We have an AO VPN solution where some users are occasionally having problems establishing User Tunnel. It’s important to note that this only occurs occasionally and is not a permanent issue that occurs each time.
The protocol type in profile settings is Automatic, which means that VpnStrategy will be SSTP, IKEv2, PPTP then L2TP. The Device Tunnel will be established just fine on IKEv2, but User Tunnel will fail with error code 800 after trying all protocols. (On the VPN server, we are only permitting connections on SSTP and IKEv2).
With wireshark it’s possibly to view connection attempts on the VPN server. So network connectivity between client and server is definitely there.
Multiple tries will result in the same failure, all the while Device Tunnel for the same user will be connected just fine, and several other users will have active User Tunnels just fine. If the protocol type is changed to IKEv2 in profile settings, the error does not occur, but we need to use SSTP for User Tunnel, and for that we must set protocol type as Automatic in the profile settings.
In the Application log on the client, EventID 20227 is logged with “The user XYZ dialed a connection named ABC which has failed. The error code returned on failure is 800.”
No help from Microsoft Docs,
https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/troubleshoot-always-on-vpn#error-codes
Has anyone else experienced this issue?
Richard Hicks has written about a similar issue, but there IKEv2 is used, and not SSTP (as in our case),