Azure VPN works, except with Intune Security Baseline - failure in acquiring AAD token

Brandon Melton 1 Reputation point
2021-02-11T22:34:50.797+00:00

Azure VPN works great on any laptop with a group of users in Azure AD (myself included). However, when I use a particular set of laptops that are receiving any of the 3 security baselines for Windows 10, I get the following:

In the Azure VPN Client, failure reason shows:
Failures in acquiring AAD Token:Provider Error 2147942756:

In the status logs it shows:
[‎2‎/‎11‎/‎2021‎ ‎4‎:‎05‎:‎47‎ ‎PM] PId:[00016148] TId:[00016336] [ApplicationX] [] [Verbose] Dialing VPN connection **********
[‎2‎/‎11‎/‎2021‎ ‎4‎:‎05‎:‎47‎ ‎PM] PId:[00016148] TId:[00016336] [ApplicationX] [] [Verbose] Requested AccountsManager dialog.
[‎2‎/‎11‎/‎2021‎ ‎4‎:‎05‎:‎50‎ ‎PM] PId:[00016148] TId:[00016336] [ApplicationX] [] [Error] Provider Error 2147942756:
[‎2‎/‎11‎/‎2021‎ ‎4‎:‎05‎:‎50‎ ‎PM] PId:[00016148] TId:[00016336] [ApplicationX] [] [Error] Provider Error 2147942756:

And diagnosis tool shows:
Internet Access - Result: Available
Client Credentials - Result: AAD Endpoint Reachable
Server Resolvable - Result: DNS Name Resolved as **********
Server Reachable - Result: Socket Connected

I can literally have my wife's home laptop right beside this one on the same wireless network, and login to Azure VPN with the imported profile flawlessly. But this laptop, once I click any of the login option, I don't even get a login prompt, or MFA'd, just immediately get the failure in acquiring AAD token.

Troubleshooting so far:

  • I've uninstalled and reinstalled the Azure VPN client several times
  • I've uninstalled and reinstalled the profile several times
  • I've cleared saved accounts several times
  • I've rebooted
  • I've checked updates, applied everything, and ensured no updates are pending
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,511 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,949 questions
{count} votes

1 answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 49,461 Reputation points Microsoft Employee
    2021-02-12T10:31:03.35+00:00

    Hello @Brandon Melton ,

    I did an internal research on the error message you provided and below is the RCA which I found:

    Issue:

    Issue connecting through Azure VPN Client on some machines but works for others.
    Error code: Failure in acquiring AAD Token: Provider Error 2147942756

    Cause:

    The issue occurs when deployment is completed with Intune and the error in Azure VPN log (Error 2147942756) comes back as Windows Information Protection Policy.

    Resolution:

    Confirm that you are using the recommended configuration for the VPN policy following the article below and if everything is correctly configured please try to set a new policy for test users to discard any problem with the policy. This worked in several previous cases related to WIP:
    https://learn.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.