Are you guys experiencing issues with the latest patch that breaks localhost?

https://www.techpowerup.com/341976/microsoft-breaks-localhost-with-windows-11-october-update-users-forced-to-revert Getting ready to see what this actually does -- does it break just https://localhost or all bindings against localhost. UGH UGH thanks MS

https://redd.it/1o917ou
@r_systemadmin

Are Your Windows 10 Extended Software Updates (ESU) Keys Working?

Hello everyone,

Did some searching in r/sysadmin before posting this, so apologies if there is another thread that deals with this specific topic.

We have purchased Windows 10 ESU licenses for our Windows 10 workstations. All of them are running Windows 10 Enterprise - activated via volume licensing using an on-premise KMS server. Testing the activation of these MAK keys using the documentation here:

https://learn.microsoft.com/en-us/windows/whats-new/enable-extended-security-updates

I was issued 5 MAK keys to use, which I'm told have a large number of activations available to them - at least more than we will ever need for our environment. My two test workstations are clean freshly imaged systems running Windows 10 Enterprise build 10.0.19045.6456 which I believe is latest available from Microsoft Update. This also means the workstations have satisfied the requirement of patch KB5046613 being installed. Verified this by trying to manually trying to install that patch and receiving the error that the computers are not eligible to install the MSU.

I've attempted to activate all five of my MAK keys using the following command:

slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx

(where xxxxx would be my MAK keys)

I'm receiving the following errors on all the keys:

Error: 0xC004E016 On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004E016' to display the error text

I proceed to run the command in that message, and receive the following additional error output:

Code: 0xC004E016

Denoscription: The Software Licensing Service reported that the product key is invalid

I have verified the volume licensing contract that the licenses were purchased through is valid and active. There's one other thread where I found similar errors posted, but it looks like it may have been a conflict between different times of Windows licenses already activated on the workstations in question. Our fleet runs entirely on Windows 10 Enterprise via KMS activation.

Has anyone experienced this issue? Is the only solution here a Microsoft Support ticket to verify the keys are valid and activated? I'm unable to get past this step on two different workstations that by all accounts and research should be able to activate the MAK and receive the updates.

At a minimum, I'm posting here to journal my experiences as I'm assuming I'm not the only one working through this now that October 14 has past...

UPDATE 10/17/25 11:15 AM EDT

So I learned that our organization has multiple volume licensing contracts and "License ID" associated with our volume licensing - we have two that are active. To make sure there weren't any conflicts I removed KMS license activation from the Windows 10 Enterprise devices and instead activated with MAK license for Windows 10 Enterprise on the same active contract number/License ID as our "Windows 10 Supplemental Servicing MAK" that I have been unsuccessful in activating. Unfortunately that did not work, and I received the same errors, so a Microsoft Support Ticket is being opened.

https://redd.it/1o90ktw
@r_systemadmin

Audit alerting for privileged user change

OK where did Microsoft move the creation of alerts when a user is given an elevated account? We should add a Flair for MS moved something again!!!

https://redd.it/1o9a24m
@r_systemadmin

Barracuda spam appliance whitelist question

I know of all the ways I can whitelist things from senders, but I have a construction client that is having issues with bid invitations being blocked, which is a critical thing since bid invitations are how they get jobs and make money.

And the ones getting blocked are from companies remailing things thorough third party mass mailing systems, so nothing actually comes FROM sender@company.com that's always just the reply to field. The sending addresses are randomly generated and often using multiple domains.

I'm not about to simply whitelist a remailing domain for this, and for ones that always use the same subject line, that's a piece of cake to get in the filter. But ones that are random email sending addresses and random subjects, there's not a good way to whitelist as I've not found a way to whitelist something based on the reply:to field.

What I would like to do is take a single RECIEVING address (i.e. the bidinvitations@ address for this company) and exclude that from the spam scanning. But I'm not finding a place to do so. I had hope that the "recipient filters" would do that since it's the RECIPIENT, not the SENDER, but when I do google searches on that, the things all point to that just being another email for a SENDER not who is receiving.

I'm going to do some testing but that may take a bit before I see any definitive results, was hoping someone in here may have barracuda spam appliance experience and could immediately give me a go/no go answer about if it's possible to simply exclude a single address being sent TO from span scanning.

Thanks for any info, so far all my searching online is turning up blank...

https://redd.it/1o9aecj
@r_systemadmin

Fake domain close to our domain name and sending emails to people. What can we do?

Someone registered a domain with ourdomainHR.com and has been finding users on linked in with "OpenToWork" that matches our job denoscription and reaching out to them and scamming them with a job offer. These are people we have never had any connection with.

Going through legal and they are saying it could take months to take that down. Anything else we can do?

https://redd.it/1o9bnp5
@r_systemadmin

I need to prevent all users (including admin users) from deleting Windows event logs.

I have an application that write logs to Windows Event Logs. As part of some company wide data integrity requirements, all users (including admin users) should not be able to deleting these logs, however users can in Event Viewer.

I don’t want to block all users from all logs, just that application’s logs, fyi.

What would be the best/easiest way to do that?

https://redd.it/1o9drse
@r_systemadmin

“The Encryption Type requested isn’t supported by the KDC”

So kind of a long story or I’ll try to make it as short as possible but I’m just a lowly Service Desk Analyst still at my company technically, but my org recently has been getting this exact error message every time a user tries to reset their own Windows password ever since we went through AD migration and I literally remember bringing this up to Windows Server Support the first day we encountered it, which was the first day of AD Migration, and resetting the password in AD obviously fixed it and the user could reset their own password 24 hours later. Now almost a year later, I found out it’s been coming back and I thought they were one off situations or something but no it has been happening to literally ~every single user~. I obviously took the liberty of at least googling that dumbass error message and yeah lo and behold if I read it right it’s an Encryption type discrepancy when a user tries to reset their own password. Now my question is, Windows Engineering and all of 3rd level said to us that the only way to fix it is by resetting everyone’s password?? Am I just stupid or isn’t it literally just as easy as setting the account properties for all the affected users to enable resetting passwords using AES 256 Encryption and running a Group Policy Update on all users?

https://redd.it/1o9h5ua
@r_systemadmin

Whoops, wrong terminal again.

Is there a term for that? When you have several ssh sessions going and you run the command in the wrong server?

https://redd.it/1o9hep2
@r_systemadmin

How much longer do you think sccm will be around?

I know in this field there are ancient systems and such but im curious as to how long sccm will be around in corporations vs flipping to azure/intune.


https://redd.it/1o9kbx3
@r_systemadmin

Professional cheap NAS solution

Edit: I'll dig into the UNAS entity endpoint (not high hopes), Terastation (meh), TrueNas prebuilts (thanks for that idea), and if all else fails cry and bare metal windows 17 times. Thank you all.



We've used Windows hosts, on an ESXi mini stack at every (17 different) locations, with the windows VM playing SMB host.

We've dumped the need for VM's at the locations, but still need the network shares, and still have these capable HPE servers at each location. So installing Windows baremetal is an option, but I'd love to kill Windows even as well.

I'd prefer to simplify and get rid of Windows as well. I know TrueNAS is an option, but my superiors fear the phrase 'open-source' based (don't get me started, I know). Are there any closed source bring-your-own-hardware NAS solutions?

If I have to replace them (they're old-ish servers anyways), are there reliable NAS units that aren't $3000+ each? Synology and QNAP seem like cheap garbage, Ugreen is too new to trust in a sensitive environment, and Unifi UNAS doesn't support Active Directory without a crazy subnoscription (I bought one and tried, no dice).

Edit: we don't want/need virtualization, or even Windows anymore if possible. Just basic SMB shares.

https://redd.it/1o9j9q1
@r_systemadmin

Automated Password Reset OKTA

Is there a way I can automate Password Reset for users. Okta is used in our org.
The reason I want to automate password reset is our Service Desk is outsourced and most of the time they don't even check basic things and straight away reset (which goes to their personal email (secondary email)) or give the password to the user over call (I think there was one instance)

https://redd.it/1o9q7ql
@r_systemadmin

Is it impossible to introduce Terraform or Ansible in a traditional infrastructure environment?

Our infrastructure team manages over 3,000 customer PCs and more than 300 VMs and EC2 instances. Around 90% of the systems run on Windows Server, and most instances don’t require high performance (8GB of memory is usually sufficient)

I’m trying to become an SRE in the future, and currently manage around 50 EC2 instances on AWS. I’d like to try codifying them using Terraform.

That said, I’m wondering if such a proposal would generally be rejected in our environment. Or, if I build enough skill, is it something that could realistically be accepted?

I just want to understand the reality because I don’t want to waste effort on something that has no chance.

https://redd.it/1o9vdhw
@r_systemadmin

TPRM platform

You have to start your TPRM program and get to buy any platform you want. Which do you choose (and if you have time explain why)?

https://redd.it/1o9vcnw
@r_systemadmin

Automate laptop replacement process.

Hello Everyone,

I have been trying to figure out how to automate or simplify laptop replacement process for our team.
We have multiple hardware replacement requests coming in because of win 11 eol.

