MS tunnel gateway problem

Question

I have created MS tunnel gateway server on Ubuntu 22.04.4 LTS.

In INTUNE dashboard server display healthy.

Installed certificates - from my on prem CA.

Root certificate installed on devices as Trusted Root.

When i try to connect from Android MS Defender i get error - unable to check certificate.

On server:

worker: warning: Discarded message[0] due to invalid decryption

GnuTLS error (at worker-vpn.c:888): Decryption has failed.

Any help appreciated.

Answer 1

Hi to those experiencing a TLS error our site saw this as well when using our internal pki infrastructure. We ended up resolving this by adding the entire pem encoded trusted root to our .pem file. The output in the pem will look something like this.

------ Begin Certificate -------

Pem encoded web certificate
------ End Certificate ---------

------ Begin Certificate -------

Pem encoded Intermediate CA certificate

------ End Certificate ---------

------ Begin Certificate -------

Pem encoded Root CA certificate

------ End Certificate ---------

Answer 2

We have the issue here.

Answer 3

Hello @Tahir Vahid

did you manage to resolve this issue ? -

worker: warning: Discarded message[0] due to invalid decryption

GnuTLS error (at worker-vpn.c:888): Decryption has failed.

We recently started to get same errors on our end.

Thank you

Answer 4

Thank you for reaction.

Installation is fresh, i did it three times, to check.

This info from INTUNE portal.

CPU usage Healthy 0%

CPU cores Healthy 4 cores

Memory usage Healthy 6%

Disk space usage Healthy 37.61 GB available of 51.29 GB

Latency Healthy 0 ms

Management agent certificate Healthy Certificate expires in 359 days

TLS certificate expiration Healthy Certificate expires in 726 days

TLS certificate revocation Healthy The TLS certificate is not revoked.

Internal network accessibility Healthy Internal resource is reachable.

Upgradeability Healthy Server can contact the Microsoft Container Repository.

Server version Healthy Up to date

Server container Healthy The server conatiner status is healthy.

Server configuration Healthy The server configuration was successfully applied.

Server logs Healthy Server logs have been uploaded in the last 60 minutes.

Answer 5

@Tahir Vahid,Thanks for posting in Q&A.

From your description, I know you got some error on MS Tunnel Gateway.

To clarify the issue, please check the following information.

1.Check whether the Root Certificate was expired in Intune portal.

2.Check the TLS certificate status in Intune portal. In the Microsoft Intune admin center, go to Tenant administration > Microsoft Tunnel Gateway > Health status. Select your server and then open the Health check tab to view the server’s health status metrics

3.Re-install the app and reboot the server to see if the issue can be fixed.

https://www.reddit.com/r/Intune/comments/s6x9of/microsoft_tunnel_gateway_was_working_fine_now_isnt/

Please check above information, if there is any update, feel free to let me know.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.