Elastic Cloud Gate

AWS Blog

How to setup RRAS SSTP VPN on AWS VPC with Active Directory Authentication – Step by Step – Part 3

In this article we will explain step by step how to setup Windows RRAS SSTP VPN on AWS VPC with Active Directory Authentication.

Part 1 – Setup VPC
Part 2 – Launch EC2 Instance for Active Directory Server and RRAS Server
Part 3 – Setup Active Directory / Domain Controller
Part 4 – Setup RRAS
Part 5 – Configure Active Directory Certificate Service
Part 6 – Configure RRAS
Part 7 – Adjust VPC Configuration
Part 8 – User Computer Configuration

Part 3 – Setup Active Directory / Domain Controller

1. Go to EC2
2. Select your RRAS instance and from the Action menu select Get Windows Password

DC

3. Copy and paste your key pair that you select when you launch RRAS instance. Click Decrypt Password

DC

4. You should see your Administrator password.
5. RDP to RRAS server using IP address that you assign to RRAS instance
6. Login as user Administrator and password that you decrypted

These steps (7-13) are not necessary but make your live easier.

7. Open server manager

DC

8. From Tools menu select Computer Management

DC

9. Expend Local Users and Groups
10. Click Users
11. Right Click on Administrator and select Set Password

DC

12. When prompt click Proceed

DC

13. Enter new password and click OK

DC

14. Go back to AWS console and repeat steps from 1 to 4 but this time from DC instance
15. Go back to RRAS RDP
16. Open Remote Desktop Connection
a. Right click on the Windows icon (left bottom corner)
b. Select run
c. Enter mstsc.exe
d. Click OK

DC
DC

17. Enter IP address of DC – in our example 10.20.2.10

DC

18. Login as user Administrator and password that you decrypted
19. Change administrator password (see steps 7-13)
20. Create a new user
a. Right click -> New User
b. Enter user name and password. Click Create and Close
c. Right click on the user and select Properties
d. Go to Member Of, click Add
e. Type Administrators, click Check Names, click OK
f. Click OK

DC

21. From Server Manager select Local Server and click on Computer name

DC

22. Click Change
23. Enter new computer name e.g. DC01; click OK

DC

24. Restart server and then RDP back but this time login as the new user created in step 20.
25. Open Server manager and click Add roles and features

DC

26. Click Next, Next, Next
27. Check Active Directory Domain Service. When new popup open click Add Features

DC
DC

28. Click Next, Next, Next, Install

DC

29. When installation finish click Close

DC

30. Click on Notification and then click Promote this server to a domain controller

DC

31. Select Add a new forest and enter domain name e.g. mydomain.com; click next

DC

32. Enter DSRM password, click next

DC

33. Click Next (ignore DNS warning), Next, Next, Next
34. Click Install (ignore all warnings)

DC

35. Wait for installation to finish and reboot server
36. After reboot, RDP back to DC but this time login as domain user e.g. mydomain\remek
37. Add your user to Domain Admin group (step necessary to install Active Directory Certificate Services)
a. Open Server Manager and from the Tools menu select Active Directory Users and Computers

DC

b. Go to users, right click on your user and select Properties

DC

c. Go to Member of tab, click Add, enter domain admin, click Check Names and then OK

DC

38. Go to Dial-in Tab and select Allow access – this step need to be repeated for all users the will VPN to this server; click OK; close Active Directory and Computers console

DC

39. Change other settings or configurations if necessary e.g. apply all patches

, ,

Leave a Reply