Month: April 2023

DUO proxy server log: User IP not provided. Authorized Networks policies will not work for this authentication

Situation: The GloableProtect VPN user can’t get authentication from DUO.

Troubleshooting: When we check the DUO authproxy.log, we see this message: User IP not provided. Authorized Networks policies will not work for this authentication.

Based on ChatGPT:

The error message “User IP not provided. Authorized Networks policies will not work for this authentication” indicates that the Duo proxy server is unable to determine the IP address of the client making the authentication request.

This issue can occur for a few reasons:

  1. The client is not sending its IP address in the authentication request. This can happen if the client is behind a NAT or firewall that is not passing the IP address to the proxy server.
  2. The proxy server is not configured to correctly handle the client’s IP address. This can happen if the proxy server is behind a load balancer or other network infrastructure that is not correctly forwarding the client’s IP address.

To resolve this issue, you can try the following:

  1. Ensure that your client is configured to send its IP address in the authentication request. This may involve configuring your firewall or NAT to forward the IP address to the proxy server.
  2. Configure the Duo proxy server to correctly handle the client’s IP address. This may involve configuring the proxy server to use an X-Forwarded-For header or another mechanism to obtain the client’s IP address.
  3. If you are using a load balancer or other network infrastructure, ensure that it is correctly forwarding the client’s IP address to the Duo proxy server.

If none of the above steps resolve the issue, you may need to contact Duo Support for further assistance.

What we find is that the user’s phone notification is off. After having him to turn on the phone Notification, it works.

 

DUO error: Stopping protocol

There can be various reasons for this error, such as network connectivity issues, incorrect configuration settings, or problems with the Duo Authentication Proxy service itself. To troubleshoot this issue, you can start by checking the log files for the Duo Authentication Proxy service and looking for any error messages or warnings. You can also verify that the configuration settings for the Duo Authentication Proxy are correct and that the Duo server is operational.

Fixing Remote Desktop Services is currently busy

Situation: When attempting to access a RD server, you may receive this message: The task you are trying to do can’t be completed because Remote Desktop Services is currently busy.

Troubleshooting 1: It is out of the RD license.

Troubleshooting 2: Reset Stuck Client Remote Desktop Session on RDS

First of all, try to find and reset a session of the user who cannot logon to the RDS server.

Find a user in the Users tab of the Task Manager and click Log off in the context menu.

In most cases, it is enough to solve the problem. But sometimes we can find multiple hung sessions with the name (4) instead of a username in the Task Manager. As a rule, there will be 4 processes in a hung RDS user session:

  • Client-Server Runtime Process (csrss.exe)
  • Desktop Windows Manager (dwm.exe)
  • Windows Logon Application (winlogon.exe)
  • Windows Logon User Interface

To start with, try to reset all hung (4) RDS sessions in the Task Manager. If it does not help, it is better to reboot the server.

But this is often not possible, as it will affect other users’ sessions on the RDS host. So let us try to solve the problem without rebooting the host.

First, run the elevated command prompt and execute the command:

C:\>query session
SESSIONNAME USERNAME ID STATE TYPE DEVICE
services 0 Disc
rdp-tcp#5 bob 2 Active
console 3 Conn
7a78855482a04... 65536 Listen
rdp-tcp 65537 Listen

It will show all users and their remote sessions on the RDS host. There are 3 columns we need in the output: SESSIONNAME, USERNAME and ID.

Find the (4) user and the corresponding ID, in this example, it is ID 2. We must kill the csrss.exe process that is working in this session.

Now, display the list of the running process in the session ID we received earlier:

C:\>query process /id 2
USERNAME SESSIONNAME ID PID IMAGE
>system rdp-tcp#5 2 5140 csrss.exe
>system rdp-tcp#5 2 956 winlogon.exe
>umfd-2 rdp-tcp#5 2 2796 fontdrvhost.exe
>dwm-2 rdp-tcp#5 2 5888 dwm.exe

Find the csrss.exe process (check the IMAGE column) and its PID. In this case, the PID is 5140. We need to kill this process.

Now, open the Task Manager, go to the Details tab and find the PID and the process from the previous step.

If the PID we need corresponds to the csrss.exe process, kill the process by clicking End task in the context menu or by entering the following command in the command prompt:

taskkill /F /PID 5140

Do it for each (4) user if there are some of them.

Troubleshooting 3: Resetting an RDS User Session

If we were not able to log off a problem user in the Task Manager, we can try to reset an RDS user session from the command prompt:

First, open the command prompt as administrator and run the command:

query session

Copy the SESSIONNAME of the problem user.

Now enter:

reset session

Specify the session name we have instead of .

Do it for each problem RDS user session. Then we may try to log on and a problem should not occur again.

Troubleshooting 4: RDSH server memory issue

A memory leak has been found on some Windows Server 2012 R2 RDSH servers. Over time, these servers begin to refuse both remote desktop connections and local console sign-ins with messages like the following:

The task you are trying to do can’t be completed because Remote Desktop Service is currently busy. Please try again in a few minutes. Other users should still be able to sign in.

