Month: January 2023

Situation: The client tries to convert their PC running Windows 10 to a VM by using Disk2vhd. However, they can’t start the vhd on Windows Server 2019 Hyper-V.

Troubleshooting: We fix the problem by selecting Generation 2 instead of Generation 1.

In other case: We find the problem is Disk2vhd default file format is vhd. VHDX is a new disk format that was introduced in Windows Server 2012. Compared to traditional VHD, VHDX has several improvements, including a special internal log to reduce the chances of data corruption, a bigger capacity (up to 64 TB) and other great features. I recommend using VHDX whenever possible. Since this is Windows Server 2019, you should use vhdx format.

Other possible resolutions:

1. Disk2vhd does not support the conversion of volumes with Bitlocker enabled. If you wish to create a VHD for such a volume, turn off Bitlocker and wait for the volume to be fully decrypted first.
2. Virtual PC supports a maximum virtual disk size of 127GB. If you create a VHD from a larger disk it will not be accessible from a Virtual PC VM.
3. It’s possible that the VHD created by Disk2vhd is not working due to several reasons, some of which include:
   1. Incompatibility between the host and the target operating systems.
   2. Incorrect configuration of virtual machine settings.
   3. Incomplete or corrupt image capture.

   To resolve the issue, you can try the following steps:

   1. Check the compatibility of the source and target operating systems.
   2. Verify the virtual machine settings such as memory, CPU, and network configuration.
   3. Try creating the VHD image again and check if it is complete and not corrupt.
4. Use SC-VMM P2V migration, I’ve never had good success with Disk2VHD.You can get a trial version from here: (fully functional 180 days)

   http://www.microsoft.com/en-za/download/details.aspx?id=10712 

If you are unable to start the Base Filtering Engine (BFE) service, it could be due to a number of reasons. Here are a few things you can try to resolve the issue:

1. Make sure that the service is not set to “Disabled” in the Services Manager. Go to the “Services” app, find the “Base Filtering Engine” service, and check that the “Startup type” is set to “Automatic” or “Manual”.
2. Check if the service dependencies are running correctly. BFE service depends on Remote Procedure Call (RPC) service, Windows Firewall service, and the DCOM Server Process Launcher service. Make sure they are running and set to “Automatic” or “Manual” startup type.
3. Check the system event logs, you can check the event viewer and look for error events related to the BFE service, it can give you an idea of what is causing the issue.
4. Try repairing the Windows Firewall service, you can do that by following these steps: a. Open Command Prompt as an administrator. b. Type the command “netsh winsock reset” and press Enter. c. Type the command “netsh advfirewall reset” and press Enter. d. Restart the computer.
5. Check if there are any corrupted or missing system files, you can use the System File Checker tool to scan for and fix any corrupted files.
6. If the above steps don’t work, you can try restoring your system to a previous restore point, it will help if the issue was caused by a recent change or update.

If you receive an “access is denied” error when trying to delete the BFE service using the “sc delete bfe” command, it may indicate that the service is currently in use or that you do not have the necessary permissions to delete it. Here are a few things you can try to resolve the issue:

1. Make sure you are running the command prompt as an administrator by right-clicking on the Start button and selecting “Command Prompt (Admin).”
2. Try stopping the BFE service before attempting to delete it by running the command “net stop bfe” before running “sc delete bfe”
3. Try running the command in Safe Mode, it will ensure that no other services are running and interfering with the deletion process.
4. Check if there is any other security software that is blocking the deletion process, you can try disabling them temporarily.
5. Check if the permissions of the service is set correctly, you can check that by running the command “sc sdshow bfe”
6. If the above steps don’t work, you can try using a third-party tool such as a Windows Service Manager to delete the service.

Situation: The client has a Windows 2019 server as Remote Desktop Server. They can’t access the server because of Event ID 2007: The Base Filtering Engine service hung on starting.

