Storage Maintenance - Best Practices

Dear Friends,

I have a storage activity. We need to power it off and dismount it then repower it again.

I need to know the proper way/steps to do this activity as we have San switches and servers (all hyper-v).

My plan/steps are as follows:

First - Host Side:
1. Shut down all VMs in Hyper-V.
2. Shut down cluster in Hyper-V.
3. Take off-line storage disks in Hyper-V.
4. Shut down physical servers.

Second - San Switches:
Shut down san switches one by one.

Kindly share your thoughts.

https://redd.it/1omfg5b
@r_systemadmin

Is there a modern equivalent to the old relaxing Windows defrag?

Saw a post about the windows defrag emulator and got me thinking about how much I used to enjoy watching the damn thing while it actually did something worthwhile. Is there a modern equivalent where you’re actually getting work done but also enjoying just watching it?

https://redd.it/1omfzjf
@r_systemadmin

No-IP down

The website www.noip.com is returning a 502 error, and domains are not begin resolved.

From what i've seen, it seems to have been down for 3-4 hours.

https://redd.it/1omhafz
@r_systemadmin

Dealing with Boss

For over 20 years, I’ve managed a company through all changes, all systems, upgrades, migrations, improvements that need to be made in the IT category. You could say I’m the system administrator, the network administrator, and the support desk.
Every time I discuss with my boss the need for a “ fill in the blank“ -it could be new fiber, new hardware, new phone IP system, his response is always “we should do the research first”. Then he completely acts like I don’t know what I’m talking about. The other day I almost had to explain to him why having the Internet was necessary.
Now mind you before any change or upgrade, I’ve already talked to two or three vendors for each system. I’ve already done my research reviewing products and protocols and I still get no respect. I have discussed with others in the business as well. On top of that, all of our systems are running great.
Boss is a misogynist who constantly gaslights me and sometimes makes “jokes“ and thinks he’s funny. Oh yeah, I’m a woman in a male dominated role. My response to him is, “well I am the expert in this area and this is what needs to be done”. Have any of you experienced this type of non-support? What advice do you have for dealing with this type of narcissist?

https://redd.it/1omjtu7
@r_systemadmin

Storage expandability and noise concerns

Howdy!

My client has data in 3 locations:

1. on-prem NAS with 150 TB of storage (inherited setup that has been rock solid).
2. offsite backup (Veeam), expandable over a PB, currently 250 TB used.
3. offsite backup (automated copy job to a remote server across the globe). Currently around 250 TB, also easily expandable.

They are projected to grow 50% storage-wise in the next 6-8 months. While the backup locations (2 and 3) are very expandable, the on-prem storage is becoming a problem.

The NAS is full of hard drives with no room to add more, (they have about 20-ish % left of free space) and while I could replace the drives for bigger models and get them to roughly to 400-500TB depending on the RAID config I go with, management has requested that I provide a more long-term solution.

Easy-peasy you say, just get a nice Dell or something similar and call it a day...

The client is adamant that the on-prem box must be whisper quiet just like the current one, not to "disturb the office workers". It's in the IT closet, far from them, so I don't see how that would be the case.

Another request that was made was that the storage had to be easily expandable and scalable for the next three years minimum, even if their growth continued at this rate, which would put them over 1 PB, which means I would have to plan for 2-3 PB minimum, although unlikely, I have to honor this request or at the very least find something with at least 1 PB for now.

So far, my best idea is to simply build 2-3 almost identical systems to the NAS one and just create shares/configure permissions and organize data in several logical units that would make sense for the client.

For example:

Drive F: - Projects 2016-2018. NAS1

Drive G: - Projects 2019-2022. NAS2

Drive H: - Projects 2023-2025. NAS3


This is not something I would normally do and I'm looking to get some advice. My approach would be HA multi-node Dell (or similar) system to ensure high-availability and redundancy.

https://redd.it/1omjn46
@r_systemadmin

Unusual behavior with TCP port 53 (TCP DNS)

Hi! I’m trying to track down an unusual behavior in my environment that I think might be a misconfiguration or poorly documented behavior. For starters, I am not a Windows system admin. I’m more on the network and firewall side of the house. We have rolled out a network performance monitoring product after it tested well with multiple teams in my department. The product basically watches traffic that comes off of in-line taps and port mirrors and alerts us to potential performance problems in our environment.

