[{"content":"The Problem: Eliminating Single Points of Failure in Hybrid Infrastructure\nIn infrastructure design, High Availability (HA) and mitigating single points of failure usually require complex and expensive architectures. When seeking resilience for personal services or documentation platforms, the goal is to ensure web traffic automatically switches if a physical node or cloud provider goes down.\nOne approach to achieve this is maintaining a hybrid architecture: a commercial VPS as the primary node …","date":"2026-04-08","permalink":"/kb-00090/","summary":"The Problem: Eliminating Single Points of Failure in Hybrid Infrastructure\nIn infrastructure design, High Availability (HA) and mitigating single points of failure usually require complex and …","tags":null,"title":"Zero-Cost HA: VPS and On-Premise Failover via Cloudflare Tunnels"},{"content":"There are multiple scenarios in infrastructure administration where a machine initially configured with Ubuntu Desktop ends up assuming exclusive server roles. Whether you are repurposing hardware for your home lab or transforming a development environment into a production node, the graphical environment (GNOME) becomes an unnecessary waste of CPU and RAM.\nWhile the traditional solution would be to format and install the Ubuntu Server ISO, this is not always viable. If you already have complex …","date":"2026-04-07","permalink":"/kb-00089/","summary":"There are multiple scenarios in infrastructure administration where a machine initially configured with Ubuntu Desktop ends up assuming exclusive server roles. Whether you are repurposing hardware for …","tags":null,"title":"Ubuntu 24.04 Desktop to Server: Complete In-Place Conversion Guide"},{"content":"When a user is terminated in Active Directory, the first line of defense is instantly engaged: denial of corporate access, which disconnects their VPN sessions and blocks interactive logins through the Domain Controller (DC).\nHowever, there is a critical risk vector. If the employee (or a malicious attacker) has their corporate laptop, the local Windows Cached Credentials will continue to operate. This allows them to log into the machine \u0026amp;ldquo;offline\u0026amp;rdquo; (from the domain) and extract …","date":"2026-03-30","permalink":"/kb-00088/","summary":"When a user is terminated in Active Directory, the first line of defense is instantly engaged: denial of corporate access, which disconnects their VPN sessions and blocks interactive logins through …","tags":null,"title":"Zero-Trust Endpoint Isolation: Containment via Offline SIDs"},{"content":"In today’s cybersecurity landscape, traditional storage defenses are no longer sufficient to contain advanced attacks. When a threat actor compromises administrator credentials, standard backups and storage snapshots can be easily deleted or aggressively encrypted. This is where SmartLock for Dell Isilon (PowerScale) comes into play.\nSmartLock provides true file-system-level immutability using WORM (Write-Once, Read-Many) technology. Once a file is deliberately locked (committed) inside a …","date":"2026-03-22","permalink":"/kb-00087/","summary":"In today’s cybersecurity landscape, traditional storage defenses are no longer sufficient to contain advanced attacks. When a threat actor compromises administrator credentials, standard backups and …","tags":null,"title":"Isilon OneFS: Immutable Data Protection against Ransomware with SmartLock (WORM)"},{"content":"As data volumes continue to grow explosively, a significant percentage inevitably becomes \u0026amp;ldquo;cold data\u0026amp;rdquo;—historical files that are rarely accessed. Keeping this inactive data sitting on high-performance primary storage is extremely cost-inefficient.\nTo solve this, OneFS integrates CloudPools, a powerful tiering feature that allows you to seamlessly move inactive data blocks to an external object storage platform like Amazon S3, Azure Blob, or a local ECS. When data is tiered, OneFS …","date":"2026-03-22","permalink":"/kb-00086/","summary":"As data volumes continue to grow explosively, a significant percentage inevitably becomes \u0026ldquo;cold data\u0026rdquo;—historical files that are rarely accessed. Keeping this inactive data sitting on …","tags":null,"title":"Isilon OneFS: Transparent Cloud Tiering \u0026 Cost Optimization with CloudPools (AWS S3)"},{"content":"As users consume storage, it is common to find redundant data (documents copied multiple times, identical ISOs, or duplicated backups). To mitigate this waste of capacity, Isilon offers SmartDedupe.\nUnlike other storage systems that perform inline deduplication, Isilon utilizes post-process deduplication. This means data is written to disk immediately with maximum performance, and subsequently, a background job (Job Engine) scans the file system for identical 8KB blocks to consolidate them and …","date":"2026-03-21","permalink":"/kb-00085/","summary":"As users consume storage, it is common to find redundant data (documents copied multiple times, identical ISOs, or duplicated backups). To mitigate this waste of capacity, Isilon offers SmartDedupe. …","tags":null,"title":"Isilon OneFS: Storage Efficiency - Implementing SmartDedupe"},{"content":"With our authentication, access zones, and capacity limits in place, our Isilon cluster is functionally ready for production. However, a production environment is only as good as its recovery strategy. In the world of Scale-Out NAS, the first line of defense against accidental file deletion or corruption is SnapshotIQ.\nSnapshotIQ allows for virtually unlimited snapshots (up to 1,024 per directory) with negligible performance impact. In this article, we will configure an automated retention …","date":"2026-03-21","permalink":"/kb-00084/","summary":"With our authentication, access zones, and capacity limits in place, our Isilon cluster is functionally ready for production. However, a production environment is only as good as its recovery …","tags":null,"title":"Isilon OneFS: Local Protection - Retention Strategies with SnapshotIQ"},{"content":"We have successfully joined our cluster to Active Directory and established a robust NTFS permission architecture. Now, we must ensure our storage environment remains stable and is not saturated through uncontrolled usage. In Isilon, this is managed through the SmartQuotas license.\nSmartQuotas allows us to limit space at three distinct levels (Directory, User, or Group) and offers several types of limits:\nAdvisory (Informational): Only generates alerts; does not block usage. Ideal for …","date":"2026-03-20","permalink":"/kb-00083/","summary":"We have successfully joined our cluster to Active Directory and established a robust NTFS permission architecture. Now, we must ensure our storage environment remains stable and is not saturated …","tags":null,"title":"Isilon OneFS: Capacity Management - Implementing SmartQuotas"},{"content":"Our Isilon cluster is now a trusted member of Active Directory, and users are encapsulated within their own dedicated Access Zone. However, up to this point, the storage remains an opaque block. It is time to open the doors and present that storage to the network.\nIn this article, we will create our first network-accessible resource (SMB Share) and address one of the greatest debates in storage administration: the correct management of permissions.\nThe Golden Rule: Share Permissions vs. NTFS …","date":"2026-03-20","permalink":"/kb-00082/","summary":"Our Isilon cluster is now a trusted member of Active Directory, and users are encapsulated within their own dedicated Access Zone. However, up to this point, the storage remains an opaque block. It is …","tags":null,"title":"Isilon OneFS: Data Presentation - SMB Share Configuration and Permission Management"},{"content":"We have reached one of the most critical architectural milestones of the entire deployment. So far, our cluster is live on the network, utilizing dynamic routing with SmartConnect and secured via SSL management. However, an enterprise NAS serves little purpose if users must memorize new credentials or if management traffic is mingled with high-performance production data.\nIn this article, we will join our Dell EMC Isilon cluster to our Active Directory domain (mxlit.com) and configure true …","date":"2026-03-20","permalink":"/kb-00081/","summary":"We have reached one of the most critical architectural milestones of the entire deployment. So far, our cluster is live on the network, utilizing dynamic routing with SmartConnect and secured via SSL …","tags":null,"title":"Isilon OneFS: Identity Integration - Access Zones and Active Directory Joining"},{"content":"Managing an enterprise-grade storage cluster through a static IP address while dealing with the annoying \u0026amp;ldquo;Site not secure\u0026amp;rdquo; browser warning is not an acceptable practice in a production environment. Beyond the visual nuisance, it bypasses critical identity verification and can lead to man-in-the-middle vulnerabilities during administrative sessions.\nIn this guide, we will elevate your Dell EMC Isilon cluster\u0026amp;rsquo;s management security. We will configure a load-balanced FQDN for our …","date":"2026-03-20","permalink":"/kb-00080/","summary":"Managing an enterprise-grade storage cluster through a static IP address while dealing with the annoying \u0026ldquo;Site not secure\u0026rdquo; browser warning is not an acceptable practice in a production …","tags":null,"title":"Isilon OneFS: Securing the WebUI with SmartConnect and SSL Certificates"},{"content":"Following the publication of our first five guides, it is time to reveal the full roadmap for the Dell EMC Isilon (OneFS) series. This series is designed to take you from initial deployment to advanced enterprise operations.