I am working on a tube type website where users can upload, share and search for videos. Recently the website has been slow, and I want to upgrade the server, but want to make sure I identify the issue before doing so.

I tried moving all the video media to a second nginx server, but this didn't help much. Disk I/O are not the limiting factor from iotop.

Sever specs: Xeon E3-1228v2 16gb ram 2x1tb HDD 100 mbps port Apache

This server contains the website, db, and encodes ~3 videos per day. I have a feeling the network port might be the limiting factor, but how do I know for sure? Recently there's only been around 100-200 concurrent users online.

Note: I have no IT, web development, or system admin background/educate. Sorry if asking really noob questions

Thanks

I need to move a resource mailbox into 365. I can't just delete and recreate. I need the meetings in the calendar. I created a staged version of this resourcemailbox in 365.

So I have ResourceBox on prem and ResourceBox2 in 365.

I want everything in ResourceBox copied into ResourceBox2. I am assuming I can just export everything from ResourceBox and use the network upload and pst import procedure to map the pst to the ResourceBox2.. no matter how I try to export I can't get it to export. So how do I export it?

But at this point I'll take any suggestions on doing this. How do I copy all items from ResourceBox to ResourceBox2?

Thanks

I'm reading stuff like:

• https://code.fb.com/data-center-engineering/introducing-bryce-canyon-our-next-generation-storage-platform/
• https://github.com/facebook/openbmc

And I'm not having a good time trying to find pricing for stuff here, whether it's first-hand or second-hand equipment.

Anyone know what exactly the prices/costs involved are here? This stuff looks quite tasty, even the "older" stuff

I work in an enterprise enviroment where we can't have computers restart automatically (with users logged in) after installing updates. Aside from that, I'm trying to be cautious when it comes to preview/feature builds (see the recent 1809 fiasco).

We use Windows 10 Enterprise (1803) and we tweak it using this "Decrapifier" script (https://community.spiceworks.com/scripts/show/4378-windows-10-decrapifier-1803-1809) made by this gentleman and scholar called Csand/Chriss9. If you're unfamilliar with the script, it basically disables telemetry/Cortana/Onedrive and gets rid of general bloatware by using powershell and registry keys.

One thing it doesn't include is an 'updates' section. So I added registry keys to the script, which should disable auto-restarts (with logged in users) and defer preview/feature builds up to a year.

According to this 'article': https://docs.microsoft.com/en-us/windows/deployment/update/waas-restart#registry-keys-used-to-manage-restart I should use the following registry keys:

0-23: set active hours to end at a specific hour starts with 12 AM (0) and ends with 11 PM (23)

• HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate -> REG_DWORD -> ActiveHoursStart (0)

0-23: set active hours to end at a specific hour starts with 12 AM (0) and ends with 11 PM (23)

• HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate -> REG_DWORD -> ActiveHoursEnd (23)

0: disable automatic restart after updates outside of active hours

• HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate -> REG_DWORD -> SetActiveHours (0)

0: disable automatic reboot after update installation at scheduled time * HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU -> REG_DWORD -> AlwaysAutoRebootAtScheduledTime (0)

4: Automatically download and schedule installation of updates * HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU -> REG_DWORD -> AUOptions (4)

0: disable do not reboot if users are logged on * HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU -> REG_DWORD -> NoAutoRebootWithLoggedOnUsers (0)

This part should disable automatic restart after updates outside of active hours and set active hours from 12AM till 11PM.

Question:

• Why are these settings not updating on the machine?  

(Is it because we're limited by 12? 18? hours of active hours? Is it because the SetActiveHours has to be set to 1 in order for it to update? But won't the machine automatically restart itself then?

According to these articles:  

https://docs.microsoft.com/en-us/windows/deployment/update/waas-configure-wufb 

https://getadmx.com/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsUpdate::DeferFeatureUpdates 

I should use the following registry keys:

Turn on defer feature updates

• HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate -> REG_DWORD -> DeferFeatureUpdates (1)

Select the Windows readiness level for the updates you want to receive: Semi-Annual Channel

• HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate -> REG_DWORD -> BranchReadinessLevel (32)

After a Preview Build or Feature Update is released, defer receiving it for this many days:

• HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate -> REG_DWORD -> DeferFeatureUpdatesPeriodInDays (365)

This part should defer preview/feature updates for 365 days.

