Always On VPN – User Tunnel not being established (occasionally)

Simon Belmont 25 Reputation points
2024-10-13T12:02:22.6333333+00:00

We have an AO VPN solution where some users are occasionally having problems establishing User Tunnel. It's important to note that this only occurs occasionally and is not a permanent issue that occurs each time.

The protocol type in profile settings is Automatic, which means that VpnStrategy will be SSTP, IKEv2, PPTP then L2TP. The Device Tunnel will be established just fine on IKEv2, but User Tunnel will fail with error code 800 after trying all protocols. (On the VPN server, we are only permitting connections on SSTP and IKEv2)

Multiple tries will result in the same failure, all the while Device Tunnel for the same user will be connected just fine, and several other users will have active User Tunnels just fine. If the protocol type is changed to IKEv2 in profile settings, the error does not occur, but we need to use SSTP for User Tunnel, and for that we must set protocol type as Automatic in the profile settings.

In the Application log on the client, EventID 20227 is logged with "The user XYZ dialed a connection named ABC which has failed. The error code returned on failure is 800."

No help from Microsoft Docs, https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/troubleshoot-always-on-vpn#error-codes

Has anyone else experienced this issue?

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Windows for business | Windows Server | Devices and deployment | Set up, install, or upgrade
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Jing Zhou 7,770 Reputation points Microsoft External Staff
    2024-10-15T03:00:15.8233333+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    Besides the resolution provided in the documentation, you can also try below steps:

    1.Check and make sure the SSTP Configurations are correct on both of client and server side.

    2.Check if TCP.Port 443 is opened on the firewall and if there's any middle device blocking the connection.

    3.Ensure that the NPS policies are correctly configured to allow SSTP connection.

     

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

     

    Best regards,

    Jill Zhou

     


    If the Answer is helpful, please click "Accept Answer" and upvote it.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.