Share via

Always On VPN Error 809 on some clients

ADMINISTRATEUR CMG 21 Reputation points
2021-12-02T10:57:30.917+00:00

Good morning,

We are experiencing issues with always VPN on some clients, error 809 occurs when the VPN tries to connect.

Currently, there are 107 PC connected to the RRAS server without problems, so it should not be a NPS or RAS configuration problem, but for an unknown reason, a few PC can't connect.

AOV is configured with device and force tunnelling, all the client are on Windows 10 Entreprise 2004 at least, the NPS and RAS servers are Windows 2019 standard.

I tried a lot of different things on those clients:
-delete and reload with a gpupdate the client certificates;
-deactivate IP V6:
-reset the network connections;
-delete and reinstall all the wan miniports on the devices manager
-update the drivers and Windows
...

Sometimes these operations seems to solve the problem, but sometimes not...
I thought of an internet provider issue, blocking some ports or protocols, but it happens with various providers and routers.

I'm out of solutions, so if you have an idea on what could cause this issue, it would be greatly appreciated!

Thanks and have a nice day!

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
0 comments
Accepted answer
  1. Limitless Technology 39,931 Reputation points
    2021-12-02T15:58:11.747+00:00

    Hi there,

    The error code 809 indicates a VPN timeout, meaning the VPN server failed to respond. Often this is related directly to network connectivity, but sometimes other factors might also cause this. First thing first the general troubleshooting would be to check the below points.

    Name Resolution – Ensure the VPN server’s public hostname resolves to the correct IP address.

    Firewall Configuration – Confirm the edge firewall is configured properly.

    Load Balancer Configuration – If VPN servers are located behind a load balancer, make certain that virtual IP address and ports are configured correctly

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. ADMINISTRATEUR CMG 21 Reputation points
    2021-12-03T08:09:24.523+00:00

    Hello and thanks for your answer,

    I'll try to run some more tests on the clients to check the name resolution, regarding the firewall, for windows configuration is the same on all computers (deployed by GPO), I already check that ports 500 and 4500 are autorised on some routers.
    Since AOV is used for home office with the same providers and it works for most users, I don't think it's an edge firewall problem, but I'll try to check again.
    Also there is no load balancing.

    Regards.

    0 comments
  2. ADMINISTRATEUR CMG 21 Reputation points
    2021-12-03T09:41:57.793+00:00

    So I checked if the VPN server public hostname is resolved by the client, and that's the case, I also tried to deactivate the windows firewall a moment, same problem...

    Finally, we connect the user with a mobile shared connection and it worked, so I guess his router firewall block ports 500/4500, it's strange because most users have this same provider and I don't undestand why it's should be blocked on some boxes and not others.

    They also have another VPN forticlient connection which works fine, installed in case AOV doesn't work, guess that was a good idea...

    Thanks anyway for your help!

    Regards

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.