Onsite equipment availability?

I am in a position where we have 3-4 sites (depending on how much cross over you consider) where IT is not centrally located. This means that things like replacement mice, or keypads may take half a day to get to the recipient. We're in the manufacturing sector, so sometimes its a sudden emergency, and we need to drop everything just to bring them a $10 keyboard.

My thoughts are to have a metal cabinet, hooked up to the same system as our door access. This way we can control the users that should have access to it, and record the times that its been accessed.

For those in similiar situations, what are your solutions?

https://redd.it/1nl45r5
@r_systemadmin

Does Server 2025 Still Have Issues?

We are getting ready to set up another AD domain. Very basic: AD, DHCP, DNS, and a fileserver. I've read 2025 has had some issues though that was several months ago since I researched it last.

I know we can get 2025 volume licensing and have downgrade rights to 2022. But, I'd rather just go to 2025 from the start if possible.

Is 2025 still a problem child?

https://redd.it/1nl5s1p
@r_systemadmin

Am I Getting Fucked Friday, September 19th 2025

Brought to you by r/sysadmin 'Trusted VAR': u/SquizzOC with Trusted Telecom Broker u/Each1Teach1x27 for Telecom and u/Necessary_Time in Canada

PMs are welcome to answer your questions any time, not just on Fridays.

This weekly thread is here for you to discuss vendor and carrier expectations, software questions, pricing, and quotes for network services, licensing, support, deployment, and hardware.  

Required Info for accurate answers:

* Part Number
* Manufacturer/vendor
* Service Type and Service Location
* Quantity (as applicable)

All questions are welcome regarding:

* Cloud Services - Security, configurations, deployment, management, consulting services, and migrations
* Server configs and quote answers
* Storage Vendor options, alternatives, details, and selection
* Software Licensing - This includes Microsoft CSPs
* Network infrastructure - overlay software, segmentation, routers, switches, load balancing, APs…
* Security - Access Management, firewalls, MFA, cloud DNS, layer 7 services, antivirus, email, DLP….
* User gear - Usually, you should buy the quote you have unless the quantity is +50 units
* POTS line replacements
* Single site and multi-location connectivity – Dedicated internet access, Broadband, 5G LTE, Satellite, dark fiber, Ethernet services
* Voice services- SIP, UCaaS,

https://redd.it/1nl50og
@r_systemadmin

KB5065426 issues Win11 24H2

Anyone else lost Microsoft Print to PDF after installing KB5065426?

I've uninstalled the update, repaired DISM. Tried re-installing through windows features, PS and DISM but always get the same error code - Error: 0x800f0922

It's driving me nuts....

https://redd.it/1nl4uyg
@r_systemadmin

Google Chrome * Gemini Integration: Heads up to responsible admins in healthcare

For any of you that admin hospitals or clinics, be aware that Google has been rolling out Gemini App and Generative AI integrations into Chrome for a short while now. Be sure to update your chrome ADMX files and review the Chrome 'Generative AI' options in group policy. If you arent under a BAA with google workspace or other confidentiality agreements with Google, you might want to disable some of the generative AI features. The new Gemini App explicitly states to the user that page URLs and *Contents* will be sent to google/gemini for processing.

This could be a big compliance issue for healthcare orgs that dont have eyes on this.

https://redd.it/1nl9anm
@r_systemadmin

This Microsoft Entra ID Vulnerability Could Have Been Catastrophic

Security researcher Dirk-jan Mollema discovered two vulnerabilities in Microsoft's Entra ID identity platform that could have granted attackers administrative access to virtually all Azure customer accounts worldwide. The flaws involved legacy authentication systems -- Actor Tokens issued by Azure's Access Control Service and a validation failure in the retiring Azure Active Directory Graph API.

Mollema reported the vulnerabilities to Microsoft on July 14. Microsoft released a global fix three days later and found no evidence of exploitation. The vulnerabilities would have allowed attackers to impersonate any user across any Azure tenant and access all Microsoft services using Entra ID authentication. Microsoft confirmed the fixes were fully implemented by July 23 and added additional security measures in August as part of its Secure Future Initiative. The company issued a CVE on September 4.

https://redd.it/1nlbl8r
@r_systemadmin

Went from 3 people to 2 in IT, asked for a lighter workload cause the burnout is creeping in. Got told I should be asking for overtime if stuff's not getting done. Clearly this is a sign to abandon ship, right?

