Updated 11/10/2020: Microsoft update KB4586781 has resolved the connectivity issues described in this post. If you had previously installed update KB4580364, please update to KB4586781 immediately.
A recent preview update for Windows 10 2004 has broken Always On VPN. Specifically, after installing the latest Preview update for Windows 10 2004 (KB4580364), Always On VPN connections will fail to connect automatically. They can be established manually, however.
Affected Builds
This issue affects Windows 10 2004 with build 19041.610 and 19042.610.
Workaround
The only workaround currently is to remove this update.
Caveat
Although this is a “preview” update and an optional installation, it is important to know that preview updates are released in the next “patch Tuesday” release. Administrators are advised to carefully consider delaying the implementation until additional testing has been completed.
Additional Information
October 29, 2020 – KB4580364 (OS Builds 19041.610 and 19042.610) Preview Update
Colin
/ November 9, 2020I can confirm this also. I experienced it and removed the preview update to get things back to normal. I hope Microsoft is aware of this before they ship the update GA on patch Tuesday. That would not be good…
Richard M. Hicks
/ November 9, 2020We’ll find out… 😉
Barry Weiss
/ November 9, 2020Hello, do you know if 2009 (20H2) 19042.610 is affected? Do you consider AOVPN ready for prime time?
Richard M. Hicks
/ November 9, 2020I haven’t tested it myself, but I believe this also applies to 19042.610 as well. As for Always On VPN being ready for prime time, I would say “mostly”. 🙂 It’s not without its limitations, and Microsoft doesn’t help themselves when they break things with updates, but it works well enough in most cases. If you’re looking for better stability/reliability and an advanced feature set, there are some excellent alternatives. Of course they aren’t inexpensive either. 😉
timbo01
/ November 9, 2020We also found this on our 1909 builds on Windows 10 last week.
Richard M. Hicks
/ November 10, 2020Likely related. Good news is that KB4586781 (https://support.microsoft.com/en-us/help/4586781/windows-10-update-kb4586781) fixes it. Look for a similar update for 1909 hopefully soon. 🙂
Justin
/ November 10, 2020Hi Richard, thanks for the early warning!
James
/ November 10, 2020In case it helps others, Richard and I have emailed back and forth recently on this issue as it would appear to have broken Windows 10 1909 (18363.1171). We’ve had this for about 3 weeks now. Thanks.
Richard M. Hicks
/ November 10, 2020Hearing those reports now too. :/
timbo01
/ November 11, 2020This was our experience with anyone installing the Preview update KB4580386 taking the OS to 18363.1171 and it breaking auto connect. I have just installed the November CU (KB4586786) taking the OS to 18363.1198 and it appears to NOT suffer the same issue as the preview release. So it looks like the November CU is safe to install. I’m just going to test on a few more machines before allowing production machines to accept the November CU.
James
/ November 12, 2020Thankfully can confirm for us this is also fixed in latest round of patch Tuesday updates. Patched yesterday – working today. 🙂
Ed Morgan
/ November 10, 2020It’s quite disappointing to hear such a champion of AOVPN as Richard say “mostly”. Particularly as my organisation has put a lot of time and money into it and we are going ahead with a full rollout. We could have stuck with Cisco AnyConnect
Richard M. Hicks
/ November 10, 2020Sorry, but had to be honest! To clarify, the solution works well for most organizations. The difficult has been stability and reliability, something Microsoft has struggled with since the technology was introduced. It is also frustrating when an update breaks this, mostly because it appears it wasn’t tested before being released. Yes, I agree it was a preview, but doesn’t anyone at Microsoft test these updates even a little before releasing them? You don’t typically see this from dedicated third-party mobility solutions. Also, third-party solutions offer many more features that enterprise organizations require, especially in terms of security and visibility. That’s not to say that Always On VPN isn’t enterprise-ready, it’s just a limitation of their offering. Essentially Always On VPN is a basic solution, providing a base-level of functionality. Dedicated solutions are much more focused on delivering truly enterprise capabilities, better manageability at scale, and more visibility and control.
Ed Morgan
/ November 12, 2020We do appreciate your honesty Richard and all the work you have done. Microsoft sometimes do not help themselves or their champions.
taunovyrmer
/ November 10, 2020Just installed clean 20H2 and got this behavior, however after KB4586781 this issue was solved. NB! To all who have AOVPN, make sure you apply this patch in your inplace upgrade scenarios !!!
Richard M. Hicks
/ November 10, 2020My testing with 20H1 shows it is resolved with the KB4586781 update as well. 🙂