|
bolind posted:Had my first “terminate ALL of this guy’s accounts IMMEDIATELY” email today. The fun ones are the phone calls the night before that start with "How fast can you move if we have to take action on $C-Level?" That or "We just fired dude, his computer is still unlocked, can you remote in quick?"
|
# ? Feb 7, 2022 06:46 |
|
|
# ? May 14, 2024 18:28 |
|
Ughhh I got the dreaded “can you buy us a printer” message today for one of our new offices. I really don’t want to be in the printer tech support business, nor do I want to get a $10,000/year 30-year lease on a Xerox machine. Anyone have a good recommendation for the most basic printer for an office that I am not local to?
|
# ? Feb 8, 2022 14:42 |
|
dexter6 posted:Ughhh I got the dreaded “can you buy us a printer” message today for one of our new offices. Don't say "No", just make "Yes" very expensive. In this case, you do actually want a four-digit lease on a big-rear end multi-function printer/scanner/fax/copier, because that lease will include support and supplies.
|
# ? Feb 8, 2022 15:13 |
|
Yeah, if you do it cheap, you are going to be the one making up the difference.
|
# ? Feb 8, 2022 16:10 |
|
dexter6 posted:nor do I want to get a $10,000/year 30-year lease on a Xerox machine This is exactly what you want to do since it makes it all someone else's problem
|
# ? Feb 8, 2022 19:06 |
|
Spending someone else's money on making something Not Your Problem is always the best way to go
|
# ? Feb 8, 2022 19:37 |
|
dexter6 posted:Ughhh I got the dreaded “can you buy us a printer” message today for one of our new offices. As everyone said, you do want the $10k/yr one, and what you do is find the local Xerox or Konica or Canon or whatever reseller, set up a meeting with their salesperson and whomever is in charge of the new branch office, and you stay on mute for that phone call. They won't even give you admin to the machine, so it really really won't be your problem (the admin code is 1234567812345678 though)
|
# ? Feb 9, 2022 03:25 |
|
I had to buy a printer recently and set it up and it's been fine so far. HP something because I didn't want to roll the dice on brother. I've had a brother printer at home for like 12 years and it's loving amazing and I'm scared that new ones are not amazing, and I can't get my heart broken further in 2022.
|
# ? Feb 9, 2022 03:26 |
|
I received requests for two 11x17 printers recently. Legit requests, the guys really need them. loving things just don't exist right now for whatever reason. I finally managed to scrounge up two reconditioned ones on Amazon for a reasonable price.
|
# ? Feb 9, 2022 05:30 |
|
dexter6 posted:Ughhh I got the dreaded “can you buy us a printer” message today for one of our new offices. If someone doesn't want to pay for a M400 I point them at the cheapest Brother that has the features they want. If they need more than a M400 can offer they need to talk to a printer vendor. wolrah fucked around with this message at 06:11 on Feb 9, 2022 |
# ? Feb 9, 2022 06:08 |
|
I ended up with HP Color LaserJet M653. I plugged it in a month ago and haven't had to touch it since and the users love it. If this trend continues.... I'm told the toner is expensive as poo poo but that doesn't come out of my budget Dans Macabre fucked around with this message at 16:50 on Feb 9, 2022 |
# ? Feb 9, 2022 16:47 |
|
Quick check, we are trying to troubleshoot a customers network, but they have their own IT people, who are being difficult. They say that the router on site is a: Cisco 881 running firmware version 15.4 I've looked this up and it appears to date from 2008 - is that right ?
|
# ? Feb 14, 2022 11:10 |
|
It looks like the latest IOS release is 2018. We did a similar dance a few years ago with a customer who had problems with VPN tunnels, we linked them the bug search tool entry applicable to their exact IOS version describing the problem we were seeing. All goes quiet until three weeks later when they are replying to the same thread telling us the problem still hasn't been fixed. No poo poo, you still haven't updated your routers. Thanks Ants fucked around with this message at 11:59 on Feb 14, 2022 |
# ? Feb 14, 2022 11:56 |
|
Thanks Ants posted:It looks like the latest IOS release is 2018. Yeah, this one is going to drag on. We put in some VoIP equipment for the customer, and they are seeing signalling issues ('internal' calls not connecting, calls going straight to VM rather than ringing etc) which is going to be their end, but the IT guys are denying anything is wrong, so we pushed to get info on their equipment, and it seems they are using a cisco device that was EOL in 2014. Which can't help much.
