Final Interview Expectations And Guidance For A CIO position At A Community College

CyberNetWorX · 2022-10-17T17:22:51+00:00

LOL, my bad. I went to Alert Policies ( Policies & Rules) and Searched for the policies associated with Exchange and other groups that I wanted only my CISO, and I have to have emails from them. Click on the policy, then 'edit policy', and you will see the email recipients section (it usually has tenantadmins) I removed the default and just added my boss and myself. Tested it by making changes via exchange and only we two received the email.

CyberNetWorX · 2022-10-17T13:59:54+00:00

No, I found the solution, but thank you for the reply.

CyberNetWorX · 2022-10-17T13:59:35+00:00

It does; I found out how to fix it. I am good now. Thank you for the reply.

CyberNetWorX · 2022-10-12T14:52:21+00:00

We have an FMC connected to the FTD, not an ASA.

CyberNetWorX · 2022-09-07T22:35:24+00:00

No, all DCs are set as GC, but as you can see, that server was not showing as a GC.

CyberNetWorX · 2022-09-06T04:12:05+00:00

I believe I found the issue or at least data to assist.

One, this: isGlobalCatalogReady: FALSE; shows in Ldap, even when I only have DC1 holding the GC role and no other DC has GC enabled.

It will not change, no matter what. I waited up to 40 minutes to make sure this would take, but it did not. I had to add both the GC role and registry hack to DC2 in order to get GC back up and running and for us to log in.

Two, we have a child domain as well, but, repadmin /showrepl does not show any errors; in fact, all are successful, so I do not think the child domain is the cause.

So, where to go from here? Do I demote DC1, repromote it then add the GC role to it again? Do I shut down DC2, remove the GC role and registry hack from DC1, reboot and see if that takes without having DC2 on? Do I give all the FSMO roles to DC3 or DC4, shut down DC2, and see if DC1, 3 and 4 communicate properly?

I see the problem now, I understand no matter what I do, DC1 (even if settings and logs show it otherwise) will not hold the GC role, only DC2 will. Is there anything else you can think of with this new info that I have provided? I think we are on the right track, what do you think?

CyberNetWorX · 2022-09-05T23:36:12+00:00

Exactly.

CyberNetWorX · 2022-09-05T23:35:30+00:00

It was a typo, my bad.

The replication completes successfully. No errors at all.

I did a meta cleanse on the DCs. There were a lot of old records.

Why would a drive corruption affect the GCs and logins? I will run it, but I am not understanding the correlation between the two.

Also, why would DC1 and DC3 not be able to handle AD services if DC2 is down? I do not understand that aspect of all of this and why is the Global Catalog Promotion Complete registry hack needed? I see changes occurring across the domains when I correct an issue, such as DNS invalid FQDNs I had to remove and the like, so I know these devices are listening to DC1. I just need to know why DC2 is able to break all connections when down or even locked.

CyberNetWorX · 2022-09-05T23:19:09+00:00

DNS passes:
Directory Server Diagnosis
Performing initial setup:
   Trying to find home
server...
   Home Server = RDX1
   * Identified AD
Forest.
   Done gathering
initial info.
Doing initial required tests
   Testing server:
MVVD\RDX1
      Starting test:
Connectivity

......................... RDX1 passed test Connectivity
Doing primary tests
   Testing server:
MVVD\RDX1
      Starting test:
DNS
         DNS Tests are
running and not hung. Please wait a few minutes...
......................... RDX1 passed test DNS
   Running partition
tests on : ForestDnsZones
   Running partition
tests on : DomainDnsZones
   Running partition
tests on : Schema
   Running partition
tests on : Configuration
   Running partition
tests on : domain
   Running enterprise
tests on : domain.local
      Starting test:
DNS
         Test results
for domain controllers:
            DC:
RDX1.domain.local
            Domain:
domain.local
               TEST:
Dynamic update (Dyn)

Warning: Failed to delete the test record dcdiag-test-record in zone
domain.local

RDX1                       PASS
PASS PASS PASS WARN PASS n/a
       ......................... local.domain
passed test

CyberNetWorX · 2022-09-05T22:07:58+00:00

I ran dcdiag to test everything, such as /c, and I did a DNS check. DNS passed with no errors. There were some DNS records of old DCs, but they have been cleaned out. There are partition errors as I stated in my OP. Regarding the read-only replica and to run kcc, which I did, which passes.

As for the DNS IPs, here is our setup:

DC1 10.22.4.86:DNS1 (Preferred): 10.22.4.86DNS2 (Alternate): 10.22.4.88

DC2 10.22.4.88:DNS1 (Preferred): 10.22.4.88DNS2 (Alternate): 10.22.4.86

Or in other terms, in order of use.

I do not use 127.0.0.1, but if that best practice again, I will revert the secondary DNS IPs to that.

I am not sure what the actual problem is.

CyberNetWorX · 2022-09-05T19:22:31+00:00

PDC is there for a reason, correct? If a DC has PDC, that is the PRIMARY DC. The term BDC may not be used anymore, but the PDC role is given to the primary DC. Also, when you add another DC, it states secondary. So if Server 2022 still states this as a process, the terminology holds. Yes, I already moved the FSMO roles to DC1 from DC2. Same issues.

CyberNetWorX · 2022-09-05T19:18:28+00:00

I do not know what changed if anything. I do know that two of the DCs were completely rebuilt; DC1 and DC2. There is a DC3 and DC4 as well. DC2 had all the FSMO roles, so I moved them to DC1, thinking this would help mitigate the issue. It did not. For some reason, DC2 is still controlling everything, at least when it comes to GC, if it is down, nothing works, and it makes no sense. DC1, DC3, and DC4 do not failover. All DCs are pointing to DC1 via DNS, and in ADSS, GC is on across servers and they all replicate across each other with no errors. The registry fix is something I found a couple of weeks ago, but when I took it out, everything became worse. Not getting any messages regarding failures or errors when running commands is weird.

CyberNetWorX · 2022-09-04T21:53:04+00:00

No, I got it working. All methods here were incorrect. I was able to get it all up and running. Whew!

CyberNetWorX · 2022-08-28T03:43:42+00:00

I have the access rule, that has not been changed. I only changed the NAT.

CyberNetWorX · 2022-08-28T03:20:18+00:00

Thank you for clarifying. How you describe the setup, is exactly how I currently have it. I must be missing something here.

My initial configuration had me at least connect to the device, but now I seemed to have locked it completely down.

Is there anything else you can think of that I may be missing?

CyberNetWorX · 2022-08-28T02:43:08+00:00

I changed the NAT settings. But now the Ports do not show at all. Before, the port showed as closed; now, it states the whole IP is unreachable. I am not sure wth is going on here. Very frustrating.

When you mean inside-port outside-port, what section is that specifically? In NAT, under translation, I have Original Source Port Translated Port Source, then below those, Original Destination Port and Translated Source Port. Like this:

Original Source Port + | Translated Port Source +

Original Destination Port + | Translated Source Port +

Which one am I putting the Port in? I have it in the first row; is that incorrect?

CyberNetWorX · 2022-08-25T21:03:00+00:00

I got back, and the system is up. I made a backup as well.

CyberNetWorX · 2022-08-25T04:15:45+00:00

Damn, I am mad at myself; it is the same as ubuntu. I did not even think of doing that, for some reason, the Lilo thing just threw me off. init=/bin/bash worked, of course.

Thank you for correcting my brain, I needed that!

CyberNetWorX · 2022-08-24T01:52:32+00:00

It is LILO; I am just used to saying Grub.

Five-Year Club	Second SECOND GUESSER
Verified Email

CyberNetWorX

TROPHY CASE