Tutorial – Deploy Always On VPN

AlwaysOn VPN

Always On VPN provides a single, cohesive solution for remote access and supports domain-joined, non-domain-joined (workgroup), or Azure AD–joined devices, even personally owned devices. With Always On VPN, the connection type does not have to be exclusively user or device but can be a combination of both. For example, you could enable device authentication for remote device management, and then enable user authentication for connectivity to internal company sites and services.

The purpose for this guide is to demonstrate how to deploy the Always On feature easily. In this guide we will deploy the following platforms primarily using PowerShell where possible:

  • Active Directory (AD DS)
  • DNS
  • Certificate Authority (AD CS)
  • DHCP
  • Routing and Remote Access Service (RRAS)
  • Network Policy Server (RADIUS)

It will not be demonstrated how to install Windows Server or Windows 10 operating system.

Do not attempt to deploy Remote Access on a virtual machine (VM) in Microsoft Azure. Using Remote Access in Microsoft Azure is not supported, including both Remote Access VPN and DirectAccess.

Read More

SolarWinds Orion – Certificate Expiration Template

I’m back again with one more PowerShell script, this time getting certificate expiration warnings from Windows machines.

You can use the PowerShell script below to create a template and get warnings, critical, down etc. if a certificate is close to expiration or already is expired.

Read More

Event 15021 – An error occurred while using SSL configuration for endpoint 0.0.0.0:443

Lately I had the issue that SolarWinds Orion was detecting an expiring certificate on one of our servers. I have replaced every certificate on the server and double checked (of thought!) that the old certificate was deleted. But it was still complaining about an expiring date on a certificate I couldn’t find. I checked the event logs and found the event 15021, which told me something was still wrong.

I found out that a certificate was on a binding with “netsh show http certssl” in a command prompt.

It was resolved by doing the following.

Read More