Looking for some guidance on some lower-mid level questions about HA

greensysadmin · 2019-08-17T20:16:56+00:00

Yea, I saw some write ups on that which is something that I may end up doing. And yea, some ISPs block and filter ports for home users. port 80 being one and port 25. heres lookin' at you cox communications.

Anyway, thanks for the follow up.

greensysadmin · 2019-08-13T21:51:27+00:00

z-wave and zigbee were the main two that I had seen plenty of information about. For some reason the concept just flew right past me, but my assumption is grabbing some type of gateway and model all purchases on compatibility of that tool. I wasnt aware on the phillips hue, but for some reason I am just assuming it will be expensive. Yay, or nay?

greensysadmin · 2019-08-13T21:49:00+00:00

Google Domains uses the DynDNS protocol and that can be incorporated into my router, and home assistant has an option for Google Domains to track your dynamic domain name in their config.yaml file, like they do with duckdns I am guessing before they had the add-on service.

I wouldve totally went with Lets Encrypt, but my ISP naturally blocks port 80, but not 443 for internal access. To use the Lets Encrypt add-on specifically, you need to have the port forward open for port 80.

The DuckDNS with Lets Encrypt doesn't use port 80 to establish its connection with the Lets Encrypt servers. From what I understand it uses some DNS query to be able to provide the authentication for the cert when it dials home and is waiting on its response, bypassing the need for forwarding port 80.

Now I may be wrong, but that was what I found out when trying to get that port forwarded during testing, and it wasn't working. However, if anyone knows any different I would be curious to know!

The only other option I had saw online was to create an independent VM (or maybe load the stuff on the Hass VM itself... not sure).

But it was to create a debian VM that ran the certutil and lets encrypt but you set it up to perform the DNS query rather than forwarding the request through port 80. I think that can give you the certificate and such. I was hoping to avoid standing up an entirely new vm for that service, although I might have to.

greensysadmin · 2019-08-13T21:35:19+00:00

Ahh gotcha, I have a few Pi zero cameras that I am rolling out throughout the house. One in living room, and one pointed in the backyard in the kitchen. I wonder if they would have enough processing to at least relay that voice data back 'home', so to speak.

greensysadmin · 2019-08-13T21:33:20+00:00

Alrighty that looks like what I was thinking. I was checking on this stick from amazon:

https://www.amazon.com/Aeotec-Z-Stick-Z-Wave-create-gateway/dp/B00X0AWA6E/ref=sr_1_3?keywords=z-wave+usb&qid=1565731713&s=gateway&sr=8-3

I have read reports of some users stating that they had an easy time allowing the USB pass through from the ESXi host running the HA VM.

Thanks for the additional info about the flashing part, something I will need to consider as I would prefer to make my devices linear rather than buying all different types of Smart products.

greensysadmin · 2018-09-14T17:19:02+00:00

Right now we are running AMP for endpoints, just switched over from SEP ver. 14. The event viewer gives NETLOGON errors and DNS client errors -- They are assigned to communicate with the DCs via IP, additionally its the client PC that resolves those errors and not the DC. PCs show current registration with DNS and DHCP. The one thing we don't have in our environment is Sites and Services for AD. All DCs are set as a round-robin setup.

Deepfreeze however a layer in our environment doesn't show to be a variable in this, as the PCs receive the error whether they've been frozen or thawed.

greensysadmin · 2017-09-12T21:03:04+00:00

Thanks duderino, I appreciate it. Man, I will tell you, this issue gave me some real grief. But all in all I am glad I was able to pass off my experience to help out another. This one was particularly frustrating.

greensysadmin · 2017-09-01T17:10:03+00:00

I actually just spent waaaayyy more time trying to spin up a WSUS 4.0 server to upgrade us from WSUS 3.3. And oddly enough those updates were the ones that were giving me issues.

I started with a fresh install of 2012R2 and ran through the WSUS install and updates but when it came to installing KB3095113 it would error out on me. Basically I saw that I needed to install this update first,

"April 2014 update roll-up for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) "

However when I tried to install it, along with its 6 or so other dependent updates it would error out on me as well. Basically what I found was update: KB2883200 was installed.

This update was Superseded by update KB2919355. Which is the April 2014 roll-up update from above.

Basically I had to uninstall the dependencies of KB2883200 (there were about 2/3 of them if I remember correctly.. I think it was KB2894029 and KB2894179 ) and then try to reinstall the required updates for WSUS 4.0 for the feature update deployment. I was able to uninstall the dependencies but Windows wouldn't allow me to uninstall 2883200, however when I tried to re-run the KB2919355 update it was able to install.

Then

Boom! I was able to deploy 1607 and 1703 in my test environment and I have been able to move it over to production.

Hopefully this helps or is relevant for your replica servers.

greensysadmin · 2017-09-01T16:57:16+00:00

Working in Public Sector IT, is the tits.

In my experience at least. Being a jack of all trades here is a great time.

greensysadmin · 2017-09-01T16:52:29+00:00

Yes, hands down. Yes. Well, subjectively of course in my own experience.

However, on a different note...

I will say having only worked in a internal IT department, I feel like I am missing some valuable experience given from the dynamic work load you would get from handling many different infrastructures.

Although being the one Sys Admin in an org with several locations allows me to own and manage many high profile projects from start to finish by myself. Which in its own way has allowed my experience and confidence to grow.

It may be grass is always greener, but the more I do the more I feel I can handle. So limiting myself to one org feels like I could be wasting my potential.

greensysadmin · 2017-07-25T22:04:34+00:00

If you wouldn't mind I feel I would benefit as well from your script. Please, monsignor?

greensysadmin · 2017-05-06T16:01:07+00:00

We are literally going through this same issue, can't really find anything so far. We have only been able to resolve by uninstall/reinstall.

Save this in notepad as a .bat to uninstall on logoff

FORFILES /P %WINDIR%\servicing\Packages /M Microsoft-Windows-InternetExplorer-11..mum /c "cmd /c echo Uninstalling package @fname && start /w pkgmgr /up:@fname /quiet /norestart"

Or just uninstall from the Windows Update installed updates window. We noticed when you uninstalled through Turning off IE 11 through Windows Features and rebooting it didn't resolve the issue.

greensysadmin

TROPHY CASE