4,660 questions
Always on VPN (RRAS + NPS , IKEV2) AAD joined Devices
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 22%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEG%3C/text%3E%3C/svg%3E)
Ellewela Gamage Deeptha Madhuranga Samarasekara
6
Reputation points
Hi Community,
I am in the middle of a project for a customer. Trying to make Always on VPN user tunnel work on Windows 10/11Devices.
- All Devices are Azure AD Joined and Intune Managed
- VPN devices is RRAS configured for IKEv2
- User cert is pushed to computers via SCEP,NDES Intune SCEP profile
- Root CA for the Enterprise CA is distributed via Intune.
Despite everything looking exactly as its proposed on blog articles, it is not working. Is this something that has ever worked for any of you ? Is this not officially supported on Azure AD joined devices ?
Some of the articles I followed.
https://techblog.ptschumi.ch/windows/always-on-vpn/always-on-vpn-overview-azure-ad-joined-device/
Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Windows for business | Windows Client for IT Pros | User experience | Other
Microsoft Security | Intune | Other
5,571 questions
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 20%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
MudassirKakingray 75 Reputation points2024-06-28T09:49:46.1266667+00:00 Hi Deeptha,
Kindly look at this guide on how to configure Always on VPN Profile through Intune: https://learn.microsoft.com/en-us/windows-server/remote/remote-access/tutorial-aovpn-deploy-configure-client
Additionally, you can also verify:
- If all the dependent Certificates are installed correctly.
- There could be different reason for connectivity failure. Please check the documentation here: https://learn.microsoft.com/en-us/troubleshoot/mem/intune/device-configuration/troubleshoot-vpn-profiles?tabs=windows
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 23%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
Ømer Hendem 0 Reputation points2024-11-13T20:38:02.3866667+00:00 Have you ever found a solution to this problem? I have the same issue and can’t get NPS to authenticate the user.
Sign in to comment
Sign in to answer