Author: Bob Lin

Situation: The client has migrated their Exchange to Microsoft 365. When trying to connect their Exchange online using PowerShell.

$UserCredential = Get-Credential command let them to login. However,

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<ServerFQDN>/PowerShell/ -Authentication Kerberos -Credential $UserCredential

command doesn’t work with this message:

PS C:\Windows\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://abc.onmic
osoft.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
New-PSSession : [abc.onmicrosoft.com] Connecting to remote server abc.onmicrosoft.com failed with the following error
message : The WinRM client cannot process the request because the server name cannot be resolved. For more
information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
gTransportException
+ FullyQualifiedErrorId : ComputerNotFound,PSSessionOpenFailed

Resolution: Install Microsoft Exchange Online PowerShell Module on your computer. Please refer to this post:

• How to install Microsoft Exchange Online PowerShell Module on your computer

Situation: The client configures MFA for PA Firewall GloablProtect connection. It doesn’t work. in DEVICE>User Identification>User Mapping>Server Monitoring, it shows Access denied.

Case 1. Microsoft has disable WMI which used by Palo Alto as default.

Case 2: Pal Alto Agent doesn’t work or configured incorrectly.

Situation: a user has an Outlook issue, and it freezes with a popup asking for repairing. After she clicks on “repair”, it doesn’t fix the problem. Then we have her to repair it from Control Pane. That crashes the whole Office, and she can’t use Office 365 anymore.

Resolution 1: Uninstall and re-install Office 365.

Resolution 2: If uninstalling and re-installing doesn’t fix the problem, try to uninstall office 365 first by following article:

https://support.office.com/en-us/article/Manually-uninstall-Office-2013-or-Office-365-1d1110d5-75a4-4154-969e-4260ff29b232?ui=en-US&rs=en-US&ad=US

Resolution 3: If the above method doesn’t resolve your issue, try performing Clean Boot on your computer and then reinstall. Follow these steps to restart Windows 10 in the Clean Boot mode:

To restart in Clean Boot follow the steps as per the following Microsoft Article:

https://support.microsoft.com/en-us/kb/929135

Situation: A user reports he can’t access www.evernote.com with this message: This site can’t be reached or Web Page Blocked.

Troubleshooting: Login PA firewall and check MONITOR>URL Filtering. We find block-url policy blocks www.evernote.com because of medium-risk.

This is the definition of medium-risk Palo Alto networks.

If the user really needs it, he can download it from his home computer or WiFi without PA firewall.

Situation: The domain administrator has corrected one user’ first. Everything including Outlook shows correct user first name except Teams. Sign out and re-sign in Teams doesn’t fix the problem.

Resolution: Quoted from Microsoft:

This behavior is by design.
Teams has a caching scheme that is designed for capacity and performance optimization. The Teams service caches general user information for up to three days. The Teams client also caches general user information locally. Some data, such as display name and telephone number, can be cached up to 28 days in the client. Profile photos can be cached up to 60 days.

To clear the cache and receive updated information, sign out of Teams, and then sign back in. Or, manually Clear Teams cache
Clear Teams cache in Windows
1. If Teams is still running, right-click the Teams icon in the taskbar, and then select Quit.
2. Open the Run dialog box by pressing the Windows logo key +R.
3. In the Run dialog box, enter %appdata%\Microsoft\Teams, and then select OK.
4. Delete all files and folders in the %appdata%\Microsoft\Teams directory.
5. Restart Teams.

Situation: The client can’t ping their remote server after a Windows update (2023-01 Cumulative Update KB5022286).

Troubleshooting: We find Event ID 7001 related to this issue.
Event ID: 7001
Description:
The Windows Defender Antivirus Network Inspection Service service depends on the Windows Defender Antivirus Network Inspection System Driver service which failed to start because of the following error:
The dependency service or group failed to start.

Resolution 1: Start the Windows Defender Antivirus Firewall Service.

Resolution 2: In one case, we do see the Windows Defender Antivirus keeps stopping every one or two hours. Uninstalling the KB5022286 and wait for next update. To uninstall it, use this command: wusa /uninstall /kb:5022286

Resolution 3: Install Security Intelligence Update for Microsoft Defender Antivirus – KB2267602 (Version 1.381.2465.9) fix the problem.

Resolution 4: In other case, we find Event ID 7001 Description:
The Network Connectivity Assistant service depends on the Base Filtering Engine service which failed to start because of the following error:
After starting, the service hung in a start-pending state.
Ans then we find:

Event ID: 7022 – Description:
The Network Connectivity Assistant service depends on the Base Filtering Engine service which failed to start because of the following error:
After starting, the service hung in a start-pending state.

How to Fix Base Filtering Engine Service Startup Problems – https://www.winhelponline.com/blog/fix-base-filtering-engine-service-startup-problems/

Situation: The client can’t login their remote server after a Windows update (2023-01 Cumulative Update KB5022286).

Troubleshooting: We find Event ID 7001 related to this issue.
Event ID: 7001
Description:
The Windows Defender Antivirus Network Inspection Service service depends on the Windows Defender Antivirus Network Inspection System Driver service which failed to start because of the following error:
The dependency service or group failed to start.

Resolution 1: Start the Windows Defender Antivirus Firewall Service.

Resolution 2: In one case, we do see the Windows Defender Antivirus Firewall Service keeps stopping. You can uninstall the KB5022286 and wait for next update. To uninstall it, use this command: wusa /uninstall /kb:5022286

Resolution 3: We find the Microsoft release another update which may fix this problem: Security Intelligence for Microsoft Defender Antivirus – KB2267602 )Version 1.381.2465.0)

Situation: The user as a problem to add CRM add-ins. Whenever she tries to enable it, it disappears when you back to File>Options>Add-ins.

Troubleshooting: We ask her to check the Windows update. She comes back saying it is Update. However, when we check the Windows update, it shows there is Windows update for version 22H2.

After installing the update and restarting, she can add the CRM add-ins.

Situation: The client can’t start his Dell Desktop. Dianostics find error code 0161.

Troubleshooting: We can see the Hard Disk from the BIOS by press F2.

Resolution 1: Take the hard disk to different desktop to test it.

Resolution 2: Remove Optane Module

I was able to resolve it. And it seems that Optane module was the one that failed because after I removed it I was able to use the disk.

So here are the steps:
1) Remove Optane Module
2) Set disk working as ACHI in BIOS (was set to RAID).
3) Format HDD. I was not able to do that from Windows boot USB but once I put it in external box, another laptop can do that from Admin Command Line with using diskpart tool.
4) After that HDD is recognized by Windows boot USB and Windows can be installed back.

Step 3: Add a Hard Drive and install Windows OS. Then check the original hard disk.

Situation: A WFH user can’t login his computer which joins a domain remotely because the password has been expired.

Troubleshooting: We need to reset password and re-sync the laptop with the DC with VPN.

1. Login local admin account on the laptop.
2. Establish the VPN to connect to the Office DC.
3. To test and force the new password to sync, you can use net use command, for example net use \\sharedservername. Then enter the username and password. If it is successful, you are good to login remotely.