|
The Cubelodyte posted:One of our users will retire this summer. She wanted to know what her "options" were for her email address and cell phone number. I informed her about our campus policy/program that allows you to forward your email address forever, but that her mailbox here will be deleted after 90 days, and that our folks that manage the business end of cell phone stuff generally don't want the hassle of transferring/releasing numbers because it's a pain, but hey, go ask them anyway, you never know. There are too many old people who think it's appropriate to make their work identity their only identity. Hey listen, if the business goes under tomorrow you'd lose everything instantly, so you should probably stop reporting your work phone number and email address to the loving DMV. Keep that poo poo private. And stop signing up for retail accounts on your work email address. I will absolutely not spend a second of my time helping you recover your Kohls account after you registered it to organization address and quit.
|
#
?
May 23, 2017 17:11
|
|
|
|
| # ? Jun 6, 2024 04:29 |
|
|
Well, we're a state university so the chances of us going tits-up overnight is pretty much nil. But yeah. We had one fossil leave early last year and it was amazing the amount of personal stuff that he left behind. Bank statements, mortgage statements, medical diagnosis letters, legal documents, personal letters, medicine, you name it.
|
|
#
?
May 23, 2017 17:26
|
|
|
A former coworker and I did our RHCSA certs the same week a couple of years ago. I'm in the RHCE course this week and when I told him that, it dawned on him that his cert is attached to his old work account. Anything that affects me personally and doesn't absolutely require my work email (we have some subscriptions that auto-register us when we log in with that) gets my Gmail for precisely this reason. Its not a huge deal, because the cert is still valid, but I'm guessing it will be a PITA (if it's even possible) to move it to his personal account.
|
|
#
?
May 23, 2017 17:29
|
|
|
Volmarias posted:Good luck with a well endowed employee 80085.
|
|
#
?
May 24, 2017 10:54
|
|
|
Collateral Damage posted:When I get back from lunch I'll have to look up who has that. I tried that at the office party and HR got involved.
|
|
#
?
May 24, 2017 10:58
|
|
|
I love when clients get passive-aggressive because we're pushing back on their scope creep for a project. Look buddy you signed the SOW, not our fault you didn't read it before you signed it. It's only a matter of time before my boss goes over their head  (On the flipside of this I can understand how it may be frustrating than an MSP/Contractor isn't "listening to you" but when your proposed changes will push the project back by months you should really re-think your priorities) pr0digal fucked around with this message at 20:45 on May 24, 2017 |
|
#
?
May 24, 2017 20:41
|
|
|
As I have established numerous times in the IT threads, I don't know jack poo poo. So again I come to you guys for ideas. Today, and last week or the week before, people at several client sites discovered they couldn't pull up pinterest.com. The name couldn't be resolved. At one site, I connected to their fortigate firewall and that firewall (using Cogent's DNS servers) could resolve pinterest OK. But the local DC could not. At one point on the DC I did dnscmd/clearcache and this helped the DC to suddenly begin resolving pinterest, however on the local user PCs even after ipconfig/flushdns they still couldn't. Both times I ended up on the DC doing net stop dns&net start dns, and suddenly all local user PCs could resolve the site again. Looking at the event logs on servers at the affected sites, I don't see anything other than the "DNS server encountered a bad packet from xxx.xxx.xxx.xxx" type errors. The only site I know of this has happened with is pinterest, although I assume others might have been affected and we just didn't know. It has happened at sites where we use Cogent, and Level3 for internet. Although as I said when connecting to the site's firewall, I could resolve the name. It appears to just be an internal DNS problem in each case. Anyone have any ideas on this?
|
|
#
?
May 24, 2017 21:26
|
|
|
MrMojok posted:As I have established numerous times in the IT threads, I don't know jack poo poo. So again I come to you guys for ideas. How does your infra work? Like, these client sites, do they each have a DC they go to for DNS and then if it doesn't have a record it forwards, somewhere? It could potentially be an issue due to the fortigate DNS session helpers: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-system-administration-54/Session%20Helpers/DNS%20session%20helpers%20(dns-tcp%20and%20dns-udp).htm Here is info on how to disable session helpers (if this is one of the helpers that appears in the list): http://help.fortinet.com/fos50hlp/5...on%20helper.htm It's a quick change if you're able to disable the helper, I can't currently log into any of our fortigates or I'd check it out to confirm. I'm somewhat dubious of that being the cause because across 50 or so fortigates we've never had an issue with the DNS helper (that I know of), but dear god the VOIP stuff is awful and gets turned off immediately and that's why I bring it up.
|
|
#
?
May 24, 2017 22:20
|
|
|
Well, the infrastucture, and our organization, is ridiculously convoluted. At each client company site they have a local DC; in the TCPIP properties on this machine, DNS points to itself as primary and to one in another site (that we euphemistically call our "data center") as secondary. DNS zones are AD-integrated. Curiously-- in looking at the properties of the DNS server in today's affected site, there is nothing configured in the forwarder tab. Nor is there in any other site. We do have conditional forwarders used to get traffic to other client sites which are in totally different forests, with trusts set up between these different forests. I think I'll put Cogent's DNS server IPs into the forwarder tabs at the place that had trouble this morning. In looking at your link, we do have the DNS-UDP session-helper listed in the fortigate of the site that had the trouble this morning, but no DNS-TCP session-helper.
|
|
#
?
May 24, 2017 23:29
|
|
|
MrMojok posted:Well, the infrastucture, and our organization, is ridiculously convoluted. DNS-TCP I (believe) is off by default, but I believe the DNS-UDP guy is on by default. Again I DOUBT this is your issue, but those session helpers massage traffic and can cause weirdness, but it would (typically) be a more consistent issue, in my experience. MF_James fucked around with this message at 00:13 on May 25, 2017 |
|
#
?
May 24, 2017 23:59
|
|
|
MrMojok posted:As I have established numerous times in the IT threads, I don't know jack poo poo. So again I come to you guys for ideas. Do the sites that are unresolvable all have a large NS list like pintrest ? e.g. require a TCP response instead of a UDP one ?
|
|
#
?
May 25, 2017 00:10
|
|
|
Pinterest.com is the only site I know of that this has happened with. I wouldn't think it would require a TCP response, but I dunno. Doesn't DNS go through TCP pretty much only in the case of zone transfers and the like?
|
|
#
?
May 25, 2017 00:43
|
|
|
MrMojok posted:Curiously-- in looking at the properties of the DNS server in today's affected site, there is nothing configured in the forwarder tab. Nor is there in any other site. We do have conditional forwarders used to get traffic to other client sites which are in totally different forests, with trusts set up between these different forests. I think I'll put Cogent's DNS server IPs into the forwarder tabs at the place that had trouble this morning. FYI: The forwarder tab is empty by default and a Windows DNS server uses internal forwarders that point to Microsoft's public DNS servers. These default DNS settings get overruled as soon as you enter any forwarder manually.
|
|
#
?
May 25, 2017 01:35
|
|
|
MrMojok posted:At each client company site they have a local DC; in the TCPIP properties on this machine, DNS points to itself as primary This might be in line with best practices in a Windows Server environment, but as a one-time BIND admin, I get twitchy when I see a DNS server with itself as primary. Is this a good idea in AD ?
|
|
#
?
May 25, 2017 02:32
|
|
Agrikk posted:FYI: I'm 90% sure it uses root hints, and if root hints aren't enabled it doesn't work. Blanking fowarders means it's not using them. mllaneza posted:This might be in line with best practices in a Windows Server environment, but as a one-time BIND admin, I get twitchy when I see a DNS server with itself as primary. Is this a good idea in AD ? It will work, but it isn't a good idea or recommended.
|
|
|
#
?
May 25, 2017 02:50
|
|
|
Yeah you should have another DC in your environment as the primary DNS server
|
|
#
?
May 25, 2017 02:51
|
|
|
I think you are right.
|
|
#
?
May 25, 2017 03:10
|
|
|
mllaneza posted:This might be in line with best practices in a Windows Server environment, but as a one-time BIND admin, I get twitchy when I see a DNS server with itself as primary. Is this a good idea in AD ?
|
|
#
?
May 25, 2017 04:03
|
|
|
Aunt Beth posted:This is normal in AD because the domain controller should always be the first thing to try to resolve addresses within the domain. I was going to go all  agreeing with you and blasting MF_James and others saying it shouldn't be, but apparently not only has Microsoft's guidance flipflopped since I learned how to AD but they don't seem to have it fully worked out internally themselves. However, it does appear that you and I are wrong and the primary DNS server for each DC should be another DC in the same site, and the DC's own IP (not the loopback address) should be the secondary or tertiary DNS server.http://techgenix.com/active-directory-insights-part1/ Welp, I've got a lot of DCs to change, oops. :themoreuknow: (For what it's worth I've never seen any of the race conditions, boot problems, or replication issues that article mentions that can be caused by having 127.0.0.1 as the primary DNS server, not that I'm arguing that makes it OK - it's been so long I don't even remember where I learned to do that although I'm pretty sure it was the MCSE 2003 materials, but that's IT for you, always need to reverify your old knowledge).
|
|
#
?
May 25, 2017 04:18
|
|
|
What on earth? I hate how they change this stuff all the time. Time to put in a change request... Edit: just give me my hosts file and an ftp cron job 
Aunt Beth fucked around with this message at 04:26 on May 25, 2017 |
|
#
?
May 25, 2017 04:23
|
|
|
I do remember MS not agreeing themselves at the time we set these up. On each of them the primary dns is its own IP rather than the loopback. They are all 2008 R2, I have to get everything up to 2012 this year. Which is half over now that I think of it.
|
|
#
?
May 25, 2017 04:36
|
|
|
MrMojok posted:I do remember MS not agreeing themselves at the time we set these up. On each of them the primary dns is its own IP rather than the loopback. They are all 2008 R2, I have to get everything up to 2012 this year. Which is half over now that I think of it. Any reason you don't want 2012r2 or 2016? 2016 is really nice to work with and I think I'm going to miss it when I get a new job and end up having to do 2012, which is the OS I'm least familiar with. We jumped from 2008 to 2016 and my last job was 2003 - 2008 with a partial migration to 2012 just before I left. My college courses were on 2008 R2. I have a feeling 2016 hasn't been widely adopted yet but it's so nice.
|
|
#
?
May 25, 2017 05:25
|
|
|
I haven't even looked at 2016, though I need to. We have started setting up new servers on 2012r2, just no DCs yet.2012r2 is actually the plan for the DCs
|
|
#
?
May 25, 2017 05:46
|
|
|
I have 2 DCs in my environment and they both have first their own lan ip and then the other's in dns settings, which only makes sense to me: if one goes down (which is the reason to have two in the first place), why wait for timeouts every time you're trying to resolve something?
|
|
#
?
May 25, 2017 10:03
|
|
|
We just upgraded our DC's from 2008 R2 to 2016. The only hiccup was NPS didn't migrate cleanly, had to rebuild that from scratch. Otherwise it went smoothly. Secondly, we can't update the domain level until we upgrade SCCM. Boo.
|
|
#
?
May 25, 2017 14:26
|
|
|
What does the new FL have functionality wise? Anything as sometimes useful as the AD recycle bin?
|
|
|
#
?