|
# ? Feb 14, 2022 12:55 |
|
We've dropped LTE routers (doing VPNs back to us) at clients before and had them run a subset of handsets off that connection for a week to prove the issue is with their network. Even if their IT team never get round to fixing the problem it moves it into the category of a problem that people just put up with until a new office manager starts and has the enthusiasm to try and deal with it again until they get jaded and quit, and gets it out of our queues.
|
# ? Feb 14, 2022 12:58 |
|
Thanks Ants posted:We've dropped LTE routers (doing VPNs back to us) at clients before and had them run a subset of handsets off that connection for a week to prove the issue is with their network. Even if their IT team never get round to fixing the problem it moves it into the category of a problem that people just put up with until a new office manager starts and has the enthusiasm to try and deal with it again until they get jaded and quit, and gets it out of our queues. Yup, I expect we will do similar to show the customer that their current IT people are being a bit economical with the truth re: where the phone issues are.
|
# ? Feb 14, 2022 13:05 |
|
Phone issues are the worst to try and troubleshoot because people assume that it's just a phone so what can the problem be, they seem to really love their phones, and also they will just flat-out lie about the problem thinking that it will get fixed quicker. In reality, claiming that *everyone* is having a problem when it's three people just means that it takes longer to fix your issue as it fucks up the troubleshooting process.
|
# ? Feb 14, 2022 13:22 |
|
That is the worst. "Everyone is having this problem!" Picture of everyone having the problem:
|
# ? Feb 15, 2022 19:08 |
|
The worst is also users who jump straight to conclusions and tell me what to do/install/upgrade/change. Without even making a proper description of the problem. What were you trying to do? What did you expect would happen? What happened instead? What are the steps someone else could perform to replicate the problem? It sounds so simple yet people are so dumb.
|
# ? Feb 15, 2022 19:46 |
|
Thanks Ants posted:Phone issues are the worst to try and troubleshoot because people assume that it's just a phone so what can the problem be, they seem to really love their phones, and also they will just flat-out lie about the problem thinking that it will get fixed quicker. In reality, claiming that *everyone* is having a problem when it's three people just means that it takes longer to fix your issue as it fucks up the troubleshooting process. When I responded back asking for details and explaining that we generally don't change extensions because that requires rebuilding any call flow they're involved in, the user ignored that response and then opened another ticket CCing her boss complaining about lack of support. Real situation after troubleshooting: One user had spilled coffee on their phone and taken another one from an unused location to replace it without telling us, reception phone had two outdated names programmed for its sidecar. Reprogrammed the borrowed phone to be the correct extension for that user, updated names on sidecar. --- Same site, over the weekend: "URGENT all faxes are down" Real situation after troubleshooting: One of three fax machines appears to be unplugged from the wall as it's not even responding to ring on the line, the other two work normally --- As always, I hate the fax stuff more because it's the same problems as phones plus a bunch of new ones, compounded with the dumbest possible people because no one with a functioning brain chooses fax over any other options, and everyone expects that '80s tech implementing an idea from the time of Lincoln is somehow perfect. More often than not it's either someone unplugged the machine or the number they're dialing is just wrong.
|
# ? Feb 15, 2022 19:47 |
|
Is there recourse for resolving a misconfigured offline root certificate authority in a Windows based PKI? I'm trying to get Windows Hello for Business sorted out, in addition to (hopefully) getting things in place to provide certs for internal websites and maybe get wifi to not be wacky... Given "perfection is the enemy of progress," I want to make some progress on getting this sorted, but lots of documentation is either so light on details that I can't tell if it's just not correct or it's high-quality and in-depth but also from 2008.
