This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 10%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Hello,
I have a few Windows 10 devices that are unable to connect to the AlwaysOn VPN User tunnel.
The User VPN tunnel uses a User certificate and PEAP and works for the majority of Windows machines.
The always on VPN infrastructure uses Windows RAS for VPN termination, Windows NPS for RADIUS User VPN authentication. The VPN URL that the clients connect to goes through an Azure Load balancer, Fortigate firewall before hitting the RAS machine.
The client gets the following error
As a test, by editing the the clients host file so that it uses the Always on VPN device tunnel to bypass the load balancer and firewall, the user tunnel connects happily - so I'm assuming that the error is somewhere on either the load balancer or firewall, but I just can't figure it out.
The error on the NPS box at failed connection time is
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello there,
Can you share any error message or event ID that you have noticed?
If your Always On VPN setup is failing to connect clients to your internal network, the cause is likely an invalid VPN certificate, incorrect NPS policies, or issues with the client deployment scripts or in Routing and Remote Access.
The listed resources in this article can help you resolve issues that you experience when you use Remote Access.
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer--
Hello there,
After machine reboots, before NIC adapter initializes, NLASVC would attempt detection of domain, if the detection was failed, then this information will be cached and even though NIC gets initialized, the machine still apply the cached information and hence machine detects unidentified network.
Please try to modify the following registry keys to see if the issue can be resolved:
First, disable Domain Discovery negative cache by adding the NegativeCachePeriod registry key to following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
Name: NegativeCachePeriod
Type: REG_DWORD
Value Data: 0 (default value: 45 seconds; set to 0 to disable caching)
Similar discussion here https://video2.skills-academy.com/en-us/answers/questions/400385/network-location-awareness-not-detecting-domain-ne
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer--