Still having issues RDP'ing and Accessing Shares on Windows 11 (25H2)
Hoping someone more intelligent than me can help me here. I am ready to pull my hair out. Situation is company purchased two brand new HP Elite 805 Mini workstations with Windows 11 Pro pre-installed as part of a workstation refresh. Company uses Quickbooks (I know, I know) in multi-user mode so both workstations can access and work from the same company file. Issue now is that no matter how I configure the file share on the primary workstation (A) (where the company file is located), workstation B cannot log into access the shared folders. I get prompted for a username and password but get event ID 4625 Status 0x0c00000D every time. I have done the following so far without success:
* Created a standalone local user to access the shares - accessing using workstation A hostname\\username format.
* Added the new user to the shared folders with Full access (Share Permissions & NTFS permissions both)
* Turned on Network Discovery & Printer Sharing (both workstations for Private network profile)
* Set the network interfaces to the Private firewall profile (both workstations)
* Set Microsoft Network Client: Digitally Sign Communications (always) to Disabled
* Set Microsoft Network Client: Digitally Sign Communications (if server agrees) to Disabled
* Turned off Password Protected Sharing on the primary workstation - I still get prompted for a password regardless
* Verified SIDs are not duplicates (even though they came pre-installed from the factory)
* Disabled Windows Hello (both workstations)
* Confirmed DNS is working properly (via nslookup)
* Removed/cleared cached credentials on workstation B
* Tried accessing via IP address but got the same result
* Enabled Insecure Guest Logons via Group Policy on workstation A
* Updated both workstations to latest version
* Restarted both workstations after policy changes
* Had someone else set a password on the user account and attempted to login without success (to rule out me mistyping or something.....desperation starting to set in at this point)
* Installed SMB 1.0/CIFS as an attempted workaround
I thought I could work around this by setting up RDP from workstation B to workstation A (to remove the share issue) but I get the same exact event ID in Event Viewer. The company does not use on-prem AD or Azure AD so those are not factors. Network is flat (not my design) with all devices in a single subnet.
My gut is telling me this may be related to KB5065426 even though the recommended workarounds are not working for me (or I am missing something in the workarounds). The workstations on Windows 11 Pro Version 25h2 Build 26200.6899.
Any help on this would be greatly appreciated!
https://redd.it/1osxln3
@r_systemadmin
Hoping someone more intelligent than me can help me here. I am ready to pull my hair out. Situation is company purchased two brand new HP Elite 805 Mini workstations with Windows 11 Pro pre-installed as part of a workstation refresh. Company uses Quickbooks (I know, I know) in multi-user mode so both workstations can access and work from the same company file. Issue now is that no matter how I configure the file share on the primary workstation (A) (where the company file is located), workstation B cannot log into access the shared folders. I get prompted for a username and password but get event ID 4625 Status 0x0c00000D every time. I have done the following so far without success:
* Created a standalone local user to access the shares - accessing using workstation A hostname\\username format.
* Added the new user to the shared folders with Full access (Share Permissions & NTFS permissions both)
* Turned on Network Discovery & Printer Sharing (both workstations for Private network profile)
* Set the network interfaces to the Private firewall profile (both workstations)
* Set Microsoft Network Client: Digitally Sign Communications (always) to Disabled
* Set Microsoft Network Client: Digitally Sign Communications (if server agrees) to Disabled
* Turned off Password Protected Sharing on the primary workstation - I still get prompted for a password regardless
* Verified SIDs are not duplicates (even though they came pre-installed from the factory)
* Disabled Windows Hello (both workstations)
* Confirmed DNS is working properly (via nslookup)
* Removed/cleared cached credentials on workstation B
* Tried accessing via IP address but got the same result
* Enabled Insecure Guest Logons via Group Policy on workstation A
* Updated both workstations to latest version
* Restarted both workstations after policy changes
* Had someone else set a password on the user account and attempted to login without success (to rule out me mistyping or something.....desperation starting to set in at this point)
* Installed SMB 1.0/CIFS as an attempted workaround
I thought I could work around this by setting up RDP from workstation B to workstation A (to remove the share issue) but I get the same exact event ID in Event Viewer. The company does not use on-prem AD or Azure AD so those are not factors. Network is flat (not my design) with all devices in a single subnet.
My gut is telling me this may be related to KB5065426 even though the recommended workarounds are not working for me (or I am missing something in the workarounds). The workstations on Windows 11 Pro Version 25h2 Build 26200.6899.