|
# ? Feb 16, 2022 02:52 |
|
Do you have any clues on what is misconfigured? I followed a well-documented step by step guide for setup and it worked great. Didn't go into a ton of detail on what each and every setting meant, but did explain enough to get a basic understanding. I have the link at work, I'll try to remember to grab it for you tomorrow CloFan fucked around with this message at 03:20 on Feb 16, 2022 |
# ? Feb 16, 2022 03:16 |
|
I followed this guide to set up my PKI, then the hybrid hello docs for the hello part. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831348(v=ws.11)
|
# ? Feb 16, 2022 03:19 |
|
CloFan posted:Do you have any clues on what is misconfigured? I followed a well-documented step by step guide for setup and it worked great. Didn't go into a ton of detail on what each and every setting meant, but did explain enough to get a basic understanding. I should have been more clear. I don't believe anything is misconfigured right now, but it's my understanding that the initial installation of the CA role relies on that CAPolicy.inf file being in-place and correct. I found this link, from another walk-though: https://www.pkisolutions.com/pkcs1v2-1rsassa-pss/ If I, for example, forget to set the "AlternateSignatureAlgorithm=0" line, then later some other device doesn't understand PKSC #1 v2.1 in the root certificate, it seems like I'd be up a creek without re-issuing a replacement root certificate. My question is more along the lines of, when/if I need to re-issue that root certificate, does that mean rebuilding a new root server, configuring the capolicy.inf file, then installing the CA role again, going through the cert request, etc etc...
|
# ? Feb 16, 2022 17:21 |
|
Hm. I don't know enough to answer that, but seems like someone very familiar with windows PKI would know how to handle that. Here's the guide I used: https://mjcb.io/blog/2020/03/09/certificate-authority-windows-server-2019/ And there's a specific part where they talk about the CAPolicy.inf file, but doesn't touch on what to do if it's wrong.
|
# ? Feb 16, 2022 22:10 |
|
you dont have to rebuild the whole server, but you will have to invalidate and re-issue your entire cert chain
|
# ? Feb 16, 2022 22:12 |
|
This topic of certificates and CAs has come just at the right time for me to tell a story about one of my recent nightmares. My company recently bought a bunch of APC PDUs with network management cards. We like to install SSL certificates on all HTTP interfaces whenever possible. It turns out that APC uses a pretty strange non-standard format for it's certificates/private keys: the P15 file. They provide tooling to create the private key and CSR, and then a way to combine the certificate with the key into a P15 file the PDU understands. So far as I can tell, there is no other way to make these files other than APC's tool, as something in the format is proprietary. I get the most recent command line tool for this, and after a bit of fiddling I'm able to generate the key and CSR just fine. I then submit that to my Windows Intermediate CA, and that gets signed just fine. Then I use the tool to combine the file and...no. It errors out, not liking something in the certificate. I dig around online and it turns out I'm not the only person to have this issue. It's something that happens in the most recent version of the CLI tools, 1.0.1. It apparently did not happen in 1.0.0. APC has scrubbed all record of version 1.0.0 from their site, and you can only use the broken 1.0.1. You can apparently fence with support to get them to send you 1.0.0 but gently caress that, there must be a way. There is. It sucks poo poo but there's a way. I dug into the tool and it has a cl32.dll file present. Google shows me that's cryptlib. It's a DLL, there's a chance another DLL version might fix this. I download the latest cryptlib developer tools and find the cl32.dll file. I swap it in and it seems to work! It's able to output the combined P15 file, although it crashes at the end. So far so good. The first PDU accepts the output P15 file and I have that working properly. Time to do the next one... The PDU won't accept the output P15s now. I'm almost at a loss by this point. Then I wonder if maybe there's something about the private key the newer cl32.dll creates that the PDU hates. So, I put the original DLL back to create the private key/CSR, then swap it back to make the output P15 file, and now this all works. Some testing and tweaking a batch file later I have a one line command to do this poo poo, because I have 13 more PDUs to install certificates on. In short, gently caress APC and their lovely bullshit tooling.
|
# ? Feb 16, 2022 22:59 |
|
I have about 20 of those APC UPS's with management cards (and even the cloud connectivity card) but gently caress putting certs on all that. I'll deal with the browser error instead. We did throw them all on a special UPS DMZ cause who knows what security holes their cloud management card has.
