Author: Bob Lin

Situation: The client just imports SSL from GoDaddy. It doesn’t show up the Key.

Troubleshooting: When generating and exporting CSR on GlobalProtect the PA Firewall keeps the key. When importing the SSL, you must enter the same SSL name you entered when exporting. Otherwise, the key doesn’t show up.

 

Situation: After renewing their Certificate for Globalprotect, the client has a problem to login VPN with Connection failed error.

Troubleshooting: When renewing the certificate, the client might exports the current SSL certificate instead of generating the CSR. Or they enter using different SSL name. We fix the problem by generating a new CSR with different name, export and rekey in GoDaddy. Then import it in GlobalPrtect. Deleted the old SSL and modify SSL/TLS Service profile to use the new SSL.

Situation; The client exported certification fort their GloabalProtec 3 day ago and it is in pending status. Now they can’t login GlobalProtect.

Cause: renewed SSL must be imported and install in 72 hours. Otherwise, the SSL will be expired and you may have a problem to login.

Some old phones may not be compatible with DUO Mobile app. If this is a case, you can try Duo Append Mode. Please refer to this post:

• How to use Append Mode in DUO Authentication

Situation: The client can open files from Office.com. he also have the OneDrive mapping to local PC. He can’t open the same file from File Explorer wit this error: cannot open file because the file format or file extension in not valid.

Troubleshooting: In most cases, this is OneDrive sync issue.

Resolution 1: Unlink OneDrive and run OneDrive setup again

Resolution 2: Update to the latest version of OneDrive

Resolution 3: Reset OneDrive

Situation: After Windows 11 update, he client can’t access their label printer with error code 0000011b.

Resolution: Disabling the CVE-2021-1678 Mitigation

1. Open Run by pressing Windows + R.
2. Type the following in the Run dialog box and press Enter: regedit
3. Select Yes in the User Account Control prompt.
4. Type the following in the registry path field at the top and press Enter:
   Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print
5. Right-click anywhere blank on the right pane and choose New > DWORD (32-bit) Value.
6. Use the following as the name for your DWORD: RpcAuthnLevelPrivacyEnabled
7. Double-click the newly-created DWORD, enter 0 in the Value data field, and select OK.
8. Close Registry Editor.
9. Reboot your Windows PC.

Situation: After a new Windows 11 update, the client has a problem to access her label printer with this error: Operation could not be completed (error code: 0x00000bc4).

Troubleshooting 1: Change Group Policy Setting

1. Type Group Policy in the search bar and click in Edit group policy. 

2. Navigate to Computer Configuration>Administrative Templates > Printers > Configure RPC connection settings.

3. Select Enabled and then select RPC over named pipes from the dropdown, and click OK

Troubleshooting 2: Tweak the Registry

• Press the Windows key + R to open the Run dialog box.
• Type regedit and hit Enter.
• Navigate to the following path:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\RPC

• Right-click on RpcOverNamedPipes and select Modify.
• Now enter the Value data as 1 and click Ok to save the changes.
• In the same way, change the value data of RpcOverTcp (default) to 0.
• Close the Registry Editor and restart your computer.

 

Resolution: Disable Print Spooler RPC Encryption or CVE-2021-1678 Fix

• Hit Windows + R keys to open the Run command tool.
• Type regedit in the Open command box and hit Enter.
• The Registry Editor tool will open.
• Navigate to the Print Registry key directory either manually or by entering the following path into the Registry Editor address field:

• HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print
  
  

  • Right-click on the Print key and select New→  DWORD-32 bit Value.
  • Name the new key as RpcAuthnLevelPrivacyEnabled.
• Double-click on the new key and set its value to 0 (zero).
• Restart your computer.
• Perform the above steps on the host printer server as well.

Situation: The client just migrated one of their tenants into other one. After the migration, some Outlook profiles may have issues with Autodiscover being able to create a new profile due to legacy registry entries.

Resolution 1:

Use ExcludeLastKnownGoodUrl to prevent Outlook from using the last known good AutoDiscover URL

Configure one of the following registry subkeys as follows:

HKEY_CURRENT_USER\Software\Microsoft\Office\<x.0>\Outlook\Autodiscover
DWORD: ExcludeLastKnownGoodUrl
Value: 1

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\<x.0>\Outlook\Autodiscover
DWORD: ExcludeLastKnownGoodUrl
Value: 1

 Note:

The <x.0> place holder represents your version of Office (16.0 = Office 2016, Microsoft 365 and Office 2019, 15.0 = Office 2013).

When the ExcludeLastKnownGoodUrl value is set to 1, Outlook does not use the last known working AutoDiscover URL.

Resolution 2:  

Search for a registry entry that is tied to the old tenant and delete it.  There may be multiple identities that will need to be reviewed to find the identity tied to the migrated tenant.

Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Identity\Identities\xxxxx-xxxxx-xxxxxx-xxxxxx-xxxxxxxxxx_ADAL

Note:

 Backup up the entire registry key and all sub keys in the c:\temp folder before deleting.

Situation: When a user tries to activate Du Mobile, he gets this error message: “Safari can’t open the page because the address is invalid”

Troubleshooting:

When you activate the Duo Mobile at first time, you may receive two SMS messages. You should tap on the first one Welcome to Duo! To Install the Duo Mobile app……

If you haven’t installed the DUO Mobile and tap the second message “To active the Duo Mobile app”, you will receive the “Safari cannot open the page because the address is invalid” message.

Otherwise, check this.

To fix the issue with Safari on your iPhone displaying the error message “Safari can’t open the page because the address is invalid,” you can try the following troubleshooting steps:

1. Check the internet connection: Ensure that your iPhone is connected to a stable and reliable internet connection, such as Wi-Fi or cellular data. Try loading other websites or apps to verify if the issue is specific to Safari or affecting the entire internet connection.
2. Verify the website address: Double-check the URL or website address you are trying to access. Make sure there are no typos or errors in the URL. You can also try searching for the website through a search engine to see if it appears in the results.
3. Clear Safari cache and website data: Go to Settings on your iPhone, scroll down and tap on “Safari.” Within the Safari settings, select “Clear History and Website Data.” This will clear any stored data and cache for Safari, which can sometimes resolve issues with invalid addresses.
4. Restart Safari: Close the Safari app completely by double-clicking the home button (or swiping up from the bottom on iPhone X and newer models) and swiping Safari off the screen. Then, relaunch Safari and try accessing the webpage again.
5. Restart your iPhone: Perform a restart of your iPhone by pressing and holding the power button (or the power button and volume button together on newer models) until the “Slide to power off” slider appears. Slide it to turn off your iPhone, wait for a few seconds, and then press and hold the power button again until the Apple logo appears.
6. Update iOS: Ensure that your iPhone is running the latest version of iOS. Go to Settings, select “General,” and then tap on “Software Update.” If an update is available, follow the on-screen instructions to download and install it.
7. Reset network settings: If the issue persists, you can try resetting the network settings on your iPhone. Go to Settings, select “General,” scroll down and tap on “Reset,” and choose “Reset Network Settings.” Note that this will remove your saved Wi-Fi networks, so you will need to reconnect to them afterward.