Hi There,
I have a new new Server 2016 / W10 1809 Always On VPN Setup:
- Server 2016 Routing and Remote Access Server providing IKEv2 (Device Tunnel) and SSTP (User Tunnel)
- Windows 10 1809 Clients with Device and User Certificates from internal AD integrated PKI
The Problems are:
1. GPUPDATE is not working if the User Tunnel is connected (SYSVOL is not accessible). Accessing SYSVOL in explorer prompts for a user and password, any other share in the domain is working fine, it's just not working with DFS Shares.
But if I disconnect the User Tunnel and let only the Device Tunnel opened, GPUPDATE and DFS is working fine.
Booth tunnels are having the same DNS / Remote Address Ranges Config and no Traffic Filters are configured.
I have no idea how to fix this, the only workaround is enabling the Network access: Do not allow storage of passwords and credentials for network authenticationbut the drawbacks with this GPO Security Setting enabled are to big.
2. All Remote Clients are registering their VPN IP in the DNS, which is desired, but further more they are registering the IP of the WiFi Adapter too, which makes manage-out quite unreliable.
The only Workaround I've figured out is, unchecking the "register this connection's Addresses in the DNS" in the advanced settings of the WiFi Adapter, but rolling this out to a few hundred clients is a quite difficult.
Is anyone else having these problems and have found a solution for it?
Thanks in advance
Malte