Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,080 questions
Issues with Microsoft Always On VPN after Driver Update
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 71%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Marc Kuhn
1
Reputation point
Hi All
we have around 100 HP Elitebooks 840 G8 in use managed with MS Intune. As there were some issues with Bluescreens after the November 2021 Updates, which have some incompabilities with Intel SST drivers, we updates all the drivers on the Notebooks with HP Image Assistant over Intune, which did what we want.
But we also found out that when updating the NIC driver the IPSecCustomPolicy has been removed the the Always On VPN doesn't connect anymore.
We needed to run this script again which solves the issue:
Set-VpnConnectionIPsecConfiguration -ConnectionName $Vpn -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES128 -DHGroup Group14 -EncryptionMethod AES128 -IntegrityCheckMethod SHA256 -PFSgroup PFS2048 -Force
But the VPN solution itself isn't reliable currently. Sometimes the users report that they get disconnected just from one moment to another.
On the server i see errors 20255 and warnings 20271 for the users, but also see them connected without changing anything. On the client i see mostly the error 800:
We have both, IKEv2 and SSTP (for a User Tunnel) in place on the VPN Server's and have 2 KEMP Loadbalancers configured in front of them, all of them are sitting in the DMZ. 2 NPS Servers are configured in the LAN for the Radius Authentication. Also we have a certificate configured for the VPN Server's, which we configured on the On-Prem Issuing-CA. We use it for both, IKEv2 and SSTP.
We have deployed for all users a internal Cert via SCEP in Intune, which is working well. But currently the VPN isn't reliable and users having issues to connect. So i'm trying to figure out what the issue could cause.
As i just noticed in Richard Hicks Book about MS Always On VPN he recommends the have a public certificate in place for SSTP.
Is anybody using also both IKEv2 and SSTP for Always On VPN User Tunnel and does someone know more about the error 20255 and warning 20271?
Many thanks for any hints on this.
Best regards,
Marc