Windows VPN needs to be re-added every time

We have one client that uses the built in Windows VPN, and a single user out of hundreds is having an issue where every time they want to connect to the VPN, then VPN needs to be removed, and then added again before they can connect. Otherwise it gives an error stating that the remote computer refused the connection.

They stated that it started after they changed their password, and that it was something that always happened when they changed their password, and to fix it the tech has to “go deep into something” and change some settings, but I don’t see any notes or tickets that say anything about that.

A password change, clearing out the credential manager, clearing the credentials of the VPN, all did not work.

I’m tired of waking up at midnight just to re-add this VPN for this user, please someone tell me there’s a solution. (other than not using the shitty Microsoft VPN, that’s already in the works but a long ways out).

Is the auth linked to the user on the laptops creds? Set it to use “logged in user credentials” to just pass through. They aren’t using WHfB right (pin or biometric) right?

Otherwise don’t waste your time and blast the machine instead of diagnosing and rebuild. More sanity and less wasted time. It’s possible there is an app or registry or policy modifying the settings.

You could also use a script to recreate the VPN on each reboot or login if you really need.

I’ve seen issues in the past where a per-user VPN would have the issues you described, but if it was created as an all user connection it would work fine. Obviously ignore the below if this doesn’t apply to your situation.

Here’s a (modified) example of a Powershell script we run to create our Meraki corp VPN for all users on an endpoint. Just needs to be run as a user with admin permissions on the endpoint. Might be useful as a baseline which you can modify as appropriate for your VPN config.

-----

Add-VpnConnection -Name “VPNNAMEGOESHERE” -ServerAddress “SERVERADDRESSGOESHERE” -alluserconnection -dnssuffix “DNSSUFFIXGOESHERE” -TunnelType “L2tp” -L2tpPsk “PSKGOESHERE” -authenticationmethod CHAP,MSCHAPV2,PAP

Set-VPNconnection –ConnectionName “VPNNAMEGOESHERE” -alluserconnection -SplitTunneling $true

Set-VpnConnectionIPsecConfiguration -ConnectionName “VPNNAMEGOESHERE” -alluserconnection -AuthenticationTransformConstants SHA196 -CipherTransformConstants AES128 -EncryptionMethod AES128 -IntegrityCheckMethod SHA1 -DHGroup Group14 -PFSGroup None -PassThru -Force

Add-VpnConnectionRoute -ConnectionName “VPNNAMEGOESHERE” -alluserconnection -DestinationPrefix “192.168.1.0/24” -PassThru

Oh I see. I’ll give that a try the next time they call, thanks!