Question VPN access failed from some (not all) Windows 10 clients to a Windows Server 2019 ?

[daxadwibu]

Since a few Weeks July 13th we Have massive problem to connect to our VPN sever (Windows Server 2019). We use only Windows 10 clients. We use just the built in Windows stuff.
Systems:

• Windows 10 Enterprise Clients using latest security fixes installed with built in VPN client.
• Windows Server 2019 using RRAS latest security fixes installed. Using NAT and VPN. The server itself is hosted in a Hyper-V environment.

The situation is strange. To make it short I just tell you the experiences of 3 users (we have more):

• Access from my home Office is not possible several different messages VPN error mostly 800 but also 806, 807, 868. I use ISP “V”
• Trying to use a mobile.Hotspot with my mobile phone lead into the same result.
• College M, can sometimes connect. But 90% of attempts to access the VPN fail. He uses ISP “T”
• College Y, uses ISP “T” too, but she can connect in 50% of all attempts. So she just needs one retry.

Other facts:

• We are using PPTP.
• The VPN setting, was used for more than 6 years. The Server was switched 1½ year ago. We never had any problems.
• Using an account that has no rights through the access policy directly leads into an “Access denied” error.
• Changing the policy leads into an error 800 (and others) again. So the login can be checked but no data can be exchanged.
• The Router settings where not changed. No Update was installed.
• Nothing was changed on the VPN server, we even tried to restore a backup (Hyper-V image) from Monday 11th. Didn’t worked.

What I tried:

• Firewall on the server and some clients where deactivated and also uninstalled.
• On a client, we also reset all network settings via Start menu > Settings > Network and Internet > Status > Network Reset
• Recreating the VPN connection on the clients.
• RRAS was deactivated and newly activated.
• WLAN miniports on the clients were removed from the Device Manager (tip from a Microsoft guy), they were recreated after a restart.
• Debug output for RRAS is activated but I can’t see any useful information.
• I tried to install Wireshark on server and client, I can see that there is traffic from my fixed IP to the fixed IP of the server, But I am not experienced enough with the networking stuff (I am just a developer)

Note: It has nothing to with the VPN problems of the security patch in June. We had this to, but this were fixed after the new security patch came out.
Any ideas or tips?
Please ask if more information is required. I can edit this question.

 

[Ralston18]

This:

"I am just a developer "

You can take advantage of that. (And there is no "just" )

Try to discover some difference or differences between the Windows 10 clients that work and the Windows 10 clients that do not work.

A Powershell Get cmdlet may prove helpful in doing so.

FYI:

https://docs.microsoft.com/en-us/po...t/get-vpnconnection?view=windowsserver2022-ps

Get cmdlets are safe and there is no immediate need to rush into making changes. Investigate differences as necessary - some may be inherently different.

Post the results from a client that works vs a client that does not work. With the Windows clients being as identical as possible otherwise.

May help you identify a possible culprit(s).

And hopefully just require a simple configuration change.

Not as a solution per se but worth reading:

https://www.faqforge.com/windows/ho...ions/#:~:text=For the auto-trigger to,with "”.

May provide further insight to the problems or give you other ideas to look into.