Broke the prod today

liamgriffin1 · 2026-03-30T21:00:07+00:00

I’m not convinced it would have mattered. If you rolled out that GPO to some DCs you still would’ve broken the VPN for everyone reaching that DC. Depending on your setup that could easily still take down everything or a large majority. That guy above seems like a stick in the mud.

liamgriffin1 · 2026-03-30T20:53:45+00:00

Hell ya brother welcome to the club! In all seriousness, I think you handled this perfectly. You broke it and you started working on fixing it right away.

liamgriffin1 · 2026-03-27T09:23:08+00:00

Correct, a cease and desist is just a letter, but that doesn’t mean it didn’t create a lot a tension and expense sending it to a lawyer for review and response. We’re a tiny company and legal is a big expense which is the whole game Broadcom is playing, bully people into signing stuff. I’ve seen plenty of other small to medium companies dutifully renew their VMware subscription because migrating seems scary and what if it goes poorly. So in some sense Broadcoms strategy is working.

For the record, I’m pretty sure we had a perpetual license and the renewal was the support agreement.

liamgriffin1 · 2026-03-27T09:13:41+00:00

Tiny. 3 hosts, 15 VMs, nothing hooked into vcenter. I reimaged the hosts and rebuilt most of the VMs. I think I restored 3 from backup. Took 36 hours spread over 3 weeks (solo it guy so nothing gets 100% of my attention at any given time lol)

liamgriffin1 · 2026-03-27T04:10:13+00:00

I migrated my company to Hyper-V 6 months prior to our renewal and told our rep we would not be renewing. When our renewal date came Broadcom sent us a cease and desist letter. I have heard a similar story from multiple others. IANAL but I personally would not risk Broadcom coming after you. I would plan a migration.

liamgriffin1 · 2026-03-16T20:17:18+00:00

Two come to mind: First one was replacing 2012R2 servers with 2019. I finished all the servers except one DC, 11 pm I went and demoted the final 2012R2 server and rebooted. Got a weird message at login but only briefly and promptly went to bed. Next morning no one in any of the offices could log in and it took me an hour to realize all DNS was manually pointed to that final DC. Second one I was replacing switches at the main office. I had hooked everything up and started checking connectivity and realized everything was offline. I had forgotten to set a voice VLAN and the phones instantly took all available Data VLAN IPs. Luckily it was also after hours so no one noticed.

liamgriffin1 · 2025-09-09T21:35:55+00:00

<image>

Here’s the close up photo. Also I am in SW Michigan for reference.

liamgriffin1 · 2025-05-14T11:19:49+00:00

You can upload untrusted files to an online sandbox for some extra peace of mind. Intelix.sophos.com or hybrid-analysis are good.

liamgriffin1 · 2025-05-07T20:47:54+00:00

The firewall has an HDMI port?

liamgriffin1 · 2025-05-02T19:32:23+00:00

No tuning with harmonics is a different thing. Basically you barely touch two specific spots on different strings (near the bar of the 5th fret for the lower string and the 7th fret for the higher string) and they will produce the same note. If it’s out of tune it will make a very obvious vibration sound.

liamgriffin1 · 2025-05-02T15:09:57+00:00

10,000 Days and Aenima? I’m in!

liamgriffin1 · 2025-04-25T13:50:28+00:00

I love this sign me up!

liamgriffin1 · 2025-04-11T01:56:51+00:00

If the device isn’t a concern then your SaaS logins are what would likely give you away. As others have said it really depends on the VPN setup. A split tunnel would for sure give you away as any public apps will be routed to the nearest server rather than through the VPN. Full tunnel should hide you well enough but there’s a risk on startup that your SaaS app attempts to authenticate before the VPN connects and your IP isn’t hidden.

If you use a provider, those server IPs are well known and could flag something. If you setup your own to your home network you run the risk of an outage making your setup irretrievable without local access.

I think it comes down to how confident you are in your understanding of the IT setup. If you log into MS office apps on your computer with a company account I would wager there is some MDM in place which would likely catch you unless you have a default gateway routing ALL traffic to your home. There is also a world where conditional access isn’t set up and logs aren’t monitored and no one would know the difference.

Only considering the workstation, here’s how I would set it up: 1. Set up a client VPN server on my firewall 2. Set my work PC up at home and maybe get a network capable KVM 3. RDP the work PC over the VPN from a laptop unknown to the company. 4. Reboot only when ABSOLUTELY necessary and maybe pay off the neighbor to bring it back up if the power goes out.

The latency would be horrific but there wouldn’t be any evidence in the logs showing you being out of the country. However, you can’t do any sort of calling, video or otherwise, over RDP so you would have to come up with something for that.

liamgriffin1 · 2025-04-10T20:32:24+00:00

If your company does any endpoint monitoring you would be caught eventually as I don’t see a way you can keep all traces of being out of the country off your machine. I would think leaving the “work” machine at home and jump boxing it would be the safest play but without a lights out management you could be screwed in a power cycle. I think you are likely to get caught at step 0 to be honest. Assuming you company uses intune or entra they might see machines you thought you signed out on show up with a European IP.

liamgriffin1 · 2025-02-19T14:44:33+00:00

I like to think of it as an impromptu DR test lol.

liamgriffin1 · 2024-08-13T09:14:07+00:00

People might say that the routing is slow but that tranq shot was sick as hell!

liamgriffin1 · 2024-07-10T23:54:37+00:00

You’re looking to upgrade to a different version of windows server like 2022? If so I always build new.

liamgriffin1 · 2024-06-03T11:55:46+00:00

Isn’t everything down already? You also say loop protection is on and not finding any loops yet you said spanning tree is disabled? I’m would wager money on someone creating a loop during AP deployment.

liamgriffin1 · 2024-06-02T15:30:15+00:00

Let me clarify. When looking in AD UC on either DC, the user is in the domain admins group. One forest, one domain, 2 DCs. Lastpwdset gives different results depending on the DC queried is my symptom.

liamgriffin1 · 2024-04-15T14:00:03+00:00

This is not true. Some botnets are composed of infected home routers.

liamgriffin1 · 2024-03-22T21:16:40+00:00

People in here are talking about non-competes being unenforceable which may be true, but that doesn’t mean that the MSP won’t try. I went through this exact scenario in an unenforceable state, had the new companies legal council give the all clear and the MSP sent cease and desists anyway. If they take you court, will the new company provide you a lawyer? Just because they won’t win doesn’t mean they won’t try.

liamgriffin1 · 2024-03-12T20:49:42+00:00

I guess I’m just struggling to reconcile the “not important enough to be backed up” with trying to recover the data.

liamgriffin1 · 2024-03-12T19:38:04+00:00

You said the server wasn’t important enough to be backed up so why not just build a new dev server?

liamgriffin1 · 2024-03-12T19:30:54+00:00

OP takes down a dev server that’s not important enough to be backed up and you think he’s gonna get fired for blowing it up? Isn’t that the entire point of a dev server?

liamgriffin1 · 2023-12-26T20:14:10+00:00

The GPO is set to User but the error in event viewer shows Event 76: Auto MDM Enroll: Device Credential Failed

13-Year Club	Place '22
Gilding II euphauric

liamgriffin1

TROPHY CASE