Questions:

• Do you guys see anything wrong with these settings above?  

• Is there a way to verify these options (since the GPO setting does not switch to enabled -> same behaviour for other GPO's enabled by registry keys, but easier to verify that they are active)  

• Any other input on how you've implemented these settings?

Thanks in advance for any advice, sincerely.

Hi all,

I've just started spinning up a test environment for Server 2019 and already I've noticed a load of bugs with NPS with the default Firewall rules not seeming to come under the radar of Windows.

In fact on all systems that have specific ports my test VM's for VPN, Remote Desktop Gateway and NPS all seem to be acting up despite the default rules being in place to allow connections.

Is anyone else experiencing this or am I being a lemon?

I've got two VMs on VMWARE Workstation. A DC and a Workstation.

Both configured with "HOST ONLY" network.

If I give the workstation a static IP I can ping the server and the server can ping the workstation.

The frustrating thing is I can't get an IP address from the DHCP server which I need for the work I'm trying to do in the lab.

I can't do reverse NSLOOKUP despite there being a reverse lookup zone configured in DNS on the server.

I've manually added the relevant dns search suffix incase that was causing the issue and still unable to do reverse NSlookups.

Just a weird one. I'm trying to set up a lab for some more advanced things and I'm getting stuck on the basics. Been working in IT for over a decade and I'm stumped on something that should be pretty basic so while I'm embarrassed to be asking for help on this I'm stumped! Any ideas?

EDIT: Installed Wireshark on the DC. I can see the DHCP Discovery Packet hit the DC. Source MAC matches that of the Workstation.

EDIT 2: LMAO I am such a idiot. I'd put a typo in the address pool range. 6 hours I've been looking at this and it was a bloody typo in the address pool.

EDIT 3: Seems I also had to disable BFE service as well. Not come across that one before either.

Hi All

Really pulling out what little hair I have on this one.

We have a handful of pcs which aren’t domain joined, they are however enrolled in Microsoft Intune.

On the rare occasion these users are in the office they have to get on our 802.1x controlled lan to be able to print etc.

I’m trying to configure the profile in Intune so it does correct authentication methods, trusts right cert etc.

I’ve exported a profile from my computer and modified. If I apply it manually through netsh it works perfectly so not an issue with profile. However it won’t work as an Intune Config Profile.

I’m using the OMA-URI of ./Device/Vendor/MSFT/WiredNetwork/LanXML. (Tried to post a pic but not allowed in this sub)

Anyone got any ideas?

TIA Ben

Edit: typos

My very small business has our server currently running:

Windows Small Business Server 2011 Essentials

SQL Server 2008 R2

​

We need to upgrade to a better machine, and newer version OS, to upgrade to the latest version of our inventory/financial software that uses the SQL database. This server is also where our domain resides that our 4 workstations connect to.

​

My support rep for our application told me that SQL Express is sufficient for our application, however it appears there are some compatibility issues with Server Essentials OS and SQL Express. From the other threads I've found, and the list of supported software from the manufacturers, it seems that Essentials and Express cannot work together starting with SQL 2017. But what about 2016?

​

I've found a couple support articles that show someone successfully installing SQL 2016 Express on a machine with Server Essentials 2016. Is this possible? Because we have such limited requirements, it would be overkill to get a standard SQL license or even the standard version of server, but we may have to. Let me know if you have experience or knowledge in this area to help us out before we make our purchase.

​

Thanks!

So far the only issues I've read is that Microsoft edge and Microsoft store apps can not connect to the internet. Is anyone experiencing this?

Is anyone experiencing any bugs after a fresh install (not update)? .

.

.

$$$$$$$$$$$$$$$$$$$$$$

$$$$$$$$$$$$$$$$$$$$$$

.

.

