Windows Server and the Routing and Remote Access Service (RRAS) is a popular choice for Windows 10 Always On VPN deployments. It is easy to implement and support, offers flexible scalability, and is cost-effective. In addition, it provides support for a TLS-based VPN protocol which is required for many deployments.
Configuration Backup
When deploying RRAS to support Always On VPN, it’s an excellent idea to export the configuration once all settings have been finalized. Often this is done by opening an elevated command window and running netsh.exe ras dump and piping the output to a text file, as shown here.
netsh.exe ras dump > rasconfig.txt
Import Error
Importing a saved configuration is accomplished by opening an elevated command window and running netsh.exe exec [filename], as shown here.
netsh.exe exec rasconfig.txt
Oddly, this doesn’t work by default. The import will fail and return the following error message.
“The following command was not found: ■.”
Root Cause
Importing the RRAS configuration fails because the default configuration output is saved in Unicode format. Inexplicably this encoding is not recognized by netsh.exe when importing the configuration.
Workaround
Follow the steps below to save the configuration file in a format that can be imported using netsh.exe.
1. Open the exported configuration file using notepad.exe.
2. From the Menu bar choose File > Save As.
3. From the Encoding drop-down list choose ANSI.
4. Click Save.
Once complete, import the file using netsh.exe exec [filename]. Restart the RemoteAccess service to apply the changes.
PowerShell
Administrators can use PowerShell to export the RRAS configuration and ensure the correct encoding format is used by default. To do this, open an elevated PowerShell window and run the following command.
Invoke-Command -ScriptBlock {netsh ras dump} | Out-File [filename] -Encoding ASCII
You can also find PowerShell script to import and export RRAS configuration on my Github.
Export-VpnServerConfiguration.ps1
Import-VpnServerConfiguration.ps1
Additional Information
Windows 10 Always On VPN and Windows Server Routing and Remote Access Service (RRAS)
Kirsty
/ January 27, 2022Your export script exports the NPS settings from the RRAS server too. How do you import the NPS.txt file info using the Import script? It only mentions referencing the RRAS.txt file.
Richard M. Hicks
/ January 27, 2022Hi Kirsty. Thanks for bringing this to my attention. Apparently, I neglected to update my import script to also include the NPS configuration file, if required. I have updated both scripts and now you can import the NPS configuration on the VPN server using the -IncludeNps parameter. As a reminder, this is only required if you have configured NPS on the VPN server itself, which isn’t common.
Kirsty
/ January 28, 2022Thats great thanks 🙂 We have enabled conditional access for VPN & according to the build instructions we needed to make a small change in the NPS MMC on the VPN server.
Do you know if its possible to use Powershell to do the initial config after adding the RRAS roles? The build guide asks you to start up the wizard & select Deploy VPN. Would be useful to be able to script the entire build.
Richard M. Hicks
/ January 28, 2022There are a few changes required on the NPS server to support Azure conditional access. One of the settings can be scripted (disabling revocation checks) but I’m not sure about updating the network access policy to accept the Azure VPN certificate EKU. You’d probably still have to do that manually. As for the VPN server, I have created PowerShell scripts to perform fully automated RRAS VPN server builds that are zero touch, so whatever you want to do on the VPN server can definitely be scripted. Reach out to me directly if you’d like more details.