Issues with Microsoft Always On VPN Device Tunnel

%3CLINGO-SUB%20id%3D%22lingo-sub-2277274%22%20slang%3D%22en-US%22%3EIssues%20with%20Microsoft%20Always%20On%20VPN%20Device%20Tunnel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2277274%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20guys%3C%2FP%3E%3CP%3Ei'm%20trying%20to%20configure%20in%20our%20PoC%20environment%20a%20Microsoft%20Always%20On%20VPN%20Device%20Tunnel%20with%20Intune.%20I%20configured%20the%20VPN%20Device%20Profile%2C%20which%20is%20attached%20to%20my%20group%20for%20Azure%20AD%20Joined%20devices.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20Test-VM%20is%20fully%20patched%20and%20has%20a%20certificate%20from%20the%20internal%20CA.%20I%20see%20the%20VPN%20Device%20Tunnel%20and%20i'm%20able%20to%20connect%20to%20it%20manually%20but%20the%20Windows%2010%20isn't%20trying%20to%20connect%20automatically.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20version%20of%20the%20Windows%20is%20Windows%2010%20Enterprise%20Version%2020H2%20(OS%20Build%2019042.928)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anybody%20has%20a%20good%20hint%20what%20this%20could%20cause%3F%20In%20the%20Eventlog%20i%20see%20that%20the%20client%20doesn't%20even%20try%20to%20connect.%20As%20a%20requirement%20for%20Alyways%20ON%20VPN%20Device%20Tunnel%20is%20Enterprise%20Version%20as%20well%20as%20Domain-Joined.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20question%20is%20then%20is%20Azure%20Domain%20Join%20sufficient%20or%20does%20the%20client%20need%20to%20be%20joined%20to%20an%20On-Prem%20AD%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%20for%20your%20help%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20regards%2C%3C%2FP%3E%3CP%3EMarc%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2450948%22%20slang%3D%22en-US%22%3ERe%3A%20Issues%20with%20Microsoft%20Always%20On%20VPN%20Device%20Tunnel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2450948%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1029562%22%20target%3D%22_blank%22%3E%40Mkuhn79%3C%2FA%3E%2C%3C%2FP%3E%3CP%3ECheck%20if%20this%20article%20helps%20with%20your%20issue-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdirectaccess.richardhicks.com%2F2019%2F03%2F14%2Falways-on-vpn-device-tunnel-does-not-connect-automatically%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EAlways%20On%20VPN%20Device%20Tunnel%20Does%20Not%20Connect%20Automatically%20%7C%20Richard%20M.%20Hicks%20Consulting%2C%20Inc.%20(richardhicks.com)%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi guys

i'm trying to configure in our PoC environment a Microsoft Always On VPN Device Tunnel with Intune. I configured the VPN Device Profile, which is attached to my group for Azure AD Joined devices.

 

My Test-VM is fully patched and has a certificate from the internal CA. I see the VPN Device Tunnel and i'm able to connect to it manually but the Windows 10 isn't trying to connect automatically.

 

The version of the Windows is Windows 10 Enterprise Version 20H2 (OS Build 19042.928)

 

Does anybody has a good hint what this could cause? In the Eventlog i see that the client doesn't even try to connect. As a requirement for Alyways ON VPN Device Tunnel is Enterprise Version as well as Domain-Joined.

 

My question is then is Azure Domain Join sufficient or does the client need to be joined to an On-Prem AD?

 

Many thanks for your help

 

Best regards,

Marc

 

1 Reply