The problem is with moving user data to new laptops, which is where lot of our time is getting wasted. We are a shop with lot of them using on prem ad and file shares. M365 for emails. Users are mostly in 50-60 years of age. So they prefer to have all their profile fully setup so that they can get logged in and all data from their old system is present in front of them.

Is there anyway I can automate this process. I have been using Transwiz to export and then import to new laptop. If anybody can give me some idea it will be helpful.
Thanks

https://redd.it/1o9v0rr
@r_systemadmin

purestorage x50 help maybe?

I have got myself an x50 r2(no sleds) and i have populated it with directmemory modules single disk sleds, i did reset_drive, and puresetup newarray, but it fails, is x50 limited to what kind of drives it takes? or whats the deal?
I am running purity 6.xx if that helps

https://redd.it/1o9zmk7
@r_systemadmin

CA policies via Terraform

Apologies if this isn’t the correct sub and thanks for pointing me to the right one if that’s the case.

As the noscript, employer is pushing/forcing CA policies be deployed via Terraform instead of our current click-ops.

Typical volume is circ. 5-10 new policies planned in the next few months to 1 year.

Learning the language would no doubt be great for my development and future, but to me, it seems overkill pushing CA behind terraform over the existing method.

Any thoughts, good or bad?

Thanks

https://redd.it/1oa6c5a
@r_systemadmin

Paranormal IT

Is it just me, or does luck play a huge role in our profession?

An adjacent IT team was struggling with a workstation issue for about a week. It finally got escalated to me.

While we were on a Teams screen share, I watched him recreate the issue — we talked, joked a bit — and then poof, it just… disappeared. No fix, no changes, just magically resolved itself right in front of us.

The timing was impeccable — like the system was waiting for an audience.

It got me thinking: sometimes things break for no clear reason, and sometimes they fix themselves just as mysteriously. It almost feels paranormal.

Anyone else ever experience those “ghost in the machine” moments?

My message is to always step back and pray I guess lol

https://redd.it/1oa8plx
@r_systemadmin

Whatever happened to IPv6?

I remember (back in the early 2000’s) when there was much discussion about IPv6 replacing IPv4, because the world was running out of IPv4 addresses. Eventually the IPv4 space was completely used up, and IPv6 seems to have disappeared from the conversation.

What’s keeping IPv4 going? NAT? Pure spite? Inertia?

Has anyone actually deployed iPv6 inside their corporate network and, if so, what advantages did it bring?



https://redd.it/1oaae1o
@r_systemadmin

Patching an offline ESXi Host

Quick question. I am need to patch my ESXi host. However, this host has the VM that is the router for the network. As soon as I place the host into maintenance mode, the internet will cut off. I have the patch zip file in the local host datastore. Will the following commands on the local console for the host work for patching?:



1. Enter maintenance mode: vim-cmd hostsvc/maintenance_mode_enter 
2. Esxcli software vib update -d /vmfs/volumes/datastore/Updates/VMware-ESXi-7.0U3w-24784741-depot.zip 
3. reboot 
4. Vim-cmd hostsvc/maintenance_mode_exit 



https://redd.it/1oa5xjm
@r_systemadmin

Windows 10 ESU Applied with slmgr.vbs -- still shows "your version of Windows has reached End of Support"

Hey there! We have a few Windows 10 PCs on which we have applied Year 1 ESU licenses using slmgr.vbs (we followed info here). All of them show "License Status: Licensed". But in Windows Update it still shows "Your version of Windows has reached End of Support. Your device is no longer receiving security updates." I just wanted to check if we missed something, or is this what everyone else is experiencing? Thanks!

https://redd.it/1oa8t6z
@r_systemadmin

A question about Microsoft 365 licenses and MSP‘s/CSP‘s

I am retiring.

I was getting m365 licenses for clients thru D&H.

A client has annual licenses that I got them that expire on 12/ 31. I turned off auto renew with D&H.

A new firm is taking over on November 1.

The new firm said this:

We won’t do any MSP to MSP transfer of current licenses….

Just curious – does anybody know what that means?

I’m a one-man shop and never had to deal with taking over or releasing a tenant

The license is I got them are already in tenant admin portal.

Is that for sinking up the license expiration dates - my licenses versus licenses they buy?

If they buy through a different CSP and buy another year, without the transfer they talk about, the new license would start immediately?

I do think I saw where you could set a time for the license to start in the future with DH

But CSP’s have their own interface for buying m365 / not all offer that?



https://redd.it/1oa7fm4
@r_systemadmin