Common FortiClient SSL VPN errors

This is a repost of a post from an old blog, made on July 13, 2012, that used to be on:

http://wp.me/p25nt4-71

http://adminramble.com/common-forticlient-ssl-vpn-errors/

Original post:

I see from the stats that one of the posts with the most visits is the one about the FortiClient SSL VPN error “the vpn server may be unreachable. (-5)” so i decided to add another post describing some of the most common errors that may come up when connecting to FortiGate with SSL VPN.

  1. Connecting process stops at 10, error “Unable to establish the VPN connection. The VPN server may be unreachable.”

    This is most commonly caused by, either the firewall blocking any kind of traffic towards the VPN server IP address or the FortiClient application itself by the firewall on the host or on the network, or either by routing errors towards the IP address of the VPN server.
    The problem can usually be solved by adjusting the host or network firewall rules on the client side.
    Sometimes in rare cases I have found the problem is caused by error on the FortiGate device, in this case no one is able to connect to the VPN neither using SSL VPN or IPsec but the internal networks can go to all local networks and the external internet connection. In that case a simple reboot of the device solves the problem.

  2. Connecting process stops at 80, error “Unable to logon to the server. Your username or password may not be configured properly for this connection. (-12)”

    As the error states itself the most common problem is that either the username or the password isn’t matching the one of the device.
    Other problems might be:
    – the user is not in the correct user group that has VPN access (either the local firewall group or the LDAP server group if you’re using one)
    – there isn’t a corresponding firewall policy rule that allows access for the user group to any of the internal networks. You need to have the rule from the wan interface to one of the internal interfaces with action SSL-VPN and select the group of users which will have access, check if your user is in correct group.
    – you might be trying to connect to VPN from the wrong side of the interface (from one of your internal networks or from the network of one of the sites you already have a site to site connection.
    – UPDATE: Special characters are being used in the password. (See this serverfault thread)

  3. Connecting process stops at 40, error “Unable to establish the VPN connection. The VPN server may be unreachable -5”

    As you can see in one of my earlier posts “the vpn server may be unreachable. (-5)”,  the problem can sometimes be caused by some sort of VNC server on the machine.
    Other possible problems can be:
    – the firewall rules on local machine, or on the network gateway ( I have rarely found      this to be the problem with this error)
    – problems with the FortiGate device, in most of the time the device would be the problem and the problem would go away after the reboot of the FortiGate device, but would come again after the few days. In this case the problem would most of the time be with the extensive logging of the traffic and the events on the device. So try to remove  traffic logging on some of the rules or events.

Windows 2008 server hangs at “Applying user settings”, services not working

This is a repost of a post from an old blog, made on July 17, 2012, that used to be on:

http://wp.me/p25nt4-7f

http://adminramble.com/windows-2008-server-hangs-applying-user-settings-services-working/

Original post:

Today I had a problem with one of my test servers that was running Windows 2008, I was doing some work with IIS and certificates and after rebooting I wasn’t able to connect to it with Remote Desktop, also I wasn’t able to connect to the web sites that were on it, but it responded to ping requests.

When I tried to connect to it locally, after entering username and password it would just stay on the “Applying user settings” screen.

The solution to this is very simple:

  1. Either wait for you server to eventually finish the logon process or reboot it in the safe mode with F8
  2. Open registry editor with regedit
  3. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP and create the following Multi-string value: DependOnService
  4. Double click the entry, enter CRYPTSVC in the Value Data field and click OK
  5. Reboot your server to Normal mode

You can also solve the problem with the Hotfix available from Microsoft.

NOTE: the KB article states that this happens on Windows Vista and Server 2008 with Service Pack 2, but in my case I had Windows Server 2008 Service Pack 1.

How to convert batch of doc files to docx, this should also work for ppt and xls files

This is a repost of a post from an old blog, made on July 23, 2012, that used to be on:

http://wp.me/p25nt4-7r

http://adminramble.com/convert-batch-doc-files-docx-work-ppt-xls-files/

Original post:

Today I had to need to convert a bunch of old Office 2003 .doc files to a new Office 2010 .docx, file format, since it was a few hundred files that I had to convert I started looking for a easiest way to do it, after a few minutes of Google search through solutions with using macros I find one that doesn’t require any macros or programming on this blog.

You can do it using Microsoft Office Compatibility Pack and Microsoft Office Migration Planning Manager.

