|
I feel like SCCM/puppet/etc are apps that can be safely taken down anytime outside of those large companies that have written 'shops' around them for application deployment like at verizon if I wanted anything installed on my system I would go to their little application shop, put in the request, and unless it required sign off from a manager for licensing fees sccm just immediately pushed it to your machine. it was pretty neat
|
#
?
Aug 2, 2021 19:54
|
|
|
|
| # ? May 23, 2024 08:48 |
|
|
GreenNight posted:Has anyone ever done an in place OS upgrade on an SCCM server? I've had good luck upgrading 2012 boxes to 2019 just by running the 2019 install media, but SCCM makes me nervous even with doing a snapshot. The official stance from Microsoft is “set up a new db host, a new sccm server and import the current farm clients”. Doing an in place upgrade might work but also could gently caress everything up so hard the living might envy the dead. We looked the possible upgrade options to upgrade from 2012r2 and just set up a whole new db&host combo instead.
|
|
#
?
Aug 2, 2021 20:00
|
|
|
Well drat. Makes sense. I upgraded a bunch of 2012 servers to 2019 this past weekend but haven't tackled any servers that have anything crazy on it.
|
|
#
?
Aug 2, 2021 20:12
|
|
|
I just put together a presentation that indicates that most of the features in one of our products (features that consume upwards of 80% of our development time, testing time, and total escalations) are used by less than 4% of our userbase. And these aren't new features; the most recent one of them was added years ago. We're basically killing ourselves supporting crap no one uses. I've sent it to our new product manager to do with as he pleases. My recommendation, frankly, is that we just drop support for these features in an upcoming release. We'll see.
|
|
#
?
Aug 2, 2021 20:17
|
|
|
SlowBloke posted:The official stance from Microsoft is “set up a new db host, a new sccm server and import the current farm clients”. Doing an in place upgrade might work but also could gently caress everything up so hard the living might envy the dead. We looked the possible upgrade options to upgrade from 2012r2 and just set up a whole new db&host combo instead. Well, not exactly. Microsoft has guidance on doing it, though I've never tried it myself.
|
|
#
?
Aug 2, 2021 20:19
|
|
|
FISHMANPET posted:Well, not exactly. Microsoft has guidance on doing it, though I've never tried it myself. They have updated guidance(the article is dated q2 2021), when we jumped from sccm 2012 to cb, the only clean option in the docs was to set up a new farm and force the clients to point to the new farm, otherwise going outside the guideline would have us in place upgrade os, db engine and sccm core at the same time which looked suicidal. SlowBloke fucked around with this message at 20:49 on Aug 2, 2021 |
|
#
?
Aug 2, 2021 20:39
|
|
|
Well that's the ConfigMgr software, not the OS that the Site Server/Systems are installed on. And that statement also goes against Microsoft guidance on doing CM upgrades. Those two recommendations have been fundamentally unchanged since at least the move to CB, and having met Aaron Czechowski a number of times and talking with him about documentation, I'm quite sure that if the recommendation was changed, that documentation would have been updated. It might be possible that, in working with a consultant, it made sense in your environment to rebuild (did you have a CAS?) but the official recommendation still seems to be that in-place upgrades of the OS are supported, and jumping from 2012 or 2012 R2 to Current Branch is still supported. E: Seeing your edit, I probably also would not want to update every single drat piece simultaneously, but it's all possible. Hell, I did a full rebuild on our environment 3 years ago, so I get it! But I'm very tempted to do some in-place upgrades now that the current infrastructure is on 2016 and I'd like to move to 2019 eventually.
|
|
#
?