Like the noscript describes, the position I find myself in has turned out to be more permanent than I was led to believe initially. When I started here, I was the 3rd guy. Shortly after I was hired, my manager transitioned away from IT, and I knew immediately this place wasn't on top of their game in terms of IT.


Fast forward to today, about 1.5 years later, and I'm still in a 2-man team with only more responsibility. I can tell that the workload isn't getting any lighter and the demands aren't decreasing, so I voiced my opinion to management.


What I didn't expect was direct gaslighting about the issue. For them to suggest I should just work more to make the problems go away is really rubbing me the wrong way, both professionally and personally.


Am I a crazy person for not clinging to my job in this current market despite this type of treatment??

https://redd.it/1nld6bf
@r_systemadmin

Not encouraging the 4am OMG this is an emergency now call

Got called at 4:30am after my team's on-call person had been aroused and told them to send it to me.

"We might not make a Sunday release because the Pre-Production testing environment is down!"

Strike 1: 4:30am

Strike 2: For non-production system

Strike 3: That according to the logs had been down for over six weeks

Been down a day or two? Sure I'll give the benefit of the doubt when working a tight deadline project you had checked that the needed resources were available and have handed it off to the right team to be woken up. Six weeks? Nah.

Took all of about twenty minutes to figure things out and email them to let them know it wasn't my issue but I had scheduled an email to the appropriate team for 8am asking them to fix it.

Along with the appropriate heads up email to their project manager and my boss.

At least I learned how set "delay delivery" in Outlook.

https://redd.it/1nlenes
@r_systemadmin

VP (Technology) wants password complexity removed for domain

I would like to start by saying I do NOT communicate directly with the VP. I am a couple of levels removed from him. I execute the directives I am given (in writing).

Today, on a Friday afternoon, I'm being asked to remove password complexity for our password requirements. We have a 13 character minimum for passwords. Has anyone dealt with this? I think it's a terrible idea as it leaves us open to passwords like aaaaaaaaaaaaaaaa. MFA is still required for everything offsite, but not for everything onsite.

The VP has been provided with reasoning as to why it's a bad idea to remove the complexity requirements. They want to do it anyway because a few top users complained.

This is a bad idea, right? Or am I overreacting?

Edit: Thank you to those of you that pointed out compliance issues. I believe that caused a pause on things. At the very least, this will open up a discussion next week to do this properly if it's still desired. Better than a knee-jerk reaction on a Friday afternoon.

https://redd.it/1nldpjb
@r_systemadmin

Today's one panel cartoon in the Wall Street Journal addresses IT outsourcing

For a quick chuckle: https://www.wsj.com/opinion/pepperand-salt-541ab8d8?mod=pepperandsalt\_article\_pos1

https://redd.it/1nlg0dh
@r_systemadmin

“We haven’t had our server long”

Says the president of the firm my company acquired a year ago.
—
My company, an environmental engineering holding firm has been acquiring small firms to go the business. I am tasked with helping move the small firms’ data to a cloud service provider. Part of the process is using a tool on the server in the small firm’s environment.
The latest one had checked off enough memory and storage with a newish Windows Server 2022, but no one looked at this particular server closely to notice its about 8 or 9 years old and slow as h—. And their Internet is only 50Mb upload
This will be a disaster…

https://redd.it/1nlkajw
@r_systemadmin

Calling All Sysadmins! What’s Your Best Advice or Fun Welcome Message for a Fresh Sysadmin?

Hey everyone,

We’ve got a fresh sysadmin diving into this crazy, ever-changing world of systems administration. Whether you’re a seasoned pro, someone who’s still figuring things out, or just have quirky advice to share—this is your moment!

What’s the best advice, tip, or funny “welcome to the team” phrase you’d give to someone just starting their sysadmin journey? Could be a golden rule, a survival tip, or a cheeky phrase like “Welcome to rest in peace!”

No advice is too big or too small. No joke is too silly. Just throw it all in—let’s create a treasure trove of wisdom and humor for the newbies.

So, what’s your story? What should every fresh sysadmin know or laugh about before they jump in?

Can’t wait to hear your thoughts!

https://redd.it/1nlrgzg
@r_systemadmin

Kerberos update inflicted strange behavior

Asking for (expert) opinion. MSP tasked me with the assignment of updating a customers kerberos password after not changing it for more than 14 years as a security recommendation from their security partner.

