AOVPN 809 error
When balancing AOVPN you periodically get 809 Errors on the VPN client
Application: Microsoft Always On Virtual Private Network
When balancing AOVPN you periodically get 809 Errors on the VPN client especially after failover or when busy.
|Steps to Reproduce:|
Error 809 on connecting client
“Can’t connect to [connection name]. The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g. firewalls, NAT, routers, etc.) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.”
Application event log records an error message with Event ID 20227 from the RasClient source
Possible causes include
1. DNS name resolution
2. Firewall not forwarding ports
3. Port following not enabled
4. IKE fragmentation
1. Ensure the correct DNS resolution for the FQDN to the correct IP. Check your DNS provider
2. Check the firewall for NAT forwarding rules and ensure that TCP port 443 for SSTP and UDP ports 500 and 4500 are forwarded for IKEv2.
3. Ensure that under advanced properties of the IKEv2 services (port 500 and 4500 UDP) are set to "Port following enabled" with the 4500 service following the 500 service and the 500 service following the 4500 service.
4. The following PowerShell command can be used to enable IKEv2 fragmentation on supported servers.
New-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ikev2\” -Name EnableServerFragmentation -PropertyType DWORD -Value 1 -Force