Sysadmin

Apparently they only sent 3 notification Emails, which a large number of their customers are reporting they never received. No one at InfluxData thought to do a scream test or even check the traffic levels to the region before deleting the data.

I have a customer with an old Windows Server 2012 with hyper v cluster configured for 2 nodes. One node died completely. I have 2 new HP proliant 360 Gen10 running Server 2022 DC and a big SAN, and I am trying to figure out the best way to move over the 6 VMs on the existing host. I’m new to this process but it seems like the host OSes must match for me to move the old VMs over. Is the best way to just export a Datto backup of the VMs to the new cluster? Any way to do this live? Any advice I’d appreciate and apologies if I wasn’t clear at all.

I have inherited some cloud hosted vms, with several services hosted in docker containers on these. Think we server and then DB, both hosted in separate containers. Several (overpriced) vms are involved. Would really like some pointers as to how I can get into these / edit them. Would really like to consolidate. I use proxmox at home and am comfortable in Linux but this is new to me. Any docs / tutorials would be super helpful. Still don't really understand why the design was done quite like this, so if you have insight on that, please let me know why you would do it this way. Thanks!

"Good" as in something that looks just as good as an RH cert on my CV. I was considering LFCS, but I haven't come across any job listings mention LFCS (at least, not where I live).

Incident started at 1645 UTC. No resolution yet.

We're installing a new app on a secure network. The vendor has requested we allow access to gstatic.com. That seems overly broad to me and unsafe. Thoughts?

Hello,

Does anyone have problem with VMware vSphere when interacting with Firefox browser? It's working but after TAB change or not focusing window the interface freezes.

This started when Firefox was updated to version 110 I believe. I tried on Windows and on Linux but behavior is the same. Deleting Cookies didn't help.

The interface is working well on Chrome, Edge..

Imge: https://postimg.cc/py68mYD3 -> This refresh icon is loading in infinity.

vSphere version: 8.0.1

My organization just lost a entire email account full of emails needed for a law suite.

What happened was me or someone else (we don't know who) accidently deleted a gsuite account a few months ago. This account was from a employee who pasted away a few years back. We didn't realize that it was deleted until we needed it.

I like many people I had the misconception that data in the "cloud" can not be deleted. I was entirely wrong. We are now in some serious dodo and I don't know what we are going to do.

Getting really close to purchasing and I'm kinda on the fence between dmarcian, dmarcly, and easy dmarc. However, I'm open to pretty much anything with realistic pricing if you have alternatives to recommend.

I assume all 3 of these would get the job done, as they all seem to support dashboards, alerts, and forensic reporting. I'm curious about email volume limits though, I don't see as crystal clear picture of pricing when it comes to that - does anyone have first hand experience they'd be willing to share?

• single domain in Exchange Online
• email volume just crept up over 100k monthly in May/June

I was thinking of setting up a seedbox. Seeding will mean that the hard drive is being read from virtually non-stop. Is it fair to say that hard drives are designed for this? Or would this reduce the operational life-span of the hard drive?

For example, I was trying to find some spec in the Seagate Barracuda hard drive specifications document, but I wasn't able to find anything specific to this (or perhaps I just missed it).

I'm not exactly sure if this is the right community to post this, so let me know if there's a better place for it to go.

Hello everyone,

I'm wondering if we could have similar post/thread like on Reddit for Microsoft Windows monthly patches?

What are your ideas about that?

Have a nice day!

Working on a medium sized office network which only has a single PoE switch for WAPs. About 200 users. No copper to the desk... It made sense to buy a second PoE switch to give a bit of redundancy, even if it's for manually swapping cables in case switch A dies.

Plug in switch, wait for power up and decide to test the manual failover over lunch. Gateway plugged in, flashing lights. WAPs plugged in, flashing lights. Wireless network visible but can't connect as there's no DHCP. Swap everything back and we're back in business.

The switch is unuseable until I've installed an app, created an account, onboarded to a "cloud" and configured from my phone.

Oh HP, how you have fallen from the rock-solid days of procurves and have degenerated to the unfortunately named Aruba "Always On"

Rant over.

Time for a new beginning!!!

Greetings SysAdmins. I am looking for a way to automate monthly windows updates for some of my servers. Currently I do them manually during maintenance period. The somewhat unique part I have is that they have to be done in order.

server1: Update, Reboot, back on; then Server2: Update, Reboot, back on; then on and on for 10 servers.

I'm open to ideas, we have (shudder) WSUS but if you've experienced the ability to do updates in this scenario in other apps I will explore. Something ideally that can determine that the server has rebooted and move on to the next, or say server1 wait 25 minutes then server2 wait 25 minutes...

Thanks

Anyone else having issues?

It started off with an employee sending an email to a distribution list called "Bedlam DL3" asking to be taken off the list. With 13,000 recipients and everyone replying all with, "Me too!" and other messages, it was estimated that over 15 million messages were sent through the system in an hour. This crashed the MTA service due to a recipient limit. Each time the MTA service recovered, it would attempt to resend the message again which lead to a crash loop.

As a result of the incident, the Exchange team introduced message recipient limits and distribution list restrictions to Exchange, which is something we all use today!

More on the story here: https://techcommunity.microsoft.com/t5/exchange-team-blog/me-too/ba-p/610643

cross-posted from: https://techy.news/post/2224

I do a lot of VMWare work but I'd like to tinker with proxmox at home- I just don't want to bring an awful old HPE server/etc home to try it out on-

Anyone have any reccomendations for a quiet, small homelab server with a solid (12-16 thread) core count?

Microsoft's documentation for revoking user access from Azure AD currently references cmdlets from the AzureAD PowerShell module, which will be deprecated on June 30th.

Microsoft reccomends using the MSGraph module or API as a replacement for the AzureAD module, but I'm having a hell of a time with it.

I'm trying to figure out how to use PoweShell to wipe corporate data off a user's BYODs, and I'm stuck trying to get a list of a user's BYODs through Graph. Ultimately this will be part of automation kicked off when a user leaves the company.

Queries for devices and managed devices for a given user seem to be missing devices that are shown through Azure Portal when looking at a user in Azure AD and then looking at their devices. The query for deleting data is also unclear in whether it wipes the whole device or just corporate data.

Does anyone have any resources or guidance on this? Most of what I'm finding is outdated or too vague for me to be comfortable utilizing it.

My company is just starting to utilize O365 email encryption for sensitive information, which I know a lot of people are already using.

One thing we've run into is when sending a sensitive email to a third-party vendor, a lot of them utilize shared mailboxes/distribution groups, so the encryption is not allowing the members of the external mailbox/group to open the encrypted email as their account doesn't have permissions (the group email address does, instead of their individual account).

The only way I've come up with to solve this issue is setting the encrypted emails to not allow a "social" sign-on for decryption, and instead only offer "send a one-time passcode" as the authentication method, then the group/mailbox receives the code to view the email.

Curious how others have combatted this issue if they've crossed it, this feature has been around a while and I am unable to find much on Google about it specifically.

For the moment, users are just re-sending the encrypted email to the external recipient that replies "We can't open this email", which solves the problem but creates more work and takes longer for everyone.

A few years ago I had a couple old and slow Optiplex's running Hyper-V, with Windows/Linux VM's, doing things like NPS, AD, etc.

Had some old equipment collecting dust, so I've built out a decent homelab and am curious if anyone else has done the same, and if so what are they running on them for fun?

In my new "rack":

• PowerEdge R430
  • Running ProxMox, with a Windows VM (DC), and a Linux VM with Docker for Plex
• EqualLogic PS4100
  • VM storage for both PowerEdge servers (10TB)
• Ubiquiti EdgeSwitch 24 250w
• PowerEdge R720
  • Running ProxMox, with some Linux VM's, most utilizing Docker for Plex "assistance/automations" (ahem), NextCloud for phone photo backup and wife's photography, and another DC as a failover of R430's DC.

Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows (formerly AnyConnect Secure Mobility Client) that can let attackers elevate privileges to SYSTEM.

Cisco Secure Client helps employees to work from anywhere using a secure Virtual Private Network (VPN) and provides network admins with telemetry and endpoint management features.

The vulnerability (tracked as CVE-2023-20178) can let authenticated threat actors escalate privileges to the SYSTEM account used by the Windows operating system in low-complexity attacks that don't require user interaction.

Successful exploitation requires abusing what Cisco describes as a "specific function of the Windows installer process."

Cisco released security updates to address this security bug last Tuesday when it said its Product Security Incident Response Team (PSIRT) did not have evidence of malicious use or public exploit code targeting the bug in the wild.

CVE-2023-20178 was fixed with the release of AnyConnect Secure Mobility Client for Windows 4.10MR7 and Cisco Secure Client for Windows 5.0MR2. Escalating privileges to SYSTEM Escalating privileges to SYSTEM using the CVE-2023-20178 PoC exploit (Filip Dragović)

​Earlier this week, proof-of-concept (PoC) exploit code was published by security researcher Filip Dragović who found and reported the Arbitrary File Delete vulnerability to Cisco.

As Dragović explains, this PoC was tested against Cisco Secure Client (tested on 5.0.01242) and Cisco AnyConnect (tested on 4.10.06079).

"When a user connects to vpn, vpndownloader.exe process is started in [the] background, and it will create [a] directory in c:\windows\temp with default permissions in [the] following format: .tmp," the researcher says.

"After creating this directory vpndownloader.exe will check if that directory is empty, and if it's not, it will delete all files/directories in there. This behavior can be abused to perform arbitrary file delete as NT Authority\SYSTEM account."

The attacker can then spawn a SYSTEM shell through arbitrary file deletion by taking advantage of this Windows installer behavior and the fact that a client update process is executed after each successful VPN connection, using the technique described here to escalate privileges.

In October, Cisco warned customers to patch two more AnyConnect security flaws (with public exploit code and fixed three years before) because of active exploitation in attacks.

Two years ago, Cisco patched an AnyConnect zero-day with public exploit code in May 2021, six months after its initial disclosure in November 2020,

[email protected]