Here are the steps needed for a bulk conversion from .doc to .docx:

  1. Download Microsoft Office Migration Planning Manager (MigrationPlanningManager.exe, 2.7 MB)
  2. Download Microsoft Office Compatibility Pack (FileFormatConverters.exe, 37.0 MB)
  3. Extract Office Planning Manager (OMPM) to some directory (I used d:\doc2docx for example here)
  4. Go to Tools directory where you extracted OMPM (in my case d:\doc2docx\Tools)
  5. edit the ofc.ini file for following lines: 
    FullUpgradeOnOpen=1
fldr='path to directory with .doc files you want to convert'
DestinationPathTemplate='path to where you want to save converted files'

    Your ofc.ini file should look something like this:

    [Run]
LogDestinationPath=C:\OMPM\OFCLogs

TimeOut = 300

[ConversionOptions]
; FullUpgradeOnOpen: if set to 1, Word documents will be fully converted to the OpenXML format
;                    if set to 0 (default), Word documents will be saved in the OpenXML format in compatibility mode
; Not applicable to Excel or PowerPoint files.
FullUpgradeOnOpen=1

CABLogs=1

MacroControl=0


[FoldersToConvert]
fldr=d:\doc2docx\Files2convert

[ConversionInfo]
SourcePathTemplate=*\*\*\
DestinationPathTemplate=d:\doc2docx\ConvertedFiles
  6. open command prompt and run ofc.exe from Tools directory (in my case D:\doc2docx\Tools\ofc.exe), you should get a message like this one: 
    d:\doc2docx\Tools>ofc
Microsoft Office File Converter version 12.0.4518.1032
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
Automatically converts Office documents to 2007 Microsoft Office system file for
mat based on settings in the OFC.INI control file.
Converting files from folder d:\doc2docx\Files2convert
Converting: d:\doc2docx\Files2convert\4thFile.doc Writing converted file to: d:\
doc2docx\ConvertedFiles\4thFile(1).docx
Converting: d:\doc2docx\Files2convert\File1.doc Writing converted file to: d:\do
c2docx\ConvertedFiles\File1(1).docx
Converting: d:\doc2docx\Files2convert\FileNo3.doc Writing converted file to: d:\
doc2docx\ConvertedFiles\FileNo3(1).docx
Converting: d:\doc2docx\Files2convert\SecondFile.doc Writing converted file to:
d:\doc2docx\ConvertedFiles\SecondFile(1).docx
Converting: d:\doc2docx\Files2convert\ThisIsFile5.doc Writing converted file to:
 d:\doc2docx\ConvertedFiles\ThisIsFile5(1).docx
Start: 2012-07-23 16:05:12
End: 2012-07-23 16:05:17
Total time used to convert files (sec): 4
Total number of files processed: 5
Total number of files converted: 5
Conversion Complete.
d:\doc2docx\Tools>

How to reset lost root password on SUSE Linux Enterprise Server

I had to use one of my virtual machines that I didn’t use for a while today, and of course  I couldn’t remember the password I used for it, so I had to change it.

Here is how to reset a forgotten root password on Novell SUSE

This is a guide for Novell SUSE Linux Enterprise Server 10 SP3.

On the boot menu select the first option “SUSE Linux enterprise server” and press ‘e’ for edit.

SLES boot menu
SLES boot menu

On the second menu select the kernel option and press ‘e’ for edit.

Select kernel line
Select kernel line

type init=/bin/bash (leave empty space at the begging), and press ‘Enter’ and then ‘b’ to boot with that option.

Add init=/bin/bash one the end of the line
Add init=/bin/bash one the end of the line

The system will boot with the root user logged on, type passwd to change the password and input your new password, or just press ‘Enter’ for no password (blank password)

Use passwd to change root password
Use passwd to change root password
Reboot the server and log on with your new password.

Fixed: Unable to install Cisco IPSec VPN client, error 27850, The file ‘dneinobj.dll’ on Deterministic Network Enhancer disk is needed

This is a repost of a post from an old blog, made on August 9, 2012, that used to be on:

http://wp.me/p25nt4-84

http://adminramble.com/fixed-unable-install-cisco-ipsec-vpn-client-error-27850-file-dneinobj-dll-deterministic-network-enhancer-disk-Windowsneeded/

Original post:

I had to install a Cisco VPN client 5.0.07. to a Windows XP Embedded computer today and during installation I got a Files Needed message “The file ‘dneinobj.dll’ on Deterministic Network Enhancer disk is needed

If I would click cancel I would get a Installer Information with message “Error 27850. Unable to manage networking component. Operating system corruption may be preventing installation“.

I never got this message on any other computer when installing Cisco VPN client, so a searched a computer with an installed Cisco client on it for the named files and transferred the files from there. Besides dneinobj.dll file you might also get the same message about the files dne32x.sys, dne64x.sys, dne2000.cat, dne2000.exe, dne2000.inf, DNE2000.sys, dne2000m.cat,dne2000m.inf that they are needed.

If you get the Files needed message about any of the files listed above try this:

  • Go to the computer with an installed Cisco VPN client and find the missing file on it. It’s likely going to be either in C:\Windows\System32 or C:\Program Files\Common Files\Deterministic Networks folder, you can also take the missing files from the following zip file DNE
  • Copy the folders to the computer where the files are missing and when you get the Files needed message press the Browse button and select the location where you copied the files