24. Install and Configure Remote Access VPN on Windows Server 2019
HTML-код
- Опубликовано: 10 окт 2024
- Video Series on Advance Networking with Windows Server 2019:
In this video guide, we will learn the steps on How to Install and Configure Remote Access (VPN) on Windows Server 2019 with Network Policy Server. We will also configure port forwarding on router to allow required port to connect VPN server.
1: Install Remote Access Server role.
2: Configure Routing and Remote Access service.
3: Setup User accounts and Group for VPN.
4: Setup NPS Network Access Policy.
5: COnfigure Port Forwarding on Router.
6: Test VPN functionality on Client Machine.
Follow my blogs:
msftwebcast.bl...
WOW WOW WOW. Can you image how well I felt after watching this????? Best practice ever
Thanks for not editing out the errors, troubleshooting is sometimes the best way to learn. Appreciate it!
Whoever put this video together, I literally struggled watching so many, because they left out key 0.1% facts of the info you were pointing out!
Thank you for this video!
man these videos got me through my exam - MSFT Webcast real mvp
Amazing video! Thank you so much. I was hung up when configuring my VPN. That check box you did in the network policy error solved my issue. I watched the whole video start to finish anyway and just love the speed you went through it all with. It really erks me when people over-narrate or get side tracked talking about something else. This was quick, concise, and to the point. Thanks again!
Thank You.
@@MSFTWebCast do you know if Microsoft ever fixed the 2019 server update bug that stopped RRAS from working?
Thank you for breaking this process down to the point I can easily follow along with the steps.
I really love the way teaching and explaining
Very Impressed , I have tried so many ways VPN not work. but this single Video made my day... Many thanks indeed
Glad to hear that
@@MSFTWebCast I need one more favour not able to ping my server ip or not able to access my share folder. Ex. My vpn ip is 10.0.0.103 and my server is 10.0.0.100
Please check firewall settings, open required ports for ICMP and File and Printer Sharing Service.
SHUKRIA
Hi, I hope this post finds you well, your tutorial is brilliant, I managed to set up the vpn, I can connect to the server from another pc but only if it's on the local network, I did all the steps you did but without success.Could you help me? I mention that the domain used is hosted as a website.
I get this error when I try to connect from a pc on another network:
“The network connection between your computer and the VPN server was interrupted. This can be caused by a problem in the VPN transmission and is commonly the result of internet latency or simply that your VPN server has reached capacity. Please try to reconnect to the VPN server. If this problem persists, contact the VPN administrator and analyze quality of network connectivity.”
Help me, please
Nice video, Base on ur video I have implemented RAS server in my infra.
Thank you so much.
Great 👍
whats the difference between your PPTP VPN vs "Remote access VPN??? i am not clear
Did you have to publish any DNS records in Cloudflare or other DNS registrar or is port forwarding just enough for this to work?
My question is, how is the remote windows10 client able to locate the windows vpn server via the internet? I suppose port forwarding takes care of that
if you want to connect your VPN server using FQDN (name like website address) then DNS registration is required otherwise you can use the static public IP address to connect to your VPN server.
@@MSFTWebCast
Thank you for the reply, this is very helpful.
It seems like on this video you are using the PPTP protocol which is not very safe nowadays hence I am trying to get IKEv2 to work.
I found the video very helpful though and made me understand the whole concept a lot better.
I was working on setting up an IKEv2 Always On VPN with device certificate issued by my on-prem Cert Authority windows server (not signed by digicert or any other CA).
I didn't have much luck so far but I am on good track I just need to enroll a physical laptop to my domain so i can get the device certificate to that laptop or find another way of moving the certificate to a laptop that is not domain joined.
I was looking to find a video of yours setting up VPN with the IKEv2 protocol, is there one?
After Doing this process can i take my office computer remote from home using Remote Desktop Connection?
Thank you 😊
Thanks, punctual and precise, in what regards the client to client routing through the vpn ..?
You are awesome! Many thanks for the clearly explained tutorial. It saved me so much pain and time!!!!🏅
Glad it helped!
Hello,
Hope you are doing well.
Can this be accessible from outside network? If not, what do i need to do to connect from outside network? Thanks.
It's works.
Hey I loved your all videos.. Can you make a video through which we can use remote access vpn to secure remote desktop connection. You just show how we can install and connect it but if you show how we can use it to secure the services. It will be great. Just tried but failed because the remote desktop services have rd gateway and NPS installed. With NPS we have to configure VPN for RD gateway. I tried to add IP VPN static port range as IP scope in firewall for TCP port 3389. But when client computer is connected with VPN the Public IP was not changing, than i read few articles online and found the issue which was "enable remote default gateway server" in VPN connection. But when i enable this internet will not work. I didnt found any video which show proper use of remote access vpn to secure Remote desktop connection and other services. Please can you make one video on this. One of your big subscriber
Hello thanks for the lessons. I want to connect my laptop to my dicom server at work.. pls help
Windows making easy to setup
Hello Sis, After folowing your steps, I still Cant be able to connect over public IP address, It is displaying an error in YELLOW TEXT - " The network connection between your computer and the VPN server was interrupted. This can be caused by a problem in the VPN transmission and is commonly the result of internet latency or simply that your VPN server has reached capacity. Please try to reconnect to the VPN server. If this problem persists, contact the VPN administrator and analyze quality of network connectivity." - I'm not sure what im doing wrong. Please Help. Thank you so much.
Good, but you ignored that some people don’t have the Active Directory configured.
Hi, How can we do multiple authentication to protect hi vpn? Do you have a video about this?
thak you very much sir. but how do i do this on vmware without router. I don;t have router please reply sir
very entertaining, good info too
Excellent video! Subscribed. Thank you.
Thanks for the sub!
Please I need help. I have been trying to follow your video. Got stuck around step 4. Is there any need to create a special user applied on a group or a normal user can just be used.
Normal user will do the job. Follow the same steps and check everything. If already you have created the NPS policy, you can delete it and restart the NPS service and recreate again.
Can you please name which is the most secure protocol when using vpn. Thank you so much
I'm getting the following:
"Windows cannot process the object with the name "TestUsers" because of the following error:
The specified domain either does not exist or could not be contacted.
Any idea how to fix this
Thanks for sharing very helpful video. I followed all steps and I can connected to server but I cannot access any files or ping to server. What do I need more? Please help
what if i use mobile hotspot? can i use my phone for port forwarding?
Hi, it's a very helpful video. Please let me know how I connect my Server to use any application remotely using VPN. Like Using RDP, i can connect server remotely through static IP. Please help
Sir would u like to record tutorials on vpn suppose if an organisation has only single server in Headd office, and they have network router and switching in 4 sub offices .
How they will use the resources from remote end .
Kindy expalin it.
Great video. At 13.22 user you created in test group is different from what you have used -Any thoughts?
Yes, the user is same. The User display name is Test User1 and login name is User1 (UPN: User1@mylab.local). Sorry for the confusion.
@@MSFTWebCast Gotcha. Thank you for the clarification.
Very good explanation.
Does client computer need to be on the same domain? Ex. If user is using personal laptop or iPhone can they still connect? The user itself would be a domain user but the devices wouldn’t be on the domain.
Yes they can connect.
thank you, the video was very helpful..
Love the videos, How do I set up to where users use fingerprint scanner to access vpn? (Multi-Factor Authentication)
Hello, I would like to know how can I setup in order to access to my vCenter Server remotely ? is it possible to do it like this way ? do you have a video on this please? thanks
If the Client Machine In Work From Home, Is Client Machine Can Connect VPN With his/her Home internet Connection?
Yes, it can.
Great sir!!
Thank U
When I click on Dial in properties on a user I get the error message: "Could not load the Dial-in profile for this user because: The network path was not found", any idea why?
Great tutorial! Thank you so much for your help and keep up the good job :)
A good video. Please include a logical diagram too for better understanding. Thank You.
Noted..
How were you able to access your router? Because when I tried to put my virtual machine's default gateway in the browser, it said that it can't reach the page.
You have to select bridge adapter mode for VirtualBox adapter. Make sure that the IP address is in same range as your router.
great job
Hi..
I've set up the vpn as per your steps but I'm getting vpn error 806..
I've tried imbounding policy for 1723 port and also ported my router.
Still I'm getting that error
Excellent Tutorial - Thank You!
Glad it was helpful!
Using this video I was able to create the VPN connection and tested it out. I can't see the Remote Server in my Network on the Client PC and can't map a network drive from the Server either. What am I missing?
Try to map drive with fully fqdn name
Remember in the cliente pc enable File AND Share Folder to allow communication of the pc AND the server
Thanks so much ❤
Question for 4:09 . So If you're specifying 10 ip addresses, would that mean that there can only be 10 users using VPN at the same time? If yes, then how can make it so that it can fit (for example) 1,000 users? If that is possible.
You need to use bigger subnet with 1000 IPs.
Great, Thanks
Thanks for this video, its very useful. However, i noticed that once i restart the server, all configuration would go back to default. Is there any way i could keep the configuration permanent. Thnks
not usually recommended, but you can use deepfreeze
Perfect
I'm having an issue.... The vpn is connected from another network it's not showing the shared files, however when it is connected from my office network, the I can see the files....
Please help I've been trying since one month 🥲
Routing and Remote Access service has not started The specified file cannot be found. Can you help me to resolve this problem? thank you.
hi, does this work if I dont have static public IP? if not what are the other way to do this?
With dynamic IP address on VPN server, you can use dynamic DNS service provider for VPN connection. There are several dynamic DNS provider which provide dynamic IP address to easy to remember hostname (Dyn DNS or no-ip). Using this static hostname, client can connect to your VPN server. They will automatically update the dynamic IP address in their DNS server to connect hostname to updated dynamic IP address if your dynamic IP address changed.
with this kind of Vpn i can successfully connect and ping each ip address in the remote vpn site, but can't reach resources by hostname, any suggest??
Thank you!!!
Can I use this remote to connect outside of local lan? And is it safe from hackers ?
Yes, you can use VPN to connect your local LAN over the Internet. Yes, it is safe.
Ji after connecting the vpn internet browsing is getting disable in client computer what to do for this problem
Go to advanced settings of your vpn and enable split tunelling
Hey great video. I came across your channel and it's fabulous. Question, everything works great when I test the vpn internally, when external, it connects but cannot ping the file server via IP or name. What am I missing? Thank you and I also subbed to your channel. Keep those great videos coming.
Check firewall rule settings on VPN Server and also the IP configuration settings. Might be IP routing related issue.
And thank you for sub.
@@MSFTWebCast I still cannot browse from the outside. Any ideas?
Well Done!!!
can we install this on and active directory server as we only have one server
Yes, you can but from security point of view it will be risky.
Brilliant thanks dear
Thank you too
But without network policy configuration it is working
It is compulsory to configure network policy
If you dont have NPS server, you can grant allow access to dial in in user account property to use VPN without network policy. If you have NPS server then you can setup the NPS policy as per your company requirement, it is not compulsory.
Very well explained
why can;t i open my router setting page when i type in the default gateway address of my nit, i tried both NAT and lan segment, neither of them can open router page. why
Ask your network administrator, Might be he/she can help with that.
The problem I am having is I can connect to the VPN server from inside my network, but if I try to connect from an external network, I get the message, The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server.
Could be due to the Domain, you may need to put the @[Domain Name] After the username.
Excellent video. Thank you 👍
Thank you too!
What do I do with the NPS error when trying to activate vpn server..
the network connection between your computer and the vpn server was interrupted this can be caused by a problem in the vpn tansmission and is commonly the result of internet. getting this error
same can anyone pls help
when i am connecting to my server vpn i unable to access out side internet as well. is there any solution.
You have to setup NAT on your VPN server.
@@MSFTWebCast how to do so ? should i install a second network adapter ?
my server is not Active Directory server. Can I enable VPN ?
You can install Remote Access Server role without AD and setup a server to act as a VPN server. You just need to create user accounts from computer management and assign dial-in permission.
why my server doesn't have 'active directory users & group'?
It is a DC?
upgrade to a domain controller through Add roles and features and Active Directory Domain Services
Sir what to give in user name and password, you gave Msdwebcast? Pls reply sir
While accessing router it asks for user name and password
If you have not set up the password no your router then use the default username password. Based on your routers model, you can find the default username and password on Internet.
I got this error msg on 7:45 "Windows cannot proces the object with the name TestUsers: The specified domain either does not exist or could not be contacted" can u help me pls?
On Find Now, window can you see your group? Make sure you have used the domain admin or equivalent credential to logon to that server. NPS server must be registered in Active Directory.
@@MSFTWebCast the server dosent had a domain. That was the Problem. I created one :). Im by Step 5 and i dont have the access to the router because the server is hosted online by a provider.
Any solution or idea?
Thx for ur answer :)
@@anis5709 If your server is not part of AD then you can use create Users or Groups on local Server and use it in VPN authentication.
nice..
How we can contact you for further assistance
i am getting a error "the connection was prevented because of a policy configured on rsa/vpn server.
"
Crazy good video
Glad you think so!
Very helpful - thanks!
do we need static public ip in this config ?
Yes, on VPN servers internet facing interface.
When i try to connect it says “A connection remote computer can not be established. So the port used for this connection was closed “
Have you opened the required ports in your router or firewall?
This is virtual machine...????
Yes. entire demo is in virtualbox VM.
Why we are not using MSCHAPv2?
MS-CHAPv2 is an old authentication protocol. EAP with MS CHAPv2 is more secure and common form or PEAP.
Thank you for the video
Welcome!
Hello.. how can I contact you?
I need your help I'm unable to connect remote acces
What kind of error you are receiving?
The accent is adorable.
I have error on installation process.
What kind of error? Any message?
window server 2019 routing and Remote access not starting
Any specific errors that you are getting while starting the service?
@@MSFTWebCast the system can't find the file specified..
@@shifa7474 Can you please check the event viewer for any error or warning related to VPN/Routing and remote access.
Let's make soft!
ok
i cant found bloody "active directory users and computers" on my god damn pc
Is it domain controller? If not then you can also use local users and group.
@@MSFTWebCast im sorry about behaving angry, thank you for answer,
Only vpn is working
PPTP = Insecure
a