Cisco AnyConnect VPN client v4.9 will not connect
Cisco (AnyConnect) Tuesday, 06 April 2021 by paul

After upgrading AnyConnect client to v4.9 it will not connect to VPN server. The error displayed is “The cryptographic algorithms required by the secure gateway do not match those supported by AnyConnect. Please contact your network administrator”.

The release notes for v4.9 (https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/release/notes/release-notes-anyconnect-4-9.html) show that support for specific cipher suites have been depreciated:

For SSL VPN, AnyConnect no longer supports the following cipher suites from both TLS and DTLS: DHE-RSA-AES256-SHA and DES-CBC3-SHA

For IKEv2/IPsec, AnyConnect no longer supports the following algorithms:

  • Encryption algorithms: DES and 3DES
  • Pseudo Random Function (PRF) algorithm: MD5
  • Integrity algorithm: MD5
  • Diffie-Hellman (DH) groups: 2, 5, 14, 24
  • For a list of supported cryptographic algorithms and cipher suites, refer to the AnyConnect Secure Mobility Client Features, Licenses, and OSs, Release 4.9 feature guide.

Modifying the VPN config to remove the depreciated cipher suites does not resolve the issue.

Running the commands below allows you to debug the connection:

debug crypto ikev2 platform 255

debug crypto ikev2 protocol 255

Looking through the output when testing the connection includes the errors below:

IKEv2-PLAT-2: Failed to create an IKEv2 Proposal because an AnyConnect Premium license is required to support an IKEv2 remote access connection using NSA Suite B algorithms
IKEv2-PLAT-2: unable to build ikev2 policy

Searching for the reason for this error returns the Cisco Bug: https://quickview.cloudapps.cisco.com/quickview/bug/CSCur95551

The v4.9 now only supports Suite-B algorithms which requires an AnyConnect Premium license (replaced by Plus or Apex licenses) and the ASA was configured to use an AnyConnect Essentials license.

Disabling the AnyConnect Essentials license fixed the issue.

Team Owner cannot add Planner to a channel
Office 365 (Teams) Thursday, 25 February 2021 by paul

Teams user, who is an owner of the Team, cannot add a Planner tab to a channel.

This is a known issue: https://docs.microsoft.com/en-us/microsoftteams/troubleshoot/known-issues/teams-owner-cannot-create-planner-tab

Adding the user as a member to the Microsoft Office 365 Group, used by the Team, fixes the issue.

Microsoft Team Creation Date script
Office 365 (Teams) Monday, 01 February 2021 by paul

With Teams the Admin center does not currently give any information on when a Team was created. The PowerShell script below will list all the Teams and the date when they were created.

# List All Teams and creation date

Import-Module MSOnline
Import-Module MicrosoftTeams

[string]$username = "[email protected]"
$cred = New-Object System.Management.Automation.PSCredential

# Connect to Exchange powershell
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $session

# Connect to Teams powershell
Connect-MicrosoftTeams 

Write-Host "Getting Teams..."
$Teams = Get-Team

$teamdata = @()

Write-Host "Getting UnifiedGroup data..."
foreach($Team in $Teams)
{
	$TeamUG = Get-UnifiedGroup -Identity $Team.GroupId
	$teamdata += @(
		[pscustomobject]@{
		DisplayName = $Team.DisplayName
		CreationDate = $TeamUG.WhenCreated
		}
	)
}

# display results
$teamdata | sort displayname

 

Kace 11 script logs issue
Kace (agent) Monday, 01 February 2021 by paul

After upgrading to v11 of Kace SMA we have seen an issue with scriptiing logs.

In the Scripting Logs section of the Device Inventory when selecting "View Logs" it displays a window with no data.

This is a known issue with Kace v11. It will be fixed in v11.1 which is tentatively scheduled for a May 17th 2021 release.

The workaround provided by Quest support is to use "search scripting logs" in the Scripting section.

Kace 11 quarantine notifications
Kace (quarantine) Monday, 01 February 2021 by paul

Kace SMA v11 includes a Quarantine section for Kace Agent which do not have a valid token. To get alerted when new agents get stuck in quarantine you can run a report to email you when there are any.

1. Create a new report (SQL Wizard)

2. Enter the query "SELECT * FROM ORG1.AGENT_QUARANTINE_ORG_VIEW WHERE APPROVED_BY = 0"

3. Schedule to run daily and email whoever needs to know.

 

Page 1 of 88 (441 Articles) << 1 2 3 4 5  Next >>