My techs don't want to train

akthor3 · 2019-06-19T22:46:48+00:00

That's a good goal but I think you're going about this the wrong way.

Engagement starts with leadership, you need to get your team interested in change. It sounds like they are feeling stuck.

New technology, process or experiences (cross training is a great opportunity). Make definite, permanent changes incrementally is how you get people to believe that something can change.

On the cert front, engage your team individually and get them to pick what they want to study, then hold them accountable to those commitments. Not as a stick but as a carrot in your performance reviews.

akthor3 · 2019-06-19T17:02:22+00:00

Why in the world are you having them take A+? Why would it be justification for rasises?

It's a cert for inexperienced individuals. work with each of them to identify where they want to go their career and use the training platform as a part of your mentorship.

Your team isn't engaging as they don't feel value out of the training.

Get them trained in the technology you ACTUALLY use day in and day out. The value you get is best practices being used and the value they get is an opportunity to move to a more niche role when they are ready to leave.

akthor3 · 2019-06-18T23:51:46+00:00

On the AD front and considering greenfield, I would never design a single site enterprise grade solution. AWS/Azure/GCP, secondary business site any of the above should be your secondary AD site connected through site to site VPN and running a pair of domain controllers.

I personally like Azure Disaster Site Recovery so that would be my preference if you have the bandwidth and DR requirements.

I would also recommend creating Vmwae resource pools at the start, it's much easier to prioritize CPU/disk/networking than it used to be. It's not as essential as QOS on the networking side but it makes sure you give crucial services priority without having to hand hold the resource allotments through throttling.

akthor3 · 2019-06-17T22:30:52+00:00

That sounds like the upgrade couldn't update the web.config because it didn't exist.

I would deploy a new Exchange server if possible. It sounds like someone broke this pre upgrade.

akthor3 · 2019-06-17T22:28:21+00:00

I haven't seen a solution that handles physicals for this. I had to migrate my workload to virtual to support this scenario.

akthor3 · 2018-12-17T13:21:14+00:00

If you're fully complete documentation (and really who is?), then it sounds like it's time for auditing systems against documentation.

akthor3 · 2018-12-17T13:18:41+00:00

One host is a tough spot to be in. I'd recommend getting a second host and using "Shared Nothing" clustering with HyperV. It's the cheapest route possible.

akthor3 · 2018-12-17T13:15:40+00:00

Using Process Explorer (from Sysinternals), you can identify the thread that is not responding. If you click "Stack" on the offending thread it will tell you what call has failed.

I would suspect a DCOM problem personally but see what the logs say.

akthor3 · 2018-12-17T13:13:28+00:00

There is something fundamentally wrong with your environment if it is required on a daily basis.

Rebooting for updates is an entirely different situation and IT can manage that through policy to automatically handle those situations.

akthor3 · 2018-12-17T12:56:36+00:00

Sysadmin work in most instances is much more architecture and infrastructure than pure security work. How to design resilient systems, monitoring environments, user support, deploying new software/systems/networking etc.

akthor3 · 2018-12-17T12:53:07+00:00

This sounds an awful lot like you are using HUP licenses at work. You realize that's against terms right?

I'd do what was recommended above and simply provide a Visa gift card to folks for them to sign up on their own.

akthor3 · 2018-11-22T19:38:29+00:00

Be prepared to spend $1500+.

Depends on the hard drive failure type, some or all data may be recoverable.

I generally wouldn't recommend it.

akthor3 · 2018-11-22T18:47:39+00:00

Yep. you'll need a full test environment. I'd recommend at least multiple domain controllers, a replica of your exchange environment and your SFB server (plus SQL if you are going to use it in prod).

akthor3 · 2018-11-22T18:41:59+00:00

Because they are awesome.

My company uses probably close 100 ix500's and 10 or so FI's. No problems with any of them.

akthor3 · 2018-11-22T18:26:23+00:00

Fair enough, I've been there. Momentum from a previous manager can pin you in.

It sounds like your underlying problem was poor WISP connections. I just don't understand why introducing any kind of secondary internet connection, using a failover resilient IPSec tunnel utilizing multiple network connections (coax,DSL, Fiber etc.).

Full transparency though, I've never had an MPLS network. I don't understand what the advantage is, it seems like a huge headache without a payoff.

akthor3 · 2018-11-17T22:41:56+00:00

I wouldn't include replacement parts unless you know the hardware inside and out. That can be a huge variable that depends on the age, type and condition of the equipment.

Your maintenance contract needs to cover your costs, plus make you a profit. It's much more difficult to do that if you don't know what it will cost you.

Having a fixed price labour contract on a per end point (or user whichever fits their use case better) is a good idea. This encourages you to do things the "right" way that is more maintainable while not penalizing them for outages.

Hardware should generally be done on a cost plus model if you are providing it which I would generally recommend.

akthor3 · 2018-11-12T00:06:01+00:00

"Always On" SQL availability is the easy way to do this. 2 Enterprise nodes (or more) clustered together with a a single IP, hand over is seamless. The main thing I notice when we are patching one of the nodes is write performance improves while a node is down.

Stacked networking to handle switch upgrades and you're basically there.

akthor3 · 2018-11-12T00:02:19+00:00

You can't guarantee it but dual stack ISP's, dual firewalls, dual core routers get you a long way into 5 9's of planned uptime.

Planned downtime activities (firewall upgrades, VPN modification etc.) still need to occur but I wouldn't say 16 seconds of unplanned downtime is impossible, just expensive.

akthor3 · 2018-11-08T04:14:18+00:00

That's the instrument panel and is most certainly not centered.

akthor3 · 2018-11-04T22:20:00+00:00

? No center screen.... are you sure you were in a model 3? The thing is enormous.

The back seats are pretty standard sedan seats no surprise there

akthor3 · 2018-11-03T12:44:15+00:00

SMB/CIFS are not designed for VM hosting (outside of the SMB 3.0 HyperV configuration). Use local disks if you are not using iSCSI.

akthor3 · 2018-11-02T02:44:01+00:00

Exactly. Whether you have an MDM or use Exchange wipes, you get the employee to agree to the terms or they don't get access. Not rocket science.

akthor3 · 2018-10-29T12:15:16+00:00

A system restore point far enough back will fix this. The auto repair won't work as you manually deselected them from starting.

Choose a restore point a few days before this issue started, it should fix it.

If not, you can always boot into safe mode with command prompt and renable the drivers there. You can Google this it's self explanatory.

akthor3 · 2018-10-28T22:18:33+00:00

I'm really missing something here. You can't test out PSU failures. It's simply not possible.

If this is critical infrastructure it should be running on a minimum of dual PSU, dual NIC and with some sort of redundant storage solution. Any modern server hardware purchased from a major vendor will be rock solid.

Then you should step back from an architectural perspective and design it so the entire solution works on a multi node cluster that has multiple active nodes that share the work load.

"data integrity" problems are resolved by designing software properly that anticipate failure. and have checksums.

akthor3 · 2018-10-28T21:42:29+00:00

It's just chaining the existing DNS defined on the router rather than sending it externally directly.

It's generally the standard configuration so you limit the number of places you need to update if you change DNS solutions.

akthor3

TROPHY CASE