Aug 2, 2021 20:54
|
|
|
FISHMANPET posted:Well that's the ConfigMgr software, not the OS that the Site Server/Systems are installed on. And that statement also goes against Microsoft guidance on doing CM upgrades. Those two recommendations have been fundamentally unchanged since at least the move to CB, and having met Aaron Czechowski a number of times and talking with him about documentation, I'm quite sure that if the recommendation was changed, that documentation would have been updated. We had 2012 r2 hosts running sccm 2012(upgraded to r2 at the time of the migration) with sql 2012, single internal host and single db host. We would had to inplace jump to win 2016, sql 2016 and sccmcb at the time. Given how we never had a single issue with the new cb farm I believe that we picked the best option at the time. Win 2016 to 2019 is a paid feature update so I’m less scared by inplace updates than say 2012 to 2016. SlowBloke fucked around with this message at 21:04 on Aug 2, 2021 |
|
#
?
Aug 2, 2021 21:01
|
|
|
Ooof, yeah, this conversation is kicking out some cobwebs, I wouldn't do an in-place upgrade on anything younger than 2016. Then again, I'm also now a DevOps Engineer who is very willing to tut-tut you for making a deployment not easily repeatable, so it should be easy to deploy to a new server! And having spent like 18 months on the project to migrate from the old SCCM environment to the new one, in a previous life, well I can just tut-tut myself right back.
|
|
#
?
Aug 2, 2021 21:16
|
|
|
Of all Microsoft software to lifecycle manage, sccm is the one I’m less prone to suicide upgrade, given that it’s built on a house of lies and broken dreams(after all the installer still uses SMS as the bin folder). Hopefully Microsoft will figure out how to do baremetal provisioning via intune and we will be able to jettison sccm far far away.
|
|
#
?
Aug 2, 2021 21:37
|
|
|
Our SCCM is the most current ver. Just the OS is 2012 (not R2). And the DB is on another server. Should just work upgrading it to 2019, but ehhhh. Famous last words. Yeah I'm not in place upgrading our 2008 (not R2) Sharepoint 2010 server.
|
|
#
?
Aug 2, 2021 21:46
|
|
|
Okay goon hivemind. I've been at an MSP for ~4 months now, finally out of healthcare printer support. I've done my share of fuckups; took down a phone system by following a client request to remove the Teams license on an o365 account called "Test Main", the client then cancelled the contract, etc. Now I've probably broken something and no one seems able to fix it, so I figure I'd throw it here. A client couldn't open any reports in Crystal Reports. Application opens fine, just any time a document is loaded it crashes with a memory error. No one else has this problem and it follows her from PC to PC.The computers all have local profiles, but they use RemoteApps, and it seemed to be tied to her profile. Having just done a profile refresh in the previous ticket that went swimmingly, I went ahead and did it. Logged her off the remote session, went on to the RDS server, .old'ed her profile, deleted the registry keys in ProfileList and ProfileGuid, and probably broke something here. They use profile disks. I had never heard of profile disks before, but soon became very familiar with Sidder. That said, nothing I did worked; deleting the disk and logging her back in gave her the same ID, same crashes. I ended up nuking her entire profile in AD and o365 and recreating it. Now the RemoteApp connection has been spinning for ~20 minutes. I'm not necessarily looking for an answer (unless the answer is "RemoteApp usually takes 30 minutes to build a new profile on the server") because there's a lot of moving parts and probably some client specific stuff I'm missing that's getting in the way, but I am curious if I was on the right track to begin with. None of my coworkers or supervisors seem to quite know what's going on with this and I'm feeling a bit left out to dry.
|
|
#
?
Aug 2, 2021 22:22
|
|
|
I can't help you with the issue you're having but if you're an MSP and working with Microsoft then you have access to a certain number of engineering hours to get support on stuff like this, and if you've used them up then just buy per-incident support. If there's nobody you can escalate to and you've been there 4 months then escalate to Microsoft, it's got to be cheaper than just slamming your head into a wall. https://support.microsoft.com/en-us/topic/technical-support-for-microsoft-partners-b18bd338-f9d6-55a6-bc0f-9bb4a1595a06 https://support.serviceshub.microsoft.com/supportforbusiness This is what my partner portal has, I can activate the support entitlement and then open a business support ticket 
Thanks Ants fucked around with this message at 22:31 on Aug 2, 2021 |
|
#
?
