-
Reddit SystemAdmin. Thanks @reddit2telegram and @r_channels.
Microsoft: Windows Server KB5062557 causes cluster, VM issues clarification
I believe the update is ok for non-cluster servers but wanted to check with the greater community before rolling out across the board.
Microsoft: Windows Server KB5062557 causes cluster, VM issues
"After installing the July Windows security update (the Originating KBs listed above), the Cluster Service on Windows Server 2019 might repeatedly stop and restart, causing nodes to fail to rejoin the cluster or enter quarantine states, virtual machines to experience multiple restarts, and frequent Event ID 7031 errors within event logs," Redmond explained.
https://redd.it/1m6e4xa
@r_systemadmin
Does anyone else get triggered by a user simply messaging the word “Hello”?
It’s annoying when you open Teams and just see multiple people only messaging one word.
https://redd.it/1m6bzmt
@r_systemadmin
Microsoft now prevents you from looking up all domains in an Entra tenant while unauthenticated
Just saw MC1081538 in the message center, which announced updates to the Get-FederationInformation cmdlet. Ultimately, this change limits the data that is returned from the Autodiscover endpoint, further details in this article...
Previously, you could use tools like AADInternals on their public OSINT tool to look up all domains in a tenant without any authentication, but now you cannot :(
https://redd.it/1m68liw
@r_systemadmin
Why do users do this?
Printer decides to stop working for the day, but actually just needs some updated print server configuration. I send out both email and chat comms to give everyone a heads up.
Me: clearly working on the printer, admin panel open and laptop on the side
User 1: hey the printer isn’t working..
Me: stares
Few minutes later
User 2: hey I cant print, do you know what’s going on?
Me: ignores user 2
User 2: so when can you fix it?
Am I missing something here? Are they simply trying to make some human interaction or are they just dense? Wondering if I should start drinking on the job.
https://redd.it/1m66ywu
@r_systemadmin
Completely stumped by this mail routing issue
Need to get out of some hot water here because the CIO implied I did this on purpose.
A high level employee sent an email to an external person via Outlook desktop client.
It went to me but also to him. Ended up in my inbox in Outlook desktop client specifically.
There are no mail flow rules that would do this and the message trace would have named the rule by name if it was.
Message trace says "TRANSFER" event occurred and that's it.
Message header doesn't mention me at all.
This happened 4 months ago to just 1 email and we never found out why.
I'm not a delegate on her inbox. Nothing weird going on with a distro list.
Everything I found online has been disproven or is extremely unlikely.
Anyone ever see this? REALLY need to solve this one.
https://redd.it/1m5qcf2
@r_systemadmin
Lost Three Days Because I Ignored A Button
I was tasked with upgrading my Enterprise devices from Home to Pro to comply with cybersecurity insurance policy, to centrally manage everything and to, well, sysadmin.
I attempted to use a generic product key with a generic ISO file for software installation, because that's the SOP on Reddit, Spice works, Google, etc.
I have twenty tabs open describing the same SOP:
1. Disconnect PC from Internet
2. Use the generic key
3. Reboot from Home to Pro, then activate
But the installation for Home to Pro failed.
I should also add I was provided a product key by my Cloud Solution Provider (CSP).
On the download page, I ignored the "Download" button for the software's ISO file. I copied only the product key. I did wonder why the button was there, and why I was downloading a disk, perhaps for creating a bootable USB as that's all the experience I had with .iso files up to now. This wouldn't work for remote users so that helps explain why I ignored the button.
Then I tried to use this key with a generic, pre-existing ISO file I already had - the multi-edition ISO on the Windows page.
The issue was resolved by understanding that the provided product key was specifically tied to the .iso installation files provided by the CSP. ☠️ But I didn't understand this because on Google and everywhere, even Microsoft reps posted the SOP above.
The correct procedure was:
1. Return to the download page provided by the CSP.
2. Click the "Download" button to obtain the specific ISO file associated with the purchased license.
3. Use this downloaded ISO for the installation
Now I was able to upgrade the computers.
Jesus Christ I just lost 3 days over 3 seconds because I'm inexperienced and failed to read a button because I didn't want to understand what it did... But at least I solved the age-old question of "Upgrade Home to Pro for Business Premium, but invalid key".
https://redd.it/1m5pdq5
@r_systemadmin
Windows 11 search super slow after a fresh reimage.
