AOVPN is no longer connecting automatically, does connect manually, no error

Question

Hello all,

Please direct me if this was already answered, my search came back nothing.

We use AOVPN for our desktop/laptop users. Recently we had a rash of machines refuses to connect automatically.

We use machine cert to do an auth using IKE. So we want the machines to connect regardless of user auth. So using an XML (got help from MS) we create an AOVPN connection, to make it machine level we use psexec.exe -s -i cmd.exe to elevate to "NT Authority\system" and then create the connection.

It's been working great for almost 2 years. But some machines will stop connecting automatically. If I force the connection it will connect. couple of ways I forced, one using registry to make the connection show up:
HKLM\SOFTWARE\Microsoft\Flyout\VPN\ShowDeviceTunnelInUI DWORD = 1
This will make it show up in "Show Available networks"

Or I can connect using rasdial. Both ways it will connect to VPN.

I also created the connection manually using add-vpnconnection -alluserconnection command and that also works to manually connect to the VPN, same settings, no change. I also checked logs and no error. it does not even show an attempt.

These are Windows 10 machines, most are at 1803 and 1909.

So what broke? I cann't find anything that shows what broke the "automatic" part of AOVPN. Help!

Answer 1

Hi ,

Before we go further, I would like to confirm the following questions:

1.Did you use user tunnel and device tunnel or just one of them?

2.What's the OS edition of your windows 10? Professional or Enterprise?

The Windows 10 Always On VPN device tunnel is supported only on Windows 10 1709 or later Enterprise edition clients that are domain-joined.

For more details, please refer to the following link:

Always On VPN Device Tunnel Does Not Connect Automatically

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

Best Regards,
Candy

---

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

1. Device tunnel
2. Enterprise, domain joined.

Currently hundreds of machines are connecting fine, it's only a handful of machines that are having this issue.

Answer 3

Did you find a solution?

I'm having the exact same issue... Windows Enterprise LTSC 1809 and Enterprise1909, Domain joined and latest updates.
Only the "automatic" part is broken. I can connect with rasdial just fine.

This is happening in newly deployed computers (fresh install with LTSC 1809 and 1909).

Answer 4

In our case the culprit is KB4580390 (for build 1809).
After uninstalling the update, AOVPN automatically connects and everything works.

Answer 5

Hey mate,

I am struggling with the same issue here.

I was able to get device tunnel working on 1 devices, I did not remember what I did to solve it.
I am testing on a windows 10 20h2 19042.572

****What I have tested on the NON-working.****
Removed Trusted network from XML File
Check RasMan folder after devicetunnel folder(did not exist) and there is no logging on attempting to connect
Removed computer certificate and renrolled new
I can access device tunnel and connect through UI (Once I am logged in)

Check the working device -
Once I check the working the device, I reconzie that it have the folder DeviceTunnel.. it is missing on the non working device.
Windows 10 Enterprise 1903 OS build: 18362.1082

I have no idea where to check anymore