Aug 2, 2021 22:26
|
|
|
Oyster posted:Okay goon hivemind. Nothing profile related should be taking 30 minutes on first login. I can't speak to your specific issue, as I haven't used UPDs, only similar solutions, but reading up on User Profile Disks might be helpful. This seems like a good start - https://bobcares.com/blog/rds-user-profile-disks-on-windows/ It sounds to me like you might have deleted her local copy of her profile and not the actual profile disk itself. Going into the registry and removing her entries manually may have confused UPD. I'm almost wondering if maybe it just matched a UPD based on username and it's trying to load it? I'm not sure. Does the Event Log on the RDS show anything?
|
|
#
?
Aug 2, 2021 22:38
|
|
|
Thanks Ants posted:I can't help you with the issue you're having but if you're an MSP and working with Microsoft then you have access to a certain number of engineering hours to get support on stuff like this, and if you've used them up then just buy per-incident support. Didn't think of that since I typically don't think of Windows as Microsoft, but they use Azure AD and such. I've def escalated to Microsoft before and they've tended to be hit and miss; I've had one really, really good interaction and two where they left it worse than it started, though both of those were about calendars. gently caress Outlook calendars and gently caress their changing permissions structure. Will give that a try in the morning, thanks! Internet Explorer posted:Nothing profile related should be taking 30 minutes on first login. I can't speak to your specific issue, as I haven't used UPDs, only similar solutions, but reading up on User Profile Disks might be helpful. This seems like a good start - https://bobcares.com/blog/rds-user-profile-disks-on-windows/ Yes and yes. After the reg shenanigans I noticed that every time she logged in it was with a new temporary profile. I did end up managing to unmount and delete the disk itself. Then when she logged in the recreated disk had the same ID slapped on it and the issue wasn't fixed, so I unmounted it, deleted it, and nuked her profile in AD (with my supervisor's blessing). Oyster fucked around with this message at 22:44 on Aug 2, 2021 |
|
#
?
Aug 2, 2021 22:40
|
|
|
When she logs in with a black screen, does the disk in the UPD storage location get recreated? Is there anything in the Event Log on that RDS server when she logs in? Do you see any odd processes running as that user that aren't running under any other users? Have you found where UPD stores logs and checked there?
|
|
#
?
Aug 2, 2021 22:46
|
|
|
Internet Explorer posted:When she logs in with a black screen, does the disk in the UPD storage location get recreated? Is there anything in the Event Log on that RDS server when she logs in? Do you see any odd processes running as that user that aren't running under any other users? Have you found where UPD stores logs and checked there? Previously, when I had deleted the disk, yes, it gets recreated when she logs in. Since recreating the AD profile I have not deleted the disk. Even as RDS isn't "working" now (it's hanging on configuring session) there is an active session for her on the server. No odd processes that I'm seeing, will have to check where logs are stored.
|
|
#
?
Aug 2, 2021 22:56
|
|
|
If you make an entirely new AD account unrelated to this person, does it work? It's possibly that this RDS environment has been hosed for a while but it's just not become apparent. Also check group memberships have been preserved when you deleted and recreated the account.
|
|
#
?
Aug 2, 2021 22:59
|
|
|
Oyster posted:Previously, when I had deleted the disk, yes, it gets recreated when she logs in. Since recreating the AD profile I have not deleted the disk. Even as RDS isn't "working" now (it's hanging on configuring session) there is an active session for her on the server. No odd processes that I'm seeing, will have to check where logs are stored. What happens if you log her out, make sure her sessions closed, and then delete the disk? Thanks Ants posted:If you make an entirely new AD account unrelated to this person, does it work? It's possibly that this RDS environment has been hosed for a while but it's just not become apparent. Yeah, this is probably the first thing I'd test at this point. Create your own test account and see what happens.
|
|
#
?
