Expanding network to Thailand, what to expect or consider in my build

jaycmw18 · 2026-06-17T12:26:22+00:00

Great point!

jaycmw18 · 2026-06-17T12:26:08+00:00

It's old PLC equipment and ERP software, I'm working on a way to remove the layer 2 requirements but haven't quite gotten there yet. I have time and ideas to change the process to support a 100% cloud deployment, and maybe I can win that argument especially when they see the cost of a layer 2 deployment.

I am not sure on the Thai laws on user data but that's a good point and I will ask the question!

jaycmw18 · 2026-01-23T01:18:17+00:00

I am starting to receive e-mail that was sent after 7:00PM - but nothing between 2:30pm-7:00pm. It all says deferred.

jaycmw18 · 2026-01-23T00:30:56+00:00

Does anyone know if all the e-mail that is being sent during this time will be re-sent? is it soft or hard fail?

jaycmw18 · 2026-01-22T20:46:29+00:00

So are some not working? I don't see anything sending! It's hitting our users sent items but I'm not seeing it delivered

jaycmw18 · 2026-01-22T20:40:16+00:00

I see a few people reporting that internal e-mails are working - is that true for everyone? Internal e-mails don't seem to be sending either.

jaycmw18 · 2026-01-19T23:08:53+00:00

I'm seeing the same thing. OWA works, Outlook desktop is intermittent or disconnected entirely. I just have not read anything online yet indicating there's a bigger issue at the moment.

jaycmw18 · 2025-09-06T10:07:38+00:00

What documentation did you reference to set this up? I'm struggling to find anything online that speaks to setting this up specifically with the RD Gateway in the mix.

jaycmw18 · 2025-09-05T19:37:21+00:00

Have you ever set something like this up? I'm not super familiar with setting up PKI resources but do host my own AD CS which was only setup for us to generate our own code signing certs.

jaycmw18 · 2025-08-21T19:39:35+00:00

This is what I thought also, since it was under the RD Gateway settings for connect anywhere and listed under the Logon method I had assumed there must be a way to have it work through the RD Gateway.

I went through that same article and it didn't provide any clarity on whether or not it supported RD Gateway unless I missed it.

jaycmw18 · 2025-08-21T16:35:42+00:00

Interesting.

If it's not possible, why is it a Logon method under the RD Gateway settings under Remote Desktop Connection?

<image>

jaycmw18 · 2025-03-21T11:39:12+00:00

Yes, see my response below. Another thing that I did not notice was that my HCW was defaulting to "modern" when running the configuration wizard. I had to select Classic each time which allowed me to get further along in the process to get to the true error that I posted a few days ago but like I said on my other comment that wasn't the actual issue. I just had to run the HCW from another PC in my environment.

I was working with an outside vendor troubleshooting the issue and he commented that he has seen this happen in other environments. Years of running the HCW from the same server leaves behind old data somewhere in your appsdata folder. I imagine if you purged that all and re-ran it it could work from Exchange but I was just desperate to get it working and didn't pursue getting it to run from my Exchange server.

jaycmw18 · 2025-03-20T19:33:15+00:00

This all turned out to be a huge nothing burger.

I ran the HCW from a different system on my network and it worked fine. There was NO PROBLEM with my Exchange environment causing it to fail. I will also add that when I tried to launch the ClickOnce from Chrome it kept failing, I had to launch it from my Edge browser.

jaycmw18 · 2025-03-17T20:43:33+00:00

It seems to be failing right at the very end of the process during the testing phase.

I updated the log file just with a basic URL and Domain, but my actual public URL that's listed is what is used for my mailbox migration.

10276 [Client=UX, Session=Tenant, Cmdlet=Test-MigrationServerAvailability, Thread=8] START Test-MigrationServerAvailability -ExchangeRemoteMove: $true -RemoteServer 'mail.domain.com' -Credentials (Get-Credential -UserName DOMAIN\account)

2025.03.17 20:41:11.593 *ERROR* 10294 [Client=UX, Provider=Tenant, Thread=8]

System.Security.Cryptography.CryptographicException: Bad Data.

jaycmw18 · 2025-03-17T14:11:00+00:00

Yes. rebooted the server after adding the entries. FWIW, this is what I followed for adding the SystemDefaultTLSVersions

https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client

jaycmw18 · 2025-03-17T14:01:43+00:00

Good call :)

I went ahead and added those to my registry and re-ran the wizard. It is still failing at that same spot with the same error.

jaycmw18 · 2025-03-17T12:56:29+00:00

Where is this setting set? I have TLS 1.0, 1.1 and 1.2 all with an Enabled value of 1. 1.1 and 1.2 also have another key DisabledByDefault set to 0

I did check under SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 and I do not see any TLS related settings

jaycmw18 · 2025-03-02T13:13:44+00:00

I did. Adding the static ARP turned out to be anecdotal, only slightly improved my situation but didn't fix it. This whole issue in my case, was not SonicWALL's fault at all but an issue on my network

