VPN connection prompts for credentials even if [Automatically use my Windows logon user name and password] enabled on 2004 RRS feed

  • General discussion

  • Symptom:

    Customer has a VPN connection that uses Secured Password (EAP-MSCHAP v2) for authentication. The VPN has "Allow use my Windows logon user name and password" property enabled by either of below methods:  

    • VPN is deployed via VPN ProfileXML file, in the XML it contains below VPN property tag:
    • manually created VPN connection, and from VPN adapter property window [Security] tab check on [Allow use my Windows logon user name and password (and domain, if any)]

    Till Windows 10 v19H2, user is able to connect to the VPN without typing in user name password, but after upgrade to 20H1, once connect to VPN user immediately receives a credential dialog, like below:

    User types in random password can still connect to VPN (the actual credential passed on is the user actual logon user name and password, not the info user typed in). 

    Current situation:

    Microsoft has known about this issue but haven’t resolved it yet.

    It is being investigated by Microsoft currently.

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Friday, July 17, 2020 6:40 AM

All replies

  • I can confirm this bug, we are seeing it on all PC's upgraded to 2004 as well as all new installations.

    However, we see some differences. It does not always work with a random password.

    For example, one character is not enough, but three random characters works with our RRAS servers running Windows Server 2019. But a RRAS server running Windows Server 2012 R2 which is also a Direct Access server, only accepts the correct user password.

    Monday, August 3, 2020 8:11 AM
  • We found we could enter a single letter in each box but it then broke access to network shared drives as it was then trying to use these single digits to authenticate to those instead of the full username and password on a server 2016 file share
    Monday, August 3, 2020 3:01 PM
  • This error is happening even when the checkbox for "Allow use my Windows logon user name and password" is not checked.  We are not using that setting, users have to sign in manually.  Ever since feature update to 2004 it behaves as if it is trying to connect using stored credentials, even though none are stored, and then it fails.  The VPN server however is not logging a failed connection attempt so even though the appearance on the client side is that it is using invalid credentials and failing, it isn't actually trying to connect on the VPN server side.

    After the initial display of a "failed login attempt", if valid credentials are supplied it connects as normal.

    • Edited by MnM Show Monday, August 3, 2020 10:14 PM
    Monday, August 3, 2020 10:13 PM