IT Connect
Your connection to information technology at the UW

Managed Workstation VPN Service

The Managed Workstation (MWS) VPN service is separate from the Husky OnNet VPN service. Managed Workstation provides VPN services for Windows based clients only. The MWS VPN has tight Windows authentication integration, and higher bandwidth in compared to the Husky OnNet VPN service. You may be eligible for both Husky OnNet and the MWS VPN–which VPN service you wish to use is up to you.

Common Questions About the MWS VPN Service

How do I connect to the MWS VPN Service?

Connecting to the MWS VPN is simple, just follow these steps:

    1. Click on the Network Icon in the bottom-right hand corner of your screen.
    2. Click on the Managed Workstation VPN and click Connect

    1. Enter your credentials, making sure to enter your username in the format: netid\yournetid, then click OK to finish connecting

To disconnect, follow steps 1 and 2 above but hit “Disconnect” instead.

Who is eligible for the MWS VPN service?

To be eligible to use the MWS VPN Service, you must:

  1. Be an eligible user of the Managed Workstation service by belonging to a MWS department, or you may belong to a department that has purchased the MWS VPN ala carte.
  2. Run Windows 10 or Windows 7 on both the MWS computer you are using and the computer you will be using to VPN.
  3. Have the VPN client installed on your MWS computer. This is a standard install on all managed workstations. If it is not installed, please see the instructions below for installing it on Windows 7 and Windows 10.

How do I install the MWS VPN?

Installing the MWS VPN

If you are using these instructions to re-install the MWS VPN, you should remove any existing “Nebula” or “NETID” VPN connections before configuring a new VPN connection.

Windows 10

  1. Click on Start > Settings > Network & Internet > VPN (remove existing connections here)
  2. Click on + Add a VPN connection
  3. Fill in the following fields:
    • VPN Provider: From the drop down menu, select Windows (built-in)
    • Connection name: MWS VPN
    • Server name or address: vpn.netid.washington.edu
    • VPN type: Automatic
    • Type of sign-in info: User name and password
    • Click Save
  4. In the same window, click Change adapter options in the Related settings section in the lower half of the window.
  5. The Network Connections Window will open. Locate the MWS VPN that we just created, right click on it and choose Properties
  6. On the MWS VPN Properties window, make the following changes:
    • Under the Options tab
      • Click the PPP Settings button, both Enable LCP extensions and Negotiate multi-link… should be checked, click OK
    • Under the Security tab:
      • Data Encryption: Require encryption (disconnect if server declines)
      • Authentication: Click the radio button for Use Extensible Authentication Protocol (EAP) the drop-down list should change to Microsoft: Secured password (EAP-MSCHAPv2)
    • Click OK
  7. Close this window or double click on the MWS VPN connection to go back to the VPN window and test your connection.

Windows 7 

  1. Click on the Network and Internet Control Panel (Skip this step if using the Classic Control Panel)
  2. Click Network and Sharing Center
  3. Click  Set up a connection or Network
  4. On the next screen, click  Connect to a workplace then click Next
  5. If prompted to use an existing connection, click No, Create a new connection.
  6. Click Use my Internet connection (VPN)
  7. Enter the following information:
    • Internet Address: vpn.netid.washington.edu
    • Destination Name: MWS VPN
    • Click Don’t connect now, just set it up so I can connect later
  8. Click Next
  9. Type your user name and password
    • User name: (UW NetID)
    • Password: (UW NetID password)
    • Domain: NETID
  10. Click Create Go back to Adapter settings in Network and Sharing Center and right click MWS VPN, then click Properties
  11. On the Security tab:
    • Type of VPN: set to Secure Socket Tunneling Protocol (SSTP)
    • Data Encryption: should be set to: Require encryption (disconnect if server declines)
    • Authentication: Click the radio button for Use Extensible Authentication Protocol (EAP) the drop-down list should change to Microsoft: Secured password (EAP-MSCHAPv2)
  12. After saving, right click Connect to test.

If presented with a choice of Public, Home, or Work network, choose the type of network that more closely resembles the physical network you are using. If you are using a network in a coffee shop, choose Public. If you are at home, you can choose the Home network. Public is always the most secure choice if you have any doubts.

Can I use the MWS VPN from a non-MWS workstation?

Using MWS VPN from non-Managed Workstation systems

Basic support for the MWS VPN is available for non-MWS computers, however, extended support is subject to MWS consulting rates.

The MWS VPN works well in many situations, but from non-MWS computers:

  • You will not see your H: and I: drive mounts.
  • You must ensure your computer is patched and using a current anti-virus program; see more details on UW policy.

