Author: Bob Lin

Situation: the client configures a new laptop with GlobalProect VPN for a home user. When he establish the VPN, he have a problem to access most LAN resources.

Troubleshooting: He is using the same IP range (10.0.0.0/24) as the office (10.0.0.0/16) and both site the default gateway is 10.0.0.1.

Two options: 1. Change his home network to other IP address range, for example, 192.168.1.0/24.

2. Since he doesn’t wan to do do so, we assign his static IP address at home: 10.0.0.3/252 (255.255.255.252 /30 4 IP)

Q: One of our users has this problem. Mitel phone can’t make call to outside and it shows anonymous. She can make internal phone call.

Chicagotech.net: Make sure Mitel Connect is setup for using Desk phone. To do it, click on the username with the Mitel Connect open. Check Desk phone.

Q: we run Malwarebytes on all their computers. We have enabled “Remove and quarantine all threats automatically”

However, The threats are not removed. Why?

Chicagotech.net: After enabling the remove quarantine, you need to restart the malwarebytes service.

Situation: The client configured their Palo Alto firewall connecting to Microsoft Azure site to site VPN. However, it shows “Connecting” forever.

Troubleshooting: It is preshare key problem. We fix it by running these commands:

PS C:\Users\blin> add-azureaccount

Id Type Subscriptions Tenants — —- ————- ——- chicagotech.net@gmail.com User 3d083292-8d49-4ef7-8c72-e54522b52126 {488899b5-4a4a-48b1-a1cf-8a1229d32267}

PS C:\Users\blin> Select-AzureSubscription -SubscriptionId 3d083292-8d49-4ef7-8c72-e54522b52126

PS C:\Users\blin> Get-AzureVNetConfig -ExportToFile “C:\Users\Public\Downloads\networkconfig.xml”

XMLConfiguration —————- …

PS C:\Users\blin> Set-AzureVNetGatewayKey -VNetName ‘Group TestVPN Test’ `

>> -LocalNetworkSiteName ‘498DEBEF_AzuretoOnprem’ -SharedKey asjdfojweioreroihew

Error : HttpStatusCode : OK

Id : b0f50fe7…..

Status : Successful RequestId : ea98d58a3b75a8bf96….

Situation: The company is migrating their Cisco ASA site to site VPN connecting to Azure to PA-850. The consultant copy and configured PA-850 IPSec configuration. However, can’t establish the connection. The log shows no return.

Troubleshooting: We called Microsoft Azure support and compare Azure configuration against PA. There are twio problems.

1. By default, PA IKE Crypto Profile are set like these:

DH Group: group2 Encryption: aes-256-cbc, 3des Authentication: sha1, sha256.

However, the PA document also says: A new crypto profile can be defined to match the IKE crypto settings of Azure VPN. This is Azre VPN settings:

2. When configuring IPSec Crypto Profile, the Lifeszie is 102,400,000. However, we can’t enter this number on PA. The value for PA is 1-65535. To fix this problem, both Azure and PA VPN need to configure Dynamic Routing instead of Static Routing.

In conclusions: 1. Must read the configuration guide carefully. 2. Copy the configuration from Cisco ASA configuration may not work. 3. PA configuration article could be obsolete.

Q: We just get a new ThinkPad Laptop. When I use push installation to install  Symantec Endpoint Protection, I get this message: the client could not be installed on the remote computer. Remote Registry has been enabled. What could be the problem?

Chicagotech.net: We found the problem is McAfee LifeSave is running, you may want to diable it or uninstall it first.

Q: I have Windows 10 Home edition. However, when I re-install it, I used a Windows 10 Pro DVD instead of Home. How can I downgrade Windows 10 Pro to Home?

Chicagotech.net:  You may try this: 1. Run regedit by opening Registry Editor. 

2. Navigate to key HKEY_Local Machine > Software > Microsoft > Windows NT > CurrentVersion

3. Change EditionID from Pro to Home.

4. Change ProductName from Windows 10 Professional to Windows 10 Home. 

5. Browse to key HKEY_Local Machine > Software > Wow6432Node > Microsoft > Windows NT > CurrentVersion, change the EditionID and ProductName to Home.

6. Close the Registry Editor

7. Insert the Windows 10 Home installation media, do an in-place upgrade by launching the setup from desktop (not booting with Windows 10 Home install media)

8 .When asked select what to keep(settings, personal files and apps, only personal files or nothing) Windows 10 Home in-place upgrade will be done now.

If above doesn’t fix the problem, you must do clear re-installation.

Q: I try to re-build RAID 5 using Stellar data recovery. However, its scan result shows only small volume with 1.3MB. Why?

Chicagotech.net: You may try Deep Scan as shown below.

If the deep scan doesn’t show all volumes, you may have incorrect RAID 5 parameters. Try different parameters or selelct don’t know.

Q: Recently, some of our computers have a problem to print word.  After we switch the printer driver from Kyocera FS-4200DN KX to Kyocera Monochrome personal XPS Class, that seems to fix the problem. However, now some people have a problem to print email.

chicagotech.net: We fix this problem by switching back to the original Kyocera FS-4200DN KX driver.  The way we do now is install the printer locally using IP address instead of printer server so that the user can switch the print driver by themselves.

Q: We get more and more this problem. When we install Windows 10 update, it take 1 or 2 hour, sometimes, it seems taking forever. What can we do it?

Chicagotech.net: here are some suggestions.

1. Install the updates at night. That will give Windows 10 more time to install the updates.
2. Install the update manually. You can install one update at once.
3. Do install once per week or once per month. Don’t let the updates cumulate too many.
4. Download the updates first and install them manually. Go to this link to download Windows update tool: https://www.microsoft.com/en-us/software-download/windows10.
5. Using WSUS or System Management to push the updates to group computers.
6. Install Windows Update in Clean Boot by running msconfig.

1. Install Windows 10 update using Windows 10 Update Assistant.

restarting solved the Windows update stuck issue while the Windows reverted back to its original state for other users.