|
flosofl posted:Almost definitely profile related. Yeah i stumbled on that one aswell. Tried changing it. It still wouldn't let me download. Thx for taking the time though to help. Yh it's definately profile related
|
# ? Aug 14, 2015 13:24 |
|
|
# ? Jun 6, 2024 04:18 |
|
I've been fighting a site outage for about a week now and it has totally and completely brought me to my knees and left me a hollow broken man. The site lost power/internet during a night, ran on battery backup for a while and then went down. When it came back up the domain-trust relationship broke, it quitting handing out DHCP addresses to the local office and users mapped drives went down. I started out trying the old netdom command, and then the powershell test-computersecurechannel -repair commands neither which worked. Then tried the old fashioned remove from a domain rejoin to a domain which also didnt work. Then I figured maybe it was a time issue, ran a check and the server was getting NTP settings from our DC and the time was correct. Then I saw the computer account was locked in AD, was able to reset it in AD but it still didnt seem to sync up with the remote server. At this point the users were getting pissy and I was getting tired of dealing with it. I started scratching my head and figured it must be a DNS issue. Tons of DCdiag checks on all of our DC's later and I couldnt see any issues, all the tests passed just fine. Tried scavenging all the old records, made sure AD replication was working and didnt see any problems there. Started running Microsofts PortQuery tool and checking anything to do with Kerberos, AD and LDAP. Everything seemed to work fine except for TCP port 389 which is used by LDAP to make bind requests. No matter what we tested these always failed. I figured it was an issue with a firewall or AV or something, so I turned off firewall on the DC's to test the theory out and nothing. Thought maybe it was an issue with our old Cisco 1800 and didnt see anything. Making this all the more confusing is that there was 1 computer at the site that never experienced any issues. The weird part was that this one pc was accidentally placed in a different OU in AD. Then I thought maybe someone hosed up a GPO or something. Spent a bunch of time testing that and making sure it wasnt an issue, could clearly see it wasnt a GPO affecting things. Really digging deep now I started doing packet captures on computers as I would try to join them back to the domain. I kept seeing the same thing, LDAP TCP port 389 queries failing, timing out and then getting reset. Completely stumped I sent a new laptop down there, made it part of the same OU as all the other broken computers and set it up with a profile of a user down there. It started and logged in just fine, no delay in loading any GPO's, shared drives came up etc.I could even remove it and rejoin it to the domain on site there. At this point I've completely given up. I can't figure anything out, my boss can't figure anything out, the CDW Microsoft consultant we brought on can't figure anything out. None of us have ever seen anything like it before. I've never been as completely frustrated and stumped in my career. At this point it'll honestly be quicker to just have computers shipped back to the main site joined to the domain and shipped back. The only good thing to come out of this is that it's really caused me to double down on my studies. Most of the time when something has stumped me in IT I can break down the problem into smaller pieces and work my way up layer by layer to discover the root cause of the problem and a fix. But in this case I was just completely lost and I hated the feeling. I know not everyone can know everything about all their is in IT but I don't want to feel this clueless again either. I bought a book on AD and will be devouring it page by page just in case something like this pops up again. I'm so glad it's Friday and that work is paying for a few beers and allowing me to leave early today.
|
# ? Aug 14, 2015 14:38 |
Going to have to replace the LCD matrix on a mid-2014 Macbook Pro soon. I can't find any good guides on this anywhere, but I think I can make it work. Gonna have a heatgun, suction clamps, a driver kit, and all the time in the world.
|
|
# ? Aug 14, 2015 15:29 |
|
So an email came in. from our Lenovo rep. "After 10+ years at Lenovo I am taking a break from IT to explore love in its many forms" Currently the office is torn between him becoming a porn star or going to Thailand for a while.
|
# ? Aug 14, 2015 15:35 |
blackswordca posted:So an email came in. Honestly I don't blame him wanting to get away from Lenovo right now.
|
|
# ? Aug 14, 2015 15:50 |
|
Segmentation Fault posted:Honestly I don't blame him wanting to get away from Lenovo right now. Seriously first superfish and then this onekeyoptimizer business. It's a shame too, their ThinkPad line is still pretty solid now that they're doing away with that stupid trackpad and I loved my Yoga 2 Pro, which works even better with windows 10 actually.
|
# ? Aug 14, 2015 15:56 |
|
Wait, what's this new problem? I've got a 430 I really like, what's wrong now?
|
# ? Aug 14, 2015 16:29 |
|
22 Eargesplitten posted:Wait, what's this new problem? I've got a 430 I really like, what's wrong now? http://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/
|
# ? Aug 14, 2015 16:36 |
|
This page lists all the effected models: https://support.lenovo.com/us/en/product_security/lse_bios_notebook Looks like you're safe with the 411.
|
# ? Aug 14, 2015 16:45 |
Noon call scheduled with prospective new boss. Background check part is done. ::heavy breathing intensifies::
|
|
# ? Aug 14, 2015 16:49 |
|
Despite the Think line being unaffected we stopped recommend Lenovo's after the Superfish debacle, nevermind this horseshit.
|
# ? Aug 14, 2015 16:56 |
|
Segmentation Fault posted:Going to have to replace the LCD matrix on a mid-2014 Macbook Pro soon. I can't find any good guides on this anywhere, but I think I can make it work. Gonna have a heatgun, suction clamps, a driver kit, and all the time in the world. Here's the iFixit guide for display replacement: https://www.ifixit.com/Guide/MacBook+Pro+13-Inch+Retina+Display+Mid+2014+Display+Assembly+Replacement/27834
|
# ? Aug 14, 2015 17:09 |
|
BaseballPCHiker posted:I've been fighting a site outage for about a week now That's rough. If you end up finding a fix or the root cause I'd love to hear what it ended up being.
|
# ? Aug 14, 2015 17:40 |
OKAY SO I GOT AN OFFER AND ACCEPTED IT The company is a media company, they own a bunch of radio stations. Each market operates independently, the HQ is in Indianapolis. I'll be working in their NYC office. No names, but they own a hip-hop station, a soul station, and a gospel station. Title is Senior Systems Administrator - VERTICAL MOVE Salary is a 20% boost Remote work is more possible PTO is better Health plan is as good as if not better Boss is as good as if not better IT team is bigger Environment is laid back Hours are good NO ON CALL I REPEAT: THERE IS NO ON CALL (save for emergencies and migrations, of course) This is as good an outcome as it could be. Now all that remains is to take this and use it as a positive space to work on all the issues that have caused me to flounder in the past, get more positive about a lot of things, and to make some serious professional growth. This is a Hyper-V, shop, so now I have a reason to finish my MCSE for Server 2012!
|
|
# ? Aug 14, 2015 18:28 |
|
Shrug, the Superfish thing sucks but otherwise Thinkpads are still a solid product line. They're extremely well built, durable, great keyboard and priced no differently than it's competitors.
|
# ? Aug 14, 2015 18:32 |
|
MJP posted:
Congrats! How'd your previous employer react?
|
# ? Aug 14, 2015 18:34 |
I'm giving my notice on Monday. The only other IT employee is my boss, and he's observant Orthodox. He's unavailable from Friday to Saturday, and if something went to poo poo or needed doing, it'd be a problem. This is me being nice to him directly - I don't wanna make his position even worse than it's gonna be. I'll be urging them to go back to the experienced candidates that submitted resumes and hiring them ASAP so I can train them, but they'll probably walk me out the door. You know what? It was my own drat fault for thinking that I was doing right by a job which was, at the time, a net positive by offering to cover the helpdesk. I gave the message that I was begrudgingly doing it, but willing to do so. That's my responsibility in my current situation. It's now their problem.
|
|
# ? Aug 14, 2015 18:46 |
flosofl posted:Here's the iFixit guide for display replacement: Oh, iFixit's great, but that's not what I'm doing. I'm not replacing an entire display assembly, I'm removing the LCD matrix and installing a new one, using the old display assembly. Saves me money that way.
|
|
# ? Aug 14, 2015 19:36 |
|
Congrats!
|
# ? Aug 14, 2015 20:03 |
|
Tab8715 posted:Shrug, the Superfish thing sucks but otherwise Thinkpads are still a solid product line.
|
# ? Aug 14, 2015 20:19 |
|
MJP posted:
|
# ? Aug 14, 2015 20:41 |
|
MJP posted:
|
# ? Aug 14, 2015 22:29 |
|
MJP posted:
Congrats dude!
|
# ? Aug 14, 2015 22:35 |
|
anthonypants posted:"the Superfish thing" is old, the new, recent Lenovo thing is installing a rootkit into the BIOS. That's the behavior you're apologizing for. It's not that it has the rootkit per se, it just makes it easy to put one on there. It has code that forces windows to replace a system file every boot that runs in user land. That file downloads drivers and updates and 3rd party poo poo. Not quite root kit level. You remove the file, the firmware says "gently caress you" and reinstalls it next boot. It's a pain in the rear end, but technically it's not a root kit in the traditional sense. However, researchers were able to take it over to install an arbitrary file. Not only that Lenovo failed to ensure that the FW code stays in user land per MS specs for validation. Researchers determined Lenovo's implmentation to be exploitable to execute with admin privileges with low effort, so it can keep forcing the laptop to go download a rootkit and run it as admin over and over again. All with no notification from windows that it's being done. Even putting in an out-of-box SSD or HD won't stop this. EDIT: grammar and clarity Proteus Jones fucked around with this message at 22:57 on Aug 14, 2015 |
# ? Aug 14, 2015 22:49 |
|
flosofl posted:Even putting in an out-of-box SSD or HD won't stop this.
|
# ? Aug 15, 2015 00:01 |
|
flosofl posted:It's not that it has the rootkit per se, it just makes it easy to put one on there. It has code that forces windows to replace a system file every boot that runs in user land. That file downloads drivers and updates and 3rd party poo poo. Not quite root kit level. You remove the file, the firmware says "gently caress you" and reinstalls it next boot. It's a pain in the rear end, but technically it's not a root kit in the traditional sense. It's placed by the BIOS and hides inside a system file. I'm totally fine with calling it a rootkit. Rootkits don't have to be intentionally malicious.
|
# ? Aug 15, 2015 00:48 |
|
Dylan16807 posted:It's placed by the BIOS and hides inside a system file. I'm totally fine with calling it a rootkit. Rootkits don't have to be intentionally malicious. No I understand. I'm just saying the traditional definition of a rootkit is something that runs with kernel level perms. Microsoft's requirement is for it to execute in user space and Lenovo's implementation runs in user space, not kernel space. Unfortunately, Lenovo hosed up and their implementation can not only be exploited and customized, it can also be escaped into kernel space.
|
# ? Aug 15, 2015 01:04 |
|
MJP posted:
Congrats. I hope they walk you out the door with 2 weeks severance. Give yourself that 2 weeks paid vacation that you so rightly deserve after all this bs.
|
# ? Aug 15, 2015 01:14 |
|
Segmentation Fault posted:Oh, iFixit's great, but that's not what I'm doing. I'm not replacing an entire display assembly, I'm removing the LCD matrix and installing a new one, using the old display assembly. Saves me money that way. Speaking as someone who's been able to compare it to the official guides at gsx.apple.com, ifixit.com is good, has great photos (color coding the sizes of screws is genius), but has some steps here and there either wrong or unnecessary. Just be very, very careful following an ifixit guide you haven't used before.
|
# ? Aug 15, 2015 02:08 |
|
MJP posted:
Congratulations! See you at Newark Penn on Track 5!
|
# ? Aug 15, 2015 02:44 |
|
KoRMaK posted:e: Ooo the un-compressed version is spacey https://www.youtube.com/watch?v=wW0VYKtJisw Reminds me of the music for the water levels in Donkey Kong Country Crowley posted:Have you tried downgrading and running the setup again, but clicking "advanced install"? He shouldn't have to specify a working pancreas during setup BOOTY-ADE fucked around with this message at 09:32 on Aug 15, 2015 |
# ? Aug 15, 2015 06:27 |
|
flosofl posted:No I understand. I'm just saying the traditional definition of a rootkit is something that runs with kernel level perms. Microsoft's requirement is for it to execute in user space and Lenovo's implementation runs in user space, not kernel space. Unfortunately, Lenovo hosed up and their implementation can not only be exploited and customized, it can also be escaped into kernel space. The traditional definition is total admin privilege, which it has. Whether a rootkit runs in ring 0 or ring 3 doesn't matter.
|
# ? Aug 15, 2015 10:01 |
|
Dylan16807 posted:The traditional definition is total admin privilege, which it has. Whether a rootkit runs in ring 0 or ring 3 doesn't matter. The fact that rootkits run hidden from process monitoring and whatnot almost always means they're in kernel space. It matters. Whether it actively hides your attempts to find it or not (which userspace doesn't do) is a big part of the definition. Dylan16807 posted:It's placed by the BIOS and hides inside a system file. I'm totally fine with calling it a rootkit. Rootkits don't have to be intentionally malicious. Regardless of whether it runs in ring0 or not, I like this being a rootkit because it actively takes over another applications name, does is secretly, etc. MJP posted:
|
# ? Aug 15, 2015 17:24 |
Migishu posted:Congrats. I hope they walk you out the door with 2 weeks severance. Give yourself that 2 weeks paid vacation that you so rightly deserve after all this bs. It's probably for the best if I jump in after just a few days. I don't wanna get too used to waking up super-late, I'll have to be up at 6:30 to be out the door at 7 for a 7:13 train, earlier still if I want to get in a workout before work. Bleh, but it is what it is. I honestly do hope they let me stay on the two weeks. The best thing I could do for Formerjob is to get someone smart hired on quickly and trained up. Will they do this? Likely not. Is it my problem if they don't? NOPE
|
|
# ? Aug 16, 2015 00:17 |
|
MJP posted:I honestly do hope they let me stay on the two weeks. The best thing I could do for Formerjob is to get someone smart hired on quickly and trained up. There's pretty much zero chance they'll be able to hire anyone within two weeks. Hiring takes a hell of a lot longer than that (outside of entry level/unskilled retail/service jobs, maybe). The whole two week notice thing isn't to find and train a replacement, it's to give you time for documentation and knowledge transfer to your current coworkers (or boss) in between wrapping up any projects you have near completion. A smart company will have adequate staffing to cover things reasonably well for a few months while they hire a replacement; a poor one will just dump your workload on some other random already-overworked schmuck and pat themselves on the back for reducing labor costs.
|
# ? Aug 16, 2015 00:44 |
dennyk posted:There's pretty much zero chance they'll be able to hire anyone within two weeks. Hiring takes a hell of a lot longer than that (outside of entry level/unskilled retail/service jobs, maybe). The whole two week notice thing isn't to find and train a replacement, it's to give you time for documentation and knowledge transfer to your current coworkers (or boss) in between wrapping up any projects you have near completion. A smart company will have adequate staffing to cover things reasonably well for a few months while they hire a replacement; a poor one will just dump your workload on some other random already-overworked schmuck and pat themselves on the back for reducing labor costs. Given that they interviewed a bunch of people when they first terminated Sleepy I would imagine they have a nice list to beg back onto, even though it's been three months since then. The schmuck getting the dump is going to be my boss, who I like and respect. He's been the enforcer of bad policy in terms of IT staffing and option-picking, but he and I got on wonderfully well and it's going to be a burden on him, and no one else. He sure as hell won't get the go-ahead to have the $X00 per hour consultant answer helpdesk calls. He'll probably get told to do it himself, and if he's lucky they'll restart hiring after I get walked out the door. Volmarias posted:Congratulations! See you at Newark Penn on Track 5! Only briefly - I'll be taking the 7:13 out of Union, not sure which one I'll be taking back. PM me at some point if you ever wanna grab a drink or something - plenty of bars that aren't the Blue Comet right up Ferry Street. I wonder if there are any other Newark commuter goons that'd be interested in a Sysdrink-style rodizio thing?
|
|
# ? Aug 16, 2015 01:01 |
|
If you get walked out the door after giving your two weeks I can't say I care much for that employer.
|
# ? Aug 16, 2015 01:29 |
Tab8715 posted:If you get walked out the door after giving your two weeks I can't say I care much for that employer. It's been standard practice at any place I've ever worked, save for one. It's more a security measure than anything else. I can understand why they'd want to do it.
|
|
# ? Aug 16, 2015 01:40 |
|
Tab8715 posted:If you get walked out the door after giving your two weeks I can't say I care much for that employer. Happened to me, still enjoying my two week vacation, lost all respect and care for my old employer, who I had previously enjoyed working with a ton.
|
# ? Aug 16, 2015 02:00 |
|
|
# ? Jun 6, 2024 04:18 |
|
It makes a degree of sense if you have the capacity to singlehandedly wreck the company by annihilating everything on their servers.
|
# ? Aug 16, 2015 02:09 |