Forum Discussion
Updating Azure VPN profile not being applied
Hi,
I had a Azure VPN configuration setup in Intune, everthing was working.
But we had to upgrade the VPN service, so a new profile was created with the new server configurations.
When I import the xml file manually in Azure VPN everything works, but when I update the configuration in Intune, the settings on device does not change, it keeps the old profile (Same name)
./User/Vendor/MSFT/VPNv2/<name of your connection>/ProfileXML
- Edit the configuration profile
- Upload new XML
- Save
- Sync device
No changes happens on the device.
So i tested deleteing the old profile from my device.
Now i see an error in Intune, and i have no VPN profile at all in Azure VPN app.
Error code: -2016345612
Error code: 0x87d101f4
Hi Jimmy,
I have made changes on my test environment to mirror your issue and worked without removing the existing profile.
The xml that you download from Azure (or import manually) needs to be changed in order to import using Intune. Here is an example on how it supposed to look:
Example_VPNProfile/example_vpnprofile.xml at main · j0eyv/Example_VPNProfile · GitHub
Follow the steps below to replace with your tenant info
Line 5: Modify the <TrustedNetworkDetection> setting to the DNS suffix, your DHCP server is sending out to your clients. This will be used to determine if a device is connected to the internal network or external. For example: contoso.local.
Line 9: Modify the <ServerUrlList> setting.
Line 18: Modify the <issuer> setting https://sts.windows.net/TENANTID/.
Line 19: Modify the <tenant> setting https://login.microsoftonline.com/TENANTID/.
Line 31: Modify the <name> setting. This is the VNET name.
Line 41: Modify the <fqdn> setting. This value can be found in the AzureVPN/azurevpnconfig.xml file which is in the downloaded from Azure.
Line 46: Modify the <hash> setting. This value can be found in the AzureVPN/azurevpnconfig.xml file which is in the downloaded from Azure.
Line 50: Modify the <serversecret> setting. This value can be found in the AzureVPN/azurevpnconfig.xml file which is in the downloaded from Azure.Save it as new XML file in order to import to OMA URI Setting.
In order to override your existing file:
OMA-URI Setting should be like below:
Name: Give it a nameDescription: Give it descriptionOMA-URI: ./User/Vendor/MSFT/VPNv2/*NAME OF YOUR EXISTING PROFILE*/ProfileXMLData Type: String (XML File)
- Currently testing the following.
For users that has the old profile add to Exclude group, forcing the old profile to be removed.
Then Add them back to Include group with new profile.
Will keep you updated if this works- I have used the same process in the past and worked, you don’t have any issues/typos with xml string? This blog post might be helpful:
Moe
https://www.joeyverlinden.com/p2s-azure-vpn-gateway-and-azure-vpn-client/- XML is working fine, tested manual import and also always on profile sent from Intune to test device. Only issue with devices that had the old profile from Intune.
But will confirm later today, but the profile seems to be removed at least, will wait a bit before re-adding it.
