New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configure the template VPN profile on a domain-joined client computer - Manually create a single test VPN connection #1438

Open
kmorley opened this Issue Sep 2, 2018 — with docs.microsoft.com · 6 comments

Comments

Projects
None yet
4 participants
Copy link

kmorley commented Sep 2, 2018 — with docs.microsoft.com

Step 16 Instructs to test the VPN connection and I am assuming that the test should succeed. In my case, it fails with "Invalid Certificate Type". When I then check the properties of the VPN Connection -> Security that page looks normal and is configured just like your instructions. But if I click the Properties button under "Microsoft Protected EAP (PEAP) (encryption enabled)", "Connect to these servers" and "Trusted Root Certification Authorities" are both empty and "Select Authentication Method" has changed to "Secured password (EAP-MSCHAP v2). I can make the changes again and save, but when I recheck, they are reset. I've tried this several times and it does not appear that Windows 10 can save the configuration specified in the instructions. What am I doing wrong?


Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

This comment has been minimized.

Copy link
Author

kmorley commented Sep 3, 2018 — with docs.microsoft.com

I verified the above with a system freshly-loaded with Windows 10 1607: It does not appear to be possible to "Manually create a single test VPN connection" as stated in the instructions. Although Windows doesn't provide any errors, it won't save the configuration as documented. Each time you go back into the VPN connection properties, "Connect to these servers" and "Trusted Root Certification Authorities" are both empty and "Select Authentication Method" is changed to "Secured password (EAP-MSCHAP v2). That means you cannot connect successfully once, extract the XML from the VPN manual connection and use that XML to create the final VPN connection.

This comment has been minimized.

Copy link
Author

kmorley commented Sep 3, 2018 — with docs.microsoft.com

After quite a few hours spent on this, I was able to manually create the XML using the example in the documentation. Then I was able to run VPN_Profile.ps1 and successfully create a VPN connection object. The resulting object won't successfully connect because it will have "Connect to these servers" and "Trusted Root Certification Authorities" both empty and "Select Authentication Method" changed to "Secured password (EAP-MSCHAP v2), regardless of the settings in the XML. The difference is that after running VPN_Profile.ps1 and creating the VPN connection, that object can be changed as per the instructions and Windows will retain those settings. VPN_Profile.ps1 changes Windows schema or something so the settings defined in the instructions become valid. After running VPN_Profile.ps1, I manually edited the VPN Connection properties again, Windows saved and retained the changes and then I connected without any further problem. I am pretty sure if I extracted the XML now, it would work as documented. It's my guess that when writing these instructions, the author(s) did so from a computer that already had VPN_Profile.ps1 executed once. I think that if you can successfully get the "Get-WmiObject -Namespace root\cimv2\mdm\dmmap -Class MDM_VPNv2_01" step to work, Windows is changed to allow the VPN object configuration needed.

This comment has been minimized.

Copy link

juljanicki commented Sep 26, 2018 — with docs.microsoft.com

Hi @kmorley,
In your last post you wrote that you where able to manually create the XML. I take it you're talking about the MakeProfile.ps1 script?
I ran into exactly the same issues with the VPN profile remembering settings according to this tutorial.
I tried going through the ps1 script to figure out what XML tags I should manually change to add my parameters. I was wondering if you would share your MakeProfile.ps1 script (of course replacing your data with some dummy info) so that it would be easier for me to create my own.
Thanks for any help.

@kmorley

This comment has been minimized.

Copy link
Author

kmorley commented Sep 26, 2018

@juljanicki

This comment has been minimized.

Copy link

juljanicki commented Sep 26, 2018

Ken,
Thanks for the quick reply.
Don't see the attachment though. Writing to you by #1438.
Any chance you can send it to me? jacek.uljanicki@alligo.pl

BR,
Jacek

@coreyp-at-msft coreyp-at-msft self-assigned this Oct 20, 2018

@shortpatti

This comment has been minimized.

Copy link
Contributor

shortpatti commented Oct 22, 2018

@MihaiSP, can you take a look at this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment