undefined | Better HN

0 pointseigenvector9y ago0 comments

Yes, but when your IT is incompetent they do the first half (block NTP to anywhere outside your network), then don't provide their own time source. Then try to blame users when they complain that their time is always wrong.

0 comments

3 comments · 1 top-level

Declanomous9y ago· 2 in thread

We do have our own time source. Our NTP source is locked to that server via GPO. NTP requests aren't blocked, because I can still set NTP on things like my printer to other NTP sources and receive updates.

I'm willing to bet they don't realize that they've blocked their server. What I want to know is how the drift got to be this bad in a matter of days. It's like whatever computer they are using as the NTP server doesn't have a real-time clock.

brazzledazzle9y ago

"It's like whatever computer they are using as the NTP server doesn't have a real-time clock."

It sounds like their domain controller holding the PDCE FSMO role is a virtual machine. This advice might be outdated but last time I checked it was better to host it on a physical machine. If they're restoring DBs from backups without notifications and managing their Active Directory environment like this I can only imagine how fragile your infrastructure really is. Good luck, you're going to need it.

Declanomous9y ago

>It sounds like their domain controller holding the PDCE FSMO role is a virtual machine.

Called it. I didn't even think about the fact that it was a virtual machine until you mentioned it. Everything makes so much sense now. The randomly disappearing files, random issues with file locking. I just assumed the problem was they had no idea what rules to use for file replication.

> I can only imagine how fragile your infrastructure really is.

Yeah, it's a nightmare. Ignoring the "files disappear and are never found" issue, files get overwritten with earlier versions all the time. I'm not entirely sure what their hosting situation is, but I suspect they are running virtual machines in virtual machines.

On top of that, most applications are only available on VMs through a Citrix connection. This isn't inherently a problem, but they have it set up so everyone is logged on to the same machine. This causes issues with most MS Office applications, because they assume one user per computer is accessing the files. So file locking is completely broken, because Windows looks at the file and says "Hey, that's me, I have that open!"

It's the biggest nightmare with Access applications, (which we have a ton of), because Access assumes that everyone has their own copy of the front-end (client) database, and each independently accesses the back-end (server) Access database. Optimistic locking doesn't work at all with the "everyone uses the same file from the same computer" approach, and pessimistic locking barely works. I've set up the client databases to automatically create a copy for each user, but as you can imagine it's a bit of a nightmare to keep everything updated.

j / k navigate · click thread line to collapse