|
madsushi posted:Yeah, that's what it felt like. I also checked to make sure the kerberos ticket sizes weren't too big / too many groups, and that isn't the case. If you do a gpresult /R does the group show up?
|
# ? Jul 14, 2015 01:16 |
|
|
# ? May 29, 2024 19:18 |
|
I've done ADFS, dirsync, and Azure AD Sync/Connect.
|
# ? Jul 14, 2015 01:40 |
|
We've got a website issue that has been driving our developers nuts. We have a blog hosted by wpengine at https://blog.ticketcity.com. It redirects to https://ticketcity.wpengine.com/ For SEO purposes, we link it off our homepage using the url https://www.ticketcity.com/blog. We use IIS with ARR and URL rewrite to redirect to http://ticketcity.wpengine.com. This worked fine until last Thursday. Now we get 502 - Web server received an invalid response while acting as a gateway or proxy server. We have not changed anything on our side. WPEngine says our configuration is unsupported. I've looked through event viewer and the log files on the IIS box and came up with nothing. Anything else I should look at?
|
# ? Jul 14, 2015 19:24 |
|
I started checking out DirSync but when I heard how Windows 10 would cloud join and authenticate with Azure AD, I went with that and never looked back. Azure AD is a godsend if you're on a limited budget/infrastructure. You can just buy stacks of liquidated Win7/8 Pro PCs for pennies on the dollar, upgrade them to Windows 10 for free, then people can log in with their Azure AD email address and password. They can install a factory image of Win10 and during the initial setup it'll ask them "Is this a corporate laptop? Put in your email and password" and it'll auto-enroll the device and apply basic policies. You can let them self-service reset their own passwords, if that's prudent in your environment. Activate Bitlocker and you can remotely and securely lock out a lost/stolen laptop without paying for additional MDM. I'm at the point where I managed to stall getting a domain controler for long enough that I might never need one, just deploy everything with PDQ and Powershell scripts, and hopefully the only things we use the computers for, O365, Salesforce, and Spiceworks, will all soon be able to authenticate from the Azure AD login token.
|
# ? Jul 14, 2015 19:24 |
|
Meh, I see Azure AD being used in conjunction with on-premise AD for a fairly long time to come. How else do you authenticate to print queues, VPN, RADIUS-based Wi-Fi, file services, etc etc.
|
# ? Jul 14, 2015 20:55 |
|
Zero is in a....... interesting environment, not a typical corporate situation. Azure AD is going to be pretty cool, so much of it is stuck in various preview stages though. It's still a young product, lots of maturing to do.
|
# ? Jul 14, 2015 21:00 |
|
Yeah, it's not really enterprise. It's like O365. Does O365 mean the end of Exchange server and all Exchange admins better find a new gig? No, not at the enterprise level. At the small business, lovely 20 seat network, 'do I need a domain controller?' level.. then yeah perhaps, but then you can also run Linux on your desktops to save a few bucks, use a freeware (shitware) mail server giving you IMAP.. gently caress it put your shares on a Linux box running Samba. That's all 'backyarder, small time' crap and has no place in the enterprise. You get paid appropriately for that kind of work. But in the enterprise, we need domain controllers. Ask a senior Exchange admin about how much less the O365 console gives them and how much stuff they need a real Exchange server to do. It's the going to be the same for AD and for a long time. It's a bit like a race car being an automatic. At the enterprise level we are pushing the technology to it's limits, with the biggest networks on the planet working with the largest datasets. Just like a racing driver needs minute levels of control and configurability on his car to perform at this very high level, that's how we need the infastructure to be. It's like giving a one-size-fits-all family sedan with an automatic (you can't select the gears, the car will do that for you) to a racing driver and asking him to win a race. If you race is small time, small business bullshit then yeah you will probably be fine. You'll have no chance at even a decently professional level and you'll NEVER win an F1 race. Tony Montana fucked around with this message at 02:01 on Jul 15, 2015 |
# ? Jul 15, 2015 01:57 |
|
Anyone have Server 2012R2 running for a while? I'm trying to figure out how much space to devote to the OS partition. Is the size inevitability going to creep up over time or can it be maintained by removing unused features and doing a periodic cleanup of winsxs via disk cleanup or dism or something?