We freshly imaged a PC and noticed very slow load times when clicking start and searching something, like paint. Also noticed very slow Edge response times when opening websites. I’m currently on 24h2 (OS Build 26100.4349). I’ve tried disabling search index via registry and resetting the CBS Appx via powershell and rebooting. Still seeing massive slow times searching an application. It takes about 4 minutes before the results come back. If you click off it and search again, it does the same thing, and just searches for 4 minutes.
Any ideas? Anyone seen this before?
https://redd.it/1m5k5es
@r_systemadmin
Company Being Sold
My company (US based) recently announced that we will be sold in 2027 or 2028. Those are the only details we have been provided. I'm in the process of planning out projects for the rest of this year and next year but finding it really hard knowing the company is being sold. I am thinking of checking with the team to see what interests them our what skills/projects do they want to do to help boost their resume. That seems like a much better use of time than trying to improve efficiency or save money.
Had any one else gone through something similar? Any tips on finding projects that can be meaningful and not just to kill time?
https://redd.it/1m5hp8r
@r_systemadmin
I want to switch to sysadmin
I'm a software developer (web/mobile) with 3 years of experience and I kind of hate my work now (not that i'm employed atm). I want to switch fields and want to work in sys admin. I have seen a recent posting for system administrator which I do not qualify for. But it's the junior position ( 1 year of experience). As a dev, i've used linux and I'm comfortable using it but i know its not nearly enough. As i said its a junior position, so expectations will be lower for me and critical/important things will be handled by someone with more experience.
My question is, Which certs can i do to get knowledge that will make me eligible for this position? How much time would be needed realistically if i can put 8-10 hours daily? Also how can I practice as no one will give access to their system for practice and I can't afford vps. can I simulate system in docker? if so, is there any lighter alternative of it (I've a laptop that will hang with docker desktop).
# Job Description / Key Result Areas:
The roles and responsibilities include one or more of the following:
Administer and maintain AIX & Linux servers (production, development, and testing environments).
Install, configure, and optimize operating systems and infrastructure.
Manage storage provisioning, decommissioning, and SAN performance.
Ensure server stability, availability, and compliance with IT policies.
Handle system upgrades, migrations, backups, and disaster recovery.
Automate tasks using Shell/Bash scripts.
Monitor and manage SLAs, vendor escalations, and support contracts.
Conduct audits and ensure compliance with OEM best practices.
Provide 24/7 support and timely incident resolution.
Recommend and implement operational improvements.
Design systems focusing on security, scalability, and recovery.
Perform capacity planning, health checks, patching, and monitoring.
Possess a deep understanding of virtualization.
Exhibit analytical and team collaboration skills.
Create documentation and use Microsoft Office Tools effectively.
# Essential Skill Requirements:
Interface with vendors to resolve issues and recommend hardware/software.
Strong oral and written communication and presentation skills.
Ability to work independently and solve diverse problems.
Multitasking capabilities.
Teamwork skills (internal and external collaboration).
https://redd.it/1m5f6fk
@r_systemadmin
Office 365 0x80040154 - OfficeC2RCom registration issue
Hello everyone,
I would like to start a discussion about the Office 365 update failures and the 0x80040154 error associated to the failures.
Hopefully there is some simple step that I'm missing, but I keep observing that this error pops up quite often. I see this error on existing machines and on freshly imaged devices (via MECM). The office package has been re-created a few times already by my colleagues to rule out issues with the installation process.
[This topic](https://www.reddit.com/r/SCCM/comments/7jsyby/office_365_updates_failing_0x87d0024a/) has the PowerShell script to fix the issue, but I was not able to find a way to detect the issue, so to have a detection + remediation script. **Does anyone have a detection script for this issue?**
I saw that @[ExhaustedTech74](https://www.reddit.com/user/ExhaustedTech74/) in this [topic](https://www.reddit.com/r/SCCM/comments/14yt4gk/0x80040154_on_office_updates/) and [this one](https://learn.microsoft.com/en-us/answers/questions/1332534/office365-0x80040154-2147221164-class-registration) has asked some pretty good questions, but there was no good answers, at least not yet ;)
* I would like to ask you what is your approach to the issue?
* How often do you run the remediation script?
* Do you have any detection script? Is it actually possible to detect the Office Com registration issue?
* **Does anyone run this remediation script without detection daily, just to not face the Office update issues?**
* Did anyone find a root cause for this? Like some security software causing the issue, or is this just a Office 365 "feature"?
https://redd.it/1m5dhnh
@r_systemadmin
How do ya'all plan your deployments / updates in your team?