Aug 2, 2021 23:04
|
|
|
Thanks Ants posted:If you make an entirely new AD account unrelated to this person, does it work? It's possibly that this RDS environment has been hosed for a while but it's just not become apparent. Hadn't thought to try a completely new account. Group memberships were def preserved. She wasn't even in the "Remoteappusers" group when it did work, and I did compare group memberships to a known working person, nothing changed when I added those. Tried both permutations (the original and the person's whose works) on the new profile. Edit: I'm off the clock now, will be picking this up first thing in the AM, but now I am excited instead of anxious. Thank you. Edit Edit: New user works just fine. Now to find out what's different about her new account and why that isn't working when a new user is. Triple Edit: Just went into ProfileList and it's not building her a profile at all. Gonna start over again. Quadruple Edit: Solved. I created another account for her and the same thing happened, hung on starting windows in the remoteapp session. I deleted that account, created *another* account with a different login name, mapped the proxy address as SMTP:<original address>, and everything fired right up. RemoteApps works, she's got her original email, all good. I don't know why she can't have her original login, neither does anyone else, but the ticket is closed. Thank you for the assist on my very first non-printer Ticket Came In. Oyster fucked around with this message at 16:41 on Aug 3, 2021 |
|
#
?
Aug 2, 2021 23:05
|
|
|
Sometimes this thread reminds me how much I enjoy being a Linux engineer.
|
|
#
?
Aug 3, 2021 18:40
|
|
|
shortspecialbus posted:Sometimes this thread reminds me how much I enjoy being a Linux engineer.
|
|
#
?
Aug 3, 2021 19:11
|
|
Cat Army
|
shortspecialbus posted:Sometimes this thread reminds me how much I enjoy being a Linux engineer.
|
|
#
?
Aug 3, 2021 19:41
|
|
|
poo poo is real. The amount of nonsense that comes up in corporate environments that has the root cause of "Windows" is loving amazing.
|
|
#
?
Aug 3, 2021 19:47
|
|
|
Internet Explorer posted:poo poo is real. The amount of nonsense that comes up in corporate environments that has the root cause of "Windows" is loving amazing. I'm glad I know so little about AD that I had to double check last night if it would do horrible things to reboot a domain controller(I literally couldn't remember what they were even called til just now) after routine patching I can click around and get basics done, but the event log is a horrible unreadable mess and that makes troubleshooting more of a spray and pray affair than I like
|
|
#
?
Aug 3, 2021 20:00
|
|
|
Finally diving into Intune for Win 10 management now that we’re all on M365 E3, I am excited to find new and exciting ways to watch Windows break itself.
|
|
#
?
Aug 4, 2021 00:35
|
|
|
My favourite part of Intune is using its native deployment of Office because if anything goes wrong with the deployment it invariably just ticks it off as a success and won't ever reinstall because all it does is look at some internal switch it flipped at the start of the process rather than verifying that there's actually any Office files or even folders on the target machine.
|
|
#
?
Aug 4, 2021 00:41
|
|
|
Internet Explorer posted:poo poo is real. The amount of nonsense that comes up in corporate environments that has the root cause of "Windows" is loving amazing. Another layer up is nice, too. AIX is esoteric enough that I don't have application engineers trying to tell me what to do. They see that acronym and let me do my poo poo because they're scared of it.
|
|
#
?
Aug 4, 2021 02:04
|
|
|
RFC2324 posted:I'm glad I know so little about AD that I had to double check last night if it would do horrible things to reboot a domain controller(I literally couldn't remember what they were even called til just now) after routine patching “It depends” Have 2012r2 adfs? Hope you are moving the pdc role around to a different DC in case the updates hose the box and you can’t recover it. In that case, external auth for adfs will stop because it only auths to the pdc role. And that’s how I killed o365 along with any other external auth for a company that is a mostly mobile workforce. Once I shut down the failed DC and siezed the fsmo roles, it all started working. Had it flattened, metadata cleaned up, and back in service by that evening once it was finished doing patch reboots. I had us upgraded to adfs2016 in 2 weeks, which doesn’t have that issue as long as you set a flag.
|
|
#
?