|
# ? Jul 15, 2015 05:04 |
|
60GB for system partition. That's what we've got in our 2012 template. You don't want to have to gently caress around with it, don't forget you'll have massive pagefiles and hibernation files too. Then your apps. edit: yes it will creep up, it's Windows. The DiskCleanUp utility often doesn't actually do all that much cleaning, I've had huge WinSXS folders which are only marginally reduced by running the utility. If it's a real server then that directory won't grow that much anyway, it's the side-by-side technology Windows uses to keep copies of parts of itself when you install or uninstall software. The intention is to be able to revert the OS and it's dependencies to an pre-install state, but on a production server you're not doing a whole lot of installing and uninstalling. That's something you'd find on your home computer, not on a production domain controller. Tony Montana fucked around with this message at 05:15 on Jul 15, 2015 |
# ? Jul 15, 2015 05:11 |
|
40GB has been plenty for my 2012 R2 machines, if they don't have a ton of ram. Seems way more space efficient than 2008 R2. Adding space ain't no thang, and is scriptable. Unless you're building a physical 2012 R2 server in TYOOL 2015
|
# ? Jul 15, 2015 05:18 |
|
Erwin posted:40GB has been plenty for my 2012 R2 machines, if they don't have a ton of ram. Seems way more space efficient than 2008 R2. Adding space ain't no thang, and is scriptable. Unless you're building a physical 2012 R2 server in TYOOL 2015 Pretty much our only 2012 R2 physicals are MS SQL or other performance dependent applications like a render node for graphics.
|
# ? Jul 15, 2015 05:20 |
|
As outlined previously many production systems are too important to depend on the virtulisation stack / VMWare team. This is the enterprise Windows thread, after all, not just 'what is slick in my home lab' mayodreams posted:Pretty much our only 2012 R2 physicals are MS SQL or other performance dependent applications like a render node for graphics. Yes, exactly. 'Why don't you virtualise EVERYTHING?!' is something the intern asks you and you shake your head slowly.
|
# ? Jul 15, 2015 05:21 |
|
final ADK for Win10 leaked - http://download.microsoft.com/download/8/1/9/8197FEB9-FABE-48FD-A537-7D8709586715/adk/adksetup.exe
|
# ? Jul 15, 2015 06:52 |
|
40GB has been a pretty good number for OS partitions in 2012 R2. Perhaps smaller than may be needed for certain roles but certainly adequate for most builds.
|
# ? Jul 15, 2015 09:10 |
|
We size our normal 2012 R2 VMs at 60GB OS disk, physical depends on what we do for raid layouts but it's almost always more. 40GB seems uncomfortably small.
|
# ? Jul 15, 2015 09:38 |
|
Win2k3 has finally been put to rest. You were a good operating system. If you still have 2003 servers in your network then you are a scrub
|
# ? Jul 15, 2015 12:46 |
|
I'm a scrub.
|
# ? Jul 15, 2015 13:26 |
|
It's just a drat shame if you aren't completely virtualized running the 2016 core TP
|
# ? Jul 15, 2015 14:07 |
|
we're upgrading to windows 2003 in a month! i'm so excited.
|
# ? Jul 15, 2015 14:36 |
|
So this is a dumb question but here goes. What's the benefit to using a group policy preference rather than a regular old GPO? I know that preferences are supposed to be quicker/easier/better but how and why? I tried looking around online and everything seemed to say that a preference loads quicker on startup than a GPO would, is this correct is boot time the main benefit? Just curious, I'll stick with using preferences but am interested to know why I should.
|
# ? Jul 15, 2015 14:54 |
|
Preferences do more things and they're easier to work with. And if you're tweaking user options, the user can change them - they don't lock. Preferences was once a third-party product, so that's why it's kind of separate.
|
# ? Jul 15, 2015 15:12 |
|
BaseballPCHiker posted:So this is a dumb question but here goes. What's the benefit to using a group policy preference rather than a regular old GPO? I know that preferences are supposed to be quicker/easier/better but how and why? I tried looking around online and everything seemed to say that a preference loads quicker on startup than a GPO would, is this correct is boot time the main benefit? Just curious, I'll stick with using preferences but am interested to know why I should. It's a really good idea to change the default home page for internet explorer to your corporate portal. Now, you'll have to decide if you want that to be permanent and unchangeable or not. If you want it permanent, group policy is the way to go, if you want users who care to be able to set it to Google, use a preference.
|
# ? Jul 15, 2015 15:16 |
|
Tony Montana posted:If you still have 2003 servers in your network then you are a scrub
|
# ? Jul 15, 2015 17:17 |
|
devmd01 posted:I'm a scrub.
|
# ? Jul 15, 2015 18:10 |
|
Dr. Arbitrary posted:Anyone have Server 2012R2 running for a while? 2012R2 is a considerably smaller footprint than 2008R2, they put in effort to clean up the sidebyside store and some other stuff. I'm running the default 40gb volume VMware gives you and none of my servers have broken 15gb so far. But disk is easier to grow on a VM, if you're running physical I wouldn't cut it that tight.
