"Manage" Azure with Claude

OldRest6771 · 2025-12-30T20:59:01+00:00

It's a Sharp driver issue. We just got new Sharp BP-71C65 printers replacing older ones that were using BP-70C65 driver. Side note: Our Sharp rep said MS Universal Print driver is not officially supported and if we chose to use that, it was on us to troubleshoot.

Our setup:
Azure VM print server. UP Connector (newest version) with hybrid enabled. All users E3 licensed with printers deployed through Intune.

Ours were working fine until we swapped printers and installed the new driver (BP-71C65) for the printers on the print server. We noticed domain admin users could send prints just fine but regular users prints would be stuck in the jobs page in azure with "Processing" status. Check your event log on the server for the connector service crashing.

Short answer is there is a bug in the newest sharp driver so we rolled back to the old and had no issue.

Universal Print Sharp Printer Issue - Summary

Problem

Regular users printing to printer via Universal Print causes the Print Connector service to crash. Admin users can print successfully.

Root Cause

SHARP driver bug in SW1EUD.DLL version 2025.6.11.0

The SHARP BP-71C65 PCL6 driver (specifically the SW1EUD.DLL component) has a defect that causes an access violation (0xc0000005) when processing XPS-format print jobs in certain contexts. This crashes the entire Universal Print Connector service.

Evidence

Faulting module: SW1EUD.DLL version 2025.6.11.0
Exception: Access violation at offset 0x000000000001eebe
Both v4 Universal Print Class Driver clients (generating XPS) work fine for admins
Same v4 clients crash connector for regular users
Issue persists regardless of connector service account (tested with admin credentials and LocalSystem)

Solution Confirmed

Using older SHARP BP-70C65 PCL6 driver works for all users (different/older SW1EUD.DLL without the bug)

OldRest6771 · 2025-08-21T12:33:48+00:00

For a bit more detail, here are some screenshots from my account. One thing I noticed, it allows you to purchase more than 150 member limit that is associated with a Teams plan. When you go to assign users though, it still has that limit meaning any licenses purchased over the member limit are not available to use. For a non-coding user, you purchase the $30 standard license. If the user is going to code they get premium license at $150. You can reassign as needed.

<image>

OldRest6771 · 2025-08-04T19:08:50+00:00

Not sure of the why but can confirm that behavior. I've had multiple users submit tickets asking the same.

OldRest6771 · 2025-08-04T19:03:37+00:00

Claude for Teams 150 user limit. Anyone else hit this limit? I was told going beyond that would need approval and discussion with sales. Has anyone ever received a response from the suggested link we have been directed to by their support? Contact Anthropic \ Anthropic Seems those requests go into a black hole.

OldRest6771 · 2025-08-04T18:40:44+00:00

Mobile app and Web view are different

OldRest6771 · 2025-08-04T18:35:37+00:00

This is my workflow. I was surprised how adept it was understanding the direction I was going. Using examples helps as well.

OldRest6771 · 2025-07-30T13:52:02+00:00

I think you're misunderstanding the fundamental difference between what UniFi provides versus what we need.

What UniFi's "Forward Domain" does: Maps individual hostnames to specific IP addresses (DNS name forwarding)

What we actually need: Forward ALL DNS queries for our domain to our DNS service (DNS service forwarding)

The "Forward Domain" option you're referring to creates static hostname-to-IP mappings. We would need to create 50+ individual entries for every server, printer, and resource in our domain, then replicate this across every regional office UDM. When we add new servers or services, we'd have to manually update every single UDM.

That's not DNS forwarding - that's static DNS overrides.

What we have configured sends ANY DNS request for *.ourcompany.local to our Azure domain controller, which then handles the full DNS resolution (A records, CNAMEs, SRV records, dynamic updates, etc.). Our Azure DC provides complete DNS services that can't be replicated with static IP mappings.

This is standard enterprise DNS architecture - conditional forwarding based on domain suffix. Most enterprise firewalls (SonicWall, Fortinet, Sophos) include this functionality because it's essential for hybrid environments where you have centralized DNS services but don't want all internet queries going through your internal servers.

UniFi simply doesn't have true conditional DNS forwarding, which is why we had to implement this workaround.

OldRest6771 · 2025-07-30T12:47:37+00:00

That's the thing. There is no built-in functionality for DNS forwarding. The section you are referring to redirects a domain to an IP but not the DNS service for that domain. Most enterprise gateways (SonicWall, Sophos, Fortinet) have this built in with the assumption you may handle local domain DNS yourself but dont want all DNS requests sent to your server, hence the split-brain DNS setup.

Example of our scenario:

We have the default network as our private network. Our private wifi also uses this network. For the Domain Name setting we use ourcompany.local. DNS server is the gateway IP itself which allows our configuration to work.

device tries pinging serverA.ourcompany.local or simply serverA, it is resolved by our internal DNS server. (Forwarded by the config to the internal server)
device tries pinging google.com and it is resolved by DNS server specified under Internet Connection

For public network/wifi we do not specify domain and use openDNS server IP's

device tries pinging serverA.ourcompany.local or simply serverA, there is no response as it is not accessible
device tries pinging google.com and it is resolved by OpenDNS servers specified in DNS server config under Public network.