Rant:

I'm on 1511. It's time to update to a fresh install after my most recent problem:

I recently updated my bluetooth driver and now I'm experiencing network issues (connected via ethernet). My internet cuts out for 3-5 seconds every 5-15 minutes which you can see as to why it is annoying. This was not the case before the driver update. I tried to do a system restore and that failed. Fortunately, I found that if I disable bluetooth in device management, the network issues go away.

I decided to enable it again to test it. No network issues for a while. Then my speaker disconnected. I went to disable bluetooth on device manager as my bluetooth speakers weren't connecting, so that I could re-enable it again. I disabled it and all of a sudden, windows began to shutdown on it's own. I instantly re-enabled before the shutdown. When I turned Windows back on, bluetooth no longer existed and now I have these network issues that won't go away. Disconnecting for 3-5 seconds every 5-15 minutes.

Does anyone here work as a contractor instead of FT. I am wondering if you are able to bring in more money as a permanent contractor than as a FT employee? Do you prefer to contract?

Server 2019 went GA a few days ago and evaluation downloads are supposed to be downloadable already (per Google search and linked by a bunch of news websites) at

https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2019

But this link takes me to the old evaluation center with server 2016 downloads only.

Did the isos get pulled by MS?

Really want to get my hands on the new Hyper-V Server 2019.

I've recently become the Net Admin for an MSP. Whenever I visit I'm handed a list of work that needs to be looked at or needs to be done... 80% of the time I'm handed a few e-mails to identify if they are spam or malicious... Of course this is not really the way to handle these problems.

I'm think that all these individuals should at least be enrolled in some sort of training such as knowbe4. As for me, I'm sort of limited right now on what I can run internally... They are only running O365 with nothing in front sending/receiving e-mails to mark them as good or bad. What policy are you running in your on-prem or O365 environment??

​

Current setup for O365

​

Anti-Malware Policy

Malware Detection Response

Yes and use the default notification text

Common Attachment Types Filter

On - Emails with attachments of filtered file types will trigger the Malware Detection Response (recommended).

File Types

.jar .ace .app .docm .exe .ani .reg .scr .vbe .vbs .bat

Notifications

Notify internal senders (on)

​

Connection Filter

Nothing is used

​

Spam Filter

​

Spam and Bulk Actions

​

Spam - Quarantine Message

High Confidence Spam - Quarantine Message

Bulk e-mail - Mark bulk e-mail as spam (set to 2 threshold)

Quarantine for 15 days

​

International Spam

Filter e-mails sent from China and Russia

​

Advanced options

​

Increase Spam Score

Image links to remote sites - Test

Numeric IP address in URL: ON

URL redirect to other port: ON

URL to .biz or .info websites: ON

​

Mark as Spam

Empty messages: ON

JavaScript or VBScript in HTML: ON

Frame or IFrame tags in HTML: ON

Object tags in HTML: On

Embed tags in HTML: TEST

Form tags in HTML: ON

Web bugs in HTML: OFF

Apply sensitive word list: TEST

SPF record: hard fail: ON

Conditional Sender ID filtering: hard fail: ON

NDR backscatter: OFF

Downloaded server 2019 standard from VLC, installed, copy-paste MAK product key, get error 0x80070490 "the product key you entered didn't work". Google produced no seemingly related articles over the next 24 hours of searching.

​

Today, 2019 seems to no longer be available for me to download in the VLC, though if I search through my agreements its still listed as available to me with the same non-functioning key.

​

Something I'm missing here?

Just yesterday, we noticed that while in Chrome, our OWA site was marked as deceptive with the big red screen. Obviously, this was not good. I stayed up a good portion of the night up trying to figure this out. I've hit up many website scanners to scan the site but every one of them came back 100% clean. Did a full scan on the server and it was clean as well.

Has this happened to anyone before? I've submitted a request to Google to de-list it. I've also asked them to review the site in the Webmaster console thing they have. I've done research and it seems like a couple of users also had this issue in the past with the most recent one around last month.

The crappy thing too is the Spamhaus also put us on the DBL but only them. I'm assuming they look to big Brother Google for recommendations on these kinds of things. But I got that one removed so hopefully it would stay that way. I've also read that due to Google's new security initiative, they are cracking down on sites with improper redirects where many are saying they want you to do a 301 redirect vs a 302. In IIS on the server, it's left at default. I haven't configured any redirections so users must manually enter in the OWA URL with HTTPS.