After assessing the impact, checking domain controller replication for possible errors I changed the password once. The day after customer started noting problems with their citrix environment, being that application crashes occurrd, chrome.exe not working and log off issues.

The evening of changing the password I checked after changing the password for kerberos authentication errors on several servers, however I couldn’t find any. The problems have led to customer escalation and we however decided to go forward and change the Kerberos password for the second time to get rid of the golden ticket attack possibility.

The problems that are currently still occurring are focused on the customers Citrix environment with described problems above.

Customer is running an older but stable (prior to the change) version of FSLogix, in combination with Ivanti Workspace Manager, on Server 2022 Std edition.

I just want to rule out that changing the Kerberos password has anything to do with chrome.exe or pdf readers crashing. Strangely enough no eventlog registrations point us in any direction where the issue might come from.

After changing the password once and afterwards for the second time (there were 25 hours in between changing and default domain policy was set to 10 hours to expire tickets) we initiated a klist purge and rebooted the domain controllers one by one to see if this would make any difference. Further I have visually confirmed the keynumber version incrementally changed from 2 to 3 and from 3 to 4 on all domaincontrollers. This for me is an indication that the change went successfully.

I can image and understand the change could trigger something, yet crashing applications on a citrix server that have no dependencies with the domain is strange behavior. Also when not using FSLogix profiles no errors occur. When reverting back to FsLogix the issues occur. When using the most recent version of FsLogix the issue persists.

Please share your opinions and possible suggestions on how to investigate this further.

Thanks in advance.


https://redd.it/1nlwl41
@r_systemadmin

Large Enterprise ADFS Migration - Seeking Community Experiences

Hi all,

Our organization is a large enterprise that has been heavily invested in Active Directory Federation Services (ADFS) for years. We're now considering initiating a project to review and potentially trial more modern authentication mechanisms, but the scope feels daunting given our deep integration.

# Our Current Situation:

* Extensive ADFS deployment with numerous integrated applications
* Complex on-premises infrastructure dependencies
* Significant investment in existing ADFS customizations and configurations
* Large user base with established authentication workflows

# What We're Seeking:

I'd love to hear from others who have navigated similar transitions:

**Migration Experiences:**

* Has anyone here led or been part of a large-scale ADFS migration?
* What were the biggest challenges you encountered?
* How did you handle the transition timeline and user impact?
* What lessons learned would you share?

**Solution Comparisons:**

* **Microsoft Entra ID (Azure AD)**: Experiences with hybrid deployments, cost implications, feature gaps vs ADFS?
* **Third-party solutions** (Okta, Ping Identity, Auth0, etc.): How do they compare in enterprise environments?
* **Other modern alternatives**: What else should we be evaluating?

**Practical Considerations:**

* Cost analysis: Hidden costs beyond licensing?
* Integration challenges with legacy applications?
* Change management strategies that worked well?
* Security and compliance considerations during migration?

# Specific Questions:

1. For those who moved to Entra ID - was the cost savings as significant as Microsoft claims?
2. Any experiences with running parallel systems during transition?
3. How did you handle applications that were tightly coupled to ADFS?

Any insights, war stories, recommendations, or cautionary tales would be incredibly valuable as we plan our approach.

Thanks in advance for sharing your experiences!

https://redd.it/1nlvdm6
@r_systemadmin

IT now controls the light system

I kid you not the reasoning was "it plugs into an Ethernet cable".

I'm waiting for facilities to shove HVAC off to us as well because that's networked too. Maybe we disconnect it from the network so they can't use that argument. "Oh you're mad you cant control it from your desk anymore? I can control the lights from my desk it's nice"

https://redd.it/1nm0miq
@r_systemadmin

Military equivalent of DevOps

I’m active duty in the Army, working as a 35T. From what I can tell, my role lines up pretty closely with DevOps/sysadmin: I handle system integration, troubleshooting, networking, security, and keeping mission-critical systems running.

Here’s where I’m at:
Certs: Only have Security+ right now
Clearance: Active TS/SCI
Experience: 5 years in the field (all hands-on, operational environments)
Education: No degree yet — considering WGU’s Software Engineering BS/MS because of flexibility & cost

My questions:
•Would a degree from WGU or UMGC actually help me when I separate, or should I just keep stacking certs?
•For DevOps roles, which certs would you recommend I target next (AWS, Azure, Linux, Kubernetes, etc.)?
•For those who made the jump from military IT/maintenance into DevOps/SRE, what helped you the most when transitioning?

