[Error] Dialing VPN connection , Status = Server did not respond properly to VPN Control Packets. Session State: Reset sent – Azure VPN

This common error in azure VPN when a miss configuration has been made in the process in the gateway settings . I will attach a list of possible solutions that you may find useful .Which also covers local machine time problems.

This guidance is meant for engineers that have implemented Azure VPN ( open vpn ) with azure AD authentication . It is expected you have some knowledge about an azure gateway and you are familiar with the process of this technology . In this guidance you will find the official Microsoft guide to support this post.

Description of the error :

List of possible solutions & recommendations

  • Check that your local time in the machine is correct
  • Ensure the VPN Config in the gateway is correct ( Check the 3 fields Tenant, Audience ,Issuer )
  • Review all your configs and follow the MS guidance :https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant
  • If any of the configs is found here incorrect, make sure you redeploy the config (XML) in your clients again .

Several people has reported leaving spaces , or missing characters – For this reason I will post a mini guidance how to get correctly this values

You will find this section on the point to site config in your azure gateway settings

Tenant

  • Tenant: TenantID for the Azure AD tenant https://login.microsoftonline.com/{AzureAD TenantID}/

Make sure you enter the format correctly. Do not leave the field without the “/” at the end .

Find tenant ID through the Azure portal

  1. Sign in to the Azure portal.
  2. Select Azure Active Directory.
  3. Select Properties.
  4. Then, scroll down to the Tenant ID field. Your tenant ID will be in the box.
Azure Active Directory - Properties - Tenant ID - Tenant ID field

Audience: Application ID of the “Azure VPN” Azure AD Enterprise App . Ensure it has the right format

You should be able to find here .

  • Enter 41b23e61-6c1e-4545-b367-cd054e0ed4b4 for Azure Public
  • Enter 51bb15d4-3a4f-4ebf-9dca-40096fe32426 for Azure Government
  • Enter 538ee9e6-310a-468d-afef-ea97365856a9 for Azure Germany
  • Enter 49f817b6-84ae-4cc0-928c-73f27289b3aa for Azure China 21Vianet

Make sure no spaces, no extra characters are added in this piece of the config

Issuer: URL of the Secure Token Service https://sts.windows.net/{AzureAD TenantID}/

Ensure you do not miss the correct format.

The format is expected a “/” at the end . I have seen in forums some people missing that character

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.