Troubleshooting the MWS VPN

How to Start Fresh

  1. Delete all current VPN connections:
    1. Open Control Panel
    2. Change “View by:” in the upper right corner from Categories to Icons
    3. Open Network and Sharing Center
    4. Click on the Change Adapter Settings in the left column
    5. Right-click on the VPN icon(s)
    6. Choose Delete
    7. Click on Yes to confirm
  2. Restart the computer
  3. Recreate a new VPN connection per the instructions How do I install the MWS VPN? above

What to do if you have no H: or I: drives

If the VPN appears to have connected with no error messages but you do not have your H: and I: drives visible, you have two options:

  1. Connecting to the MWS VPN from the workstation logon: These instructions work from Windows 7 or 10:
    1. After computer start-up, click the Switch User button.
    2. Near the bottom right side of the screen near the “Power” button click on the blue “Network Logon” button.
    3. This will initiate a VPN session. Log in with your UW NetID credentials as usual.

    Connecting to the MWS VPN right from your workstation logon has some advantages, including:

    • Your drives will be mapped (this benefit persists after you connect using this method once)
    • You won’t be re-prompted to enter your NETID credentials for any network resource that requires them
  2. You can manually add the H: and I: drives

How to Access the VPN Event Log

Preparation

  1. Create a Folder in which to save the PowerShell Script (the email attachment or file download)
    1. Right-click in any clear area of your Desktop. Choose Personalize. The Personalization window will open.
    2. Click on “Themes” on the left side navigation pane.
    3. Click on “Desktop icon settings” under the “Related Settings” header.
    4. Check the boxes for “Computer” and “Control Panel” then click OK.
    5. Double-click on the new “Computer” or “This PC” icon on your desktop
    6. Double-click on the C: drive
    7. Click on the Home tab
    8. Click on the New Folder icon
    9. Name the folder Bin
  2. Save the file (instructions are for Outlook)
    1. If you received the file as an email attachment, right-click on the attachment name
    2. Choose Save-As
    3. Browse to C:\Bin
    4. Double-click on the C:\Bin folder to open it
    5. Click the Save button
  3. Make the full file name visible
    1. Double-click on the desktop Control Panel icon you created in Step 1
    2. In the upper right corner, change the View by from “Category” to one of the icon choices
    3. Click on the Folder Options icon
    4. Click on the View tab
    5. Uncheck the box that says “Hide extensions for known file types”
    6. Click OK
    7. Close the Control Panel window
    8. NOTE:  Leaving file extensions visible is OK, but if you want to re-hide them when you’re done, follow the steps in this section and recheck the box
  4. Create a Desktop Command Prompt shortcut
    1. Right-click on an empty area of your desktop
      1. Click New
      2. Choose Shortcut
      3. Type the following and then click Next:  Cmd
      4. Accept the shortcut name or rename as you choose, then click Finish
  5. Save the attachment, Get-VpnEvents.ps1.mask, to the Bin folder you created in Step 1
  6. Rename the file to remove the “.mask” extension so that the file name is simply “Get-VpnEvents.ps1”
    1. Right-click on the file
    2. Choose Rename
    3. Hit the End key to move prompt to end of file name
    4. Back-space out the .mask characters
  7. Right-click on the Command Prompt you created in Preparation Step 3 above
    1. Choose “Run as Administrator”
    2. Click OK in the Permission request window that appears
    3. You will see a black window with a C:\Windows\system32> prompt

Running the PowerShell Script

  1. At the command prompt, type the following and press Enter:  powershell
  2. After a few seconds, the prompt will change to “PS C:\Windows\system32>”
  3. Type the following and press Enter:  cd \Bin
  4. Copy and paste* this line and hit Enter: Set-ExecutionPolicy -executionPolicy Unrestricted
    1. *To paste into the Command window, right-click in the window and choose paste
    2. Make sure you copy the entire text, including the punctuation
  5. Copy and paste this line and hit Enter:  .\Get-VpnEvents.ps1 | out-file vpnEvents.txt
  6. Copy and paste* this line and hit Enter:  Set-ExecutionPolicy -executionPolicy Restricted
  7. Type Exit and hit Enter to close PowerShell
  8. Type Exit and hit Enter again to close the Command window

Sending the Log File to UW-IT

  1. Open the UW Connect Request Email with which you’ve been corresponding with UW-IT
  2. Attach the vpnEvents.txt
    1. Choose Attach File in your reply
    2. Browse to C:\Bin
    3. Select the vpnEvents.txt file
Last reviewed March 6, 2020