\nI have been working on integrating my extensive Knowledge Base into the blog. This process has involved retaking many of the original screenshots to ensure they meet the visual standards of the site, which is currently taking some extra time. While much of the upcoming …","date":"2026-03-19","permalink":"/news-00004/","summary":"Following the publication of our first five guides, it is time to reveal the full roadmap for the Dell EMC Isilon (OneFS) series. This series is designed to take you from initial deployment to …","tags":null,"title":"System Update: Overall Status \u0026 2026 Roadmap"},{"content":"If you have followed our previous guides, you now have a 3-node virtual Isilon cluster running with Enterprise licenses activated. However, at this point, it is still just a group of servers. To transform Isilon into a true Scale-Out NAS—where all nodes work as a single brain—we need to configure its \u0026amp;ldquo;secret sauce\u0026amp;rdquo;: SmartConnect.\nIn this article, we will break down the architecture behind SmartConnect, why it is so powerful, and how to configure it step-by-step using Windows Server …","date":"2026-03-19","permalink":"/kb-00079/","summary":"If you have followed our previous guides, you now have a 3-node virtual Isilon cluster running with Enterprise licenses activated. However, at this point, it is still just a group of servers. To …","tags":null,"title":"Isilon OneFS: The Magic of SmartConnect and DNS Delegation"},{"content":"When building a Dell EMC Isilon (OneFS) laboratory on Proxmox or VMware, you may notice that by default, many advanced features in the web interface—such as replication, deduplication, or quotas—appear locked or inactive.\nTo truly simulate a production environment, you need access to the full suite of enterprise tools. In this guide, we will look at how to activate these features directly from the command line for your homelab, bypassing the need for corporate license files.\nThe Default State: …","date":"2026-03-18","permalink":"/kb-00078/","summary":"When building a Dell EMC Isilon (OneFS) laboratory on Proxmox or VMware, you may notice that by default, many advanced features in the web interface—such as replication, deduplication, or …","tags":null,"title":"Isilon OneFS: Unlocking Enterprise features (Licensing)"},{"content":"Integrating additional nodes into an Isilon cluster is one of the most rewarding processes in the OneFS architecture. Once the first node is operational, expanding capacity and performance is nearly automatic.\nIn this guide, we detail the steps to join Node 2 (and subsequent nodes) to our lab cluster in Proxmox.\nPrerequisites (Quick Checklist) Before pressing the start button, ensure that the virtual machine (e.g., VM 202) strictly complies with the defined architecture:\nDisks: 22 SCSI disks …","date":"2026-03-18","permalink":"/kb-00077/","summary":"Integrating additional nodes into an Isilon cluster is one of the most rewarding processes in the OneFS architecture. Once the first node is operational, expanding capacity and performance is nearly …","tags":null,"title":"Isilon OneFS: Joining nodes to the cluster"},{"content":"Deploying a virtual Dell EMC Isilon (OneFS) cluster in your lab environment with Proxmox is an excellent way to test enterprise features like SyncIQ, SmartPools, or SmartConnect. However, this simulator has a critical \u0026amp;ldquo;Achilles\u0026amp;rsquo; heel\u0026amp;rdquo; when running on general-purpose hypervisors: susceptibility to file system corruption during sudden power outages.\nHere I explain exactly why this happens and how to fix it by adjusting storage policies in Proxmox.\nThe Problem: Absence of Physical …","date":"2026-03-18","permalink":"/kb-00076/","summary":"Deploying a virtual Dell EMC Isilon (OneFS) cluster in your lab environment with Proxmox is an excellent way to test enterprise features like SyncIQ, SmartPools, or SmartConnect. However, this …","tags":null,"title":"Isilon OneFS: Protecting the Simulator on Hypervisors (NVRAM and Cache)"},{"content":"Umami is one of the best privacy-focused, self-hosted alternatives for web analytics. However, an extremely common issue when deploying it behind Cloudflare Tunnels is that the dashboard identifies the visitor\u0026amp;rsquo;s country, but the City and Region fields appear empty (—).\nIn this guide, we will look at how to fix this telemetry \u0026amp;ldquo;short circuit\u0026amp;rdquo; by correctly configuring HTTP headers so that Cloudflare provides Umami with all the geographic information it needs.\nThe Problem: The …","date":"2026-03-17","permalink":"/kb-00075/","summary":"Umami is one of the best privacy-focused, self-hosted alternatives for web analytics. However, an extremely common issue when deploying it behind Cloudflare Tunnels is that the dashboard identifies …","tags":null,"title":"Umami: Solving Geolocation (City and Region) with Cloudflare Tunnels"},{"content":"Welcome to the first installment of the Isilon / PowerScale series. In this documentation, we will explore the depths of Dell EMC\u0026amp;rsquo;s scale-out NAS platform, starting from the ground up. Whether you are building a lab for testing or preparing for an enterprise deployment, this guide will provide the technical foundations needed to stand up a virtual Isilon cluster on Proxmox.\nPhase 1: MAC, VLAN, and VM Configuration in Proxmox Create a VM without disks, with 3 Network Interface Cards (NICs), …","date":"2026-03-17","permalink":"/kb-00074/","summary":"Welcome to the first installment of the Isilon / PowerScale series. In this documentation, we will explore the depths of Dell EMC\u0026rsquo;s scale-out NAS platform, starting from the ground up. Whether …","tags":null,"title":"Isilon OneFS: Virtual Cluster Deployment - Part 1: Installation \u0026 Initial Configuration"},{"content":"Introduction: The Evolution of a Pipeline In the previous posts of this series, I detailed my journey from a broken, 25-minute SFTP deployment bottleneck to a hyper-optimized Rsync pipeline that completes in mere seconds. But optimization is only half the battle in Enterprise Architecture. The other half is Resiliency.\nCurrently, my pipeline relies entirely on Microsoft\u0026amp;rsquo;s GitHub Cloud infrastructure. While GitHub Actions provides 2,000 free CI/CD minutes per month, relying 100% on external …","date":"2026-03-16","permalink":"/kb-00073/","summary":"Introduction: The Evolution of a Pipeline In the previous posts of this series, I detailed my journey from a broken, 25-minute SFTP deployment bottleneck to a hyper-optimized Rsync pipeline that …","tags":null,"title":"GitHub: Hybrid Cloud CI/CD - Building a Zero-Downtime Pipeline with Self-Hosted Runners"},{"content":"The Domain Name System (DNS) is the Internet\u0026amp;rsquo;s address book, but by original design, it is not secure. When a user types a domain into their browser, the query travels in plain text and blindly trusts the response it receives. This is where DNSSEC (Domain Name System Security Extensions) comes in.\nDNSSEC does not encrypt DNS queries, but rather digitally signs them. It works through a public-key cryptography system that guarantees DNS resolvers (such as those from Google, Cloudflare, or …","date":"2026-03-15","permalink":"/kb-00072/","summary":"The Domain Name System (DNS) is the Internet\u0026rsquo;s address book, but by original design, it is not secure. When a user types a domain into their browser, the query travels in plain text and blindly …","tags":null,"title":"Cloudflare: Cryptographic Security for Your Domain with DNSSEC"},{"content":"Maintaining absolute control over your visitors\u0026amp;rsquo; demographic and behavioral data is essential in the world of Enterprise technology. Umami Analytics has become the leading alternative for those seeking a lightweight, privacy-friendly, and, above all, easy-to-deploy solution through Docker.\nWhy Self-Hosted over the Cloud version? While Umami offers a cloud version, self-hosting provides undeniable advantages for technical or corporate profiles:\nNo retention limits: The cloud\u0026amp;rsquo;s free …","date":"2026-03-15","permalink":"/kb-00071/","summary":"Maintaining absolute control over your visitors\u0026rsquo; demographic and behavioral data is essential in the world of Enterprise technology. Umami Analytics has become the leading alternative for those …","tags":null,"title":"Umami: Deploying Umami Analytics with Docker"},{"content":"Introduction: The Hidden Cost of \u0026amp;ldquo;It Just Works\u0026amp;rdquo; When I first migrated this Knowledge Base to Hugo and set up a CI/CD pipeline using GitHub Actions, my primary goal was simplicity. I needed a way to push my Markdown files to GitHub and have a runner automatically compile the static HTML and send it to my Nginx container hosted on a remote VPS.\nTo achieve this, I used a popular, off-the-shelf SFTP Deployment Action. For the first few days, it was magical. I would commit a new post, …","date":"2026-03-12","permalink":"/kb-00070/","summary":"Introduction: The Hidden Cost of \u0026ldquo;It Just Works\u0026rdquo; When I first migrated this Knowledge Base to Hugo and set up a CI/CD pipeline using GitHub Actions, my primary goal was simplicity. I …","tags":null,"title":"GitHub Actions: Optimizing CI/CD Deployments (From SFTP to Rsync)"},{"content":"I have been working hard behind the scenes to fill this Knowledge Base with Enterprise technologies, with the goal of having everything documented and readily available, not just for myself, but for the entire community.\nRecently Published In case you missed it, I am thrilled to announce that the complete Proxmox VE and TrueNAS documentation series have been published and are now live on the blog. These guides cover everything from initial deployments and Quorum troubleshooting, to complex SMB …","date":"2026-03-11","permalink":"/news-00003/","summary":"I have been working hard behind the scenes to fill this Knowledge Base with Enterprise technologies, with the goal of having everything documented and readily available, not just for myself, but for …","tags":null,"title":"System Update: New Series Published \u0026 Upcoming Documentation"},{"content":"\\nimage: \u0026amp;ldquo;truenas_thumbnail.jpg\u0026amp;rdquo;\nWhen managing a TrueNAS or FreeNAS file server integrated with Microsoft Active Directory, you may encounter a You do not have permissions to see the list of files opened by Windows clients. or NT_STATUS_ACCESS_DENIED error when attempting to connect using native Windows RPC administrative tools.\nThis behavior is most prominent when:\nTrying to open the fsmgmt.msc (Computer Management -\u0026amp;gt; Shared Folders) MMC snap-in pointing to your NAS. Trying to …","date":"2026-03-10","permalink":"/kb-00069/","summary":"\\nimage: \u0026ldquo;truenas_thumbnail.jpg\u0026rdquo;\nWhen managing a TrueNAS or FreeNAS file server integrated with Microsoft Active Directory, you may encounter a You do not have permissions to see the list …","tags":null,"title":"TrueNAS: Enable Computer Management \u0026 OpenFiles Access (Access Denied Fix)"},{"content":"When running a Proxmox VE cluster, a sudden power outage or network partition can bring down multiple nodes simultaneously. When a single node powers back on, it will typically refuse to start its Virtual Machines, freezing at a \u0026amp;ldquo;bulk start waiting for quorum\u0026amp;rdquo; message.\nProxmox does this intentionally: to prevent \u0026amp;ldquo;split-brain\u0026amp;rdquo; scenarios where two isolated nodes try to run the same VMs at the same time and corrupt storage, the cluster enforces Quorum (a strict majority of …","date":"2026-03-10","permalink":"/kb-00068/","summary":"When running a Proxmox VE cluster, a sudden power outage or network partition can bring down multiple nodes simultaneously. When a single node powers back on, it will typically refuse to start its …","tags":null,"title":"Proxmox: How to Resolve \"Bulk Start Waiting for Quorum\""},{"content":"Migrating your infrastructure from Microsoft Hyper-V to Proxmox VE is a common step for organizations seeking a powerful, open-source virtualization platform. While Proxmox does not natively run .vhdx files, its underlying QEMU hypervisor architecture allows you to easily import and seamlessly convert Hyper-V disks into Proxmox-native formats (RAW or QCOW2) directly from the command line.\nThis guide will walk you through the process of exporting a Virtual Machine from Hyper-V, transferring the …","date":"2026-03-10","permalink":"/kb-00067/","summary":"Migrating your infrastructure from Microsoft Hyper-V to Proxmox VE is a common step for organizations seeking a powerful, open-source virtualization platform. While Proxmox does not natively run .vhdx …","tags":null,"title":"Proxmox: How to Import Hyper-V VMs (.VHDX) to Proxmox"},{"content":"When you install Proxmox VE on a single drive—for instance, a 1TB SSD—the installer automatically partitions the space into local (root file system, typically for ISOs and backups) and local-lvm (block storage for VM disks). However, for many Homelab enthusiasts and small-scale deployments, this division is often unnecessary and can lead to wasted space on one partition while the other is full.\nThis guide explains how to safely remove the local-lvm partition and expand your primary local …","date":"2026-03-10","permalink":"/kb-00066/","summary":"When you install Proxmox VE on a single drive—for instance, a 1TB SSD—the installer automatically partitions the space into local (root file system, typically for ISOs and backups) and local-lvm …","tags":null,"title":"Proxmox: How to Expand Local Storage (Remove Local-LVM)"},{"content":"Scaling your virtualization environment by creating a Proxmox VE Cluster allows you to centrally manage multiple physical nodes from a single web interface. Clustering enables advanced enterprise features such as High Availability (HA), live migration, and shared storage management. This guide will show you how to securely join a new, standalone Proxmox host into an existing cluster.\n1. Retrieve Cluster Join Information First, log into the web interface of an existing node that is already part …","date":"2026-03-10","permalink":"/kb-00065/","summary":"Scaling your virtualization environment by creating a Proxmox VE Cluster allows you to centrally manage multiple physical nodes from a single web interface. Clustering enables advanced enterprise …","tags":null,"title":"Proxmox: How to Add Nodes (Hosts) to a Cluster"},{"content":"Integrating Proxmox Virtual Environment (VE) with Microsoft Active Directory allows you to centralize user management and apply your organization\u0026amp;rsquo;s existing security policies to your virtualization clusters. By connecting Proxmox to AD via LDAP, administrators and operators can log in using their standard domain credentials, eliminating the need to manage separate local accounts on each Proxmox node.\n1. Add the Active Directory Realm Navigate to your Proxmox VE web interface. At the top of …","date":"2026-03-10","permalink":"/kb-00064/","summary":"Integrating Proxmox Virtual Environment (VE) with Microsoft Active Directory allows you to centralize user management and apply your organization\u0026rsquo;s existing security policies to your …","tags":null,"title":"Proxmox: How to Add Active Directory Authentication (LDAP)"},{"content":"By default, Proxmox VE generates a self-signed SSL certificate during installation. While this encrypts the traffic between your browser and the server, it causes modern browsers to throw aggressive \u0026amp;ldquo;Your connection is not private\u0026amp;rdquo; warnings.\nWhy should we apply a valid SSL Certificate? In an enterprise or advanced homelab environment, ignoring certificate warnings is a dangerous habit. It trains administrators to click \u0026amp;ldquo;Proceed Anyway\u0026amp;rdquo;, which leaves them vulnerable to …","date":"2026-03-10","permalink":"/kb-00063/","summary":"By default, Proxmox VE generates a self-signed SSL certificate during installation. While this encrypts the traffic between your browser and the server, it causes modern browsers to throw aggressive …","tags":null,"title":"Proxmox VE: How to Apply a Valid Let's Encrypt SSL Certificate via ACME DNS"},{"content":"After completing the bare-metal installation of Proxmox VE, you will quickly notice a few initial hurdles: the persistent \u0026amp;ldquo;No Valid Subscription\u0026amp;rdquo; validation nag, the inability to download updates because the \u0026amp;ldquo;Enterprise\u0026amp;rdquo; repository is enabled by default, and a few unoptimized cluster settings.\nTo fix all of this simultaneously, we will use a legendary community tool that has saved thousands of hours for homelabbers and system administrators alike: Proxmox VE …","date":"2026-03-10","permalink":"/kb-00062/","summary":"After completing the bare-metal installation of Proxmox VE, you will quickly notice a few initial hurdles: the persistent \u0026ldquo;No Valid Subscription\u0026rdquo; validation nag, the inability to download …","tags":null,"title":"Proxmox VE: Post-Install Configuration using Helper Scripts"},{"content":"When it comes to building an enterprise-grade homelab or deploying production hypervisors on a budget, Proxmox Virtual Environment (VE) is the undisputed king. Built on Debian GNU/Linux, it provides native integration with KVM (Kernel-based Virtual Machine) for virtual machines and LXC for lightweight containers, completely free of licensing traps.\nIn this guide, we will walk through the bare-metal installation of Proxmox VE, paying special attention to the often-overlooked storage partitioning …","date":"2026-03-10","permalink":"/kb-00061/","summary":"When it comes to building an enterprise-grade homelab or deploying production hypervisors on a budget, Proxmox Virtual Environment (VE) is the undisputed king. Built on Debian GNU/Linux, it provides …","tags":null,"title":"Proxmox VE: Bare-Metal Installation \u0026 Boot Partitioning Guide"},{"content":"Keeping your TrueNAS installation up-to-date is crucial for maintaining system stability, improving ZFS performance, and patching critical security vulnerabilities. Fortunately, TrueNAS features a highly robust, built-in updater that handles downloading patches, applying them to a new boot environment, and safely rebooting the system without putting your data at risk.\nThis short guide demonstrates how to check for and apply system updates to your TrueNAS server.\nStep-by-Step Guide 1. Check for …","date":"2026-03-09","permalink":"/kb-00060/","summary":"Keeping your TrueNAS installation up-to-date is crucial for maintaining system stability, improving ZFS performance, and patching critical security vulnerabilities. Fortunately, TrueNAS features a …","tags":null,"title":"TrueNAS: How to Apply System Updates"},{"content":"The primary purpose of deploying TrueNAS is often to act as a highly resilient network file server. Server Message Block (SMB), also known as CIFS, is the standard file-sharing protocol natively used by Windows, but it is also widely supported by macOS and Linux systems. To share data across your network, you must first create an isolated filesystem container (a ZFS Dataset) and then expose that dataset via the SMB service.\nThis guide quickly walks you through creating a new Dataset and sharing …","date":"2026-03-09","permalink":"/kb-00059/","summary":"The primary purpose of deploying TrueNAS is often to act as a highly resilient network file server. Server Message Block (SMB), also known as CIFS, is the standard file-sharing protocol natively used …","tags":null,"title":"TrueNAS: How to Create an SMB Share Drive"},{"content":"When deploying TrueNAS in an enterprise environment, integrating it with a central Windows Server Active Directory (AD) domain is essential. Joining the domain allows TrueNAS to directly query your domain controllers for users and groups, eliminating the need to recreate local accounts. You can then assign NTFS-style permissions (ACLs) to your SMB shares seamlessly.\nThis guide details the procedure for joining your TrueNAS storage server into an Active Directory domain.