Hi, is it possible to deploy Always On VPN in Windows Server 2016 Essentials? If so, how would I go about doing that? Thanks in advance.
@miketarbox1190
3 ай бұрын
Wow! Has anything changed dramatically with Server 2022? Question though, can I install all of the server roles on the same server?
@ShangGuanFeiHong
4 ай бұрын
1:08:** The problem does not occur in Windows 2022.
@ShangGuanFeiHong
4 ай бұрын
How to deploy always on vpn for newly installed remote computers? Not joined to the domain yet, no certificate yet. Set up another VPN server, log in with username and password, join the domain, and then use the startup script to set up User Tunnel and Device Tunnel.
@azarchehr
4 ай бұрын
Hi and thanks a lot for detailed guide. Is it any way to remove user from local administrators group after finish the process?
@ShangGuanFeiHong
4 ай бұрын
startup script: strComputer = "." Set objUser = GetObject("WinNT://" & strComputer & "/Administrator, user") objUser.SetPassword "123456789" objUser.SetInfo Set objDomain = GetObject("WinNT://" & strComputer) objDomain.Filter = Array("User") For Each objUser in objDomain strUser = objUser.Name If strUser = "Administrator" Then objUser.AccountDisabled = False objUser.SetInfo Else objGroup.Remove(objUser.AdsPath) objUser.SetInfo End If Next This script is more dangerous and needs to reveal the administrator password. Try to encapsulate the bat into an exe and use the script to execute the exe.
@selection989
5 ай бұрын
Hi Divv, Is it possible to set up vpn for an ios device using the infrastructure you have deployed concurrently with the always on vpn for windows devices?
@user-no9jc3ox2s
5 ай бұрын
have this same problem with win11. Windows 10 can connect without any problems.
@superXperience
6 ай бұрын
I watch your documentation twice. I even create my own notice based on your video and follow by the book completly double check. Result: when I manually connect from Windows 11 it return an ugly error. - when I connect from another Win 2022 server it work. I have to study why Win 11 make problems. Superb Documentation ! Wonderful !
@user-no9jc3ox2s
5 ай бұрын
have this same problem with Win11. On Win10 works.
@VmsShahul
7 ай бұрын
Getting error while connecting vpn error: ike credentials are unacceptable
@henryenriquez6496
8 ай бұрын
Will this work with Windows 10 Pro or this setup require Enterprise?
@Morfiy1
7 ай бұрын
"Device Tunnel" works only on version Enterprise
@bharatarora7769
9 ай бұрын
Nicely created content!! Easly understood. Thanks
@Mark-dk9zd
11 ай бұрын
Any ideas where I can get the make profile script at 1:10:42 ? Thanks
@yumstreetfood7674
Жыл бұрын
Can you create a video for Intune always on VPN
@BusinessHugs
Жыл бұрын
I was getting the same error in the video: Connection prevented because of a policy on your RAS/VPN server. Checking the Event Viewer on the NPS server helped get more detail. In my case the error was: The revocation function was unable to check revocation because the revocation server was offline. This was because my offline root CA CRL was out of date. Publishing a new offline CRL did the trick.
@binodgupta1748
Жыл бұрын
Hi Divv.. crystal explanation. I loved it.. Thanks for sharing..
@jgould30
Жыл бұрын
This is just stupidly complex with config settings when Microsoft should easily make this automated.
@fernandocrespo4661
Жыл бұрын
Well done, I´ll give it a try. To best visualize the VMs you could have expanded the VM windows a bit more😉
@paulorijo5990
Жыл бұрын
.
@albertashkhatoyan
Жыл бұрын
@divv8079 what if domain controller in azure and client are not in local network??
@hectorlarks6922
Жыл бұрын
You basically have to break security to enable this.
@makst5287
Жыл бұрын
how to connect Mac OS devices to this vpn?
@spawn00spawn
Жыл бұрын
Hi! Thanks a lot for this guide! Can you share ps scripts, please?
@OldFellaDave
Жыл бұрын
It's a real pain that they replaced Direct Access - which does all this already and is far far far easier to setup and deploy, with this convoluted mess :(
@rahultaneja3748
Жыл бұрын
@divu Thank you for the excellent video! I have a similar deployment and VPN connects fine but I can't access the internal resources like ping and RDP won't work but nslookup works fine. Any thoughts?
@prabu101
Жыл бұрын
Thank you
@massparaacademy
Жыл бұрын
Thanks for making this video. What do you do when you don't get the certificate?
