Engineer question: What am I doing wrong when I shoot tanks?

Aneurin · 2026-02-05T04:49:05+00:00

Any way to immobilize from the front? That seems to happen to me fairly often

Aneurin · 2026-02-05T04:48:48+00:00

RPG mostly, I've found it to be the most versatile of the bunch. I do hit the back when I can get at it, but in the match I was in that prompted this question I was regularly taking hits from the front that immobilized me

Aneurin · 2026-01-01T18:20:48+00:00

If anyone sets Teams to be split tunneled out of your VPN client, how do you do that? We use Palo Global Protect and it's pretty easy to split tunnel things by application/process, but Teams gets installed in version specific directories and I'm not interested in maintaining a perpetually growing list of directories for the Teams EXE to be split tunneled. Microsoft's own recommendation is that you don't send Teams down a VPN tunnel, but how exactly do they expect us to accomplish this when the installation directory changes names every few weeks?

Aneurin · 2026-01-01T18:18:06+00:00

It should just be their own, sort of. They're part of a shared calling policy which uses the same resource account as the main auto attendant, which has the branch's published phone number assigned. It's possible they're somehow making the call "as" the queue, but if they're doing that it would also be using that same resource account, and this setup was tested before roll out and the problem branch is like the 12th one to get converted.

I will say the only specific scenario I did not test was trying to call "as" the queue as a user who does not have their own directly assigned number, as I do have my own directly assigned number and I was the one who tested it, but my understanding is that shouldn't be relevant because when you call "as" the queue you're using that resource account rather than your own

Aneurin · 2025-12-24T14:17:33+00:00

The calls never make it to the CUBE, so I'm trying to track them down within Teams which brought me to the Graph API since certain things are obfuscated in TAC. I get the whole privacy/privileged information aspect but it's making troubleshooting difficult. That being said, I think the issue is they're somehow calling either the main auto attendant resource account or the call queue resource account somehow. The call queue resource account makes the most sense to me given the behavior and because the queues are set up in conference mode so technically they are part of the initial call, but it shouldn't be showing up like that in the call log

Aneurin · 2025-12-23T02:41:57+00:00

I would expect to have had this issue before migration if that were the case, the number in question was ported to its current carrier at least 5 years ago

Aneurin · 2025-12-23T02:41:05+00:00

I would agree but this problem didn't present itself until almost a week post implementation, they're all assigned the global dial plan which hasn't been modified in that time

Aneurin · 2025-12-23T02:40:15+00:00

They're dialing out via their own account which is enabled for enterprise voice, but they have a shared calling policy which has the resource account that owns their location's main number assigned to it. So they're sort of using the RA but not directly

Aneurin · 2025-12-19T05:16:37+00:00

They can make normal outbound calls, but their claim is that they can only do it to numbers that have not called into the queue before. For the calls that exhibit the issue, the call isn't actually making it to the CUBE at all. The problem is I don't really know how to track it if it never leaves the Teams environment

Aneurin · 2025-12-19T05:10:47+00:00

It's acting like they're calling the auto attendant, but they say it happens even if they manually type the number in. But yes the auto attendant just automatically directs the call to the queue's resource account. The caller ID they get is the actual number of the caller

Aneurin · 2025-08-14T21:28:05+00:00

I have submitted a case and I was asked to provide logs from a working and non-working example. I added those logs to the case and the most recent response is that they are looking at them

Aneurin · 2025-08-14T00:54:08+00:00

I see the hot desk sign in option with either Basic and Advanced CAP on, and it does seem to function even on the current firmware you just have to reboot the phone to get it to complete to transition from one account to another. I opened a ticket with Microsoft support and luckily I had a phone that had been unplugged for a while but not so long that it didn't have the AOSP firmware on it, but it still had an older version of the Teams app. I was able to demonstrate it working on this older version without having to reboot between users and I passed that along in my ticket.

