OpenVPN Cannot Authenticate -Google Authenticator Code Incorrect – Android Windows 10

When trying to setup and authenticate to an AWS Instance running OpenVPN, a user could not complete a new connection to OpenVPN after entering the initial un/pwd. They receive the error: Permission denied. This is after successfully setting up the OpenVPN client on Windows 10 and scanning an Authenticator code using Google Authenticator App on a Samsung S8 Active Android mobile phone running Android 8.0.0 ‘lollipop’. Ultimately the reason the user could not authenticate was their mobile phone’s time was off by about 3 minutes. Continue below to find additional information on how to troubleshoot this and other authentication issues with OpenVPN.

When troubleshooting OpenVPN login errors it’s a good idea to first try some of the following:

Unlock a Disabled or Locked account on OpenVPN Admin console

To check for the events related to a user lockout, first log into the Admin web console > Status > Log Reports. Here you will find the errors related to bad authentication and eventually an account lockout.

The errors you may find could be the following:

Google Authenticator Code is incorrect.
LOCKOUT: user temporarily locked out due to multiple authentication failures.

To unlock a user account (if using local authentication), Login to the Admin Web Console, Go to “General” under Authentication and change Authentication to “PAM”, Save Settings > Update Running Server > “Local” > Save Settings> Update Running Server.

This procedure should unlock disabled or locked user accounts on OpenVPN.

Reset A User Account on OpenVPN

To reset a user’s OpenVPN account:

Log in to the admin web console, click on User Permissions.

Find the username, place a checkmark in the Delete column, then Apply > Save. Next, re-create the account.
Scroll to the bottom of the list, type the new user name:
Eg. jcoltrin
Save > update server

Go back find the username again in the list and hit Show:

Enter in the Local Password: (S3cr3tP@ssw0rd!)
Save > Update

Check OpenVPN for Valid Concurrent License

In the admin web console, under the Configuration menu, click License. Check to ensure that your concurrent users have not reached or exceeded the limits of your licenses (under At a glance,) or that your licenses have not expired.

Use SSH to check the logs of the OpenVPN server and get the specific errors for an individual’s login problems.

After logging into the server using Putty/SSH, you can change directory to the scripts directory:

cd
/usr/local/openvpn_as/scripts/

and then issue the command ./authcli –user <username> –pass S3cr3tP@ssw0rd

./authcli --user jcoltrin --pass S3cr3tP@ssw0rd

This will produce something similar to the following information:

Result:
API METHOD: authenticate
AUTH_RETURN
  status : COM_FAULT
  reason : An error occurred while connecting: 13: Permission denied. (twisted.internet.error.ConnectError)
  user : jcoltrin

Addtionally you can find more messages related to authentication failures in /var/log. You’ll find these messages in the latest log files:

openvpnas.log

openvpnas.log.1

Use your favorite editor (vi) to search through the logs

vi openvpnas.log

use the command / and then the username to search for that term and hit “n” to go to the next instance of your term, for example:

/jcoltrin > n > n

and then :q to quit.

Here are some typical error messages for my authentication errors:

2019-02-26 14:03:26-0800 [-] WEB OUT: "2019-02-26 14:03:26-0800 [UDSProxyQueryProtocol,client] Web login authentication failed: {'status': 1, 'reason': 'local auth failed: password verification failed: auth/authlocal:42,web/http:1609,web/http:750,web/server:126,web/server:133,xml/authrpc:110,xml/authrpc:164,internet/defer:102,xml/authsess:50,sagent/saccess:86,xml/authrpc:244,xml/authsess:50,xml/authsess:103,auth/authdelegate:308,util/delegate:26,auth/authdelegate:237,util/defer:224,util/defer:246,internet/defer:190,internet/defer:181,internet/defer:323,util/defer:246,internet/defer:190,internet/defer:181,internet/defer:323,util/defer:245,internet/defer:102,auth/authdelegate:61,auth/authdelegate:240,util/delegate:26,auth/authlocal:42,util/error:61,util/error:44', 'user': 'jcoltrin'}"
2019-02-26 14:19:40-0800 [-] WEB OUT: "2019-02-26 14:19:40-0800 [UDSProxyQueryProtocol,client] Web login authentication failed: {'status': 1, 'no_lockout': True, 'reason': 'challenge', 'user': 'jcoltrin', 'proplist': {'pvt_google_auth_secret_locked': 'true', 'prop_cli.script.win.user.connect': '[redacted]', 'pvt_google_auth_secret': '[redacted]', 'prop_autogenerate': 'true', 'prop_deny': 'false', 'prop_cli.script.win.user.disconnect': '[redacted]', 'prop_superuser': 'false', 'pvt_password_digest': '[redacted]', 'prop_cli.script.linux.user.connect': '[redacted]', 'prop_autologin': 'false', 'conn_group': 'Default', 'type': 'user_connect'}, 'client_reason': 'CRV1:R,E:[redacted]==:Enter Google Authenticator Code'}"
2019-02-26
14:20:08-0800 [-] WEB OUT: '2019-02-26 14:20:08-0800
[UDSProxyQueryProtocol,client] Web login failed
(twisted.cred.error.UnauthorizedLogin)'
2019-02-26 14:21:30-0800 [-] WEB OUT: "2019-02-26 14:21:30-0800 [UDSProxyQueryProtocol,client] Web login authentication failed: {'status': 1, 'client_reason': 'LOCKOUT: user temporarily locked out due to multiple authentication failures', 'reason': 'LOCKOUT: user temporarily locked out due to multiple authentication failures', 'user': 'jcoltrin'}"

