Microsoft Ignite 2024

The Microsoft Ignite conference will be held November 19-22, 2024, at the McCormick Place Conference Center in Chicago, IL. Ignite is the premier Microsoft event of the year and will be packed with many announcements about new products and technologies. Ignite is also a fantastic learning event with experts worldwide in attendance.

Meet Up

I’m excited to announce that Microsoft has invited me to participate in the event as part of their Expert Meet-Up program. I will spend time at the Windows Server station in the Azure Infrastructure section of the Hub. Below are the days and times I’ll be available.

  • Tuesday, November 19 – 3:30 PM to 7:30 PM CST
  • Wednesday, November 20 – 2:30 PM to 6:00 PM CST
  • Thursday, November 21 – 2:30 PM to 6:00 PM CST

Let’s Connect

Be sure to drop by and say hello! We can chat about Windows Server and Azure Infrastructure. Of course, we can also discuss all the technologies I usually work with, including Entra Private Access, Always On VPN, Intune and Cloud PKI, and certificates in general. I will also attend many social gatherings during the week, so look for me at those as well.

I look forward to seeing you at the event!

Additional Information

Microsoft Ignite 2024

PowerON Platforms are No More

If you’re a follower of this website, you are undoubtedly familiar with PowerON Platforms as I have promoted their products extensively over the years. Dynamic Profile Configurator (DPC) is a clever solution that enables Always On VPN client configuration provisioning and management using Active Directory group policy. They recently introduced a cloud-based centralized reporting solution for organizations with multiple VPN servers. I worked closely with PowerON and influenced many of the features of these great technologies.

Out of Business

Sadly, I learned recently that PowerON Platforms has entered insolvency. Effective October 16, 2024, PowerON Platforms now cease to exist. If you are a current customer of theirs, you likely have received a notification email already.

The Future

Many of my customers have asked what will become of DPC and their cloud-based reporting solution. Here is some additional information.

DPC

Fortunately, DPC will live on through open source. My good friend and primary developer of DPC, Leo D’Arcy, is currently working on refactoring the software to meet open-source specifications. Although I don’t have a timeline for when the software will be available for download, I hope it will be soon.

You can follow the GitHub repository for the open-source DPC here.

If you have a current DPC license, the product should continue to work without issue. You can upgrade to the open-source version of DPC in the future if you choose to. You will likely encounter problems if you use DPC with a trial license. If this happens, contact me directly, and I’ll assist you.

Reporting

The PowerON Platforms Always On VPN reporting solution is dead and will not continue. If you were using this product, I would suggest deleting the resource group you created in Azure for this and the PowerBI application installed for it.

In addition, Always On VPN administrators should remove the reporting agent software from their VPN servers. You can do this on GUI installations using the Add or Remove Programs control panel app.

If you’ve installed the reporting agent on Server Core systems, you can remove it by running the following PowerShell command.

Get-WmiObject -Class Win32_Product | Where-Object {$_.IdentifyingNumber -Match ‘{FFFC6424-82BB-49C5-9112-2C1436717C9C}’ } |  Invoke-WmiMethod -Name Uninstall

Support

With PowerON Platforms out of business, their products are no longer supported. However, if you have issues with DPC or have any questions, please don’t hesitate to contact me. I’ll provide as much support as I can.

Additional Information

Always On VPN Dynamic Profile Configurator (DPC) Open Source on GitHub

Always On VPN Security Updates October 2024

Microsoft has released the October 2024 security updates, and numerous issues may impact Always On VPN administrators. Although many CVEs affect Always On VPN-related services that are Remote Code Execution (RCE) vulnerabilities, none are critical this cycle.

RRAS Updates

This month, Microsoft has provided 12 updates for the Windows Server Routing and Remote Access Service (RRAS), commonly deployed to support Always On VPN deployments. Most of these CVEs involve overflow vulnerabilities (heap and stack), input validation weaknesses, and buffer over-read and overflow vulnerabilities. All are rated important, and there are no known exploits currently.

CVE-2024-38212

CVE-2024-38261

CVE-2024-38265

CVE-2024-43453

CVE-2024-43549

CVE-2024-43564

CVE-2024-43589

CVE-2024-43592

CVE-2024-43593

CVE-2024-43607

CVE-2024-43608

CVE-2024-43611

Related Updates

In addition to the updates above, Microsoft also released fixes for security vulnerabilities in various related services that are important to Always On VPN administrators.

Windows Network Address Translation (NAT)

The following CVEs address denial of service vulnerabilities in the Network Address Translation (NAT) service.

CVE-2024-43562

CVE-2024-43565

Certificate Services

Always On VPN administrators will also find updates for CVEs affecting various certificate services-related components.

CVE-2024-43545OCSP Denial of Service Vulnerability

CVE-2024-43541Simple Certificate Enrollment Protocol (SCEP) Denial of Service Vulnerability

CVE-2024-43544Simple Certificate Enrollment Protocol (SCEP) Denial of Service Vulnerability

Recommendations

Always On VPN administrators are encouraged to update systems as soon as possible. However, since none of the CVEs is rated Critical, updates can be applied during standard update windows.

Additional Information

Microsoft October 2024 Security Updates