what did you learn today? (part 2)

[Darkseid]

Eh, it was a custom rule in their firewall, editting out that value fixed it

*shrug* maybe it was a placebo, maybe it was a Magic/No Magic switch.

 

[ronelson]

Eh, it was a custom rule in their firewall, editting out that value.

If it's looking for TTL <= 2, that's pure fucking evil. Or pure genius. It ensures that only machines with a specified TTL of 2, or 30 or 62 hops (depending on OS) can get there. Someone three hops away is fucked.

 

[Frennzy]

Darkseid[/url]"3rhb532]Eh, it was a custom rule in their firewall, editting out that value fixed it

*shrug* maybe it was a placebo, maybe it was a Magic/No Magic switch.

It still could have been them mangling the headers to reduce the TTL to 2, it's just like sryan said, it's not 2 milliseconds, it's 2 hops. (Each time it passes a routing boundary the TTL is decremented by 1, if it reaches zero, the packet gets dropped)

 

[Danger Mouse]

ncrand[/url]":3hs6hp34]I think DM needs his own thread entitled "The Perpetual Danger Mouse Infrastructure Thread".

Turns out it wasn't the HQ Org and the backbone provider says no changes in 5 months to the CPE router

Which takes me back to the horrific loops (more than one) in the data center. That sounds dumb and even Cargo Cultish, but everything is pointing back to our DMZ switch.

There's a VLAN partially defined there with no IP. The switch has a default gateway of our core switch. The core has a connection to our ASA and via our Edge switch to the firewall.

The same VLAN number is used on the Nexus fabric switches. Between the fabric switch and the DMZ switch is the core, which doesn't have that VLAN used on any connection nor defined in the config.

 

[M. Jones]

Danger Mouse[/url]":2oox512k]...that Notepad++ has an awesome plugin available to do visual comparison of files, such as copies of switch/router/firewall configs

man diff

man patch

And he was enlightened.

For bonus points, have the configs pulled and checked into source-code control -- rancid does this, I'm fairly certain -- and mail or RSS you the diffs realtime. Perhaps you could get a commit-hook to pull AAA information so you'd have culprits on the version history.

 

[M. Jones]

sryan2k1[/url]":1ievhavj]TTL is a hop count, not a time based metric.

In IPv6, the TTL field is formally changed to 'Hop Count'.

 

[Danger Mouse]

M. Jones[/url]":298nup93]

Danger Mouse[/url]":298nup93]...that Notepad++ has an awesome plugin available to do visual comparison of files, such as copies of switch/router/firewall configs

man diff

man patch

And he was enlightened.

For bonus points, have the configs pulled and checked into source-code control -- rancid does this, I'm fairly certain -- and mail or RSS you the diffs realtime. Perhaps you could get a commit-hook to pull AAA information so you'd have culprits on the version history.

I know about diff. I learned *nix by starting on an ancient copy of AIX and SCO UNIX back in 91.

Having seen many diffs in my time, I can tell just by looking at the pixels...

The point was that I was looking for something for NotePad++ rather than trying to muck around in Linux to do just one simple thing or installing another app. A plugin is perfect and fits within my workflow.

Source-code control would be great, except we've already invested in Solarwinds NPM/NCM, which I pointed out in a previous post.

I need to do a break-fix RIGHT NOW, rather than implement yet another project. SolarWinds isn't ideal, but it's more than good enough for now. It's certainly better than the broken HP SIM and TheDUDE installs done by a contractor.

 

[Danger Mouse]

sryan2k1[/url]":34pzx0am]Protip, plugging a 2nd Cisco phone into a first that has it's upstream port set to BPDUGuard will result in a phone with no power.

You can get a similar "no boot, but lights are light without screen lighting up" from a too quick reboot of the phone, if it's on certain firmware versions.

I've uploaded the updated (yay, free due to security vulnerability!) versions to our call manager. The "new" phone guy is pushing them out a few at a time. I'll probably have to step in and do some en masse prior to the building moves.

It's inevitable that some of the phones won't survive a switch reboot or anything that appears like a switch reboot (connection flap) to the phone.

 

[M. Jones]

hernias[/url]":26x4f66d]TIL that caffeine + psuedoephedrine makes everything a little... bouncy.

Under the same circumstance I once experienced an extended microearthquake which turned out to be, in fact, the power-supply fan vibration from my workstation.