Our dashboard is lit up bright red with an alert “many failed connections to dns servers.”

Well we don’t have any tickets or user complaints related to dns resolution but we paid good money for the monitoring product so I was highly interested and tracking down what the tool is reporting on and resolving the issue if possible. What I found is weird!

Basically PC workstations all over our network are opening a connection on TCP port 53 to our primary internal dns servers, and not completing the 3-way handshake.

I see TCP SYN from pc to dns server

DNS server replies SYN+ACK to the PC

PC never replies with ACK back to the DNS server

The DNS Server sends SYN+ACK 2-3 times never gets a reply and eventually sends RST to the PC as it gives up.

I did a direct packet capture on a remote PC and found the SYN+ACK is getting all the way to the PC, the PC is just ignoring it and not replying.

Actual dns queries to the same servers on UDP 53 are always promptly answered and working fine.

So I have no idea what’s going on. Is this some kind of keep alive probe? The PCs are just checking to see if the dns servers are still out there?

The “failed” connections are happening very often like every 30 seconds, from hundreds of endpoints. It’s making our dashboard look bright red.

I’ve opened tickets with our windows system guys provided screenshots pcaps, detail explanations on what’s going on. They just keep replying nothing seems to be wrong. I’m kind of at a loss. This is so far outside of my wheelhouse.

What is going on?

https://redd.it/1omolhg
@r_systemadmin

Help me source some software

I might be better posting this in onthetipofmytongue, however it's old software and I know there's some older sysadmins in here from DOS (and before days. It's an older software, for sure.

Donkeys years ago I used to have a music player, I'm sure it was back in DOS days, and when you played a CD it created fractels or soundwaves in various forms. It was epically hypnotic to watch.

Any idea what it was?

Edit: It looks like ProjectM does what I'm looking for, which is grand. Also, it was before Winamp.

Found it, I wasn't searching for the right terms: Cthugha!
https://en.wikipedia.org/wiki/Cthugha_(software)

https://redd.it/1omo531
@r_systemadmin

I need a good iPXE netboot solution to be installed in ARM64 Linux

Hello, I need a simple iPXE server with DHCP and ISO boot capabilities without needing an internet connection, where I can boot ISO files both in BIOS and UEFI devices using a local DHCP server(I have an ethernet interface to bind to DHCP, so I will boot there). I tried some general recommendations, but none of them worked as I wanted. I will list those I've tried so far. Any recommendations of software or any ways to fix things I've tried are welcome.

Tried those:

* FOG Project - Can't boot ISO files on UEFI devices.
* Netboot.xyz - Their Docker container can't even download the menus.tar.gz file, and their self-host guide with Ansible can't even finish without throwing errors.
* iVentroy - Don't have ARM version.

https://redd.it/1omnzdy
@r_systemadmin

Proxmox

Okay, so, bit of a brain fart. My bosses boss was doing a bit of a ride along thing, just asking questions, getting to know IT (I know, odd but, good. The leadership has always had these rules about spending time with staff). I was showing him Proxmox and how we can setup VM's and bla bla bla... I didn't mean to over sell it or anything but, it's great. Anyway, he asked, why don't we setup every computer first with proxmox then add a windows VM. Would be the ultimate way to recover a computer quickly with longer term backups on another server (whatever your backup plan is). I did address the loss of power, as some CPU and resources would been needed just for proxmox. He asked about building a super computer with proxmox and having everyone access VM's. I congratulated him for inventing thin clients but also thought it would permit a lot of flexibility for staff and maybe it wouldn't be a bad idea. All I did was pause for a few moments to consider my answer and now he wants me to write up some pros and cons. When it might be appropriate to use thin clients, would there ever be a time when it would make sense to have a singe PC with Proxmox running just one VM for the end user or (this came up right at the end of the convo) eliminating windows users in favor of VM's (which I basically said no to that right away) but, now I'm thinking about redoing my homelab computer with proxmox first.

1. Proxmox as main OS with NinjaOne installed with image level backup enabled.

2. Windows 11 Pro from me

3. Linux for fileserver

4. Grandstream UCM Multi Tenant Software PBX (Just something I'm playing with these days).


What would you tell my boss, pro or con, about single computer / super computer with thin client?

