L2TP VPN ISSUE - The network connection between your computer and the VPN server could not be established because the remote server is not responding

This new year started with issue from user that could not connected to L2TP VPN that i've setup before. This issue happend since i move VPN router under Firewall and do NAT 1:1 on it. my user reported that it shows an error below

The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because of one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections.

After searching it at microsoft forum, i found that caused by default since windows Vista and Windows Server 2008 that don't support IPSEC NAT-T security associations to servers that are behind a NAT device. If the virtual private network (VPN) server is behind a NAT device, a Windows Vista or Windows Server 2008-based VPN client computer can't make a Layer 2 Tunneling Protocol (L2TP)/IPsec connection to the VPN server. This scenario includes VPN servers that are running Windows Server 2008 and Windows Server 2003.

Because of the way in which NAT devices translate network traffic, you may experience unexpected results in the following scenario:

• You put a server behind a NAT device.
• You use an IPsec NAT-T environment.

If you must use IPsec for communication, use public IP addresses for all servers that you can connect to from the Internet. If you must put a server behind a NAT device, and then use an IPsec NAT-T environment, you can enable communication by changing a registry value on the VPN client computer and the VPN server.

Based on microsoft learn, the solution for this issue was simple. Just add a registry value named AssumeUDPEncapsulationContextOnSendRule.

follow these steps:

1. Log on to the Windows Vista client computer as a user who is a member of the Administrators group.

2. Select Start > All Programs > Accessories > Run, type regedit, and then select OK. If the User Account Control dialog box is displayed on the screen and prompts you to elevate your administrator token, select Continue.

3. Locate and then select the following registry subkey:

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

4. On the Edit menu, point to New, and then select DWORD (32-bit) Value.

5. Type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER.

6. Right-click AssumeUDPEncapsulationContextOnSendRule, and then select Modify.

7. In the Value Data box, type one of the following values:

   • 0

     It's the default value. When it's set to 0, Windows can't establish security associations with servers located behind NAT devices.

   • 1

     When it's set to 1, Windows can establish security associations with servers that are located behind NAT devices.

   • 2

     When it's set to 2, Windows can establish security associations when both the server and VPN client computer (Windows Vista or Windows Server 2008-based) are behind NAT devices.

8. Select OK, and then exit Registry Editor.

9. Restart the computer.

And now my user can connected to our L2TP VPN without error anymore.

Gracias.

Source information : here

Read More »

Windows 11 22H2 Issue to connect legacy SQL Servers

We've got a legacy SQL Server (MS SQL 2005) running in our environment, and everything was fine until one of our user use Windows 11 with latest update (22H2).

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - An existing connection was forcibly closed by the remote host.) (Microsoft SQL Server, Error: 10054)

The answer most likely is updating my Cipher Suite, Windows 22H2 changed the default TLS Cipher Suites. The following were removed from the default "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_3DES_EDE_CBC_SHA" per article https://learn.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-11

I ran into the same issue, so I just updated the SSL Cipher Suite per instructions https://support.microsoft.com/en-us/topic/update-to-add-new-cipher-suites-to-internet-explorer-and-microsoft-edge-in-windows-548427db-ed06-5521-fe8b-d525ab573022. follow these steps:

1. At a command prompt, enter gpedit.msc, and then press Enter. The Local Group Policy Editor is displayed.

2. Go to Computer Configuration > Administrative Templates > Network > SSL Configuration Settings.

3. Under SSL Configuration Settings, select SSL Cipher Suite Order.

4. In the SSL Cipher Suite Order pane, scroll to the bottom.

5. Follow the instructions that are labeled How to modify this setting.

6. Restart your windows to apply config.

The list I used was the one that was used for Windows prior to the 22H2 (22621.819) update.

TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA,TLS_PSK_WITH_AES_256_GCM_SHA384,TLS_PSK_WITH_AES_128_GCM_SHA256,TLS_PSK_WITH_AES_256_CBC_SHA384,TLS_PSK_WITH_AES_128_CBC_SHA256,TLS_PSK_WITH_NULL_SHA384,TLS_PSK_WITH_NULL_SHA256

Disclaimer: Please be advised that this response is to answer the question that was given and obviously does not follow best practice procedures. Microsoft disabled this encryption for a reason. If you are like me and have older servers that need to keep running while you come up with a long-term solution to discontinue them then the above solution will keep you operational.

Read More »

CITRIX : Unable to launch your application. Contact your help desk with the following information: Cannot connect to the Citrix XenApp server. There is no Citrix XenApp server configured on the specified address.

 

Our client facing problem with citrix apps, it always show an error below

Unable to launch your application. Contact your help desk with the following information: Cannot connect to the Citrix XenApp server. There is no Citrix XenApp server configured on the specified address.

