cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Updating Azure VPN profile not being applied

JimmyWork
Iron Contributor

‎Jun 20 2022 03:53 AM

‎Jun 20 2022 03:53 AM

Updating Azure VPN profile not being applied

Hi,

 

I had a Azure VPN configuration setup in Intune, everthing was working.
But we had to upgrade the VPN service, so a new profile was created with the new server configurations.

 

When I import the xml file manually in Azure VPN everything works, but when I update the configuration in Intune, the settings on device does not change, it keeps the old profile (Same name)

 

./User/Vendor/MSFT/VPNv2/<name of your connection>/ProfileXML

 

  • Edit the configuration profile
  • Upload new XML
  • Save
  • Sync device

No changes happens on the device.

So i tested deleteing the old profile from my device.

Now i see an error in Intune, and i have no VPN profile at all in Azure VPN app.

 

Error code: -2016345612

Error code: 0x87d101f4

 

 

Labels:
11.2K Views
0 Likes
10 Replies
Reply
10 Replies
JimmyWork

‎Jun 20 2022 09:57 AM

‎Jun 20 2022 09:57 AM

Re: Updating Azure VPN profile not being applied

Currently testing the following.

For users that has the old profile add to Exclude group, forcing the old profile to be removed.
Then Add them back to Include group with new profile.

Will keep you updated if this works
0 Likes
Reply
Moe_Kinani

‎Jun 20 2022 07:10 PM

‎Jun 20 2022 07:10 PM

Re: Updating Azure VPN profile not being applied

I have used the same process in the past and worked, you don’t have any issues/typos with xml string? This blog post might be helpful:

Moe
https://www.joeyverlinden.com/p2s-azure-vpn-gateway-and-azure-vpn-client/
1 Like
Reply
JimmyWork

‎Jun 21 2022 12:13 AM

‎Jun 21 2022 12:13 AM

Re: Updating Azure VPN profile not being applied

XML is working fine, tested manual import and also always on profile sent from Intune to test device. Only issue with devices that had the old profile from Intune.

But will confirm later today, but the profile seems to be removed at least, will wait a bit before re-adding it.
0 Likes
Reply
JimmyWork

‎Jun 22 2022 02:22 AM - edited ‎Jun 22 2022 02:36 AM

‎Jun 22 2022 02:22 AM - edited ‎Jun 22 2022 02:36 AM

Re: Updating Azure VPN profile not being applied

Still having issues. @Moe_Kinani 

Excluding would result in a removal of the VPN config.
After re-adding the user to the include group (after the profile was confirmed removed from the device)

Then no profile shows up and in Intune I can see the following error:
Error code: -2016345612
Error code: 0x87d101f4

This is a Win 11 device

Event viewer shows error:

MDM ConfigurationManager: Command failure status. Configuration Source ID: (NEVER MIND THIS), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (VPNv2), Command Type: (Add: from Replace or Add), CSP URI: (./User/Vendor/MSFT/VPNv2/ProfileTest/ProfileXML), Result: (Windows was unable to parse the requested XML data.).

 

If I copy the XML i can import it without any issues, I see nothing wrong in the XML file, manual import is working and its generated from Azure.

0 Likes
Reply
best response confirmed by JimmyWork (Iron Contributor)
Moe_Kinani

‎Jun 22 2022 06:16 PM - edited ‎Jun 22 2022 06:19 PM

‎Jun 22 2022 06:16 PM - edited ‎Jun 22 2022 06:19 PM

Solution

Re: Updating Azure VPN profile not being applied

@JimmyWork 

 

Hi Jimmy,

I have made changes on my test environment to mirror your issue and worked without removing the existing profile.

 

The xml that you download from Azure (or import manually) needs to be changed in order to import using Intune. Here is an example on how it supposed to look:

 

Example_VPNProfile/example_vpnprofile.xml at main · j0eyv/Example_VPNProfile · GitHub

 

Follow the steps below to replace with your tenant info

Line 5: Modify the <TrustedNetworkDetection> setting to the DNS suffix, your DHCP server is sending out to your clients. This will be used to determine if a device is connected to the internal network or external. For example: contoso.local.
Line 9: Modify the <ServerUrlList> setting.
Line 18: Modify the <issuer> setting https://sts.windows.net/TENANTID/.
Line 19: Modify the <tenant> setting https://login.microsoftonline.com/TENANTID/.
Line 31: Modify the <name> setting. This is the VNET name.
Line 41: Modify the <fqdn> setting. This value can be found in the AzureVPN/azurevpnconfig.xml file which is in the downloaded from Azure.
Line 46: Modify the <hash> setting. This value can be found in the AzureVPN/azurevpnconfig.xml file which is in the downloaded from Azure.
Line 50: Modify the <serversecret> setting. This value can be found in the AzureVPN/azurevpnconfig.xml file which is in the downloaded from Azure.

 

Save it as new XML file in order to import to OMA URI Setting.

 

 

In order to override your existing file:

 

OMA-URI Setting should be like below:

 

Name: Give it a name
Description: Give it description
OMA-URI: ./User/Vendor/MSFT/VPNv2/*NAME OF YOUR EXISTING PROFILE*/ProfileXML
Data Type: String (XML File)
 
 
 
1 Like
Reply
JimmyWork

‎Jun 23 2022 01:37 AM

‎Jun 23 2022 01:37 AM

Re: Updating Azure VPN profile not being applied

Thank you for answering, but all these settings you are asking me to modified in the xml are already set when you generate it from Azure.

All you do is upload the XML into Intune and set the OMA-URI.
This is how it's been done before, and it'w working on clients that never recived the old profile. But devices that once had the old profile, gets invalid XML.

What you are reffering to is the Always On profile, this i have no issue with.
It's the profile for manual connect that's no longer working.

When im writting this i just understod that i can set the AlwaysOn to false :)
But i'm pretty sure I had this setup as i said before and looking at new device it's working.

Let me try updtaing the profile again setting awlays on to False :)
I had to profiles on AlwaysOn = Working
One manual = Not working, this is the one i only imported the Azure VPN config no changes to XML

0 Likes
Reply
JimmyWork

‎Jun 23 2022 02:03 AM

‎Jun 23 2022 02:03 AM

Re: Updating Azure VPN profile not being applied

You where correct, not sure what i was thinking or why it said working on some devices, but now working on all :) Thank you again
1 Like
Reply
Moe_Kinani

‎Jun 23 2022 02:50 AM

‎Jun 23 2022 02:50 AM

Re: Updating Azure VPN profile not being applied

Glad it’s working now!
0 Likes
Reply
spateluk

‎Mar 07 2023 12:13 AM

‎Mar 07 2023 12:13 AM

Re: Updating Azure VPN profile not being applied

@JimmyWork I am having the same issue where user with existing configuration profile fails to have the newly updated profile overwrite the existing downloaded profile. Could you please share what changes specifically worked for you? I have used a updated the existing xml file with the new settings and uploaded with new xml file name keeping existing Profile Name and OMA URI but only new devices pick up the new profile and devices having the old config fails to overwrite. 

appreciate you help in confirming this as I am not keen on excluding user group to remove old profile and then re-add the group back to add with same connection name or emir old profile and add with new name. 

thanks

 

0 Likes
Reply
JimmyWork

‎Mar 07 2023 05:59 AM

‎Mar 07 2023 05:59 AM

Re: Updating Azure VPN profile not being applied

I was importing the wrong XML settings.
But I belive I ended up re-doing all the steps, creating a new policy, deleting the old one.
But if you check in the Event logs im pretty sure you can see why the policy is not applied.
If i remember corectly it was due to the profile name was already exisiting, creating a new profile name worked. I'm sorry for not being able to help you and I don't know at what scale you need to do this, but please test the following.

Create a new policy with the new settings, same profile name.
Exclude test user from the first policy with the old settings.
Include test user in the new policy.

Check the Event logs

I hade to download a fresh XML file and then upload that with my settings.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by JimmyWork (Iron Contributor)
Moe_Kinani

‎Jun 22 2022 06:16 PM - edited ‎Jun 22 2022 06:19 PM

‎Jun 22 2022 06:16 PM - edited ‎Jun 22 2022 06:19 PM

Solution

Re: Updating Azure VPN profile not being applied

@JimmyWork 

 

Hi Jimmy,

I have made changes on my test environment to mirror your issue and worked without removing the existing profile.

 

The xml that you download from Azure (or import manually) needs to be changed in order to import using Intune. Here is an example on how it supposed to look:

 

Example_VPNProfile/example_vpnprofile.xml at main · j0eyv/Example_VPNProfile · GitHub

 

Follow the steps below to replace with your tenant info

Line 5: Modify the <TrustedNetworkDetection> setting to the DNS suffix, your DHCP server is sending out to your clients. This will be used to determine if a device is connected to the internal network or external. For example: contoso.local.
Line 9: Modify the <ServerUrlList> setting.
Line 18: Modify the <issuer> setting https://sts.windows.net/TENANTID/.
Line 19: Modify the <tenant> setting https://login.microsoftonline.com/TENANTID/.
Line 31: Modify the <name> setting. This is the VNET name.
Line 41: Modify the <fqdn> setting. This value can be found in the AzureVPN/azurevpnconfig.xml file which is in the downloaded from Azure.
Line 46: Modify the <hash> setting. This value can be found in the AzureVPN/azurevpnconfig.xml file which is in the downloaded from Azure.
Line 50: Modify the <serversecret> setting. This value can be found in the AzureVPN/azurevpnconfig.xml file which is in the downloaded from Azure.

 

Save it as new XML file in order to import to OMA URI Setting.

 

 

In order to override your existing file:

 

OMA-URI Setting should be like below:

 

Name: Give it a name
Description: Give it description
OMA-URI: ./User/Vendor/MSFT/VPNv2/*NAME OF YOUR EXISTING PROFILE*/ProfileXML
Data Type: String (XML File)
 
 
 

View solution in original post

1 Like
Reply