Wednesday, May 9, 2018

L2TP VPN connection error to Windows Server 2012 RRAS

Windows server 2012 resides behind router / NAT with UDP ports 500, 4500 and 1701 forwarded to the IP address of the server. Server RRAS VPN configured correctly accepting PPTP connections from multiple MAC and Windows VPN clients with no issues (except newer Mac OS Sierra with PPTP protocol removed from the list of available VPN options).

In my case I was able to connect via my MAC VPN client with no problem... However, Windows VPN client would throw Error 809... Below is a solution which worked for me:

Reference article here: https://www.sonicwall.com/en-us/support/knowledge-base/170505534382415

Step 1: Login to the PC as Administrator if your current user account is not a member of local Administrators group.
Step 2: Click Start | Run or Start | All Programs | Accessories | Run and type regedit
.
Step 3: Locate the entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent.
Step 4: Create a new DWORD (32-bit) value (Edit | New).
Step 5: Add AssumeUDPEncapsulationContextOnSendRule and save.
Step 6: Modify the new entry and change Value Data from 0 to 2.

Value 0 -| Cannot establish security associations with servers that are located behind NAT devices.
Value 2 -| Can establish security associations with servers that are located behind NAT devices.


Do not forget to reboot your computer!

Saturday, November 11, 2017

QuickBooks 2018 - Fatal Error during installation. .Net Framework 4.5.2 - 4.6 or 4.7 installation or update failure.

QuickBooks installation may fail due to missing dependency, Microsoft .Net Framework for example may fail to install in the background. If you dig deeper you may discover that some of Microsoft .Net Framework versions 4.5.2 and higher updates, and some developer tools updates may also left a trail of failed updates under Windows Updates.


There are multiple suggestions on how to resolve this issue with a few relevant threads listed below (These suggestions should work for Windows 7 and newer operating systems):

 https://answers.microsoft.com/en-us/windows/forum/windows8_1-update/unable-to-install-kb2934520-microsoft-net/612c22cf-aa10-4ccf-814f-3593430bdb5d

 https://www.sysnative.com/forums/windows-update/17659-story-goes-net-framework-4-6-installation-issue.html#post137014

 https://blogs.msdn.microsoft.com/vsnetsetup/2014/10/27/error-997-overlapped-io-operation-is-in-progress-kb2918614-breaks-windows-installer-service/

Even tough my Windows Installer and Updater were not damaged and official Microsoft .Net Framework cleanup and fix-it tools did not work, last thread managed to point me in the right direction. Apparently there is a problematic security update Microsoft released a few years ago which may mess with a few critical MSI packages: https://support.microsoft.com/en-us/help/2918614/ms14-049-description-of-the-security-update-for-windows-installer-serv


Below is what resolved my .Net Framework installation error:

Click Start, click Run, type regedit in the open box, and then click OK.

Locate and then click the following subkey in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer

On the Edit menu, point to New, and then click DWORD Value. Type SecureRepairPolicy for the name of the DWORD, and then press Enter.

Right-click SecureRepairPolicy, and then click Modify. In the Value data box, type 1, and then click OK.



Locate and then click the following subkey in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer

On the Edit menu, point to New, and then click Key. Type SecureRepairWhitelist for the name of the key, and then press Enter.

Everything below might be optional and you can save your registry settings and reboot your computer right here. Try this and leave a comment if this works or not.

Double-click the SecureRepairWhitelist key to open it. On the Edit menu, point to New, and then click String Value. Create String Values that contain the product codes (including braces {}) of the products that have to be added to the Safe Recipients list.


I've managed to find my .Net Framework 4.6 product code in the installation log file but I've also managed to install .Net Framework 4.7 and developer tools update without entering their respective product codes into registry. Microsoft article provides further instructions on finding product codes through their SDK Orca tool, but we probably want to keep this fix as simple as possible.

Monday, August 14, 2017

Unlock Windows "Hello" face recognition in a domain environment.

Direct reference: https://social.technet.microsoft.com/Forums/en-US/84a0bd50-1360-4a94-bfb3-b049ecace521/pin-and-fingerprint-signin-options-unavailable-greyed-out-in-windows-10-1607-enterprise?forum=win10itprogeneral


If feature is locked (grayed out) under Windows 10 setting, open registry and add following entry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"AllowDomainPINLogon"=dword:00000001