|
wyoak posted:Could be that your DHCP server is creating the DNS record, not the client. DNS suffix doesn't mean it's on the domain. If there's no machine account it's probably not on the domain, barring some weird situation with display name mismatches. Not sure, but it's possible, I don't manage anything with the DHCP. So it's probably not on the domain and people need yelling at. Groovy.
|
# ? Oct 16, 2015 21:38 |
|
|
# ? May 14, 2024 16:12 |
|
Zero VGS posted:Supposing I go with something else, does anything exist to actually mimic an "always-on" VPN? The closest I've seen is Log Me In Hamachi, though I don't know if I'd trust that at an enterprise level. Softether will do always on SSL VPN and it easy to setup and manage. We use it for our field techs who can't remember/understand how to dial in the old Windows VPN. Even does it before login in case we reset their password etc.
|
# ? Oct 16, 2015 21:47 |
|
Does anyone feel like they have a good setup for software Updates in SCCM?I see a lot of stuff on how to setup an ADR, but they're always naieve in assuming you'll have one deployment group ever and you'll just magically never need to worry about going over 1000 patches in a deployment package, or expired updates. Also, is there a reason to care if a software update is in multiple deployment packages? I know that on the DPs the content will be deduped, but it's still sitting on my source file share multiple times. And it just seems messy. Just not really sure what a good approach is here, so wondering what other people are doing that works. As an aside, this is my biggest gripe with SCCM specifically and IT in general. I've got this massively powerful tool and I know how to push the buttons to make stuff happen, and it's clear from the way some things are implemented that it was designed to be used in a certain way, but that way is a secret. So everybody has to reinvent the wheel. Sure, every environment is different, but there should be some best practices I can work from instead of starting from whole cloth. And every environment wouldn't be so different if we didn't have to reinvent the wheel with every drat tool in use.
|
# ? Oct 16, 2015 22:05 |
|
FISHMANPET posted:
I dont have an answer to you except many years of trial and error with SCCM.
|
# ? Oct 16, 2015 22:08 |
|
Hey guys can you walk me through DNS like I'm a complete moron which I am. Here's the problem: I have two DNS servers, DNS1 and DNS2. User has DNS1 as the primary DNS server, DNS2 as the second. When DNS1 is turned off, the user cannot access the Internet or get any DNS. They can put in 8.8.8.8 as DNS server manually and then Internet (but not internal) DNS works. Why would this be. Why wouldn't the second DNS server work. Does it have to do with which DNS server that second DNS server has listed as the primary?
|
# ? Oct 16, 2015 23:02 |
|
There should be a timeout on the client where after X seconds of not being able to contact DNS1 it will contact DNS2 instead. Are you sure DNS is actually running and working on DNS2? You can use the nslookup command to query it directly. For exampe: nslookup google.com <IP of DNS2> will send the DNS query directly to that server. My guess is that DNS2 isn't actually working properly.
|
# ? Oct 16, 2015 23:05 |
|
That would be my guess too. The handoff is usually seamless for us in our network. I can reboot my servers with impunity as long as one is up.
|
# ? Oct 16, 2015 23:14 |
|
NevergirlsOFFICIAL posted:Hey guys can you walk me through DNS like I'm a complete moron which I am. Here's the problem: Make sure it's actually active and replicating.
|
# ? Oct 16, 2015 23:24 |
|
Yup, something is up with DNS 2. Make sure your DHCP clients are getting the IP for DNS2 as a secondary IP address, make sure DNS 2 is actually functioning (service running, bound to correct IP/adapter, zones have information), nslookup against DNS 2 directly. It should be almost transparent to the end users if one of them goes down.
|
# ? Oct 16, 2015 23:32 |
|
While we're talking about DNS - a thing to bear in mind is that if you have multiple servers in your DHCP offer (as you drat well should), if the first DNS server responds with NXDOMAIN the client won't look at the next one in the list. The server responded, but there was nothing to respond with. I've seen it catch people out when they try and do strange things with DNS.
|
# ? Oct 17, 2015 00:36 |
|
babies havin rabies posted:I think I've tried that GPO option already, but I'll have to check the ticket to be sure at this point. So this problem reared its ugly head again by the time I got back from vacation. Today I finally had some time to sit down and tackle it, and I think I got it. It turned out to be a GPO. By creating an inheritance-blocked OU and putting an affected computer in it, I was able to turn enforcement back on one-by-one. It didn't take long to figure out which one was the culprit. I'll dispense with the details, but it was an old vbs script trying to run some executables that definitely weren't needed anymore. Exactly why this was causing a problem only on other subnets, I really have no idea, but removing it from the domain fixed the problem, at least for now.
|
# ? Oct 17, 2015 02:07 |
|
FISHMANPET posted:There should be a timeout on the client where after X seconds of not being able to contact DNS1 it will contact DNS2 instead. Are you sure DNS is actually running and working on DNS2? You can use the nslookup command to query it directly. For exampe: nslookup google.com <IP of DNS2> will send the DNS query directly to that server. Ok let me test this tomorrow. The only reason I think dns2 is running is, when I added it to the dhcp scope settings it said "validating bla bla bla" and then it worked. Also I see internal DNS things on that server when I open DNS mgmt console.
|
# ? Oct 19, 2015 02:50 |
|
NevergirlsOFFICIAL posted:Ok let me test this tomorrow. I got a DNS request timed out! I confirmed the DNS service is running, and that zones had info, etc. I looked at the DNS server properties, saw it was referencing some internal forwarders that don't exist anymore, removed those references. Now it seems to be working. No way that's all it was... because if the forwarders aren't available why didn't it just go to the "root hints"?
|
# ? Oct 19, 2015 03:27 |
|
FISHMANPET posted:Does anyone feel like they have a good setup for software Updates in SCCM?I see a lot of stuff on how to setup an ADR, but they're always naieve in assuming you'll have one deployment group ever and you'll just magically never need to worry about going over 1000 patches in a deployment package, or expired updates. What I've done in the past is create a test collection of devices. Set up the ADR to automatically download them, and wait 3 days until they are actually installed. That way I figured if there was ever a bad update that got pushed out by Microsoft I'd have some time to clear out the old update and get ready to deploy the new patch. As for the source files I have no idea. I agree it gets messy and I wish there was a better way to keep things clean and organized.
|
# ? Oct 19, 2015 14:48 |
|
Once a year I delete all the superseded updates plus the updates that have 0 Required/Installed, then redownload the remaining updates into a new deployment package and delete the original deployment package. That usually cuts things down by 80%.
|
# ? Oct 19, 2015 15:33 |
|
FISHMANPET posted:Does anyone feel like they have a good setup for software Updates in SCCM?I see a lot of stuff on how to setup an ADR, but they're always naieve in assuming you'll have one deployment group ever and you'll just magically never need to worry about going over 1000 patches in a deployment package, or expired updates. I use ADR exclusively for our testing group. I'd love to start using it for our non-critical servers but haven't brought myself to do it yet. For organizing updates, there's no clean way to do it as far as my experience goes. I'll try to do some quarterly maintenance on our single massive "Window Update" package to clear out anything expired or superseded. I don't clear out any "0 requirement" updates just because we have some old images flying around on thumb drives that I'm trying to stomp out but I'm transitioning to a new job soon so It looks like there's a nice script out there that might help automate it though I haven't tested it myself yet. quote:As an aside, this is my biggest gripe with SCCM specifically and IT in general. I've got this massively powerful tool and I know how to push the buttons to make stuff happen, and it's clear from the way some things are implemented that it was designed to be used in a certain way, but that way is a secret. So everybody has to reinvent the wheel. Sure, every environment is different, but there should be some best practices I can work from instead of starting from whole cloth. And every environment wouldn't be so different if we didn't have to reinvent the wheel with every drat tool in use. They seem to design these tools to be everything to everyone. I've worked 3 SCCM Admin\Engineer jobs and every one used it differently. Microsoft wants their System Center tools to be adaptable in any environment and unfortunately that means being as vague as possible (and consequently getting you to employ Microsoft Consulting Services).
|
# ? Oct 19, 2015 17:55 |
|
BTW, of all the ways you can use SCCM, I guarantee that "SCCM as a service" is the absolute worst, at least if you're the provider (It's me, I'm the provider!) Digging through the RAP report. There are 2 collections that update every 10 minutes, and one that updates every 7 minutes. And that's just the "High" security alerts. There are plenty in the "Medium" alerts that update at least hourly.
|
# ? Oct 19, 2015 18:07 |
|
Tony Montana posted:ok sorry, been busy. Great post, I have no idea why it took me so goddamn long to find an answer for this question. Curious, do you work for MS?
|
# ? Oct 19, 2015 18:17 |
|
Tab8715 posted:Great post, I have no idea why it took me so goddamn long to find an answer for this question. Curious, do you work for MS? Most of that information is found pretty quckly when googling sites and services (ok maybe not REALLY quickly). I spent about 4 hours one night trouble shooting some domain issues and learned a boatload about sites and services and other stuff, I'll see if I can dig up the one link I found.. it was basically a boatload of info on sites and services in one page... *EDIT* well after googling for a bit I can't seem to find the drat website. Apparently when I'm half asleep I'm better at googling than I am when I'm wide awake and well fed MF_James fucked around with this message at 20:23 on Oct 19, 2015 |
# ? Oct 19, 2015 18:39 |
|
Just for fun I've installed myself the 2012 r2 sccm suite because I wanted to try and do stuff with it. What are some neat little projects I could try with this behemoth?
|
# ? Oct 20, 2015 06:04 |
|
Methanar posted:Just for fun I've installed myself the 2012 r2 sccm suite because I wanted to try and do stuff with it. You could try to not get liver failure while using it. Serious answer, I think the knowledge that transfers over the most to other IT areas would be playing with ADRs, and making software packages. You could try creating a package and deploying it to some test computers and then setup updates to deploy as well to those computers. Just a tip starting out get the CMTrace tool. I think it's a separate download for some reason from Microsoft as part of a developers kit.
|
# ? Oct 20, 2015 13:59 |
|
Methanar posted:Just for fun I've installed myself the 2012 r2 sccm suite because I wanted to try and do stuff with it. Make an OS deployment. It will force you to use most of the important modules in SCCM. If you want something more structured, buy either this book or this book and follow the examples. They're $10 each in the US for an ebook copy. Or just go to http://deploymentresearch.com/Research and pick a random article to replicate.
|
# ? Oct 20, 2015 15:52 |
|
BaseballPCHiker posted:Just a tip starting out get the CMTrace tool. I think it's a separate download for some reason from Microsoft as part of a developers kit. Mercifully, it's also included in boot media so you can use it to debug a failed OSD in place.
|
# ? Oct 20, 2015 16:19 |
|
devmd01 posted:The eventual goal is to consolidate all resources to DomainA, but this is going to be a multi-year process. Step One: easy half of migration Step Two: Ask for raise
|
# ? Oct 21, 2015 01:17 |
|
Lol, we're on our way, but our director is having issues with prioritizing projects since we have so goddamn many. FWIW I converted all 4 domains to use conditional forwarders today....in the middle of the day. No issues, I tested access to srv records as I went. Now I just need to test lync autodiscover resolution for one domain pointed to the new domains DC and its game on for migrating dhcp to consolidated dhcp failover scopes.
|
# ? Oct 21, 2015 02:20 |
|
The sharepoint 2010 timer service keeps restarting. In event viewer I see, "The SharePoint 2010 Timer service terminated with service-specific error %%-2147467259." I did some searching online and people suggest to create a folder in C:\ProgramData\Microsoft\SharePoint\Config with a name that matches the id of HKLM > SOFTWARE > Microsoft > Shared Tools > Web Server Extensions > 14.0 > Secure > ConfigDB>Id. Did not fix it. The service continues to crash and no xml files get populated in the folder. Then, http://www.adventuresinsharepoint.co.uk/2014/05/07/the-sharepoint-2010-timer-service-terminated-with-service-specific-error-2147467259/ suggests "I couldn’t really see anything obvious in the ULS logs but after various troubleshooting steps I fixed this by adding the service account used by the SharePoint Timer Service to the local Administrators group and restarting the Timer Service." The timer service on our sharepoint 2010 machine is logging on as local system account. Anyone with sharepoint 2010 or 2013, what account does your timer service log on with?
|
# ? Oct 21, 2015 19:53 |
|
BaseballPCHiker posted:You could try to not get liver failure while using it. I already regret my decision to try and use this.
|
# ? Oct 21, 2015 20:57 |
|
Methanar posted:I already regret my decision to try and use this. I got a nice hearty chuckle out of this. SCCM is a bitch, a powerful bitch, but still a bitch.
|
# ? Oct 21, 2015 23:45 |
|
It is without a doubt the most touchy, unstable, infuriating piece of software that I've ever worked with. I can't tell you how many times I just wanted to give up working with it. Inevitably some tiny tiny detail will trip up a whole package or deployment. Or the one thing that should' have been simple to do ends up taking days of work to just get started. Part of my problem with it was that it has to be a persons full time job and I was split managing our SCCM environment while doing other things. Don't let me discourage you completely. If you can get imaging setup properly through SCCM you will have already made a tremendous first step towards learning the product.
|
# ? Oct 22, 2015 14:06 |
|
One day, MS will come up with something as straightforward as a package manager. Some day.
|
# ? Oct 22, 2015 15:44 |
|
I will say that for simple deployments of software that dont require any customization Chocolatey has been really great. Install it as part of your base image and then you can just roll out incredibly simple scripts that will install the software line by line. It works well for when you dont necessarily want to publish something in the software catalog but still want to roll it out quickly to users who may need it.
|
# ? Oct 22, 2015 15:59 |
|
I don't know if this is irony talk but PS5's package manager is getting there And you can pull chocolatey as a source with "find-package -source chocolatey" e: It still blows at uninstalling things though, at least on Windows 7 Roargasm fucked around with this message at 16:34 on Oct 22, 2015 |
# ? Oct 22, 2015 16:09 |
|
BaseballPCHiker posted:I will say that for simple deployments of software that dont require any customization Chocolatey has been really great. Install it as part of your base image and then you can just roll out incredibly simple scripts that will install the software line by line. It works well for when you dont necessarily want to publish something in the software catalog but still want to roll it out quickly to users who may need it. This is what I do. I dont use it a ton; but every once in a while it's really, really nice to have handy.
|
# ? Oct 22, 2015 16:15 |
|
BaseballPCHiker posted:It is without a doubt the most touchy, unstable, infuriating piece of software that I've ever worked with. I can't tell you how many times I just wanted to give up working with it. Inevitably some tiny tiny detail will trip up a whole package or deployment. Or the one thing that should' have been simple to do ends up taking days of work to just get started. Part of my problem with it was that it has to be a persons full time job and I was split managing our SCCM environment while doing other things. I banged my head on this cannot connect to application server bit for like 2 hours. I don't even know what I did to fix it. For the 4th time I went over the logs, saw that everything was (still) correct, tried the catalog again out of frustration and it starts working. It would have been nice if at some point technet, SCCM itself, etc would have mentioned that this requires like 8 IIS dependencies instead of letting me go forward with basically nothing. Methanar fucked around with this message at 18:49 on Oct 22, 2015 |
# ? Oct 22, 2015 18:10 |
|
That brings up an important point about SCCM. If something doesnt work right away but everything looks right just wait. Sometimes wait like a day. Then magically it starts working. Why? I dont know, but it was a painful lesson to learn.
|
# ? Oct 22, 2015 18:41 |
|
SCCM will teach you patience, that's for sure.
|
# ? Oct 22, 2015 18:52 |
|
FISHMANPET posted:SCCM will teach you patience, that's for sure. For better or worse it makes your managers learn too
|
# ? Oct 22, 2015 19:00 |
|
"Using SCCM is like building a railroad every time you want to deliver a pizza" --some guy on here a few years back.
|
# ? Oct 22, 2015 20:56 |
|
KS posted:"Using SCCM is like building a railroad every time you want to deliver a pizza" --some guy on here a few years back. I like this description. It's pretty much 100% on point. SCCM is awesome. But also sucks. But awesome.
|
# ? Oct 23, 2015 00:25 |
|
|
# ? May 14, 2024 16:12 |
|
SCCM 2012 R2 SP1 CU1 what the gently caress kind of naming convention is this
|
# ? Oct 23, 2015 05:39 |