Trying to set myself up for success when I ETS. Appreciate any advice.

https://redd.it/1nm6t4w
@r_systemadmin

Lost Hardware

A help desk employee lost a brand new $2,500 piece of equipment and has no idea where it went. The department is a secure area, so there are cameras everywhere. Security has him on video putting the device in his backpack. He went over to pick it up and bring it back to the help desk for configuration. For some reason, people were asking me what to do, so they received "order a new one and tell his manager".

Chances are it was thrown out by accident because he comes across as too skittish to steal anything.

https://redd.it/1nm5xlu
@r_systemadmin

Company Provided Cell Phones

Just curious how many of you have companies that provide mobile devices for your end users?

How do you go about managing them day to day and how many total devices?

https://redd.it/1nm36eo
@r_systemadmin

How do y’all deal with people that just seem to hate IT?

I get a ticket from a user Monday about not receiving emails from a vendor they’re expecting. Now I like this person, I feel we used to have pretty good rapport but I work with them much less now that they’re in sales. I do a message trace, no dice, nothing in quarantine, I see that vendor has sent emails, just not the ones he’s looking for. I say hey I don’t see anything that shows it even hit the server, so it likely is on their end. Maybe they don’t send it, or they’re having issues with their system? Do you have anyone from there I can talk to and sort it out with?

I then get an email I believe he meant to forward but replied and added his boss (sales) asking if I knew what I was doing because I’m always pushing back and not fixing his problems, then suggests I should take some formal classes in IT because I’m not helpful.

I just didn’t reply from there but I’m like, bro what the fuck? Half the time I ask you questions on your tickets and you just don’t reply? I know I love the quick fixes, but shit am I not allowed to take more than one email to fix an issue? I talk to the sales guy and show him our tickets and he’s like no no, I get it. I know you’re just trying to help, no one else here is doubting your abilities.

But like, what do I even do for people like these? If I don’t do it via ticket it’s not documented so I hate to call them or come to their desk. Also, turned out vendor was mid migration and had some issues come out that was making one of their programs that sends email fail to send intermittently.

https://redd.it/1nmaypc
@r_systemadmin

How do you handle problems that resolve themselves?

Exactly as stated.

We recently had an issue where a large number of our pooled VDI machines lost contact with the with the DC's and started complaining about time differences. We didnt change anything to fix it, we just rebooted the unused machines in the pool and it seems to have cleared up. The group that controls the DC's swears it wasnt a time issue on their end and I know its not a time issue on the pooed VDI machines.

The issue just went away and im having trouble letting it go. I need to know the cause before I can move on and im struggling. Besides that, its hard to give a downtime summary to leadership when you cant confirm the cause for a fact.







https://redd.it/1nmats1
@r_systemadmin

M365 Apps unexpectedly closing on their own? Follow up

Hi Folks,

I posted a while back about an issue where M365 apps (New Teams, OneDrive, Edge, and New Outlook, Word, Excel) would all suddenly close at the same time without warning.

At the time I couldn’t reproduce it consistently, so it was hard to pin down. I thought the culprit might be the M365 cloud update, but u/martinnothnagel\_msft has confirmed the cloud update ONLY impacts apps that use the C2R. As this issue was still happening at least once per, week, whilst on the monthly enterprise channel that could not be the culprit. Further, this issue continued to occur after the cloud update was paused.

This week it finally happened on my own work laptop, and I was able to spend time digging in. Here’s what I found:

The trigger appears to be updates to the AppX package e.g. New Outlook app (olk.exe), which is delivered as an AppX package via the Microsoft Store.

Around the exact time the apps all closed, the folder C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_* had a modified timestamp, confirming an Outlook update was applied.

When this happens, not only does New Outlook restart, but other M365 apps also crash. Edge also shows “Edge closed unexpectedly” when relaunched.

In order to workaround this, i've applied a GPO to block Microsoft Store auto-updates. I’m going to monitor this week to see if the crashes stop.

This seemed to manifested the same time we enrolled all our company windows devices into Intune.
I'm not saying Intune is responsible, it's just extremely timely...!

Has anyone else seen this behavior?

https://redd.it/1nm88vr
@r_systemadmin