H..
US Interface MTU: 1500
US tunnel MTU: 1428
AU Interface MTU: 1500
AU tunnel MTU: 1384
Definite mismatch on the tunnel MTUs.
Let me see if I can correct that, and see what happens.
Kurt
On Mon, Jul 24, 2017 at 5:31 AM, Michael B. Smith
wrote:
> I’m certain
On Mon, Jul 24, 2017 at 11:24 AM, Sean Chapman
wrote:
> It’s a little bit of an extra crappy situation since that June update is
> an exclusive update.
>
>
>
> If there is a second round of updates, I just do them Monday morning or if
> its not a critical update I have
BatchPatch. It is a cheap third party tool. We use it to manage all our
Windows patching. You can setup jobs that: Download, install, and reboot,
check for new updates, download, install, and reboot, install a new version
of AV software that you have packaged, update registry keys, check for
I just fought with this for the better part of a week. Ours had M2 SSD drives,
which I was never able to find drivers for. I ultimately found a thread on the
HP Support forum that links to a download of a customized Win7 PRO installer
that worked for me.
Forum thread:
On Mon, Jul 24, 2017 at 11:43 AM, Kennedy, Jim wrote:
> Did it fail for sure, or is that one just showing up now.
>
Update history shows it failed yesterday.
Did you also approve the Security Only?
>
Nope, I decline Security Only and decline Previews.
>
Here are some resources:
https://www.microsoft.com/en-us/download/details.aspx?id=18465
https://www.microsoft.com/en-us/download/details.aspx?id=15201
http://activedirectorypro.com/account-lockout-tool/
Regards,
Michael B.
@essentialexch
From: listsad...@lists.myitforum.com
MTUs? As in TCP/IP Maximum Transmission Units?
I will check that and post back, but why would a mismatch in MTU show up as
this?
Kurt
On Mon, Jul 24, 2017 at 5:31 AM, Michael B. Smith
wrote:
> I’m certain you can google as well as I can – but after looking at 8-10
>
Yep, those MTUs. Because inconsistent RPC fragmentation can cause transactions
to fail.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Kurt Buff
Sent: Monday, July 24, 2017 10:44 AM
To: ntsysadm
Subject: Re: [NTSysADM] RPC not available on remote
Did it fail for sure, or is that one just showing up now. Did you also approve
the Security Only? If that one installs first it won’t show the Quality until
after reboot IIRC.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Michael Leone
Sent:
I'd like some advice, please. So this past weekend, we applied our monthly
updates, and for the first time, half of my servers applied them using a
scheduled installation time from my WSUS v3 server. And yes, the patches
were applied, the servers rebooted, no human intervention needed. Yay!
BUT
Seems to be...
[image: Inline image 1]
Kurt
On Mon, Jul 24, 2017 at 12:50 PM, Ed Ziots wrote:
> Is tcp 135 open via fw rules on remote host?
>
> On Jul 24, 2017 12:21 PM, "Kurt Buff" wrote:
>
>> So, fixing the MTU mismatch seems not to have worked. I
Does rpcping agree?
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Kurt Buff
Sent: Monday, July 24, 2017 4:04 PM
To: ntsysadm
Subject: Re: [NTSysADM] RPC not available on remote machine while doing DFSR
config
Seems to be...
[Inline image 1]
Kurt
On
So, fixing the MTU mismatch seems not to have worked. I left the physical
interface MTUs on both sides at 1500, and set up the MTUs for the tunnel
interfaces at 1385, and verified that ping -f -l succeeds at 1357 and fails
at 1358 from both sides.
I even took a single set of entries from my CSV
Is tcp 135 open via fw rules on remote host?
On Jul 24, 2017 12:21 PM, "Kurt Buff" wrote:
> So, fixing the MTU mismatch seems not to have worked. I left the physical
> interface MTUs on both sides at 1500, and set up the MTUs for the tunnel
> interfaces at 1385, and
I have not tried a PSSession. I don't think it's relevant in this
situation, though I could be wrong, and if I am wrong, I'm not sure how I'd
go about doing it in this case.
Script has been run on my workstation in the US and on DCs in both offices
(US and AU).
Interesting note, in case it was
Can you open PSSISSION on either server? You run the commands manually for
testing purposes
Cesar A.
On Jul 24, 2017 12:22 PM, "Kurt Buff" wrote:
> So, fixing the MTU mismatch seems not to have worked. I left the physical
> interface MTUs on both sides at 1500, and set up
We thinking same thing that network firewall rule set is blocking tcp and
up 135
On Jul 24, 2017 1:20 PM, "Michael B. Smith" wrote:
> Does rpcping agree?
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Kurt Buff
>
I believe so:
>From my workstation:
# rpcping -s aufs01p
Completed 1 calls in 609 ms
1 T/S or 609.000 ms/T
Kurt
On Mon, Jul 24, 2017 at 1:13 PM, Michael B. Smith
wrote:
> Does rpcping agree?
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
>
And do you have errors in the DFS specific event logs?
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Michael B. Smith
Sent: Monday, July 24, 2017 6:22 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RPC not available on remote machine while
Disclaimer: I've never used the script before.
Try this script to see if it can help you narrow down where the lockout is
coming from.
https://gallery.technet.microsoft.com/Determine-What-Device-is-325d9720
Detail info for the above:
Many, but I believe they're related to the unsuccessful setup and
consequent teardown of the DFSR configuration that I've been fretting over.
Errors spotted include 6804, 6020, 6006, 5012 and 4004.
A couple of months ago, I deleted the old DFSR configurations between the
file servers, and just
Disclaimer: I've never used the script before.
Try this script to see if it can help you narrow down where the lockout is
coming from.
https://gallery.technet.microsoft.com/Determine-What-Device-is-325d9720
Detail info for the above:
609 ms? Wow.
I suspect that is a hint. Let’s do a bit more:
rpcping -s aufs01p –i 100 –v 3
and see what that tells us….
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Kurt Buff
Sent: Monday, July 24, 2017 5:33 PM
To: ntsysadm
Subject:
Yep - going from Redmond to Brisbane is very slow at times, but usually
only about ~200ms
This looks better...
rpcping -s aufs01p -i 100 -v 3
RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
RPCPing set Activity ID: {77f395c1-3be7-49e2-934a-23d7c060f208}
Thanks for the links. There are two accounts that are locking out
constantly. There is no machine name associated with the attempt. Both
accounts are regular users so wouldn't have been used to run services.
On Mon, Jul 24, 2017 at 10:51 AM, Michael B. Smith
wrote:
>
Here's a script I run when someone is getting locked out and doesn't know
why:
https://gist.github.com/NeighborGeek/6be6e04324a7a483a41802924742ad51
I generally set $pcname to just a single DC, then run the script on that
DC. If you run it remotely or against multiple DC's it's much slower.
I’m certain you can google as well as I can – but after looking at 8-10
results… are you sure you have matching MTUs?
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Kurt Buff
Sent: Monday, July 24, 2017 1:10 AM
To: ntsysadm
Subject: Re: [NTSysADM] RPC
27 matches
Mail list logo