Make sure the phone with Google Authenticator has the correct time and set the phone to sync it’s clock with the network/carrier

As mentioned at the beginning of this article, what the original login issue came down to was the Android phone, on which the Google Authenticator was running, had it’s time off by about 3 minutes. To set and change the correct time on an Android Galaxy S8 Active, first, go to Settings > General Management > Date and Time > Set/Turn on Automatic Date and Time.

I’m not sure why the value for this phone had it’s time set to not have automatic sync with the network/carrier. This may have been due to a recent android update because I found this setting off on a couple phones in the office. Ensure the time on your server is accurate as well by issuing the bash/ssh command:

date 

Your result should look like the following:

openvpnas@openvpnas2:/var/log$ date
Thu Feb 28 14:46:57 PST 2019

If this article helped you, please click on an ad to help pay for hosting and site upgrades. 🙂

Hits: 427

Solved – Cannot move files in SharePoint Online Office 365 from one folder to another folder

When attempting to move files in SharePoint Online Office365 from one folder to another you may find that you get errors or the moving process times out or fails with the error:

Error: We couldn't move the file because it's locked for editing or has been modified or deleted.

What has happened is some of the files in these folders have been marked as “checked out” or “locked”. This may have been done erroneously by a user or the status was corrupted when the files were originally uploaded into SharePoint.

Once the files are checked in, you can move them. As an alternative to moving the files, you may also be able to “Copy To…”, and then delete the original files. Again, you may not be able to delete the files you copied because the files you want to delete in SharePoint may also be locked or checked-out.

This is what worked for me:

  1. Use your favorite web browser and log into your SharePoint site (e.g. https://companyname.sharepoint.com/sites/sitename.
  2. Browse to the problem folders that contain files that you cannot move to another folder.
  3. In the folders, you should find files that are “checked out”. The files will have a green arrow icon next to the file icon.  
  4. Place a checkmark next to the file that is checked out.
  5. In the menu at the top-right choose “…”
  6. In the “…” menu, click “Discard check out”
  7. Now try moving the file with the following sequence:
  8. If the problem files are Word/Excel files, you may need to Open the files in Word or Excel first, in order to check them back in.

If this article helped you, please click on an ad to help pay for hosting and site upgrades. 🙂

Hits: 1119

How to find the Windows Experience Index in Windows 10 with Powershell

Use PowerShell to get the Windows Experience Index in Windows 10

Windows 7 has the Windows Experience Index which is used often by hardware techs to get a good idea about the kind of hardware installed in a PC. It also allows you to quickly find  where improvements can be made to get the machine to run faster. The following screenshot is an example of the Windows 7 Windows Experience Index:

You can get an idea about how fast the components of your Windows 10 computer are by running the Windows System Assessment Tool, but the readout is a little hard to understand. Skip this part (winsat formal) to get the Windows Experience Index in Windows 10 or Windows 7 with PowerShell below.

First open an elevated command prompt and run the command:

winsat formal

Below is a screenshot of the command running and it’s output. Running this tool will slow down your PC for a few minutes as it runs the tests:

Results:

The Windows Experience Index WMI modules are still available in Windows 10, however, the scores are not readily apparent in the Windows 10 system settings.
To get your Windows 10 Windows Experience Index subscores with PowerShell, first open up the Windows PowerShell ISE. Next, go to the following link: https://pastebin.com/i5M81xsV, -credit goes to reddit user:
*(as of 12/20/18 this code was no longer available on pastebin, so I’ve copied below)
$SysInfo = Get-CimInstance -Query "SELECT WinSPRLevel,CPUScore,MemoryScore,DiskScore,GraphicsScore,D3DScore From Win32_WinSAT"

    $SysParams = @{
                    Perf_WinExp_All = $SysInfo.WinSPRLevel
                    Perf_WinExp_CPU = $SysInfo.CPUScore
                    Perf_WinExp_RAM = $SysInfo.MemoryScore
                    Perf_WinExp_DSK = $SysInfo.DiskScore
                    Perf_WinExp_VID = $SysInfo.GraphicsScore
                    Perf_WinExp_D3D = $SysInfo.D3DScore
                    Perf_WinExp_AVG = "{0:N2}" -f ((($SysInfo) |
                    ForEach-Object {$_.CimInstanceProperties.Value})[0..4] |
                    Measure-Object -Average).Average
                   }
                   
