Dext

Forum Replies Created

Viewing 30 posts - 1 through 30 (of 320 total)
  • Author
    Posts
  • Avatar
    Dext
    Member

    All sorted – updated the Azure AD Connect and she’s back up and running.

    Avatar
    Dext
    Member
    in reply to: Active Directory Sync #379175

    Hi,
    Thanks I’m making progress – little and often. Ive applied a license to a user and have completed the MS Office 365 Hybrid Config wizard. When I look to start a migration batch and select a user there aren’t any in there.

    Do I need to start the process from a CSV?

    Thanks

    Avatar
    Dext
    Member

    Hi – managed to sort this problem by re-installing the Exchange 2010 RTM roll up 5

    Avatar
    Dext
    Member

    Found the issue there were specific routing rules within a policy which specified to use WAN 1 rather than follow the failover policy. Yet to test but I’m certain its that.

    Avatar
    Dext
    Member

    The problem with changing them to the ISP DNS servers is for the reasons above – if you failover to another ISP then you need to use their DNS servers and vice versa

    Avatar
    Dext
    Member

    Thanks guys the DNS on the watchguard is pointing to our internal DNS (192.168.0.251) with forwarders configured – the forwarders IP is 8.8.8.8 and 8.8.4.4 which is why its confusing.

    I Googled the log failure message which seems to point to a failed config in the failover but there isn’t much to configure “all gateways in policy routing table are down drop this packet”.

    I plan to plug a laptop into the FTTC connection tomorrow to test I can get out using the same interface config (user pass IP etc)

    Avatar
    Dext
    Member

    You leg’end – thanks that’s a job for the weekend :)

    Avatar
    Dext
    Member
    in reply to: Active Directory Sync #379169

    Thanks – am I correct in thinking you need at least one E1,E3 or exchange based license to getadd the exchange “part” of O365. As my tenant doesn’t have it available.

    Avatar
    Dext
    Member
    in reply to: Active Directory Sync #379168

    Still not quite there yet :)

    I’m looking to sync the domain and mailboxes and then when I’m happy all is sync’d across I will point the MX records to O365 and away we go. Would this be classed as a cutover migration doing everything but point the mx records or is this a staged migration.

    As said ideally I would like to run a continual sync until the point to which I’m happy and then save the actual mx change and client configure to a weekend.

    Avatar
    Dext
    Member
    in reply to: Strange setup -or is it just me? #379167

    Yeah I get the domain doesn’t really matter and the fact its held within the user AD account as the MX records point to a different server and so the mail will be delivered there – just strange why you would configure it this way.

    There are 2 sites one was looking to migrate to another but the method to which it was approached I feel was incorrect.

    Avatar
    Dext
    Member
    in reply to: Active Directory Sync #379166

    Sorry I think I was getting slightly confused – I get it now, so its a free client to do the sync which is ideal. Thanks as always

    Avatar
    Dext
    Member
    in reply to: Active Directory Sync #379165

    Ah cool so this is for Azure based syncing not on prem syncing. The free Azure AD connect application is all I need and the only licensing I need to assign is one of the O365 E1, E3 etc?

    Thanks

    Avatar
    Dext
    Member
    in reply to: Adding additional WAN IP’s to ASA 5506 #379164
    RicklesP;n515822 wrote:
    It’s not really recommended to do that, but here’s something I found thru :google::
    https://supportforums.cisco.com/t5/firewalling/nat-hairpin/td-p/1407782

    Thanks how come its not recommended? As split DNS is quite common in networks. If we use the internal IP for the service then we’ll get certificate errors?

    Avatar
    Dext
    Member
    in reply to: Adding additional WAN IP’s to ASA 5506 #379163

    Sorry to continue this one – and I can start another post if required? I’m trying to access a service on the same laninside interface but using the external urlip. As I understand it this is called hairpinuturn nat, is that correct?

    If so how do you go about configuring it using the ASDM? Or can it only be done using the CLI?

    Thanks

    Avatar
    Dext
    Member
    in reply to: Adding additional WAN IP’s to ASA 5506 #379162

    Works a treat – thanks.

    Avatar
    Dext
    Member
    in reply to: Adding additional WAN IP’s to ASA 5506 #379161

    Sorry I should have been more cautious in my wording, I didn’t mean manage as in the management of the router. What I meant was given the ASA is a router and a firewall – am I correct in thinking there is no issue assigning one static external IP to the WANOutside interface and adding a static route for all LANinside traffic to that interfaceIP?

