Always On VPN Unable to Create Profile General Error

Always On VPN Unable to Create Profile General ErrorWhen configuring a Windows 10 Always On VPN profile connection using the Microsoft-provided MakeProfile.ps1 PowerShell script or my PowerShell Always On VPN deployment script, the creation of a new connection may fail and the administrator may encounter the following error message.

Unable to create [connection name] profile: A general error occurred that is not covered by a more specific error code.

Always On VPN Unable to Create Profile General Error

This error message is, of course, terribly ambiguous and provides no real actionable information for the administrator to resolve the problem with. This makes troubleshooting this error somewhat challenging.

Probable Cause

In my experience, this error message is almost always related to a syntax error in ProfileXML. For example, to generate the error message above, my XML file included the following error.

Always On VPN Unable to Create Profile General Error

In this example, the setting should be True or False. The setting “foo” is unrecognized and causes the ambiguous error message. It can also happen if mutually exclusive configuration settings are defined. For example, it can occur if the DisableClassBasedDefaultRoutes element is set to true when the RoutingPolicyType element is set to ForceTunneling.

Error Resolution

The only way to resolve this error is to ensure there are no configuration errors for any defined elements in ProfileXML. Review the file carefully for errors such as typos or elements that are out of place. Refer to the VPNv2 Configuration Service Provider (CSP) ProfileXML XSD for detailed syntax examples. In addition, I have some sample ProfileXML configuration files that can be used for reference on my GitHub page.

XML Format Validation

To ensure ProfileXML is properly formatted, it is recommended that an XML editor be used when generating or editing the configuration file. This will ensure that all defined elements are well-formed, and that all tags are properly closed. Use caution though, because some XML editors (including some popular online formatting tools) will insert XML version and encoding information at the beginning of the file. This information must be removed from ProfileXML prior to deployment.

Additional Information

Windows 10 VPNv2 Configuration Service Provider (CSP) Reference

Windows 10 VPNv2 Configuration Service Provider (CSP) ProfileXML XSD Native Profile Examples

Windows 10 Always On VPN PowerShell Scripts and Sample ProfileXML Configuration Files on GitHub

Free Online XML Formatter

Windows 10 Always On VPN Hands-On Training Classes for 2019

Leave a comment

8 Comments

  1. Colin

     /  January 21, 2019

    When I make changes to the profile script I usually copy the entire xml section to a new file in VS Code and then right click and select format document or something like that. It formats all the XML nicely, then I select all, and paste it over the XML code in the pshell script. Keeps the XML clean.

    Reply
    • Fantastic tip! Thanks so much for sharing! I just recently started using Visual Studio Code for PowerShell myself. Didn’t realize it supported XML formatting like that! I’ve been using an online tool, but this is much better. Looks like it requires a plugin, but it’s free so that’s good. I’m definitely going to blog about this. I’m sure others could benefit from this too. 🙂

      Reply
    • FYI, I’ve actually modified the PowerShell script that Microsoft provides to accept an XML file as an input parameter. That allows me to keep the XML configuration separate from the PowerShell code. You can download my scripts and sample XML files on my GitHub, here: https://github.com/richardhicks/aovpn. Enjoy!

      Reply
      • Colin

         /  January 24, 2019

        I think I will do the same going forward.

        I modified the script to disconnect connected tunnels and remove existing profiles that have the same name prior to installing updated profiles. This is the only way I could find to deal with changes.

        We make changes to the profiles…X number of clients need to receive the changes. So the changes are saved and published via SCCM then the clients detect that their is an updated version of the profile via SCCM. The script then runs and disconnects, removes and replaces the profile but keeps the same name.

        I’ve also added an event log entry for when the profiles are installed so it can be searched/referenced with a version number of the profile. I added version numbers inside the profiles to track changes.

        Deploying with SCCM, the script gets cached on the client computer and can be executed/reinstalled offline by the user if something is wrong or they accidentally remove their user profile etc.

      • Sounds like you’ve got a good plan then! 🙂

  2. sebus

     /  March 4, 2019

    While the profile gets created, it takes absolutely NOTHING from specified .xml file, hence creating pretty blank VPN profile

    Reply
  1. Always On VPN ProfileXML Editing and Formatting with Visual Studio Code | Richard M. Hicks Consulting, Inc.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: