What does SIDS mean?
How were you able to talk to a Microsoft tech? I have been trying for a week to prove to Microsoft I am not a bot with their automated system. I need help. I need to talk to a person, not some bot or website. Trying to create a Microsoft account using this email address [email protected] I keep getting stuck on the dumb test to prove I am not a bot. Next Time: Pick one square that shows two identical objects.The problem is that most sides donât have two identical objects, so I have to guess. I believe whoever created bots should spend their afterlife in Hell. I feel better. Thanks for letting me rant.
2 Likes
Um⌠OPâŚ
2 Likes
lmao that was three years ago
2 Likes
Thanks, guys, for replying. Maybe I can access Microsoft support through my new job once I start. Unfortunately, I am still waiting for a start date for my training. Unfortunately, my supervisor has just tested positive for COVID, so everything is delayed until she feels better. I think it is retarded. Microsoft has stopped giving support to individuals and only now supports its business customers.
@thro GNS3 isnât all that bad; true, you canât find any legal available Cisco router or Cisco switch images anymore, but there are quite a lot of other router and switch images manufacturers have made available also; you could make your own Cisco images from the Cisco equipment you have. You should try GNS3 again.
You can now get packet-tracer without taking a free course; at least thatâs how I got it.
Iâve since found a better way to use GNS3 - just standardize on DELL layer2/3 switch images. Been doing that for about a year now.
Theyâre close enough to IOS, available free and enable you to use GNS3 with real router software for no cost, outside of large amounts of RAM.
Yeah i did my CCNA course as well, and have packet tracer.
Be aware: packet tracer is good for entry level concepts and can teach you the things it is used for in the course - but it does NOT reflect reality when you try to use it for more complicated things as it is not running real router software - its running a subset of what the software does.
Several times Iâve labbed some scenarios up in Cisco Packet tracer and it has either had bugs or otherwise not behaved the same as the real world.
Itâs great for entry level - but if youâre planning to test actual configurations - get GNS3 or VIRL. You can also use VIRL images with GNS3, but that requires a subscription. The DELL layer 3 switch images are free.
2 Likes
Iâll just add - the big problem with packet tracer is that it isnât always clear when something isnât supported - its just silently broken or doesnât behave right. I think it might have been VRRP or HSRP i was trying to test last time and it would allow me to configure it, it just didnât behave properly.
So⌠my advice is that unless youâre using it for the inbuilt lab exercises⌠beware! Use GNS3 instead.
Your instructor would warn you about this in the course if you do it - but if youâre running it without having that that instruction⌠iâm not sure if it is in the docs anywhere to be careful with it.
Either way⌠donât trust it 
If something youâre doing with it seems weird or not working properly, it could be your config. It could also be a bug
1 Like
So iâm looking into adding metric to the dhcp gateway to make sure device with multiple network use the expected on to reach out.
Iâve only found something from microsoft DHCP, and i wanted to check if systemd networkd would be able to exploite it.
I am confuse about how to set that option on pfsense.
There is a dhcp option called âVendor-Specificâ in the iana doc, option 43, but i have no idea how to to set the option code, lengh and data afterward in the pfsense UI
Any idea ?
1 Like
I donât know anything about adding a metric to the DHCP gateway. But I would accomplish your goal if I understand what you are trying to do: create multiple Vlans inside my switch and Pfsense and write firewall rules to keep each Vlans traffic separate from the others.
I donât think this is what you want.
https://man.openbsd.org/dhcp-options#option~43
Looks like thatâs option 82 based on the OpenBSD docs.
https://man.openbsd.org/dhcp-options#option~82
You could see if option 7 allows you to specify multiple default routes and maybe the order dictates the metric?
https://man.openbsd.org/dhcp-options#option~7
From what Iâve seen though, the way most people deal with default gateways across multiple interfaces using DHCP are to ignore the default gateway on specific interfaces in the DHCP client config and/or in Linux, make it behave like BSD where packet replies are sent on the receiving interface regardless of default gateway.
You can also simply not provide a default route from the DHCP server on specific subnets.
Iâve been involved with Windows Server and AD in various roles over the year, but always in âhybridâ roles (you know, doing desktop and network support alongside sysadmin stuff.) Some of my experience goes back toâŚwait for itâŚNT Server 3.5.1. Unfortunately Iâve never actually been in a full on sysadmin role.
Got a few concerns about this job. First Iâd feel pretty confident going into a junior level system administrator job, but intermediate level has me wondering. I can add/disable a user, create an OU, install a server in a VM, install Active Directory or other roles, etc. but some of the less common Microsoft technologies and roles are foreign to me (e.g., Intellimirror or BranchCache.) And Iâve never dealt with Group Policies very much, except to troubleshoot some client side problems with gpedit and regedit.
Any tips for preparation, or any trick questions to watch out for? Should I just pack up my toys and go home?
We all have to start somewhere. Donât quit before you start.
Does your new place have a UAT environment or a test environment? Get permission to play there.
MS TechNet is your friend. I say this a an involuntary Windows System Administrator. I know my stuff and have soaked up things over the years, but I have no formal MS certifications.
Know the difference between enabled and enforced in regard to GPOs and how that affects the order of precedence when looking at a list of GPOs applied to an OU. I am constantly having to explain to people how this works.
2 Likes
Sorry @Shadowbane and @oO.o , never got the usual notification when you replied
those are multiple vlan, but i want to tell the system that when it both have a Nat and a Back interface, he should use the NAT interface GW and not the Back oneâŚ
Since itâs all DHCP and i donât want to add dirty hookup script for that, iâm looking at making one DHCP metric more important than the other.
You are right, since my guess was that option are sent to the client to deal with, i was looking that the linux dhcp doc and not the BSD one.
Could be wrong there since it was a baseless assumption.
Both option 82 and 7 donât seam to provide any way to make 1 route more important than other route sent by another DHCP.
Since the network are separated, both interface will do a dedicated dhcp request, get there own route, and i wonât have a way to order them ?
I use to do that.
I use to have a state in salt that would list the ip of every interface, match it to an internal subnet list, and add the âignore gatewayâ config the every interface but the priority subnet.
Sadly this mean no dynamic IP config as i need to trigger a salt run to update it. and this is why i was looking at metric.
I have NEVER managed this.
It is the main goal, and iâve spend 4Y on it yet.
The only way i found was to create dedicated routing table per network with the default gateway for that network in it, and map all inbound to the right table.
But outside of making it a mess to manage and automate, it break the capability of the router to provide a shorter route (the info is only added to the main table) and after a couple of packet, the firewall would block the asymmetric routing.
If there is now a simple way to tel debian to reply to the same interface, i would LOVE to know it
1 Like
Yeah, thatâs how you do it.
Afaik, there just isnât a way to pass routing metrics with DHCP. I agree that it would be a nice feature though.
I think this is just more complexity than DHCP is meant to handle. A host in a private network shouldnât really need to worry about asymmetric routing. If you want some failover or load balancing in your local routing, thatâs best provided by VRRP or CARP. If you want redundancy or dynamic routing on the WAN side, the router(s) should do that without the hosts getting involved at all.
Haha! Its me again!
First of all, update regarding iXSystems:
- No fuss getting a replacement from iXSystems
- Takes a surprising while to get a replacement shipped out tho
- No mobo swap, they sent a full on chassis to swap where I just swapped the drives and uploaded the config and was up and running again
- iXSystemsâ finance team is not so happy though because CFO held back paying the invoice until the chassis was fixed
- iX sent the server with DPP shipping (Tax and import fees billed by iX) instead of the requested DAP shipping (Tax and import fees billed by a third party broker for VAT reclaim), and when we requested correction theyâre blaming us
- Fedex being dumb in general and issues with Colo DC and inbound shipments because weâre subleasing rack space
Now heeeeere comes the spicy stuff:
- Finally got a project plan in place for remediing the issues raised in the external security audit
- Zabbix monitoring is almost up and running but need to finish up docs and redeploy into prod
- Used Zabbixâs discovery feature and found 20+ boxes with SNMPv2 enabled with âpublicâ default community, already getting people to recreate their VMs with it disabled
- Funilly enough, because Zabbix is a monitoring system first, it ingested the SNMP data and instantly saw 3 servers going critical at the same time and had to hunt down the service owners of those boxes fast with âYouâre out of swap, all partitions are below 10% space free and RAM usage is at 90%+â
- I found out we have Azure AD like two weeks ago with only a SINGLE laptop enrolled back in 2021 (We have GSuite, FreeIPA and now AAD, how the hell can you keep these things in sync???)
- Previous IT Bitlockered all laptops, never saved the recovery keys, laptops never rotated and TPM chips began to die randomly
- Began to lifecycle out laptops because people are literally running Haswell laptops, finance dept went HOLâ UP after half of them received replacement laptops with new docking stations and told me one or two laptops a month max
- Told finance to pack up their stuff and move off their Windows finance server by end of December and to either use a cloud solution, pay up for AWS or pony up $$$ for a brand spanking server that Dell will actually stamp with OEM licenses
- I got a permanent datacenter access, which you know what means. Going insane with a label maker and just stamping stuff to be decommissioned
- Finally got a proper SPF record within DNS, daily alerts about phishing emails are GONE and my inbox is not spammed by it
- Hooking up out of band management finally, turns out most boxes are missing the physical iDRAC 7 cards so gotta source a vendor for replacements
- LDAP Auth all the things! All of the iDRACs are now using LDAP/SLDAP authentication and so is Zabbix. Engineering got a friendly ticket to lock down their ELK stacks with LDAP auth with examples of how its used in production. Supermicro LDAP is kicking my butt though, might make a separate forum post for getting help with this
- Began kicking out soon to be EoL software off peopleâs laptops and modernising it, people not happy about the new UI because I just blasted them from version 2013 to version 2022
- The dude pulling double duty as network engineer loving my âno fucks givenâ attitude and is happy with me modernising everything
- Building out infra in the second DC to act as a disaster recovery site, engineers cheering about having local storage
- CFO and VP politely asking me to take a holiday because I literally took only a single day off since I started (Isnât taking time off while still in probation a bad thing though?)
- Today I verified our domain with AAD and managed to take control of peopleâs âpersonalâ MS accounts that were created with the work domain and went on a purging rampage, CTO spat out his coffee on his IBM Model M keyboard after telling him what I did and friends asking me if Iâm not secretly SwiftOnSecurity by any chance
Thereâs more stuff but this post is already too long. Been here only for 4 months but it feels like years.
Anyway need alcohol recommendations, I donât think mixing monster zero ultra with jagermeister constantly is doing me any good
8 Likes
Dirty Martini, extra filthy with Skyy Vodka instead of Gin.
Broseph, you are literally working yourself out of a job and moving at an unreal pace. Donât burn yourself out. also, I hope you are getting signatures and recommendations for your next job. What ever they are paying you, it just isnât enough, but I am glad that they got you some help. I am still struggling where I am because we have been lean for over a year now and the new company on the contract is playing the same games now. We are pretty close to staging a walk out.
3 Likes
Got a promotion to Sr. Sysadmin. 
13 Likes