VPN connections on Windows have UseRasCredentials option which allow user on non-domain machine work with domain resources using his/her VPN credentials
Under the hood, when this option is enabled, Windows creates stored credentials for a VPN session:
cmdkey /list
Currently stored credentials:
Target: Domain:target=*Session
Type: Domain Password
User: dom\username
Saved for this logon only
We found that on machines with latest updates installed it doesn't work and users aren't able to connect to domain resources (File shares, SQL servers) even when they connected to VPN with their domain credentials
To prove that it's related to latest updates, we launched an old VM (windows 10.0.17763.1577) and everything is working like a charm.
But on new VMs, created from Azure images "Windows 10 Pro 20H2 -Gen1" and "Windows 10 Enterprise 2019 LTSC - Gen1" when user connected to VPN, cmdkey /list not showing credentials for Target: Domain:target=*Session and users aren't able to work with on-prem resources.
As workaround we manually added credentials with
cmdkey /add:Domain:target=* /user:dom\username /pass
where Domain is an exact word "Domain" and dom\username- user login, domain resources became accessible over VPN from non-domain machine.
We also checked rasphone.pbk files (AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk) and it have UseRasCredentials=1
Thanks
