aovpn
aovpn copied to clipboard
richardhicks
Remove-AlwaysOnVpn doesn’t work in windows 11
Looks like Build B21H1 or 10.0.22000
Also can't run "Get-WmiObject -Namespace root\cimv2\mdm\dmmap -Class MDM_VPNv2_01"
On Tue, Oct 26, 2021 at 2:52 PM Richard M. Hicks @.***> wrote:
What version of Windows are you using?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/richardhicks/aovpn/issues/12#issuecomment-952218585, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA5AKKVLTVRAW53BPXTEZ7DUI32HTANCNFSM5GYQIKCQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
Thanks. I'm able to reproduce. Something must have changed in Windows 11. I'll investigate and see what I can find. Stay tuned.
Quick update on this. It appears to be a bug in Windows 11. I'm still investigating, but for now, it doesn't look like an issue with my code. I'll post more information as I get it.
Thanks!
Have you heard anything new or have any workarounds? It is sort of holding up a Windows 11 deployment.
I have not. I have numerous customers that have open support cases with Microsoft. I know it is being looked at presently, but I don't know when a fix will be available, unfortunately. :/
Dear Richard, working together with Microsoft friends in Switzerland. I've got the same problem on Windows 10 machines. I queried by SCCM about 22000 of our Windows v19042 desktops. Just 9 of them have the VPN instances filled up! It's frustrating because we're looking for a profile replacement method and I like to remove by WMI followed by an WMI XML import. The PowerShell method seams not to clean up ideally - says the WMI XML import routine. And yes, I also cleaned up any artifacts ;-) We check via SYSTEM account and compared it by WMI Explorer 2 - no way to find something. What can we do? What fills the instances on our nine windows desktops? Do you have any news about this topic?
For now I use a very ugly hack to continue to manage the profiles. Basically, I added some logic to the code that if it’s windows 11 and it’s connected I change the DNS suffix for the active network adapter to the suffix I configured Always On to look for (so it’ll disconnect) then just use remove-connection, which still works (as long as always on is disconnected which is why I charge the suffix). Then I clear the suffix so it goes back to what it’s assigned via dhcp. Very messy but we needed something.
On Tue, May 17, 2022 at 6:46 AM MadHeimberg @.***> wrote:
Dear Richard, working together with Microsoft friends in Switzerland. I've got the same problem on Windows 10 machines. I queried by SCCM about 22000 of our Windows v19042 desktops. Just 9 of them have the VPN instances filled up! It's frustrating because we're looking for a profile replacement method and I like to remove by WMI followed by an WMI XML import. The PowerShell method seams not to clean up ideally - says the WMI XML import routine. And yes, I also cleaned up any artifacts ;-) We check via SYSTEM account and compared it by WMI Explorer 2 - no way to find something. What can we do? What fills the instances on our nine windows desktops? Do you have any news about this topic?
— Reply to this email directly, view it on GitHub https://github.com/richardhicks/aovpn/issues/12#issuecomment-1128715794, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA5AKKSON5LSN43G2W6CQMLVKN2IHANCNFSM5GYQIKCQ . You are receiving this because you authored the thread.Message ID: @.***>
@MadHeimberg I'm hearing reports that the issue affects some Windows 10 versions as well. Microsoft is aware of the issue and is addressing it as we speak. I'm hearing that an update will be available for this later this summer.
@stcbus Clever! If it works, great! :)
Dear Richard, do you have any news about this fix? In particular for Windows 10, we now have several scenarios where the profile reset fails. I always try to delete the profile first via WMI in the script (because of the disconnect). Only when this fails, I try with max. 5 attempts via PowerShell. Either way we come to the situation where then the profile with the same name can not be created again because "things" are already there (says WMI). So it appears that it doesn't matter which delete method is chosen. Likewise, I took your advice and added the artifacts/ERM/NetworkList cleanup into the script. It helps to some extent. The WMI create instance Error still appears when creating the previously deleted VPN profile with the same name again. I suspect it is due to "left behind" routes that are preventing the deletion. I had read a corresponding blog by Mr.T-bone (https://www.tbone.se/2022/01/28/windows-11-and-always-on-vpn-problems-soon-to-be-solved/). A fix for this would be really useful. Also that the AllUserConnections can be handled decently in PowerShell (disconnect etc.) The budget in Redmond always seems to be getting a bit smaller 😉
The latest information I received is that Microsoft has resolved this error but won't be releasing an update until September at the earliest. I'll be sure to update here when the fix is available.
Hi Richard, any news or update on if the update is still on for September?
The latest information I have is late September. The release date has slipped a few times, so it could still be delayed. Fingers crossed!
FYI, I just tested a preview release of the fix, and it seems to work. I'll post here again as soon as the release is made public.
Any idea if the fix has been made public yet? We seem to see a different error with Novembers updates in Windows 11, instead of 'unspecified error' we see ``` An error occurred while enumerating through a collection: A general error occurred that is not covered by a more specific error code..
Unfortunately, Microsoft has pushed this update back once again. The target release date is now February 2023. :/
@richardhicks Do you know if we're still on track for February Patch Tuesday?
