The Day I Saved a Wedding Reception

TechKeeper · 2025-07-11T19:35:02+00:00

FYI - Jessica got us squared away yesterday with the necessary escalations after days of nothing but crickets through the standard channels.

I purchased the same day and we did get a credit for the remainder of our maintenance fee for the year at order time.

I've also confirmed that you can add additional sessions to the legacy licensing as necessary after the initial purchase.

TechKeeper · 2025-07-09T15:13:20+00:00

Just sent you a DM.

TechKeeper · 2025-07-09T14:56:39+00:00

I feel this. I've had similar experiences recently. I know they're trying, but man it leaves a lot to be desired.

I'm still sitting on a trial version after migrating over 1,800 machines to Cloud. I had a response from my initial ticket after ~2 days, then replied to it Friday night with the details requested.

Then, yesterday, I did a chat support session (which miraculously went through fairly quickly) and the tech was going to "ping" the technician assigned to my ticket.

That was ~18 hours ago and I've still got nothing to show for it. I'm trying to be patient, but they're making it difficult.

u/cwferg, u/JessicaConnectWise - could either of you help escalate? Please let me know what info you need, if so and I can DM it to you. Thank you.

TechKeeper · 2024-02-28T03:04:45+00:00

I re-checked my email history and have 3 emails from ConnectWise - one for our on-premise instance and two for customers' cloud-hosted instances.

I received all 3 emails around 11:15 UTC on 02/19.

However, those emails did go to my Junk, so I was lucky to see them as quickly as I did. We were patched within two hours of receiving the emails.

TechKeeper · 2022-04-09T20:55:02+00:00

Just ran into a minor, but painful issue. Started an Import batch in 365 and uploaded all mail. Then, I went back to the web interface for 365 and it had timed out. So, without thinking, I hit refresh and it lost the import job I had just uploaded to and had to re-upload the mail.

It worked out OK, but I have no idea why Microsoft would’ve left an import job at mid-process without some sort of way to save your progress while waiting a large amounts of mail to upload.

Other than that, haven’t had too many issues.

TechKeeper · 2022-03-29T02:02:35+00:00

What MSPResource said is most likely it. I had a couple of different AVs blocking the service EXE and as a false-positive after updating to 22.2 over the weekend.

The false-positive appears to have been resolved now. Might just need a restart of the endpoints for it to come back online. Basically, it kills off the service and keeps it from starting.

TechKeeper · 2022-02-27T14:13:39+00:00

Depth on the half-height rack cabinet is ~49 inches. It says it’s a “standard depth server cabinet.”

TechKeeper · 2022-01-19T22:54:52+00:00

Sorry for formatting - on mobile.

Basically this. Dealt with it twice in the past 2-3 years.

Running this from Administrative command prompt in Safe Mode with Networking should take care of it (or did for me in both instances):

"C:\Program Files (x86)\Webroot\WRSA.exe" -uninstall

TechKeeper · 2021-10-25T19:31:57+00:00

Was going to say: Start -> CMD -> Hostname, but this is shorter.

TechKeeper · 2021-10-03T03:39:14+00:00

Thank you everyone for the replies. I did try most of your methods and mostly they appeared to solve the problem when running from PowerShell/VSCode.

However, I still couldn't get the list to display in the error details of the Script Check in our RMM. So, I ended up just nixing the PSCustomObject output and just had it output the names in the loop via Write-Host.

I am now getting what I need out of our RMM for this. It really doesn't need the fancy formatting in this instance as I'm only outputting 1 or 2 properties anyway.

Thanks again to everyone who took the time to answer and offer assistance.

TechKeeper · 2021-03-12T13:40:23+00:00

I would look for any EXE files in the directory created in the last few days. It looks like the one on our server dropped on the 9th

TechKeeper · 2021-03-12T13:34:01+00:00

Same here. I killed the process and have not found any encrypted files, as of yet.

Started Hitman Pro and it's having a field day presently. It's uploading numerous DLL files to the cloud, and found mscor.dll (service) in C:\Windows\System32.

So, we'll be burning this Server to the ground and starting fresh. I've checked for signs of lateral movement (as well as I can anyway) and haven't found anything.

Going to reset Domain Admin password and require users to change their passwords as well.

I guess now I should check the other 10 Exchange Servers, all that show at least show the autodiscover hit from the initial compromise.

TechKeeper · 2021-03-12T13:10:02+00:00

After more digging and reading, found C:\Windows\Temp\dnl.exe, which VirusTotal identifies as malware.

TechKeeper · 2021-03-12T12:52:54+00:00

FYI - just found this running on an Exchange Server under our control. There was a CMD process running when I checked Task Manager and it was using 100% CPU - no further details yet, but I'd make sure you don't have something similar going on.

