Connect Windows 10 client to a VPN on Windows Server 2012 R2

I got a strange request in a Slack channel the other day. A colleague in South Africa, who uses Windows, was unable to connect to our VPN (Virtual Private Network).

We use the built-in VPN on Windows Server 2012 R2, which makes it extremely convenient to manage per-user security without opening up the firewall for the entire world to connect to the server with RDP (Remote Desktop Protocol).

The reason this is a strange request is that I have a MacBook Pro, and creating a VPN connection couldn’t have been easier for me. Another colleague also has an Apple laptop, so of course they’re not affected either.

After searching online, I discovered this inconspicuous post on Spiceworks.

The answer is to create a key in the Windows 10 client registry, that enables IPSec NAT Traversal (I know, right?).

The Spiceworks post links to Microsoft KB article 926179, which says to add the following key to your Windows 10 registry:

  • Branch: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
  • Key: AssumeUDPEncapsulationContextOnSendRule
  • Type: DWORD (32-bit)
  • Value: 2

According to the KB article, a value of 2 “configures Windows so that it can establish security associations when both the server and the […] client computer are behind NAT devices.

This same registry tweak works on Windows Vista. Given that it also works on a Windows 10 client, it seems safe to assume that it works on Windows 7 and 8.x. There is even a similar registry entry for Windows XP. Go figure.

Yet another problem solved by someone else. Thanks, Gareth4146.

Photo by Robert Hickerson on Unsplash

Configuration Manager Shortcut on Windows 10 and Server 2016

This is more for my own reference than anything.

On newer versions of Windows desktop and Windows Server, we may find that the shortcut to SQL Server Configuration Manager is missing.

According to this MSDN article, the reason for this change is that Configuration Manager is a Management Console snap-in:

Because SQL Server Configuration Manager is a snap-in for the Microsoft Management Console program and not a stand-alone program, SQL Server Configuration Manager does not appear as an application in newer versions of Windows.

I think this is ridiculous because it does not maintain backward compatibility.

This is especially frustrating because the same article reminds us that all changes to SQL Server services should be managed through the Configuration Manager.

The workaround is to create our own shortcut as follows:

SQL Server Version Path for Shortcut
SQL Server 2008 / R2 C:\Windows\SysWOW64\SQLServerManager10.msc
SQL Server 2012 C:\Windows\SysWOW64\SQLServerManager11.msc
SQL Server 2014 C:\Windows\SysWOW64\SQLServerManager12.msc
SQL Server 2016 C:\Windows\SysWOW64\SQLServerManager13.msc

Share your frustrations with the “modern” Windows UI with me on Twitter at @bornsql.