Issue with Azure VPN device connecting to Azure VM (domain controller) RRS feed

  • Question

  • Hi ,

    I have a successfully connected a device (Windows 10 - 19042.1052) with an Azure VM (Domain controller - Windows Server 2019) located in VNet through VPN Point to site. The VPN authentication is certificate-based and protocols are IKEv2 + SSTP.

    The following tests were performed but some failed, then I need your help to solve them:

    Tests from device:

    • Ifconfig (i can see the VPN IP address assigned to my device and DNS) ... it works

    • Nslookup (i can query the domain controller in Azure) ... it works

    • Ping from device to Azure VM IP address located in VNet ... it works!


    1) Ping from device to Azure VM using FQDN ... it does not work
    The error is: Ping request could not find host "fqdn". Please check the name and try again.

    It happens in most client devices (4 of 5 devices tested).

    2) When VPN P2S is conected, all tested devices can see the shares (netlogon and sysvol) in the Azure VM Domain Controller but credentials are requested to access. them I type right credentials but it does not work, asking them again and again. Then I can not make group policy works because device can not query the sysvol folder.

    I checked the following link about VPN P2S issues and solutions but none of them solved my issue

    Wednesday, June 30, 2021 8:31 PM

All replies

  • I have the same problem, did you find the solution?
    Thursday, July 1, 2021 1:30 PM
  • Hi David,

    Unfortunately no yet

    Friday, July 2, 2021 2:46 PM
  • Probably due to firewall settings. Use the tracert command and check which router you are having trouble with.
    • Proposed as answer by Dripjamz Sunday, July 18, 2021 5:49 PM
    • Unproposed as answer by Dripjamz Sunday, July 18, 2021 5:49 PM
    Sunday, July 4, 2021 8:34 AM
  • Hello Gabriel

    How did you configure your DNS, are you using the Default Azure DNS ? 

    if the answer to the above question is yes, then you need to configure a custom DNS. First, Install the DNS role on your Domain controller if you haven't already and then use the IP of the DNS/Domain Controller as your custom DNS. 

    To configure a custom DNS via Azure portal. Navigate to your VNET, click on DNS servers select Custom and enter the DNS server IP. Then reboot your VM.  see if this fix your problem.

    if you are already using a custom DNS, then I will suggest that you change VPN authentication to Azure AD

    Please do not forget to "Accept the answer" and Upvote on the post that helped you, this can be beneficial to other community members.

    • Edited by Oogaga Wednesday, July 21, 2021 8:51 PM
    • Proposed as answer by Scuba_Duba Tuesday, March 29, 2022 6:03 AM
    • Unproposed as answer by Scuba_Duba Tuesday, March 29, 2022 6:04 AM
    Wednesday, July 21, 2021 8:48 PM
  • I can't find information on this online.
    Monday, March 21, 2022 4:27 AM
  • very nice and great post here. 
    Saturday, March 26, 2022 7:19 AM
  • There are two possible issues, based on your description of the first problem.

    1. Your local device is not using the DNS servers within your Azure vnet(either custom or default). This would most likely be caused if the priority metric of your local ethernet/wifi adapter is lower than that of the vpn adapter. You can list the interfaces, and their interface metrics, using the `Get-NetIPInterface` powershell command. You can confirm this is what is causing the problem by doing an `nslookup` command and specifying the correct DNS server. `nslookup server.domain.tld {ipaddress of CORRECT DNS server}`, if this resolves correctly, your issue is with the adapter. 
    2. You haven't setup your domain controller with the DNS service, you haven't setup the custom DNS server in the vnets configuration or something is blocking port 53 between your on-premises device and Azure. I'm assuming the first of those isn't the case, but double check, I've missed silly things like this while working quickly. Next, check that the vnet that holds your gateway(which may or may NOT be the same vnet that your VM is in, if you have peering) is setup with custom DNS servers pointing at the IP of your Azure VM domain controller running DNS service. Lastly, check if connectivity over port 53 is working, perhaps using the `Test-NetConnection` PowerShell commands and specifying port 53. `Test-NetConnection {dns server IP} -p 53`.

    As for your second problem, it seems likely that the on-premises devices aren't domain joined, or that domain authentication is broken, along with DNS. You may need to specify the NetBIOS domain name ahead of the username. `DOMAIN\USERNAME`

    Saturday, March 26, 2022 9:46 PM
  • this is a common problem with vpn, i guess

    Monday, March 28, 2022 8:57 AM
  • Check whether the on-premises VPN device is validated. 
    Verify the shared key.
    Verify the VPN peer IPs. 
    Check UDR and NSGs on the gateway subnet.
    Check the on-premises VPN device external interface address. 
    Verify that the subnets match exactly (Azure policy-based gateways)



    Wednesday, July 27, 2022 9:25 AM