Yes, this is probably an easy thing to answer but my mind is distracted with planning the PC that will be powerful enough to design the PC that will eventually be my home lab PC (very loose nod to Douglas Adams)





https://redd.it/1omtfes
@r_systemadmin

WMIC and 25H2

Anyone know the real story about WMIC in Windows 11 25H2? Microsoft said that WMIC would be removed as part of the upgrade, but that doesn't seem to be true - we've checked several machines upgraded to 25H2 and they all still have WMIC.

A newly installed Windows 11 25H2 doesn't have WMIC but it can be installed from Optional Features, exactly the same as 24H2. (And just like 24H2, WMIC is present during the install process - it is only removed when the first user logs in.)

As far as I can see, 25H2 doesn't change anything about WMIC at all! What am I missing?

https://redd.it/1omv5ci
@r_systemadmin

Need help with getting HPE SAS drives usable in non-HP enclosures

So yea, I bought some of these - HPE 3PAR SMBP6000S5xeF7.2 (HP version of Seagate ST6000NM0285).

They are unsupported in my non-HP arrays. They refuse to accept PSID revert (sedutil-cli) and they refuse to accept Seagate OEM equivalent firmware (hdparm and Seatools both fail). They show up as SCSI devices (eg /dev/sg3) but not as blk devices. Pretty much at the end of my rope with these things.

Any suggestions about how this might be made to work? Available to run commands and report results for troubleshooting at your convenience. Really would like to be able to use these / not have to junk them.

https://redd.it/1omv3in
@r_systemadmin

How do people set up internal pentesting device?

I'm in a relatively small company (<500). Is it just a scanner like nessus then you use msf to check if the vulnerabilities found are true?

I was told to set up an internal pentesting device using kali. How do external vendors even do this. And what's the most common way people set up for internal pentesting?

https://redd.it/1on0zyc
@r_systemadmin

Rolling out a password manager for ~200 staff — is a third-party tool (like LastPass) necessary, or can we rely on browser password managers?

We were about to roll out LastPass enterprise-wide (\~200 staff), but management has put the brakes on due to cost-cutting. The current plan is to limit LastPass licenses to departments that actually need shared vaults (IT, Finance, etc.), while the rest of the staff would just use their browser’s built-in password manager (Chrome, Edge, etc.).

From their perspective, most users only have one or two credentials (mainly for SSO-integrated web apps), so a third-party password manager for everyone seems excessive. I get the logic, but I’m not sure if relying on browser password managers is a good call from a security and manageability standpoint.

All browsers are corporately managed via policy so sync restrictions, extension control, etc. can be configured, but there’s still no centralized visibility or enforcement of password hygiene, MFA use, or vault access.

For anyone who’s gone down this road: is limiting enterprise password manager licenses to “key” departments a reasonable compromise, or does it create more risk and inconsistency in the long run?

https://redd.it/1on2nt6
@r_systemadmin

HP iLO Firmware Update Error: Invalid File Signature

I am trying to update iLO 2.0 via the Web GUI to version 3.16 on a dl380 g10.

I keep getting the error: "The file signature is invalid. Make sure you are using a valid, signed flash file...". I was able to use the same file to update another dl360 g10 so the file is not an issue.

Is there a known certificate chain issue with this version jump?


https://redd.it/1on2upd
@r_systemadmin

Do sysadmins keep personal notes besides the knowledge base?

Most troubleshooting documents are stored in the company Knowledge Base.

But apart from that, I want to know something:

Do system administrators keep their own private notes for quick reference?
Like handwritten notes, or a small text file in their laptop/notepad?

For example:

rare commands they always forget

small tricks they learned by experience

steps to safely open specific laptop models

configuration notes for routers / switches / VC setup

strange issues they solved without knowing the full logic at first


Do you keep this type of personal notes?
If yes, what kind of things do you store in them?

https://redd.it/1on5fdt
@r_systemadmin

Everyone’s using AI at work now. No policy. No logs. What could possibly go wrong?

Just watched the new episode of *The Morning Show* and they accidentally captured what’s already happening to all of us:

1) Company builds a fancy AI using internal data.

2) Immediately leaks said internal data.

3) Leadership: “How could this happen?!”