\nStep-by-Step Guide 1. …","date":"2026-03-09","permalink":"/kb-00058/","summary":"When deploying TrueNAS in an enterprise environment, integrating it with a central Windows Server Active Directory (AD) domain is essential. Joining the domain allows TrueNAS to directly query your …","tags":null,"title":"TrueNAS: How to Join an Active Directory Domain"},{"content":"Securing your TrueNAS web interface with a valid SSL/TLS certificate is a critical step in deploying a production-ready storage server, especially when integrating it with enterprise Active Directory environments or managing it over a network. By default, TrueNAS generates a self-signed certificate, which modern browsers flag as insecure.\nThis guide details the process of importing an existing SSL certificate (and its private key)—often issued by an internal Windows Certificate Authority or a …","date":"2026-03-09","permalink":"/kb-00057/","summary":"Securing your TrueNAS web interface with a valid SSL/TLS certificate is a critical step in deploying a production-ready storage server, especially when integrating it with enterprise Active Directory …","tags":null,"title":"TrueNAS: How to Import and Apply SSL Certificates"},{"content":"The core of any TrueNAS deployment is its storage configuration. At the heart of this system is the ZFS file system, which organizes physical disks into logical groupings called vdevs (Virtual Devices) and aggregates them into a Pool. Creating a robust storage pool is your first step toward configuring data shares, taking snapshots, and securing your enterprise or homelab data.\nThis guide will walk you through the process of creating a new ZFS Storage Pool in TrueNAS.\nStep-by-Step Guide Log into …","date":"2026-03-09","permalink":"/kb-00056/","summary":"The core of any TrueNAS deployment is its storage configuration. At the heart of this system is the ZFS file system, which organizes physical disks into logical groupings called vdevs (Virtual …","tags":null,"title":"TrueNAS: How to Create a New ZFS Storage Pool"},{"content":"Introduction: What is TrueNAS? TrueNAS is universally recognized as the world\u0026amp;rsquo;s most robust Open Storage operating system, directly heavily relying on the legendary ZFS (Zettabyte File System) architecture. It delivers absolute enterprise-grade features straight out of the box: proactive data self-healing, intelligent RAM tier caching (ARC), and unlimited instantaneous snapshots.\nWhether deploying the FreeBSD-based CORE or the modern Debian Linux-based SCALE, TrueNAS effectively transforms …","date":"2026-03-09","permalink":"/kb-00055/","summary":"Introduction: What is TrueNAS? TrueNAS is universally recognized as the world\u0026rsquo;s most robust Open Storage operating system, directly heavily relying on the legendary ZFS (Zettabyte File System) …","tags":null,"title":"TrueNAS: How to Install and Configure the Ultimate ZFS Storage OS"},{"content":"As mentioned in the previous reboot announcement, one of the primary directives of the new mxlit.com architecture is to serve as an evergreen Knowledge Base (KB).\nFor years, my local Obsidian vault has been an extensive repository of technical data, absorbing countless troubleshooting nights, Proxmox cluster configurations, networking diagrams, and Windows Server anomalies. While it\u0026amp;rsquo;s great to have a personal second brain, hoarding that knowledge locally defeats the purpose of the …","date":"2026-03-08","permalink":"/news-00002/","summary":"As mentioned in the previous reboot announcement, one of the primary directives of the new mxlit.com architecture is to serve as an evergreen Knowledge Base (KB).\nFor years, my local Obsidian vault …","tags":null,"title":"Incoming Transmission: The Obsidian Vault Migration is Underway"},{"content":"When deploying new Windows Servers from templates, cloning VMs, or performing major system upgrades, you might run into a frustrating issue where Windows refuses to activate against your KMS host or accept a retail key. Often, the system throws obscure licensing errors or the \u0026amp;ldquo;Software Protection\u0026amp;rdquo; (sppsvc) service repeatedly fails to start.\nThis failure usually stems from deep-rooted permission corruption within the Windows system folders. During cloning or upgrading, the built-in …","date":"2026-03-08","permalink":"/kb-00054/","summary":"When deploying new Windows Servers from templates, cloning VMs, or performing major system upgrades, you might run into a frustrating issue where Windows refuses to activate against your KMS host or …","tags":null,"title":"Windows Server: How to Fix Software Protection Activation Errors"},{"content":"In a production environment, Windows Servers are typically designed to remain on the lock screen until an administrator actively authenticates. However, certain legacy applications or specific GUI-based tools explicitly require an active user session to run in the background. If the server reboots and sits at the Ctrl+Alt+Delete screen, these applications will simply fail to start, causing painful outages.\nThis scenario is extremely common when dealing with specialized Virtual Machines (VMs) in …","date":"2026-03-08","permalink":"/kb-00053/","summary":"In a production environment, Windows Servers are typically designed to remain on the lock screen until an administrator actively authenticates. However, certain legacy applications or specific …","tags":null,"title":"Windows Server: How to Configure Automatic Logon"},{"content":"Upgrading a Windows Server traditionally involved standing up a brand-new virtual machine and meticulously migrating roles, data, and applications (a \u0026amp;ldquo;clean install\u0026amp;rdquo; migration). However, Microsoft\u0026amp;rsquo;s In-Place Upgrade process has become phenomenally reliable, allowing you to upgrade the operating system of an existing server while keeping your files, settings, and complex applications completely intact.\nThis guide outlines exactly how to perform an in-place upgrade, the supported …","date":"2026-03-08","permalink":"/kb-00052/","summary":"Upgrading a Windows Server traditionally involved standing up a brand-new virtual machine and meticulously migrating roles, data, and applications (a \u0026ldquo;clean install\u0026rdquo; migration). However, …","tags":null,"title":"Windows Server: In-Place Upgrade Guide and Compatibility Paths"},{"content":"A healthy Active Directory (AD) environment is the backbone of any Windows-based enterprise network. When Domain Controllers (DCs) stop communicating or fail to replicate changes properly, you will experience bizarre authentication issues, missing user accounts, and erratic GPO behaviors.\nAs a system administrator, knowing how to quickly diagnose AD health and manually force replication is a critical skill. This guide outlines the most essential CMD and PowerShell commands used to verify Active …","date":"2026-03-08","permalink":"/kb-00051/","summary":"A healthy Active Directory (AD) environment is the backbone of any Windows-based enterprise network. When Domain Controllers (DCs) stop communicating or fail to replicate changes properly, you will …","tags":null,"title":"Active Directory: How to Check Active Directory Health and Force Replication"},{"content":"Encountering the \u0026amp;ldquo;Two filesystems with the same UUID have been detected\u0026amp;rdquo; error during an ESXi host boot can immediately halt your hypervisor\u0026amp;rsquo;s startup sequence. This issue typically occurs when the host detects multiple storage devices or boot partitions that share the exact same Universally Unique Identifier (UUID). This is a common side-effect of cloning a boot USB drive, SD card, or dealing with duplicate LUN snapshots without resigning the VMFS volumes. Resolving this boot …","date":"2026-03-08","permalink":"/kb-00050/","summary":"Encountering the \u0026ldquo;Two filesystems with the same UUID have been detected\u0026rdquo; error during an ESXi host boot can immediately halt your hypervisor\u0026rsquo;s startup sequence. This issue typically …","tags":null,"title":"VMware: How to Fix \"Two Filesystems With the Same UUID Have Been Detected\""},{"content":"Securing your vCenter Server (VCSA) with an authentic SSL certificate is a crucial step towards maintaining a robust virtualization environment. By default, vCenter uses self-signed certificates, which prompt annoying and potentially dangerous browser security warnings. Replacing these with a certificate signed by your own Internal Certificate Authority (CA) not only eliminates these warnings but also ensures that all communication within your management plane is encrypted and trusted natively …","date":"2026-03-08","permalink":"/kb-00049/","summary":"Securing your vCenter Server (VCSA) with an authentic SSL certificate is a crucial step towards maintaining a robust virtualization environment. By default, vCenter uses self-signed certificates, …","tags":null,"title":"VMware: How to Install a New Certificate with an Internal CA"},{"content":"Keeping your vCenter Server updated is not just a best practice; it\u0026amp;rsquo;s a critical operational necessity. Regular patching resolves severe security vulnerabilities, delivers essential bug fixes, and ensures compatibility with modern hardware and newer ESXi hosts. Since vCenter acts as the central command hub for your entire virtual infrastructure, an unpatched server can become a major security liability and compromise the stability of all managed workloads.\n1. Login into VAMI Navigate to …","date":"2026-03-07","permalink":"/kb-00048/","summary":"Keeping your vCenter Server updated is not just a best practice; it\u0026rsquo;s a critical operational necessity. Regular patching resolves severe security vulnerabilities, delivers essential bug fixes, …","tags":null,"title":"VMware: How to Apply Patches to vCenter Server"},{"content":"Static site generators (SSGs) like Hugo are unbeatable in speed and security. By compiling everything into pure HTML files, we eliminate attack vectors and database dependencies. However, a classic problem arises: How do we add basic interactivity, such as a \u0026amp;ldquo;Likes\u0026amp;rdquo; counter, without ruining the static nature of the site?\nInitially, the easy answer is to integrate a third-party service (SaaS). It\u0026amp;rsquo;s fast and it works. But as infrastructure engineers, relying on an external API …","date":"2026-03-05","permalink":"/kb-00047/","summary":"Static site generators (SSGs) like Hugo are unbeatable in speed and security. By compiling everything into pure HTML files, we eliminate attack vectors and database dependencies. However, a classic …","tags":null,"title":"Leaving SaaS: Creating Your Own Telemetry Microservice with FastAPI and Docker"},{"content":"Implementing Serverless Telemetry in Hugo with Lyket\nMigrating to a static site generator (SSG) like Hugo offers massive advantages in security and speed by not relying on databases to serve content. However, this presents a challenge when we want to integrate basic interactivity, such as a \u0026amp;ldquo;Like\u0026amp;rdquo; or \u0026amp;ldquo;Applause\u0026amp;rdquo; counter in our Knowledge Base.\nInstead of setting up additional containers or databases just to record clicks, the most elegant solution is to use a decoupled …","date":"2026-03-05","permalink":"/kb-00046/","summary":"Implementing Serverless Telemetry in Hugo with Lyket\nMigrating to a static site generator (SSG) like Hugo offers massive advantages in security and speed by not relying on databases to serve content. …","tags":null,"title":"HUGO: Implementing Serverless Telemetry in Hugo with Lyket (Applause Button)"},{"content":"The Heart of Your Infrastructure: Why You Need vCenter\nManaging ESXi servers individually through their web interface is fine for a very small environment, but when you\u0026amp;rsquo;re looking to scale, automate, and ensure availability, vCenter Server is the critical component. It acts as the centralized control panel for your entire vSphere infrastructure.\nKey Advantages of Deploying vCenter:\nCentralized Management: Control multiple ESXi hosts, virtual machines, and networks from a single console. …","date":"2026-03-05","permalink":"/kb-00045/","summary":"The Heart of Your Infrastructure: Why You Need vCenter\nManaging ESXi servers individually through their web interface is fine for a very small environment, but when you\u0026rsquo;re looking to scale, …","tags":null,"title":"VMware: Installing VMware vCenter Server (VCSA)"},{"content":"Why doesn\u0026amp;rsquo;t Docker automatically clean up junk files?\nIf you\u0026amp;rsquo;ve had a Docker server for more than a month, you\u0026amp;rsquo;ve probably noticed that disk space mysteriously disappears. Docker is designed on the principles of immutability and security. It doesn\u0026amp;rsquo;t delete anything by default because it can\u0026amp;rsquo;t guess whether that \u0026amp;ldquo;orphaned\u0026amp;rdquo; image from three months ago is a critical version you plan to roll back to, or if that build cache is something you need for a quick …","date":"2026-03-04","permalink":"/kb-00043/","summary":"Why doesn\u0026rsquo;t Docker automatically clean up junk files?\nIf you\u0026rsquo;ve had a Docker server for more than a month, you\u0026rsquo;ve probably noticed that disk space mysteriously disappears. Docker is …","tags":null,"title":"Docker: Automatic Image and Log Cleanup"},{"content":"Objective: Eliminate the manual process of compiling and copying the public/ folder to the server. We will implement a pipeline that, upon detecting a git push on the main branch, compiles the site and transfers it securely via SFTP using SSH keys.\nSecurity: Least Privilege Implementation In real production environments, we do not use root. Deployment is performed with a restricted user who only has access to their own home directory. This adds a vital layer of security: if the CI/CD process is …","date":"2026-03-04","permalink":"/kb-00044/","summary":"Objective: Eliminate the manual process of compiling and copying the public/ folder to the server. We will implement a pipeline that, upon detecting a git push on the main branch, compiles the site …","tags":null,"title":"GitHub: Guide to Deploying Hugo CI-CD to a Server with GitHub Actions Monorepo"},{"content":"When we deploy security solutions like Cortex XSIAM or centralize logs with Elasticsearch using Filebeat, one of the most common requirements is to ingest the name resolution activity of our Domain Controllers (DCs).\nTo achieve this, the first fundamental step is to enable DNS Debug Logging in the Windows DNS server configuration. However, this is not simply a matter of checking a box; There are critical technical and infrastructure considerations you should be aware of before implementing it in …","date":"2026-03-04","permalink":"/kb-00041/","summary":"When we deploy security solutions like Cortex XSIAM or centralize logs with Elasticsearch using Filebeat, one of the most common requirements is to ingest the name resolution activity of our Domain …","tags":null,"title":"DNS: How to Enable DNS Debug Logging on Windows Server (and Why Be Careful)"},{"content":"Have you ever tried to migrate a Virtual Machine in vCenter and found that the Migrate\u0026amp;hellip; option is completely disabled (grayed out)?\nOften, when trying to power it on or move it, vCenter displays a message indicating that the VM is pinned to a host (\u0026amp;ldquo;The virtual machine is pinned to a host\u0026amp;rdquo;). This usually happens when backup software (like Veeam) leaves a task hanging, or when a previous operation fails, leaving the VM in a locked or logically \u0026amp;ldquo;locked\u0026amp;rdquo; state. …","date":"2026-03-04","permalink":"/kb-00042/","summary":"Have you ever tried to migrate a Virtual Machine in vCenter and found that the Migrate\u0026hellip; option is completely disabled (grayed out)?\nOften, when trying to power it on or move it, vCenter …","tags":null,"title":"VMware: Unable to migrate VM (Migrate button grayed out) - Resolved via MOB"},{"content":"Domain Controller in Windows Core If you\u0026amp;rsquo;ve followed this series, you already know how to set up a primary and a secondary Domain Controller using the graphical interface (Desktop Experience). But, if we really want to take our infrastructure to the next level and minimize risks,\nIn this third and final installment, we\u0026amp;rsquo;re going to deploy a Domain Controller using Windows Server Core and purely the command line (PowerShell).\nWhy Choose Server Core for Your Active Directory? If …","date":"2026-03-04","permalink":"/kb-00040/","summary":"Domain Controller in Windows Core If you\u0026rsquo;ve followed this series, you already know how to set up a primary and a secondary Domain Controller using the graphical interface (Desktop Experience). …","tags":null,"title":"Active Directory: Adding Windows Core as a Domain Controller."},{"content":"Every good SysAdmin knows that there comes a point in the life of any infrastructure where continuing to patch legacy systems is no longer viable. It\u0026amp;rsquo;s time to perform a wipe, redesign the architecture, and redeploy from scratch.\nWelcome to the new mxlit.com.\nThe Paradigm Shift: Goodbye to the Heavyweight CMS For a long time, I maintained this space on traditional platforms, but as an Infrastructure Engineer, the idea of ​​having databases running, exposed ports, and vulnerable plugins to …","date":"2026-03-03","permalink":"/news-00001/","summary":"Every good SysAdmin knows that there comes a point in the life of any infrastructure where continuing to patch legacy systems is no longer viable. It\u0026rsquo;s time to perform a wipe, redesign the …","tags":null,"title":"System Reboot: Migration to Hugo and the New Knowledge Base"},{"content":"Working with enterprise storage infrastructure like Dell PowerScale (Isilon) usually provides peace of mind due to its high availability. However, when OneFS\u0026amp;rsquo;s self-protection mechanism kicks in, it can trigger a domino effect that completely halts production.\nWe recently faced a critical incident in OneFS 9.7.1.3 where a battery failure (BBU) escalated to the total loss of access to shared disks (SMB/NFS) and the crash of the WebUI.\nIn this post, I will document the symptoms, the root …","date":"2026-03-03","permalink":"/kb-00039/","summary":"Working with enterprise storage infrastructure like Dell PowerScale (Isilon) usually provides peace of mind due to its high availability. However, when OneFS\u0026rsquo;s self-protection mechanism kicks …","tags":null,"title":"Isilon OneFS: How a BBU Failure Brings Down Your Cluster (and the Risk of Forcing Recovery)"},{"content":"Why is it necessary to move FSMO roles? In an Active Directory environment, not all Domain Controllers (DCs) are the same. Although most tasks are replicated multidirectionally, there are five critical roles called FSMO (Flexible Single Master Operation) that can only be run by one server at a time to prevent write conflicts and corruption in the ntds.dit database.\nMoving these roles is not just an administrative whim; It is an operational necessity in the following scenarios:\nServer Maintenance …","date":"2026-02-20","permalink":"/kb-00038/","summary":"Why is it necessary to move FSMO roles? In an Active Directory environment, not all Domain Controllers (DCs) are the same. Although most tasks are replicated multidirectionally, there are five …","tags":null,"title":"Moving FSMO Roles"},{"content":"FSMO (Flexible Single Master Operations) roles are critical roles in an Active Directory environment that are assigned to one or more domain controllers to ensure that certain administrative and replication tasks are handled centrally. There are five FSMO roles, each with a specific function in the operation of Active Directory. Below, I detail the purpose of each:\n1. PDC Emulator Main Function: This role is responsible for emulating the behavior of a Windows NT Domain Controller (PDC) and is …","date":"2026-02-20","permalink":"/kb-00037/","summary":"FSMO (Flexible Single Master Operations) roles are critical roles in an Active Directory environment that are assigned to one or more domain controllers to ensure that certain administrative and …","tags":null,"title":"FSMO Role Function"},{"content":"Introduction You\u0026amp;rsquo;ve probably experienced this: you expand a virtual disk in Proxmox or VMware, go to Windows Disk Management intending to extend your main partition, and find that the \u0026amp;ldquo;Extend Volume\u0026amp;rdquo; option is grayed out (disabled).\nWhy does this happen? The reason is purely geometric. For Windows to extend a partition, the unallocated space must be contiguous and located immediately to the right of the volume you want to expand.\nThe problem is that, by default, modern Windows …","date":"2026-01-21","permalink":"/kb-00036/","summary":"Introduction You\u0026rsquo;ve probably experienced this: you expand a virtual disk in Proxmox or VMware, go to Windows Disk Management intending to extend your main partition, and find that the …","tags":null,"title":"How to extend the disk when there is another partition in between"},{"content":"Introduction At this point, we should have completed the following:\nExtended the Active Directory schema Prepared the domain for Exchange Installed the Exchange Server prerequisites If we have done everything as described in the previous posts, we will proceed with the Exchange installation.\nTo do this, remount the ISO and run the Setup.exe file.\nIt will ask if you want to connect to the Internet to check for updates; select that option and click Next.\nIf no updates are found, press Next.\nThis …","date":"2023-08-05","permalink":"/kb-00035/","summary":"Introduction At this point, we should have completed the following:\nExtended the Active Directory schema Prepared the domain for Exchange Installed the Exchange Server prerequisites If we have done …","tags":null,"title":"Exchange: How to Install Exchange Server"},{"content":"Introduction For security and performance reasons, it is recommended to install Exchange only on member servers and not on Active Directory servers.\nIn this post, we will see a series of prerequisites that are necessary for installing Exchange.\nTo do this, we will begin by running the following command in PowerShell as an administrator.\nInstall-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, …","date":"2023-08-04","permalink":"/kb-00034/","summary":"Introduction For security and performance reasons, it is recommended to install Exchange only on member servers and not on Active Directory servers.\nIn this post, we will see a series of prerequisites …","tags":null,"title":"Exchange: How to Install Exchange Server Prerequisites"},{"content":"Introduction Exchange uses Active Directory to store information about mailboxes and Exchange server configurations in your organization. Before installing Exchange Server, you must prepare your Active Directory forest and domains for the new version of Exchange\nThis step is similar to what we did in the previous post; the requirements are the same.\nOpen Command Prompt as administrator.\nRun the following command:\nsetup.exe /PrepareAD /OrganizationNam:\u0026amp;quot;\u0026amp;quot; …","date":"2023-08-03","permalink":"/kb-00033/","summary":"Introduction Exchange uses Active Directory to store information about mailboxes and Exchange server configurations in your organization. Before installing Exchange Server, you must prepare your …","tags":null,"title":"Exchange: How to Prepare Your Domain for Exchange"},{"content":"Introduction In this post, we\u0026amp;rsquo;ll see how to extend the Active Directory schema and prepare it for an Exchange installation.\nThe Active Directory schema is a fundamental component of the network management technology developed by Microsoft, known as Active Directory. Simply put, we could think of the schema as the \u0026amp;ldquo;DNA\u0026amp;rdquo; of Active Directory, as it defines and organizes the structure and attributes of the objects that can be stored in the directory.\nIn more detail, the Active …","date":"2023-07-30","permalink":"/kb-00032/","summary":"Introduction In this post, we\u0026rsquo;ll see how to extend the Active Directory schema and prepare it for an Exchange installation.\nThe Active Directory schema is a fundamental component of the network …","tags":null,"title":"Exchange: How to Extend the Active Directory Schema"},{"content":"Introduction Before starting any configuration, we must verify the Active Directory requirements to begin installing Exchange in our environment.\nThe minimum requirements for our domain controller must be Windows Server 2008 R2 Datacenter RTM or later.\nThe minimum for the Active Directory forest is also Windows Server 2008 R2 or later.\nYou can find all these requirements in detail at the following link.\nAnother requirement is having .NET Framework 4.8 installed. It\u0026amp;rsquo;s also recommended that …","date":"2023-07-30","permalink":"/kb-00031/","summary":"Introduction Before starting any configuration, we must verify the Active Directory requirements to begin installing Exchange in our environment.\nThe minimum requirements for our domain controller …","tags":null,"title":"Exchange: Verify AD Requirements for Exchange Server"},{"content":"Introduction Ubuntu is one of the most popular and reliable Linux operating systems on the market, and one of its most widely used versions is Ubuntu 20.04 LTS (Long Term Support). However, the arrival of Ubuntu 22.04 LTS brings with it numerous improvements and advantages that make an upgrade worth considering. In this article, we will explore the reasons to upgrade from Ubuntu 20.04 LTS to Ubuntu 22.04 LTS, the advantages of using LTS versions, and detail the key improvements offered by the …","date":"2023-07-30","permalink":"/kb-00030/","summary":"Introduction Ubuntu is one of the most popular and reliable Linux operating systems on the market, and one of its most widely used versions is Ubuntu 20.04 LTS (Long Term Support). However, the …","tags":null,"title":"How to Upgrade from Ubuntu 20.04 LTS to Ubuntu 22.04 LTS"},{"content":"Introduction First, let\u0026amp;rsquo;s briefly explain why SSL certificates should be used and what Let\u0026amp;rsquo;s Encrypt is.\nIn today\u0026amp;rsquo;s digital world, online security is a primary concern for all businesses and websites. Cyberattacks and the theft of sensitive information are on the rise, and users have become more aware of the importance of browsing the web securely. One of the most effective ways to protect the privacy and integrity of your visitors\u0026amp;rsquo; data is by using SSL (Secure Socket …","date":"2023-07-20","permalink":"/kb-00029/","summary":"Introduction First, let\u0026rsquo;s briefly explain why SSL certificates should be used and what Let\u0026rsquo;s Encrypt is.\nIn today\u0026rsquo;s digital world, online security is a primary concern for all …","tags":null,"title":"How to Get Free SSL Certificates from Let's Encrypt with Certify The Web"},{"content":"Introduction The SYSVOL directory is a folder on Windows domain controllers that contains information and data necessary for the logon system and other Active Directory functions to work correctly. SYSVOL is essential for domain controller replication and the consistency of Active Directory data across the domain.\nWhen SYSVOL replication fails between domain controllers, it can cause serious problems with Active Directory functionality, such as the failure to create Group Policy Objects (GPOs). …","date":"2023-02-13","permalink":"/kb-00028/","summary":"Introduction The SYSVOL directory is a folder on Windows domain controllers that contains information and data necessary for the logon system and other Active Directory functions to work correctly. …","tags":null,"title":"Active Directory: SYSVOL Folder not replicating"},{"content":"Introduction Active Directory (AD) is a Microsoft directory service that allows system administrators to centralize the management of users, groups, and resources on a network.\nOne of AD\u0026amp;rsquo;s features is the ability to configure Password Settings Objects (PSOs) to establish security policies for user passwords.\nPassword Security Objects (PSOs) are different from password policies that can be added via Group Policy Objects (GPOs). PSOs can be used for specific purposes, such as setting a …","date":"2023-01-13","permalink":"/kb-00027/","summary":"Introduction Active Directory (AD) is a Microsoft directory service that allows system administrators to centralize the management of users, groups, and resources on a network.\nOne of AD\u0026rsquo;s …","tags":null,"title":"Active Directory: Password Settings Objects (PSOs)"},{"content":"Introduction In this post, we\u0026amp;rsquo;ll see step-by-step how to upgrade a standalone ESXi server, using both online and offline methods.\nThe process requires the server to be in maintenance mode and will need a restart upon completion. Therefore, I recommend moving all VMs to another host if they are in a cluster.\nFor this procedure, I will use the server previously created in the post How to Install an ESXi Server. As we can see, the server version is 6.7.0 Update 3 (Build 14320388).\nTo put the …","date":"2022-06-08","permalink":"/kb-00026/","summary":"Introduction In this post, we\u0026rsquo;ll see step-by-step how to upgrade a standalone ESXi server, using both online and offline methods.\nThe process requires the server to be in maintenance mode and …","tags":null,"title":"VMware: How to Upgrade an ESXi Server"},{"content":"Introduction In this post, we\u0026amp;rsquo;ll see step-by-step how to install VMware vRealize Operations Manager.\nBut what is VMware vRealize Operations Manager? vRealize Operations Manager is a VMware tool that helps IT administrators monitor, troubleshoot, and manage the health and capacity of the entire virtual infrastructure in VMware.\nVMware vRealize Operations Manager collects performance data from each object within our environment, stores and analyzes the information, and provides it in real …","date":"2022-06-07","permalink":"/kb-00025/","summary":"Introduction In this post, we\u0026rsquo;ll see step-by-step how to install VMware vRealize Operations Manager.\nBut what is VMware vRealize Operations Manager? vRealize Operations Manager is a VMware tool …","tags":null,"title":"VMware: How to Install vRealize Operations Manager"},{"content":"Introduction In this post, we\u0026amp;rsquo;ll see step-by-step how to install the VMware ESXi Hypervisor… but what is a hypervisor?\nA hypervisor is software that allows a server to allocate resources to different virtual machines hosted on it by using shared resources, such as memory and processing power.\nGenerally, we can find two types of hypervisors.\nType 1 hypervisors are those that are installed directly on the computer, while Type 2 hypervisors are those that are hosted within another operating …","date":"2022-06-05","permalink":"/kb-00024/","summary":"Introduction In this post, we\u0026rsquo;ll see step-by-step how to install the VMware ESXi Hypervisor… but what is a hypervisor?\nA hypervisor is software that allows a server to allocate resources to …","tags":null,"title":"VMware: How to Install an ESXi Server"},{"content":"Introduction In this post, I will explain how to extend the trial license offered by Microsoft for Windows Server and why it is important to keep Windows Server activated.\nAs you may know, Microsoft offers Windows Server for free for a 180-day trial period. After this time, we \u0026amp;ldquo;must\u0026amp;rdquo; enter a valid license; otherwise, the system will be deactivated. This can cause a series of inconveniences, such as the deactivation of certain custom options, and the server will also shut down …","date":"2022-03-28","permalink":"/kb-00023/","summary":"Introduction In this post, I will explain how to extend the trial license offered by Microsoft for Windows Server and why it is important to keep Windows Server activated.\nAs you may know, Microsoft …","tags":null,"title":"Windows Server: How to extend the trial period"},{"content":"Introduction In this post, I will show you how to configure the page file for Exchange Server 2013/2016 using best practices. The process is slightly different for Exchange Server 2019, but I will explain the differences in paging.\nRecommended RAM and Page File Size for 2013/2016 Versions\nBefore continuing, please note the following:\nFor the Mailbox role, the minimum recommended RAM is 8GB.\nFor the Edge Transport role, the minimum recommended RAM is 4GB.\nThe maximum memory is 196GB.\nTo configure …","date":"2022-01-06","permalink":"/kb-00022/","summary":"Introduction In this post, I will show you how to configure the page file for Exchange Server 2013/2016 using best practices. The process is slightly different for Exchange Server 2019, but I will …","tags":null,"title":"Exchange: Configuring the Page File"},{"content":"Introduction The first thing to consider before implementing Exchange Server is understanding the different versions available. Currently, there are two versions: Standard and Enterprise. Here you will see the differences between them to determine which one best suits your needs.\nEnterprise Edition\nIt has a maximum of 100 databases per server. The maximum size is 16TB. Standard Edition\nIt is limited to 5 databases per server. The maximum size is 1TB. A mounted database refers to the database …","date":"2022-01-06","permalink":"/kb-00021/","summary":"Introduction The first thing to consider before implementing Exchange Server is understanding the different versions available. Currently, there are two versions: Standard and Enterprise. Here you …","tags":null,"title":"Exchange: Exchange Server Versions"},{"content":"Introduction In this post, we\u0026amp;rsquo;ll see how to configure and promote a second domain controller.\nHaving a second domain controller is crucial, as it serves as a backup in case the primary controller fails. Redundancy is always beneficial; without an extra domain controller, if the primary controller fails, all users could lose access to the various systems.\nTo avoid this, we\u0026amp;rsquo;ll walk you through this task step by step. While this isn\u0026amp;rsquo;t limited to just a second controller, you can …","date":"2021-12-31","permalink":"/kb-00019/","summary":"Introduction In this post, we\u0026rsquo;ll see how to configure and promote a second domain controller.\nHaving a second domain controller is crucial, as it serves as a backup in case the primary …","tags":null,"title":"ADDS: Configure and Promote a Second Domain Controller"},{"content":"Introduction In this post, we\u0026amp;rsquo;ll see how to configure a DHCP server, add the necessary role, and configure the scopes.\nHaving a DHCP server within your organization is essential, and here we\u0026amp;rsquo;ll see the configuration step by step.\nFor this post, I\u0026amp;rsquo;ll use the primary Domain Controller to add the DHCP role. While this is common practice in many environments, you should consider the number of clients that will be connected to avoid impacting server performance.\nWith that said, …","date":"2021-12-31","permalink":"/kb-00020/","summary":"Introduction In this post, we\u0026rsquo;ll see how to configure a DHCP server, add the necessary role, and configure the scopes.\nHaving a DHCP server within your organization is essential, and here …","tags":null,"title":"DHCP: How to Configure a DHCP Server from Scratch"},{"content":"Introduction In this post, we\u0026amp;rsquo;ll see how to add an additional LAN to pfSense.\nPFSense is an open-source firewall/router based on FreeBSD. It can be installed physically or virtually. PfSense has undoubtedly established itself as a great alternative for firewall use because it is highly configurable with its extensive package list, allowing for expanded functionality.\nThe Community version can be downloaded from this link.\nNow that we\u0026amp;rsquo;ve briefly explained what pfSense is and what …","date":"2021-11-13","permalink":"/kb-00018/","summary":"Introduction In this post, we\u0026rsquo;ll see how to add an additional LAN to pfSense.\nPFSense is an open-source firewall/router based on FreeBSD. It can be installed physically or virtually. PfSense has …","tags":null,"title":"PFSense: Adding an Additional LAN"},{"content":"Introduction As we\u0026amp;rsquo;ve seen in previous posts, the typical way to create new virtual machines is through templates. As administrators, we need to keep these templates updated. Having one or two templates isn\u0026amp;rsquo;t a challenge or very time-consuming, but if you have several templates in different locations, such as: 3 templates in Mexicali, 3 in Tijuana, 3 in Ensenada, and another 3 somewhere else (just to name a few), this task can be a bit time-consuming since the procedure involves …","date":"2021-11-07","permalink":"/kb-00017/","summary":"Introduction As we\u0026rsquo;ve seen in previous posts, the typical way to create new virtual machines is through templates. As administrators, we need to keep these templates updated. Having one or two …","tags":null,"title":"VMware: Updating Windows Templates in VMware with PowerCLI"},{"content":"Introduction In this post, we\u0026amp;rsquo;ll see how to create a new VM from a template. In previous posts, we saw how to create a VM from scratch; however, the ideal way is to create VMs from a template. Here, we\u0026amp;rsquo;ll see how to perform this task using vCenter (graphical method) and PowerShell.\nRight-click where you want to create the VM (in this case, I\u0026amp;rsquo;ll use the resource pool I created earlier), then select New Virtual Machine….\nSelect Deploy from template.\nSelect the desired template. …","date":"2021-11-06","permalink":"/kb-00016/","summary":"Introduction In this post, we\u0026rsquo;ll see how to create a new VM from a template. In previous posts, we saw how to create a VM from scratch; however, the ideal way is to create VMs from a template. …","tags":null,"title":"VMware: How to Create a Virtual Machine from a Template – GUI/PowerCLI"},{"content":"Introduction In this post, we\u0026amp;rsquo;ll see how to create a virtual machine template that we can use to create other virtual machines.\nI recommend updating Windows completely before creating the template. Once that\u0026amp;rsquo;s done, we can proceed.\nSelect the virtual machine you want to convert into a template, click on Actions, select Template, and then Convert to Template.\nAccept the warning.\nAs you can see in the image, the template has disappeared from the resource pool.\nThe created template will …","date":"2021-11-02","permalink":"/kb-00015/","summary":"Introduction In this post, we\u0026rsquo;ll see how to create a virtual machine template that we can use to create other virtual machines.\nI recommend updating Windows completely before creating the …","tags":null,"title":"VMware: How to Convert a Virtual Machine into a Template, from GUI/PowerCLI"},{"content":"Introduction In this post, we\u0026amp;rsquo;ll see how to create a new virtual machine from scratch. While the ideal approach is to create virtual machines from a template, here we\u0026amp;rsquo;ll see how to do it if you don\u0026amp;rsquo;t have one. In future posts, I\u0026amp;rsquo;ll explain how to create a template from an existing virtual machine and then create virtual machines from that template.\nRight-click on the cluster or resource pool where you want the new virtual machine to be located, and select \u0026amp;ldquo;New …","date":"2021-10-31","permalink":"/kb-00014/","summary":"Introduction In this post, we\u0026rsquo;ll see how to create a new virtual machine from scratch. While the ideal approach is to create virtual machines from a template, here we\u0026rsquo;ll see how to do it …","tags":null,"title":"VMware: How to create a new virtual machine from scratch."},{"content":"Introduction In this post, we\u0026amp;rsquo;ll see how to add another domain to an Exchange server.\nFirst, we need to obtain a domain. This can be one you\u0026amp;rsquo;ve purchased or any free domain. Then, we need to edit the MX records of the new domain so they point to our Exchange server.\nTo obtain a free domain, I\u0026amp;rsquo;ve included the link here.\nFor this example, I\u0026amp;rsquo;ll use the domain mxlitpro.tk, which was created previously.\nNote: I\u0026amp;rsquo;ll be using screenshots of the freenom DNS settings, so they …","date":"2021-10-27","permalink":"/kb-00013/","summary":"Introduction In this post, we\u0026rsquo;ll see how to add another domain to an Exchange server.\nFirst, we need to obtain a domain. This can be one you\u0026rsquo;ve purchased or any free domain. Then, we need …","tags":null,"title":"Exchange: How to Add Another Email Domain"},{"content":"Introduction A couple of days ago, I was asked for help copying security groups from one user to a new user. While it\u0026amp;rsquo;s true that we can perform this task manually, sometimes a simple line of code can save us this work. This is helpful when the new user belongs to the same department as the user whose groups we want to copy.\nThere\u0026amp;rsquo;s something to keep in mind before doing this: you should be aware that the user with the groups belonging to the department may have additional, …","date":"2021-10-14","permalink":"/kb-00012/","summary":"Introduction A couple of days ago, I was asked for help copying security groups from one user to a new user. While it\u0026rsquo;s true that we can perform this task manually, sometimes a simple line of …","tags":null,"title":"PowerShell: How to Transfer Security Groups from One User to Another"},{"content":"Introduction In this post, we\u0026amp;rsquo;ll see how to alert users when their domain password will soon expire. To do this, we\u0026amp;rsquo;ll create a PowerShell script.\nThis script is divided into three functions, which I will explain.\nSend-Email Send-Email This function basically receives three parameters: Username, user email address, and the number of days remaining until the password expires.\nIn this case, I\u0026amp;rsquo;m using unauthenticated email. Please note that using unauthenticated email (no SSL and …","date":"2021-10-08","permalink":"/kb-00011/","summary":"Introduction In this post, we\u0026rsquo;ll see how to alert users when their domain password will soon expire. To do this, we\u0026rsquo;ll create a PowerShell script.\nThis script is divided into three …","tags":null,"title":"PowerShell: Send email to users when password will soon expire."},{"content":"Introduction Security Procedure: Local Administrator Control\nSome time ago, I was asked to find a method to implement certain security and control measures for users who are local administrators on each server. These measures required the following:\nCreation of Groups in AD: Create a security group in Active Directory for each server. Assignment of Permissions: Add the created group to the corresponding server with the local administrator role. User Migration: Find all current local …","date":"2021-09-13","permalink":"/kb-00010/","summary":"Introduction Security Procedure: Local Administrator Control\nSome time ago, I was asked to find a method to implement certain security and control measures for users who are local administrators on …","tags":null,"title":"PowerShell: Create security groups for each server, remove local administrators and add them to the new group."},{"content":"Introduction In this post, I will show you how to create a GPO to meet the minimum requirements for password policies.\nThe first step is to access Group Policy Management.\nGroup Policy Management Right-click on Group Policy Objects and select New.\nGive it a name related to what you want to do.\nSelect the created GPO, right-click, and select Edit.\nWithin the computer settings, expand the following options: Policies, Windows Settings, Security Settings, Account Policies, and select Password …","date":"2021-09-02","permalink":"/kb-00009/","summary":"Introduction In this post, I will show you how to create a GPO to meet the minimum requirements for password policies.\nThe first step is to access Group Policy Management.\nGroup Policy Management …","tags":null,"title":"GPO: How to Configure Password Policies"},{"content":"Introduction The easiest way to create users in AD is undoubtedly using Active Directory Users and Computers, provided you only want to create one or two users. But what if you want to create multiple users? In that case, I don\u0026amp;rsquo;t think this method is the most suitable. For this, we will use PowerShell with the New-ADUser cmdlet.\nThere are multiple parameters we can use with the New-ADUser cmdlet. If we check the syntax, we get the following:\nGet-Command New-ADUser -Syntax Creating a user …","date":"2021-08-31","permalink":"/kb-00008/","summary":"Introduction The easiest way to create users in AD is undoubtedly using Active Directory Users and Computers, provided you only want to create one or two users. But what if you want to create multiple …","tags":null,"title":"PowerShell: How to Create New Users in AD"},{"content":"Introduction In this post, we\u0026amp;rsquo;ll see how to install the ADDS (Active Directory Domain Services) role and how to promote our new domain controller.\nA domain controller will help us manage user authentication, apply policies, assign roles, and create administrative groups within our company.\nTo do this, it\u0026amp;rsquo;s recommended to follow some prerequisites before continuing with the role installation.\nWe\u0026amp;rsquo;ll need to assign a descriptive name to our domain controller.\nName the Domain …","date":"2021-08-28","permalink":"/kb-00006/","summary":"Introduction In this post, we\u0026rsquo;ll see how to install the ADDS (Active Directory Domain Services) role and how to promote our new domain controller.\nA domain controller will help us manage user …","tags":null,"title":"ADDS: Install, Configure, and Promote a Domain Controller"},{"content":"Introduction PowerShell script execution is disabled by default on domain-joined computers. If you attempt to run a script, you will receive a message stating that the policy is restricted.\nDisallowed Scripts As administrators, we may want to implement scheduled tasks to perform certain automations, so it is necessary to be able to run scripts without restrictions.\nWhile it\u0026amp;rsquo;s true that we can manually modify these values ​​within the computer or bypass the script as shown in the image. …","date":"2021-08-28","permalink":"/kb-00007/","summary":"Introduction PowerShell script execution is disabled by default on domain-joined computers. If you attempt to run a script, you will receive a message stating that the policy is restricted.\nDisallowed …","tags":null,"title":"GPO: Enable script execution."},{"content":"Introduction Let\u0026amp;rsquo;s talk about Freenom. Freenom is a domain provider where you can get free domains for a year. These domains work just like any other domain and are perfect for testing and development environments. Perhaps the only limitation is that you can only get domains that end in .tk, .ml, .ga, .cf, or .gq.\nNote: I don\u0026amp;rsquo;t recommend using a free domain for production.\nStep-by-Step Guide Go to https://www.freenom.com and create an account.\nGo to the homepage and search for your …","date":"2021-08-27","permalink":"/kb-00005/","summary":"Introduction Let\u0026rsquo;s talk about Freenom. Freenom is a domain provider where you can get free domains for a year. These domains work just like any other domain and are perfect for testing and …","tags":null,"title":"How to get a free domain with Freenom"},{"content":"Introduction Scenario Delegation of control in Active Directory can be very helpful when managing a large number of users from different locations. System administrators can delegate permissions to IT staff in different branches so they can manage users in their city. This is especially useful when permissions are delegated and your company doesn\u0026amp;rsquo;t need everything centralized.\nFor this example, let\u0026amp;rsquo;s consider the following: My organization is divided into three cities: Ensenada, …","date":"2021-08-19","permalink":"/kb-00004/","summary":"Introduction Scenario Delegation of control in Active Directory can be very helpful when managing a large number of users from different locations. System administrators can delegate permissions to IT …","tags":null,"title":"Active Directory: Delegation of Control."},{"content":"Introduction Situation This is something I\u0026amp;rsquo;ve seen in different places: sometimes, certain users with administrator privileges on a domain-joined computer delete the Domain Admins group or other groups required by the organization, whether for checking the computer\u0026amp;rsquo;s status or for deploying software like SCCM.\nOne of the basic rules is: Never make users local administrators. However, if it\u0026amp;rsquo;s necessary and you want to ensure that the desired group always has local administrator …","date":"2021-08-19","permalink":"/kb-00003/","summary":"Introduction Situation This is something I\u0026rsquo;ve seen in different places: sometimes, certain users with administrator privileges on a domain-joined computer delete the Domain Admins group or other …","tags":null,"title":"GPO: Maintain the Domain Admins group or other groups as local administrators within computers."},{"content":"Introduction Sometimes it\u0026amp;rsquo;s necessary to add all members of an Organizational Unit (OU) to a security group in Active Directory, but how can we do this using PowerShell?\nSolution Run the following command:\nGet-ADUser -SearchBase \u0026amp;#34;OU=IT,OU=Networkingzone_Users,DC=NETWORKINGZONE,DC=NET\u0026amp;#34; -Filter * | ForEach-Object {Add-ADGroupMember -Identity \u0026amp;#39;Security-Test-Group\u0026amp;#39; -Members $_} As you can see in the image, I only have 7 users within the IT OU and in this example all users from …","date":"2021-08-14","permalink":"/kb-00001/","summary":"Introduction Sometimes it\u0026rsquo;s necessary to add all members of an Organizational Unit (OU) to a security group in Active Directory, but how can we do this using PowerShell?\nSolution Run the …","tags":null,"title":"PowerShell: How to add all users from an OU to a security group"}]