 

[Sunner]

Pontiphex[/url]":2wf1zx4d]As a vendor that sells enterprise software that usually gets installed on-premise in these kinds of environments, let me tell you it can be just as infuriating the other way around.

Jackass operations folks that completely ignore our recommended CPU, Memory, and Storage specs - and dig their heels in despite proof showing that "yes, because you only gave us 6GB of memory for the SQL Server there is not enough for caching - see how the page life expectancy metric is a mere 2 seconds", their obstinance requiring us to go over their head and get a VP/Director level person to force the issue (which magically goes away afterwards).

This one was extra special because we pleaded with them to just bump us up to our recommended specs for a few days so the go-live had a shot at going smoothly, and they could later reduce it until they found equilibrium...and they spun some tale about performance issues that occur if you increase memory and then later decrease it - which would require rebuilding the guest VM to resolve! They could never back that claim up.

Or insisting that the SAN is tip-top until we can show proof of insane disk queue lengths or read/write latencies - (Oh, yeah, we actually have a ticket open with EMC, hurr durr).

Those are at least relatively simple to provide proof of deficiency without having access beyond the guest OS...but the one that has been a real pain is demonstrating when a host is CPU starved. I'm not sure how to measure that with just guest access. Thankfully it has only come up once.

Yeah true, we've done it that way too. The previously mentioned guy in charge had a few people he trusted for whatever reason and the stupidity was portioned out to vendors as well. We had a monitoring system that wasn't even a monitoring system, the vendor actually told him that it wasn't meant to be used the way he wanted to use it, but he persisted and the company ended up actually paying the vendor to develop a special version of it just for us despite said vendor's insistence that it was a bad idea.

On a positive note, TIL that Brocade's ethernet fabric stuff is really cool. Remains to be seen if it will actually do what they say it will, but what I saw on our crash course today had some pretty awesome promise. It also feels a bit like cheating when stuff actually "just works".

Oh and Danger Mouse, gvim and vimdiff.

 

[Frennzy]

On a positive note, TIL that Brocade's ethernet fabric stuff is really cool. Remains to be seen if it will actually do what they say it will, but what I saw on our crash course today had some pretty awesome promise. It also feels a bit like cheating when stuff actually "just works".

You've got PM.

 

[ronelson]

For bonus points, have the configs pulled and checked into source-code control -- rancid does this, I'm fairly certain -- and mail or RSS you the diffs realtime. Perhaps you could get a commit-hook to pull AAA information so you'd have culprits on the version history.

Better yet, look at something device specific, like CSM (bleah), FortiManager (slightly less bleah) or JunOS Space (unknown bleah) that can do visual diffs with highlighting that are appropriate for the device-type, sometimes with sections that collapse/expand to make things easier.

I am not making a recommendation, but I will say that as a vendor-agnostic platform, I have been playing with www.backbox.co and been surprisingly happy. None of the ugliness of the various vendor systems, missing a few of the perks, but solid on what it really was made for - backups, restores, and diffs of network and security devices.

I think DM needs his own thread entitled "The Perpetual Danger Mouse Infrastructure Thread".

Fuck it. If Ars wants to create some new forums like they've suggested, a Danger Mouse Train Wreck forum would be lucrative.

 

[M. Jones]

ronelson[/url]":qbviev9s] If Ars wants to create some new forums like they've suggested, a Danger Mouse Train Wreck forum would be lucrative.

I avoid schadenfruede generally, but the train wreck I want to read is the one that happens at Danger Mouse's current organization when he departs.

 

[Danger Mouse]

M. Jones[/url]":3sa354g8]

ronelson[/url]":3sa354g8] If Ars wants to create some new forums like they've suggested, a Danger Mouse Train Wreck forum would be lucrative.

I avoid schadenfruede generally, but the train wreck I want to read is the one that happens at Danger Mouse's current organization when he departs.

My boss winces, every time I mention a new phone/in person interview.

He's promised, more or less that I'll be promoted in the new FY (starting in July), but we'll see.

In the interim, I'm trying to finish EVERYTHING.

 

[Danger Mouse]

...that the reason the farking wildcard ssl cert from a certain lizard company won't work if you reissue it, is that it may be old enough (a few years) where it uses the older certificate chain.

4 certs plus the wildcard cert rather than the current 2 certs plus wildcard cert. If you look at the certificate chain, you'll see that many levels to it

And it's not valid in Exchange 2010 or 2007 for TLS. It shows up as OK otherwise, but it won't work.

And if you ask them to reissue, even though you've got 1.5 years left on it? They'll tell you to F off very politely, even though from the purchase history, it's clear that your buying pattern has increased to match all the crappy appliances that won't work with wildcards. That assumes the it's not one of the OLDER wildcards, BTW which probably won't work at all any more, because they won't reissue it with the new certification chain.

EDIT: Oh and if you wind up importing and deleting certs enough, you'll eventually wind up with a partially corrupt certificate store. Looked around and didn't see how to repair it. Then today, blam:

certuil -repairstore my certserialnumber

Fixed.

EDIT 2: am now trying to beg and plead and get it fixed for now.

EDIT 3: OMG, thank you anonymous tech support dude! I'll have your internet manbabies for you. Reissue with new chain in progress!

 

[ferzerp]

Pontiphex[/url]":31lgxafx]

Sunner[/url]":31lgxafx]
This seems to be especially common with developers in my experience. It's never the code, a shitty SQL or anything like that, and if virtualization is involved that's definitely it, damn black magic! Had one of those here earlier, a server running batch jobs was choking every night, the DB load was light so it wasn't even shitty SQL for once. The guy in charge at the time was completely spineless though, so they ended up buying a 16 core server with 32 GB of memory or some such retarded thing, all running on a not particularly heavily loaded SAN. Big surprise, the gains were very marginal.

At a previous job in roughly the same line of business a 3-way UltraSPARC IIi with 4 GB of memory and local slow ass disks ran similar jobs of similar volumes just fine. It also ran a bunch of other stuff for that matter. Of course the devs we had there were actually really good.

But yeah of course it wasn't the code. I think they started blaming the SAN next. Possibly the firewall as well because why not, firewalls are EVIL!

As a vendor that sells enterprise software that usually gets installed on-premise in these kinds of environments, let me tell you it can be just as infuriating the other way around.

Jackass operations folks that completely ignore our recommended CPU, Memory, and Storage specs - and dig their heels in despite proof showing that "yes, because you only gave us 6GB of memory for the SQL Server there is not enough for caching - see how the page life expectancy metric is a mere 2 seconds", their obstinance requiring us to go over their head and get a VP/Director level person to force the issue (which magically goes away afterwards).

This one was extra special because we pleaded with them to just bump us up to our recommended specs for a few days so the go-live had a shot at going smoothly, and they could later reduce it until they found equilibrium...and they spun some tale about performance issues that occur if you increase memory and then later decrease it - which would require rebuilding the guest VM to resolve! They could never back that claim up.

Or insisting that the SAN is tip-top until we can show proof of insane disk queue lengths or read/write latencies - (Oh, yeah, we actually have a ticket open with EMC, hurr durr).

Those are at least relatively simple to provide proof of deficiency without having access beyond the guest OS...but the one that has been a real pain is demonstrating when a host is CPU starved. I'm not sure how to measure that with just guest access. Thankfully it has only come up once.

Probably because vendors *suck* at proper sizing so we have no choice to throw out the specs, make an educated guess on sizing, and increase as needed. They rarely understand the implications of asking for more than they need on vcpus, and most modern oses will happily gobble up excess memory for cache if they miss the mark there as well. It is far easier to increase resources as needed than it is to remove. Until an organization *proves* it isn't just pulling specs out of its ass, we assume it is because they almost all do.

 

[mdporter]

Danger Mouse[/url]":1skjdn5o]

M. Jones[/url]":1skjdn5o]

ronelson[/url]":1skjdn5o] If Ars wants to create some new forums like they've suggested, a Danger Mouse Train Wreck forum would be lucrative.

I avoid schadenfruede generally, but the train wreck I want to read is the one that happens at Danger Mouse's current organization when he departs.

My boss winces, every time I mention a new phone/in person interview.

He's promised, more or less that I'll be promoted in the new FY (starting in July), but we'll see.

He's shown you the approved promotion paperwork and pay grade you'll upped to?

 

[Rick25]

That SCOM 2012 wSP1 somehow decided to create the Data Warehouse DB on SQL2012 with the following structure
edatabases\.mdf and the log was \logs\.ldf WTF.....I thought it was a wonky screen refresh (showing no filename) but a command line "dir" on the directory showed ".mdf" as well.

Detach the database, rename it and then reattach (fixing the paths) and all is good. Also stupid permission errors on the server unless UAC was completely disabled.

 

[ncrand]

TIL that having 2 failed UPS units and a failed Power Supply in your Primary Domain Controller can take your slow boring week when everyone else is at a conference to pretty exciting (and a little scary) week pretty damn quickly.

 

[ferzerp]

It is amazing how the term "pdc" persists despite not meaning anything for a very long time. Losing a dc should at most mean seizing a fsmo role or two, but that's it. (yes, I know the term fsmo is deprecated as well, but that's a mere name change).

 

[Arbelac]

Maybe he's still running an NT4 domain.

 

[ferzerp]

Arbelac[/url]":3qsa5hrv]Maybe he's still running an NT4 domain.

 

[Cookie.Monster]

Rick25[/url]":1k9vr023]That SCOM 2012 wSP1 somehow decided to create the Data Warehouse DB on SQL2012 with the following structure
edatabases\.mdf and the log was \logs\.ldf WTF.....I thought it was a wonky screen refresh (showing no filename) but a command line "dir" on the directory showed ".mdf" as well.

Detach the database, rename it and then reattach (fixing the paths) and all is good. Also stupid permission errors on the server unless UAC was completely disabled.

Indeed. It's a known issue with a manual fix. http://technet.microsoft.com/en-us/libr ... 56651.aspx - File names for the Data Warehouse database and log are .mdf and .ldf

SCOM is an incredibly robust product and I'm a big fan, not sure if anything comes close for a predominantly Microsoft environment. That being said, there are some very odd issues like this one. Many are superficial or have quick workarounds, but you might end up with death by a thousand paper cuts.

 

[ncrand]

Arbelac[/url]":3034nlkd]Maybe he's still running an NT4 domain.

Nope, 2003 (Although it was 2000 until about 2 months ago). I usually use the term "PDC" to mean the primary FSMO (or operations master if your so inclined) holders for a particular domain. Also keeping in mind that "PDC Emulator" is still an opeartions master role as well.

 

[Danger Mouse]

mdporter[/url]":3lgh28r1]

Danger Mouse[/url]":3lgh28r1]

M. Jones[/url]":3lgh28r1]

ronelson[/url]":3lgh28r1] If Ars wants to create some new forums like they've suggested, a Danger Mouse Train Wreck forum would be lucrative.

I avoid schadenfruede generally, but the train wreck I want to read is the one that happens at Danger Mouse's current organization when he departs.

My boss winces, every time I mention a new phone/in person interview.

He's promised, more or less that I'll be promoted in the new FY (starting in July), but we'll see.

He's shown you the approved promotion paperwork and pay grade you'll upped to?

No, but his comments have changed. And if he doesn't, he KNOWS he's sunk.

I'm a pretty sure thing for the promotional exam that's due in the next month. We'll see how it works out.

Either way, if I get a good solid offer in hand, he's done. :devious:

ncrand[/url]":3lgh28r1]

Arbelac[/url]":3lgh28r1]Maybe he's still running an NT4 domain.

Nope, 2003 (Although it was 2000 until about 2 months ago). I usually use the term "PDC" to mean the primary FSMO (or operations master if your so inclined) holders for a particular domain. Also keeping in mind that "PDC Emulator" is still an opeartions master role as well.

Yah, but then again, I still have one or two NT4 based domains (and the failed remnants of one) floating around. That's after getting rid of approximately 6 and doing the metadata cleanups to show for it (prior to 2008R2).

---

In other news? The VPN outage? L1. Although our ISP insisted there was no issue with their router, it turns out there's two there. And one of the two is for something else. And that something else includes our VPN. The failure mode was the power cord was very slightly out.

I could swear everything was fine yesterday when checked

And the same for a 2148T FEX failure. One of the fiber connections was not solidly in place. Finger nudging and blam, fixed that too.

GODAMIT

/insert epic fail picture of wrong carjack location

 

[brshoemak]

mdporter[/url]":18ltt8rw]He's shown you the approved promotion paperwork and pay grade you'll upped to?

Not yet, but it's on his desk somewhere and he'll look for it and get him a copy when he has time, but he's been REALLY busy lately. btw, did you know that the servers are on fire? I put a in ticket an hour or so ago - I think.

Also, we need a separate topic to suggest names for the new Danger Mouse forum of trainwreck-ed-ness. I vote for "DMage Control"

TIL that according to the CEO it's apparently much better to have an update applied to your hosted-app production server without rolling it out to the test server first. Better yet, don't schedule it to be performed over the weekend, instead do it on Thursday night and it should be done by 10am on Friday after people have been sitting around for 2 hours with their thumb up their keister. Source: Management // Reasoning: Because fuck it, that's why.

