HP iLO Firmware Update Error: Invalid File Signature

I am trying to update iLO 2.0 via the Web GUI to version 3.16 on a dl380 g10.

I keep getting the error: "The file signature is invalid. Make sure you are using a valid, signed flash file...". I was able to use the same file to update another dl360 g10 so the file is not an issue.

Is there a known certificate chain issue with this version jump?


https://redd.it/1on2upd
@r_systemadmin

Do sysadmins keep personal notes besides the knowledge base?

Most troubleshooting documents are stored in the company Knowledge Base.

But apart from that, I want to know something:

Do system administrators keep their own private notes for quick reference?
Like handwritten notes, or a small text file in their laptop/notepad?

For example:

rare commands they always forget

small tricks they learned by experience

steps to safely open specific laptop models

configuration notes for routers / switches / VC setup

strange issues they solved without knowing the full logic at first


Do you keep this type of personal notes?
If yes, what kind of things do you store in them?

https://redd.it/1on5fdt
@r_systemadmin

Everyone’s using AI at work now. No policy. No logs. What could possibly go wrong?

Just watched the new episode of *The Morning Show* and they accidentally captured what’s already happening to all of us:

1) Company builds a fancy AI using internal data.

2) Immediately leaks said internal data.

3) Leadership: “How could this happen?!”

Meanwhile in the real world:

* Users paste confidential docs into whatever chatbot they find first
* Shadow AI tools everywhere
* Zero audit trail
* But leadership wants “more AI because innovation”

We’re stuck in the middle, trying to:

* Let people use AI so they don’t bypass us completely
* Prevent the company from putting its crown jewels into the cloud

**What are you all doing for AI guardrails (if anything)?**

* Blocking everything?
* Approved tools?
* “Send to security for review” (aka never happening)?

Genuinely curious - what’s working, what isn’t, and what fresh hell have you seen so far?

https://redd.it/1on71fu
@r_systemadmin

HPE Support Refusing To Let Me Log In

Always fun when you walk in and there's a dead drive in the RAID Array. No sweat, it's under warranty, I'll just log a ticket with HP Support.

3 different accounts refusing to log us in, all with the error "The access request cannot be completed due to an administrative issue identified with your account. To resolve this issue submit a support request"

Fun times.

https://redd.it/1on7ik1
@r_systemadmin

November 2025 Microsoft 365 Changes: What’s New and What’s Gone?

Big updates in Microsoft 365 are rolling out this November! From feature retirements to security enhancements, here’s everything admins need to know. 

🌟 **In Spotlight:** 

* **Auto-Archiving for Exchange Online -** Auto-Archiving will launch in public preview for Target release opted tenants. When a mailbox exceeds 96% of its quota, older emails will automatically move to the archive mailbox to avoid storage issues. 
* **Knowledge Agent in SharePoint** \- Sites can opt in to the new Knowledge Agent, which uses AI to organize and enrich SharePoint content for better Copilot answers. 
* **Admin Consent for Entra Applications** \- Microsoft will now require admin consent for all third-party apps accessing Teams and Exchange APIs. Users cannot grant consent to third-party applications that access Exchange and Teams data via delegated permissions. 

Here’s a quick overview of what’s coming: 

**Retirements:** 6 
**New Features:** 9 
**Enhancements:** 5 
**Functionality Changes:** 2 
**Action Required:** 3 



**Retirements** 

1. The *SP.Utilities.Utility.SendEmail* API in SharePoint will be retired on October 31, 2025. Starting November 1, 2025, emails sent using this API will no longer be worked. 
2. The ‘*Mobile Devices’* page in Outlook Web and the new Outlook, used to view and manage devices syncing with mailboxes, will retire on November 6, 2025. 
3. The “*Visualize the List” and “Visualize the Library*” options in SharePoint Online, used to quickly create Power BI reports, will retire to simplify reporting. 
4. *Desktop notifications in Viva Engage* will retire by mid-November 2025 as part of Microsoft 365’s unified notification experience. 
5. *Microsoft Lists mobile app*s for iOS and Android will retire by mid-November 2025. 
6. The “*Refresh All on Page*” option in OneNote Meeting Details pane will be removed on November 15, 2025, and meeting details will no longer auto-refresh from Outlook or Teams. 



**New features** 

1. Microsoft Teams now supports *Entra-based authentication for agents and bots in group chats*. When a bot requests a user’s Entra token, Teams verifies installation and consent, prompting users privately to grant permissions for secure access. 
2. To enhance phishing protection, Microsoft Teams will display warnings when users receive *malicious URLs* in chats or channels. 
3. App Role-Based Access Control (RBAC) simplifies assigning email send permissions to apps. Admins can grant the *SMTP.SendAsApp* role for group or scoped mailbox access, eliminating per-mailbox PowerShell configuration. 
4. Microsoft Entra ID will introduce *support for passkey profiles* in the FIDO2 authentication methods policy. 
5. SharePoint admins can now use the new “*Enterprise Application Insights*” report to monitor sites accessed by third-party apps registered in the tenant, as part of SharePoint Advanced Management. 
6. Microsoft Purview *integrates Insider Risk Management (IRM) with DSI,* enabling data security admins to launch pre-scoped investigations directly from IRM cases to assess risky behavior and post-incident impact. 
7. Starting November 14, 2025, *Immersive Events in Microsoft Teams* will reach general availability. 
8. Microsoft is introducing a *modern Workflows experience in SharePoint*, enhancing automation across lists, libraries, and chats using Power Automate. 
9. Microsoft will soon allow users to chat with external contacts using their email address. External users will receive an invitation to join the session as a guest. 



**Enhancements** 

1. SharePoint *improves version history for lists and libraries* edited in grid view by merging consecutive edits into one version, reducing clutter and saving storage. 
2. Defender for Office 365 enhances the *quarantine preview experience* for greater consistency, security, and usability. 
3. Purview Data Loss Prevention (DLP) extends to the network layer through *Entra Global Secure Access*, enabling inspection and control of file traffic in transit. 
4. Purview enhances

compliance by enforcing *Entra Conditional Access for eDiscovery admins* and adding a new ‘FilePreviewed’ audit log activity. 
5. Microsoft is updating the quarantine view for improved usability and consistency. Quarantined messages will now *be displayed by per recipient*, and the *ReleaseToAll* parameter in the Release-QuarantineMessage cmdlet will act on each mailbox separately. 

 

**Existing Functionality changes** 

1. The “Files” tab in Teams channels will be renamed to “*Shared,*” showing not only document library files but also all files and links shared in the channel conversations. 
2. Teams is introducing a new calendar integrated with Copilot and Microsoft Places; the legacy calendar and *the toggle to switch views will be removed.* 

 

**Action Required** 

1. The *Team Guidance feature in Microsoft Places*, which helped managers manage in-office days and team priorities, is retiring. Begin transitioning to Microsoft 365 Groups for team scheduling. 
2. *UKG and Blue Yonder connector*s for syncing workforce data with Teams Shifts will retire on November 14, 2025. Move to the UKG Flow app or custom integrations 
3. The Viva Insights export via *Microsoft Graph Data Connect (MGDC) is retiring*. Switch to the Power BI Connector in Microsoft Fabric or use CSV export for reporting needs. 

Act now to stay ahead and ensure these updates don't impact you! 

https://redd.it/1on8ssi
@r_systemadmin

Fixing the 0xc00002e2 Active Directory error in Windows Server

Hi folks,


I just wanted to share my solution for the error 0xc00002e2 in Windows Server as it's taken me a few days to find the actual cause and relatively easy fix (in hindsight), so that I can hopefully save some of you some time.



Issue:

After restoring a backup of a Domain Controller in Windows Server when booting it up, you see a Blue Screen of Death (BSoD) with error code 0xc00002e2.


Cause:

The NTDS (Active Directory) database in the backup is older than 6 months. Windows Server has a build in safety feature that prevents booting an Active Directory server where the NTDS database is older than 6 months, so it throws this error.

Fix:

1. Log into DSRM (Directory Services Restore Mode). This can be done by restarting the server and hammering F8 until you see a bunch of startup options that includes DSRM.

2. Log in as the Administrator.

3. Change the date of the server to a date less than 6 months after the backup/snapshot was made.

4. Reboot the server

5. No more BSoD! Log in as usual as an admin.

6. Click start > type 'cmd' > right click 'run as administrator' and use the commands

net stop w32time
net start w32time

This corrects the time.

This fixes the whole issue, you may want to reboot at this point for good measure.



Potential additonal steps required (optional):

\- Are you restoring a snapshot to a new server? you will probably have a new IPv4 and IPv6 address. If so, don't forget to correct those in the DNS Manager (Server Manager > Tools > DNS).

\- Unable to connect to other servers in your server pool from the Domain Controller? Perform an nslookup from another server in the same AD environment, e.g. an RDS server:

nslookup dc.domain.local (replace with w/e your domain controller is called).

Do you get an error that includes a DNS resolver that's NOT the local IP of your domain controller? Go to your network adapter settings for IPv4 (on both LAN and WAN) and selected 'Advanced' > unselect 'Automatic Metric'. Set the LAN to a metric value of 10 and the WAN to a metric of 100 (gives prio to LAN). Your LAN connection now gets priority and the nslookup will succeed.


https://redd.it/1on8cp5
@r_systemadmin

SentinelOne is killing Keepass 2.6 - reporting dropper trojan

S1 is killing in during the update process.

SourceForge thread here but very little activity so far: KeePass / Discussion / Open Discussion: Drop.win32.winselfcopy detecting in Keepass 2.6

https://redd.it/1onbej9
@r_systemadmin

Am I crazy or isn't giving your password to IT against like, every kind of security compliance?

For some insane reason, Help Desk at my company is regularly obtaining people's AD credentials over the phone and over email, even for things as simple as a password reset.

I haven't been on HD in a long time, and I can't remember the last time I looked up actual security compliance requirements, but I could have SWORN that the #1 rule was don't give your password to ANYONE, especially if they claim to be from IT! Like, that's the main way scammers phish people!

Am I losing my mind?

https://redd.it/1ond1aw
@r_systemadmin

Teams chats from old tenant

So guys, i am losing it right now.


We have a new employee, with new username, freshly created in our tenant and given licenses needed.

For some reason, and i cannot get behind why this is happening, the user sees ONE group chat from his old company he worked for ealier this year. The only thing that stayed the same is his first name and surname. Obviously there is no connection with the old company other than that. How the F is Microsoft happening to know that it's the same guy?


Adding to that: The user got a fresh device that was never used anywhere too.

https://redd.it/1onbiy7
@r_systemadmin

What would you do if you were forced to go into office more?

Our IT director recently decided that everyone has to be in the office at least 3 days a week instead of 2. Im sure it doesn't surprise anyone that the reaction across the department hasn’t been great.

Like many IT teams, most of what we do doesn’t actually require being in the office. When hardware work comes up, we just plan our in-office days accordingly. So it clearly feels like a “trend-following” move to align with the general push for return-to-office rather than anything based on actual need.

For me personally, it’s more of a mild inconvenience than a major issue (which I'm grateful for) but I’m curious what others would do in this situation. Would you look elsewhere, push back, or just accept it and move on?

https://redd.it/1onf9nk
@r_systemadmin

What's the most embarrassing IT blunder you've witnessed (or caused) that still makes you cringe?

Bonus points if you fixed it before anyone found out.
I think everyone's got at least one xD.. right?

https://redd.it/1ongjg3
@r_systemadmin

Sanity Check - AWS and Azure down again?