Meanwhile in the real world:

* Users paste confidential docs into whatever chatbot they find first
* Shadow AI tools everywhere
* Zero audit trail
* But leadership wants “more AI because innovation”

We’re stuck in the middle, trying to:

* Let people use AI so they don’t bypass us completely
* Prevent the company from putting its crown jewels into the cloud

**What are you all doing for AI guardrails (if anything)?**

* Blocking everything?
* Approved tools?
* “Send to security for review” (aka never happening)?

Genuinely curious - what’s working, what isn’t, and what fresh hell have you seen so far?

https://redd.it/1on71fu
@r_systemadmin

HPE Support Refusing To Let Me Log In

Always fun when you walk in and there's a dead drive in the RAID Array. No sweat, it's under warranty, I'll just log a ticket with HP Support.

3 different accounts refusing to log us in, all with the error "The access request cannot be completed due to an administrative issue identified with your account. To resolve this issue submit a support request"

Fun times.

https://redd.it/1on7ik1
@r_systemadmin

November 2025 Microsoft 365 Changes: What’s New and What’s Gone?

Big updates in Microsoft 365 are rolling out this November! From feature retirements to security enhancements, here’s everything admins need to know. 

🌟 **In Spotlight:** 

* **Auto-Archiving for Exchange Online -** Auto-Archiving will launch in public preview for Target release opted tenants. When a mailbox exceeds 96% of its quota, older emails will automatically move to the archive mailbox to avoid storage issues. 
* **Knowledge Agent in SharePoint** \- Sites can opt in to the new Knowledge Agent, which uses AI to organize and enrich SharePoint content for better Copilot answers. 
* **Admin Consent for Entra Applications** \- Microsoft will now require admin consent for all third-party apps accessing Teams and Exchange APIs. Users cannot grant consent to third-party applications that access Exchange and Teams data via delegated permissions. 

Here’s a quick overview of what’s coming: 

**Retirements:** 6 
**New Features:** 9 
**Enhancements:** 5 
**Functionality Changes:** 2 
**Action Required:** 3 



**Retirements** 

1. The *SP.Utilities.Utility.SendEmail* API in SharePoint will be retired on October 31, 2025. Starting November 1, 2025, emails sent using this API will no longer be worked. 
2. The ‘*Mobile Devices’* page in Outlook Web and the new Outlook, used to view and manage devices syncing with mailboxes, will retire on November 6, 2025. 
3. The “*Visualize the List” and “Visualize the Library*” options in SharePoint Online, used to quickly create Power BI reports, will retire to simplify reporting. 
4. *Desktop notifications in Viva Engage* will retire by mid-November 2025 as part of Microsoft 365’s unified notification experience. 
5. *Microsoft Lists mobile app*s for iOS and Android will retire by mid-November 2025. 
6. The “*Refresh All on Page*” option in OneNote Meeting Details pane will be removed on November 15, 2025, and meeting details will no longer auto-refresh from Outlook or Teams. 



**New features** 

1. Microsoft Teams now supports *Entra-based authentication for agents and bots in group chats*. When a bot requests a user’s Entra token, Teams verifies installation and consent, prompting users privately to grant permissions for secure access. 
2. To enhance phishing protection, Microsoft Teams will display warnings when users receive *malicious URLs* in chats or channels. 
3. App Role-Based Access Control (RBAC) simplifies assigning email send permissions to apps. Admins can grant the *SMTP.SendAsApp* role for group or scoped mailbox access, eliminating per-mailbox PowerShell configuration. 
4. Microsoft Entra ID will introduce *support for passkey profiles* in the FIDO2 authentication methods policy. 
5. SharePoint admins can now use the new “*Enterprise Application Insights*” report to monitor sites accessed by third-party apps registered in the tenant, as part of SharePoint Advanced Management. 
6. Microsoft Purview *integrates Insider Risk Management (IRM) with DSI,* enabling data security admins to launch pre-scoped investigations directly from IRM cases to assess risky behavior and post-incident impact. 
7. Starting November 14, 2025, *Immersive Events in Microsoft Teams* will reach general availability. 
8. Microsoft is introducing a *modern Workflows experience in SharePoint*, enhancing automation across lists, libraries, and chats using Power Automate. 
9. Microsoft will soon allow users to chat with external contacts using their email address. External users will receive an invitation to join the session as a guest. 