    Avatar
    Dext
    Member
    in reply to: Adding additional WAN IP’s to ASA 5506 #379160

    Yep worked a treat, added the additional WAN IP into the NAT table and all was fine. Can you tell me – do you need to assign 2 external IP’s to a single interface to manage the firewall and router respectively? Or is it like a conventional router which routes and acts like a firewall but you only need to add one IP (static route points to the outside interface IP)?

    Avatar
    Dext
    Member
    in reply to: Adding additional WAN IP’s to ASA 5506 #379159

    Thanks, so just to confirm you don’t add the additional IP’s to the interface (which is currently configured for 1 IP) once you add rules in NAT/PAT for the additional external IP and corresponding service the traffic will flow?

    Avatar
    Dext
    Member

    Netstat -a will tell you whats listening if its within the output you should be able to telnet if its not then you wont.

    Avatar
    Dext
    Member
    in reply to: VLANs on 5506 #379157

    Sorted by adding virtual interfaces – what’s the preferred method with this? Would you split down a physical interface or if you have enough just use one port per vlan?

    Avatar
    Dext
    Member
    in reply to: Unnecessary DNS records #379156

    Hi guys, here’s a pic of what I mean – both http://www.domain.com AND domain.com pointing to exactly the same place wouldn’t you just need 1 set of mx records which manage the domain as a whole?

    [ATTACH=JSON]{“data-align”:”none”,”data-size”:”medium”,”data-attachmentid”:515395}[/ATTACH]

    Avatar
    Dext
    Member
    in reply to: Need Help Understanding Application #379155

    As I understand it the 2 are separate tasks and identified in their descriptions. Failover clustering is when you have shared storage for data and a cluster of hardware resources (RAM CPU etc) its a process of high availability. So say you have 10 servers with a 50/50 split of resource 5 servers on Host 1 and 5 servers on Host 2 and Host 1 fails the fail over cluster will make Host 2 manage ALL the servers as Host 1 has failed.

    Load balancing is the first step of the mentioned above, splitting your requirement (1,10,100 servers) over an amount of physical hosts to balance the load.

    Avatar
    Dext
    Member
    in reply to: Deploying Windows 10 Using WDSMDT #379154

    Sounds to me like you boys are showing your age ;)

    Avatar
    Dext
    Member
    in reply to: SYSPREP W10 – error with installed apps #379153

    Hi,
    Is there a way to close this post? This one is kind of merging with another of my posts which were “same same but different”

    Avatar
    Dext
    Member
    in reply to: Prohibit certain passwords in AD #379152

    I find no matter how much you try and influence a strict password policy user education beats it hands down. The more complex and harder to remember the more chance of the user writing it down on a post it note and hiding it behind the screen or under the keyboard – those seem to be the most common hiding places I’ve found (you do however get the odd person with a post it note on the laptop keyboard)

    Avatar
    Dext
    Member
    in reply to: Deploying Windows 10 Using WDSMDT #379151

    The problem is I removed them (from the image) and they came back :)

    Seems a possible solution is powershell script on bootlogin – we shall see. Shouldn’t have to go through all these hoops though

    Avatar
    Dext
    Member
    in reply to: Deploying Windows 10 Using WDSMDT #379150

    Yeah I did that to extract the WIM and deployed it to initiate my build, as far as the build goes Im happy with it just needs a little tweeking al la facebook and minecraft. I still think M$ need to rethink their strategy with regards to what they are trying to achieve. Keep consumer ideas away from businessenterprise products and people will be happy :)

    Avatar
    Dext
    Member

    This method as I understand it is syncing ldap to google (the kind of opposite of what the OP has asked) but achieves exactly what your looking to do – single sign onone set or creds.

    I’ve used it and it works well.

    Avatar
    Dext
    Member
    in reply to: Deploying Windows 10 Using WDSMDT #379148

    I’m only referring to the mention of the ADK version must match the Win10 version (in my link) not patronising on how to install it.

    Why am I removing the inbuilt apps such as Candy Crush, Facebook Minecraft etc – I would be surprised if any business thought it to be a good practice to leave this rubbish on their builds. The problems arise when you start to remove the store which I don’t plan on doing, just disabling it within GPO.

    Also we’re using professional rather than enterprise so my hands are tied (Professional contains an esd which has various builds of W10 in it Enterprise has a wim).

    As said please don’t feel that I’m patronising you, my W10 frustrations seem to be quite common looking around the net :)

    Avatar
    Dext
    Member
    in reply to: Deploying Windows 10 Using WDSMDT #379147

    Also (not sure if this requires a separate post) how do you stop those bleeping apps from installing themselves. I removed them from the image AND I thought I removed them from any new user profiles being created but they keep coming back – candy crush, minecraft etc?

Viewing 30 posts - 1 through 30 (of 320 total)