Problem:
While testing the Meraki Client VPN feature I noticed what I can only assume is a bug in Windows 10 (I am on 1803).
When selecting the Connect option from the WIFI/Network icon in the system tray, the connection would often hang in a “Connecting” state.
Looking in the Meraki event log I would get the below;
|
1 2 3 4 5 6 7 |
Oct 22 10:31:48 Non-Meraki / Client VPN negotiation msg: failed to begin ipsec sa negotiation. Oct 22 10:31:48 Non-Meraki / Client VPN negotiation msg: no configuration found for x.x.x.x. Oct 22 10:31:24 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport x.x.x.x[4500]->82.7.39.246[4500] spi=2174933844(0x81a2db54) Oct 22 10:31:24 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport x.x.x.x[4500]->82.7.39.246[4500] spi=190939951(0xb61832f) Oct 22 10:31:24 Non-Meraki / Client VPN negotiation msg: ISAKMP-SA established x.x.x.x[4500]-x.x.x.x[4500] spi:2fcc04ff9ff90469:779439138b14820c Oct 22 10:31:24 Non-Meraki / Client VPN negotiation msg: invalid DH group 19. Oct 22 10:31:24 Non-Meraki / Client VPN negotiation msg: invalid DH group 20. |
Rebooting the client seemed to be a temporary workaround. But after a couple connections or the laptop going to sleep the issue would come back.
Workaround
The reason I say I assume it is a Windows 10 bug is because if I connect via Windows Settings > Network & Internet > VPN it works every time.
I think what I will do if I can’t find a permanent fix is I will create some sort of wrapper application that just triggers “Windows Settings” functionality from a shortcut or system tray icon.
I will update this post as and when I find a permanent fix or a better workaround.
Author: Phil Eddies
I am an IT Operations Manager, managing all aspects of the IT infrastructure and service for a mid sized UK based company. I have been working full time in IT since 2001 in 1st to 3rd line and System Administration roles. MCSA, MCSE, CCNA, Citrix CCA
I had the exact same issue on a newly built system running Win 10 Pro (10.0.17763 N/A Build 17763)
Thanks for your post Phil, this worked for me after hours of analyzing Meraki, Adapter Setting Changes, Miniport installations. Have you come up with a fix for this or root cause?
Not as yet but I am convinced it is a Microsoft bug.
One thing on my list to test is creating a desktop shortcut to the below. That connects but I am not sure if it will prove any more reliable. Certainly not a pretty interface 🙂
C:\Windows\System32\rasphone.exe -d “connection name”
Thanks
Phil
I was about to set my computer on fire until this showed up and it worked!
Glad it helped, I am still looking for a root cause and fix 🙂
having that issue too mo 4 different systems, all are Win 10 pro. and your workaround worked for me. thanks.
Please keep updating for the permanent fix.
You sir are a legend, I’ve spent 3.5 hours troubleshooting this……….
How ridiculous….