**Enhancements** 

1. SharePoint *improves version history for lists and libraries* edited in grid view by merging consecutive edits into one version, reducing clutter and saving storage. 
2. Defender for Office 365 enhances the *quarantine preview experience* for greater consistency, security, and usability. 
3. Purview Data Loss Prevention (DLP) extends to the network layer through *Entra Global Secure Access*, enabling inspection and control of file traffic in transit. 
4. Purview enhances

compliance by enforcing *Entra Conditional Access for eDiscovery admins* and adding a new ‘FilePreviewed’ audit log activity. 
5. Microsoft is updating the quarantine view for improved usability and consistency. Quarantined messages will now *be displayed by per recipient*, and the *ReleaseToAll* parameter in the Release-QuarantineMessage cmdlet will act on each mailbox separately. 

 

**Existing Functionality changes** 

1. The “Files” tab in Teams channels will be renamed to “*Shared,*” showing not only document library files but also all files and links shared in the channel conversations. 
2. Teams is introducing a new calendar integrated with Copilot and Microsoft Places; the legacy calendar and *the toggle to switch views will be removed.* 

 

**Action Required** 

1. The *Team Guidance feature in Microsoft Places*, which helped managers manage in-office days and team priorities, is retiring. Begin transitioning to Microsoft 365 Groups for team scheduling. 
2. *UKG and Blue Yonder connector*s for syncing workforce data with Teams Shifts will retire on November 14, 2025. Move to the UKG Flow app or custom integrations 
3. The Viva Insights export via *Microsoft Graph Data Connect (MGDC) is retiring*. Switch to the Power BI Connector in Microsoft Fabric or use CSV export for reporting needs. 

Act now to stay ahead and ensure these updates don't impact you! 

https://redd.it/1on8ssi
@r_systemadmin

Fixing the 0xc00002e2 Active Directory error in Windows Server

Hi folks,


I just wanted to share my solution for the error 0xc00002e2 in Windows Server as it's taken me a few days to find the actual cause and relatively easy fix (in hindsight), so that I can hopefully save some of you some time.



Issue:

After restoring a backup of a Domain Controller in Windows Server when booting it up, you see a Blue Screen of Death (BSoD) with error code 0xc00002e2.


Cause:

The NTDS (Active Directory) database in the backup is older than 6 months. Windows Server has a build in safety feature that prevents booting an Active Directory server where the NTDS database is older than 6 months, so it throws this error.

Fix:

1. Log into DSRM (Directory Services Restore Mode). This can be done by restarting the server and hammering F8 until you see a bunch of startup options that includes DSRM.

2. Log in as the Administrator.

3. Change the date of the server to a date less than 6 months after the backup/snapshot was made.

4. Reboot the server

5. No more BSoD! Log in as usual as an admin.

6. Click start > type 'cmd' > right click 'run as administrator' and use the commands

net stop w32time
net start w32time

This corrects the time.

This fixes the whole issue, you may want to reboot at this point for good measure.



Potential additonal steps required (optional):

\- Are you restoring a snapshot to a new server? you will probably have a new IPv4 and IPv6 address. If so, don't forget to correct those in the DNS Manager (Server Manager > Tools > DNS).

\- Unable to connect to other servers in your server pool from the Domain Controller? Perform an nslookup from another server in the same AD environment, e.g. an RDS server:

nslookup dc.domain.local (replace with w/e your domain controller is called).

Do you get an error that includes a DNS resolver that's NOT the local IP of your domain controller? Go to your network adapter settings for IPv4 (on both LAN and WAN) and selected 'Advanced' > unselect 'Automatic Metric'. Set the LAN to a metric value of 10 and the WAN to a metric of 100 (gives prio to LAN). Your LAN connection now gets priority and the nslookup will succeed.


https://redd.it/1on8cp5
@r_systemadmin

SentinelOne is killing Keepass 2.6 - reporting dropper trojan

S1 is killing in during the update process.

SourceForge thread here but very little activity so far: KeePass / Discussion / Open Discussion: Drop.win32.winselfcopy detecting in Keepass 2.6

https://redd.it/1onbej9
@r_systemadmin