Instability in the IKEv2 VPN and Windows 10 for Phones? RRS feed

  • Question

  • Our IT dept. has just acquired two brand-new Lumias: a 950 and 950XL. First up - caveat: we are contractually-bound to use on-prem or hired datacenter [infrastructure AAS] services, so we cannot use Intune and have been working up our own MDM package using Windows Server 2016, Powershell and Exchange. That has been slow, but steady and so far working very well.

    We have an existing infrastructure which uses two machines outside the custom Linux firewall - an Exchange Edge server and a Windows Server 2012R2 RRAS server. We have a system with two domains on a shared GigE backbone. This suits us just fine and meets our legal requirements for on-prem systems.

    Upon receiving the new Lumias (both of which are running the current patch-level of Windows 10 [14393.576]), we have been trying repeatedly to get our VPN to work on them so we can test them on the road using Continuum with our virtualized corpnet apps and machines, and with Office apps on our Windows Server 2016 app server. We also want to play around with containers.

    HOWEVER, I cannot for the life of me get a stable IKEv2 connection from either of the two Lumias. Keep in mind - this RRAS server HAS BEEN WORKING FOR THREE YEARS with all manner of Windows desktops (Win7 onward), Macs, and Linux machines (running StrongSwan). I can even get an  SSTP connection to Android phones (StrongSwan client, again).

    But no matter what I do, I cannot keep a connection. At first, I found that the properties (such as VPN Type and Type of Sign In Info) couldn't be changed unless a connection was made (which seems like a bug to me). I've worked around that by making the connection from inside the firewall, so at least I could store a profile properly.

    But once I've created the profile (and yes, I'm sure it works from inside the firewall), I can NEVER seem to get it to either connect or stay up longer than a few minutes from the outside (i.e., on either T-Mobile or AT&T LTE connections). This is the same on both phones, which have the same apps installed, the same 32GB microSD cards, etc.)

    Either a) I cannot connect at all - I get past the "Verifying your credentials" to the "Connecting to..." prompt, it spins for about 20 seconds and then I get "The VPN connection failed with error code..." and one of either 800 or 809), or b) I connect successfully, connect to the docking station, open Continuum, try go open RDP and BAM - down goes the VPN, whereupon I can never get it to connect again until rebooting the phone.

    On a desktop machine, this is an easy scenario to diagnose. On the phone, everything is so closed and locked-down that it is VERY hard to figure out what the heck is going on.

    Please, someone in the TN or MSFT community at-large - has anyone gotten IKEv2 or SSTP VPN working to RRAS from a Windows 10 phone? Anyone?

    Thanks in advance,

    ~Aliphatic (aka Sam)

    "I'm anispeptic, frasmotic, even compunctual to have caused you such pericombobulation."

    • Edited by Aliphatic Saturday, December 17, 2016 11:28 PM
    Saturday, December 17, 2016 11:25 PM