Downdetector shows them toast, and for some reason our on-prem stuff started acting strange. Anyone else seeing odd stuff happening around 9:16 Am EST?

https://redd.it/1ondu2o
@r_systemadmin

Today I screwed up

Well I guess it happens to all of us every now and then, but its always such a bad feeling when it happens. 4 years at this company and today, I screwed up production

It was a morning deployment to prod, a couple of quirks but nothing too special. And the actual deployment went fine actually. I did the post-deploy checks, all green. Closed the vpn connection and went on with my day.

Close to the end of the day we start getting tickets, users couldnt log in... me and my manager jumped into action and not even 30 seconds in we see a duplicated network on production, with my name all over it...

Fixing it took just a couple of clicks and I checked my command history and cannot find what I did but its my name on those logs and now Im just feeling like crap...

Anyways... hope your day is going better than mine

https://redd.it/1onjbmo
@r_systemadmin

Does every non-technical person state the order of HTTP redirects incorrectly? Or just the people around me?

This is just a small thing, but I'm baffled by it.

When a user asks me for help to create an HTTP redirect, if they are in a non-technical role such as marketing or education, they will almost always state it this way:

> Please help me create a redirect from www.new-site.com/new-path to www.old-site.com/old-path.

So, as a matter of course, I always have to reply with a narrative denoscription of how a redirect actually functions for a user. Something like:

> The user will enter www.new-site.com/new-path into their browser, and will get bounced over to a final destination of www.old-site.com/old-path. Are you sure that's what you want?

... It's just an extra email. And everyone has been gracious about the clarification. But I am just so surprised how widespread this inverted thinking seems to be among my users.

Among you web server sysadmins, have you noticed something similar?

https://redd.it/1onl1y9
@r_systemadmin

I hate printers

i work at a relatively small company and our IT dept is only about 5 people with very specific roles. so when more helpdesk-ish tickets come in, they're pretty much for whoever is free in that moment (Yes it sucks).


But ive been dealing with this stupid ass printer shit for soooo long now because some manager doesnt like the way the printer prints.

For context, its a citizen label printer. And i set it up with printix for whoever wants to use it but really just this specific department. You can print the labels, after some elbow grease they now look fantastic! Was even approved by the requester (a manager). But for whatever reason, you have to click portrait each time. ok... not a big deal! You can even tell itll be messed up if youre on landscape. So it should be an easy catch for anyone.

But this manager HATES that. So now he threatened to go to my boss about this whole situation... all because the user has to click portrait each time. Now really, im sure theres some way some how to write some command, noscript, or edit a driver or something so landscape just isnt an option that even appears. But what the shit are you really talking about!?!?!

Its just one click you have to do before printing out your labels! But he now wants to scrap the thousands of dollars we spent from our budget into these printers. All because of one more step to click and print these labels....

Am i overreacting??? or is this as ridiculous as he may think.

https://redd.it/1ono277
@r_systemadmin

Microsoft/Globalsign OCSP failure

It looks like there’s a DNS problem with Microsoft’s primary OCSP responder (I know, I know it’s always DNS).

The responder at “ocsp.msocsp.com”, which is configured in billions of certificates (I counted 58 billion on a quick check) issued by various Microsoft Certificate Authorities, normally has a CNAME pointing it to “hostedocsp.globalsign.com”.

This in turn should have a CNAME point to “api.globalsign.cloud”. This CNAME does not appear to exist anymore. This last name has working A records. The chain is broken between these last two globalsign records.

It’s unclear since when this is the case, one DNS history source said there had been no zone changes since October 31st.

