cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows 10 built in VPN Client will not hold settings

New here

Windows 10 built in VPN Client will not hold settings

Hello,

 

I have been having an issue with VPN connections on some windows 10 Machines, this does not happen on windows 7 and while not all Windows 10 Machines are affected it seems this is the only common factor.

 

The issue is as follows:

 

VPN is setup initially either from "Settings" or "Control Panel".

 

User credentials and VPN settings are entered in the Settings menu

 

After then going to control panel and changing the protocol to "PAP", the user authentication changes to "General Authentication" which would remove their credentials.

 

If you setup the PAP protocol first via. control panel, then enter the user credentials under the "Settings" menu, the PAP option (Use following Protocol) will be unselected. I have set up VPN connections multiple time within Windows 10, but have need seen anything like this. Any and all help would be appreciated.

15 REPLIES 15
Here to help

Re: Windows 10 built in VPN Client will not hold settings

Hi There,

 

We've also experienced this and its starting to get a bit of a pain. What we have done as a workaround is extract the PBK file from the APPData folder and stick this on the desktop. It seems to be something to do with the Windows 10 Metro.

 

The location is:

 

%userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk

 

This works a charm

Head in the Cloud

Re: Windows 10 built in VPN Client will not hold settings

I picked this up on this forum somewhere. Best thing I've found is to create the saved VPN entry using Powershell:

 

Add-VpnConnection -Name $ConnectionName -ServerAddress $ServerAddress -AllUserConnection -TunnelType L2tp -L2tpPsk $PresharedKey -AuthenticationMethod Pap -EncryptionLevel Optional -Force

 

Run this in powershell as administrator and it will add the entry to all users on that device. Replace the $variables as appropriate. Windows 10 doesn't support required encryption for PAP - you can see for yourself if you change this to "-EncryptionLevel Required'.

 

Tell your users to enter the user name and password each time. Do not set it to remember.

 

We prefer to setup clients with RADIUS authentication with NPS, so having them manually enter the password saves my help desk grief. If the credential is saved, we get a ton of "my VPN doesn't work" tickets because the end user's changed their Windows password.

Highlighted
EP1
Conversationalist

Re: Windows 10 built in VPN Client will not hold settings

We've had a similar experience with the settings changing.

For more than 3 months, we've been using a pair of Meraki MX65's integrated with Active Directory for VPN access.
During this time many users have experienced an odd behavior.
The VPN stops connecting, with the connection dialog hung.
On another machine I'll verify that VPN is working.
When we review the Windows VPN client settings we find that the security setting on the VPN network adapter have changed back to the default settings.
Numerous users have had this experience (including myself) and they all say they've not been in the adapter settings, or changed the settings.

Sometimes we can get it working by setting the VPN network adapter security settings back to Meraki recommended.
Often it works better to delete and recreate the whole VPN client connection, both the VPN settings and the network adapter.

I'll give these work arounds a try.

New here

Re: Windows 10 built in VPN Client will not hold settings

I went live today and i had little success on my windows 10. I was informed it is pretty painless in reality, it was most painful. Anyone has a permanet solution to this Windows 10 issue?
Here to help

Re: Windows 10 built in VPN Client will not hold settings

Hi,

 

I’ve heard from suppliers that there soon might be support for the Cisco AnyConnect VPN client with Meraki. 

 

However, due to this issue we’ve been forced to use the Draytek client. Which has been working without fail for lots of our users.

New here

Re: Windows 10 built in VPN Client will not hold settings

Could you send me the profile settings you use with the Draytek client. I am having the same issue with Windows 10 and, for the first time, Meraki support is absolutely NO help.

Here to help

Re: Windows 10 built in VPN Client will not hold settings

Pasted_Image_21_03_2019__15_18.png

 

The above is all we configure on the Draytek.

New here

Re: Windows 10 built in VPN Client will not hold settings

I have those same settings and when I try to connect, it tries for about 60 seconds and then displays "Unknown Error".

Here to help

Re: Windows 10 built in VPN Client will not hold settings

@MerakiCrazy31 
Thank you.  This solved the issue I have with the user PCs.

 

Great to have members like you.

Here to help

Re: Windows 10 built in VPN Client will not hold settings

No problem - Happy to help!

Here to help

Re: Windows 10 built in VPN Client will not hold settings

@MerakiCrazy31 

 

However; the customer has two Microsoft Surface Pro devices and the RAS Phone Book,
"%userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk" workaround does work on it.

 

Even the Powershell script command, complains about a [-SplitTunneling] value.

 

Any ideas to resolve this, to get Windows 10 to hold the settings.

 

When configuring the VPN account and adapter I noticed that the “User name & Password” option changes to “General authentication method”.  Where the adapter “Security” drops “Allow these protocols” then account is changed to “User name & Password”.  Please see below. 

 

VPN1.jpgVPN2.jpgVPN3.jpgVPN4.jpg

Here to help

Re: Windows 10 built in VPN Client will not hold settings

RAS Phone Book, the workaround does not work on it.
Head in the Cloud

Re: Windows 10 built in VPN Client will not hold settings

Okay, so you're having the authentication method change? Or is something else changing too?

 

Regarding changing authentication methods, tell your users to never save their user name/password. That will muck up the settings.

 

If Win10, create them a rasphone shortcut and have them use that to log in. That can also help. Win10 appears to have an overlay between its Win10-pretty VPN interface and rasphone, and sometimes that overlay will mess up.

 

If you want a better script, try this thing I wrote. Read the comments first and modify to suit your needs. Default version installs an AllUserConnection with a split tunnel. You have to populate variables for the split tunnel if you're using AddMerakiVPN.ps1

 

Here to help

Re: Windows 10 built in VPN Client will not hold settings

Thanks @Nash, I shall follow your instructions and let you know once I have results. I need to arrange an appointment with the customer to try it out.
Conversationalist

Re: Windows 10 built in VPN Client will not hold settings

This also happened to me, I would setup the VPN and it would work one time but once you disconnect it would not connect again. If I went back into the Windows settings it changed "Username and Password" to "Generic Authentication Method" which is incorrect and turned PAP off. The solution that worked for me is:

Wipe out the VPN and re-create it from scratch configured correctly but don't actually connect when done.

In Windows there is a tool called rasphone which is an older way to do VPN connections (can be found by searching in the start menu, or going to C:\Windows\system32)

When you start the app it pulls any existing VPN connections and after typing in my username and password after clicking connect it not only worked but will not change settings. I created a shortcut to rasphone on the users desktop and just named it VPN, hope this can help someone.  

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.