Always On VPN and Autopilot Hybrid Azure AD Join
Windows Autopilot is a cloud-based technology that administrators can use to configure new devices wherever they may be, whether on-premises or in the field. Devices provisioned with Autopilot are...
View ArticleTroubleshooting Always On VPN Error 853
Using Windows Server Network Policy Server (NPS) servers is a common choice for authenticating Microsoft Windows 10 Always On VPN user tunnel connections. The NPS server is joined to the domain and...
View ArticleAlways On VPN Authentication Failure with Azure Conditional Access
Integrating Microsoft Azure Conditional Access with Windows 10 Always On VPN has several important benefits. The most important is that it allows administrators to improve their security posture by...
View ArticleAlways On VPN Short Name Access Failure
Using Microsoft Endpoint Manager (Intune), administrators can provision Always On VPN to devices that are Azure AD joined only. Users accessing on-premises resources from these devices can still use...
View ArticleAlways On VPN Error 853 on Windows 11
Recently I did some validation testing with Always On VPN on Windows 11, and I’m happy to report that everything seems to work without issue. However, a few readers have reported 853 errors when...
View ArticleAlways On VPN Book Available for Pre-Order
Great news! My new book, Implementing Always On VPN, is now available for pre-order on Amazon.com. This new book, scheduled for release in late 2021, is a comprehensive implementation guide for Windows...
View ArticleAlways On VPN SSTP with Let’s Encrypt Certificates
When configuring the Windows Server Routing and Remote Access Service (RRAS) to support Secure Socket Tunneling Protocol (SSTP) for Always On VPN user tunnel connections, administrators must install a...
View ArticleCertificate Connector for Intune Configuration Failure
Deploying user or device authentication certificates to support Always On VPN requires installing the Certificate Connector for Microsoft Intune. The same connector can link Intune to on-premises...
View ArticleAlways On VPN Error 13801
Certificate configuration is crucial for Always On VPN deployments. I described some specific certificates requirements for IKEv2 in this previous post. Following this guidance, administrators should...
View ArticleAlways On VPN Error 13806
As a follow-up to my last post regarding Always On VPN error 13801, this post will cover a similar and related error administrators may encounter, the 13806 error. As mentioned previously, certificate...
View ArticleAlways On VPN and TLS 1.3
Secure Socket Tunneling Protocol (SSTP) is a Microsoft-proprietary VPN protocol with several advantages over Internet Key Exchange version 2 (IKEv2) for Always On VPN user tunnel connections. SSTP uses...
View ArticleAlways On VPN Error -2146762495
Always On VPN Administrators may encounter a scenario where Always On VPN connections suddenly stop working for all clients using the Secure Socket Tunneling Protocol (SSTP) VPN protocol. IKEv2 VPN...
View ArticleAlways On VPN at MMSMOA 2022
I am excited to announce that I will be presenting at this year’s Midwest Management Summit at the Mall of America (MMSMOA) in Bloomington, Minnesota. The conference takes place the week of May 2. This...
View ArticleCertificate-Based Authentication Changes and Always On VPN
Microsoft introduced important changes affecting certificate-based authentication on Windows domain controllers as part of the May 10, 2022 update KB5014754 that may affect Always On VPN deployments....
View ArticleEndpoint Manager and Intune Learning Resources for Always On VPN Administrators
Microsoft Endpoint Manager (MEM), formerly Intune, is the recommended solution for deploying and managing Windows Always On VPN client configuration settings. Always On VPN is designed for Mobile...
View ArticleAlways On VPN at Workplace Ninja Summit 2022
The Workplace Ninja Summit takes place from 12-14 September 2022 in Lucerne, Switzerland. The conference focuses on endpoint management and security with platforms such as System Center Configuration...
View ArticleSSL and TLS Training for Always On VPN Administrators
Understanding Transport Layer Security (TLS) is essential for Always On VPN administrators. TLS (formerly Security Sockets Layer, or SSL) is used not only for Secure Socket Tunneling Protocol (SSTP),...
View ArticleAlways On VPN SSTP and HSTS
HTTP Strict Transport Security (HSTS) is a feature commonly used by websites to protect against protocol downgrade attacks, where an attacker forces the use of insecure HTTP instead of HTTPS. If...
View ArticleIntune Certificate Connector Service Account and PKCS
Microsoft Always On VPN administrators have two choices when deploying enterprise PKI certificates using Intune; PKCS and SCEP. I prefer using PKCS because it is easier to configure and manage. Also,...
View ArticleAlways On VPN Error 13868
The Internet Key Exchange version 2 (IKEv2) VPN protocol is the protocol of choice for Microsoft Always On VPN deployments where the highest levels of security and assurance are required. However, as...
View Article