none
RRAS Clients continuously disconnecting

    Question

  • I have a problem that is beginning to drive me crazy, any help is much appreciated.

    We have a RRAS Windows 2016 Server running in our DMZ. All our laptops are Windows 10 1607 or 1703. We are using IKEv2 Protocol which uses a computer certificate for authentication. 

    A number of laptops repeatedly disconnect from Always on VPN but on the other hand some remain connected just fine. This morning for example myself and three other colleagues were connected to the same Wi-Fi Access Point, three of us were working fine and remained connected but my other colleague continuously kept getting disconnected. We are seeing this happen a lot and I really need to find the root cause of this problem. It's been tried and tested on numerous Wireless networks (In a few of our offices and many user's home networks and mobile hotspots).

    What I've tried and found so far;

    - Updated wireless drivers on laptops and updated BIOS

    - Installed latest Windows updates on laptops and RRAS Server

    - Re-install Always On VPN Profile

    - 'Forget' wireless networks on the laptops

    - Even though we use IKEv2 I found a few forums posts that mention issues when the VPN is behind a NAT, and so I modified the registry on a couple of affected laptops as follows; 

    • create a new DWORD value called "AssumeUDPEncapsulationContextOnSendRule" under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent" and set it to "2"

    What I have noticed is a reoccurring log in event viewer both on the client and server.

    On the clients I see: The user dialed a connection named "" which has been terminated. The reason code return on termination is 829. A Google search of this returned that 829 is an (ERROR_LINK_FAILURE). I'm almost certain it's not the wireless connection as we have laptops connected to the same wireless network in the same small room, and some get the problem and some not. 

    On the server side I've found something that I think may be related but I don't understand the log well enough. If possible could someone shed some light on what the following means? It's in the RASTAPI.LOG which can be found in C:\Windows\Tracing.

    07-11 10:57:34:438: RasTapiCallback: lineDropped. port VPN2-449, id=0xffffffff
    [6368] 07-11 10:57:34:438: RasTapiCallback: Idle Received for port VPN2-449
    [6368] 07-11 10:57:34:438: RasTapiCallback: changing state of VPN2-449. 5 -> 1
    [6368] 07-11 10:57:34:438: RasTapiCallback: lineDeallocateCall for VPN2-449,hcall = 0x8da00a0
    [6368] 10:57:34: SyncDriverRequest: Oid(CloseCall), devID(1), reqID(2bb2), hCall(000000000000007B)
    [5840] 07-11 10:57:34:438: PortTestSignalState: DisconnectReason = 2
    [7876] 07-11 10:57:34:453: DeviceListen: Changing State for VPN2-449 from 1 -> 2
    [7876] 07-11 10:57:34:453: DeviceListen: Changing Listen State for VPN2-449 from 4 -> 2

    In particular why is it changing state? What do the state numbers 1,2,4 & 5 mean? What does DisconnectReason=2 mean?

    I will be grateful of any help please.

    Wednesday, July 11, 2018 12:02 PM

All replies

  • Hi,

    Thanks for your question.

    The error 829 appears when the modem (in the case of dial-up or broadband connections) or tunnel (in the case of VPN connections) is disconnected due to a network failure or a failure in the physical link to the modem.

    The following are possible reasons for the failure.

    1)A problem in the network between the modem and the RAS server might have caused the basic dial-up or, in the case of a broadband connection, PPPoE connection, or VPN tunnel to fail.

    2)Please check connectivity between the modem and the telephone/cable connection jack. If an external modem is being used, check the physical connectivity between the modem and the computer.

    3)In the case of VPN connections set up over a wireless network, problems in the wireless network might have caused the connection to fail. Check the status of the wireless connection in Network Connections folder.

    Some of the causes of problems in the wireless network are:

    • The wireless access point might have gone down due to loss of power or for other reasons.
    • The user's computer might be out of the operating range of the wireless network or the RF signal strength might be weak.

    4)The RAS server might have failed or restarted and closed the connection. Check the event logs on the RAS server.

    5) Please also check the event viewer both on the VPN server and the problematic client if there’s any error event so that we can find more clue about this issue.

    Hope above information can help you.  

    Highly appreciate your effort and time. If you have any question and concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, July 12, 2018 4:52 AM
  • When connection to RAS disconnects, there should be Event ID X in eventviewer. Also, there might be similar event at RAS server side as well. Try to identify those events.

    MCSE Mobility 2018. Expert on SCCM, Windows 10 and MBAM.

    Friday, July 13, 2018 7:00 AM
  • Thanks for your response. 

    1)A problem in the network between the modem and the RAS server might have caused the basic dial-up or, in the case of a broadband connection, PPPoE connection, or VPN tunnel to fail. 

    We have users using the same router in the office. Some users have the issue and other don't, so that rules out 1.

    2)Please check connectivity between the modem and the telephone/cable connection jack. If an external modem is being used, check the physical connectivity between the modem and the computer.

    Again same as number 1.

    3)In the case of VPN connections set up over a wireless network, problems in the wireless network might have caused the connection to fail. Check the status of the wireless connection in Network Connections folder.

    Some of the causes of problems in the wireless network are:

    • The wireless access point might have gone down due to loss of power or for other reasons.
    • The user's computer might be out of the operating range of the wireless network or the RF signal strength might be weak.

    Users in the office are using the same access point, some users that are having the issue are sat literally 2 metres away from the access point. The access point has no errors and is up to date. Other users are sat on the other side of the room and do not experience the frequent VPN disconnects.

    4)The RAS server might have failed or restarted and closed the connection. Check the event logs on the RAS server.

    I can see event logs relating to disconnect but these are just information logs and not errors/warnings. Please could you tell me some of the potential event ID's I should be looking for?

