Always On VPN Connection Issues After Sleep or Hibernate

Always On VPN Connection Issues After Sleep or HibernateLikely the single most common complaint about Windows 10 Always On VPN is that device tunnel or user tunnel VPN connections fail to reconnect automatically after a laptop computer wakes from sleep or hibernate. You will find many complaining about this issue and discussing various attempts at resolution on the Microsoft forums. And while Microsoft has released many fixes the last few years to improve connection reliability for Always On VPN, this one seems to continue to plague them. This issue is also prevalent with DirectAccess deployments.

Fix or Workaround?

Unfortunately, I do not have a specific fix or workaround to share that will magically resolve this ongoing issue. However, there are a few group policy settings that may prove effective in some cases.

Connected Standby Settings

To help address issues with Always On VPN connections failing after sleep or hibernate, open the group policy management console and navigate to Computer Configuration > Administrative Templates > System > Power Management > Sleep Settings and enable the following settings.

  • Allow network connectivity during connected-standby (plugged in)
  • Allow network connectivity during connected-standby (on battery)

Always On VPN Connection Issues After Sleep or Hibernate

Always On VPN Connection Issues After Sleep or Hibernate

Additional Information

Are you experiencing issues with Always On VPN reconnecting automatically after sleep or hibernate? Have you found an effective workaround? Share your experience in the comments below!

Leave a comment

9 Comments

  1. James Hawksworth

     /  August 17, 2020

    We’ve had reports of certificate errors when the user then tries to manually reconnect, only a reboot helping. Doesn’t happen all the time though.

    “A certificate could not be found that can be used with this Extensible Authentication Protocol.”

    The certificate associated with the connection has still been present on the system, so it’s a bit of a weird one.

    Reply
    • I’ve heard the same reports, and I have a customer who is experiencing this issue now. Terribly frustrating. VPN connection works for a while, then suddenly complains that a certificate can’t be found. No changes at all. Later the connection will work, sometimes re-enrolling for the certificate helps. Regardless, it sounds like a bug to me.

      Reply
    • victor bassey

       /  August 27, 2020

      I have seen this issue when you have enforced CRL check and the RRAS server cannot perform crl check.

      on the RRAS server run the below: Replace “mycertificatefile.cer” with a certificate issued by your CA and validate that the RRAS server can verify certificate revocation.

      certutil -f –urlfetch -verify mycertificatefile.cer

      Reply
  2. victor bassey

     /  August 27, 2020

    I use a scheduled task with a script to trigger VPN connection:
    On an Event
    Log – System
    Source – Power Troubleshooter
    Event – ID 1

    The script will initiate vpn connection when the device wakes from sleep/hibernation

    Reply
    • A number of folks have said they had to resort to using scripts and scheduled tasks to kick start things. I’m curious though…how do you handle trusted network detection? I’m assuming you don’t want this script running when the client is on-premises, right? Of course if your clients are never on-premises you don’t have to worry about it I guess. 🙂

      Reply
      • Erik

         /  September 1, 2020

        It can be solved in a PS-script by checking the status of Get-NetConnectionProfile and checking if .NetworkCategory is “DomainAuthenticated”. If not, you are not connected on-premise then go ahead and reconnect. 🙂

      • Thanks for the tip!

    • Shaun Danz

       /  September 15, 2020

      Does your script to reconnect require login credentials to be entered into the script?

      Reply
  1. Always On VPN Updates for Windows 10 2004 | Richard M. Hicks Consulting, Inc.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: