Well that sucks.  We've been using it for the last 10 years.  More recently as a backup to Intune for the last 3 years.  The interface and tools are great, and quick to use.  It was a good run. ... View more

Having a hell of a time trying to post this. This hit my pilot WUFB group (15 laptops).  Thankfully didn't release it to the masses (~400 laptops).  What's interesting is I'm not seeing the error connecting the windows VPN to my DR site.  That site is running an older MX80 (14.56), but it has the PCI compliant VPN settings in place on the MX.  So my VPN client connects without issue having the latest MS patch installed. (AES256, SHA1, DH14, IKEV1).  Our main VPN site is running an MX100 (15.44) but it does not have the PCI compliant settings in place (couldn't get it to work correctly with our CMAK VPN client a few months back so we had the tech back it out).   Just some more data to add to the pile... ... View more

This hit my pilot WUFB group (15 laptops).  Thankfully didn't release it to the masses (~400 laptops).  What's interesting is I'm not seeing the error connecting the windows VPN to my DR site.  That site is running an older MX80 (14.56), but it has the PCI compliant VPN settings in place on the MX.  So my VPN client connects without issue having the latest MS patch installed. (AES256, SHA1, DH14, IKEV1).  Our main VPN site is running an MX100 (15.44) but it does not have the PCI compliant settings in place (couldn't get it to work correctly with our CMAK VPN client a few months back so we had the tech back it out).   Just some more data to add to the pile... ... View more

Having the same issue here (using the Legacy/free version).  Creating a managed Meraki owner account was able to get us past it.  For now... ... View more

Thanks!  And thanks to @PhilipDAth for the excellent script/webpage that makes it!  I was able to use our deployment software to push it to a few test machines as the System account.  That worked.    Other questions, and sorry for my ignorance on some of these questions.  Been down so many search rabbit holes...   I'm trying to get Cisco Meraki support to change the Client VPN settings (AES128 and Group 14).  Just on our DR site's MX, for testing.  When they make the change, will my current VPN client on Windows 10 (created with the CMAK) still connect, but just at a lower encryption? In order to use the PCI compliant encryption, I would need to redeploy our VPN client, like the one I created using PhilipDAth's script?  Or can I somehow script the change in just the Cryptographic suite being used for the current VPN connection? Lastly, do I need to have Cisco Meraki support turn off the lower encryption (3DES?) that is being used for the VPN client currently, to pass the PCI scans?     Sorry for all the questions.  Just trying to get a handle on this, and trying not to have this blow up in my face.     Thanks!     ... View more

I can't get the VPN connection to install under the logged on user when running the script as an admin.  It only shows up under the admin's account.  How are you running it as System?  Using a deployment software, like PDQ Deploy?   Thanks,   ... View more

Love the crickets.... ... View more

I'm not talking just beta.  My fear is they will roll this out to only those models.  Can a Cisco Meraki employee confirm? ... View more

I contacted my VAR to see if he's heard anything from his rep at Cisco.  They told him that it will only be available to the MX250/450 and MX67/68.  He also they said it would go Public Beta Q1 FY21 (August of this year).     This can't be limited to just those models.  That's crazy.  Say it ain't so. ... View more

Been doing some testing and am running into various walls. 1.  It looks like you have to be a Local Admin on the machine to do the enrollment of the Profile for Domain-joined PCs.   2.  This command at least calls the enrollment process, but it doesn't enter the Network ID.  It still prompts for that. Tried all the other parameters for that command too.  No dice.  AND you still need to be a local admin.   ms-device-enrollment:?mode=mdm&username=email@domain.com&servername=n123.meraki.com&tenantidentifier=123-456-7890   If only the Agent had the functionality to install the Windows Profile. ... View more

There is an Intune process using GP, but that can't be used for this. https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy   There has to be a way to automate this.   ... View more

Of the SM Profile? Not the Agent. We already push the Agent via GPO. ... View more

That's great, but do a search for a tool called Iodine.  Port 53 needs to be blocked.  The tech I had on the call showed me the tool and how it can be used in this scenario.  Eye opening... ... View more

Opened a ticket with Meraki last week.  Confirmed with them via packet captures that a client on the Guest wifi could talk to servers on the internal LAN.  Was able to telnet via port 53 to our DNS/AD servers. Definitely a bug in their setup.   Temporary fix was to add the explicit "deny any 192.168.0.0/16 any" to all of our WiFi networks that use Meraki NAT mode (Guest, mobile phones, scanners). ... View more

Back from the dead again...   We recently had a Network Security Assessment done and the assessor informed us of the ability to see the internal/private LAN when on the Guest wifi network using nmap.  My settings are the same as the original poster - Deny any to the Local LAN.  AND the Captive Portal strength is set to Block all access until sign-on is complete.     They could see all machines on the local LAN and discover open ports/services.     This isn't the behavior I thought we had in place.  Not good.  Not happy. ... View more

The increased traffic ceased yesterday at 4 PM EDT and hasn't returned. ... View more

We have seen a delay in setting up iPhones in the past week.  Maybe your issue and my issue are related.   https://community.meraki.com/t5/Endpoint-Management-Systems/Meraki-HTTPS-traffic-to-SM-clients-increased-dramatically/m-p/22500#M2523   ... View more

When we transitioned over to Windows 10 we ran into an issue with Win10 machines not connecting to the hidden SSIDs.  They just wouldn't do it.  We had to broadcast the SSIDs for them to connect.  This was with a IAS setup on 2003 and then NPS on 2012 R2.  We're not on 2016 yet, so I can't help ya there. Some other things to check: - I assume you're using a group in AD, and putting machines into that?  Make sure your machine builder is adding them into that group. - Certificates - in your Network Policy on NPS, Constraints tab, Authentication Methods, PEAP - edit. Make sure your certificate is valid and not expired.  ... View more