    New-Object -TypeName PSobject -Property $SysParams
Copy the code into the Windows 10 PowerShell ISE and then run the script, or create a .ps1 file, and you can get the Windows Experience Index with PowerShell in either Windows 10 or Windows 7:

 

Here’s my results

Perf_WinExp_D3D : 9.9
Perf_WinExp_DSK : 7.55
Perf_WinExp_CPU : 9.1
Perf_WinExp_AVG : 8.91
Perf_WinExp_RAM : 9.1
Perf_WinExp_VID : 8.9
Perf_WinExp_All : 7.55
Here are the scores from my friend’s laptop (thanks Stan):
Perf_WinExp_D3D : 9.9
Perf_WinExp_DSK : 8.15
Perf_WinExp_CPU : 8.2
Perf_WinExp_AVG : 8.09
Perf_WinExp_RAM : 8.2
Perf_WinExp_VID : 6
Perf_WinExp_All : 6

So you can see that in my results, my WEI score would be 7.5 – where the lowest subscore determines my overall result. Looking at the scores, I can improve my score and upgrade my computer by increasing the DSK (disk) performance. To do this I would probably have to upgrade my motherboard to one that supports an NVME hard drive.

My friend’s laptop’s lowest score is VID (video) which means his laptop GPU is keeping the score low. There are a few options for upgrading a laptop GPU, such as an external GPU, but this isn’t surprising as most laptops GPUs can’t compete with a full-sized computer and GPU.

Hits: 4329

Windows 10 Creators Edition New Keyboard Shortcuts

Some new Windows Keyboard Shortcuts in Windows 10

With the release of Windows 10 Creators Edition version 1709, comes more bells, whistles, tricks, and shortcuts for us to dig into and explore. In this article, we’ll look mostly at the Windows Key shortcuts available and how the shortcuts and key combos can help us in our daily workflow.

  1. In the event you’re not already aware, the Windows Key on your keyboard (usually between the Ctrl and the Alt keys in the lower left area of most keyboards) has a lots of capabilities when held down while pressing other keys on the keyboard. Pressing this key on it’s own launches the Start Menu:
  2. Windows Key + A – Brings up the Windows Notifications SideBar. Here we can find existing notifications, switch to tablet mode, get into the windows settings panel, join a WiFi network, and change our location settings.           
  3. Windows Key + B – Select / Activate the Systray / Show Hidden Icons Expansion menu. This can come in handy as a few applications run as services and can only be accessed by right-clicking on the icon in the Systray; if your mouse stops working, this is a good shortcut to know.         
  4. Windows Key + C – Opens Cortana in Listening Mode. “Hey Cortana!” This is disabled by default and can be activated in the Cortana Settings. (Enable in Cortana > Menu > Notebook                                    
  5. Windows Key + D – Show the desktop
  6. Windows Key + E – Open File Explorer
  7. Windows Key + F – Open the Feedback Hub and Take a screenshot (this didn’t work for me)
  8. Windows Key + G – Open the X-Box Game Bar
  9. Windows Key + H – Open the Dictation control bar 
  10. Windows Key + I – Opens the Windows 10 Settings
  11. Windows Key + J – Sets focus to Windows Tips when one is available (Turn off tips in Settings > Notifications & Actions) 
  12. Windows Key + K – Open the Connect Quick action (connect to a wireless projector)                                            
  13. Windows Key + L – Lock your PC or Switch Accounts
  14. Windows Key + M – Minimize all windows
  15. Windows Key + O – Lock the device orientation (helpful for tablets)
  16. Windows Key + P – Choose a presentation display mode (Sidebar Projectors tool) 
  17. Windows Key + Q – Quick file search
  18. Windows Key + R – Open Run dialog box
  19. Windows Key + S – Open Windows Search (same as Windows Key + Q)
  20. Windows Key + T – Cycle through apps pinned to the taskbar (cycle in reverse is Windows Key + Shift + T)
  21. Windows Key + U – Open Ease of Access Center
  22. Windows Key + V – Cycle through windows notifications
  23. Windows Key + W – Opens the Windows Ink Workspace
  24. Windows Key + X – Opens the Quick Links Menu (right-click on the start menu) 
  25. Windows Key + Y – Switch input between Windows Mixed Reality and desktop (Your PC may not meet the minimum specs for Windows Mixed Reality)
  26. Windows Key + Z – Shows menus or commands available when an app is in full-screen mode.
  27. Windows Logo Key + period (.) or semicolon (;) – Opens the Windows 10 Emoji control panel 👍                                                 
  28. Windows Key + Comma (,) – temporarily peek at the desktop
  29. Windows Key + Pause/Break – Opens the System Properties
  30. Windows Key + Ctrl + F – Search for Active Directory computers on a network
  31. Windows Key + Number/Shift/Ctrl/Alt – Manage TaskView Virtual Desktops

I’m sure there are more so let me know in the comments if I missed any and let us know which are your favorites (mine is Windows Key + Pause/Break)

If this article helped you, please click on an ad to help pay for hosting and site upgrades. 🙂

Hits: 5428