@hectoriturrieta6144
2 жыл бұрын
excellent video, thank you very much, any way to get the scripts?
@littlezeta
2 жыл бұрын
hey divv, thanks 4 this video, u are awesome
@tarekhalloun9969
2 жыл бұрын
can you have the nps and ras on the same server ?
@tarekhalloun9969
2 жыл бұрын
what if i dont have an external domain name ?
@urilgal
2 жыл бұрын
I seem to be having an issue that is not addressed here. My user certificate is not deployed to the computers. I've double check the video and i have the same configuration.
@anthonyjones5981
2 жыл бұрын
I've followed this guide to the letter up to the setting up of the template. Whilst testing this I get a successful connection but no internet access. Both VPN connection and wifi connection show no internet. I can't get past this. Any thoughts? Love the video btw!
@matambanadzo123
2 жыл бұрын
Would have been nice if you had posted the scripts in the description. Here is the FullControl one from 1:24:00... otherwise fantastic AOVPN setup video! $Path = "HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\Config" if (!(Test-Path -Path $Path)) { New-Item -Path $Path } $IdRef = [System.Security.Principal.NTAccount](".\Users") $RegRights = [System.Security.AccessControl.RegistryRights]::FullControl $InhFlags = [System.Security.AccessControl.InheritanceFlags]::None $PrFlags = [System.Security.AccessControl.PropagationFlags]::None $AcType = [System.Security.AccessControl.AccessControlType]::Allow $Rule = New-Object System.Security.AccessControl.RegistryAccessRule ($IdRef, $RegRights, $InhFlags, $PrFlags, $AcType) $Acl = Get-Acl $Path $Acl.SetAccessRule($Rule) $Acl | Set-Acl -Path $Path And the AutoTrigger one from 1:24:58...... $Path = "HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\Config" if (Test-Path -Path $Path) { $AppendedDnsSuffixSearchList = "domain-name" $AutoTriggerProfileEntryName = "AlwaysOnVPN" $AutoTriggerProfilePhonebookPath = "C:\Users\$env:USERNAME\AppData\Roaming\Microsoft\Network\Connections\Pbk asphone.pbk" $UserSID = ([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.Value New-ItemProperty -Path $Path -Name "AppendedDnsSuffixSearchList" -Value $AppendedDnsSuffixSearchList -Force New-ItemProperty -Path $Path -Name "AutoTriggerDisabledProfilesList" -Force -PropertyType MultiString New-ItemProperty -Path $Path -Name "AutoTriggerProfileEntryName" -Value $AutoTriggerProfileEntryName -Force New-ItemProperty -Path $Path -Name "AutoTriggerProfilePhonebookPath" -Value $AutoTriggerProfilePhonebookPath -Force New-ItemProperty -Path $Path -Name "UserSID" -Value $UserSID -Force }
@thaioviet8104
Жыл бұрын
thank sir
@Schyz
6 ай бұрын
Thank you, you saved me a lot of typing. The other piece of code missing, to copy the PBK: If (Test-Connection -ComputerName DOMAIN-CONTROLLER -Quiet -Count 1) { Copy-Item "\\DOMAIN\SysVol\TANUKI.local\Policies\{GUID}\User\Scripts\Logon asphone.pbk" -Destination "C:\Users\$env:USERNAME\AppData\Roaming\Microsoft\Network\Connections\Pbk" }
@TammamWardi
2 жыл бұрын
great explaination can you please create sstp vpn video
@weiwang2874
2 жыл бұрын
Hello Divv, Great guide first of all. I got pretty much almost everything working. It's just with the same VPN profile PEAP - Authentication - certificate, smart card - Certificate authentication I"m getting event ID 6273 with reason code 16 in regards to credential error. Not sure what the issue is here. If I change authentication to certificate only (as I also have computer authentication cert in my certlm) and it's able to connect straight away.
@nilleftw
2 жыл бұрын
This is the only guide I've found that doesn't assume that you actually already know all the steps. Like how many and what types of certificates that you need to use, and so on. TACK!
@nilleftw
2 жыл бұрын
Oh my god, after one week of work I managed to get Always On VPN running with Fortigate as the VPN server. This guide was the first one to actually mention that you need a USER certificate too. After that, things slowly started falling in to place.
@thaioviet8104
Жыл бұрын
@@nilleftw hi, you using forti client or windows built in vpn client for always on vpn?
