Always On VPN RRAS Internal Interface Non-Operational

Windows 10 Always On VPN Routing Configuration

Always On VPN administrators troubleshooting connectivity issues may find the Internal network interface in the Routing and Remote Access management console (rrasmgmt.msc) administrative status indicates ‘Unknown’. They will also notice the Operational Status shows Non-operational.

Internal Interface

For clarification, the ‘Internal’ network interface in the Routing and Remote Access management console, as shown above, is not a physical network adapter on the server. Instead, it is a virtual network interface used only for incoming VPN connections.

Non-Operational

The Internal virtual network interface will not be created until the VPN server accepts its first VPN connection. Because of this, the Internal interface will have an operational status of non-operational until the first client attempts to connect. When this occurs, RRAS creates the interface, then assigns it the first IP address from the static IPv4 address pool. Alternatively, if DHCP is configured, it will assign the first IP address returned by the DHCP server.

Interface Names

While discussing network interfaces, I typically recommend renaming them in Windows to identify their function, especially when using two NIC configurations. However, be careful not to name the server’s internal network adapter ‘Internal’, as this can be confusing in the future. In my example above, I use the name ‘LAN’ to identify the internal adapter to distinguish it from the server’s ‘Internal’ virtual interface.

Additional Information

Windows Server RRAS Service Does Not Start

Windows Server RRAS Monitoring and Reporting

Microsoft Always On VPN and RRAS in Azure

Microsoft Always On VPN and RRAS with Signle NIC

Always On VPN at Workplace Ninja Summit 2022

The Workplace Ninja Summit takes place from 12-14 September 2022 in Lucerne, Switzerland. The conference focuses on endpoint management and security with platforms such as System Center Configuration Manager (SCCM) and Microsoft Endpoint Manager/Intune.

Conference Sessions

If you are participating in the conference, be sure to attend one of my sessions! I’m delivering the following three talks during the event.

Windows Always On VPN and Autopilot: Better Together

In this talk, I’ll cover in detail the critical aspects of implementing Always On VPN to support Autopilot provision with Intune.

Deploying On-premises Certificates with Intune

This session will explore the options for deploying enterprise PKI certificates using Intune. I’ll be sharing lots of security and implementation best practices.

Deploying Always On VPN with Intune: The Good, The Bad, and the Ugly

This talk will dive into the options for deploying Always On VPN using Intune. I’ll be covering many tips, tricks, and best practices and shining a light on many limitations and shortcomings of using Intune for Always On VPN.

Join Me!

Unfortunately, the conference is sold out, so if you haven’t made arrangements to attend you’ll have to wait until next year. If you are attending, please be sure to say hello!

Always On VPN Training December 2022

Join me December 5-7, 2022, in San Diego, CA, for three days of Always On VPN training. This comprehensive hands-on training course will cover all aspects of Always On VPN, including the design, implementation, and support of Always On VPN infrastructure. In addition, we’ll cover client provisioning using Microsoft Endpoint Manager/Intune and PowerShell in detail. Advanced topics will include high availability and redundancy, cloud deployment options, configuration tuning, and security and performance best practices.

Register Today

Space is limited for this class, so register now! The cost is $4,995.00 per person. Group discounts are available. Reserve your seat by filling out the form below. Looking forward to seeing you there!

%d bloggers like this: