Current frustration...

Started by deanwebb, September 08, 2015, 10:09:38 AM

Previous topic - Next topic
Print
Go Down Pages1 2 3 ... 29
User actions

deanwebb

September 08, 2015, 10:09:38 AM
We had a VPN go down, rebuilt it. Now comes the user acceptance testing...

ME: Can you run your application?
USER: No.
ME: Can you show me a screen shot of the error?
USER: Here. (Screen shot is a generic error, not much use.)
ME: Can you ping the server?
USER: I am unable to perform that task.
ME: (pause) Do you mean that you cannot run a ping test, or that when you run a ping test, it fails?
USER: Let me copy another user into this thread. He's more technical.
MORE TECHNICAL USER: Hello. Are you able to provide directions to run this test?

:facepalm1:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Nerm

#1
September 08, 2015, 12:27:07 PM
 :phone:
:frustration:
:facepalm3:

deanwebb

#2
September 08, 2015, 12:52:19 PM
Exactly.

Follow up:

MORE TECHNICAL USER: The ping didn't work.
ME: What's the IP address of that machine? You can find it using "ipconfig" in the same command line.
MORE TECHNICAL USER: It's 10-1-2-3.
ME: (sees the dashes)
:facepalm2:

ME: (after recovering) OK, the firewall doesn't permit that device to connect to the system. If you can find the device at 10.1.2.4, it should work.
MORE TECHNICAL USER: OK, the ping worked from that device.
ME: Awesome. You should be able to run the application.
MORE TECHNICAL USER: Nope. Same error.
ME: (checks firewall) Well, we allow PING and SSH from that IP. You need to check your documentation under "firewall permissions" to see what else is needed.

:notthefirewall:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Ironman

#3
September 09, 2015, 08:52:48 PM
Quote from: Nerm on September 08, 2015, 12:27:07 PM
:phone:

Ohhhh, this is sooooooo perfect for how I feel every time someone calls me with a Network Issue!

deanwebb

#4
September 10, 2015, 09:24:06 AM
Quote from: Ironman on September 09, 2015, 08:52:48 PM
Quote from: Nerm on September 08, 2015, 12:27:07 PM
:phone:

Ohhhh, this is sooooooo perfect for how I feel every time someone calls me with a Network Issue!

That was me after the ping was successful, but they said their application didn't work... and then mentioned that their version of Windows was unlicensed.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

deanwebb

#5
September 17, 2015, 07:07:12 PM
New frustration...

PM: Get me a report on everything that would be blocked if we turned NAC on full enforcement today.

Me: Holy crap, that would include all the phones, printers, wireless access points...

PM: Wait, don't we have those on MAC bypass lists?

Me: No, we're not doing 802.1X.

PM: Well, get them on a MAC bypass list!

Me: But we're not doing full enforcement right now. Most of our Windows devices would be blocked, as well.

PM: Don't they have the NAC client?

Me: Some of them do, from when we did the pilot. It's not officially part of the build.

... and on and on and on and on...

EVERY DAY I have this conversation when the PM asks for the "full enforcement report". The PM wants to show to higher-ups that we've "made progress" because we're blocking *something*.

PM: Just show me a list of all the devices that would be blocked. It's a simple request.

Me: We haven't even formally defined the criteria for blocking. Essentially, the list would be zero devices. I could make a variety of reports with different blocking criteria, and you could pick the one you liked the best.

PM: Now you're being a smartass.

What? Me? A smartass?

:steamtroll:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

hizzo3

#6
September 17, 2015, 09:06:41 PM
Ha ha chart-ology 101. Oh how I loathe it.

icecream-guy

#7
September 18, 2015, 07:19:34 AM
Quote from: deanwebb on September 17, 2015, 07:07:12 PM

Me: We haven't even formally defined the criteria for blocking. Essentially, the list would be zero devices. I could make a variety of reports with different blocking criteria, and you could pick the one you liked the best.


Sounds like you need to spend the day building a flow chart in Visio of all the blocking criteria and the devices that could/would be blocked under the different scenarios.  (something like today's XLCD comic strip)
:professorcat:

My Moral Fibers have been cut.

deanwebb

#8
September 18, 2015, 09:56:05 AM
Actually, I think I will put together a bunch of rules for information gathering, so we can see all the layers of enforcement and how they'd interact. Should be fun.

Also, leaving work early today might also be fun. COMP TIME FTW!
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Dieselboy

#9
September 25, 2015, 03:45:14 AM Last Edit: September 25, 2015, 03:48:32 AM by Dieselboy
I kept receiving strange webex meeting invites from one of the HR girls who works in another office. I mentioned it to my guy with rolled eyes, who told me he also received the invites. Then I noticed another guy looking over here, I asked him did he also receive it and answer was yes.
So I messaged her on jabber asking her if she was aware she was sending odd meeting invites from webex, and her answer was no, it's not something she is doing.

So now, alarm bells are ringing, and she's not replying to my jabber messages either. So I call her, and we have the same conversation over the call and she says shes not using webex.

So I explain someone must have got into her account, she must change her password. I also say I'm logging in to block her account.

Then she says, actually no, she's in webex.

:developers:

It's always the same with this HR girl.

Another situation::

I'd set her up with a desk phone. The whole office only has 2 desk phones, the other one should be on a hot desk and has extension mobility enabled.
I noticed one day, calls kept being placed from her from the hot desk phone. I logged in to CUCM and her phone that I'd set her up with is unregistered.
I asked her to swap the phones over back to her desk and keep both phones plugged in because I'm doing upgrades (this was the other week). I explained this so many times I've lost count.
So this week, I still see that her phone is unregistered and the hot desk phone is up and running on her desk still. So, since all the upgrades were complete I can just do some config work and swap the configs over between the phones. This would save her unplugging her phone, so this is what I did.
A few hours later I get a message from her "how long is this phone thing going to take because it's showing a message on the screen and it's mostly blank".
I log in and the phone I had now configured for her was unregistered. The hot desk phone was still pending some config and so it was not fully set up.

Why did she do this? Why did she come in, in the morning, and see the desk phone with her own name and extension number on the screen and think "I know what I'll do this morning!". It was also too much aggravation for her to reverse what she had done (plug / unplug two phones) so I undone the config I had done earlier that day.

Hot desk phone still unregistered.

:developers:

SimonV

#10
September 25, 2015, 07:48:34 AM
Quote2015-09-25 14:20:28   User.Info   xxx.xxx.3.70   1 2015-09-25T14:20:24.241 VPN_box_A RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@2636.1.1.1.2.36 reason="application failure or action"
2015-09-25 14:20:28   User.Info   xxx.xxx.3.70   1 2015-09-25T14:20:24.241 VPN_box_A RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@2636.1.1.1.2.36 reason="application failure or action"
2015-09-25 14:20:28   User.Info   xxx.xxx.3.70   1 2015-09-25T14:20:24.241 VPN_box_A RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@2636.1.1.1.2.36 reason="application failure or action"
2015-09-25 14:20:29   User.Info   xxx.xxx.3.70   1 2015-09-25T14:20:28.852 VPN_box_A RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@2636.1.1.1.2.36 reason="application failure or action"
2015-09-25 14:20:29   User.Info   xxx.xxx.3.70   1 2015-09-25T14:20:29.042 VPN_box_A RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@2636.1.1.1.2.36 reason="application failure or action"
2015-09-25 14:20:29   User.Info   xxx.xxx.3.70   1 2015-09-25T14:20:29.042 VPN_box_A RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@2636.1.1.1.2.36 reason="application failure or action"
2015-09-25 14:20:29   User.Info   xxx.xxx.3.70   1 2015-09-25T14:20:29.042 VPN_box_A RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@2636.1.1.1.2.36 reason="application failure or action"
2015-09-25 14:20:30   User.Info   xxx.xxx.3.70   1 2015-09-25T14:20:29.844 VPN_box_A RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@2636.1.1.1.2.36 reason="application failure or action"

On all applications that have an ALG (inspection)  :professorcat:

deanwebb

#11
September 25, 2015, 08:47:19 AM
... that moment when you discover that the clients in the CBD area are nothing at all like the clients in the production environment...

:wall:

CBD guys are all virtualized... and I think they either have the services I need for NAC turned off, or there's a VBlock firewall blocking traffic on the ports I need. Either way, that's not what we have in the real world, even though CBD is supposed to be just like our production environment...
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

#12
September 28, 2015, 08:01:20 AM
Customer want's us to update firewall rules.....They don't want to deploy a host firewall

...to stop servers on the same subnet from communicating.

ok, we'll use a couple of port ACL's on the interfaces to make it work.

...come to find out the servers are virtual in the ESX environment, so once a server gets moved....

guess what?  they're going to deploy host firewalls.


:professorcat:

My Moral Fibers have been cut.

Reggle

#13
September 28, 2015, 08:31:23 AM
VLAN per application and full access in VLAN. I don't see the problem. Nor do I see a problem with host firewalls.
Smells like someone wanted to be original and be noticed by his superiors for coming up with that.

NetworkGroover

#14
September 28, 2015, 10:55:36 AM
Quote from: deanwebb on September 17, 2015, 07:07:12 PM

PM: Now you're being a smartass.

What? Me? A smartass?

:steamtroll:

Lol.....

Troll-ol-ol-ol-ollolololol
Engineer by day, DJ by night, family first always
Print
Go Up Pages1 2 3 ... 29
User actions