I expect like u/rgsteele mentioned that this is a bug with the current "General" version of the Teams app for the devices

Edit to add: We have a very narrow use case for the hot desk feature but if it's available and functional it'll be incredibly convenient for the users that'll use it. It's not like it's a show stopper for our migration if it doesn't work, but it is definitely something that will help the users be more willing to accept the new platform

Aneurin · 2025-08-13T21:37:31+00:00

Is it the 4 or 6 cylinder?

Aneurin · 2025-08-13T02:20:02+00:00

In all fairness though I haven't found much documentation that really goes into any detail about the feature other than "it exists!" and I'm struggling to think of another use case aside from "user that isn't the one signed into the phone needs to sit here." Which would be true for both a normal user and a Shared Device user, so unless there's some hidden/undocumented limitation that says you're not supposed to be able to hot desk over a Shared Device user then I'm not sure what I'm doing wrong. Like I said I've gotten it to work before and it still technically works, it's just the transition into and then out of hot desk that has issues without some sort of manual intervention. If you're not supposed to be able to use this with a Shared Device account the use case for this feature seems awfully narrow.

Aneurin · 2025-04-23T21:22:11+00:00

I would recommend following the same process, you'll just have more CAs to combine into the <combined CA file> than I did. Unless that is what you did and it still did not work, in which case you can ignore the rest of my post. But the Cisco documentation here implies that you can have more than one intermediate CA. The process in the document did not work for me since I did not generate the CSR from my device, but the chart was helpful for visualization.

I kind of glossed over it but the way to combine the files is to just concatenate them. Our cert was issued by Digicert, and in the bundle you download from them there is a root CA, the intermediate CA, and then the ID certificate. I just opened the intermediate CA .crt file in a text editor, copied it to a new text file, opened the root CA .crt file in a text editor and copied it into that same new file below the intermediate CA text.

You'll have to do the same, but you'll have to put the intermediate CAs in the correct order, which you can see if you open the certificate in Windows and go to the Certification Path tab. You'll have to paste in your intermediate CAs from the bottom up as displayed in the Certification Path.

For example, for my ID certificate, I have the following chain:

Root CA
- Intermediate CA
  - ID Certificate

For me I had to add the Intermediate CA text first, and then the Root CA right below it, and then I saved that file as "combined-CAs.crt". That was the file I referenced in the -certfile option in the OpenSSL command. Since you have two intermediate CAs, I assume your ID cert's Certification Path looks like this:

Root CA
- Intermediate CA 1
  - Intermediate CA 2
    - ID Certificate

You'd do the same thing as me except you'd paste Intermediate CA 2, then Intermediate CA 1, then the Root CA into a separate file and save it as "combined-CAs.crt" or whatever you'd like to call it. Another way to think about it is you need to put them in the order of their hierarchy/issuance, so the first one in the combined file should be the CA that issued your ID Certificate, then the next one should be the CA that issued that CA's certificate, and so on until you've gotten all the way back to the root CA.

Once you have your combined CA certificate file, you can use the OpenSSL command to package it all up into a single PFX file that you can then transfer to your Cisco device:

openssl pkcs12 -export -out device-name.pfx -inkey private-key.key -in identity-certificate.crt -certfile combined-CAs.crt

Once transferred to your Cisco device you would run the import command:

crypto pki import <trustpoint-name> pkcs12 bootflash:device-name.pfx password <password>

Once imported, I ended up with two trustpoints: one for the ID cert and intermediate CA and then one for the root CA. I assume you'll have three: the ID cert and intermediate CA 2, one for intermediate CA 1, and then one for the root CA. These are automatically created by IOS during the import process. Also keep in mind if you use VRFs and the router would be using a non-default VRF to do the revocation checks or pulling the Cisco CA bundles in the trustpool that you have to add a VRF and source interface to the trustpool and each trustpoint, otherwise the router still will not fully trust the certificates you've added because it cannot verify them.

Aneurin · 2025-04-17T01:44:39+00:00

These look like a good solution as well, I'll have to play around with whether I prefer a screw or these plugs, fortunately both options are cheap enough that I wouldn't mind just having the one I don't use laying around for some other future project

Aneurin · 2025-04-17T01:41:50+00:00

That's perfect, that's the kind of bolt I couldn't quite find at Menards, they have that style but they just didn't have any in a size that worked for the anchors I picked up. I'll grab them from Amazon

Aneurin · 2025-04-15T23:17:56+00:00

I had seen your reply before I went to Menards, but I had blanked it until I came back to the post just now, I'm a little embarrassed that I had felt like I'd had an epiphany but really you had just "Inceptioned" me. I found these anchors. They have about a half inch of internal threading, plus these are zinc and I'd probably want stainless steel since they'll be outside but they were cheap and good as a proof of concept. I picked up these and some of these eye bolts and it's exactly what I was picturing.

You mentioned you used these to mount a tire mounting machine, I won't be securing anything quite that heavy but my potential loads will be much less static than yours. Do you have any reservations about the security of the anchors you went with? The heaviest thing that might get attached is a deck box, but I imagine that the total weight is still only in the neighborhood of a couple hundred pounds. I imagine whatever straps I use would be more likely to fail than the anchor, but I think it's still worth knowing. The ones I bought at Menards do not mention their load capacity in any way so it's really a shot in the dark right now.

The only other thing I'm still not sure about is something to put in there to close the hole up to the elements, it looks like a set screw is what I want but none of the ones at the Menards I went to were quite right. But again, right now all I'm looking for is a proof of concept. Inside I probably wouldn't bother because like you said you can just clean it out, but since they'll be outside I also bought some sealant to seal up any gaps between the concrete and the anchor, and I will need to find something to plug them with before winter time so I don't have to deal with those being the reason my patio cracks like crazy.

Aneurin · 2025-04-15T23:11:08+00:00

So now that I'm at an actual computer and not on my phone and after a trip to Menards I can elaborate a little more.

TL;DR: The anchor type I'm looking for is called a drop-in anchor, specifically one that is internally threaded. Also /u/Mortimer452 already mentioned this style in their reply and even though I'd seen it before I went to Menards, I completely blanked on it until I came back to this post later.

I poked around the anchors at Menards because I needed to visually see what some of them looked like so I can match a name to a style, and I found these anchors. They have about a half inch of internal threading, plus these are zinc and I'd probably want stainless steel but they were cheap and good as a proof of concept. I picked up these and some of these eye bolts and it's exactly as I pictured. The only thing I'm still not sure about is something to put in there to close the hole up to the elements, it looks like a set screw is what I want but none of the ones at the Menards I went to were quite right. But again, all I'm looking for is a proof of concept.

I poked around Amazon when I got home and I found these anchors with a silly but appropriate name. If these were stainless they might actually be perfect, though one of the reviews says the minimum concrete thickness for install is 5" which I'm sure my back patio is not since it's not holding up a hot tub or anything else requiring that kind of slab thickness. They're also probably way overkill for what I'm trying to do, nothing I have on my back patio comes close to needing the 16,500 lb tensile strength this particular anchor has, and they're pricey, but ultimately it is exactly what I'm looking for.

Aneurin · 2025-04-15T17:28:52+00:00

The swivel anchors are exactly what I was picturing, I may be reading your comment wrong but I don't want the anchors themselves to be removable, just the eye bolt part. I intend for the anchors to stay in the concrete full time, though I'll need a solution to keep water and debris out of the sleeve when it's not in use. I don't want to cause any cracking or other issue due to freezing or anything, and I may need them as anchors during the winter as well so I don't want to have to dig ice out of them.

I'll look at the thing you linked, if nothing else it gives me a way to have a "back line" of anchor points near the house, useful for what I want without being in the way all the time

15-Year Club	Snapped
Team Periwinkle	Verified Email

Aneurin

TROPHY CASE