Azure VPN Client - Access is denied

Question

Hi!

I'm trying to implement Azure VPN Client on our local domain-joined computers. When user downloads Azure Vpn Client from the Microsoft store it gets an error (screen-shot) about Access Denied. User can be an Administrator or User of the machine - it doesn't make any difference.
When I tried the same download from the Microsoft store on a virtual Machine everything works fine. The problem must be domain related.
The log file entry:

[‎18‎/‎05‎/‎2021‎ ‎10‎:‎37‎:‎27] PId:[00026132] TId:[00029876] [ApplicationX] [] [Error] Access is denied.
[‎18‎/‎05‎/‎2021‎ ‎10‎:‎37‎:‎27] PId:[00026132] TId:[00029876] [ApplicationX] [] [Verbose] Application Initialized

The question is: how to "debug" the Access is Denied?

Answer 1

@Karl Thank you for reaching out to Microsoft Q&A. I understand that you are unable to connect to the P2S VPN using the Azure VPN client and are looking for debug logs for the error that you are getting.

If you click on the three dots beside your VPN profile as shown in the attached snapshot, you should see the option for show logs directory where the log file should be available. Hope this helps.

If you need help in debugging the logs further, please let us know. You can send an email to AzCommunity [at] microsoft dot com with subject: "ATTN: Sai Kishor" with your logs so we can take a look at it privately in case needed. Thank you!

Remember:

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Want a reminder to come back and check responses? Here is how to subscribe to a notification.

Answer 2

@SaiKishor-MSFT Hi!

Thanks for the response.

Access is denied appears after opening the application, without any VPN profile entered. In fact, I Can not add any profile to the Azure Vpn Client. When I try to save the configuration (pushing the button save) nothing happens.

I tried the diagnose the problem myself using Procmon.exe from SysInternals Suite, unfortunately without success! 97951-azurevpnclient.log

I'm Attaching the Log file!

Best regards,

Karl

Answer 3

@Karl I see the error- "Access Denied" is caused due to the following reason. I am also providing the solution for the same, please let me know if you can run the following and see if this works!

Cause:

DnsCache service that is configured by Azure VPN Client due to some misconfiguraton loses access to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig registry key and cannot create records needed.

How to identify:

Run Sysinternals Process Monitor (ProcMon) while connecting to Azure p2s. Filter by:

Process Name - is - svchost.exe
Path - contains - dns
You'll see "Write Access Denied" event for the key mentioned.

Resolution:

For the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig Add built-in group "NT Service\DnsCache", and provide these permissions (as in Windows by Default):

Principal: "NT Service\DnsCache"
Type: Allow
Applies to: This key and subkeys
Advanced permissions: Query Value, Set Value, Create Subkey, Enumerate Subkeys, Notify, Read Control

Answer 4

@SaiKishor-MSFT I already checked that - no success.

Still "Access Denied"

Attaching the image of registry settings...

Answer 5

Hi Karl,

were you ever able to solve this issue?
I have the exact same problem.