|
Split tunnel because otherwise you're just clogging up your central office connection for no real reason (unless you have certain compliance reasons to have everything go through a single point, but let's assume not here). A lot of the boxes that you'd be putting at a remote office can handle provision of DNS, with a way to split requests for internal.domain and *.internal.domain and send them over the VPN to your head office. E.g: https://www.sonicwall.com/en-us/support/knowledge-base/170505634644040 Thanks Ants fucked around with this message at 19:51 on Aug 21, 2018 |
#
?
Aug 21, 2018 19:46
|
|
|
|
| # ? May 15, 2024 10:27 |
|
|
The Fool posted:e: You could also have your remote site edge device serve DHCP and set the primary DNS to HQ and secondary DNS to your ISP/Google That's what we do now. I think we have some connectivity issues somewhere.
|
|
#
?
Aug 21, 2018 20:12
|
|
|
Thanks Ants posted:A lot of the boxes that you'd be putting at a remote office can handle provision of DNS, with a way to split requests for internal.domain and *.internal.domain and send them over the VPN to your head office. This is what I do. DNS forwarding with caching is handled on the firewall at the site, internal domain lookups are routed to internal DNS servers, everything else goes out to the ISP and/or a public DNS provider. It works great, internal resources can be accessed by name as needed but a VPN issue doesn't cause the whole internet to become effectively unreachable.
|
|
#
?
Aug 21, 2018 20:21
|
|
|
We're looking at this type of thing for branch offices that only need a couple of network services.
|
|
#
?
Aug 21, 2018 20:21
|
|
|
The Fool posted:e: You could also have your remote site edge device serve DHCP and set the primary DNS to HQ and secondary DNS to your ISP/Google Unless something has changed recently or I am seriously misremembering, don't do this. Windows has no guarantee that it will try your first DNS server until it fails to respond and then try your second. It isn't round robin but it will use both intermittently. I'll see if I can find some resources when I have a minute.
|
|
#
?
Aug 21, 2018 20:30
|
|
|
I think you should be OK as long as the internal domain doesn't resolve when you're hitting Google's DNS, but having something local doing it for you is preferable.
|
|
#
?
Aug 21, 2018 20:32
|
|
|
Internet Explorer posted:Unless something has changed recently or I am seriously misremembering, don't do this. Windows has no guarantee that it will try your first DNS server until it fails to respond and then try your second. It isn't round robin but it will use both intermittently. I'll see if I can find some resources when I have a minute. https://morgansimonsen.com/2012/07/03/will-if-fail-over-or-just-fail-some-dns-empirical-testing/ quote:The DNS Resolver sends the name query to the first DNS server on the preferred adapter’s list of DNS servers and waits one second for a response. Old blog post and the references linked from the blog are 404's, but I don't think this has changed.
|
|
#
?
Aug 21, 2018 20:37
|
|
|
https://technet.microsoft.com/pt-pt/library/cc772774%28v=ws.10%29.aspxquote:The DNS Client service keeps track of which servers answer name queries more quickly, and it moves servers up or down on the list based on how quickly they reply to name queries. You can look up a bunch of posts on the TechNet forums, SuperUser or Spiceworks (ugh) that will say the same thing. Don't mix them. I have had the Preferred: Internal, Alternate: External bite me in the past. If you are having "network issues" and you have your clients set up this way, put only internal DNS servers and see if that helps. The correct answer is to have a DNS server on the branch network (or two, preferably) with its own forwarders (or root hints). I would never use internal and external DNS servers configured on a client. It introduces too many variables to something that is too important.
|
|
#
?
Aug 21, 2018 20:55
|
|
|
Additionally it can reveal unnecessary amounts of data about your network and infrastructure if something gets fuckered up and your internal requests suddenly are hitting external dns servers.
|
|
#
?
Aug 23, 2018 04:43
|
|
|
Bob Morales posted:Let's talk internet access at a small business with remote offices. We have several branch locations like this.. Branch locations have no local servers.. Not even DHCP is handled locally. We use Windows DHCP, and its done by some servers running in our main office and one satellite location. The firewall at each branch location relays DHCP requests back to the main office to be fulfilled. All branch office clients are given our 2 internal DNS servers as their only DNS. If the internet is down, sure nothing works. But all of our apps absolutely rely on a connection back to the main office... So if the internet is down, it doesn't really matter that things work locally, as no work is getting done anyways with our line of business apps down. To that end, every branch office has 2 WAN connections. Whatever ISP is available locally as the primary, and a CradlePoint on Verizon 4G for backup. The local firewall handles auto switching between them as necessary.
|
|
#
?
Aug 23, 2018 13:50
|
|
|
Curious as to why DHCP isn't done locally. Do you really need client devices written into the DNS zone for remote sites?
|
|
#
?
Aug 23, 2018 14:26
|
|
|
Thanks Ants posted:Curious as to why DHCP isn't done locally. Do you really need client devices written into the DNS zone for remote sites? Yes... we use DNS for everything. Being a complete Windows shop, it's just easier to have Windows DHCP register the devices into Windows DNS. And we prefer to not have servers at remote branches. Thus DHCP is relayed to our main office to fulfill the request. Our LoB software has to be able to directly access resources at remote sites (mainly printers), and it does so by DNS name, not IP. We also do a lot of remote support internally using VNC, which uses DNS names to connect to client machines. Aside from a handful of core servers, nothing has a static IP address, and nothing is referenced by IP, only DNS names. Any client device on the network is registered with a good unique name that generally consists of the branch number, and the location inside the branch. i.e. The front desk printer at branch 5 would be p5frontdesk. The computer at that location would be c5frontdesk. Guest devices on the guest network obviously are not, those are actually handled by DHCP running on the local branch firewall and get handed an external DNS server. Edit: I guess I should add we don't have multiple zones. All sites are on a single forest... No child domains. Our DNS zone has 380 names registered. Over 150 of them are printers of various types. stevewm fucked around with this message at 15:17 on Aug 23, 2018 |
|
#
?
Aug 23, 2018 14:41
|
|
|
I was asked to implement freshdesk(the free level) at my work a while ago, which seems like an ok system made for call centers. In addition to IT tickets, tickets for developers and engineering are also going through the system which ends up being 15-20 agents. They want some reporting on tickets, how much does X issue happen, time tracking, etc., which requires a paid version, minimum $19-89/agent/month. Are there free or low cost alternatives? Most of what I find is also a fee/agent/month but I have to think there is something. There was a spiceworks system at some point but it wasn't used outside IT and I don't know the reason I was asked to setup freshdesk instead of spiceworks again.
|
|
#
?
Aug 24, 2018 12:33
|
|
|
More than Home Networking but not Enterprise question about pfsense hardware. I'll need to recommend a good number of routers for a bunch of locations (same org), but the SG-3100 for $350 makes me wonder if there is a winning combination of board, chip, and enclosure (SuperMicro maybe) that can be pitched as just as dependable as Netgate's own kit. Won't need a lot of interfaces--honestly two would do. Anyone got a field-testing recipe, or should I just keep pitching SG-3100s?
|
|
#
?
Aug 26, 2018 00:32
|
|
|
Anybody have any experience with powering redundant psu's with different voltages? We've got 2 UPS' in our rack and one outputs 120v and the other 240v. All our server's (all Dell's from 2010-2018) up to this point haven't complained about having one psu get 120v and another 240v, until the most recent one (I think). I'm getting an 'incorrectly configured' message and they don't fail-over when you unplug the dominant one, but it doesn't seem to matter which one it's drawing power from; so I'm assuming they are refusing to swap because of the voltage difference. Should I swap out one of the UPS's (very expensive) or buy a transformer (almost as expensive) or call support because I'm barking up the wrong tree? Nevets fucked around with this message at 15:52 on Aug 27, 2018 |
|
#
?
Aug 27, 2018 15:38
|
|
|
I uh Well, technically I've never asked Dell if that's a good idea Have you been able to purchase server equipment with factory support with mixed 120/240 PSUs in each box? Potato Salad fucked around with this message at 16:27 on Aug 27, 2018 |
|
#
?
Aug 27, 2018 16:22
|
|
|
Yeah, I can't say I know specifically that that's not supported, but it sure sounds like a bad idea. If you don't have a specific need for both voltages, I would consolidate to one if all of your gear is compatible.
|
|
#
?
Aug 27, 2018 16:26
|
|
|
Everything in the rack has dual 120v/240v capable psu's, I don't know if they officially support running one at 120v and one at 240v, I never asked since who cares what's coming into the PSU, both should be outputting the same exact voltages. Background: About 8 years ago the single 240v rackmounted UPS we had failed & brought down the whole rack. We orderd a replacement for it, in the mean time I wired half of the psu's straight into the wall and the other half into the UPS so if it died again we'd still have line power. It seemed to work great so I grabbed an extra 120v UPS used off ebay & some new batteries for cheap so we'd have double redundancy. In hindsight it would have been best to get a similar model to the one we already had, but the cost difference was too much for a backup to the backup.
|
|
#
?
