Windows 11 and Always On VPN problems soon to be solved!
Since Windows 11 was released in October, there has been constant issues with getting a correct and stable Always On VPN deployed. It often gets deployed correctly, but the suddenly disappear again. Can be stable for a while and the suddenly missing. This is so annoying when we supposed to have an evergreen built-in supported VPN.
Something has been changed in the MDM_VPNv2_01 WMI class that interfere with the deployment. When Windows 11 tries to enumerate if the connection exists, it fails and instead the connection is removed completely.
If deployed with intune you can see an error in the eventlog at the same time this occur. Eventid 404 “The specified quota list is internally inconsistent with its descriptor”
And even if the deployment is sometimes is successful, Intune report a failed deployment.
If deployed by PowerShell script it fails when trying to enumerate existing instances:
Many report that it is more stable to deploy the VPN as an XML in an intune custom configuration with the OMA-URI:
Another reported solution is to remove all custom routes, but that isn´t an option for many of my customers.
The third option could be by using proactive remediation like in this example:
Deploy your Always On VPN Profile for Windows 11 using Proactive Remediations in Microsoft Intune – imab.dk
Now we soon have a solution for the problem! In KB5008353 Microsoft claims they have solved it:
“Addresses an issue that might cause VPN profiles to disappear. This issue occurs when you use Microsoft Intune or a third-party mobile device management (MDM) tool to deploy VPN profiles on Windows 11 (original release).”
I really hope this is the case!