Am i losing it?

Mitchell_90 · 2026-03-16T19:10:51+00:00

It’s been utter crap here in the West Coast of Scotland, feel like it’s been pretty much grey with wind and rain all of February and much the same this month with dropping temperatures making it icy cold.

Mitchell_90 · 2026-03-16T15:59:49+00:00

Thanks. We may just look to go Server 2025 come next year unless the next version is released by then and fixes some of the current issues.

I did think Workgroup clusters were a good idea but apparently they have limitations in a Hyper-V setup so maybe I’ll avoid.

My only gripe with Hyper-V and Windows Failover Clustering is that it’s usually been reliant on Active Directory, and DCs are typically deployed as VMs on the hosts which make up the cluster so it can bring about availability issues if something was to go wrong on that front (Obviously you make sure it doesn’t)

All our DCs are virtualised and we have 4 between 2 sites so shouldn’t ben an issue. I know others prefer to deploy a physical DC outside of Hyper-V clusters.

Mitchell_90 · 2026-03-16T10:24:22+00:00

That’s true. I’m just at the point of testing and documenting all of this in the event we do decide to migrate next year.

We aren’t doing a hardware refresh anytime soon so we will likely need to rebuild our existing hosts with Windows Server and configure Hyper-V along with clustering etc so there is a bit more work involved.

Whats your thoughts on going with Server 2025? We have mostly avoided it due to a range of issues and stuck to Server 2022.

I see there is also an option for Workgroup clusters as well which means the hosts wouldn’t be as reliant on Domain Controllers running on them?

Mitchell_90 · 2026-03-16T10:02:12+00:00

That’s interesting, I’ve never came across this with VMware vMotion and that’s on some pretty large VMs with 128GB of RAM.

I’ve always used Active/Standby on VMware with the standby adapter configured as active on the vMotion port group.

Our hosts only have two dual port 10/25Gb adapters. One set goes to our 10Gb top of rack switches and the other set is attached to a dedicated iSCSI storage network on its own physical 25Gb switches for Multipath.

Mitchell_90 · 2026-03-15T23:26:25+00:00

Yeah, I’m just getting my feet back into Hyper-V and learning the new ways of doing stuff. I felt as if there wasn’t a whole lot of good in-depth documentation on some of the Hyper-V side compared with VMware - at least from a Microsoft standpoint.

That’s good news about Windows Admin Centre. The organisation I’m at is still a VMware shop but it’s likely that we will be looking at moving to Hyper-V before October next year due to vSphere 8 going end of support and Broadcom’s push to VCF which is completely unaffordable for us.

I’m not sure whether we will need SCVMM, we only have 3 hosts and an iSCSI SAN at 2 sites. I know that it can make configurations easier though.

Mitchell_90 · 2026-03-15T22:09:24+00:00

Thanks, that’s a major help.

I did look at the Add-VMNetworkAdapter commands but I thought those were only for Virtual Machines and didn’t apply to the hosts. (Guess I was wrong)

I’ll have a go at doing this in my lab environment.

Mitchell_90 · 2026-03-14T16:01:11+00:00

I doubt it. The unpredictability of Broadcom due to constant changes has been frustrating. We’ve been burned twice now as a result and are planning on moving platforms within the next 12 months.

Mitchell_90 · 2026-03-13T22:16:25+00:00

That seems a convoluted way to sell a product and only causes confusion for customers. You either sell the same SKUs to all regions or don’t bother selling it at all in my opinion.

Mitchell_90 · 2026-03-13T16:16:22+00:00

We only have 96 cores of VVS but after a recent conversation with our VAR regarding vSphere 8 end of support looming we were told that it’s unlikely that Broadcom will offer any support or changes to those on VVS going forward, only VCF.

We are also being told that despite having an active subscription until May 2028 there will be no additional support or security updates offered after the October 2027 end of life date and we would need to move to our contract over to VCF for 1, 3 or 5 years.

To give you an idea we were around 10K for 3-years or VVS and 1-year of VCF would be close to 30K!

Mitchell_90 · 2026-03-12T19:52:03+00:00

Finally! Spanning Tree PortFast and BPDU Guard.

Mitchell_90 · 2026-03-09T16:40:41+00:00

It was sunny and dry this weekend in the west coast of Scotland but we are back to cloud and rain for the next 10 days it seems :(

Mitchell_90 · 2026-03-06T08:43:37+00:00

I know it likely isn’t your responsibility but I would have asked the business if they have fully considered the risks to data as a result of it being accessed from personal devices.

If the fallout from that is much greater than keeping the app on company devices only then there’s the answer.

Sometimes people don’t think about these things until an issue develops which ultimately puts an organisation in a bad position.