Aug 27, 2018 16:44
|
|
|
Jesus no thats not a good idea. Power distribution quality, efficiency of delivery, and required amperage are directly related to input voltage and you are feeding your equipment (and all its sensors) different stuff with varying tolerances. Buy two of the same UPS and put them on separate circuits. 
|
|
#
?
Aug 27, 2018 17:21
|
|
|
https://www.dell.com/community/PowerEdge-Hardware-General/PE-servers-runing-both-110v-and-220v-power-at-the-same-time/td-p/4131632
|
|
#
?
Aug 27, 2018 17:27
|
|
|
I talked with a certain Dell engineer and author, the first thing Dell will do is carry you through best good faith effort because they're great like that Next they're going to ask why you subjected expensive hardware to such electrical torture Nevets posted:, both should be outputting the same exact voltages. So the core issue is that, in any rlc circuit, this is never going to be perfectly true. Server PSUs are good, great even, but as an example even the phase deference between different power whips from separate utility hookups can gently caress you up under intense loads. 120-240 mixing isn't only a problem if you're using active-active profiles for high consumption or balancing, though. Even a server on active-passive (most out of box default power plans and in all likelihood what your servers are doing) will strain power protection features on board, so I am being told. Potato Salad fucked around with this message at 20:08 on Aug 27, 2018 |
|
#
?
Aug 27, 2018 19:56
|
|
|
Yeah, that's what I'm hearing back from our hardware vendor's support & their Dell contacts. Guess it's time to drop a grand on a new ups & convert the 240v circuit to a 120v. We don't really need 240v in the rack, the outlet predated the rack and used to be used for a giant old sorting machine so it got re-purposed when they bought the rack and started moving the servers into it. Thanks for your help everybody! PS: Any preference APC / Cyberpower / Tripplite?
|
|
#
?
Aug 27, 2018 20:44
|
|
|
Nevets posted:Yeah, that's what I'm hearing back from our hardware vendor's support & their Dell contacts. Guess it's time to drop a grand on a new ups & convert the 240v circuit to a 120v. We don't really need 240v in the rack, the outlet predated the rack and used to be used for a giant old sorting machine so it got re-purposed when they bought the rack and started moving the servers into it. Thanks for your help everybody! I've stuck with APC as a standard for the longest time without any regrets. Also, I don't know the extent of your environment, but from an efficiency standpoint you're actually better off converting your 120v UPS into a 208v unit and having a second L6-20 or L6-30 socket installed on a secondary circuit depending on your amperage requirements. APC even has a (very short and sweet) whitepaper on it you can read: http://www.apc.com/salestools/SADE-5TNQZ7/SADE-5TNQZ7_R3_EN.pdf
|
|
#
?
Aug 27, 2018 20:56
|
|
|
Yeah, but converting 240 -> 120 just involves replacing the outlet and disconnecting one of the hot legs. 120 -> 240 would mean running a whole new circuit if we want to maintain a ground.
|
|
#
?
Aug 27, 2018 20:59
|
|
|
Quick question for anyone that has successfully used ADMT to migrate user/computer objects to a new domain: When performing a computer migration ADMT is supposed to remove the computer from the old domain and join it to the new domain, right? So far in my testing, this is not happening and I don't know if I'm just being impatient or if I'm misunderstanding what is supposed to be happening during the migration. The wizard has a "Wait this many minutes before restarting the computer" step but my test machines are not restarting. The computer object is created in the correct OU in the new domain, a migrated test user account can log into it and it looks like the profile gets migrated properly, but the computer is still joined to the old domain  Found this site that answers my question: https://blog.thesysadmins.co.uk/admt-series-11-computer-migration-wizard.html Mr. Clark2 fucked around with this message at 22:32 on Aug 27, 2018 |
|
#
?
Aug 27, 2018 21:55
|
|
|
Can you use this instead? https://www.forensit.com/domain-migration.html
|
|
#
?
Aug 27, 2018 21:59
|
|
|
I migrated about 100 PCs over 3 remote sites with ADMT one evening and the only issue I had was from the idiots who ignored my email and shut down their computers. What a nightmare that was, glad I’m not back in MSP land!
|
|
#
?
