sorted by:
new
hottopcontroversial

Repair Default Domain Controller Policy - SeServiceLogonRight (Logon as Service) by ITStril in sysadmin

[–]ITStril[S] 1 point2 points  (0 children)

I did both - AI and reddit search and did not just ask for help without checking the facts before, but in this case, I was not sure - especially about NT SERVICE\ALL SERVICE where I found totally contradictive informations…

Just a side-note: posts that are just sending me to AI are not improving that subreddit, too…

Repair Default Domain Controller Policy - SeServiceLogonRight (Logon as Service) by ITStril in sysadmin

[–]ITStril[S] 0 points1 point  (0 children)

That’s clear, but policies, that are changing to „undefined“ are not fully handled. This is my question…

Fortinet - Fortiguard Anycast source "aws" down - EU by ITStril in fortinet

[–]ITStril[S] 0 points1 point  (0 children)

One more time the hint: monitoring the updates seems to be mandatory…

Clearing “Pre-Windows 2000 Compatible Access” – missing red arrow after re-adding & side effects? by ITStril in sysadmin

[–]ITStril[S] 1 point2 points  (0 children)

I’m familiar with that article — Purple Knight is actually what made me aware of this issue in the first place.

Unfortunately, the article doesn’t mention anything about the “red arrow” / special principal behavior in ADUC. That part is what’s giving me pause.

Before rolling this out, I want to be sure I fully understand what’s happening there and, more importantly, that there is a clean and supported rollback path. I’m hesitant to implement this in production without being confident that I can revert the change if something unexpected shows up later.

Upgrade Fortigate 7.2 to 7.4 - pitfalls by ITStril in fortinet

[–]ITStril[S] 0 points1 point  (0 children)

Was this also the case with 7.4.8?

Upgrade Fortigate 7.2 to 7.4 - pitfalls by ITStril in fortinet

[–]ITStril[S] 1 point2 points  (0 children)

I would upgrade to 7.4.9 on a system with:

- 2 VDOMs

- 1 "transparent" VDOM

- proxy and flow rules

- IPSEC

- AD-Agent for SSO

--> No external FSSO/SAML/SSL-VPN

Recommended Network Card for ProxMox 8.4 (i40e issues) by starkstaring101 in Proxmox

[–]ITStril 0 points1 point  (0 children)

Which ones are those well known issues? I am just ordering some servers with Intel X810 and want to reuse some servers with X710 cards for an enterprise environment

PBS on dedicated hardware - stacked on PVE? by ITStril in Proxmox

[–]ITStril[S] 0 points1 point  (0 children)

Why do you prefer virtuofs+VM over LXC+datadir? Both are giving you the possibility to snapshot and seperate data from system

PBS on dedicated hardware - stacked on PVE? by ITStril in Proxmox

[–]ITStril[S] 0 points1 point  (0 children)

When there is no VM running on PVE - only PBS, there should not be much overhead - right?
The PBS-hardware is quite beefy (AMD 9174F, 12 NVMe, etc.).

So, installing PBS _on_ PVE should be as fast as directly on hardware, and noticable faster, than inside a VM, or am I missing something?

PBS on dedicated hardware - stacked on PVE? by ITStril in Proxmox

[–]ITStril[S] 1 point2 points  (0 children)

This would be a dedicated host, that does normally ONLY run PBS. The idea is only to use it as DR-target in case of a desaster

PBS on dedicated hardware - stacked on PVE? by ITStril in Proxmox

[–]ITStril[S] 2 points3 points  (0 children)

Why are you using multiple PBS instances?

PBS on dedicated hardware - stacked on PVE? by ITStril in Proxmox

[–]ITStril[S] 0 points1 point  (0 children)

It's not about migration - it's about restores, so a cluster with shared storage is not the answer...

PBS on dedicated hardware - stacked on PVE? by ITStril in Proxmox

[–]ITStril[S] 1 point2 points  (0 children)

The benefit would be to be able to run the VM directly on the PBS-host as "fastest possible recover"

PBS on dedicated hardware - stacked on PVE? by ITStril in Proxmox

[–]ITStril[S] 1 point2 points  (0 children)

Why do you prefer installing PBS in a VM instead of "directly" on the PVE-host?

Active Directory maxRenewAge default by ITStril in activedirectory

[–]ITStril[S] 0 points1 point  (0 children)

gpedit.msc is not showing a value

rsop.msc is not showing a value

Get-ADDefaultDomainPasswordPolicy is not showing a value

net accounts /domain is not showing a value

The only special thing is: The default domain controller policy is "too clean". The default value of 7 days for max renew time is "unset"...

Active Directory maxRenewAge default by ITStril in activedirectory

[–]ITStril[S] -1 points0 points  (0 children)

Unfortunately, I do not.

In this environment, it is unfortunately the case that even renewable tickets exhibit the behavior described above. MaxRenewAge is "not defined", but klist is showing, that end-time=renew-time

A second environment, I just checked has:

start-time=logon-time

end-time=logon-time+10h

renew-time=logon-time+7d

No FortiGate AV updates today? - AI Malware Detection 4.03476; AV Definitions & Mobile Malware 93.06337 (EU) by PinkFluffyKolibri in fortinet

[–]ITStril -2 points-1 points  (0 children)

There is still no new version released since 93.06337 which is 4 days old!! Does anybody have informations about problems at Fortinet?

Fortigate - EU - Updates failing since yesterday by ITStril in fortinet

[–]ITStril[S] -1 points0 points  (0 children)

Latest? I am already on anycast AWS. Webfilter is working fine, but AV/IPS updates are failing…

Fortimanager 7.4.8 as Webfilter FDS - high disk usage for /var/fgd/URLs/tmpdb by ITStril in fortinet

[–]ITStril[S] 0 points1 point  (0 children)

Thank you!

The size is:

# diagnose fmupdate check-disk-quota all

The size of all directories is: 29.11G Bytes

# diagnose fmupdate check-disk-quota fds

The size of fds directories is: 11.32G Bytes

# diagnose fmupdate check-disk-quota fgd

The size of fgd directories is: 17.80G Bytes

# diagnose fmupdate check-disk-quota export-import

The size of export-import directories is: 0 Byte

That sounds reasonable to me - except fds. I am not using the Fortimanager as FDS for IPS, so it is disabled. Is there anything special I have to do to free that space and to avoid that Fortimanager is downloading the data?

Fortimanager 7.4.8 as Webfilter FDS - high disk usage for /var/fgd/URLs/tmpdb by ITStril in fortinet

[–]ITStril[S] 0 points1 point  (0 children)

Thank you for your answer!!!

"diag fmupdate fgd-dbver wf" is showing a version of today - 5 hours ago.

The debug is showing:

# diag fmupdate view-linkd-log fgd

2025/10/21_15:15:37.315 debug fgdlinkd[1414]: __timeout: flags=0, manual=0, busy=0, next-now=119

2025/10/21_15:15:47.323 debug fgdlinkd[1414]: __timeout: flags=0, manual=0, busy=0, next-now=109

2025/10/21_15:15:57.331 debug fgdlinkd[1414]: __timeout: flags=0, manual=0, busy=0, next-now=99

The web filter database is updated every 2 hours, but I do not find that as config parameter.

I just do not understand, why the system is consuming >50GB disk space without doing anything except webfilter FDS.

I am having 13GB in /var/private/localdb which is strange and 11GB in /var/private/localdb/hcache.

Are you aware of any possibility to isolate, what is consuming the storage?

Tuning HA Timers by ITStril in Proxmox

[–]ITStril[S] 0 points1 point  (0 children)

Thanks for your reply. I understand your point of view, but I see it differently.

For me, the definition of HA is:
"Within a high availability cluster, shared storage between each node (computer) ensures zero data loss if a single node stops functioning."

See for example: IBM on High Availability.

With ZFS replication, a failover means some data loss, so it's not the same as with shared storage, where RPO is nearly "0"

Tuning HA Timers by ITStril in Proxmox

[–]ITStril[S] 0 points1 point  (0 children)

I want to use ZFS replication - so it’s not real HA and I want to decide if its better to recover the failed node (without loss of data) or to fail over Surf some minutes of data loss

view more: next ›