I installed this server completely new and made it a domain member and now it works as MP and DP. Thanks for your help.
one more questions, may you can help, may not :)
i created two boundaries for vpn tunnels, one for device and one for user and that they should use the server in VPN network.
but is this setting checking only for existing VPN connection name or is is really checking if the connection is also active?
If any of the VPN devices is coming back to on-prem then the vpn connection is still present (but not active) and then it should not use
the MP/DP in VPN network but MP/DP in domain network.