Aug 28, 2018 02:38
|
|
|
Rookie question: Is there a safe, less than MSFT.com MSRP, means of buying a copy of Server 2016 Standard (and aCALs, but I’m more concerned about the OS)? Is to go with a SuperMicro X10 series board for a clean, new build. (Long story.. for a boss who wants to set his son up with this for dumb reasons—please don’t get hung on on this part). What spooks me is a) legitimacy, b) versioning/accuracy (see below), and c) cost, in that order. Just checking on Amazon (here) turns up a first party fulfilled option, but version choice concerns me. I know the workstation world of retail vs OEM OS licensing, but I am unfamiliar with MSFT’s Open License. 9EM-00118 seems to be Open License, and CDW.com lists that as “Licensing Price: Volume” whereas they list P73-07113 as “OEM.” Simply put, if I’m white-boxing Server 2016 Standard like one would with the System Builders OEM versions, what SKU do I look for and where should I get it? I could use a hand-hold on this, please. Tapedump fucked around with this message at 17:34 on Sep 4, 2018 |
|
#
?
Sep 4, 2018 17:16
|
|
|
Tapedump posted:Rookie question: Is there a safe, less than MSFT.com MSRP, means of buying a copy of Server 2016 Standard (and aCALs, but I’m more concerned about the OS)? Volume SKUs require a valid volume license agreement, which you won't have. Just spend the extra bucks on an OEM license, stick the sticker to the server case, and let it be. When in doubt, just buy a retail copy from Newegg or someplace. The extra $100 or whatever is worth the peace of mind.
|
|
#
?
Sep 4, 2018 18:02
|
|
|
You can buy Windows Server through CSP now and pay for a subscription, same as CALs.
|
|
#
?
Sep 4, 2018 18:08
|
|
|
Roger all of that, and it’s appreciated. So, let me rephrase: Throw a dummy a link to an OEM version with sticker, price be damned? Edit: These, ya? https://www.newegg.com/Product/Product.aspx?Item=1B4-003A-00062 https://www.amazon.com/Windows-Server-Standard-64-Bit-16-Core/dp/B01M1L0YJL (It was the comments in this listing that concerned me, but I trust a goon). https://www.cdw.com/product/microsoft-windows-server-2016-standard-license/4342665 (And, still curious... what is Open License? Google’s answers confuse me.) Tapedump fucked around with this message at 21:39 on Sep 4, 2018 |
|
#
?
Sep 4, 2018 21:12
|
|
|
I think I need to learn more advanced networking stuff but I can't seem to figure out which courses teach that. I have a pretty good grasp on the actual computers themselves but tend to get into real trouble once routers or switches beyond consumer level start having problems.
|
|
#
?
Sep 4, 2018 23:19
|
|
|
Tapedump posted:Roger all of that, and it’s appreciated. So, let me rephrase: The newegg one should work fine. I tend to trust newegg for computery poo poo like this, simply because Amazon can do some WEIRD poo poo aggregating 'similar' SKUs into one listing, which gives you that wierd feedback list.
|
|
#
?
Sep 5, 2018 00:08
|
|
|
Rick posted:I think I need to learn more advanced networking stuff but I can't seem to figure out which courses teach that. I have a pretty good grasp on the actual computers themselves but tend to get into real trouble once routers or switches beyond consumer level start having problems. Network+ is a good start. If you feel you are interested in more after that work on your CCNA.
|
|
#
?
Sep 5, 2018 00:17
|
|
|
Internet Explorer posted:Network+ is a good start. If you feel you are interested in more after that work on your CCNA.
|
|
#
?
Sep 5, 2018 00:23
|
|
|
Thank you all, I've gone the NewEgg route. I appreciate the help a bunch!
|
|
#
?
Sep 5, 2018 01:10
|
|
|
Rick posted:I think I need to learn more advanced networking stuff but I can't seem to figure out which courses teach that. I have a pretty good grasp on the actual computers themselves but tend to get into real trouble once routers or switches beyond consumer level start having problems. I would recommend doing the CCNA but I have met so many dumbfucks that have one I’d would recommend playing around with some stuff like various old castaway firewalls, switches and routers, and playing with software firewalls/routers like pfsense. Putting two nics in a Linux box and getting nat/dhcp/vpn worming is a good thing as well
|
|
#
?
Sep 5, 2018 01:35
|
|
|
Tapedump posted:(And, still curious... what is Open License? Google’s answers confuse me.) Sometimes I wonder if it is worth opening a Microsoft Licensing megathread...
|
|
#
?
Sep 5, 2018 12:50
|
|
|
Beefstorm posted:Sometimes I wonder if it is worth opening a Microsoft Licensing megathread... subject line: ask your tam alternate: install debian lock thread and throw it in the garbage
|
|
#
?
Sep 5, 2018 16:30
|
|
|
|
| # ? May 15, 2024 10:27 |
|
|
NevergirlsOFFICIAL posted:subject line: ask your tam it'll be a thread full of tams
|
|
#
?
Sep 5, 2018 23:27
|
|
