Author: Bob Lin

Situation: the client is internal company and has migrated their multiple domains into a Microsoft Tenant. Now, they have an issue to send emails between domains. For example, A.com and B.com are under the same Tenant with default domain name C.com. Email sent from A to B was blocked.

Cause: They encountered this issue during the migration of A.com and B.com to C.me. Although I am not entirely certain about the reason, I have a theory. Both A.com and B.com are under the Microsoft Tenant. When A.com sends an email to B.com, Microsoft Intelligent Assistant (which is not as intelligent as a human) mistakenly identifies the email as spam and blocks it.

Resolution: Add A.com, and C.com to whitelist. Please refer to these posts:

What’s allows and blocks in the Tenant Allow/Block List

How to add email address to Whitelist in Office 365

Troubleshooting:

1. The user/group may not have access to LAN subnets. In our case, the client adds All Interface IP instead of LAN Subnets. We fix the problem by replacing All Interface IP with LAN Subnets.

2. The SSLVPN IP Pool is in the same subnet as X0.

If your computer display has these issues:

• A blank or black screen.
• Color fade.
• Fuzzy, blurry, distorted, stretched image.
• Geometric distortion.
• Light leakage or bleeding.
• Flickering.
• Horizontal or vertical lines.
• Light or dark patches.

Try these suggestions:

1. If you have two or more displays, compare them settings.
2. Check Display Settings by going to Advanced display and check the refresh rate.

Situation: The client try to access their SonicWALL Global VPN, but it shows Connecting forever.

Troubleshooting: It seems like Peer IP or name issue.

Go to Properties>Peers>, click on Edit.

Uncheck “Use the default gateway as the peer IP address”. Then enter the peer’s IP address, which should be the SonicWALL WAN IP address.

Situation: When running PowerShell command:

Connect-MicrosoftTeams

you may get this error:

Connect-MicrosoftTeams : The term ‘Connect-MicrosoftTeams’ is not recognized as the name of a cmdlet, function, script

file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct

and try again.

At line:1 char:1

+ Connect-MicrosoftTeams

+ ~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo          : ObjectNotFound: (Connect-MicrosoftTeams:String) [], CommandNotFoundException

+ FullyQualifiedErrorId : CommandNotFoundException

Resolution: Uninstall and re-install early teams PowerShell Module:

Uninstall-Module MicrosoftTeams

Install-Module -Name MicrosoftTeams -RequiredVersion 1.0.0

Situation: When running Import-Module MicrosoftTeams PowerShell command, you may receive this error:

Import-Module : File C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\5.8.0\MicrosoftTeams.psm1 cannot be
loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at
https:/go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ Import-Module MicrosoftTeams
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [Import-Module], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess,Microsoft.PowerShell.Commands.ImportModuleCommand

Resolution:

Your PowerShell Execution Policy might be preventing Import-Module from running successfully. Try running:

Set-ExecutionPolicy -ExecutionPolicy AllSigned -Scope Process

This will allow all signed scripts to run in the current PowerShell process. When you close the PowerShell session, you will revert to your previous Execution Policy.

If the module is still not successfully importing, you might try:

 Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process

Be cautious about this setting, since it will allow any unsigned scripts to run, including potentially malicious code. Ensure that you trust the script/modules you’re installing if you choose ExecutionPolicy Bypass.

1. Check any issues on Microsoft Power Automate at https://flow.microsoft.com/en-us/support/
2. If the flow failed, check these tips: Go to the notifications icon at the top of the web portal, or selecting the “Activity” tab in the mobile app. You are now looking at the flow details. Find the step with the red exclamation icon and you should see the error message for your flow there.
3. Identify specific flow runs: you may want to debug specific flow runs to confirm that your flow ran as expected. By default, the flow owner can look at the Start, Duration, and Status columns in the run history view in Power Automate to help them identify the flow run they are interested in debugging.

To make it more efficient to identify flow runs when debugging, Power Automate provides the ability for flow owners to configure the list of columns that’s displayed on the run history page for each flow run.

• Sign in to Power Automate.
• Select My flows from the left side of the screen.
• Select the flow for which you want to get more details.
• Select Edit columns on the flow details page.

4. Identify the error

• Select My flows.
• Select the flow that failed.
• In the 28-day run history section, select the date of the failed run.Details about the flow appear, and at least one step shows a red exclamation icon.
• Open that failed step, and then review the error message.On the right pane, you can see the details of the error and How to fix the error.

5. Authentication failures: If you get the error message contains Unauthorized or an error code of 401 or 403 appears. You can usually fix an authentication error by updating the connection:

• In the right pane, click on View Connections below How to fix.
• Scroll to the connection for which you saw the Unauthorized error message.
• Next to the connection, click or tap the Fix connection link in the message about the connection not being authenticated.
• Verify your credentials by following the instructions that appear, return to your flow-run failure, and then click or tap Resubmit.

Situation: The client with admin right login their SonicWALL TZ370. However, He can’t manage the Firewall.

Troubleshooting: If Builtin admin is logged in the Firewall and another local user member of SonicWall Administrators group logged into the system, it won’t see the option to preempt the builtin admin account. When the local user member of SonicWall administrators group logged into the Firewall, and after successful authentication a pop up message is displayed and clicking the manage button display the following pop up with only “Non-config” login to the Firewall and also displays the information that an administrator is already logged into the Firewall.

Resolution: If multiple administrators are required to manage the Firewall and preempt each other then create two local users (admin1 and admin2 created for demonstration) and add them to SonicWall Administrators group, see screenshots below wherein one admin1 member of SonicWall Administrators already logged in to the Firewall and then admin2 member of SonicWall Administrators logged in from another interface and presented with preempt option.

admin1 already logged in with Config mode as shown in the screenshot below:

admin2 logged in from another location and presented with “Continue” option to preempt admin1, see screenshot below:Note: If the local user with admin was forced to logoff or ended session, it could be the admin login the Firewall.

Situation: The client just added a new user as SonicWALL Administrator in their TZ370. However, the user can’t login with this error: HTTPS User login not allowed from here.

Resolution: Please check which firewall interface your client is connected to by  Login to the firewall with built in administration account. Navigate to Network | System | Interfaces, click Edit button of the interface your client connects to. Select HTTP or HTTPS at the User Login option.

If the HTTPS is off under USER LOGIN, turn it on.

Case 1: Description: When attempting to Migrate a GEN5 configuraton file to a GEN7 settings file, the Migration tool throws an “Internal Server Error” on the browser and doesn’t provide a migrated settings file to us.

Cause: Global Bandwidth management not supported in GEN7 appliances. This is expected to be fixed in the upcoming release on Migration Tool v 4.35.1

Resolution: Disable BWM (Bandwidth Management) on the GEN6 Firewall and then export the settings file from the firewall to use in the Migration tool.

To disable BWM in your GEN6 Firewall, Please access the UI.

Go To Firewall Settings > Bandwidth Management > Set to NONE.

Save the configuration , Export the settings file from the firewall and then use this file as the source settings file in the Migration tool.

case 2: The client current SonicWALL uses 8090 as https port, which is different from default https port 443.

Resolution: changing the https port to 443 and export it and then use the Migration Tool to export it.

Note: You may have a problem if you change the https port. You may have two options. 1. change back the port to 8090. 2. Or re-configure the certificate and other related configuration.