This happen when we move the server to new cluster Data Centre.

From the error message, it said that citrix ICA had a problem with network interface.  And regarding our colleague statement, he had change the network interface to solve another issue.

To solve this issue, i do the following :

1. Open terminal service configuration at you Citrix Server

2. From connection, see ICA-tcp connection, and open it properties.

3. Select network adapter tab. Change network adapter to interface now active. Appy and OK.

4. Restart Citrix Service Manager services

5. Back to ICA-tcp properties, and rollback network adapter into “all network adapter configured” 

6. Restart again  Citrix Services Manager services

Now the issue has solve.

 

 

Read More »

CITRIX APPS : The following requested video mode was not available

My colleague ask me about error from her citrix terminal, when she try to open application from citrix apps, it always show an error like picture below.

"The following requested video mode was not available: 1920 x 1080 x 24 BPP

The video mode has been set to the following mode: 1847 x 1038 x 24 BPP

Video mode restricted by administrator. " 

This was due to the fact that not enough memory had been allocated to the graphics for individual client sessions to support the resolution on larger monitors. This can be resolved by modifying the Farm ICA Display settings in the Citrix Access Management Console. Right click on the Farm object in the Citrix Access Management Console and choose ‘Properties’. Then under ‘Server Default’, ICA, click on ‘Display’. Change ‘Maximum memory to use for each sessions’s graphics’ from the default (in my case 5625) to 8192 as shown below:

After increasing the memory available for each sessions graphics, you should find that Citrix is able to support the higher resolutions OK.

Read More »

EVENT : InfoKomputer Innovate Menjaga Data Resiliency di Era Penuh Disrupsi

Data memegang peran penting dalam perusahaan saat ini. Sebuah studi menyebut, 58% perusahaan menjadikan data sebagai bagian penting dari proses pengambilan keputusan. Tidak heran jika 64% perusahaan memiliki target mengembalikan operasional perusahaan kurang dari satu jam setelah terjadi disrupsi. Karena itu, penting bagi setiap organisasi untuk memastikan keandalan infrastruktur datanya dalam menghadapi disrupsi, baik dari sisi internal maupun eksternal. Perusahaan harus memahami bagaimana membangun infrastruktur data yang tangguh, langkah preventif apa yang bisa dilakukan, serta bagaimana strategi untuk mengatasi disrupsi yang terjadi. Pada seminar ini, akan hadir narasumber yang memiliki pengalaman panjang seputar data resiliency. Mereka akan berbagi tentang strategi dan best practice menjaga keutuhan data, seperti saat terjadi data loss, data breach, sampai kegagalan sistem.  Acara akan diadakan pada: ·  Hari: Selasa, 23 Mei 2023 ·  Waktu: 09.00-12.00 WIB ·  Lokasi: Aurum Room, Lantai 2 Pullman Hotel Thamrin CBD Mari bergabung di seminar ini untuk mendapatkan insight menarik dari pakar di bidangnya, yang akan membantu memastikan keutuhan data dan keberlangsungan bisnis perusahaan Anda.   DAFTAR DISINI

Read More »

EVENT : Fortinet Accelerate Asia 2023

 Kami ingin mengundang Bapak untuk menghadiri acara "Fortinet Accelerate Asia 2023" yang akan diselenggarakan pada:

Hari                          : Selasa, 30 May 2023

Main Session           : 09.30 - 13.00 WIB

Tracking Session      : 13.00 - 16-30 WIB

Tempat                     : Raffles Hotel Jakarta, Ciputra World, Jl. Prof. DR. Satrio Kav 3 – 5, Jakarta Selatan.

Bergabunglah bersama kami dalam acara FORTINET Accelerate Asia 2023 dan dapatkan informasi bagaimana Fortinet memberikan visibilitas yang belum pernah ada sebelumnya dan bertemu para ahli FORTINET untuk mempelajari cara menerapkan Zero Trust, SASE, Hybrid Mesh Firewall, dan Automated SOC anda.

Karena tempat terbatas, segera registrasikan diri anda melalui tautan berikut: http://bit.ly/Fortinet-Accelerate2023

Acara ini free of charge (tidak dipungut biaya) serta dapat diikuti oleh 5 orang dalam 1 perusahaan 

Terima Kasih, 

Fortinet

Read More »

Error: Could not access network location components when installing Citrix web plug-in version 11.2 or higher

 This error appears when trying to install the Citrix web plug-in version 11.2 or higher.

Answer:

Note : Incorrect changes to registry settings can cause serious system problems that may be irreversible without reinstallation of the operating system. You must back up your registry before making any registry changes. We are not responsible for damage resulting from incorrect use of the Registry Editor.

