How to troubleshoot Azure VPN client's frequent disconnections

Alex Alborzfard 1 Reputation point
2024-10-22T21:21:32.4266667+00:00

Several users are claiming that VPN is signing out/disconnecting much more often than usual. I am getting reports that it is signing out at random while they are working (Not just while it is in sleep mode).

Any ideas what could be causing this sudden change? Was something changed on the backend in Azure to cause this?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,795 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sai Prasanna Sinde 6,645 Reputation points Microsoft External Staff Moderator
    2024-10-23T02:38:32.67+00:00

    Hi @Alex Alborzfard

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    1. Looks like the updated version (3.4.0.0) might be the reason for this issue. Please refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/azure-vpn-client-versions#azure-vpn-client---windows
    2. The reason might be the current refresh token in the Azure VPN client, acquired from Entra ID, has expired or become invalid. This token is renewed approximately every hour. Entra tenant administrators can extend the sign-in frequency by adding conditional access policies. Please work with your Entra tenant administrators to extend the refresh token expiration interval. For your reference: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#vpn-disconnect
    3. If you are getting any of the below error, you need to reconnect. This triggers an interactive sign-in process in Microsoft Entra that issues a new refresh token and access token. Your authentication with Microsoft Entra is expired. You need to re-authenticate in Entra to acquire a new token. Authentication timeout can be tuned by your administrator. or Your authentication with Microsoft Entra has expired so you need to re-authenticate to acquire a new token. Please try connecting again. Authentication policies and timeout are configured by your administrator in Entra tenant. For your reference: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems#cause-15
    4. The refresh token can show as expired/invalid due to several reasons. You can check User Entra sign-in logs for debugging. For your reference: https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-sign-ins
    5. Refresh tokens can be revoked at any time, because of timeouts and revocations. Your app must handle revocations by the sign-in service gracefully by sending the user to an interactive sign-in prompt to sign in again. For your reference: https://learn.microsoft.com/en-us/entra/identity-platform/refresh-tokens#token-expiration

    If you have any further queries, do let us know. If the answer is helpful, please click "Accept Answer" and "Upvote it."

    Thanks,

    Sai Prasanna.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.