The Consolidated B&EC "Quick Question" Thread.

Discussion in 'Business & Enterprise Computing' started by looktall, Jun 6, 2015.

  1. KDog

    KDog Member

    Joined:
    Jan 9, 2002
    Messages:
    206
    Location:
    ACT
    My HP426fdn have been quite reliable for a cheapies... um touch wood.


    Group Policy pushing applications from a DFS share (required as machines are a several sites).

    I can't seem to get machines to install apps from the DFS share.

    machine getting GP app from \\servername\share\application.msi works
    machine getting GP app from \\dfsnamespace\share\application.msi doesn't work.

    I'm assuming it is a permissions issue for machines/namespace as the app installs fine if I push from the server name. GPresults gives an access error so it confirms my suspicion.
    Will keep checking the permissions but if anyone has any ideas or there is something different GP needs to access a DFS share?
     
  2. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    16,503
    Location:
    Canberra
    DA is dying/dead because "The World" fucking sucks at IPv6 adoption apparentlyh.

    The current DA implementation in 2016 is unchanged from 2012 R2, and the reasoning is that it will be replaced with "Always-On VPN" in Windows 10 coming to a feature update near you soon.
     
  3. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    10,859
    Location:
    Canberra
    I've got both a Samsung (colour laser) and a Canon (colour IJ) MFC, both have worked flawlessly with linux (Fedora desktop) with no need to hunt for drivers or add anything. And the default installed scanning utility is better than the bloated, buggy, slow POS stuff Samsung and Canon give you for Windows.

    Windows has printer problems because of bad drivers (i.e. the manufacturers fault).
     
  4. millsy_c

    millsy_c Member

    Joined:
    Mar 31, 2007
    Messages:
    11,674
    Location:
    Brisbane
    Hmm okay, because I don't like that you have to configure clients with split tunnel VPN so S4B 'works' with it, that just sounds like an overtly shit idea.
     
  5. person

    person Member

    Joined:
    Mar 7, 2003
    Messages:
    293
    Location:
    Brisbane
    Thanks for the replies - putting him on the print contract was the first thing I looked at haha, but even the smallest printer they had was too expensive...

    Ended up with an HP OfficeJet Pro 8740 - it's a throwaway printer but if it lasts a year i'll be happy. Good drivers, prints quickly, Airprint means no drivers needed for the macs, problem solved.
     
  6. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    16,503
    Location:
    Canberra
    Doc-of-FC seems to be super cluey on Windows-based VPN solutions - if you have a direct question, I'd probably pm him...
     
  7. freaky_beeky

    freaky_beeky Member

    Joined:
    Dec 2, 2004
    Messages:
    1,006
    Location:
    Brisbane
    Anyone knowledgeable enough with DirectAccess to give me a hand for a moment?

    Having some definite DNS issues...

    Configuration is Single NIC behind edge device.

    I can connect with a client device to the DirectAccess server, but DNS does not function.

    To make matters worse, the DirectAccess server registers a AAAA record in DNS, which means that I cannot access the server internally either, as IPv6 is disallowed internally. (thinking this is highly likely to be related). e.g.

    Code:
    Server:  globaldns.contoso.local
    Address:  10.255.150.138
    
    Name:    vw-dv-da-01.contoso.local
    Address:  fd29:f2ef:21b0:1:0:5efe:10.0.70.1
    
    Code:
    C:\Users\contoso_user>ping vw-dv-da-01
    Ping request could not find host vw-dv-da-01. Please check the name and try again.
    
    It should (try) and fail back to the IPv4 (A record) I would have thought, but apparently not.

    I tried setting the following
    Code:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters
    DisabledComponents DWORD registry value 20 (Hexadecimal)
    
    to try and prefer an IPv4 address, but no luck.

    I haven't quite sussed out the full DNS config here (I'm finding more and more components as I keep looking, (no diagrams or KBs)), any hints, tips would be appreciated.

    I should note, that as this is a PoC I've got Any rules configured in the relevant firewalls.
     
  8. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    10,859
    Location:
    Canberra
    have you tried ping -4 servername ?
    (assuming recent windows-y environment)

    the -4 will force IPv4.
     
  9. freaky_beeky

    freaky_beeky Member

    Joined:
    Dec 2, 2004
    Messages:
    1,006
    Location:
    Brisbane
    I have, and unfortunately, it is the exact same result.
     
  10. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    16,503
    Location:
    Canberra
    reads like dns search path problems to me...

    try

    Code:
    ping vw-dv-da-01.contoso.local
     
  11. freaky_beeky

    freaky_beeky Member

    Joined:
    Dec 2, 2004
    Messages:
    1,006
    Location:
    Brisbane
    Exactly the same (I have 'contoso.local' as my dns suffix). :upset:

    I think this one has got me and I'll need to draw it properly (was just asked to 'quickly' knock a PoC up...)
     
  12. freaky_beeky

    freaky_beeky Member

    Joined:
    Dec 2, 2004
    Messages:
    1,006
    Location:
    Brisbane
    Well after going home and coming back in the morning, my direct access server has registered another IPv6 address in DNS as an AAAA record and now resolves and pings IPv4 fine...

    The second address is an encapsulated version of the IPv4 address (is encapsulated the right word?, it's the same prefix as its other AAAA record but ends in the IPv4 address), but I have no idea why it didn't exist before and/or disappeared.

    I'm going to have to get some more time associated to this so I can do it properly, 'cos this crazy is making me lose it. :(
     
    Last edited: Sep 5, 2017
  13. QuakeDude

    QuakeDude ooooh weeee ooooh

    Joined:
    Aug 4, 2004
    Messages:
    8,343
    Location:
    Melbourne
    Anyone here had much experience with Palo Altos TRAPS AV product? It doesn't look like its got an inbuilt firewall like the existing Symantec product we're using.. We've just kicked off a trial to evaluate it, but I'd be keen to hear from anyone who's actually using it.
     
  14. mr626

    mr626 Member

    Joined:
    Jul 17, 2011
    Messages:
    2,695
    Last edited: Sep 13, 2017
  15. OP
    OP
    looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    23,803
    Location:
    brabham.wa.au
    i have an MS licensing question.

    we are a global company.
    we purchase our MS licenses in canada because we get better pricing.

    there are w10 MAK licenses doing the round in the various regions but we're told by management that we can't use them in AU because they're not for our region.

    is that how the licensing normally works?

    i would have thought that it would be purchased for the company and could be used in any region as long as it's within the company.

    EDIT: or is it a "well it depends" sort of thing?
     
  16. person

    person Member

    Joined:
    Mar 7, 2003
    Messages:
    293
    Location:
    Brisbane
    Unfortunately I believe this is correct - We have the same problem, I have to purchase licences in Australia, Canada, and South America as they are three different regions, for Volume Licences

    See here https://www.microsoft.com/en-us/licensing/licensing-programs/open-regional.aspx

    Office365 on the other hand - you can purchase it in Canada and just assign it to "Australia" and that's valid. So the subscription model is likely to change this region thing.
     
  17. OP
    OP
    looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    23,803
    Location:
    brabham.wa.au
  18. freaky_beeky

    freaky_beeky Member

    Joined:
    Dec 2, 2004
    Messages:
    1,006
    Location:
    Brisbane
    Last time I dealt with this, this was the case, (excluding China), however I would definitely not make an assumption on this kind of thing. I suggest seeking out a MS Partner for advice, preferably multiple, as you'll unlikely get the same answer twice.
     
  19. 7nothing

    7nothing Member

    Joined:
    Feb 15, 2002
    Messages:
    1,398
    Location:
    Brisbane
    Email for critical communications

    I'm sure I've seen mention of how stupid users are for bringing this up, and I know the most appropriate answer is "hahaha, you're a f'ing idiot", but unfortunately I'm not in a position to give them such an honest response at this time. What I do have to do is respond to someone who has enough free time to fill out an internal non-compliance form cos Outlook (most likely) hit a bit of OST corruption and lost some emails stuck in outbox.

    I'd like to explain why this is a moot point by giving some good evidence of how obvious it must be that email is not a system for critical communications, but, it's kinda hard to find anything o365 terms or SLA that makes that clear.

    Exchange online terms (http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=12702):

    Emails
    An end user will be able to send email messages, receive email messages that originate from within and outside of Customer’s organization, and access the end user’s mailbox.

    Which has seriously far less caveats than I'd expect, so they must be somewhere else in the agreement. SLA has targets for delivery time after it hits o365, but not much else. Anyone know where I can find an official statement that explains "absolutely no guarantee of delivery is provided"?
     
  20. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    16,503
    Location:
    Canberra
    outlook lies all the fucken time. OWA if you have to prove it.

    Even then, there is no guarantee - given you don't own the whole path to the recipient in most cases - that it will be delivered.
     

Share This Page