Any help on this would be greatly appreciated!
https://redd.it/1osxln3
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
FM Audit see if a printer needs a drum?
We use Toshiba for our copiers and printer management. They send out toner autoatically when it's needed for our fleet of 50 printers througout a resort (mostly Brother and HP). However, they can't see if any of the printers need a new drum. We must call or email them to get a drum ordered. They use FM Audit.
Is this typical? I'm tempted to shop around to see if others can send the drums automatically. It's super annoying.
https://redd.it/1oswp4z
@r_systemadmin
We use Toshiba for our copiers and printer management. They send out toner autoatically when it's needed for our fleet of 50 printers througout a resort (mostly Brother and HP). However, they can't see if any of the printers need a new drum. We must call or email them to get a drum ordered. They use FM Audit.
Is this typical? I'm tempted to shop around to see if others can send the drums automatically. It's super annoying.
https://redd.it/1oswp4z
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Do you have any examples in your personal life of people confusing where you work with what you actually do? Like family asking you about flu season because you work at a hospital, or asking about their washing machine because they bought it from your company?
I always just end up sending them a link to online resources. I'm not suddenly qualified to tell you about your HVAC just because I work at a company related to that. I'm not suddenly qualified to tell you how to diet and exercise because I started maintaining endpoints for a health/fitness company. And no, I can't diagnose if you have COVID just because I'm maintaining servers for a hospital.
Anyone else run into this? Not a big deal, just feels like a pretty unique thing to our field. We're the tech experts, but also the go-to for anything related to wherever we happen to land for work.
https://redd.it/1oszdh2
@r_systemadmin
I always just end up sending them a link to online resources. I'm not suddenly qualified to tell you about your HVAC just because I work at a company related to that. I'm not suddenly qualified to tell you how to diet and exercise because I started maintaining endpoints for a health/fitness company. And no, I can't diagnose if you have COVID just because I'm maintaining servers for a hospital.
Anyone else run into this? Not a big deal, just feels like a pretty unique thing to our field. We're the tech experts, but also the go-to for anything related to wherever we happen to land for work.
https://redd.it/1oszdh2
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Small office internet upgrade from a 1Gbps circuit to 2.5 Gbps (QNAP Switches?)
Branch office is getting Internet upgrade from 1 Gbps circuit to 2.5 Gbps. The challenge is that our current network switches are 8-year-old gigabit switches, so I’m researching the best budget-friendly options for replacing them with 2.5 GbE switches.
Surprisingly, there aren’t many affordable non-consumer options on the market. HPE and Dell, for example, don’t have anything reasonable in this range: their entry point for 10/5/2.5 multi-GbE networks switches start around $7K and go up from there.
My current plan is to go with QNAP:
Deploy three QSW-M3224-24T-US switches, each connected to a single QSW-M3216R-8S8T-US via a pair of CAT7 LAG uplinks (20 Gbps uplinks, essentially).
The QSW-M3216R-8S8T-US would act as the aggregation switch, with its 10 Gb SFP+ interfaces connecting to the firewall's HA pair.
I know it’s not a perfect setup - QNAP doesn’t offer a 48-port 2.5 GbE switch, but the design seems solid and far better than most consumer-grade or home-lab gear at this price point.
Has anyone here used QNAP switches in a production (non-home lab) environment? The office has about 50 endpoints plus the usual mix of printers and other crap.
Also, has anyone else upgraded from 1 Gbps to 2.5 GbE in a small business office? or are you still on a tried and true 1 gig conenction? Curious if you noticed any real-world improvements or positive feedback from users.
My thinking is that while a gigabit connection is technically “enough,” it’s still worth staying competitive, especially with all the recent “return-to-office” mandates. The last thing I want is users claiming their home Internet is faster than in the office, now that most Fios plans offer 2.5 Gbps connections at home.
https://redd.it/1ot1liq
@r_systemadmin
Branch office is getting Internet upgrade from 1 Gbps circuit to 2.5 Gbps. The challenge is that our current network switches are 8-year-old gigabit switches, so I’m researching the best budget-friendly options for replacing them with 2.5 GbE switches.
Surprisingly, there aren’t many affordable non-consumer options on the market. HPE and Dell, for example, don’t have anything reasonable in this range: their entry point for 10/5/2.5 multi-GbE networks switches start around $7K and go up from there.
