![[syndicated profile]](https://www.dreamwidth.org/img/silk/identity/feed.png){kind=small}
o_dinn_feed) wrote2025-12-19 07:02 pm
How do you handle the planning process? Do you start with business goals and work backwards? How do you get engineering estimates that actually stick? Looking for practical approaches that work across different team sizes.
o_dinn_feed) wrote2025-12-19 07:02 pmI have a job offer for an nonprofit where I will be
Network admin
-active-active Fortigate
-two distribution switches
-12 access switches
-No routing, just vlans
SysAdmin
- two windows AD server with Azure backup
- O365 admin, NO Azure besides Azure AD
Helpdesk
--60 full time users
--possibly 60 volunteers
icanhascheezburger_feed) wrote2025-12-19 10:00 amPeople make mistakes all the time - it's part of being hooman. Cats, on the other hand, never make mistakes, but that's a subject for a different article. What's impurrtant about mistakes, though, is not that they happen, but that they don't happen again. A few months ago, we posted about a cute black cat in a banana costume being turned away from a PetSmart "trick-or-treating" pet event, but it turns out, by "pets", they only meant doggos. Banana Cat returned home, sad and confused, and the cat community made their voices heard. Justice for Banana Cat!
Well, it's Christmastime now, and PetSmart seems to have corrected its ways. During a Christmas pet party, a cat pawrent took her two void kitties to the event, and not only were they allowed in, but they had a hissterically terrible time. But, was anyone really surprised by that? No! If there's one thing cats despise, it's being dressed up in annoying hats and outfits, no matter how cute they look in them. They did get lots of attention and Churus, so even if they didn't show it, we're pretty sure they had a good time.
Congratulations, PetSmart, you righted a purrfectly egregious error and made feline fans everywhere laugh. A merry Catmas to all, and to all, a good night!
o_dinn_feed) wrote2025-12-19 06:24 pmI’m an infrastructure engineer working mostly around NGINX / API gateways. I don’t have a strong security network to sanity-check this, so I’m hoping for honest operator feedback here. I’m not selling anything. Problem I’m trying to understand: In regulated environments (banks / telecom / enterprises), a lot of audit and incident review relies on logs and external agents, but very little on provable “what was actually enforced at request time”. I’m experimenting with an embedded NGINX module that: - passively captures per-request enforcement metadata (JWT failures, TLS info, route match, etc.) - records immutable config snapshots on every reload - detects real config drift (not diff-based) - runs monitor-only (no traffic modification) This is NOT WAF or threat detection — more like audit-grade evidence and post-incident truth for CISOs. My concern is that this might be: - solving a problem only vendors care about - over-engineered compared to SIEM / API security tools - something customers say is “nice to have” but won’t pay for If you’re an SRE, security engineer, or have dealt with audits: - Is this actually a real pain? - Where would this completely fall apart? - What would make this useless in the real world? I’m genuinely looking for reasons NOT to build this. Appreciate any blunt feedback. Only 6 more days until Christmas, feline fam! The bells are ringing, the jingles are jingling, and the tree is already starting to fill up with purresents. We know you're probably already checked out, but we wanted to add a little more feline flavor to your holiday by spicing it up with some more of our fresh cat memes! That's right - these are I Can Has Cheezburger originals - never seen before, gracing the internet for the furst time at this very meowment.
We can't just give you this gift of feline funnies without saying thanks to our kitty companions who make all of these hissterical posts pawssible. Our cats bring so much joy into our lives, and because of their hilarious purrsonalities, we have a nearly unlimited amount of cat memes on the internet that make us laugh every day. All in all, don't furget to get your cat a gift this year. They're part of the family, too!
If you like these silly cattos and think you'd like to make some feline funnies, we invite you to try your hand at making the cat people of the internet laugh using the purrfessional meme-building feature on our website! It can be fun for you, or the family! Our favorite ones get featured in this article every week, so have fun and have a great holiday!
o_dinn_feed) wrote2025-12-19 05:59 pmI’m trying to understand typical enterprise security sentiment / approval friction for two vendor deployment patterns when the vendor (me, a startup) does not have SOC 2 yet:
Option A (BYOC): Vendor software runs in the customer’s VPC or on-prem. Customer controls IAM/network/logs/keys and can fully cut off vendor access.
