Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Romeo1984
Explorer

Endpoint Security agent VPN does not work with New Lenovo L14 Gen 5 Laptop

Greetings! 

I am coming from a Dell laptop that is about two years old. I had some HW issues with it, so my company bought me a brand new Lenovo L14 Gen 5 with Windows 11 Pro directly from the factory. On the advice from my IT department, I installed the same version of the Endpoint Security client E82.40 that is on my old Dell laptop. I set up the VPN parameters the same. I am connected to the same docking station as the Dell that uses the same Etherenet Realtek chipset and driver. Here is what happens when I try to connect:

1. Start ping -t session to Google DNS

2. Enter my credentials

3. The VPN bubble shows the connection was successful. The lock icon indicator turns green. 

4. Ping starts showing time-outs

5. after about 5 seconds, the lock icon indicator starts to spin

6. My network device switches from Ethernet to Wifi and connects to my AP. Ping is still showing drops. 

7. The Check Point Virtual Adapter shows Disconnected. The Realtek Ethernet adapter shows Disconnected. Wifi shows connected, but no traffic is flowing. Eventually, the Windows network adapter indicator shows no Internet. 

Now here is the interesting part:

8. If I disable the Realtek Ethernet adapter and then re-enable it (bouncing it) the tunnel comes up. Ping starts responding with the normally high response times, indicating traffic is now routed to the VPN server, and the internet comes back. 

9. If I disconnect from the VPN, the same thing happens - Lose the internet completely. If I bounce the Ethernet device, my internet comes back to normal. 

So... I uninstalled the client, rebooted, and then installed the most current client build E88.60.

Also tried the onboard Intel Ethernet port and the Wifi Port. Same issue.

Re-tried my old Dell, and works perfectly, so it is not my network. 

I compared the Windows services between the two laptops and it all matches.

I tried booting into Windows Safemode to test, but the Check Point services are blocked in Safemode.

Nothing looks obvious in the logs:

[12 Sep 17:03:15] Client state is idle
[12 Sep 17:03:15] received network OUT event while state is idle. no action
[12 Sep 17:03:22] Client state is idle
[12 Sep 17:03:22] received network OUT event while state is idle. no action
[12 Sep 17:03:29] Connect initiated by user
[12 Sep 17:03:29] Client state is idle
[12 Sep 17:03:29] User pressed connect
[12 Sep 17:03:29] Creating primary conn flow to <DELETED>-CLUSTER (1)
[12 Sep 17:03:30] Transport is auto detect
[12 Sep 17:03:30] Sent ClientHello
[12 Sep 17:03:31] No need to upgrade client, client version is 986105801 
[12 Sep 17:03:46] Starting new connection (1)
[12 Sep 17:03:50] No need to download topology
[12 Sep 17:03:50] No need to upgrade client, client version is 986105801 
[12 Sep 17:03:50] no need executing firewall step
[12 Sep 17:03:50] no need executing scv step
[12 Sep 17:03:50] Office mode IP was set successfully
[12 Sep 17:03:53] OM started successfully with IP = 172.16.XXX.XXX.
[12 Sep 17:03:53] Client state is connecting
[12 Sep 17:03:53] Connection was successfully established (1)
[12 Sep 17:04:13] No reply from the gw ip=10.XXX.XXX.254 for tunnel test packet. Office Mode IP=172.16.XXX.XXX, source port=18002.
[12 Sep 17:04:15] No reply from the gw ip=10.XXX.XXX.254 for tunnel test packet. Office Mode IP=172.16.XXX.XXX, source port=18003.
[12 Sep 17:04:17] No reply from the gw ip=10.XXX.XXX.254 for tunnel test packet. Office Mode IP=172.16.XXX.XXX, source port=18004.
[12 Sep 17:04:19] No reply from the gw ip=10.XXX.XXX.254 for tunnel test packet. Office Mode IP=172.16.XXX.XXX, source port=18005.
[12 Sep 17:04:21] No reply from the gw ip=10.XXX.XXX.254 for tunnel test packet. Office Mode IP=172.16.XXX.XXX, source port=18006.
[12 Sep 17:04:23] No reply from the gw ip=10.XXX.XXX.254 for tunnel test packet. Office Mode IP=172.16.XXX.XXX, source port=18007.
[12 Sep 17:04:25] No reply from the gw ip=10.XXX.XXX.254 for tunnel test packet. Office Mode IP=172.16.XXX.XXX, source port=18008.
[12 Sep 17:04:28] No reply from the gw ip=10.XXX.XXX.254 for tunnel test packet. Office Mode IP=172.16.XXX.XXX, source port=18009.