May 25, 2017 15:36
|
|
|
MrMojok posted:I haven't even looked at 2016, though I need to. We have started setting up new servers on 2012r2, just no DCs yet.2012r2 is actually the plan for the DCs If you're going through the hassle of upgrading you may as well go to 2016. 2012 R2 is great, don't get me wrong, and compared to the poo poo that is 2012 (hot corners in a GUI that if it's used at all will mostly be used through RDP? sign me the gently caress up because I hate my life) it's a million times smoother, but 2016 is basically another extra layer of polish on top of it and there's really no reason to install new 2012 R2 servers at this point.
|
|
#
?
May 25, 2017 16:02
|
|
|
GreenNight posted:Do the people at your company get pissed when they get married and have a name change but IT can't change their user ID? Any person I have ever known who has gotten married and taken the other parties name has kept their original name at work because of how much of a hassle it is for everyone to change a name. Saying that I do feel bad for trans people who want to change their identities within a company. Judge Schnoopy posted:There are too many old people who think it's appropriate to make their work identity their only identity. Young people leave their work phone number too which is a giant hassle, especially when they're either behind an IVR and don't give instructions, or they put down the Dairy Queen they work at. At my last employer I also used to get calls from collections agencies, doctors offices, you name it looking for an employee that was fired a long time ago.
|
|
#
?
May 25, 2017 22:18
|
|
|
Blue_monday posted:Any person I have ever known who has gotten married and taken the other parties name has kept their original name at work because of how much of a hassle it is for everyone to change a name. This is not the case at the company I work for. One lady has changed her name 4 times in the past 15 years. Yeah that's only two marriages, but still.
|
|
#
?
May 25, 2017 22:22
|
|
|
A ticket came in: I make the mistake of telling my boss I'm going to close it, because it's obviously a phishing email: boss posted:drop box is legit
|
|
#
?
May 25, 2017 23:39
|
|
|
jfc
|
|
#
?
May 26, 2017 00:02
|
|
|
A Pinball Wizard posted:A ticket came in: gently caress it's common (industry) knowledge that Docusign was breached last week and that there's an active phishing campaign COME ON
|
|
#
?
May 26, 2017 02:48
|
|
|
Blue_monday posted:Any person I have ever known who has gotten married and taken the other parties name has kept their original name at work because of how much of a hassle it is for everyone to change a name. Saying that I do feel bad for trans people who want to change their identities within a company. My factory gets called constantly from debt collectors, clinics, and the local school district, of all things.
|
|
#
?
May 26, 2017 02:57
|
|
|
The windows update to resolve windows update service getting stuck is, itself, stuck. 
|
|
#
?
May 26, 2017 04:24
|
|
|
Relayed from an excoworker: "Facebook was down for like 15 minutes this morning. We got at least 12 tickets."
|
|
#
?
May 26, 2017 04:38
|
|
|
sfwarlock posted:Relayed from an excoworker: That's 12 people who owe 1st Level a serious favor.
|
|
#
?
May 26, 2017 05:52
|
|
|
EarthLink (now Windstream), just let us know that a fiber was cut. Four of our sites are down. Hooray!
|
|
#
?
May 26, 2017 15:53
|
|
|
mllaneza posted:That's 12 people who owe 1st Level a serious favor. 1st Level as in tier 1? That place ain't big enough to have "tiers". Most of them were just generic "internet seems kind of slow is there something wrong?" with a couple "has someone updated the blocked sites list?" (Which they don't have either.) Ironically, the two people whose job it is to use Facebook (social media mavens) didn't raise a peep.
|
|
#
?
May 26, 2017 16:32
|
|
|
Beefstorm posted:EarthLink (now Windstream), just let us know that a fiber was cut. Earthlink CEO is now the Rackspace CEO 
|
|
#
?
May 26, 2017 16:32
|
|
|
|
| # ? Jun 6, 2024 04:29 |
|
|
I found out my mother in law uses the Facebook webpage on her iPhone 7 because she didn't know what apps were. And no, she doesn't know her login info. When they got their phones they also burned all their data immediately because they didn't know what wifi was or if they had it at home (they did).
|
|
#
?
May 26, 2017 16:57
|
|