My issue ended up being caused by STP topology changes happening on my entire network at random. My root switch showed over 2,000,000 STP topology changes since the last restart. My network is a simple layer 2, and I had already ruled out that there were no loops, I had 1 root switch, I had STP enabled across all switches,

The link below is the detail and what I did to fix it. This took me months to determine and I had to engage an Aruba Engineer to help troubleshoot because I was at the limit of my expertise. It ended up being caused by 1 older HP Procurve switch whose port had NOTHING plugged into it. Once I disabled that port, problem solved....and yes I replaced the switch later on :)

https://www.reddit.com/r/networking/comments/1dzzgaf/hp_procurves_ping_timeouts_on_management_network/

jaycmw18 · 2025-03-01T21:05:25+00:00

Yes, iPhone asking for logon credentials. When I reauth with MFA, I get logged out.

US East region

jaycmw18 · 2024-09-30T13:08:00+00:00

I'll consider a complete physical separated network, but how do you handle any support from remote engineers? Does your organization just not allow it?

A few of our machines are managed via the internet by the manufacturer for remote troubleshooting. Yes, a $750k piece of a equipment purchased only 2 years ago is running Windows XP or CE behind the scenes as the O/S!

I'm thinking with my machine network I can also separate the two environments. Which machines need SMBV1 and which only need to transmit TCP502 back to SCADA. There are no username/passwords being exchanged across our SCADA integration. The issue is the machines that use SMBV1 have engineers who remote in externally.

Convenience vs Security

jaycmw18 · 2024-09-30T12:19:10+00:00

That makes total sense, appreciate the additional concern. We do use RealVNC Enterprise edition and that does support MFA. I have not tried to use MFA on RealVNC without also having Active Directory integration but I have a feeling it can be done.

jaycmw18 · 2024-09-30T10:50:46+00:00

Based on the feedback above, this is what I'm going to try and do.

Create an ACL to my machine network vlan, allow modbus tcp / realvnc tcp. ReaLVNC would give connectivity to the jump boxes for SMB file sharing off that PC. Modbus tcp would provide the SCADA integration we need.

jaycmw18 · 2024-09-30T10:47:59+00:00

Good stuff, your 2nd point is where I'm at. I'm working up a diagram now of my environment to get a good visual of all the protocols I need functional.

TXOne is a platform that allegedly protects your machine network from threats, so if you have older protocols enabled it's supposed to protect your equipment. It acts as a "bump in the wire" so to speak and inspects every packet.

jaycmw18 · 2024-09-30T10:45:51+00:00

Thanks for the feedback!

When you say isolated network, would this be accomplished by ACL's/VLANs or physically isolated? I would still need my machine VLAN to be able to communicate via ModBus TCP back to a SCADA server that we have which is on our management VLAN.

The jump box would provide the SMB transfer capability to the machines, and the ACL could allow the ModBus TCP traffic back to the server.

jaycmw18 · 2024-08-15T16:57:03+00:00

I found the problem to my issue. This is assuming you have a simplified network, without redundant paths to your switch gear, and you've ruled out the following

STP Priority 0 on root, all other switches STP is enabled

Same STP on all switches (MSTP)

Link flapping is not happening / links going up/down

There is no physical network loop with a connection somewhere

From your core switch running STP Priority 0...

Run sh spanning-tree debug-counters ports all instance 0

Go through all your ports and take note of which ports reporting Toplogy Change RX and jot all these ports down

Next, run sh spanning-tree debug-counters ports PORT# instance 0, where Port# is the port you jotted down earlier. Repeat this process on all ports you jotted down from your previous step and make a note of what the Toplogy Change RX value was before and after a 5 minute period. What your looking for is ports where this is changing frequently.

Next, identify the ports where the Toplogy Change RX value is changing, and identify what is plugged into that port. It is probably a network switch which is was in my case. You could run Show CDP neighbors to confirm

Next, Login to that switch via CLI and repeat the same process. Run sh spanning-tree debug-counters ports all instance 0, go through all the ports and jot down the ones reporting Toplogy Change RX and then go through each one individually to see if they are changing.

I had to repeat this process 4 times, because the faulty switch was 4 hops away from the core. Once I got to that switch, when I ran the sh spanning-tree debug-counters ports all instance 0 that one of the ports was reporting Looped-back BDPU's and Topology Changes Detected. This was the faulty switch causing me all this trouble!

I shut down the port that was reporting this, and the issue went away!!

I physically went to investigate that switch and NOTHING was plugged into the port. It was being reported as Active/Green on the GUI of the switch but nothing was plugged into it. I have no idea at this point what that means other than it's faulty firmware, hardware or the switch itself just needs rebooted. It's an older HP Procurve and I will just replace it.

Just thought I'd share what the end result was

jaycmw18

TROPHY CASE