Troubleshooting: This issue can be caused by several factors, such as a damaged or corrupt system file, a virus or malware infection, or a conflict with another service or program. Some possible solutions include:

• Running a virus scan to check for malware
• Performing a system file check (SFC) to repair any corrupted system files, for example sfc /scanow
• Starting the service in Safe Mode and disable suspect services or software.
• Uninstalling and reinstalling the service
• Checking for conflicts with other services or programs

 

Situation: The client just configures MFA for their AD users to login GloablProtect. However, AD users can’t login.

Troubleshooting: In Monitor>System, it shows Failed authentication for user: Reason User is not in allowlist..

Resolution: Quoted from Palo Alto networks article:

If the allow list is changed to have “all” rather than specific groups, the user authenticates fine.

Resolution

This happens where the device might have been previously configured as a multi-vsys device. If, at that time, the authentication profile was created as a “shared” authentication profile, this would work fine. When the device configuration changes to be a single vsys device, the authentication profile may still be a “shared” profile (but with the single vsys). The device is no longer able to read the “shared” authentication profile.

When troubleshooting, run the following CLI command to show that the users are part of the group:

> show user group name <name>

When this group is referenced in the menu for the authentication profile, the user fails authentication. To get around this issue, create an authentication profile that is not shared and is vsys specific. The authentication profile then reads the groups correctly and authentication will work correctly, as the users are read as part of the group.

Some common server issues include:

• The wrong IP address is entered in the RADIUS server configuration.
• The shared secret is mis-typed.  Do not paste the password into the Secret field.
• The wrong IP address is entered in the RADIUS server client configuration.
• The Radius server policy may be invalid due to:
  • Wrong Windows group
  • NAS-IP address
  • PAP

 

Events can be viewed on the RADIUS server in the event viewer > system logs > IAS

Situation: The client has migrated their Exchange to Microsoft 365. When trying to connect their Exchange online using PowerShell.

$UserCredential = Get-Credential command let them to login. However,

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<ServerFQDN>/PowerShell/ -Authentication Kerberos -Credential $UserCredential

command doesn’t work with this message:

PS C:\Windows\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://abc.onmic
osoft.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
New-PSSession : [abc.onmicrosoft.com] Connecting to remote server abc.onmicrosoft.com failed with the following error
message : The WinRM client cannot process the request because the server name cannot be resolved. For more
information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
gTransportException
+ FullyQualifiedErrorId : ComputerNotFound,PSSessionOpenFailed

Resolution: Install Microsoft Exchange Online PowerShell Module on your computer. Please refer to this post:

• How to install Microsoft Exchange Online PowerShell Module on your computer

Situation: The client configures MFA for PA Firewall GloablProtect connection. It doesn’t work. in DEVICE>User Identification>User Mapping>Server Monitoring, it shows Access denied.

Case 1. Microsoft has disable WMI which used by Palo Alto as default.

Case 2: Pal Alto Agent doesn’t work or configured incorrectly.

 

 

Situation: a user has an Outlook issue, and it freezes with a popup asking for repairing. After she clicks on “repair”, it doesn’t fix the problem. Then we have her to repair it from Control Pane. That crashes the whole Office, and she can’t use Office 365 anymore.

Resolution 1: Uninstall and re-install Office 365.

Resolution 2: If uninstalling and re-installing doesn’t fix the problem, try to uninstall office 365 first by following article:

https://support.office.com/en-us/article/Manually-uninstall-Office-2013-or-Office-365-1d1110d5-75a4-4154-969e-4260ff29b232?ui=en-US&rs=en-US&ad=US

Resolution 3: If the above method doesn’t resolve your issue, try performing Clean Boot on your computer and then reinstall. Follow these steps to restart Windows 10 in the Clean Boot mode:

To restart in Clean Boot follow the steps as per the following Microsoft Article:

https://support.microsoft.com/en-us/kb/929135

 

Situation: A user reports he can’t access www.evernote.com with this message: This site can’t be reached or Web Page Blocked.

Troubleshooting: Login PA firewall and check MONITOR>URL Filtering. We find block-url policy blocks www.evernote.com because of medium-risk.

This is the definition of medium-risk Palo Alto networks.

If the user really needs it, he can download it from his home computer or WiFi without PA firewall.