Always On VPN - Windows Hello for Business not remembering credentials

Question

Im struggeling with a customer to get Always On VPN working while users login with WHfB (for example PIN), the AOVPN connection is always asking for username password and does not remeber the credentials once you set them the first time.

We noticed that the revocation list (CRL) on the VPN Server certificatie is not published public, only internal. Does anybody have experience with ths kind of configurations?

Answer 1

Hello @Michael van der Burg

Here’s what I found.

Always On VPN natively supports Windows Hello for Business (in certificate-based authentication mode).

According to this Blog, this certificate should be issued if the VPN server will be accepting SSTP connections. The certificate revocation list (CRL) for this certificate needs to be available on the internet. If the CRL for the internal PKI is not publicly available, then this certificate should be issued through a third-party CA. An existing SSL wildcard certificate could be used here.

Hope that helps.

Best Regards
Karlie

----------

If the Answer is helpful, please click "Accept Answer" and upvote it.

Answer 2

You may try the followings:

A.Disable Automatic Device Setup Feature

Go to the Start menu and then click on the Accounts option> Sign-in options> turn off the "Use my sign-in info to automatically finish setting up my device after an update or restart" option> Reboot

B.Remove the Microsoft account and then create a local user account. After a reboot change it to a Microsoft account again.