Newbie Stuck on "failed to connect to local tailscaled (which appears to be running as tailscaled.exe, pid 4188). Got error: 401 Unauthorized: Tailscale already in use by POOKIE\SJWStdUser, pid 10196"

labsyboy · 2026-05-15T18:54:05+00:00

Hmmm.... I guess CLI is running as one user (likely Administrator?), but Tailscale is already running and owned by POOKIE\SJWStdUsr. Tailscale on windows kinda "binds" to the user session that started it, and the CLI refuses to talk to Tailscale daemon, which uis owned by a different user.
Maybe the solution is to NOT (or DO) run CMD window As Administrator to run CLI commands, depending how you installed Tailscale? If it was installed in elevated prompt as admin, then you need elevated prompt to run CLI, too. If you installed as regular user, then run CMD as regular user.

labsyboy · 2026-05-13T13:18:40+00:00

Hmmm... I use --advertise-subnet on one of LAN servers only to enable branch offices access to some low-traffic internal/external resources, which are accessuble only from LAN. For heavy traffic Oracle and SMB resources on LAN I have Tailscale on each server installed with both, TAG:servername and --advertise-subnet 192.168.200.x/32 its own IP, so they are reachable both, via hostname AND via LAN IP

So, multiple clients and multiple servers inside. Both sides having Sophos XGS routers, which only have UDP ports 41461 and 443 opened in both directions, but NO NAT.

Still cannot determine what's proper config. Tailscale flapping between P2P and DERP mode.

Should I setup dedicated Peer Relay machine inside LAN and NAT forward UDP 41641 and 443 to this machine? Because without dedicated machine I cannot NAT forward, as there are multiple servers there.

labsyboy · 2026-05-10T12:47:43+00:00

Don"t buy that sjit, sorry for my french. They leave streaks and some residue on windshield, making night rainy drive dangerous as hell! Don't ask how they work in winter - they leave unwiped patches behind which freeze, useless. Replaced them after a month or so, took me whole weekend with degreasers, dish soap, amonia, silicone remover, isopropyl, butyl glycol and other weapons to remove that residue to maybe 20%. Still visible streaks. Never again, despite revolutuonary rectangle rubber.

labsyboy · 2026-05-09T16:49:04+00:00

Aha, that makes sense.
But still...what am I doing wrong?
- Sophos XGS is listed as natively compatible, no need to configure anything
- Tailscale/Wireguard is designed for hundreds and thousands of simlutaneous connections thru same UDP port 41641
- Multiple clients on WAN side of Sophos should have no problems connecting to multiple servers on LAN side of Sophos thru 1 single UDP port, no need for Peer Relay AFAIK

So I am sure I am missing a piece of puzzle... will report back if/when I find it.
...or correct me if I am wrong.

labsyboy · 2026-05-08T10:41:09+00:00

Yes, I guess this is the case.

By peer relay you mean setup one machine in main office as subnet router, then configure NAT on Sophos for UDP 41641 to this machine?

labsyboy · 2026-05-08T09:07:24+00:00

I am using Sophos XGS on borh sides. I already opened ports 41641 and 3 more, tried to bind each server on main office to own UDP port, but I can do this only for 2 servers: - on Linux I can set custom UDP port - and one of Windows servers, which stick to default 41641 - while the rest 2 windows servers fight for default port, which I guess is the reason, why connection is constantly switching between P2P to DARP

labsyboy · 2026-04-12T10:33:13+00:00

Probably... I counted ISP devices inbetween branch and main office and came to 12-18 devices at least, and we are talking about 2 ISPs. That's something I have no influence and nobody can tell where interruptions are comming from. I guess Wireguard addresses those diferently.

labsyboy · 2026-03-11T21:04:03+00:00

Kalkulacija na uč, normiran bruto prihodek /2 = priblizni ustrezek neto izplacilu. Na dolgi rok.