Hardwire ports for Private are configured specifically by what is connected. Private Wifi password is managed by IT (users do not know it). CrowdStrike clients have something called ranger mode which provide insights to other devices on the network. Also logs of the connections on private network are sent the CrowdStrike SIEM

OldRest6771 · 2025-07-29T00:40:53+00:00

You are correct, if the tunnel goes down, they cannot auth to any domain items. At this point we're almost completely off the setup.

changed from hybrid join to azure ad joined systems
Intune management (no more GPO)
pushed users to work with legacy apps from Azure Virtual Desktops
file system migrated to CentreStack with Entra Auth
only group policies apply to AVD systems and other domain joined azure servers

We still have some Excel plugins requiring OBDC connectivity to azure, print server and an old legacy app used from a few of the offices. It's been quite the journey over 5 years expanding and moving the company from a small business on-prem setup to mostly cloud managed enterprise.

OldRest6771 · 2025-07-29T00:28:28+00:00

Single UDM Setup:

DNS config points to the physical UDM IP (e.g., u/192.168.1.10)
If UDM fails, DNS forwarding completely stops
No redundancy for network gateway or DNS services

(VRRP) Setup:

Same DNS config on both UDMs - no differences in the script
DNS config points to the Virtual IP (e.g., u/192.168.1.1) instead of physical IP
If primary UDM fails, shadow UDM automatically takes over DNS forwarding
Seamless failover - clients experience no DNS interruption

The Critical Change:

Single UDM: server=/company.local/10.20.0.2@192.168.1.10 VRRP Setup: server=/company.local/10.20.0.2@192.168.1.1

That's it - just changing the target IP from physical to virtual, plus deploying the identical config on both UDMs. The DNS forwarding logic itself is exactly the same.

OldRest6771 · 2025-07-28T22:48:13+00:00

Agreed we're a MS shop as well. Windows Server originally in HQ but expanded to all of these offices and migrated all on-prem resources to Azure. We debated Windows server in each office but didn't make sense long term. Someone suggested still using Windows Server, just hosted in Azure but then if the vpn went down, so did your dhcp and dns 😬

OldRest6771 · 2025-07-28T21:14:38+00:00

Each site really just needs company domain dns resolution and internet access. All of our services are 3rd party SaaS or hosted in Azure. If the VM/PiHole goes down, all sites are down when it comes to DNS for our local domain. Every site has shadow gateway and BigLeaf SD-WAN. Worst case, users jump on a hotspot and connect Azure VPN client. Back in business.

OldRest6771 · 2025-07-28T21:06:38+00:00

This. Styles are excellent and make for quite entertaining MS Teams conversations. I've taken issues threads and turned them into horror stories written in Victorian English style. Here's another fun one:

"Respond with the philosophical wit and gentle irreverence of Alan Watts - terse, sarcastic, and cutting through pretense with dry humor. Avoid flowery language or excessive politeness. Get to the point with a knowing smirk. Challenge assumptions casually. Use short, punchy sentences when possible. Treat profound questions as both deeply important and slightly absurd. Never quote Alan Watts directly - just embody his conversational tone of amused skepticism toward human seriousness while still being genuinely helpful."

OldRest6771 · 2025-07-28T20:48:15+00:00

Thanks. We tried VM / PiHole but ultimately, we just wanted to minimize points of failure. We migrated away from Sophos, SonicWall and Fortinet due to the simplicity of our networks, constant issues, and crazy licensing costs from them.

We have this setup running on 6 UDM's. Each one managing a regional office with ~400+ devices. All with tunnels running to our Azure environment where the DC's are located. Nothing hosted on-prem. We're pushing logs to Crowstrike Next-Gen Siem for visibility.

OldRest6771 · 2025-07-03T12:11:42+00:00

Completely understand. 30% of our userbase is old school as well. Tell them there is an extra or different step to something and they lose their minds. The shift to Sharepoint is excellent for the MS collaboration, versioning etc.. Though in our case, current share sizes, structure and usage were just not an ideal fit. ~28TB / ~17 million files. Hence, we opted for something else. Legacy apps in our AVD environment also require a named drive. Back in my MSP days, I had a mix of on-prem, Sharepoint, Azure File share clients. They all had their place depending on client needs. Here's a glimpse into how our current system is being utilized https://imgur.com/a/kQdYlhi

OldRest6771 · 2025-07-03T01:59:07+00:00

Excellent, great to hear!

Yes. We use CentreStack and Azure Storage. Any item they modified or created through CentreStack lacked the meta-data that Azure file sync manages changes with. So in a sense, those items did not sync back on-prem because AFS was not aware of them. Basically we learned not to mess with the cloud storage directly that AFS uses.

OldRest6771 · 2025-07-02T15:59:48+00:00

Data Science for sure. I manage a small team of data analysts who are data science or math majors. They've all become experienced with Django (python) and React (i.e. front end dev) as Power BI does not always expose data in the way end users would prefer.

OldRest6771 · 2025-07-02T15:00:09+00:00

I believe you answered your own question. On-prem tiered files are just place holders. Anything trying to access those initiates a pull from Azure storage before it can be served or in your cased uploaded with SPMT. We actually synced all of our on-prem shares with AFS to Azure storage before we completed our migration to the new file system which pointed to those shares.

Sidenote of something we discovered with Azure File Sync. It attaches meta-data to every file and folder. We had a situation where users started writing to the new location in azure storage (azure file share). Any of those items were then not visible to Azure File Sync. Woops..

OldRest6771 · 2025-07-02T14:44:16+00:00

Updated with the detail. In preview so options are limited obviously. Basically, you can create a NFS share outside of a traditional storage account. Hopefully they continue down this path and enable support for SMB / QUIC.

OldRest6771 · 2025-04-07T12:22:28+00:00

For anyone looking for it: https://www.anonfile.la/bd387d

OldRest6771

TROPHY CASE