My current plan is to go with QNAP:
Deploy three QSW-M3224-24T-US switches, each connected to a single QSW-M3216R-8S8T-US via a pair of CAT7 LAG uplinks (20 Gbps uplinks, essentially).
The QSW-M3216R-8S8T-US would act as the aggregation switch, with its 10 Gb SFP+ interfaces connecting to the firewall's HA pair.
I know it’s not a perfect setup - QNAP doesn’t offer a 48-port 2.5 GbE switch, but the design seems solid and far better than most consumer-grade or home-lab gear at this price point.
Has anyone here used QNAP switches in a production (non-home lab) environment? The office has about 50 endpoints plus the usual mix of printers and other crap.
Also, has anyone else upgraded from 1 Gbps to 2.5 GbE in a small business office? or are you still on a tried and true 1 gig conenction? Curious if you noticed any real-world improvements or positive feedback from users.
My thinking is that while a gigabit connection is technically “enough,” it’s still worth staying competitive, especially with all the recent “return-to-office” mandates. The last thing I want is users claiming their home Internet is faster than in the office, now that most Fios plans offer 2.5 Gbps connections at home.
https://redd.it/1ot1liq
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
what are the best vpn for pc in 2025? speed, security, and privacy
been trying to figure out which vpn actually delivers on speed without sacrificing security or privacy. i’m sick of vpns that claim they’re fast but choke my connection or spy on me. looking for one that’s genuinely fast, secure, and private. what’s actually worth using right now?
https://redd.it/1ot3tjl
@r_systemadmin
been trying to figure out which vpn actually delivers on speed without sacrificing security or privacy. i’m sick of vpns that claim they’re fast but choke my connection or spy on me. looking for one that’s genuinely fast, secure, and private. what’s actually worth using right now?
https://redd.it/1ot3tjl
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
I’m working on an industrial laptop that has multiple bootable windows partitions with different configs to run equipment. The main, default OS upgraded from 20h2 to 22h2. The rest are still in 20h2 and none of them will boot. What are my options? Can I upgrade them to 22h2 without booting the OS?
Posted in sysadmin because you guys are the smartest of the computer bunch
https://redd.it/1ot32g6
@r_systemadmin
Posted in sysadmin because you guys are the smartest of the computer bunch
https://redd.it/1ot32g6
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
AlwaysOn VPN with WIN-ACME and certificate auto-renewal
Am just about to build fresh AlwaysON VPN server and am looking to replace our existing wildcard certificate issued via Digicert with one from Let's Encrypt, potentially auto-renewing it via Win-Acme or similar tool. Anyone doing this? Any tips/tricks/traps I should know about?
https://redd.it/1ot56qo
@r_systemadmin
Am just about to build fresh AlwaysON VPN server and am looking to replace our existing wildcard certificate issued via Digicert with one from Let's Encrypt, potentially auto-renewing it via Win-Acme or similar tool. Anyone doing this? Any tips/tricks/traps I should know about?
https://redd.it/1ot56qo
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Server 2019 AD upgrade to 2025
Good Morning All,
I started out this week by installing server 2025 as an AD/DNS/DHCP server and... it was a fun time (similar happened to this https://www.reddit.com/r/WindowsServer/comments/1jdefxi/2025\_server\_cant\_login/ )
so I nuked and installed 2019 eval instead.
2019 is working fine currently, but of course we didnt get the downgrade license, so I now have a ticking time bomb of an eval running as a DC.
So, my question really is, is it possible to in place upgrade to 2025 and avoid the issues I had before? or are they likely to come back?
I did try to pssession into the server at the time to try the fixes that others mentioned. but the rest of the network wasnt in place and I couldnt actually get in. time was of the essence, so tinkering wasnt an option at the time.
I did a full windows update on 2025 before adding it as a DC. so if the "bug" from above was "fixed" in an update, how the hell did it still happen?
Regardless, the situation still stands, anyone with experience of this can throw in their 2cents?
I will of course have a full backup taken before performing any upgrade, I just really dont want to have too much downtime.
looking forward to your answers.
https://redd.it/1ot6mho
@r_systemadmin
Good Morning All,
I started out this week by installing server 2025 as an AD/DNS/DHCP server and... it was a fun time (similar happened to this https://www.reddit.com/r/WindowsServer/comments/1jdefxi/2025\_server\_cant\_login/ )
so I nuked and installed 2019 eval instead.