[12 Sep 17:04:30] No reply from the gw ip=10.XXX.XXX.254 for tunnel test packet. Office Mode IP=172.16.xxx.xxx, source port=18010.
[12 Sep 17:04:31] IKE tunnel disconnected, error code=-1000. Reason: Site is not responding.
[12 Sep 17:04:31] Client state is connected
[12 Sep 17:04:31] Tunnel (1) disconnected. State is connected. Trying to reconnect.
[12 Sep 17:05:11] IKE connection failed, error code=-1000. Reason: Site is not responding.

<I Bounced the NIC HERE>

[12 Sep 17:05:12] Client state is reconnecting
[12 Sep 17:05:12] Reconnect failed. trying again (1)
[12 Sep 17:05:19] Client state is reconnecting
[12 Sep 17:05:19] Reconnect finished successfully (1)
[12 Sep 17:05:20] Client state is connected
[12 Sep 17:05:20] Interface change - location is OUT, state connected, reconnecting tunnel
[12 Sep 17:05:28] Client state is reconnecting
[12 Sep 17:05:28] Interface change - location is OUT, trying to reconnect
[12 Sep 17:05:49] Client state is reconnecting
[12 Sep 17:05:49] Reconnect finished successfully (1)

 

Anybody have any ideas? Is my laptop too new to work properly with the most current client? 

9 Replies
PhoneBoy
Admin
Admin

There's clearly some sort of incompatibility that needs to be sorted out.
Possible there will be some details in the log files in C:\Windows\INF\setupapi.*.log.* that might provide a clue.
This will most likely involve your IT staff opening a case with our TAC to assist, in any case: https://help.checkpoint.com 

0 Kudos
Romeo1984
Explorer

None of those logs show any actions associated with the connection attempt. The install entries for the client are all "[Exit status: SUCCESS]". Nothing suspicious. Any other pointers?

0 Kudos
helderalmeida
Explorer

Any news on this? i have the same problem in several lenovo machines with windows 11.

0 Kudos
Romeo1984
Explorer

Negative. 
Additional T-shooting this weekend with no change that proves it is the hardware:

1. Installed new NVE drive:

a. Installed Windows 11 Pro and setup for home use. No Lenovo drivers. No corporate protection. Failed. 
b. Installed Windows 11 Pro for work. No Lenovo drivers. Failed. 
2. Installed Windows 11 Pro in Hyper-V. Setup for home use. Failed. 

My IT said they will open a TAC case. Mine is the only laptop in the company with this problem. It is also the only new Lenovo. 

0 Kudos
helderalmeida
Explorer

I think the issue is related to the 24H2 version. I downgraded to 23H2 and it's working.

0 Kudos
George_Casper
Collaborator

Appears to be 24H2 regardless of hardware platform make/model or virtual. 

Following this thread:

https://community.checkpoint.com/t5/Remote-Access-VPN/Windows-11-24H2-Remote-Access-VPN/m-p/229233/t...

0 Kudos
George_Casper
Collaborator

Running into similar issue on a couple laptops since yesterday that have been in the field for a while, one Dell, one Surface Pro running Win11 and E88.50. 

Can you clarify client version you typed "E82.40" is what you are running or typo?   End of Life version since 2020 and almost certainly wouldn't support Windows 11 especially newer builds. 

As far as my issue have a TAC case open awaiting FW debug and client log review by TAC with hopefully further guidance.  Wondering if Microsoft sent any updates out over the past days prior to official release today.

 

0 Kudos
Romeo1984
Explorer

Continue reading. 88.60 is what I upgraded to. All further testing was done with 88.60. 

0 Kudos
Johnny_Doe
Explorer
Explorer

I could confirm that I have same or similar issues with Remote Access Client E88.40, E88.50 and E88.60.... on Windows 11 (Lenovo laptop)

What I noticed is that the problem is causing enabled feature Encrypt all traffic and route to gateway.

Basic split tunneling configuration works with no problem...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events