Option B (Outbound-only connector): A small customer-hosted connector/agent establishes outbound-only connectivity via Tailscale, which is a zero-trust overlay (e.g., device identity + ACLs). No inbound firewall holes. Vendor access would be limited to specific internal endpoints.
Questions:
Context: Assume sensitive data could be involved; goal is production deployment with least privilege and auditability.
As you might imagine, B is an order of magnitude improvement in development time on our end. That being said, the point is moot if B is significantly more likely to get us rejected prior to closing.
o_dinn_feed) wrote2025-12-19 05:41 pmI've migrated about 90% of our mailboxes from on-prem to MS365, but still have many shared calendars to move. These are primarily for conference rooms, vehicles and other shared resources. These were build as public folders, which has been easy for people to use in Outlook. I've been playing around with equipment and room resources in 365, but the interface is clunky and the reservation system using the scheduling assistant leaves a lot to be desired. What are you using for this?
My wish list:
o_dinn_feed) wrote2025-12-19 05:22 pmHello, I need to strengthen security following a Ping Castle audit.
Where is this vulnerability patched on Active Directory? Via PowerShell or ACLs? Is it dangerous? Could I have a screenshot of where the remediation is done or a tutorial?
Thank you
o_dinn_feed) wrote2025-12-19 05:03 pmFor the past 2 months, some of the users in our on-prem, Server 2016, domain have been unable to sign into their domain-joined computers using their domain accounts. They get an "incorrect password" message despite using the correct password (we've confirmed this).
After rebooting the client PC, the issue goes away for a week or more. Dropping the PC from the domain, and rejoining, seems to resolve the issue on that machine. I'm hoping someone has experienced the same issue and has a fix that doesn't require rejoining every PC to the domain. All client machines are Win 11 and fully patched. The DC is fully patched. No network issues that we're aware of. Any help is much appreciated.
o_dinn_feed) wrote2025-12-19 04:55 pmI have a small biz client asking for an Office 365 backup solution.
It needs to cover the following: Exchange Online, OneDrive, SharePoint Online and Teams. This would include things like permissions, calendars, mailbox-rules, etc etc.
Backups do not need to cover the more Azure oriented items (PC's in Intune/Defender/etc, VM's, SQL, and so forth), but ideally can fully restore a user-account. Worst-case would be creating a new user account and running a restore from a dead user to that account.
We should also be able to export the above services outside of O365 (eg ExO -> PST), and do so with some granularity (individual files/folders in SPO, folders or even emails in ExO, etc etc)
My go-to has been afi.ai for a while. However, it's also been a while since I've taken anything else out for a spin.
I believe the client would be open to both on-prem and cloud-based solutions. They do not have a plethora of on-prem servers, and do not have on-prem AD. Any on-prem solution would likely mean new hardware. They are bandwidth-limited on their upstream. Cost will be a factor.
Any recommendations?
o_dinn_feed) wrote2025-12-19 04:30 pmSo the issue im having is that some application is caching credentials and for the life of me i cannot find out which. After a user changes password some of them get huge issues with account beeing locked out. Im seeing wrong password logs in the Domain Controller. Clearing the credential vault in windows doesnt work but resetting the whole profile works. Also if i reinstall the device it wont lock the account. I dont need to find out what device is locking the account since i already know the device. What im trying to do is find out the exe of the application responsible for the lockout, have you done any of this troubleshooting successfully and what tools did you use ? This is driving us crazy!
snopes_feed) wrote2025-12-19 04:55 pmo_dinn_feed) wrote2025-12-19 04:42 pmHi,
I manage IT for a company based in France. All core services are on-premise in France, protected by a WatchGuard firewall.
The company recently acquired a subsidiary in China, and we need to interconnect the Chinese office with our French infrastructure via a site-to-site VPN so users in China can access data hosted in France.
From past experience with another customer, we’ve faced instability on China → France VPN connections (tunnel drops, packet loss, high latency), likely due to the Great Firewall and international routing issues.