Remote Desktop clients attempting to connect also become unresponsive.

To work around this issue, restart the RDSH server.

Also refer to these post:

Remote desktop services is currently busy

The task you are trying to do can’t be completed because remote desktop services is currently busy but not others when trying to access remote computer using remote desktop?

Can’t see any Office 365 apps

Case 1: if you don’t see any apps after login Office 365, make sure you have Office 365 license.

Case 2: Today, I checked the Microsoft Office 365 and there is no apps. It is not just me. I refresh, and it is the same. Another user has the same issue, I cleaned the cookies, and browsing history and it is the same.

A: According to your description, I found that there is one Service Incident MO544165 aboutSome users may be unable to view or access Microsoft 365 apps or servicesOffice 365 admin center > Service health. Microsoft’s relevant team is investigating and working on this incident to fixing it.

I will monitor this incident. When the issue is fixed, I will update the thread information with latest information.

Below is the SI information:

Title: Some users may be unable to view or access Microsoft 365 apps or services

User impact: Some users may be unable to view or access Microsoft 365 apps or services

More info: Impacted services may include, but are not limited to: – Microsoft 365 Online apps – Users may be unable to access Microsoft 365 web apps, such as Excel Online. Additionally, the search bar may not appear in any Office Online service. – Microsoft Teams – Admins may be unable to access the Microsoft Teams admin center. – SharePoint Online – Users may be unable to view the settings gear, search bar and waffle. – Microsoft Planner – Users may be unable to access Microsoft 365 web apps through Microsoft Planner. – Yammer – The search bar is missing from the User Interface. – Outlook on the web – Users may experience slowness or latency when accessing or using the service. Microsoft Project for the Web – Users may be unable to view the waffle menu, settings, and help content. Whilst the Microsoft 365 apps may not render, users can still access the applications directly through the URL. Some examples of these include: Microsoft 365 Admin Center – admin.microsoft.com Outlook – outlook.office.com Microsoft Teams – teams.microsoft.com Word Online – microsoft365.com/launch/word Excel Online – microsoft365.com/launch/excel

Scope of impact: Impact is specific to some users who are served through the affected infrastructure.

The temporary solution could be accessing the apps directly, for example: https://outlook.oofice.com/mail for email, https://mycompnay.sharepoint.com for SharePoint.

A user account restriction is preventing you from logging on

Situation: The user is member of domain admins. However, he can’t access his remote computer using RDP with this error: A user account restriction is preventing you from logging on

Troubleshooting: We find this user is also member for Windows Protection users group which blocks him to use RDP. Please refer to this post:

 

 

 

 

You do not have sufficient privileges to delete cn=Microsoft Exchange System Objects

If you receive an error message indicating that you do not have sufficient privileges to delete the “cn=Microsoft Exchange System Objects” container in Active Directory, it’s likely that your account does not have the necessary permissions to delete this container.

Here are some steps you can take to resolve this issue:

  1. Verify that you are a member of the appropriate security groups: In order to delete the “cn=Microsoft Exchange System Objects” container, you must be a member of the Enterprise Admins and Schema Admins security groups in Active Directory. Verify that your account is a member of both of these groups.
  2. Check your permissions on the container: If you are a member of the Enterprise Admins and Schema Admins groups and still cannot delete the “cn=Microsoft Exchange System Objects” container, check your permissions on the container. You may need to modify your permissions to allow you to delete the container. To modify your permissions, right-click on the container, select Properties, and then select the Security tab. Check that you have Full Control permissions on the container. Note: You may need to re-login after assigning the full permissions.
  3. Use a privileged account: If you are still unable to delete the container, it’s possible that your account does not have sufficient privileges. In this case, you should try using a privileged account that has the necessary permissions to delete the container. Be sure to log on with this account before attempting to delete the container.
  4. Contact Microsoft Support: If you have tried the above steps and are still unable to delete the container, it’s possible that there is an issue with your Active Directory installation. In this case, you should contact Microsoft Support for assistance. They can help you diagnose and resolve any issues that may be preventing you from deleting the container.

palo palto firewall failed in virtual-router default the static route Route to WAS is not unique

The error message “palo alto firewall failed in virtual-router default the static route route to is not unique” indicates that there is a problem with the configuration of the Palo Alto firewall.

Specifically, it appears that there is a static route configured in the “default” virtual router that is not unique. This means that there are two or more routes with the same destination network and prefix length. This can cause issues with traffic routing and can lead to network connectivity problems.

To resolve this issue, you will need to review the static routes configured in the “default” virtual router and ensure that each destination network has a unique route. You may need to remove or modify duplicate routes to ensure that traffic is routed correctly.

It is also important to review the overall network topology and routing configuration to ensure that there are no other issues that could be contributing to this problem. This may involve reviewing the routing tables of other devices in the network, as well as any routing protocols that are being used.