We have a few file servers running in Azure and on occasion, a P2S VPN user will not be able to reach them. When we use Test-NetConnection <fqdn> -Port 445 the name resolves correctly, however the TCP connection will fail. On occasion, Ping will succeed, but this isn't consistent. Get-NetRoute returns the correct routes for our simple VNET, with the same properties as healthy workstations. The problem only seems to occur on ~10% of the VPN users, and doing an AutoPilot Reset "fixes" the issue, but obviously this is not an appropriate solution.
- Client: Windows 11 Azure AD Joined
- Auth: Azure AD
- Tunnel Type: OpenVPN / SSL
- Gateway SKU: VpnGw2
I saw kb5026372 was causing users issues, but as far as I can tell, none of our users have this update.
Nothing stood out to me in the AzureVpnCxn.log file.
On one occasion, I did a packet capture from an impacted workstation and saw the traffic wasn't being sent over the correct (WAN Miniport) interface. I have also occasionally seen Event 2505 in the System log:
The server could not bind to the transport \Device\NetBT_Tcpip_{B771EE23-8FE4-4E7B-858D-EA8A1EBBB6FE} because another computer on the network has the same name. The server could not start.
I am not sure the above error is related, but it makes sense to me that if the VPN adapter can't bind properly, the routing would be broken, though this is the guid for the user's wifi adapter, not their miniport adapter, so maybe unrelated.
I'm not sure where else to look.
Is there additional routing logic beyond the routing table?
Is there any way to reset or otherwise ensure the adapter is healthy?
Has anyone seen this before?
Sadly it always works on my machine...