We're constantly facing the issue that someone in our team prepares an updated for an application and deploys it whenever he likes. For my (and all the other's) nerves sake, I'd like to bring an order to the chaos. I just currently miss how to do that. How do you guys schedule and plan your deployments (technically). Do you have special tools or is it just the ol' calendar item in a shared mailbox you use?
https://redd.it/1m5b8nz
@r_systemadmin
I still feel like a fraud
I’m 25 and started IT support in 2022. Seven months later I got promoted to systems engineer, then a year after that moved into identity and access management. When the lead IAM guy left, I got full domain admin rights at 24 and basically had to figure everything out on the fly.
Since then, I’ve done a ton — deployed GPOs, rolled out BitLocker on all Windows devices, set up Okta FastPass for passwordless logins, built SCIM provisioning so onboarding apps just happen automatically, moved printers to the cloud, enforced device compliance via Okta, handled Office 365 tenant-to-tenant migrations using BitTitan, automated onboarding/offboarding with PowerShell and Okta workflows, set up Azure AD federation so Google users can access Power BI without extra accounts, managed SSO for apps like Zendesk, and been the top escalation point between helpdesk and engineering.
I’ve even been involved in a merger/acquisition from the tech side.
But honestly? It still feels like I’m just winging it. Like I got lucky or somehow stumbled into this stuff. It doesn’t feel exceptional or like I deserve it. Anyone else feel like they’re doing big things but still feel like a fraud? Whenever I talk to more experienced admins I just get mind blown and realize that I’m not even close to their level. I’m like man there’s a lot to learn and I feel like I’m fraduing it
https://redd.it/1m56wt2
@r_systemadmin
sole admin. where to start?
I’m the lone admin for a mental health non-profit. Talked with my supervisor about how to fix some holes in our system and was told i have “free range” and can basically do whatever I think is best (as long as it’s in budget).
We don’t have a backup system yet, need a VPN for WFH roles, and need to be HIPAA compliant.
We have 2 windows servers in different offices, 10-15 clients total, and a WireGuard VPN that doesn’t work. An MSP manages our internet and cybersecurity, but I’m in charge of everything else (even the printers).
I have no passwords or idea what the previous configuration was since the previous admin left with no real handoff.
What would be my best first steps to figuring out a way to end up with automated backups, a secure/working VPN, and some type of monitoring system?
https://redd.it/1m4z3ca
@r_systemadmin
3 Major CVE's released for Sharepoint ONPREM
FYI 3 major CVEs have dropped for on-prem sharepoint instances. Patches have been released.
Mitigation guidance:
https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
Times like these I'm happy all my customers moved to Sharepoint Online, I can get back to enjoying my weekend.
https://redd.it/1m4v81p
@r_systemadmin
Automated certificate renewals for internal servers and no automated DNS?
We have several internal servers with publicly signed certificates. To get them rotated automatically, I thought about doing this:
1. Create a new VM with nothing on it except ACME.
2. Implement the DNS challenge to get a wildcard certificate.
3. Create some internal plumbing to automatically distribute and install the wildcard to the internal servers as necessary.
The problem I am running into is that our DNS provider does not support automation and we cannot change providers until at least 2031, so there is no automatic way to update the TXT records.
Are there any other cert-automation providers who will do this and require a DNS update every, say, 6 months or so?
https://redd.it/1m4rfgi
@r_systemadmin
UK to ban ransomware payments by public sector organizations
Source: The Register
Additional source: Bleeping Computer
I'm curious if anybody on the UK side of things has thoughts they'd be willing to share regarding this. I'd hope that anybody with enough control over their org's security posture has a better game plan for ransomware than "pray the insurance pays out", but I'm sure there are at least a few orgs that will be scrambling as a result of this.
https://redd.it/1m6e9d6
@r_systemadmin
Seagate Expansion Desktop 24TB doesn't show SMART data with smartmontools. CrystalDiskInfo works.
Have you managed to use smartmontools (Linux version) with this Seagate external HDDs? The only way I managed to get some info was using these parameters:
>root@ubi-main:/# /usr/local/sbin/smartctl -a -d scsi -T permissive /dev/sdb
smartctl 7.5 2025-04-30 r5714 [x86_64-linux-5.15.0-144-generic\] (local build)
Copyright (C) 2002-25, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF INFORMATION SECTION ===
Vendor: Seagate
Product: Expansion HDD
Revision: 1802
Compliance: SPC-4
User Capacity: 24,000,277,249,536 bytes [24.0 TB\]
Logical block size: 512 bytes
Physical block size: 4096 bytes
LU is fully provisioned
Logical Unit id: 0x3e543137574d4443
Serial number: 00000000REDACTED
Device type: disk
Local Time is: Tue Jul 22 06:46:28 2025 UTC
SMART support is: Unavailable - device lacks SMART capability.
=== START OF READ SMART DATA SECTION ===
Current Drive Temperature: 0 C
Drive Trip Temperature: 0 C
Error Counter logging not supported
No Self-tests have been logged
This is the very latest version of smartctl, and no luck.
Using a Windows box, CrystalDiskInfo just displays everything.
Any ideas how to make this work under Linux? Thank you.
https://redd.it/1m6avxl
@r_systemadmin
CVE-2025-53770: Anyone else lowkey panicking about what’s actually sitting in SharePoint?
This new SharePoint zero-day (CVE-2025-53770) is nasty - unauthenticated RCE, CVSS 9.8, with active exploitation confirmed by CISA. It’s tied to the ToolShell chain, and apparently lets attackers grab machine keys and move laterally like it’s nothing.
We’re jumping on the patching, but the bigger panic is: what is even in our SharePoint?
Contracts? PII? Random internal stuff from years ago? No one really knows.. And if someone did get in, we’d have a hard time saying what was accessed.
Feels like infra teams are covered, but data exposure is a total black box.
Anyone else dealing with this? How are you approaching data visibility and risk after something like this?
https://redd.it/1m6829t
@r_systemadmin
What’s the most ridiculous or hilariously clueless question an employee has ever asked you as a sysadmin?
I’m working on a light-hearted piece for System Admins Day and thought this community would have some gold. Would love to hear your funniest, weirdest, or most absurd helpdesk stories. Drop them below!
https://redd.it/1m6611d
@r_systemadmin
On-Prem Sharepoint servers compromised
https://research.eye.security/sharepoint-under-siege/
CVE Update Guide: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771
What to do: https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
(I was supposed to be off today)
https://redd.it/1m5oy1v
@r_systemadmin
PSA: Disable Windows Script Host / VBScript If You Don't need it
Microsoft announced with the release of Windows 11 24H2 they migrated VBScript / Windows Script Host to a Feature on Demand. For 24H2 Until 2027 this will be on by default, and after 2027 turned OFF by default, with removal entirely "sometime" after that.
https://techcommunity.microsoft.com/blog/windows-itpro-blog/vbscript-deprecation-timelines-and-next-steps/4148301
If you have no reason to have this on, it can be turned off as a preventative measure. Any of these will work. Straight dism, powershell, or invoke powershell for a remote command.
DISM /Online /Remove-Capability /CapabilityName:VBSCRIPT~~~~
Remove-WindowsCapability -Online -Name VBSCRIPT~~~~
powershell.exe -executionpolicy bypass -command {"Remove-WindowsCapability -Online -Name VBSCRIPT~~~~"}
We just turned it off Org wide, and will be reenabling it on a case by case basis. (We have a ancient internal app that may require it, we're testing, for a dozen or so users).
We just had a C-Suite click on something. Not sure what. But it was able to get through our EDR. After isolating the endpoint did a bit of analysis on it, it made some folders in %localappdata% folder, put some VBS files in there that ran, which would download a file from a URL, rename it to another vbs file and run it and created tasks to run it every so often. In his case it only installed a Crypto-Miner application that did get picked up by our EDR, which prompted the isolation and analysis. However, with VBScript turned off, it would have stopped in its tracks. Or least been one less avenue it could have used.
https://redd.it/1m5oi80
@r_systemadmin
Weeks worth of work down the drain…
I work in k12 public schools. We have a staff of roughly 600 people. Each one of those people have a MacBook. Those MacBooks used to be managed by FileWave but we recently switched to Mosyle. Mosyle offers some great features for stronger security and convenience for the end-user.
For example, users can now use Google workspace to authenticate into their MacBooks. This is good for the end-user because now they just need one password for both email and computer logins (didn’t stop everyone from bitching about 2FA..)
Our staff also used 802.1x to authenticate into the WiFi but for those of you who don’t know, MacBooks can’t authenticate using EAP-TLS/802.1x before logging in.
I automated this and now staff members not only log in automatically when they open their device BEFORE login, but they ALSO have the option to manually enter their credentials if it fails for whatever reason.
Everyone is starting to come back from summer and they’re either forgetting how to do things WiFi related or they need to just connect to an SSID so their laptops can pull any necessary changes from Mosyle so they can authenticate.
SCEP officially failed ONCE in the couple months it’s been online and that was due to a windows update. Since then it’s been smooth sailing and all other issues have been client side.
Now my boss is telling me to axe SCEP because the intermittent issues with the clients and NOT the server. He says there is 0 redundancy with it, but the redundancy is there. The redundancy is end-users being able to authenticate manually. So rather than going through the process of training our end-users to use the new automated system (like we do with everything else) we are just going to axe the whole system and go back to how things were before SCEP because “the people know how to use that if things break”.
TL;DR - So down the drain goes security improvements, automation and weeks of work because my boss doesn’t want to go through the expected rough patches of end-users coming back and forgetting how to use their shit. Nothing better than moving backwards.
https://redd.it/1m5jg93
@r_systemadmin
Tapes vs "Immutable storage"
Seem like every other storage vendor is selling their "immutable storage" solution and is downplaying Tapes as old tech. Which is driving business leaders to look replace those Tape systems.
But I am more and more convinced that tapes (or any storage where you physically disconnect the backup media) are the only good recovery solution for ransomware type events. (As long as it is tested)
Are you guys seeing the same thing?
https://redd.it/1m5holp
@r_systemadmin
Moronic Monday - July 21, 2025
Howdy, /r/sysadmin!
It's that time of the week, Moronic Monday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!
https://redd.it/1m5eum2
@r_systemadmin
Company sunk due to weak password
I'd thought I post this, as the UK has been experiencing a lot of public attacks on companies this year. Marks & Spencer, The Co-op, Harrods, all well known companies. However there was one not so well known outside of the UK The Knights of Old a logistics and transport company. They got hacked and ransomwared, collapsing the company.
https://www.bbc.co.uk/news/articles/cx2gx28815wo
https://redd.it/1m5bvtx
@r_systemadmin
Pour one out for all the AlaskaAir IT...
https://www.reuters.com/world/us/alaska-airlines-grounds-all-flights-after-it-outage-disrupts-systems-2025-07-21/
Oof... That's a hard way to end a weekend. Hope they're able to triage and get things running again. In the meantime... This one's for you... 🫗
https://redd.it/1m5a6g1
@r_systemadmin
Browser based ssh dashboard
Is there a browser based ssh server like OpenPubkey SSH but instead of relying on installing apps and everything it's in a container that can be browser based and use azure security policies to manage users access to Linux machines without having to grant access individually....
I guess I'm asking is there an ad for Linux machines that easy to setup and use?
https://redd.it/1m4xuc1
@r_systemadmin
It's never DNS, it's always DNS but sometimes it's the default gateway. DOH!
Replaced my router at home specifically to transition to using a reverse proxy server to exclusively expose things to the internet. I thought I was being slick by using a different IP for the new gateway so I could run the old one whilst setting up the new one then just swap plugs and reboot everything.
Spent 30mins trying to figure out why my new firewall rules weren't working only to finally figure out I hadn't updated the default gateway on that host server yet. DOH!
https://redd.it/1m4vpg6
@r_systemadmin
How do you know your employees are actually following security rules?
We’ve set up MFA, password rules, and file access policies, but how do you know people aren’t bypassing things or using personal devices?
Any tools or tips for keeping it all under control?
https://redd.it/1m4tex5
@r_systemadmin
Is the sys admin job market really that bad?
I'm really starting to be at my wits end. I've been searching for a jobs in the Seattle area. Focusing on Sys Admin/Sys engineer work as that is where my primary focus is, but swinging out to technical project management type roles as that is where I want to be long term. It's been 8 months, and I've received two phone screenings, and not a single interview. My friends in the industry up there say it isn't me, that I have a good resume, and good experience, but I'm starting to second guess everything. I need a sanity check, even if the result of that check is I am the problem, because at least then I'll have something to fix.
I've been working in the field since 2013, have a fair amount of Experience in Azure/Entra cloud technologies, Windows Server, Vmware, Pure Storage, various backup systems, LOTS of great project management type experience just to name a few things.
https://redd.it/1m4hpss
@r_systemadmin