    5) Please also check the event viewer both on the VPN server and the problematic client if there’s any error event so that we can find more clue about this issue.

    Same as above, I can see RAS logs in the event viewer but they are just informational logs.

    Friday, July 13, 2018 7:32 AM
  • On the clients I see: The user dialed a connection named "" which has been terminated. The reason code return on termination is 829. A Google search of this returned that 829 is an (ERROR_LINK_FAILURE). I'm almost certain it's not the wireless connection as we have laptops connected to the same wireless network in the same small room, and some get the problem and some not. 

    On the server side I've found something that I think may be related but I don't understand the log well enough. If possible could someone shed some light on what the following means? It's in the RASTAPI.LOG which can be found in C:\Windows\Tracing.

    07-11 10:57:34:438: RasTapiCallback: lineDropped. port VPN2-449, id=0xffffffff
    [6368] 07-11 10:57:34:438: RasTapiCallback: Idle Received for port VPN2-449
    [6368] 07-11 10:57:34:438: RasTapiCallback: changing state of VPN2-449. 5 -> 1
    [6368] 07-11 10:57:34:438: RasTapiCallback: lineDeallocateCall for VPN2-449,hcall = 0x8da00a0
    [6368] 10:57:34: SyncDriverRequest: Oid(CloseCall), devID(1), reqID(2bb2), hCall(000000000000007B)
    [5840] 07-11 10:57:34:438: PortTestSignalState: DisconnectReason = 2
    [7876] 07-11 10:57:34:453: DeviceListen: Changing State for VPN2-449 from 1 -> 2
    [7876] 07-11 10:57:34:453: DeviceListen: Changing Listen State for VPN2-449 from 4 -> 2

    In particular why is it changing state? What do the state numbers 1,2,4 & 5 mean? What does DisconnectReason=2 mean?

    Are there any other events I should be looking for? I'm really struggling to find error logs that relate specifically to these frequent disconnects.

    Friday, July 13, 2018 7:33 AM
  • It seems like Windows can't retrieve and send stored password for connection. In my case, clearing authentication info in VPN profile and providing it at connect time is enough (checked many times) to establish a VPN connection properly.

    And also trying to connect from full connection list widget is preferable than from tray network icon menu. It strange, but there is difference.

    • Edited by kd77 Thursday, September 27, 2018 10:40 AM
    Thursday, September 27, 2018 8:25 AM
  • I have a problem that is beginning to drive me crazy, any help is much appreciated.

    We have a RRAS Windows 2016 Server running in our DMZ. All our laptops are Windows 10 1607 or 1703. We are using IKEv2 Protocol which uses a computer certificate for authentication. 

    A number of laptops repeatedly disconnect from Always on VPN but on the other hand some remain connected just fine. This morning for example myself and three other colleagues were connected to the same Wi-Fi Access Point, three of us were working fine and remained connected but my other colleague continuously kept getting disconnected. We are seeing this happen a lot and I really need to find the root cause of this problem. It's been tried and tested on numerous Wireless networks (In a few of our offices and many user's home networks and mobile hotspots).

    What I've tried and found so far;

    - Updated wireless drivers on laptops and updated BIOS

    - Installed latest Windows updates on laptops and RRAS Server

    - Re-install Always On VPN Profile

    - 'Forget' wireless networks on the laptops

    - Even though we use IKEv2 I found a few forums posts that mention issues when the VPN is behind a NAT, and so I modified the registry on a couple of affected laptops as follows; 

    • create a new DWORD value called "AssumeUDPEncapsulationContextOnSendRule" under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent" and set it to "2"

    What I have noticed is a reoccurring log in event viewer both on the client and server.

    On the clients I see: The user dialed a connection named "" which has been terminated. The reason code return on termination is 829. A Google search of this returned that 829 is an (ERROR_LINK_FAILURE). I'm almost certain it's not the wireless connection as we have laptops connected to the same wireless network in the same small room, and some get the problem and some not. 

    On the server side I've found something that I think may be related but I don't understand the log well enough. If possible could someone shed some light on what the following means? It's in the RASTAPI.LOG which can be found in C:\Windows\Tracing.

    07-11 10:57:34:438: RasTapiCallback: lineDropped. port VPN2-449, id=0xffffffff
    [6368] 07-11 10:57:34:438: RasTapiCallback: Idle Received for port VPN2-449
    [6368] 07-11 10:57:34:438: RasTapiCallback: changing state of VPN2-449. 5 -> 1
    [6368] 07-11 10:57:34:438: RasTapiCallback: lineDeallocateCall for VPN2-449,hcall = 0x8da00a0
    [6368] 10:57:34: SyncDriverRequest: Oid(CloseCall), devID(1), reqID(2bb2), hCall(000000000000007B)
    [5840] 07-11 10:57:34:438: PortTestSignalState: DisconnectReason = 2
    [7876] 07-11 10:57:34:453: DeviceListen: Changing State for VPN2-449 from 1 -> 2
    [7876] 07-11 10:57:34:453: DeviceListen: Changing Listen State for VPN2-449 from 4 -> 2

    In particular why is it changing state? What do the state numbers 1,2,4 & 5 mean? What does DisconnectReason=2 mean?

    I will be grateful of any help please.

    Hi, 

    Have you find a solution for this problem? We have the exact same issue as you described. We are also using a Always On VPN (IKEv2) with Windows 2016 RRAS server in DMZ. 

    Friday, October 26, 2018 8:08 AM
  • Will SSTP work?

    MCSE Mobility 2018. Expert on SCCM, Windows 10 and MBAM.

    Friday, October 26, 2018 10:20 AM