Are you using WPA2-Enterprise mode?  Can the AP talk to your RADIUS server?  Is the AP authorised in the RADIUS server? ... View more

Why would "Google" for users to install Systems Manager onto their personal devices?  What configuration or policy have you go forcing it? ... View more

If you have users "inside/outside" with performance issues - then it is probably the cloud service itself is having the issue.  If this is the case, then nothing you do on the client side will solve the performance issue.   If it is a web app, you could use Meraki Insight to monitor it - but that is all you can do. https://meraki.cisco.com/products/meraki-insight/  ... View more

I think you are asking if it is possible to create a static route where the next hop is a DNS name, rather than an IP address.   If this is the case, then the answer is no. ... View more

This document lists the requirements for the certificate: https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Directory_with_MX_Security_Appliances#Install_a_Digital_Certificate_on_Each_Domain_Controller  ... View more

You could create a startup task that deletes the global_preferences.xml file to stop the caching. ... View more

Each MX will need its own certificate - each with exactly the same DNS name - vpn.company.com.   Azure Traffic Manager is just returning the IP address of the MX to connect to, using the vpn.company.com DNS name. ... View more

Double-check for the role in the Meraki Dashboard.  Check for a spelling mistake. ... View more

Do all of the switches plug into one of those switches (making it a core switch)? ... View more

Is the colour of grass a bug or a feature?  Neither.  It's just the way it is. ... View more

Does the AD controller have a certificate installed on it? ... View more

Are the switches operating as layer 2 switches only, or are they operating in layer 3 mode (and also doing routing)?   More specifically, what does the routing for the current VLAN1? ... View more

I haven't seen any issues with upgrades to 17.10.x that require an MX to be power cycled to come back online. ... View more

A little bit outside of my area; but I believe Azure Traffic Manager is just a DNS load balancing service, returning the nearest IP address of the service to the user.   So if you connect to vpn.company.com, it will return the IP address of the nearest MX.  If the MX is configured to use its dynamic DNS name and certificate, it expects a connection to xxx.dynamic-m.com. However, AnyConnect thinks it is connecting to vpn.company.com, so a certificate issue is created.   If you want to use Azure Traffic Manager then you will need to load a custom certificate onto each MX that matches the original DNS name that AnyConnect is told to connect to.  You will also have to manage the process of rolling these certificates each time they get close to expiry.  A process prone to failure because humans don't tend to be good at managing this process. That is why the easier option is to use the AnyConnect Optimal Gateway Selection feature, and have it do everything automatically.  You don't have to touch any certificates, nothing.  It will keep working year after year without you having to do anything.     ... View more

Welcome to the matrix, the new matrix. ... View more

Great work Thomas. ... View more

From a security perspective, it is best if everyone has their own account. ... View more

You might be able to get some inspiration with this "before and after" thread. https://community.meraki.com/t5/Off-the-Stack/Before-and-After-Pictures/m-p/4650  ... View more

First tip - use slim-line patch leads for patch panels like this: https://cdlnz.com/PLSY-C6-025    If you have to run the cables "aerially" like that, velcro tie them into bundles of 6 or 8.   When you have a lot of cables, cable management bars really help.  I quite like the "fingered" variety, like: https://cdlnz.com/PP-CMC01 You take the lid off, run the cables, and then put the lid back on to make it tidy.  This is an example using both horitzontal and vertical fingers (the vertical fingers don't have their lid on here).   ... View more

Ok - that must be an extra check they have added.  I have done something similar to this, but a LONG time ago.  I assume you have AutoVPN configured already, so the remote subnet is in the local routing change.   You could try opening a case with support, and seeing if this is a check they can disable for you (stop NAT checking to see if the destination is a local host). ... View more

Hi @KathleenJ .  What @eLvs is meaning - even if you have a client directly connected to an MX, and you make a layer 7 firewall change - that change may not take effect for 10 minutes or so.  The MX has a flow cache, and you need the existing entry in the flow cache in the MX to expire before the new rule takes effect. Sometimes if you don't want to wait, you might reboot the MX to expedite this process.   @eLvs - I'm not sure about the answer (about using a group policy with a bandwdith limit applied to a client).  I think the bandwidth takes effect pretty quickly.  Like maybe 30s.   ... View more

Not a 100% solution, but if you wanted to add a note you could try using the "MSP" field under organization/settings.     I believe this is the "details" field under "management". https://developer.cisco.com/meraki/api-v1/#!get-organization  ... View more

Building on @MyHomeNWLab's answer, for this reason I always get the SAML Idp to present something like sAMAccountName instead of the email address as the username. ... View more

Can you try running it from a different public IP address as a test?  Perhaps you are exceeding the rate limit with other scripts, or maybe your IP address has been black listed or something.   Did any Windows Updates install themselves during the timeframe? ... View more