|
# ? Feb 16, 2022 23:02 |
|
GreenNight posted:I have about 20 of those APC UPS's with management cards (and even the cloud connectivity card) but gently caress putting certs on all that. I'll deal with the browser error instead. I felt up for the challenge but was very close a few times to writing it off. I present gently caress-you.bat: code:
|
# ? Feb 16, 2022 23:28 |
|
I don't think APC has ever met a standard they didn't comprehensively gently caress over and reimplement in the dumbest possible way. I'm surprised they haven't developed some alternative to AC and DC power yet.
|
# ? Feb 16, 2022 23:40 |
|
Another reason APC sucks is that port labeled "serial" is not a regular serial port, it's a proprietary pin-out. If you plug in a normal USB-to-Serial adapter to that port, the failure mode is not simply "no connection"... you know what it does instead? It shuts down the UPS entirely, instantaneously, without warning. Ask me how I know.
|
# ? Feb 16, 2022 23:50 |
|
SopWATh posted:Another reason APC sucks is that port labeled "serial" is not a regular serial port, it's a proprietary pin-out. If you plug in a normal USB-to-Serial adapter to that port, the failure mode is not simply "no connection"... you know what it does instead? It shuts down the UPS entirely, instantaneously, without warning. Each one comes with a serial cord, and my current best practice is to leave that cord attached at all times as a precaution. ninja: I'm actually going to update this to just put in a dummy RJ45 with no wire in it with a big NO attached to it
|
# ? Feb 16, 2022 23:56 |
|
What do you do with that port? I’ve never used it. I configure everything via the web.
|
# ? Feb 17, 2022 00:09 |
|
GreenNight posted:What do you do with that port? I’ve never used it. I configure everything via the web. Configure the web interface because its not in the standard access vlan (that we can't really-really secure because we have no PKI)
|
# ? Feb 17, 2022 00:10 |
|
The network card is dhcp so I just check dhcp to see what apc dns entry is there and then connect to the IP in a browser.
|
# ? Feb 17, 2022 00:11 |
|
Extra fun: if the certificate has expired the HTTPS service will just endlessly reset the connection, requiring you to enable HTTP to update/reset the certificate I found this one out when the PDU didn't regen it's certificate and booted up cold form the box with an expired cert.
|
# ? Feb 17, 2022 00:18 |
|
Sounds to me like UPS poo poo should have a little literal mechanical red flag they raise when the batteries are running flat and never, ever be allowed to talk on the network ever.
|
# ? Feb 17, 2022 04:39 |
|
GreenNight posted:I have about 20 of those APC UPS's with management cards (and even the cloud connectivity card) but gently caress putting certs on all that. I'll deal with the browser error instead. Oh hey I forgot to mention: the other reason I bothered with this is that there's a fairly decent chance that some non-IT/tech staff will be granted access to cycle the outlets on these PDUs. They were bought to allow for remote resets of stuck workstations for WFH users. Part of that is the option to enable some team leads to reset workstations when IT is not available/busy. I felt like I needed to clean up the interface and get rid of SSL warnings since I can see some non-technical people getting stuck and end up bugging me anyways about "OMG IT'S NOT SECURE WHAT DO I DO" regardless of what's in the how-to article. I'm never using the web interface at all for operational tasks. It's 10x faster to do it via SSH. Albinator posted:Sounds to me like UPS poo poo should have a little literal mechanical red flag they raise when the batteries are running flat and never, ever be allowed to talk on the network ever. There are a lot of reasons to want this poo poo to have network management, and when it works it's really handy and downright essential. The problem is that they've made it deliberately arcane to use, probably because there's one greybeard somewhere who is the only one who maintains it at APC these days.
|
# ? Feb 17, 2022 04:49 |
|
I do really like getting alerts when there is a power issue at our remote manufacturing plants.
|
# ? Feb 17, 2022 05:29 |
|
|
# ? May 14, 2024 18:28 |
|
Number19 posted:Each one comes with a serial cord, and my current best practice is to leave that cord attached at all times as a precaution. You know the next person will see that as a big ON instead and do something bad.
|
# ? Feb 17, 2022 12:57 |