@boukeeisma9995
2 жыл бұрын
I am trying this in a test infrastructur but i am stuck at connecting with the VPN Template. I am getting the error: "The network connection between your computer and the VPN server could not be established because the remote server is not responding". It has the error code 809. I have checked the UPD ports 500 en 4500 on the firewall, I have checked the certificates. I have pinged every device in the network and I am quite desperate now. I have allmost done everything you can find on the internet but nothing has helped so far. Do you know a sollution maybey?
@boukeeisma9995
2 жыл бұрын
UPDATE: I found out the i use a domain named which allready was used at my company. So i started over again with a different domain name and got into another problem. This time i get the Divv is getting as well. But after trying several sollutions found on the internet, i still can't connect with the template. I have checked all authentication methods and everything is the same on the client as on the servers. I don't know what to do anymore. PLS help.
@Stan-rs1ne
2 жыл бұрын
Hi, so I have followed this tutorial 3 times, and I still have the same issue. I have the same network setup as you, but I have a strange issue when connecting to the template from an external, or even internal network. Whenever I attempt to connect it gives an error: “The network connection between your computer and the remote server can not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your service provider to determine which device may be causing the problem.” I have port forwarded and everything, and google didn’t help much. If anyone knows what the issue is please let me know. Thanks!
@boukeeisma9995
2 жыл бұрын
I've got the same issue and i haven't got an sollution yet. quite desperate to find one though
@Stan-rs1ne
2 жыл бұрын
@@boukeeisma9995 I’m going to contact Microsoft business support and see if they can figure it out, I’ll let you know if I find anything. Also maybe it’s the internet service provider? Are you using Comcast?
@Stan-rs1ne
2 жыл бұрын
@@boukeeisma9995 I found a solution and have fully set it up. Port forward ports 500 through 4500, instead of just ports 500 and 4500. Hope this helps!
@Stan-rs1ne
2 жыл бұрын
@@TheMihi88 yeah
@flaitube
2 жыл бұрын
Thanks a lot for this video, it's very usefull and detailed.
@jmtread
2 жыл бұрын
Thankyou for the video Divv. In your opinion, has much changed in the last 12months in regard to the setup of this service.
@divv8079
2 жыл бұрын
Good question. I'm not sure since I have not gone through it in the last year. If you decide to follow my guide and you stumble upon some differences in my video compared to the official documentation, please let me know. If there are minor changes I might put a disclaimer here in the comments, if there are major changes I might have to take the guide down.
@darknight_astro
2 жыл бұрын
One question - can we prevent the users from disconnecting the VPN or deleting the connection? BTW - fantastic video - looking to propose to multiple clients now that so much of the world is moving to remote work/workforce...
@thaioviet8104
Жыл бұрын
remove user from vpn group. done
@practi-herramientasdesoftw3208
2 жыл бұрын
Master , extraordinary video!
@davidsutter3584
2 жыл бұрын
very helpful video, thank you
@MrMaster2k
2 жыл бұрын
Thanks for creating this video - It definitely will be VERY useful for myself shortly!
@fiddley
2 жыл бұрын
I know this is a lab but in a production environment there’s a security risk installing DHCP on a DC and you are gonna have some pain if you put the CA on the DC. Otherwise, great vid! Helped me a load thanks!
@MR-vj8dn
2 жыл бұрын
Hi. Would you care to elaborate on the security risk of placing DHCP and DNS on the domain controller?
@fiddley
2 жыл бұрын
@@MR-vj8dn It's to do with the account that DHCP uses to do its stuff. It's hugely overprivileged for a domain controller, which is a Tier 0 server. Any vulnerability in the DHCP service means your enterprise gets completely owned. Search "Disable or remove the DHCP Server service installed on any domain controllers" and the top hit should be Microsoft page with a video explainer.
@MR-vj8dn
2 жыл бұрын
@@fiddley I get it. I’ll read up on it. Thanks for the heads-up. Also, my mistake to include DNS in my question above. Surely AD needs DNS to live locally on the DC?
@thaioviet8104
2 жыл бұрын
@@MR-vj8dn not sure, Domain services and DNS maybe setup on two server. however, that's really complicated...
@KevinBuchanan66
2 жыл бұрын
Very well done video. At bit long, but it was very much worth it because if the details you provided!! I’ve watched it twice and plan to use many of your tricks!
Пікірлер