|
# ? Jul 15, 2015 18:52 |
|
Yeah we haven't had a problem with 40gb for our servers. The only space issue I ever came across was our old WSUS server managed to fill c: with logs; only took it about 6 years to do so
|
# ? Jul 15, 2015 19:35 |
|
Anyone here use remoteapp? Anyone here know how to generate a RDP link that calls a remoteapp through a TS server farm?
|
# ? Jul 15, 2015 21:32 |
|
Rhymenoserous posted:Anyone here use remoteapp? Anyone here know how to generate a RDP link that calls a remoteapp through a TS server farm? We do exactly this (I didn't set it up), and i'd ask my boss but I'm sitting on the beach with a beer in my hand right now. We publish it out through group policy, just add the users that need the app to a security group.
|
# ? Jul 15, 2015 21:38 |
|
devmd01 posted:We do exactly this (I didn't set it up), and i'd ask my boss but I'm sitting on the beach with a beer in my hand right now. We publish it out through group policy, just add the users that need the app to a security group. Yeah the publishing part won't be hard, I'm more thinking about the creation. Enjoy the beer!
|
# ? Jul 15, 2015 22:01 |
|
lol Office 365 email down for the last few hours, across more or less the whole world. Already put in a ticket for that sweet SLA credit.
|
# ? Jul 16, 2015 00:30 |
|
I can receive email fine but it's just not being delivered outbound. I'm in the UK on a Western Europe tenant. What's the SLA credit deal?
|
# ? Jul 16, 2015 01:00 |
|
Zero VGS posted:lol Office 365 email down for the last few hours, across more or less the whole world. Already put in a ticket for that sweet SLA credit. I'd find extremely unlikely it's worldwide. O365 contains multiple farms, data centers, etc.
|
# ? Jul 16, 2015 01:02 |
|
Tony Montana posted:Win2k3 has finally been put to rest. I have at least one sql server running win2k3 and sql 2000 and I'm told there is a plan to move to windows 2012r2/sql 2008r2 in the next 18-24 months.
|
# ? Jul 16, 2015 01:21 |
|
I wrote a thing here about my workplace and later decided it wasn't such a smart idea.
Tony Montana fucked around with this message at 09:52 on Jul 16, 2015 |
# ? Jul 16, 2015 01:49 |
|
Rhymenoserous posted:Anyone here use remoteapp? Anyone here know how to generate a RDP link that calls a remoteapp through a TS server farm? An RDS gateway's IIS web page is basically made just to do this. Our you could script it, as RDP links are just some options saved in text format.
|
# ? Jul 16, 2015 15:07 |
|
Tab8715 posted:I'd find extremely unlikely it's worldwide. O365 contains multiple farms, data centers, etc. I got hit with an outage last night. They ran some update on the AzureAD stuff that caused them to time out non-stop. Took a few hours to revert. Looks like a ton of users were impacted in North America, and South America.
|
# ? Jul 16, 2015 15:12 |
|
Number19 posted:I use the users and groups GP client extension along with item level targeting to grant a single user local admin on specific workstations. It's a huge pain to set up the first time but once it's done it's pretty good. Thanks! This did exactly what I wanted. User is admin on their own machine only and cannot access any admin shares.
|
# ? Jul 16, 2015 15:19 |
|
Gerdalti posted:I got hit with an outage last night. They ran some update on the AzureAD stuff that caused them to time out non-stop. Took a few hours to revert. Looks like a ton of users were impacted in North America, and South America. Yeah it was at least across all of the USA, my users were reporting outages in Cali, Chicago, and Boston. It's getting some light news coverage: https://redmondmag.com/articles/2015/07/15/office-365-email-down.aspx posted:Microsoft promises "three nines" (99.9 percent) uptime in its Office 365 service level agreements (SLAs), which amounts to about eight hours of downtime per year. However, Office 365 subscribers have to report the incident to Microsoft and they have to not have alternatives they could use during the outage to get a service credit under the SLA. They're still in recovery now and it's out only email system so I meet all the requirements, I'm gonna poke them pretty hard over it.
|
# ? Jul 16, 2015 15:55 |
|
Demie posted:An RDS gateway's IIS web page is basically made just to do this. Our you could script it, as RDP links are just some options saved in text format. I figured out how to generate it via the remoteapp management page.
|
# ? Jul 16, 2015 17:00 |
|
|
# ? May 29, 2024 19:18 |
|
I'm glad somebody brought up RemoteApp. I've been trying to host an app on an isolated EC2 instance and make at as simple as possible for users to connect. Apparently there's no way around having the clients install my self-signed certificates (it's not a real enterprise setting, ok). Fine, I got through all the hoops but now after accepting the "publisher can't be identified" thing, it fails to authenticate and asks for the login details again. Using the same name/password doesn't work, obviously. code:
|
# ? Jul 16, 2015 21:30 |