AOVPN is no longer connecting automatically, does connect manually, no error

Mo Islam 1 Reputation point
2020-10-08T00:10:52.047+00:00

Hello all,

Please direct me if this was already answered, my search came back nothing.

We use AOVPN for our desktop/laptop users. Recently we had a rash of machines refuses to connect automatically.

We use machine cert to do an auth using IKE. So we want the machines to connect regardless of user auth. So using an XML (got help from MS) we create an AOVPN connection, to make it machine level we use psexec.exe -s -i cmd.exe to elevate to "NT Authority\system" and then create the connection.

It's been working great for almost 2 years. But some machines will stop connecting automatically. If I force the connection it will connect. couple of ways I forced, one using registry to make the connection show up:
HKLM\SOFTWARE\Microsoft\Flyout\VPN\ShowDeviceTunnelInUI DWORD = 1
This will make it show up in "Show Available networks"

Or I can connect using rasdial. Both ways it will connect to VPN.

I also created the connection manually using add-vpnconnection -alluserconnection command and that also works to manually connect to the VPN, same settings, no change. I also checked logs and no error. it does not even show an attempt.

These are Windows 10 machines, most are at 1803 and 1909.

So what broke? I cann't find anything that shows what broke the "automatic" part of AOVPN. Help!

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,129 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,244 questions
0 comments No comments
{count} votes

6 answers

Sort by: Most helpful
  1. Candy Luo 12,646 Reputation points Microsoft Vendor
    2020-10-08T02:33:54.49+00:00

    Hi ,

    Before we go further, I would like to confirm the following questions:

    1.Did you use user tunnel and device tunnel or just one of them?

    2.What's the OS edition of your windows 10? Professional or Enterprise?

    The Windows 10 Always On VPN device tunnel is supported only on Windows 10 1709 or later Enterprise edition clients that are domain-joined.

    30796-image.png

    For more details, please refer to the following link:

    Always On VPN Device Tunnel Does Not Connect Automatically

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,
    Candy


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Mo Islam 1 Reputation point
    2020-10-08T04:54:41.687+00:00
    1. Device tunnel
    2. Enterprise, domain joined.

    Currently hundreds of machines are connecting fine, it's only a handful of machines that are having this issue.


  3. Brfpm 1 Reputation point
    2020-11-04T15:09:10.827+00:00

    Did you find a solution?

    I'm having the exact same issue... Windows Enterprise LTSC 1809 and Enterprise1909, Domain joined and latest updates.
    Only the "automatic" part is broken. I can connect with rasdial just fine.

    This is happening in newly deployed computers (fresh install with LTSC 1809 and 1909).

    0 comments No comments

  4. Brfpm 1 Reputation point
    2020-11-04T18:56:13.213+00:00

    In our case the culprit is KB4580390 (for build 1809).
    After uninstalling the update, AOVPN automatically connects and everything works.


  5. William Hanna 1 Reputation point
    2020-11-09T19:20:02.147+00:00

    Hey mate,

    I am struggling with the same issue here.

    I was able to get device tunnel working on 1 devices, I did not remember what I did to solve it.
    I am testing on a windows 10 20h2 19042.572

    ****What I have tested on the NON-working.****
    Removed Trusted network from XML File
    Check RasMan folder after devicetunnel folder(did not exist) and there is no logging on attempting to connect
    Removed computer certificate and renrolled new
    I can access device tunnel and connect through UI (Once I am logged in)

    Check the working device -
    Once I check the working the device, I reconzie that it have the folder DeviceTunnel.. it is missing on the non working device.
    Windows 10 Enterprise 1903 OS build: 18362.1082

    I have no idea where to check anymore