The issue still exists after installing the February patches. Do you have a Microsoft reference for the case, or the private hotfix KB number? I've raised a support request and they don't appear able to find any information internally.
I was really hoping this would be fixed, as we fear it's going to cause us some issues if we need to redeploy the VPN profile for any reason, such as adding a new route.
I doubt there is a reference 😢, only thing you could do it log a ticket with Microsoft Support and see where it leads. @richardhicks is that what you did originally?
Man what a ridiculous amount of time for a stupid bug. MS really seems incompetent.
In any case, we worked around it for now by just using the rasdial disconnect command a few times, such as:
rasdial $AOVPNProfile.Name /DISCONNECT Start-Sleep -Seconds 2 rasdial $AOVPNProfile.Name /DISCONNECT Start-Sleep -Seconds 2 rasdial $AOVPNProfile.Name /DISCONNECT Start-Sleep -Seconds 2 rasdial $AOVPNProfile.Name /DISCONNECT Start-Sleep -Seconds 2
remove-VpnConnection -AllUserConnection $AOVPNProfile.Name -Force
On Tue, Feb 21, 2023 at 11:28 AM FingerlessGloves @.***> wrote:
I was really hoping this would be fixed, as we fear it's going to cause us some issues if we need to redeploy the VPN profile for any reason, such as adding a new route.
I doubt there is a reference 😢, only thing you could do it log a ticket with Microsoft Support and see where it leads. @richardhicks https://github.com/richardhicks is that what you did originally?
— Reply to this email directly, view it on GitHub https://github.com/richardhicks/aovpn/issues/12#issuecomment-1438769905, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA5AKKUPUFWTJJJLSDICQSTWYTUL3ANCNFSM5GYQIKCQ . You are receiving this because you were mentioned.Message ID: @.***>
We're deploying the user VPN, which isn't a device wide VPN, so the -AllUserConnection sadly won't work for me 😢.
You should be able to run it under the user context, then and remove the -alluserconnection flag, right?
On Tue, Feb 21, 2023 at 11:34 AM FingerlessGloves @.***> wrote:
We're deploying the user VPN, which isn't a device wide VPN, so the -AllUserConnection sadly won't work for me 😢.
— Reply to this email directly, view it on GitHub https://github.com/richardhicks/aovpn/issues/12#issuecomment-1438777895, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA5AKKUZZGD5DPWO2CURLILWYTVBTANCNFSM5GYQIKCQ . You are receiving this because you were mentioned.Message ID: @.***>
You should be able to run it under the user context, then and remove the -alluserconnection flag, right?
Our install requires SYSTEM context to install the VPN profile in to the logged in users WMI, for one offs we can do that command without the argument but for mass deployment, it's not really do-able.
I was really hoping this would be fixed, as we fear it's going to cause us some issues if we need to redeploy the VPN profile for any reason, such as adding a new route.
I doubt there is a reference 😢, only thing you could do it log a ticket with Microsoft Support and see where it leads. @richardhicks is that what you did originally?
One of my software partners has an open support case. I'm checking now on the status. I'll post something here as soon as I know more.
FYI, you can always update routes using Add-VpnConnectionRoute without having to redeploy the entire profile. :)
Man what a ridiculous amount of time for a stupid bug. MS really seems incompetent. In any case, we worked around it for now by just using the rasdial disconnect command a few times, such as: rasdial $AOVPNProfile.Name /DISCONNECT Start-Sleep -Seconds 2 rasdial $AOVPNProfile.Name /DISCONNECT Start-Sleep -Seconds 2 rasdial $AOVPNProfile.Name /DISCONNECT Start-Sleep -Seconds 2 rasdial $AOVPNProfile.Name /DISCONNECT Start-Sleep -Seconds 2 remove-VpnConnection -AllUserConnection $AOVPNProfile.Name -Force … On Tue, Feb 21, 2023 at 11:28 AM FingerlessGloves @.> wrote: I was really hoping this would be fixed, as we fear it's going to cause us some issues if we need to redeploy the VPN profile for any reason, such as adding a new route. I doubt there is a reference 😢, only thing you could do it log a ticket with Microsoft Support and see where it leads. @richardhicks https://github.com/richardhicks is that what you did originally? — Reply to this email directly, view it on GitHub <#12 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA5AKKUPUFWTJJJLSDICQSTWYTUL3ANCNFSM5GYQIKCQ . You are receiving this because you were mentioned.Message ID: @.>
Sadly, they actually fixed this last year. I've tested the private hotfix. I'm not sure what the hold-up is with the general release. Terribly frustrating, for sure.
Hey everyone. I spoke with Microsoft today, and they indicated this fix was released on February 21, but only for Windows 11 21H2. It was not made available for Windows 11 22H2, unfortunately. I'll do some testing ASAP and confirm operation before closing this issue.
Hey everyone. I spoke with Microsoft today, and they indicated this fix was released on February 21, but only for Windows 11 21H2. It was not made available for Windows 11 22H2, unfortunately. I'll do some testing ASAP and confirm operation before closing this issue.
Did they indicate if any fix is forthcoming for 22H2?