I’m not as familiar with Watchguard products as I am with others, but we inherited a client using it. I found out yesterday that a user needs VPN for emergency travel, and they’re leaving Monday.
The people who ran this site before us were… not skilled. Looks like they just followed guides with no real clue what they were doing. Some stuff is configured like they were following a script in a Microsoft book from 2005. The VPN configuration never worked and was a complete shambles. They had two completely different services partially configured and fighting for ports. We got it up and running, and can connect from any system NOT joined to the domain.
However, I can’t get the laptop we are setting up would not connect.
Thinking it was a Windows issue (looked like a Windows 7 machine that was given an in-place upgrade to 1803) I reinstalled Windows from scratch, VPN worked perfectly. I was even able to domain join the machine over VPN with no problems using the local user account I created when installing windows. I logged in as the user (with VPN connected on the local profile) and started getting their profile configured. Rebooted the machine, logged in as the user, and now the VPN doesn’t connect anymore. I think it says “Failed to create exit event” but it flashes by so fast I can’t see it.
The log says for each failed attempt:
Requesting client configuration for <ip.address:port>
VERSION file is 5.32, client version is 5.32
Failed to launched OpenVPN. retCP=0
What I can find in Google searching relates to NOBODY being able to connect, but this only seems to affect machines after they’ve been domain-joined.
I checked gpresult, but there’s nothing there except folder redirection and network drive mapping. I also suspected something that is being synced to the AppData/Roaming directory (I know… I know), but there’s only Adobe and Microsoft folders there. I’m a little suspicious it’s something in the crypto or SystemCertificates folder, but I’m not sure if WatchGuard uses any of the keys in there.
*Edit*
It’s 1 AM, and I’m exhausted, so I’m sorry if anything doesn’t make sense.
Update:
I went in and removed the Appdata\Roaming folder redirection and now it is working like a charm. Without digging too deep, I’m guessing that the certificates being synchronized through that folder were causing authentication failures with Watchguard because they were for a different Windows system.
I also just realized that the AppData\Roaming\Watchguard folder was not being created before. Probably because the sync was making his office desktop the master and syncing the files down to the laptop, so when Watchguard created the files they were being purged.