Always on VPN - Bulk Disconnects

Question

We have an Always on VPN RRAS server (Server 2019 Std), which has been in place for 2yrs now without any issues, but over the last couple of weeks, we have started to experience mass client disconnects.

At any one time there will be 500-800 people connected, and suddenly 50-150 people will disconnect all at exactly the same time, then reconnect automatically a few seconds later.

Normally this would not be much of an issue, but the software the clients are using is very sensitive to network drops and it makes the issue more obvious.

When this happens, Event ID 20275 is logged on the VPN server - The user with IP address x.x.x.x has disconnected, but no other errors or events are logged that correspond with this time of disconnects.

All other users (there is a mix of device and users connections) remain unaffected, and so far no discernable pattern has been found for the users that do disconnect.

All users are running Windows 10 1909 or later, and are joined to the same Active Directory Domain and receiving the same Group Policies.
Windows Firewall is enabled on all client devices.

We have other Always on VPN RRAS servers for other clients built to exactly the same specification, and none of these experience this problem.

The server and the FW are both located in our private Datacentre.

We have also run SysLog but have not found any corresponding events that tie in with this.

Curious if anyone has any thoughts around what else this could be, or if anyone else has experienced this before.

Cheers.

Answer 1

Hi,

Thanks for posting in Q&A platform.

I understand that we encounter windows 10 always on VPN client disconnected intermittently and then reconnected automatically issue

May I know if there is Windows Firewall or any other brand Firewall enabled in our environment? If yes, I would suggest temporally disable the Firewall to test if the issue still existed.

And if the IKEv2 Fragmentation was enabled on both VPN server and client? IKEv2 fragmentation was introduced in Windows 10 1803 and is enabled by default. No client-side configuration is required. IKEv2 fragmentation was introduced in Windows Server 1803 and is also supported in Windows Server 2019. It is enabled via a registry key. The following PowerShell command can be used to enable IKEv2 fragmentation on supported servers.

New-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ikev2\” -Name EnableServerFragmentation -PropertyType DWORD -Value 1 -Force

Meanwhile, here are 2 articles regarding of troubleshooting Always on VPN for your reference:

Troubleshoot Always On VPN

Troubleshooting Always On VPN Error Code 809
Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

Best Regards,
Sunny

----------

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hi,

Thanks for your update and sorry for the late response.

Based on my experience, I would suggest you could collect network traffics or some necessary traces for further troubleshooting.

You could download network monitor tool from the following link:
https://www.microsoft.com/en-sg/download/details.aspx?id=4865

However, analysis of network traffic is beyond our forum support level. I would suggest you open a case with Microsoft where more in-depth investigation can be done so that you would get a more satisfying explanation to this question.

You may find phone number for your region accordingly from the link below:

Global Customer Service phone numbers

Best Regards,
Sunny

----------

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.