Mount Sinai Health System FAQ:
VPN System Requirements
System Requirements:
Windows 8.1, Windows 10
MAC OSX
If user is tunneling in, user needs admin rights to install the F5 Plugin during setup.
AV needs to be update within 7 Days of Last Signature Update, If this is not updated, user will not be able to VPN tunnel in.
Home AV cannot be expired, user will not be able to VPN Tunnel in
What is the URL to the VPN?
- Hospital Employees: https://msvpn.mountsinai.org
- School Employees: https://msvpn.mssm.edu
- Vendor Employees: https://msvpn-vendor.mountsinai.org
- Existing BISLR Vendors: https://mshsvpn-vendor.mountsinai.org
What is the URL to the webmail?
- For School users: https://mail.mssm.edu
- For Hospital Users: webmail.mountsinai.org
- For Office 365 users: https://portal.office.com
How do I RDP into my workstation using VPN?
- For Mac Users: https://itsecurity.mssm.edu/vpnrdpmac/
- For Windows Users: https://itsecurity.mssm.edu/vpn-rdp/
How do I use VPN Tunnel?
- VPN tunnel for MAC Instructions: https://itsecurity.mssm.edu/vpn-tunnel-for-mac/
- Using the RDP Client for MAC VPN tunnel: https://itsecurity.mssm.edu/rdp-for-mac/
- VPN tunnel for Windows Instructions: https://itsecurity.mssm.edu/vpn-tunnel-for-windows/
- VPN Tunnel setup with F5 BIG Client: https://itsecurity.mssm.edu/vpn-tunnel-with-f5bigclient/
How do I register my VIP token?
- To Register your VIP token go to: https://itsecurity.mssm.edu/vip-two-factor-setup/
How do I use VIP Push Notifcation
In order to start using VIP Push token you must register the token first and follow the instructions below on how to enable it on your mobile device.
- To Register your VIP token go to: https://itsecurity.mssm.edu/vip-two-factor-setup/
- To Enable Push Notification on your mobile device go to: https://itsecurity.mssm.edu/vip-push-notification/
Known Troubleshooting for RDP and Tunnel Issues
I login to the Mount Sinai VPN on a Windows PC but I do not see the RDP icon
Your workstation was not added to your AD account. Please contact the Helpdesk to have your workstation’s Fully Qualified Domain Name added to your AD account for RDP access.
The RDP icon appears, but when I click on “Connect” I get the error message “The connection was denied because the user account is not authorized for remote login”
Your AD network account was not added to the AD group to allow Remote Desktop Connection. Please contact the helpdesk to have them add your account to the RDP Group for Remote Desktop Connection.
User clicks on remote desktop or tunneling in with RDC. Error: Unable to connect to remote server or unable to communicate to remote server. Please contact IT Administrator.
Solution: User needs to physical reboot work pc. If reboot doesn’t work, need to check if the network cable is connected and the light is blinking green. If its blinking yellow, desktop support needs to check pc.
Tunnel not connecting it says disconnected.
Solution: User can try to install the BIG IP Client on their personal machine.
Updating the F5 VPN Tunnel Client
After certain upgrades to the F5 VPN platform, you may need to uninstall and then reinstall the VPN Tunnel client to restore full functionality.
- On a Windows workstation, uninstall the F5 BIG-IP Edge Client Components. Follow the directions for connecting to the VPN Tunnel for Windows via the link, https://itsecurity.mssm.edu/vpn-tunnel-for-windows/.
- On a MAC workstation, move the F5 VPN icon to the trash in the Applications folder. Follow the directions for connecting to the VPN Tunnel for MAC via the link, https://itsecurity.mssm.edu/vpn-tunnel-for-mac/
Troubleshooting Client AntiVirus issues
If a client gets refused because of AntiVirus issues and it is not immediately obvious what is wrong, the F5 uses OPSWAT OESIS for its clent-side checks.
This one checks the F5 client installation:Windows F5 Check
Download OPSWAT GEARS from OPSWAT GEARS, install it, run it and check the output.
Also, a possible reason a VPN user may get an AntiVirus refusal when they do have AV installed that is on the accepted AV list, is their AV’s subscription has expired or their trial has expired and the user is unaware or has been ignoring extension notices. You can have them extend their subscription or uninstall and use microsoft essentials in it’s place.
Known Citrix Issues with VPN
Citrix not loading:
Note: Managed Hospital / School builds already have Citrix Pre-installed
Verify most recent version of Citrix is installed
To install go to https://www.citrix.com/products/receiver/ to get the most update version
Citrix – Error – wfcrun32 command user on MAC Systems:
User receives Error: wfcrun32 command user, when accessing Epic via Citirx on a MAC. (This issue only happens on MACs. Have them use Safari as their browser)
Solution: User needs to update Mac Computer Name. No special characters or spaces. Then have the user try accessing Epic again. If error comes back restart MAC. Then have user try again. Or suggest using just their first name for the MAC computer name.
How to change the name of your Mac
- Step 1: In the Menu bar, go to > System Preferences…
- Step 2: Click on Sharing.
- Step 3: In the Computer Name box, type in the name you want to use for your computer.
- Step 4: Close the window, and you’re done.
Please note before doing this, make sure that all internet browser