Appreciate the help!

I have some Win10 LTSC 2019 installations I need to activate and this update is apparently required for my 2012R2 KMS server. But I can't find it anywhere! Does somebody have a download link for it? Thanks.

​

https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-the-software-side-of-china-s-supply-chain-attack?srnd=premium

Even as Amazon, Apple, and U.S. officials were investigating malicious microchips embedded in Supermicro server motherboards, Supermicro was the target of at least two other possible forms of attack, people familiar with multiple corporate probes say.

The first of the other two prongs involved a Supermicro online portal that customers used to get critical software updates, and that was breached by China-based attackers in 2015. The problem, which was never made public, was identified after at least two Supermicro customers downloaded firmware—software installed in hardware components—meant to update their motherboards’ network cards, key components that control communications between servers running in a data center. The code had been altered, allowing the attackers to secretly take over a server’s communications, according to samples passed around at the time among a small group of Supermicro customers. One of these customers was Facebook Inc.

In its denial that a chip attack had reached its server network, Apple did acknowledge to Bloomberg Businessweek that it had encountered malware downloaded from Supermicro’s customer portal.

However, a person familiar with Apple’s investigation says that around the time the company discovered malicious chips, it also found a more serious problem with network cards on Supermicro motherboards. Some Supermicro servers had network cards that came with outdated firmware, so the machines that were delivered to customers contained a critical security vulnerability that had been fixed in newer versions.

I've posted previously about my miserable situation. But to recap - I am IT at a campus computer lab with bosses who set IT policy (or claim to), without (in my opinon) understanding much about IT.

It's a small lab, perhaps ~100 computers in 3 classrooms and random other areas.

From my understanding, I am now somewhere between Tech number 6 and 9 to be employed here in the last 5 years, to give you an idea of the turnover.

Per express demand from my bosses, our computers do NOT run connected to the Domain, only in Workgroup mode. There is also the following demands:

• that the computers remain always logged into a pseudo guest account (local group policies to limit the accounts)
• that users NEVER see notifications about updates needing to be applied
• that computers NEVER restart when users are on them due to updates
• that updates are applied as soon as possible after Microsoft makes them available
• that computers are powered on ONLY during lab hours in order to save electricity.

See a problem?

The expectation is that the lowly tech walk from computer to computer to run updates. I see that previous techs had begun experimenting with tools like PDQ Deploy. Unfortunately, due to constant turnover, this was never actually put in place. I suggested it to the bosses in a meeting, saying it could probably be automated away using even the free version, but worst case we'd need a $500/year license for me, and perhaps another $500/year license if one of them wanted access.

That was cast aside as being too expensive.

Next I said "well, OK. I guess I could just remote into each computer and run updates that way".

Main boss seemed unaware that was even a thing. Supervisor chimed in and asked "what's the matter, why can't you just walk like everyone else does?". Mind you, Remote Desktop Connections are enabled, no config changes need to occur for this at all. No 3rd party software. No agents. And no walking.

And so I did. And I timed myself. It could take 4-5hours of my shift to stroll from computer to computer applying simple Windows updates manually.

I installed Windows Remote Desktop Connection Manager on my PC, spent less than an hour configuring it with every PC we have here. Just updated all our PC's in less than an hour today. That's by logging into each, checking updates manually, install, restart. An hour.

I told this to my coworker who said "oh that's great you should tell them!". I asked that coworker (who's been here much longer than me in a non-IT role), have you ever seen them even say as much as "good job" to any of us for any reason? No. I'm certain if I tell them this, I'll get a slap on the wrist for going against what they say, so I politely declined.

It's my little secret. I'm not even sure if I'll tell them how long its taking me.

My thought is this is what happens when bosses are so uncomfortable with IT, that they frown upon anything besides what they do, themselves, at home.

I changed something on Friday afternoon :(

Trying to get my Win10 Laptop to Win7 because of how slow it is.

Recommendations?