firewalls next week. I was more wondering if I'm crazy in thinking about migrating to a new domain using a subdomain of their primary domain name or if I should just stick with the current .local domain?
|
# ? Aug 14, 2020 14:11 |
|
That ERP software is going to be your stick in the mud and it could be a giant disaster trying to untangle whatever mess is going on there, also you're sure there aren't other services tied to the current domain like O365 or anything? Do you have support for the ERP product? If so, ask them what kind of investment it would take to migrate (in $$$ and/or hours); they might even be able to do some sort of copy/script mapping to new users i.e. MF_James.corp.local is supreme leader so we essentially copy everything to MF_james.sub.corp.com Honestly, if it wasn't for that ERP, I'd probably do it so you don't drag whatever hosed up poo poo forward but part of me would probably be like "eh gently caress it, hopefully the skeletons in the closet will be the next guys problem and not mine" MF_James fucked around with this message at 14:55 on Aug 14, 2020 |
# ? Aug 14, 2020 14:52 |
|
kiwid posted:Already on that. Installing Fortinet firewalls next week. I was more wondering if I'm crazy in thinking about migrating to a new domain using a subdomain of their primary domain name or if I should just stick with the current .local domain? I'd move it just so you can get certificates if you need them - go to ad.company.com or even just an entirely separate domain. But you want to check dependencies first, anything that is actually AD integrated with use the GUIDs which won't be changing, but if it's just LDAP then there might be things you need to work out.
|
# ? Aug 14, 2020 15:01 |
|
MF_James posted:That ERP software is going to be your stick in the mud and it could be a giant disaster trying to untangle whatever mess is going on there, also you're sure there aren't other services tied to the current domain like O365 or anything? Yeah they have O365 but it isn't AD syncing. They have all local/cloud accounts which is a whole other mess and project to get merged into domain accounts. After thinking about this more, I think I'm just going to leave it as .local. This is too big of a risk and something I'd rather tackle later when it actually becomes an issue. Maybe then I'll be able to reason the cost and time investment better because right now it is going to be hard to justify.
|
# ? Aug 14, 2020 15:56 |
|
You could build another forest and then create a trust relationship and put new things on the new domain, if you wanted to tackle it slowly.
|
# ? Aug 14, 2020 18:29 |
|
Quick question. I'm working on an Ansible routine to deploy a piece of our software stack that runs on Windows. It doesn't run as a service so it runs as a regular user. Don't ask. It's the way it is. I'm testing on Server2019. I've got everything deploying except one little part. I have to add a shortcut to the Startup folder that locks the screen when the user logs in automatically. Shut up. I know. But the Startup folder in the users app data/roaming/blahblah is missing. If I add a task to create it will windows just pick it up automatically?
|
# ? Aug 14, 2020 18:38 |
|
Thanks Ants posted:You could build another forest and then create a trust relationship and put new things on the new domain, if you wanted to tackle it slowly. That's not a bad idea.
|
# ? Aug 14, 2020 22:20 |
|
Did MSFT force Chrome Edge install via updates yet? If so anyone got the KB?
|
# ? Aug 24, 2020 07:40 |
|
lol internet. posted:Did MSFT force Chrome Edge install via updates yet? If so anyone got the KB? It is included in the 2004 update.
|
# ? Aug 24, 2020 14:40 |
|
Is it normal to use one internal DNS server and one external DNS server in your DHCP scopes for workstations on a domain? For example, this previous sysadmin had the domain controller/dns server setup as the primary dns server and Google's public 8.8.8.8 dns server as the secondary dns server. Will this cause any issues? I'm used to having at least two DNS servers and pointing workstations at both and relying on forwarders for external DNS but this network only has one domain controller/dns server and so he's been putting the 8.8.8.8 as the secondary for everything. Just wondering if this is normal as I've never experienced this before.
|
# ? Aug 24, 2020 15:00 |
|
No. Not normal in my experience. Clients get internal dns servers, and the internal dns servers are setup with external forwarders
|
# ? Aug 24, 2020 15:24 |
|
kiwid posted:Is it normal to use one internal DNS server and one external DNS server in your DHCP scopes for workstations on a domain? It's not a best practice. Is setting up a secondary DC/DNS server out of the question? Windows should only use the Secondary DNS server if it can't reach the Primary. If the workstations can't reach your DC/DNS Server then you've got problems, and the 8.8.8.8 band-aid will just make troubleshooting more difficult.
|
# ? Aug 24, 2020 15:32 |
|
kiwid posted:Is it normal to use one internal DNS server and one external DNS server in your DHCP scopes for workstations on a domain? Yeah, no, that's bad, especially if you're using active directory. the only place you'd use any external DNS is as you said, for forwarding. If there's only one DNS server, just use the internal DNS server in the DHCP lease.
|
# ? Aug 24, 2020 15:34 |
|
skipdogg posted:No. Not normal in my experience. Clients get internal dns servers, and the internal dns servers are setup with external forwarders Actuarial Fables posted:It's not a best practice. Matt Zerella posted:Yeah, no, that's bad, especially if you're using active directory. the only place you'd use any external DNS is as you said, for forwarding. Thanks, that's what I assumed. I'll just use the one internal dns server and remove the google public dns server from the dhcp scope.
|
# ? Aug 24, 2020 16:54 |
|
AFAIK there isn't really a concept of primary and secondary DNS servers - there's just two DNS servers. Any little blip that causes the 'primary' (internal) DNS to respond slowly will result in the client hitting Google, and then getting the wrong answer and caching it.
|
# ? Aug 24, 2020 16:56 |
|
I've seen this in small shops where they only have one domain controller (usually SBS) and they had an outage. Then they learned the wrong lesson from it.
|
# ? Aug 24, 2020 16:58 |
|
|
# ? Apr 23, 2024 07:33 |
|
Thanks Ants posted:AFAIK there isn't really a concept of primary and secondary DNS servers - there's just two DNS servers. Any little blip that causes the 'primary' (internal) DNS to respond slowly will result in the client hitting Google, and then getting the wrong answer and caching it. That was my understanding too but I've now seen this pattern in multiple organizations which made me second guess my knowledge on the subject. One of the orgs was even a Fortune 500 with 100+ IT staff who should have known better. The Fool posted:I've seen this in small shops where they only have one domain controller (usually SBS) and they had an outage. Then they learned the wrong lesson from it. Yeah I'm assuming that's probably what has happened in this case too.
|
# ? Aug 24, 2020 16:59 |