What does this mean? Well, it means a large number of clients trying to validate one of those Microsoft certificates will usually try using OCSP first, and fail. It will then usually fallback to downloading the CRL, which can have a significant bandwidth and a small performance impact, as downloading a CRL is generally slower. It should not necessarily affect web browsing, as modern browsers tend to have their own CRL cache they prefill. But a large number of Windows and Microsoft services will not, and rely on the OS mechanism, which means a large number of failed requests to these OCSP servers. This can also affect non-Microsoft applications and services that use Azure, since these often use default Microsoft-supplied certificates on service endpoints, Front Door services, APIs endpoints and the like.

https://redd.it/1onm61v
@r_systemadmin

What is your dress code/attire for work?

My workplace is fairly lax unless we have customers coming. Normally I wear jeans/polo everyday and t-shirt on Friday. Shorts are fine through the summer.

https://redd.it/1onr38o
@r_systemadmin

FYI: Gmail/Google tightened their bulk sender guidelines - emails may now be rejected

https://support.google.com/a/answer/14229414

Previously Google was only putting non-compliant emails in Spam, they have now just said from this month that they may reject emails completely - following the lead of Microsoft here.

Just a reminder to setup your company DMARC policies if you haven't already, and also review bulk sender compliance rules if you're a bulk sender (sending 5,000+ emails per day).

https://redd.it/1onskta
@r_systemadmin

New Sysadmin, way out of his depth.

The Story:

Hi all, I'm mostly making this post out of desperation at this point. I'm a .net developer who's recently been forced to take over as the sole admin for our whole windows server after my boss decided he didn't like the last guy and well... "hey GenericEvilGenius, you're a computers guy right? you should just do it all then". So now if I want to keep getting paid I'm having to sink-or-swim at a job I'm woefully inexperienced at.

Not much later my boss tells me that we (by which he means I) have to manage migrating our entire business to a new server hosted by a new hosting provider, as our current servers are being EOL'd at the end of the month ... I'm so screwed.

After a few days of the hardest I've ever worked I've gotten everything like... 90% of the way there I think but after we do the DNS changeover to point everything towards the new server, it quickly becomes apparent that only like, 40%-50% of our usual traffic is actually reaching our API. This is swiftly confirmed by several irate phone calls from clients complaining that our services aren't working.

But the thing is, i tested this API beforehand, very thoroughly. Even now any tests I perform come back just fine (as it evidently does for roughly half of our clients). As a dev I understand that the first step to troubleshooting any problem is being able to re-create it, but no matter what i do i cant see any problem from my end, but i also can't understand why a problem might affect only some of our clients and not others. All of these people were able to use our API just fine literally yesterday.


The Technical Details:

Migrating from a Windows Server 2016 environment to a Windows Server 2025 one.
Server hosts an email server (hMail), a website (IIS), and a .net based API.
Some users are unable to reach the API after the move, I am unable to reproduce the problem or get any meaningful error information out of those who are experiencing it.
Confirmed firewall is not blocking requests, I can see that all clients requests are passing through the firewall okay, but it's showing those we have confirmed are experiencing the issue are getting a SERVER-RST response.

The only meaningful difference between the old server and new that i can see is that our old server had 3 IP addresses, one for each subdomain it was hosting.

1. mail.example.com for the email server.
2. www.example.com for the website.
3. services.example.com for the API.

It's my understanding that hosting all of these on one server with a single shared IP shouldn't be a problem, so long as people are addressing their SNI's correctly but this is the point at which I reach the limits of my knowledge. Do any of you have any idea why this might be happening? or what I can try looking into next?

https://redd.it/1ont8nu
@r_systemadmin

What are some "Rules for thee, but not for me" that you live by?

What are some things your users required to do, which you do not practice yourself?

For me, it's resetting cookies.

My daily workflow consists of at least 15-20 browser tabs for various admin consoles, ticket queues, monitoring dashboards, reports, etc. All set up and configured exactly how I want them (default page, menu order, column widths, etc.), so while it's not the end of the world if I need to reset my cookies, it is a major inconvenience to get everything set back up again.

https://redd.it/1onvq06
@r_systemadmin