Aug 29 2018 08:55 AM - edited Aug 29 2018 09:40 AM
Hello!
We have Always on VPN implemented for our Windows 10 laptops. Everything was/is working great, until we purchased Microsoft 365. Once devices started to Azure AD Join, it put in an additional user certificate from MS-Organization-Access. Now, anytime a user logs in, instead of automatically connecting as they expect, you will have to go to the VPN connection and you will see "Action Needed." Once you click connect, it brings up a dropdown to select which certificate to use, the options being the one created for AoVPN (email address as the name) and the other being the one created by the azure ad join. Selecting and connecting the proper certificate does not persist between logins.
Is there a way to specify which certificate it needs to be pointing at to avoid this issue?
Dec 11 2018 10:27 AM
We are having this exact same issue. Did you find a solution to this issue?
Dec 19 2018 02:33 PM
Sep 18 2020 12:32 AM
@Jordan Paris We are having the same issue after migrating our emails to O365. The AD was already on Azure. Can you explain the solution a bit further as dont know which certificate you mean and where it needs to be edited?
Oct 28 2022 06:32 AM - edited Oct 28 2022 07:17 AM
You may have solved it already, but others may find this useful..
In addition to Jordans message, I edited the connection by going into Security -> Properties (for the EAP-authentication setting) -> Configure at the "Choose an authentication method" section -> Advanced under the "When I connect" section -> Check the checkbox at the top and select the root certificate provider that will handle these authentications. Go back with the OK-button until it's saved and then it should work. At least it did for me.
Thanks Jordan for pointing me in the right direction!
EDIT: I should point out that the menu options can differ slightly since I had to translate my equivalents into English, but hopefully they will be close enough.
EDIT2: The <TLSExtensions ...> ... </TLSExtensions> is then added to the config when you export the XML.