cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Always on VPN prompting for action needed - Azure AD Join issue?

%3CLINGO-SUB%20id%3D%22lingo-sub-239530%22%20slang%3D%22en-US%22%3EAlways%20on%20VPN%20prompting%20for%20action%20needed%20-%20Azure%20AD%20Join%20issue%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-239530%22%20slang%3D%22en-US%22%3E%3CP%3EHello!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20Always%20on%20VPN%20implemented%20for%20our%20Windows%2010%20laptops.%20Everything%20was%2Fis%20working%20great%2C%20until%20we%20purchased%20Microsoft%20365.%20Once%20devices%20started%20to%20Azure%20AD%20Join%2C%20it%20put%20in%20an%20additional%20user%20certificate%20from%20MS-Organization-Access.%20Now%2C%20anytime%20a%20user%20logs%20in%2C%20instead%20of%20automatically%20connecting%20as%20they%20expect%2C%20you%20will%20have%20to%20go%20to%20the%20VPN%20connection%20and%20you%20will%20see%20%22Action%20Needed.%22%20Once%20you%20click%20connect%2C%20it%20brings%20up%20a%20dropdown%20to%20select%20which%20certificate%20to%20use%2C%20the%20options%20being%20the%20one%20created%20for%20AoVPN%20(email%20address%20as%20the%20name)%20and%20the%20other%20being%20the%20one%20created%20by%20the%20azure%20ad%20join.%20Selecting%20and%20connecting%20the%20proper%20certificate%20does%20not%20persist%20between%20logins.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20specify%20which%20certificate%20it%20needs%20to%20be%20pointing%20at%20to%20avoid%20this%20issue%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-239530%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAlwaysOn%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Evpn%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ewindows%2010%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-304407%22%20slang%3D%22en-US%22%3ERe%3A%20Always%20on%20VPN%20prompting%20for%20action%20needed%20-%20Azure%20AD%20Join%20issue%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-304407%22%20slang%3D%22en-US%22%3EYes%2C%3CBR%20%2F%3ERecreating%20the%20template%20with%20an%20additional%20setting%20configured.%20A%20step%20was%20missing%20from%20the%20documentation%20(I%20have%20sent%20some%20contacts%20the%20information%20about%20this).%20When%20you%20are%20editing%20the%20VPN%20Adapter%2C%20when%20you%20are%20in%20the%20smart%20cord%20or%20other%20certificate%20properties%20window%20(where%20you%20select%20Use%20a%20certificate%20on%20this%20computer)%2C%20there%20is%20an%20Advanced%20button%2C%20select%20this.%20You%20should%20have%20a%20checkbox%20to%20select%20%22Certificate%20Issuer%2C%22%20and%20then%20you%20will%20choose%20which%20certificate%20issues%20to%20be%20used%20for%20this%20certificate.%20This%20will%20scope%20it%20to%20only%20look%20for%20those%20from%20the%20specific%20CA.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-299085%22%20slang%3D%22en-US%22%3ERe%3A%20Always%20on%20VPN%20prompting%20for%20action%20needed%20-%20Azure%20AD%20Join%20issue%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-299085%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20having%20this%20exact%20same%20issue.%20Did%20you%20find%20a%20solution%20to%20this%20issue%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1682342%22%20slang%3D%22en-US%22%3ERe%3A%20Always%20on%20VPN%20prompting%20for%20action%20needed%20-%20Azure%20AD%20Join%20issue%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1682342%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F173149%22%20target%3D%22_blank%22%3E%40Jordan%20Paris%3C%2FA%3E%26nbsp%3BWe%20are%20having%20the%20same%20issue%20after%20migrating%20our%20emails%20to%20O365.%20The%20AD%20was%20already%20on%20Azure.%20Can%20you%20explain%20the%20solution%20a%20bit%20further%20as%20dont%20know%20which%20certificate%20you%20mean%20and%20where%20it%20needs%20to%20be%20edited%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Jordan Paris
Occasional Contributor

‎Aug 29 2018 08:55 AM - edited ‎Aug 29 2018 09:40 AM

‎Aug 29 2018 08:55 AM - edited ‎Aug 29 2018 09:40 AM

Always on VPN prompting for action needed - Azure AD Join issue?

Hello!

 

We have Always on VPN implemented for our Windows 10 laptops. Everything was/is working great, until we purchased Microsoft 365. Once devices started to Azure AD Join, it put in an additional user certificate from MS-Organization-Access. Now, anytime a user logs in, instead of automatically connecting as they expect, you will have to go to the VPN connection and you will see "Action Needed." Once you click connect, it brings up a dropdown to select which certificate to use, the options being the one created for AoVPN (email address as the name) and the other being the one created by the azure ad join. Selecting and connecting the proper certificate does not persist between logins. 

 

Is there a way to specify which certificate it needs to be pointing at to avoid this issue?

Labels:
13.6K Views
0 Likes
3 Replies
Reply
3 Replies

‎Dec 11 2018 10:27 AM

‎Dec 11 2018 10:27 AM

Re: Always on VPN prompting for action needed - Azure AD Join issue?

We are having this exact same issue. Did you find a solution to this issue?

0 Likes
Reply
Jordan Paris

‎Dec 19 2018 02:33 PM

‎Dec 19 2018 02:33 PM

Re: Always on VPN prompting for action needed - Azure AD Join issue?

Yes,
Recreating the template with an additional setting configured. A step was missing from the documentation (I have sent some contacts the information about this). When you are editing the VPN Adapter, when you are in the smart cord or other certificate properties window (where you select Use a certificate on this computer), there is an Advanced button, select this. You should have a checkbox to select "Certificate Issuer," and then you will choose which certificate issues to be used for this certificate. This will scope it to only look for those from the specific CA.
0 Likes
Reply
Syed_Raza

‎Sep 18 2020 12:32 AM

‎Sep 18 2020 12:32 AM

Re: Always on VPN prompting for action needed - Azure AD Join issue?

@Jordan Paris We are having the same issue after migrating our emails to O365. The AD was already on Azure. Can you explain the solution a bit further as dont know which certificate you mean and where it needs to be edited?

0 Likes
Reply