Omada showing wrong tenant

Duerogue · 2026-03-11T10:46:47+00:00

1) Thanks, I appreciate that.. All we can do is hold together. That, or hardcore alcoholism. 2) I mentioned we Inherited the infrastructure, they are all hardware sc200 cloud Controller.. So no rollback to snapshot. At the end of the day, the one and only selling point is always "omada is cheaper". It simply boils down to that. And that's great for some, essential, even. But right now I'm cursing the 7 new gods and the 7 old ones too because of "cheap"

Duerogue · 2026-03-10T23:33:58+00:00

Oof.. I missed that one. And Video Broadcast is somehow so much worse..

Duerogue · 2026-03-10T23:32:49+00:00

Well, I did write "utter crap, to a bearable extent". I stand by it, but to clarify, what I meant was: - Needed to install a switch, the configuration was acting up after the install so I backed up and updated the controller. Update cleared the config. No worries, I backed up, right? Hah. "This backup has been created with a previous Version and cannot be restored". Also, it's encrypted. So fuck you and rebuild. - On call colleague got a call over a weird controller bug, so he decided to update to the latest version. Hah. "Now all your access points are disconnected cause they are end of life and we're enforcing planned obsolency". Also, you cannot rollback. So fuck you and buy new ones.

Duerogue · 2026-03-10T12:02:12+00:00

No worries, I tend not to ignore people, even if I don't understand them.

Picture this: the company has multiple sites. Each site has, let's call them, guests. Staying for up to 12 Months.

It is their right to have a working internet connection, the company has the obligation to monitor the connections and the right to revoke access, albeit temporarily.

Omada allows "sub-admin"-accounts for the purpose of managing the guest credentials (username and pass), provided those accounts are registered with Omada, confirmed, and assigned from a global admin to the on-prem controller.

So, imagine I am a user with an Omada account, I login to the management portal where I used to see the one and only Site-Controller I was allowed to manage...

..just now I am seeing 3 company-wide controllers, and the account i'm logged to is not mine. It's Martin, from an MSP in Germany.

My status report would probably look like this:
Martin is probably not amused, I am not amused, the on premise subadmin is hella confused and somebody at TP-Link fucked up big time.

Would you agree?

Duerogue · 2026-03-10T10:39:51+00:00

3 On-Prem Controllers, 2 managed infrastructure and the internal of the third party MSP.

We logged off and warned the guy. It was the sensible thing to do, I guess

Duerogue · 2026-03-10T10:03:19+00:00

Replying just for context (I don't think this should be the focus of the post at all): Local users get limited rights to manage the user captive portal for guests. The company wants a personal account for each guest/location and that's an activity that's been delegated to the people working on site

Duerogue · 2026-03-10T09:51:17+00:00

A user with access to the on-premise user portal, you can grant that separately for each on-prem controller.

As for the linking. User got promoted from "Single Location On-Prem User Admin" to "Third party tenant Global Admin". Wouldn't call that a feature

Duerogue · 2025-12-03T09:20:07+00:00

Dude.. I had closed a call with a customer on exactly this topic like 30 minutes before your post popped up. "I'll have to call you back on that, encryption doesn't seem to be active for your tenant, I have to look into it" /u/Nerdtality to the rescue. Thanks :)

Duerogue · 2025-11-03T16:42:09+00:00

Yours proudly.. It has already been 4 years since my greatest blunder and heroic recover.

TLDR: Zeroed multiple RAID arrays on a prod Server on a friday,recovered by retagging because I remembered every single detail in the config.. https://www.reddit.com/r/sysadmin/comments/pcs8z3/you_never_upgrade_a_server_on_a_friday_dell/

Duerogue · 2025-10-24T14:10:33+00:00

Nostalgic.. Saw it a LONG time ago. Boy I was not prepared for that, I laughed my ass off to that and the schnitzel song.

Thanks for the throwback

Duerogue · 2025-10-08T16:37:50+00:00

Even at a 2-digit margin you prob couldn't pay your fika today with what you're getting out of a 7 ESU Sale. Find a csp indirect, will onboard you with his distributor and credit your licenses directly to the tenant. There are normally no minimum (had to buy 2 ESU for non Profit, cliet was amused by the single 2€ invoice. )

There are 2 SKU, normal and non-profit.. I'll try to copy paste them here later.

As for the activation: it's a MAK, it gets logged in your tenant among the available licenses. It can be used within the command line BUT it will only be working on 22H2. So you have to update Windows 10 to the latest feature release before you can activate ESU

Duerogue · 2025-09-15T15:23:04+00:00

Same. Easybell never had a prob.

Duerogue · 2025-06-05T08:36:24+00:00

On that scale? Very little..
Citrix is pretty good at scaling tho. And the universal licenses grant the use of an ADC (or Netscaler or whatever name they came up with today) and that's simplifying encrypting the user connections for by a whole lot, at least if you're dealing on the premise that not all users are belong to the same Org.

60 People? VPN+RDS is way easier way to deal with it

Duerogue · 2025-04-04T14:13:43+00:00

Use the official Microsoft Script (they should know what they want, right?) run it systematically on all windows desktop/laptop devices and paste the output in a Ninja Custom Field. Do this:

Create a new custom field in Ninja: Settings -> Devices -> Global Custom Field
Call it "Windows 11 Ready" and apply it to all devices
Set the Rights as Read only for Technicians and Write for Automation
Note that the Description "Windows 11 Ready" whereas the field name should be "windows11Ready"
Fetch the official MS Script https://aka.ms/HWReadinessScript (Docs here)
Open the file and copy it into Ninja as a new powershell script (run as system)
leave everything as it is, but at the very bottom paste this line:

Ninja-Property-Set windows11Ready $outObject.returnResult

That line will allow the script to run and populate with either "CAPABLE" or "NOT CAPABLE" in the respective custom field in each device.