2019 is working fine currently, but of course we didnt get the downgrade license, so I now have a ticking time bomb of an eval running as a DC.
So, my question really is, is it possible to in place upgrade to 2025 and avoid the issues I had before? or are they likely to come back?
I did try to pssession into the server at the time to try the fixes that others mentioned. but the rest of the network wasnt in place and I couldnt actually get in. time was of the essence, so tinkering wasnt an option at the time.
I did a full windows update on 2025 before adding it as a DC. so if the "bug" from above was "fixed" in an update, how the hell did it still happen?
Regardless, the situation still stands, anyone with experience of this can throw in their 2cents?
I will of course have a full backup taken before performing any upgrade, I just really dont want to have too much downtime.
looking forward to your answers.
https://redd.it/1ot6mho
@r_systemadmin
Reddit
From the WindowsServer community on Reddit
Explore this post and more from the WindowsServer community
Anyone else notice how insecure digicerts new login is?
If you log out. You can login by entering ANYTHING into the login form.
You can also bypass the MFA if you had it setup on their old login.
https://redd.it/1ot6lip
@r_systemadmin
If you log out. You can login by entering ANYTHING into the login form.
You can also bypass the MFA if you had it setup on their old login.
https://redd.it/1ot6lip
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
My company offered to pay for certifications — which ones should I go for as a beginner in cybersecurity?
Hey everyone,
I just got the opportunity from my company to take some certification courses (they’ll cover the costs). The thing is — I currently have no certifications and I’m just getting started in cybersecurity.
I’m trying to figure out which certifications would make the most sense to start with — both for building a solid foundation and for career growth.
A bit about me:
* Currently working in IT with a growing interest in security
* Have some hands-on experience with Windows, networking, and Microsoft 365
* Finished my bachelor in cybersecurity
I’ve heard about things like CompTIA Security+, Network+, Google Cybersecurity, ISC2 CC, and Microsoft SC-900, but I’m not sure which path makes the most sense for a total beginner.
https://redd.it/1ot9i81
@r_systemadmin
Hey everyone,
I just got the opportunity from my company to take some certification courses (they’ll cover the costs). The thing is — I currently have no certifications and I’m just getting started in cybersecurity.
I’m trying to figure out which certifications would make the most sense to start with — both for building a solid foundation and for career growth.
A bit about me:
* Currently working in IT with a growing interest in security
* Have some hands-on experience with Windows, networking, and Microsoft 365
* Finished my bachelor in cybersecurity
I’ve heard about things like CompTIA Security+, Network+, Google Cybersecurity, ISC2 CC, and Microsoft SC-900, but I’m not sure which path makes the most sense for a total beginner.
https://redd.it/1ot9i81
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
One-man IT department here… is it time to bring in an MSP?
I’m the entire IT “department” for a 50-employee logistics company. I handle everything, servers, email, cybersecurity, onboarding, printer rage therapy, all of it.
Now upper management wants 24/7 monitoring + disaster recovery + compliance documentation, but doesn’t want to hire extra IT staff. I’m burning out.
Anyone here bring in an MSP to supplement internal IT? Worth it or does it turn into a mess of tickets and finger-pointing?
https://redd.it/1otaay1
@r_systemadmin
I’m the entire IT “department” for a 50-employee logistics company. I handle everything, servers, email, cybersecurity, onboarding, printer rage therapy, all of it.
Now upper management wants 24/7 monitoring + disaster recovery + compliance documentation, but doesn’t want to hire extra IT staff. I’m burning out.
Anyone here bring in an MSP to supplement internal IT? Worth it or does it turn into a mess of tickets and finger-pointing?
https://redd.it/1otaay1
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
I finally left the MSP helldesk
After 5 years of working at an MSP as a level one, underpaid and burnt out and no clear career progression I made the decision to quit with no backup plan. 2 months later I'm now working in a L2 support role internally for a company, no more timesheets, no more manager breathing down my neck saying i haven't hit my ticket allowance for the day when i've been dealing with issues that need time and attention, no more after hours phone calls late at night.
I can now just focus on fixing things, learning, and delivering good customer service for the employees.
I've started enjoying IT again and feel my passion I once had coming back. And this place allows me to pivot easily into more infrastructure and networking focus.
Sure MSP may suit some people, but holy crap the sense of relief I felt once I had left was immense
https://redd.it/1otbth3
@r_systemadmin
After 5 years of working at an MSP as a level one, underpaid and burnt out and no clear career progression I made the decision to quit with no backup plan. 2 months later I'm now working in a L2 support role internally for a company, no more timesheets, no more manager breathing down my neck saying i haven't hit my ticket allowance for the day when i've been dealing with issues that need time and attention, no more after hours phone calls late at night.
I can now just focus on fixing things, learning, and delivering good customer service for the employees.
I've started enjoying IT again and feel my passion I once had coming back. And this place allows me to pivot easily into more infrastructure and networking focus.
Sure MSP may suit some people, but holy crap the sense of relief I felt once I had left was immense
https://redd.it/1otbth3
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Why do we still use linear partition tables?
This is a technical and philosophical question...
I just realized as I was trying to resolve an issue that required moving a partition to enable giving more space to another partition infront of the other, that this as on an SSD.
A SSD does not record data in a physical linear way, so why should the partition table be linear?
Why do we still care about what partition is in front, or behind?
Ok, it is a legacy hold over, right, I can see that being a historical reason, but now with GPT, and the use of UUIDs for partitions, is there a good reason why partition tables are linear?
they should simply present to the OS as blobs, where the SSD worries about where on the disk they are located, and the computer simply specifies the ID of a partition when talking to the SSD. Could we not use something similar to LVMs, instead of a rigid partition table?
https://redd.it/1otdveg
@r_systemadmin
This is a technical and philosophical question...
I just realized as I was trying to resolve an issue that required moving a partition to enable giving more space to another partition infront of the other, that this as on an SSD.
A SSD does not record data in a physical linear way, so why should the partition table be linear?
Why do we still care about what partition is in front, or behind?
Ok, it is a legacy hold over, right, I can see that being a historical reason, but now with GPT, and the use of UUIDs for partitions, is there a good reason why partition tables are linear?
they should simply present to the OS as blobs, where the SSD worries about where on the disk they are located, and the computer simply specifies the ID of a partition when talking to the SSD. Could we not use something similar to LVMs, instead of a rigid partition table?
https://redd.it/1otdveg
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
ProLiant DL380 Gen9 - Smart Storage
Hey everybody,
One man IT guy at a company that has never had in house IT, only a single person who's been remote for about 10 years. They passed all of their work off to another person who came in for four hours on a certain day of the week.
I recently replaced the server smart battery, as in PRTG & iLO it's showing as degraded. It's recognized the new battery, since it has a new number shown there, but it's still marked as degraded. I've seen to wait a little bit of time, buy so far there's been no change. Any ideas? Thanks in advance.
https://redd.it/1otg62j
@r_systemadmin
Hey everybody,
One man IT guy at a company that has never had in house IT, only a single person who's been remote for about 10 years. They passed all of their work off to another person who came in for four hours on a certain day of the week.
I recently replaced the server smart battery, as in PRTG & iLO it's showing as degraded. It's recognized the new battery, since it has a new number shown there, but it's still marked as degraded. I've seen to wait a little bit of time, buy so far there's been no change. Any ideas? Thanks in advance.
https://redd.it/1otg62j
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
My sys admin sucks
I'm not gonna claim to know a lot since I just entered the field as a helpdesk. My sysadmin is an idiot and I have no idea how this guy has been able to fool an organization for years. This is a rant so ill just list off some of the things he's said and done in the past couple months.
Oh also more than half of our employee laptops, this number is in the hundreds, are still on Windows 10 and will be for the foreseeable future.
We do not have Active Directory, he has been setting it up for years, allegedly.
I am required to install ccleaner and 2 different antiviruses ontop of our endpoint protection software we pay for. One of the antivirus software he has me install is from 2000 and has been known to bundle malware
Oh I'm also forced to make sure these softwares are on a specific part of the desktop so "IT can find their tools."
I offered a solution that a friend of mine came up to execute remote code using our endpoint protection software to do all the win10-11 updates en masse but I was told "we do things the right way here"
He claimed he was unable to use his computer for a whole day because it is literally impossible to convert MBR to GPT.
I was required to ask for every employees password so I could "log into their account" since it's "easier than resetting their password on the laptop" and how "we need to confirm their password meets our security requirements"
Runs campaigns against other IT staff who know more than he does (not very hard) talks shit about them for months and they eventually get fired.
Laughs/talks shit about employees who fall for phishing emails (we also have paid for a phishing simulator software but he wont use it).
That's all I can really say without giving away too much.
https://redd.it/1oti0g9
@r_systemadmin
I'm not gonna claim to know a lot since I just entered the field as a helpdesk. My sysadmin is an idiot and I have no idea how this guy has been able to fool an organization for years. This is a rant so ill just list off some of the things he's said and done in the past couple months.
Oh also more than half of our employee laptops, this number is in the hundreds, are still on Windows 10 and will be for the foreseeable future.
We do not have Active Directory, he has been setting it up for years, allegedly.
I am required to install ccleaner and 2 different antiviruses ontop of our endpoint protection software we pay for. One of the antivirus software he has me install is from 2000 and has been known to bundle malware
Oh I'm also forced to make sure these softwares are on a specific part of the desktop so "IT can find their tools."
I offered a solution that a friend of mine came up to execute remote code using our endpoint protection software to do all the win10-11 updates en masse but I was told "we do things the right way here"
He claimed he was unable to use his computer for a whole day because it is literally impossible to convert MBR to GPT.
I was required to ask for every employees password so I could "log into their account" since it's "easier than resetting their password on the laptop" and how "we need to confirm their password meets our security requirements"
Runs campaigns against other IT staff who know more than he does (not very hard) talks shit about them for months and they eventually get fired.
Laughs/talks shit about employees who fall for phishing emails (we also have paid for a phishing simulator software but he wont use it).
That's all I can really say without giving away too much.
https://redd.it/1oti0g9
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Should I quit?
IT director at a small business, about ~100 people. I’m six months in and I’m about ready to quit—the place is a cybersecurity disaster, HR controls laptop procurement and technical onboarding, and any changes I make are met with torches and pitchforks. Leadership SAYS they support me, but can’t have a difficult conversation to save their lives.
I think I answered my own question, right?
https://redd.it/1otinjm
@r_systemadmin
IT director at a small business, about ~100 people. I’m six months in and I’m about ready to quit—the place is a cybersecurity disaster, HR controls laptop procurement and technical onboarding, and any changes I make are met with torches and pitchforks. Leadership SAYS they support me, but can’t have a difficult conversation to save their lives.
I think I answered my own question, right?
https://redd.it/1otinjm
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Can you restart IIS websites during working hours?
Some context:
I work as an infra/devops engineer at a software company. The applications are still fairly old-school, all monoliths hosted as IIS websites. When we need to apply quick fixes, we sometimes modify configuration files like appsettings.json instead of doing a whole new build.
However, for these changes to take effect, we need to restart the specific IIS website. The issue is that we're not allowed to do this during working hours because “we can’t undertake actions that might interrupt live services during core hours, especially without client notice,” as management always says.
From my understanding, restarting an IIS website only causes a very brief blip, just a few seconds of downtime, so it doesn’t seem like a major disruption, especially when the change has already been tested in lower environments.
Am I wrong to think this shouldn’t require an out of hours window, or is this policy fairly standard in other companies?
https://redd.it/1othcfy
@r_systemadmin
Some context:
I work as an infra/devops engineer at a software company. The applications are still fairly old-school, all monoliths hosted as IIS websites. When we need to apply quick fixes, we sometimes modify configuration files like appsettings.json instead of doing a whole new build.
However, for these changes to take effect, we need to restart the specific IIS website. The issue is that we're not allowed to do this during working hours because “we can’t undertake actions that might interrupt live services during core hours, especially without client notice,” as management always says.
From my understanding, restarting an IIS website only causes a very brief blip, just a few seconds of downtime, so it doesn’t seem like a major disruption, especially when the change has already been tested in lower environments.
Am I wrong to think this shouldn’t require an out of hours window, or is this policy fairly standard in other companies?
https://redd.it/1othcfy
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How did you learn when first starting your sysadmin career?
I started at this company on the help desk. We support about 300 different remote offices. 6 months later, I started as an IT technician doing site visits and transitions (multifamily residential industry). A year after that (about 3mo ago), I assumed a sysadmin position after a couple members of that team left.
They are still working on backfilling my role, so most of my workload is still for my old position. As a result I’m not involved in many projects for my new role. I’m in a strange limbo state right now. I don’t have most of the foundational knowledge to support most of our systems. Good understanding of networking/troubleshooting/field tech work, but not so much when it comes to enterprise applications, noscripting, server management, that sort of thing.
I was thinking of supplementing with learning on my own time so I can hit the ground running once they backfill my old role. Are there any resources that you leveraged when you first started your sysadmin role that you found valuable?
https://redd.it/1otk0yc
@r_systemadmin
I started at this company on the help desk. We support about 300 different remote offices. 6 months later, I started as an IT technician doing site visits and transitions (multifamily residential industry). A year after that (about 3mo ago), I assumed a sysadmin position after a couple members of that team left.
They are still working on backfilling my role, so most of my workload is still for my old position. As a result I’m not involved in many projects for my new role. I’m in a strange limbo state right now. I don’t have most of the foundational knowledge to support most of our systems. Good understanding of networking/troubleshooting/field tech work, but not so much when it comes to enterprise applications, noscripting, server management, that sort of thing.
I was thinking of supplementing with learning on my own time so I can hit the ground running once they backfill my old role. Are there any resources that you leveraged when you first started your sysadmin role that you found valuable?
https://redd.it/1otk0yc
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Anyone got WiFi auth working with Entra ID (no on-prem AD, all FortiAPs)?
Hey folks,
Curious if anyone here actually got WiFi authentication working directly against Entra ID.
We’re 100% Entra-based(no on-prem AD, no hybrid setup). Everything lives in the cloud.
We’re also a Forti shop, so all our APs are FortiAPs managed through FortiGate.
What I’m trying to do is have users connect to our office WiFi and authenticate using their Entra ID creds.
Most of what I’ve found so far points to needing a RADIUS server (either on-prem or hosted) or spinning up a local AD just to handle 802.1X, both of which I’d rather avoid completely.
Ideally looking for a clean, cloud-only solution. Something that doesn’t involve setting up or maintaining any RADIUS/AD infra.
Has anyone pulled this off, or is it just not doable yet without a RADIUS middleman?
Would love to hear what others have tried.
https://redd.it/1otmqhw
@r_systemadmin
Hey folks,
Curious if anyone here actually got WiFi authentication working directly against Entra ID.
We’re 100% Entra-based(no on-prem AD, no hybrid setup). Everything lives in the cloud.
We’re also a Forti shop, so all our APs are FortiAPs managed through FortiGate.
What I’m trying to do is have users connect to our office WiFi and authenticate using their Entra ID creds.
Most of what I’ve found so far points to needing a RADIUS server (either on-prem or hosted) or spinning up a local AD just to handle 802.1X, both of which I’d rather avoid completely.
Ideally looking for a clean, cloud-only solution. Something that doesn’t involve setting up or maintaining any RADIUS/AD infra.
Has anyone pulled this off, or is it just not doable yet without a RADIUS middleman?
Would love to hear what others have tried.
https://redd.it/1otmqhw
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
UPS for every Network Switch?
We are planning a new building with a large production hall and severals racks for sub-distribution with switches. One of our team is worrying that on a power outage, the switches get damaged. (by voltage spikes, etc.)
So what is your opinion on this?
Are the switches resistant enough?
Should there be some kind of surge protection enough?
Or do you go to ups them all?
Location Germany.
https://redd.it/1otigp2
@r_systemadmin
We are planning a new building with a large production hall and severals racks for sub-distribution with switches. One of our team is worrying that on a power outage, the switches get damaged. (by voltage spikes, etc.)
So what is your opinion on this?
Are the switches resistant enough?
Should there be some kind of surge protection enough?
Or do you go to ups them all?
Location Germany.
https://redd.it/1otigp2
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Is it safe to reset the KRBTGT password if the account has been disabled for 12 years?
Hi,
I’m planning to rotate the KRBTGT password in our Active Directory domain. I noticed something unusual — the KRBTGT account has been disabled for about 12 years, but everything in the environment is still working perfectly (Kerberos auth, logons, services, etc.).
Before I run the Microsoft noscript, I want to make sure I’m not missing anything.
My questions:
1. Do I need to enable the KRBTGT account before resetting its password, or can the noscript reset it while it’s disabled?
https://redd.it/1otqkif
@r_systemadmin
Hi,
I’m planning to rotate the KRBTGT password in our Active Directory domain. I noticed something unusual — the KRBTGT account has been disabled for about 12 years, but everything in the environment is still working perfectly (Kerberos auth, logons, services, etc.).
Before I run the Microsoft noscript, I want to make sure I’m not missing anything.
My questions:
1. Do I need to enable the KRBTGT account before resetting its password, or can the noscript reset it while it’s disabled?
https://redd.it/1otqkif
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community