Always On VPN Fails with Windows 10 2004 Build 610

Updated 11/10/2020: Microsoft update KB4586781 has resolved the connectivity issues described in this post. If you had previously installed update KB4580364, please update to KB4586781 immediately.

A recent preview update for Windows 10 2004 has broken Always On VPN. Specifically, after installing the latest Preview update for Windows 10 2004 (KB4580364), Always On VPN connections will fail to connect automatically. They can be established manually, however.

Affected Builds

This issue affects Windows 10 2004 with build 19041.610 and 19042.610.

Always On VPN Fails with Windows 10 2004

Workaround

The only workaround currently is to remove this update.

Caveat

Although this is a “preview” update and an optional installation, it is important to know that preview updates are released in the next “patch Tuesday” release. Administrators are advised to carefully consider delaying the implementation until additional testing has been completed.

Additional Information

October 29, 2020 – KB4580364 (OS Builds 19041.610 and 19042.610) Preview Update

Windows 10 Always On VPN Updates for Windows 10 2004

Leave a comment

16 Comments

  1. Colin

     /  November 9, 2020

    I can confirm this also. I experienced it and removed the preview update to get things back to normal. I hope Microsoft is aware of this before they ship the update GA on patch Tuesday. That would not be good…

    Reply
  2. Barry Weiss

     /  November 9, 2020

    Hello, do you know if 2009 (20H2) 19042.610 is affected? Do you consider AOVPN ready for prime time?

    Reply
    • I haven’t tested it myself, but I believe this also applies to 19042.610 as well. As for Always On VPN being ready for prime time, I would say “mostly”. 🙂 It’s not without its limitations, and Microsoft doesn’t help themselves when they break things with updates, but it works well enough in most cases. If you’re looking for better stability/reliability and an advanced feature set, there are some excellent alternatives. Of course they aren’t inexpensive either. 😉

      Reply
  3. timbo01

     /  November 9, 2020

    We also found this on our 1909 builds on Windows 10 last week.

    Reply
  4. Justin

     /  November 10, 2020

    Hi Richard, thanks for the early warning!

    Reply
  5. James

     /  November 10, 2020

    In case it helps others, Richard and I have emailed back and forth recently on this issue as it would appear to have broken Windows 10 1909 (18363.1171). We’ve had this for about 3 weeks now. Thanks.

    Reply
    • Hearing those reports now too. :/

      Reply
      • This was our experience with anyone installing the Preview update KB4580386 taking the OS to 18363.1171 and it breaking auto connect. I have just installed the November CU (KB4586786) taking the OS to 18363.1198 and it appears to NOT suffer the same issue as the preview release. So it looks like the November CU is safe to install. I’m just going to test on a few more machines before allowing production machines to accept the November CU.

      • James

         /  November 12, 2020

        Thankfully can confirm for us this is also fixed in latest round of patch Tuesday updates. Patched yesterday – working today. 🙂

  6. Ed Morgan

     /  November 10, 2020

    It’s quite disappointing to hear such a champion of AOVPN as Richard say “mostly”. Particularly as my organisation has put a lot of time and money into it and we are going ahead with a full rollout. We could have stuck with Cisco AnyConnect

    Reply
    • Sorry, but had to be honest! To clarify, the solution works well for most organizations. The difficult has been stability and reliability, something Microsoft has struggled with since the technology was introduced. It is also frustrating when an update breaks this, mostly because it appears it wasn’t tested before being released. Yes, I agree it was a preview, but doesn’t anyone at Microsoft test these updates even a little before releasing them? You don’t typically see this from dedicated third-party mobility solutions. Also, third-party solutions offer many more features that enterprise organizations require, especially in terms of security and visibility. That’s not to say that Always On VPN isn’t enterprise-ready, it’s just a limitation of their offering. Essentially Always On VPN is a basic solution, providing a base-level of functionality. Dedicated solutions are much more focused on delivering truly enterprise capabilities, better manageability at scale, and more visibility and control.

      Reply
      • Ed Morgan

         /  November 12, 2020

        We do appreciate your honesty Richard and all the work you have done. Microsoft sometimes do not help themselves or their champions.

  7. Just installed clean 20H2 and got this behavior, however after KB4586781 this issue was solved. NB! To all who have AOVPN, make sure you apply this patch in your inplace upgrade scenarios !!!

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: