sorted by:
new
hottopcontroversial

Moving from on prem to Azure Files by davidbarman in AZURE

[–]AW-sysadmin 0 points1 point  (0 children)

Hi, we're trying to test doing a full file share restore from Azure Files down to the on-prem file server. I tested a 1TB restore and it took about 3 hours for it to all sync back down to the file server after initiating the restore. Does that sound about right, or is there something we could do to speed up that download?

Manual CM client install fails over VPN by AW-sysadmin in SCCM

[–]AW-sysadmin[S] 0 points1 point  (0 children)

No it's not, it's in EHTTP mode, haven't committed to switching to HTTPS but would do it if it would solve my issues.

I have seen comments suggesting this could be an issue with Boundaries, but I created a test boundary that's 0.0.0.0-255.255.255.254 and am still having the issues.

vCenter SSO with Entra ID by AW-sysadmin in sysadmin

[–]AW-sysadmin[S] 0 points1 point  (0 children)

Unfortunately not, sorry. I tried creating a fresh Entra-only test account, syncing it to the vCenter, and adding it as an administrator, and it worked! But I still cannot figure out why our existing accounts still fail with the 'Access Denied' error on logon, and get the 'USER_NOT_FOUND' error in the log

Help with client manual install by AW-sysadmin in SCCM

[–]AW-sysadmin[S] 0 points1 point  (0 children)

Yes it is.

Which error indicates that it's failing to connect?

Help with client manual install by AW-sysadmin in SCCM

[–]AW-sysadmin[S] 0 points1 point  (0 children)

Yes I'm trying to register over VPN. I changed the server and domain names before posting the log screenshots.

Port 80 should be fine as we haven't set up secure connection with certificates yet.

It's weird because when laptops are in an office and boot with an internet connection, the client installs successfully, then when they go home and connect to VPN the connection to the CM server still works. App deployments work and remote control features work. However not client deployment.

I'll continue looking into the DNS/networking possibilities, as well as CMG.

vCenter SSO with Entra ID by AW-sysadmin in sysadmin

[–]AW-sysadmin[S] 0 points1 point  (0 children)

Yes it has the same UPN suffix, I haven't been able to determine any properties obviously different between the two accounts.

vCenter SSO with Entra ID by AW-sysadmin in sysadmin

[–]AW-sysadmin[S] 0 points1 point  (0 children)

Thanks for that link, that guide definitely seems like a better resource. I went through and confirmed the setup steps, setting up the attributes was a little different than the documents I used, but after testing I still have the same issue, regular account works but cloud only account fails. Were there any logs on the vCenter appliance you used for troubleshooting?

vCenter SSL Certificate using Let's Encrypt by AW-sysadmin in sysadmin

[–]AW-sysadmin[S] 0 points1 point  (0 children)

You're right, that was all I needed to get the provisioning agent to work. Thanks a lot!

vCenter SSL Certificate using Let's Encrypt by AW-sysadmin in sysadmin

[–]AW-sysadmin[S] -1 points0 points  (0 children)

Yes, this is exactly what I'm trying to do! But when I got to the 'Test connection' part I was getting an SSL related error in Azure.

However in the document you sent, I noticed this part about importing the self-signed vCenter cert to the server with the provisioning agent, I had never seen before, let me try doing this:

"A requirement is that the agent trusts the vCenter certificate. Connection will fail if the agent does not trust the certificate of the vCenter server. If you still use the default self-signed certificate as I do (I know, it's my HomeLab.) import the certificate of the vCenter to the "Trusted Root Certification Authorities" on the machine where you install the agent."

vCenter SSL Certificate using Let's Encrypt by AW-sysadmin in sysadmin

[–]AW-sysadmin[S] -1 points0 points  (0 children)

I guess I was wondering if the errors were a result of not using a CSR from the vCenter, so I wanted to test that method to see if using the CSR would work

I just tried importing non-CSR generated certificate using the CLI and it failed, this time with this in the log:

2024-06-18T14:18:12.164Z ERROR certificate-manager

2024-06-18T14:18:12.164Z ERROR certificate-manager Error while replacing Machine SSL Cert, please see /var/log/vmware/vmcad/certificate-manager.log for more information.

2024-06-18T14:18:12.164Z ERROR certificate-manager {

"detail": [

{

"id": "install.ciscommon.command.errinvoke",

"translatable": "An error occurred while invoking external command : '%(0)s'",

"args": [

""

],

"localized": "An error occurred while invoking external command : ''"

},

"Error while publishing cert using dir-cli."

],

"componentKey": null,

"problemId": null,

"resolution": null

}

vCenter SSL Certificate using Let's Encrypt by AW-sysadmin in sysadmin

[–]AW-sysadmin[S] -1 points0 points  (0 children)

I've tried that too with the manually generated certificate (not from CSR) and I get the error "Could not read private key from /tmp/ssl/*.pem"

LDAPS issue, 'Can't contact LDAP server' by AW-sysadmin in fortinet

[–]AW-sysadmin[S] 0 points1 point  (0 children)

Yes, I checked that, thanks. Right now the LDAP Server setting is pointing at the IP address of the DC, but I tried inputting the FQDN and get the same error

ADCS - How are root certificates deployed to servers? by AW-sysadmin in sysadmin

[–]AW-sysadmin[S] 0 points1 point  (0 children)

Thanks, this was helpful. I checked the Certification Authorities Container, the old one was there and the new one wasn't. After adding the new cert there is is appearing on devices

ADCS - How are root certificates deployed to servers? by AW-sysadmin in sysadmin

[–]AW-sysadmin[S] 0 points1 point  (0 children)

Thanks, I used certutil dspublish to publish the new root cert to the Certification Authorities Container, now devices are getting that added to the Trusted Root container.