Azure VPN works, except with Intune Security Baseline - failure in acquiring AAD token

Brandon Melton 1 Reputation point
2021-02-11T22:34:50.797+00:00

Azure VPN works great on any laptop with a group of users in Azure AD (myself included). However, when I use a particular set of laptops that are receiving any of the 3 security baselines for Windows 10, I get the following:

In the Azure VPN Client, failure reason shows:
Failures in acquiring AAD Token:Provider Error 2147942756:

In the status logs it shows:
[‎2‎/‎11‎/‎2021‎ ‎4‎:‎05‎:‎47‎ ‎PM] PId:[00016148] TId:[00016336] [ApplicationX] [] [Verbose] Dialing VPN connection **********
[‎2‎/‎11‎/‎2021‎ ‎4‎:‎05‎:‎47‎ ‎PM] PId:[00016148] TId:[00016336] [ApplicationX] [] [Verbose] Requested AccountsManager dialog.
[‎2‎/‎11‎/‎2021‎ ‎4‎:‎05‎:‎50‎ ‎PM] PId:[00016148] TId:[00016336] [ApplicationX] [] [Error] Provider Error 2147942756:
[‎2‎/‎11‎/‎2021‎ ‎4‎:‎05‎:‎50‎ ‎PM] PId:[00016148] TId:[00016336] [ApplicationX] [] [Error] Provider Error 2147942756:

And diagnosis tool shows:
Internet Access - Result: Available
Client Credentials - Result: AAD Endpoint Reachable
Server Resolvable - Result: DNS Name Resolved as **********
Server Reachable - Result: Socket Connected

I can literally have my wife's home laptop right beside this one on the same wireless network, and login to Azure VPN with the imported profile flawlessly. But this laptop, once I click any of the login option, I don't even get a login prompt, or MFA'd, just immediately get the failure in acquiring AAD token.

Troubleshooting so far:

  • I've uninstalled and reinstalled the Azure VPN client several times
  • I've uninstalled and reinstalled the profile several times
  • I've cleared saved accounts several times
  • I've rebooted
  • I've checked updates, applied everything, and ensured no updates are pending
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,389 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,376 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 47,686 Reputation points Microsoft Employee
    2021-02-12T10:31:03.35+00:00

    Hello @Brandon Melton ,

    I did an internal research on the error message you provided and below is the RCA which I found:

    Issue:

    Issue connecting through Azure VPN Client on some machines but works for others.
    Error code: Failure in acquiring AAD Token: Provider Error 2147942756

    Cause:

    The issue occurs when deployment is completed with Intune and the error in Azure VPN log (Error 2147942756) comes back as Windows Information Protection Policy.

    Resolution:

    Confirm that you are using the recommended configuration for the VPN policy following the article below and if everything is correctly configured please try to set a new policy for test users to discard any problem with the policy. This worked in several previous cases related to WIP:
    https://learn.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.