Meraki

Community

Client VPN Troubles

Solved
dlowery
Getting noticed
‎Feb 19 2020 11:38 AM
‎Feb 19 2020 11:38 AM

Client VPN Troubles

Hey guys, I have a user who uses the client VPN, which has AD authentication enabled. He is a "light" user of the client VPN (only 2-3 times per month) His connection will work fine for a month or two, then it will suddenly break. We've found that the only thing we need to do is reset his password in AD, and he will immediately be able to connect again. His AD password is set to never expire, so I'm not sure why this keeps happening. Any ideas on troubleshooting this issue? Thanks!

0 Kudos
1 Accepted Solution
In response to dlowery
Nash
Kind of a big deal
‎Feb 19 2020 6:26 PM
‎Feb 19 2020 6:26 PM

Okay, for Win10, I'm a broken record: Use a script. 

 

There's a lot of problems with the Win10 client that you can fix with PowerShell. 

 

If you do the following, your users will normally have better behavior:

 

1. Never save their credential

2. Always connect from rasphone.exe. Easiest is to make them a shortcut.

3. Set Encryption to optional. 'Required' is not supported with PAP, as Meraki uses, and Win10 assumes it needs to change the password protocol to satisfy the 'required' setting.

 

Since we moved to script installs, it's dramatically reduced the number of VPN repeat tickets my helpdesk gets. They also can fix it quite quickly. 3-5 minutes from the time the client gets on the line.

Windows 10 Client VPN scripts: Makes life better!

View solution in original post

5 Replies 5
Nash
Kind of a big deal
‎Feb 19 2020 12:15 PM
‎Feb 19 2020 12:15 PM

What OS is he on?

 

For Win10, how are you setting him up? I've got scripts in my sig that make for a better experience.

 

In Windows, you need your users to not save their credentials.

Windows 10 Client VPN scripts: Makes life better!
In response to Nash
dlowery
Getting noticed
‎Feb 19 2020 5:38 PM
‎Feb 19 2020 5:38 PM

Yes, he is running windows 10. He is using the built-in windows 10 VPN client, but I think he does have a password saved. I will try changing that. I’ll take a look at those scripts too, that seems useful
0 Kudos
In response to dlowery
Nash
Kind of a big deal
‎Feb 19 2020 6:26 PM
‎Feb 19 2020 6:26 PM

Okay, for Win10, I'm a broken record: Use a script. 

 

There's a lot of problems with the Win10 client that you can fix with PowerShell. 

 

If you do the following, your users will normally have better behavior:

 

1. Never save their credential

2. Always connect from rasphone.exe. Easiest is to make them a shortcut.

3. Set Encryption to optional. 'Required' is not supported with PAP, as Meraki uses, and Win10 assumes it needs to change the password protocol to satisfy the 'required' setting.

 

Since we moved to script installs, it's dramatically reduced the number of VPN repeat tickets my helpdesk gets. They also can fix it quite quickly. 3-5 minutes from the time the client gets on the line.

Windows 10 Client VPN scripts: Makes life better!
In response to Nash
dlowery
Getting noticed
‎Feb 20 2020 5:52 AM
‎Feb 20 2020 5:52 AM

Thanks a bunch, I'm gonna try out that script today. 

 

Also, that's some awesome, helpful comments in the script, thanks boo ✌️

0 Kudos
In response to dlowery
Nash
Kind of a big deal
‎Feb 20 2020 6:12 AM
‎Feb 20 2020 6:12 AM

Thank you! That's one of the nicest compliments I've gotten about my code.

Windows 10 Client VPN scripts: Makes life better!
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.