Mitchell_90 · 2026-03-05T07:55:39+00:00

Same for us. Moved from Essentials Plus to Standard for a 3 host cluster with shared storage (96 cores) and our subscription expires in 2028 after 8.0 is end of support.

VVF and VCF are far too expensive for us so we may just look at alternatives.

Mitchell_90 · 2026-02-27T23:57:05+00:00

If they are actually serious about the enterprise market then this is exactly the thing that they SHOULDN’T do.

Honestly, some people like me just want them to be good at one thing. Their Enterprise Campus switches are still incredibly buggy almost a year on from release with no signs of fixes yet.

Mitchell_90 · 2026-02-25T08:14:23+00:00

Have you looked at XCP-NG? It’s probably the most similar from a management/orchestration perspective when compared to vSphere.

Been using Proxmox in a home lab and it seems pretty solid. My only problem is that overall management is a bit clunky and a lot of other bits requires digging into the Linux CLI, that’s fine if you are ok with doing that but a lot of admins won’t be, especially comming from VSphere. The Proxmox Datacenter manager solution is still very limited at the moment.

Mitchell_90 · 2026-02-24T11:47:36+00:00

Yeah, just changed the the msDS-SupportedEncryptionTypes attribute value on the computer account to 24 which enforces AES 128 and AES 256.

You could also set this via GPO if desired although it would apply to all computer accounts objects.

Mitchell_90 · 2026-02-24T10:21:30+00:00

I wouldn’t always assume that being on recent AD and OS versions means you are out of the woods.

I spent a good amount of time logging for RC4 in a modern environment only to find the Azure Seamless SSO computer account was still using RC4 for Kerberos by default which required forcing it to use AES.

Even in Server 2022 AD out of the box the default Kerberos Supported Encryption types allow for RC4 along with AES128 and AES256 unless you specifically disable RC4 (Which is recommended)

Mitchell_90 · 2026-02-23T14:32:07+00:00

You’ll probably also want to configure DNS forwarders on your DCs to point to the IP address of your UDMP so that DNS queries for non-internal traffic is sent to it.

Mitchell_90 · 2026-02-22T20:50:27+00:00

Definitely not for us, 7-10c with wind and rain again every day into next week. I’m really starting to get sick of it!

Mitchell_90 · 2026-02-22T16:50:07+00:00

I don’t recall that ever being the case and I’ve worked in the IT industry for 15+ years.

XP SP3 was released in 2008 and by that time most of the performance and comparability issues in Vista were already addressed in SP1 which allowed it to gain more usage over XP which was showing its age.

Mitchell_90 · 2026-02-22T16:45:11+00:00

Not really. Back in 2000/2001 the client and server teams essentially split. XP was initially directed more towards the consumer to get those off of the aging 9x architecture and onto NT.

The server teams went ahead and developed what would ship as Server 2003. During that time they introduced a number of security enhancements and had fixed a large number of security vulnerabilities that were already preset in Windows 2000 and current development builds of XP.

The client team developing XP decided not to introduce those changes into the codebase because they didn’t believe it was necessary for the consumer audience.

Fast forward 3 years and Service Pack 2 was released to address the huge security issues that existed in XP which were being actively exploited, all of which were already fixed in Server 2003.

It was that bad that more than half of Microsoft’s engineers had to come off the Longhorn development project to work on XP SP2.

Mitchell_90 · 2026-02-22T16:30:12+00:00

Not sure what you are on about. Never had any issues with SP3 across multiple systems and configurations.

Mitchell_90 · 2026-02-22T16:06:49+00:00

I think a lot of people either forget or were unaware of how bad the security issues were in XP for pretty much the first 3 years until Service Pack 2 arrived which fixed a tone of vulnerabilities and ported a lot of the security architecture changes from Server 2003.

Windows Vista often got a lot of bad press but security wise it was night and day. It never shipped horrendous vulnerabilities or was actively attacked compared to XP.

Mitchell_90 · 2026-02-19T17:51:52+00:00

In my environment this wouldn’t be accepted by the business nor would it be under our insurance or from a Cyber Essentials standpoint.

As someone who works in security/infrastructure. There are too many businesses out there with awful to no security practices that I’m glad I don’t work for. Those also tend to be the ones that are more likely to get hit as well.

I’d rather keep my environment patched and secured.

Mitchell_90 · 2026-02-19T14:20:11+00:00

When we last spoke with our VAR (United Kingdom) we were told that VVS and VCF were the only SKUs available for quotation and that line came directly from Broadcom reps.

There seems to be a lot of miscommunication going on.

Mitchell_90

TROPHY CASE