1. Click Start > Run and type in "regedit" and click ok
2. Browse to HKEY_LOCAL_MACHINE > Software > Mozilla and rename this key
3. Browse to KHEY_CURRENT_USER > Software > Mozilla and rename this key
4. Launch the Citrix Web Plug-in installer
5. Once complete, go back into the Registry Editor and remove previous changes to the keys mentioned in steps 2&3

Source : Blackbaud

Read More »

User CUCM cannot access CUCM Self Portal

Tadi pagi dapat info dari teman yang standby di kantor, bahwa ada user yang tidak bisa mengakses url CCM User miliknya untuk menambahkan speed dials. Informasi yang di peroleh, bahwa tidak ada hak akses untuk user tersebut.

Saat ini di kantor menggunakan CUCM versi 11.

Dari error diatas, diketahui bahwa sepertinya user yang dimaksud tidak memiliki groups CCM End User. Dan benar saja, ketika di cek tidak ada group tersebut.

Langsung saja gue infokan ke teman untuk menambahkan group CCM User, dan akhirnya user tersebut sudah bisa mengakses laman dari user portalnya sendiri.

Read More »

Membuat prioritas bandwidth untuk Zoom di Mikrotik

* Membuat address list server zoom, server zoom menggunakan port 3478,3479,5090,5091,8801-8810, jadi kita tandai dahulu koneksi yang menggunakan port tersebut dan ip tujuannya disimpan kedalam address list.

 /ip firewall mangle

add chain=prerouting dst-address-list=!zoom_ip dst-port=3478,3479,5090,5091,8801-8810 protocol=tcp action=add-dst-to-address-list address-list=zoom_ip;

add chain=prerouting dst-address-list=!zoom_ip dst-port=3478,3479,5090,5091,8801-8810 protocol=udp action=add-dst-to-address-list address-list=zoom_ip;

* Menandai setiap koneksi baru yang menggunakan akses ke port 3478,3479,5090,5091,8801-8810 baik tcp ataupun udp.

/ip firewall mangle

add chain=prerouting protocol=tcp dst-port=3478,3479,5090,5091,8801-8810 action=mark-connection new-connection-mark=koneksi_zoom passthrough=yes;

add chain=prerouting protocol=udp dst-port=3478,3479,5090,5091,8801-8810 action=mark-connection new-connection-mark=koneksi_zoom passthrough=yes;

* Menandai port 80 atau 443 yang digunakan oleh address list Zoom.

/ip firewall mangle 

add chain=prerouting protocol=tcp dst-port=80,443 dst-address-list=zoom_ip action=mark-connection new-connection-mark=koneksi_zoom passthrough=yes

* Menandai Packet Zoom, menggunakan tanda zoom koneksi yang sebelumnya dibuat diatas. Tanda Packet ini yang nantinya akan kita pergunakan untuk dibuat bandwidth managementnya

/ip firewall mangle

add chain=forward action=mark-packet connection-mark=koneksi_zoom new-packet-mark=paket_zoom passthrough=no

* Membuat queue 

/queue simple  

add name="Queue ZOOM" target=10.88.44.0/24 parent=none packet-marks=paket_zoom priority=1/8 queue=default-small/default-small limit-at=0/0 max-limit=100M/100M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s bucket-size=0.1/0.1 

add name="LAN" target=10.88.44.0/24 parent=none packet-marks="" priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=100M/100M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s bucket-size=0.1/0.1 

Read More »

Kolom Microsoft Excel berubah menjadi Angka

 Hai,

Sudah lama ternyata tidak membuat tulisan di blog ini. Sampai akhirnya blog ini mulai seperti mati suri.

Sebagai tulisan pertama gue setelah hiatus, gue mau share kejadian tadi di kantor.

Tadi pagi ada sesebapak atasan yang manggil gue untuk dilakukan pengecekan terhadap aplikasi Microsoft Excel beliau. Keluhannya adalah formula Excelnya error dan karena beliau juga ga fasih bahasa indonesia dan gue pun ga fasih bahasa bapak itu, akhirnya kita diskusi dengan bahasa bahu. wkwkwk.....

Setelah dicek, ternyata error yang dimaksud adalah sebagai berikut :

Terlihat bahwa Formula penjumlahan yang ditampilkan menggunakan format R1C1 Style.

Langsung ga pake lama, gue lakuin ini :

1. Buka Tab File, Pilih Options.
2. Di menu Options, pilih Tab Formula
3.  Pada menu Working with Formulas, matikan ceklis pada pilihan R1C1 reference style.

dan Voila,, Microsoft Excelnya kembali normal dengan tampilan seperti biasa.

CMIIW

Read More »