topic Re: Failed to start TCP server used for Identity provider in SASE and Remote Access

Failed to start TCP server used for Identity provider

zaoar — Tue, 29 Apr 2025 15:42:28 GMT

Hi all,

I recently start testing SAML_VPN Remote Access using Azure /Entra ID instead of RSA RADIUS which is my default

The setup was easy and straight forward, everything looks good and working fine

EXCEPT

once every now and then or sometimes after changing the authentication method to RADIUS and back to SAML IP

i get and error that reads:

Connection Failed: Failed to start the TCP server used for Identity Provider authentication.

The authentication cannot take place

See screenshots attached.

None of the common IT tricks seams to help. (restart vpn client, kill service and restart, even restart laptop)

Out of the blue after a few hours or next day in the morning.. it succeeds with SMAL IP again.

VPN Client: E88.63

I understand that this is somehow local-client related as stated in the details that fails to start the TCP server.

I also checked logs on Azure side and there is nothing there.. like no attempt for authentication which confirms the above.

Any ideas / advise / help where and how to further look into that?

Regards,

Aris

Re: Failed to start TCP server used for Identity provider

PhoneBoy — Tue, 29 Apr 2025 21:59:15 GMT

I'd look in the client logs and see if you can see any clues.

Re: Failed to start TCP server used for Identity provider

zaoar — Wed, 30 Apr 2025 07:37:39 GMT

Unfortunately i couldnt reproduce the issue today.

Today it works fine again.

I tried to triger it by changing between saml and rsa radius but keeps responding fine.

So i have no fresh logs but from checking the helpdesk.log file for yesterdays dat i can see a sequence of attempts that end up with "Disconnect initiated by user". The time and date matches my failed authentication attempts

Sent ClientHello
[29 Apr 15:59:02] No need to upgrade client, client version is 986105843
[29 Apr 15:59:02] Starting new connection (3)
[29 Apr 15:59:03] Disconnect initiated by user
[29 Apr 15:59:03] Client state is connecting
[29 Apr 15:59:03] User cancelled the connection
[29 Apr 15:59:03] client disconnected -> enforce disconnected FW policy

maybe is time for TAC 😞

Re: Failed to start TCP server used for Identity provider

PhoneBoy — Wed, 30 Apr 2025 12:43:19 GMT

This definitely looks like TAC territory.

Re: Failed to start TCP server used for Identity provider

JRC_28 — Thu, 30 Oct 2025 06:58:34 GMT

Hi, do you have any updates on this or the solution that worked for this issue?