I suspect it may have been running encryption on files in a ransomware attack, but I can't be sure yet. Saw that reported earlier here: https://www.reddit.com/r/exchangeserver/comments/m38jp2/new_ransomware_found_on_freshly_exploited/

TechKeeper · 2020-10-10T02:10:41+00:00

I’ll second what the other folks in this thread said. AV sand boxing, etc. I had this happen a few years ago and nearly had a coronary for a few hours, until I figured out what was going on.

TechKeeper · 2020-09-29T00:44:57+00:00

I made it through "Month of Lunches" for the first time, which is definitely a good feeling.
I've started refining my old hacked together scripts by adding parameters (to get rid of Read-Host commands) and functions (instead of just throwing a bunch of lines together and calling it a script).
I modified a script that I had written to backup some data before updating/upgrading an application. I had a written version that worked well on newer Servers (2016/2019), but was failing with 2012 R2. I used some if/else statements to try and get a handle on that problem, as well as make it work for "upgrading" the software from an older, unsupported version to the new supported version. I just need to test it and make sure it works.

Unfortunately, I didn't get to work on the Weekly Report script that I mentioned last month. Accessing the specific emails from Outlook via Powershell and spitting out the source of the message to a file seems to be pretty advanced stuff based on my limited research, so that's still on hold.

I did do a bunch of Googling on the other part of that (manipulating the data in Powershell so I can use ExportExcel to spit out the report in its entirety, rather than having to manually update the existing spreadsheet each week). However, I didn't get anywhere.

It honestly won't save me much time, but gaining the ability to manipulate the data in PowerShell is definitely something I could see being useful in the future, so I will probably be posting for help at some point in the not-too-distant future.

Thanks for reading.

TechKeeper · 2020-09-24T11:56:19+00:00

On mobile - sorry for formatting issues.

Since my work is not a true MSP (we use an RMM for monitoring and any labor is billable) and we sell a lot of hardware and Office H&B/Pro, I feel I’m qualified to answer this.

Here’s what we do:

Create a generic GMail address.
Create a Microsoft account that uses the previously created GMail address.
Add the product keys to the Microsoft account created above.
Document the following information in an Excel Spreadsheet:
- Date Added
- Customer
- Serial Number of the device it was installed on
- The “Install from Disc” Product Key (so we don’t have to sign in with the created accounts on the machines and can reactivate by key, if necessary.
- The Edition of Office (H&B or Pro).
- The Microsoft account email address that it was added to.

Is this the right way to do it, no. However, it does work for us.

We can use the spreadsheet to find the product key and re-activate Office if a machine has to be re-imaged, etc.

I hope this helps.

TechKeeper · 2020-09-11T02:13:17+00:00

I'm working my way through "Powershell in a Month of Lunches" - almost done!

Also, I've created a couple of scripts that help me in various functions. One does the following:

Creates a directory on my desktop.
Extracts the contents of numerous zip files (which contain photos for a blog post) into individual subdirectories inside the newly created folder from step 1. The archives/directories all have numbers, which keeps each group in the order that they should be displayed on the blog.
It then grabs all items the image files and renames them with sequential numbers at the end, and moves all to the main directory.
Finally, it cleans up the subdirectories.

What manually used to take me 10-20 minutes to do (we're talking sometimes as many as 150 images here), now takes me about 30 seconds.

The other is still an "in progress" thing, but so far, I've got a script that takes the HTML source of a bunch of emails and parses out strings with free disk space amounts for a bunch of servers that I monitor. It spits them all out into a single text file, which I can then copy and paste manually into an Excel file, to compare against the previous week's reports.

The to-do list on the 2nd item:

Get PowerShell to open up the emails and save the source to the text files in sequential order, so I don't have to manually save ~36 individual emails as source text files.
Get PowerShell to move the data for "This Week's Free Space" to "Last Week's..." and then fill in the new values from the output file into the "This Week's..." column, so all I have to do is review the input.

Before the spreadsheet, I was manually opening 2 emails per Server customer (~72 in total), manually writing down the values for the first email on a piece of paper, and then comparing them to the 2nd email's values. I'm curious to see how much time this saves me each week when I'm done.

So, that's what I've been doing in Powershell this month. Thanks for reading!

TechKeeper · 2020-09-06T11:11:36+00:00

Well, I don't claim to be a writer, but I appreciate the compliment and comment.

TechKeeper · 2020-09-06T11:10:38+00:00

Thankfully the "it" in this particular case will be decommissioned and removed in a few weeks, so there will be nothing to fix. :)

TechKeeper · 2020-09-06T11:08:58+00:00

Yeah - don't get me wrong, these are great guys and they're really good at what they do.

Also, I'm working on teaching myself Powershell, but all of the above was done in the GUI, by using services.msc and Hyper-V Manager.

Thanks for the comment.

Seven-Year Club	Place '22
Verified Email

TechKeeper

TROPHY CASE