 

[Rick25]

Thanks for the linkage CM....I'm liking the product but "death by a thousand cuts" does describe the install.

Upside I got exchange sorted out in Dev, one of the mailbox servers had store.exe hit 100% and stay there. Now that RU1 is out for Ex2010 SP3 it's time to look at getting dev updated past SP2 RU3.....after the RU is live for a month or so with no major issues or re-releases.

 

[Entegy]

I just updated our Exchange 2010 server to SP3 and SP3 RU1. Smooth update once all my other tools that connected to Exchange were updated.

 

[sryan2k1]

Finger nudging and blam, fixed that too.

Several months ago we flipped a 3945 around and moved it over one rack, no big deal right? Turns out whoever did the original crimps on the DS3 used the wrong connectors, and the TX cable came loose. Random packet loss, no pattern, our carrier finally got some intrusive testing done with the LEC and they were like "We show clean from us to you, but we're gettin all kinds of nonsense on your TX line", my boss by chance put some weight on the pair and it was enough for the pin to make solid contact. We got it repaired the next day after hours, but the paperclips held it in enough for Friday.

 

[PaveHawk-]

Last night a client's environment fell over.

Log on, all VMs are offline. Affecting all hosts. Log on to the storage array, its 180% over provisioned, the actual array is 100% full and all writes have been halted.

The client has been ignoring the upgrade/capacity advice for a while. This was a massive "OH SHI.." moment for them. Not so much for me, I was laughing so hard that the guy who escalated to me abused me for a few minutes for laughing at his misfortune for picking up the phone.

 

[Barmaglot]

Oh, I've been there. The client's reaction was: "Oh, you warned us multiple times months in advance that the array is filling up? Well, you didn't yell loud enough!"

 

[ronelson]

He's shown you the approved promotion paperwork and pay grade you'll upped to?

Train wreck, remember?

 

[M. Jones]

ferzerp[/url]":iq7lyikp]
Probably because vendors *suck* at proper sizing so we have no choice to throw out the specs, make an educated guess on sizing, and increase as needed. They rarely understand the implications of asking for more than they need on vcpus, and most modern oses will happily gobble up excess memory for cache if they miss the mark there as well. It is far easier to increase resources as needed than it is to remove. Until an organization *proves* it isn't just pulling specs out of its ass, we assume it is because they almost all do.

I don't care if your code is amazing with 32GB, 10,000 IOPs and <1ms to the database. It needs to be amazing with all parameters worse by an order of magnitude, because clearly-predictable circumstances will conspire to require it to be run in that fashion.

An old but useful example is when an organization decided to centralise their RDBMS Stateside, for reasons of data confidentiality, data management and RDBMS license conservation. An Eastern European office needed heavy database access. Because of poor infrastructure at the time, the Eastern European office was connected over satellite. Round-trip from geosynchronous means 700ms latency to the database. Do you have any idea what lack of parallelism and stored procedures are exposed by 700ms of latency?

 

[M. Jones]

brshoemak[/url]":2jv6j626]
TIL that according to the CEO it's apparently much better to have an update applied to your hosted-app production server without rolling it out to the test server first. Better yet, don't schedule it to be performed over the weekend, instead do it on Thursday night and it should be done by 10am on Friday after people have been sitting around for 2 hours with their thumb up their keister.

Apparently it's been eluding me that all regular change control may only be scheduled for weekends, and that by definition, any production change that happens outside of a weekend is an emergency production change. This is unacceptable, and perverse besides.

On an unrelated note, the vendor product specialist has never seen an implementation like ours without the licensed feature that, not merely coincidentally, we've needed. This is why I don't do licenses, and give strong acquisition preference to anything that has no concept of a license.

 

[ferzerp]

M. Jones[/url]":2uxvuta4]

ferzerp[/url]":2uxvuta4]
Probably because vendors *suck* at proper sizing so we have no choice to throw out the specs, make an educated guess on sizing, and increase as needed. They rarely understand the implications of asking for more than they need on vcpus, and most modern oses will happily gobble up excess memory for cache if they miss the mark there as well. It is far easier to increase resources as needed than it is to remove. Until an organization *proves* it isn't just pulling specs out of its ass, we assume it is because they almost all do.

I don't care if your code is amazing with 32GB, 10,000 IOPs and <1ms to the database. It needs to be amazing with all parameters worse by an order of magnitude, because clearly-predictable circumstances will conspire to require it to be run in that fashion.

An old but useful example is when an organization decided to centralise their RDBMS Stateside, for reasons of data confidentiality, data management and RDBMS license conservation. An Eastern European office needed heavy database access. Because of poor infrastructure at the time, the Eastern European office was connected over satellite. Round-trip from geosynchronous means 700ms latency to the database. Do you have any idea what lack of parallelism and stored procedures are exposed by 700ms of latency?

Agreed. Anyone who is not testing and making the application function correctly with something like 100ms latency between the client and the server (not going to go 700 ms. An amusing number since I'm posting from a plane with 700 ms latency to everything right now though), you have no business writing software currently. Granted there are exceptions, but doing idiotic things like building an app to use cifs for more than just a sequential file write every now and then, database queries that return one result per round trip (or, more generally, ANY client that eschews the application tier and connects directly to a database), etc have no place now. Not with such a large trend towards moving the end points farther and farther from the datacenter.

 

[afidel]

ferzerp[/url]":2ryg7kn5]

M. Jones[/url]":2ryg7kn5]

ferzerp[/url]":2ryg7kn5]
Probably because vendors *suck* at proper sizing so we have no choice to throw out the specs, make an educated guess on sizing, and increase as needed. They rarely understand the implications of asking for more than they need on vcpus, and most modern oses will happily gobble up excess memory for cache if they miss the mark there as well. It is far easier to increase resources as needed than it is to remove. Until an organization *proves* it isn't just pulling specs out of its ass, we assume it is because they almost all do.

I don't care if your code is amazing with 32GB, 10,000 IOPs and <1ms to the database. It needs to be amazing with all parameters worse by an order of magnitude, because clearly-predictable circumstances will conspire to require it to be run in that fashion.

An old but useful example is when an organization decided to centralise their RDBMS Stateside, for reasons of data confidentiality, data management and RDBMS license conservation. An Eastern European office needed heavy database access. Because of poor infrastructure at the time, the Eastern European office was connected over satellite. Round-trip from geosynchronous means 700ms latency to the database. Do you have any idea what lack of parallelism and stored procedures are exposed by 700ms of latency?

Agreed. Anyone who is not testing and making the application function correctly with something like 100ms latency between the client and the server (not going to go 700 ms. An amusing number since I'm posting from a plane with 700 ms latency to everything right now though), you have no business writing software currently. Granted there are exceptions, but doing idiotic things like building an app to use cifs for more than just a sequential file write every now and then, database queries that return one result per round trip (or, more generally, ANY client that eschews the application tier and connects directly to a database), etc have no place now. Not with such a large trend towards moving the end points farther and farther from the datacenter.

This is why it will be a long time before Citrix/RDS and to a lesser extent X will go away, keep the app near the database and only bring the display to the user.

 

[M. Jones]

ferzerp[/url]":1kr4fgwq]
Agreed. Anyone who is not testing and making the application function correctly with something like 100ms latency between the client and the server

I build all those development environments transatlantic, where there no chance that a network latency simulator will be misconfigured.

Granted there are exceptions, but doing idiotic things like building an app to use cifs for more than just a sequential file write every now and then, database queries that return one result per round trip, etc have no place now.

One of our analytics projects seems to have stumbled into using multiprotocol fileshares for internode communication instead of doing the right thing. It might be too late to fix this one.

Not with such a large trend towards moving the end points farther and farther from the datacenter.

This; cloud.

 

[Danger Mouse]

ronelson[/url]":16x0xqjc]

He's shown you the approved promotion paperwork and pay grade you'll upped to?

Train wreck, remember?

See, ronelson gets it. He took the copy I typed up and said "I'm going to hold onto this for a while" meaning, instead of doing as he's supposed to according to contract, he's holding at his desk.

Theoretically, I'm on the fast track to promotion. He's making noises like it's more or less a sure thing, assuming I don't somehow botch the promotional exam.

I'm not counting on it. I'm putting out my resumes. I should be doing the ICND1 test next week. The MCITP EA shortly thereafter. ICND2 before the end of summer. I've got to space out the testing a little due to cost

After that, on to the MCSE track, then maybe hit CISSP along the way to CCNP by the end of the year, hopefully.

 

[Danger Mouse]

Free site to check TLS functionality on your Edge Transport/etc server:

http://www.checktls.com/

 

[ronelson]

assuming I don't somehow botch the promotional exam.

Say what? You have to take an exam for that?