How to re-deploy VPN in 2016 Essentials with PowerShell

Posted on by Glenn

In my previous article I discussed an issue I see commonly with VPN in Essentials.  In that article I gave the fix for all versions of Essentials except 2016.  In this article I will cover the fix for 2016 Essentials.

As stated previously, 2016 Essentials uses PowerShell to configure the VPN.  Here is what the default configuration looks like:

RemoteAccess Default

If you try to manage it in the RRAS (Routing and Remote Access Server) console, you will see this:

legacy mode

The message would imply that you could turn on legacy mode.   This is true, but to turn on legacy mode requires clearing the configuration from RRAS.  Clearing the configuration must be done with PowerShell.  Re-deploying the VPN can be done with both PowerShell and the RRAS console.  Below are the PowerShell commands.

  1. Launch a PowerShell session as administrator.
  2. Run Uninstall-RemoteAccess.  Hit enter when prompted
  3. Run Install-RemoteAccess -VpnType Vpn -IPAddressRange 192.168.16.100,192.168.16.120
    Change the ip addresses to match the range you want to use.  In the command above the start IP address is 192.168.16.100 and the end IP is 192.168.16.120.
  4. It may be necessary to modify the SSL certificate.  To check this run Get-RemoteAccess.  If the SSL certificate matches the one installed by the Essentials anywhere wizard, then you are done.  If not, please proceed to the next step.
  5. Run Set-Location Cert:\LocalMachine\My; Get-ChildItem | Subject,Thumbprint
    You should see output similar to the following:
    certificate 1
  6. Make note of the Thumbprint for the certificate that was created in the anywhere access wizard.
  7. Next assign the certificate to the VPN with the following command:
    Get-ChildItem | ? Thumbprint -eq “C39ED8D5ADC2F73A05A909BE9C4692B43B963FB2” | Set-RemoteAccess
  8. Finally verify the correct certificate is assigned to the VPN with the command:
    Get-RemoteAccess
    RemoteAccess fixed

Clients should be able to connect and access resources via the VPN now.

I hope you found this article informative.  If you have any suggestions or comments please leave them below.

Advertisement

4 thoughts on “How to re-deploy VPN in 2016 Essentials with PowerShell

  1. Pingback: How to re-deploy VPN in 2016 Essentials in legacy mode. – Glennopedia
  2. Pingback: Set a Static IP Address Pool for Your 2016 VPN | MCB Systems

    1. Thanks this was helpful. I will add that when you do the above steps (in my case) it will appear to work but no routes will show up for clients under route print.

      Reboot the server, it will all work after.

      Like

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s