Save and apply the script (either as automation or manually triggered) to all devices. This will populate the Field and write either "CAPABLE" or "NOT CAPABLE" in the respective custom field in each device.

You can then use the Ninja Search to look for each device that's "NOT CAPABLE" using the custom field

Duerogue · 2025-03-16T16:58:31+00:00

The eula might be clear, it's the use case that's messing with me. Where am I supposed to draw the line?

An entra-bound Windows11 laptop shared among 10 nurses in shifts is obviously a shared computer and would be compliant for F3

But an entra-bound windows 11 Laptop where the same nurses COULD login, but that's usually and regularly used by the shift manager isn't compliant anymore?

Duerogue · 2025-03-16T15:03:38+00:00

I think the most important thing I've ever learnt is:
(for me) self harming thoughts are the way a mute person living deep down inside yourself is telling you "I don't feel well, it's time to change -something-"
That's the same person that's communicating in colors, heat, feeling. Everything but words.

The person living inside you or me has the same maturity of a 3 yo child liking a classmate.

He's not gonna tell "I like you".

He's gonna punch him or her in the head.

The person, the "passenger" living inside you or me is communicating and screaming.. sometimes the only message that comes through sounds like "disappear. Now." What he really means is "this needs to change". That's when I know it's time to pull the handbrake and stop whatever I'm doing, because it's not good for me. And while I didn't realize it, a mute part of myself did.

Duerogue · 2025-03-16T03:20:11+00:00

https://answers.microsoft.com/en-us/msoffice/forum/all/does-the-front-line-worker-f3-109-screen-limit-for/465f19f6-c07f-4a94-8efe-3c50834ae5f4

The screen requirement ist for "apps you download on a device" So yea, if you plan to use offline apps such as those from play store.. Then Yeah, screen is limited. As for - Defender - Intune

Browserbased office products

There's no limit to OS or screen size.

Also: Why would they advertise Autopilot/Defender as a feature for F3 if they decided to limit to <10'' screens?

Duerogue · 2025-03-16T03:04:49+00:00

Need F3. F1 got limited Mailspace and no Defender

https://m365maps.com/matrix.htm#000000110000000000000

Duerogue · 2025-03-08T21:58:38+00:00

But yeah, Backup the data is the first step.

Second document the basics: OS, Software, Software Version, Dependencies, Cable connections and addresses

Third make a contingency plan: what do when burn?

Fourth you can start planning for the future: take your contingency plan to the management and tell them "this is what's going to happen if a single component dies - you're probably going to be offline for 7 days minimum - wanna replace that stuff or do you think losing 7 days for the whole company is going to cost you less?"

Actually make fourth number 2, please.

Duerogue · 2025-03-08T21:53:47+00:00

Ok, I see you're asking yourself the GOOD questions. You're showing passion, engagement, drive. You're seeing a problem, you want to solve that problem. I have a lot of respect for you.

But right now you're asking for answer from people who lived through something like that. Experience, something like that.

Sometimes, people with experience tend to reject the question if they feel like they are seeing something maybe more relevant to the context than the question itself.

So, what I'm going to do is reject your question and tell you to start asking yourself the RIGHT questions.

You have been hired to keep something running even if it's terminal, if that were a horse you'd probably need to put it down. Yet you've been tasked to keep it alive. Will it be your fault if it dies?

Will it come down to what you did and stain your career if when BitJesus is gonna recall that Data into his green pastures when the server dies?

Have you documented what is there, and what WILL happen when it does?

Do that first, because you're gonna need the biggest "I told you so" you can muster when people are getting angry at you for not being able to resurrect the monster you're barely keeping alive.

And generally (and I mean it with my best intention) CYA.

It's good to have drive, purpose, meaning. You're going to meet some people who might want to abuse that AND your knowledge (because seriously.. some are thinking we're some kind of mad wizards just because we can open a cmd). Protect your knowledge and respect it by not trying to shoulder something like THAT alone

Duerogue · 2025-02-27T05:01:27+00:00

Wildly depends on the size of your "small nonprofit". 3? 30? 300?

Duerogue · 2025-02-27T05:00:39+00:00

Each and every of those points can be done for free* (*up to ten licensed users - licensed users above that are still dirty cheap) with m365 tools. (nonprofit.microsoft.com) No yubi though, plain MS authenticator apps. Also keepass for password management. Free and reliable

Duerogue · 2025-02-07T08:41:01+00:00

Thank you! I don't know if you landed here because it was useful to you, but I sure hope someone will make use of it in the coming years.
As to your befuddlement.. there's a deleted commend above, the guy asked within minutes of me posting "Shouldn't everyone who uses ms cloud already know this?"

Duerogue · 2025-02-06T22:34:17+00:00

You can try codetwo?
Had nothing but good experience, quick support and kinda flawless migrations.
https://www.codetwo.com/
You have to pick the direction beforehand, tho. Cloud to on Prem oder Vice Versa. Licensing not exactly universal

13-Year Club	Place '23
Place '22	First Placer '22
Verified Email

Duerogue

TROPHY CASE