Always On VPN and Network Policy Server (NPS) Load Balancing
Load balancing Windows Server Network Policy Servers (NPS) is straightforward in most deployment scenarios. Most VPN servers, including Windows Server Routing and Remote Access Service (RRAS) servers...
View ArticleAlways On VPN and IKEv2 Fragmentation
The IKEv2 protocol is a popular choice when designing an Always On VPN solution. When configured correctly it provides the best security compared to other protocols. The protocol is not without some...
View ArticleDenying Access to Always On VPN Users or Computers
Once Windows 10 Always On VPN has been deployed in production, it may be necessary at some point for administrators to deny access to individual users or computers. Commonly this occurs when an...
View ArticleAlways On VPN and Azure MFA ESTS Token Error
Configuring Multifactor Authentication (MFA) is an excellent way to ensure the highest level of assurance for Always On VPN users. Azure MFA is widely deployed and commonly integrated with Windows...
View ArticleRenew DirectAccess Self-Signed Certificates
Important! Updated July 15, 2019 to support all versions of Windows Server including Windows Server 2012 and 2012 R2. Also added functionality to renew self-signed certificates individually. When...
View ArticleAlways On VPN Clients Prompted for Authentication when Accessing Internal...
When deploying Windows 10 Always On VPN using Protected Extensible Authentication Protocol (PEAP) with client authentication certificates, the administrator may encounter a scenario in which the user...
View ArticleAlways On VPN Users Prompted for Certificate
When deploying Windows 10 Always On VPN using Protected Extensible Authentication Protocol (PEAP) authentication with client certificates, administrators may find the VPN connection does not establish...
View ArticleAlways On VPN Device Tunnel and Certificate Revocation
Recently I wrote about denying access to Windows 10 Always On VPN users or computers. In that post I provided specific guidance for denying access to computers configured with the device tunnel. To...
View ArticleMicrosoft Intune NDES Connector Setup Wizard Ended Prematurely
A Windows Server with the Network Device Enrollment Service (NDES) role can be provisioned on-premises to support certificate deployment for non-domain Windows 10 Always On VPN clients. In addition,...
View ArticleMicrosoft Intune NDES Connector Error 0x80004003
To support certificate deployment for non-domain Windows 10 Always On VPN clients, a Windows Server with the Network Device Enrollment Service (NDES) role can be provisioned on-premises. In addition,...
View ArticleAlways On VPN Error Code 858
When configuring Windows 10 Always On VPN using Extensible Authentication Protocol (EAP), the administrator may encounter a scenario in which the client connection fails. The event log will include an...
View ArticleAlways On VPN Device Tunnel Only Deployment Considerations
Recently I wrote about Windows 10 Always On VPN device tunnel operation and best practices, explaining its common uses cases and requirements, as well as sharing some detailed information about...
View ArticleAlways On VPN Updates for Windows 10 2004
Microsoft recently made available an update for Windows 10 2004 that includes many important fixes for outstanding issues with Windows 10 Always On VPN. KB4571744 (build 19041.488) addresses many...
View ArticleAlways On VPN Continue Connecting Prompt
Using the Extensible Authentication Protocol (EAP) with client certificates is the recommended best practice for authentication for Windows 10 Always On VPN deployments. EAP, and especially Protected...
View ArticleAlways On VPN and Autopilot Hybrid Azure AD Join
Windows Autopilot is a cloud-based technology that administrators can use to configure new devices wherever they may be, whether on-premises or in the field. Devices provisioned with Autopilot are...
View ArticleTroubleshooting Always On VPN Error 853
Using Windows Server Network Policy Server (NPS) servers is a common choice for authenticating Microsoft Windows 10 Always On VPN user tunnel connections. The NPS server is joined to the domain and...
View ArticleAlways On VPN Short Name Access Failure
Using Microsoft Endpoint Manager (Intune), administrators can provision Always On VPN to devices that are Azure AD joined only. Users accessing on-premises resources from these devices can still use...
View ArticleAlways On VPN Error 853 on Windows 11
Recently I did some validation testing with Always On VPN on Windows 11, and I’m happy to report that everything seems to work without issue. However, a few readers have reported 853 errors when...
View ArticleAlways On VPN Book Available for Pre-Order
Great news! My new book, Implementing Always On VPN, is now available for pre-order on Amazon.com. This new book, scheduled for release in late 2021, is a comprehensive implementation guide for Windows...
View ArticleAlways On VPN SSTP with Let’s Encrypt Certificates
When configuring the Windows Server Routing and Remote Access Service (RRAS) to support Secure Socket Tunneling Protocol (SSTP) for Always On VPN user tunnel connections, administrators must install a...
View Article
More Pages to Explore .....