AOVPN Client disconnection issue

Mahesh Aralelemath 386 Reputation points
2020-08-26T13:24:52.417+00:00

Hi,

We have some clients which are getting disconnected from AOVPN Server.
During the issue reported there were other clients in connected state and working fine.
There is no issue observed from server performance, event log and NIC status.
While checking in client end, we could only able to find the below event. Just trying to understand what could be the issue to disconnect VPN tunnel. Pls note that during the issue internet was working fine in client machine. Its just a VPN tunnel got disconnected.

Event ID: 20227
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: XXXX
Description:
CoId={45C90BBA-545B-44FB-8DC0-9563301171DC}: The user SYSTEM dialed a connection named AOVPNTEST which has failed. The error code returned on failure is 868.

Kindly suggest if any findings.

Regards
Mahesh

Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,274 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
515 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Candy Luo 12,656 Reputation points Microsoft Vendor
    2020-08-27T02:51:43.207+00:00

    Hi ,

    >>We have some clients which are getting disconnected from AOVPN Server.
    >>The error code returned on failure is 868.

    Will those VPN clients reconnect after disconnecting? Will they keep disconnecting status?

    As far as I know, error code 868 always indicates a problem that the name of the remote access server did not resolve.

    Can you resolve the VPN server name to an IP address? In Control Panel > Network and Internet > Network Connections, open the properties for your VPN Profile. The value in the General tab should be publicly resolvable through DNS.

    Here is an article talking about how to troubleshooting VPN client connection issue, you might have a look:

    https://learn.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-troubleshooting#always-on-vpn-client-connection-issues

    Best Regards,

    Candy

  2. sysadminjames 126 Reputation points
    2020-09-04T10:08:35.07+00:00

    Do you see a security event log from the public IP of the users when they fail to connect?

  3. Nitin Kumar 1 Reputation point
    2021-01-21T05:31:24.757+00:00

    Hi @Mahesh Aralelemath ,

    Did you manage to find the root cause of the issue ?
    I have just implemented always on VPN in our environment and currently testing with pilot users.
    Experienced the same issue randomly with event logs on the server saying: " The reason for disconnecting was administrative settings or explicit request. The tunnel used was WAN Miniport (IKEv2). The quarantine state was. "

    Thanks,
    Nitin

    0 comments
  4. Mahesh Aralelemath 386 Reputation points
    2021-01-21T06:19:38.11+00:00

    Hi Nitin,

    Gradually this is under control now but there is no single solution as direct to this issue.
    In our case, below are some points followed to streamline.

    1. Observed some disconnection issue at firewall and fixed with the help of vendor/Firewall Team. This is more of holding the session in Firewall rather than force disconnection.
    2. Update the Windows with latest patches where Sleep issue was also addressed - KB4577062
    3. IKEv2 fragmentation
    4. AOVPN provides better experience on Windows 2019 specially for IKEv2.

    All these personal experience