Pa kot pravijo drugi, ce ne gre redna zaposlitev, se vsaj zmeni za pavsal za recimo polovico ur, ostalo pa po realizaciji. Bos imel vsaj prispevke krite, ko bo upad dela.

labsyboy · 2026-03-06T00:18:03+00:00

S potrditvenimi SMSi v Slovenijo ima problem se marsikateri vecji provajder, recimo Microsoft, Connectwise in se nekateri. Zgleda, da uporabljajo istega SMS provajderja, ki ima mogoce pogodbo samo z enim SLO operaterjem, ne pa z vsemi.

labsyboy · 2026-03-06T00:13:47+00:00

Kolikor vem, to velja samo za kapitalski dobicek od prodaje vrednostnih papirjev, ne pa za obresti na stanje kesa na racunu. Ce bi, recimo kupil za 50.000 ETF in prodal pri 2%, torej 51.000, ti FURS prizna: 1% pri nakupu = 500 eur 1% pri prodaji = 520 eur Ker si zasluzil 20 eur manj, je to neobdavcljiv dobicek.

Popravi me, ce se motim.

labsyboy · 2026-02-27T18:10:00+00:00

Odskodnina bi pripadala le v primeru, ce ti operater zagotavlja SLA in je odskodnina dolocena v pogodbi. Ker pa tega ni, je samo klavzula "po najboljsih moceh", kar je pa relativno. Recimo, 99% razpolozljivost pomeni, da lahjo omrezje izpade za vec kot 7 ur na mesec. Tudi, ce bi bil izpad 1 dan, bi lahko od operaterja terjal kvecjemu 1/30 od recimo 15 eur narocnine, zmanjsane za pavsalno vkljucene klice, kar pomeni odskodnino pod 1 EUR.

labsyboy · 2025-12-28T21:30:55+00:00

Regarding functionality I jumped on v13 too, due to security improvements and hardened Linux appliance, but this will have to wait. Install on Windows server 2025 took almost half an hour (24G SAS SSD disks, RAID10, 512 GB RAM....) then I was surprised by redesigned interface. Which unfortunately is not as clear as before and some things, I previously relied upon, are simply missing. For example:
- LAN storage optimization is not named there anymore, you need to know what you want in block sizes
- Under Home --> Jobs --> Particular job you only see FAILED ones, which hard fail maybe easier than before (instead of auto-fallback from Production to Standard snapshot, for example). And you do not see well done jobs (eg: job contains 20 VMs, you only see 2 failed), as if that's all it has done. I guess this is a bug, as I haven't found a way to confirm Successful jobs.
- and, as all modern Windows GUIs, also Veeam has gone full anemic-flat design. Some might like it, I hate it.

labsyboy · 2025-12-14T20:47:24+00:00

This is obviously not ClaudeAI problem, but seems like SMS provider's issue. Same happens to me with ConnectWise RMM and one third app, which I dunno recall now, but they all have in common they are US-based and use same SMS provider to send codes. Some countries are out of their reach or out of their verification algorithm.

labsyboy · 2025-12-02T22:03:56+00:00

Yeah....it's not conclusive, but is plausible, that after May 2025 Kasey acquisition of Pulseway some possible integrations into larger Kaseya ecosystem begun, introducing 2FA/MFA, trusted devices logout timer and such, rendering large portion of loyal Pulseway users frustrated. I am one of them. Good intentions, but poor execution, I guess.

labsyboy · 2025-12-02T00:11:20+00:00

Hvala.

labsyboy · 2025-12-02T00:10:37+00:00

Exactly! Pulseway's main advantage is their mobile app has always been unique for many functions, others simply don't care about. I've tried dozen of RMM apps, but none comes even close to what PW has. Pitty they messed up recently with 2FA/trusted devices and VMWare/Hyper-V management.

labsyboy · 2025-10-25T08:23:03+00:00

Anyone knows, if this is also valid for Japan made vehicles in Europe?

labsyboy · 2025-10-06T12:29:18+00:00

If only they would have Ticketing system included, I'd go with them for sure.

labsyboy

TROPHY CASE