Error while creating Virtual Network Gateway

Question

Hi everyone

I have technical difficulties while configuring point to site VPN gateway in Microsoft Azure.

I already create Virtual Networks and VPN gateway with Public IP address and Generate certificates from the client machine

Issue begins when I try to Add the address pool, I get this error message :

Deployment to resource group 'AXTestRes' failed. Additional details from the underlying API that might be helpful: At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.

I tried to use different address pool unfortunately get the same error message.

Any help would be greatly appreciated.

Answer 1

Hello @Ahmed Hadbool ,

I understand that you were getting an error when creating an Azure Virtual Network Gateway.

Advised you to follow the below doc and check if you can find the detailed error message of the failed deployment:

https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-history?tabs=azure-portal#deployment-operations-and-error-message

You followed the steps and shared the deployment JSON, where we found the below error message:

"details": [
        {
          "code": "ActiveActiveGatewayPublicIPAddressesDiffersInSkuOrZones",
          "message": "Virtual network gateway /subscriptions/xxxxxxxxxxx/resourceGroups/AXTestRes/providers/Microsoft.Network/virtualNetworkGateways/TestGateway in active active mode is using PublicIPAddresses either with different Skus or with different PublicIPAllocationMethod or from a different availability zones. Networking does not support using resources from multiple zones. Networking also does not support using both regional resources and zonal resources."
        }

The creation of the third Public IP address on the P2S VPN configuration page was causing issues.

So, I requested you to check the 2 Public IP addresses that are associated with your Zone-redundant active-active VPN gateway and create a new Public IP address replicating the existing configuration. Once you create this new Public IP address, add it in the P2S VPN configuration page by selecting the "Use existing" option and then try saving the config.

You followed the recommendation and P2S configuration was done successfully. You downloaded the VPN Client app on windows 10 and you were able to connect to it successfully.

But on Windows Server 2019, VPN connect button was not responding.

Informed you that Windows server 2019 is supported for Azure P2S VPN via the native VPN clients as long as you are using Azure Certificate/Radius authentication with OpenVPN/IKEv2 tunnel type.

Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/work-remotely-support#p2s

Advised you the below steps:

• Delete the old VPN client configuration files from C:\Users\YourUserName\AppData\Roaming\Microsoft\Network\Connections\Cm
• Download a new VPN client from the Azure portal P2S VPN configuration page. Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-cert-windows#azure-portal
• Unzip the VPN client profile configuration file and run the appropriate VPN client installer. Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-cert-windows#ike

NOTE:

• Azure P2S VPN client is only supported on 64-bit Windows Server 2019. Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#supportedclientos
• You must have Administrator rights on the Windows client computer from which you want to connect.

You were able to fix the issue by resetting all configurations (Virtual Networks - Virtual Network Gateway - P2S ) then setup all from scratch.

Now everythings works fine.

Kindly let us know if the above helps or you need further assistance on this issue.

---

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.