Before deploying this for production, I’m looking for best practices to improve stability and reliability in this context.
Specifically:
Any real-world feedback or lessons learned would be greatly appreciated.
Thanks in advance.
o_dinn_feed) wrote2025-12-19 04:40 pmWe are a Microsoft shop with around 100 users. Our current solution is System Center Configuration Manger. Management is not too keen on using cloud based rmm. To be honest, I haven't heard of cloud based rmm tools until recently. I would like to test the on-prem rmm in our virtual environment. After some experience, I may move to cloud based rmm.
o_dinn_feed) wrote2025-12-19 04:30 pmI have 2 DC's that didn't replicate for more than 60 days, so there's the 2148074274, target principal name is incorrect. I want to use microsoft's fix https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/replication-error-2146893022 On the one I've made the changes I want to replicate, this is what it's giving when I run repadmin /replsummary
Source DSA largest delta fails/total %% error
AA01-ADC001 >60 days 5 / 5 100 (2148074274) The target principal name is incorrect.
BB01-ADC001 36m:23s 0 / 5 0
but on the BB01 DC when I run repadmin /replsummary, i get this
Destination DSA largest delta fails/total %% error
BB01-ADC001 >60 days 10 / 10 100 (2148074274) The target principal name is incorrect.
Best I can figure out is to run the fix mentioned about from microsoft on AA01 and everything should go back to normal. Thoughts?
o_dinn_feed) wrote2025-12-19 04:29 pmBrought to you by r/sysadmin 'Trusted VAR': u/SquizzOC with Trusted Telecom Broker u/Each1Teach1x27 for Telecom and u/Necessary_Time in Canada
PMs are welcome to answer your questions any time, not just on Fridays.
This weekly thread is here for you to discuss vendor and carrier expectations, software questions, pricing, and quotes for network services, licensing, support, deployment, and hardware.
Required Info for accurate answers:
All questions are welcome regarding:
icanhascheezburger_feed) wrote2025-12-19 08:00 amDespite what non-cat owenrs may think, living with a cat is not always peaceful. Sure, they sleep most of the day, and the rest of the time, they are usually eating or cleaning themselves. It's lovely… almost all the time. But that peace does not last forever. Every cat, every once in a while, will decide that it is time to test some limits. 95% percent of the time, cats are calm. The other 5%… there is nothing but cat chaos.
Cats will steal your food right off your plates if you turn away for barely a second. Cats will look you in the eye as they gently, bit by bit, push your favorite mug off the coffee table. Cats will yell at doors for no reason, just to test you, just to make you feel crazy. And some cats… some cats will go further than the classics. They will commit creative crimes, and you will not know that it's them doing it, not until you catch them in the act. And in this wife's case, you will blame your husband for your cat's crimes.
snopes_feed) wrote2025-12-19 04:00 pmo_dinn_feed) wrote2025-12-19 04:20 pmI have a Windows 2019 Server. Folder redirection was set along with the option to "Redirect the folder back to the local userprofile when the policy is removed". I need to end folder redirection but it doesn't seem to be working.
I changed the GPO for Videos to "Not Configured". When I do a gpresult it shows me that Documents, Pictures and Music are being redirected but not Videos yet the file location for videos did not change. It is still pointing to the old redirection folder. (Yes I ran gpupdate /force 10 times).
Any idea what I can't end redirection?
o_dinn_feed) wrote2025-12-19 03:58 pmI guess it's fine that they keep things up and running 97% of the time, but man when it rains it pours.
Bunch of clients complaining about sudden weird behavior.
"Can't take inbound calls, but outbound is fine."
Firewall looks good.
Switches have had work done recently, but nothing that would break anything.
SIP trunk is showing registered???
Carrier not receiving replies to challenges though.
Carrier support whispers the magic words: "Make sure you're using a public DNS"
"Oh, I am, I know I am cause I always use google and cloudflare... let me just check my configuration."
There it is. Primary DNS server set to 1.1.1.1
I swap it with the secondary 8.8.8.8 and phones start working.
It's always DNS... always has been...