Aug 4, 2021 02:18
|
|
|
devmd01 posted:“It depends” JFC are you serious? Christ, I’m glad we moved to Okta from ADFS.
|
|
#
?
Aug 4, 2021 03:25
|
|
|
holy poo poo lol. yeah, I'm glad our clients tend to go okta, but even then I don't understand why we are even hosting a dc, since we are ultimately a very fancy saas platform, even if we usually let customers ssh/rdp to their boxes
|
|
#
?
Aug 4, 2021 04:16
|
|
|
Lord Dudeguy posted:JFC are you serious? Christ, I’m glad we moved to Okta from ADFS. https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-soft-lockout-protection microsoft posted:When AD FS Extranet lockout on Server 2012 R2 is enabled all authentication requests through the WAP are validated by AD FS on the PDC. When the PDC is unavailable, users will be unable to authenticate from the extranet. I’m just glad I was aware of this before it happened so I knew exactly what to do. devmd01 fucked around with this message at 08:32 on Aug 4, 2021 |
|
#
?
Aug 4, 2021 08:30
|
|
|
quote:Hi TK69, Her company is "redacted" and mine is "redacted2" We don't make software. At all. We're a recruiting firm.
|
|
#
?
Aug 4, 2021 21:07
|
|
|
Hello everyone. I come to you with magic. Have a mailbox you can't access because it's hard deleted or O365 admin can see it but Exchange can't? (both of these things happened in the last two days) Create another mailbox. Get-Mailbox -identity <insert deleted mailbox here> | format-list exchangeguid Get-Mailbox -identity <insert new mailbox here> | format-list exchangeguid New-MailboxRestoreRequest -SourceMailbox <deleted mailboxes exchangeguid> -TargetMailbox <new mailboxes guid> -AllowLegacyDNMismatch Say hello to all the inaccessible mail. Full credit to Thanks Ants for telling me to contact Microsoft through the partner portal. Holy poo poo I love powershell.
|
|
#
?
Aug 4, 2021 21:20
|
|
|
TITTIEKISSER69 posted:Her company is "redacted" and mine is "redacted2" That sounds like someone training AI to pitch at VCs
|
|
#
?
Aug 4, 2021 22:34
|
|
|
TITTIEKISSER69 posted:Her company is "redacted" and mine is "redacted2" "Hey dude with no decision making power, whaddyasay to becoming a reseller for our AV/SIEM/Vuln scanner product?!?!?!" Pass TBH.
|
|
#
?
Aug 4, 2021 22:58
|
|
|
I had someone trying to sell me a list of contacts, "decision makers" or some poo poo like that. For a sales person to cold-call or whatever. It can't be a good list if I'm on it.
|
|
#
?
Aug 5, 2021 02:22
|
|
|
Arquinsiel posted:I used to get that on LinkedIn all the time for some reason. I keep getting connection requests from the "CEO"s of these little 2-person web shops because I have a little HTML in my history (hell, there was even a little ColdFusion in there). LinkedIn is a shithole.
|
|
#
?
Aug 5, 2021 02:45
|
|
|
Delete poo poo you don't want to be bothered about.
|
|
#
?
Aug 5, 2021 03:00
|
|
|
|
| # ? May 23, 2024 08:48 |
|
|
We rolled out a brand new ticketing system and it was my entire life for two months and I'm still training people to use it properly and...now it's been bought out and the stand-alone product we use is end-of-lifing in October 2022. 
|
|
#
?
Aug 5, 2021 03:21
|
|
