All super valid points @israelfds95 

Great stuff thanks. 1-Issue is with one single user. 2-Internet connection working properly. 3-Machine cert is valid.

4- User works remotely full time, so no VPN = no GPO update or cert renewal. For the time being he's using Citrix. I could get him to come in but if possible I'd like to know what's going on in case it happens again to someone else. If the only solution is to come in and update the GPO and renew the cert that'll be it but I'd like to try and find another way if there is one.

5-not a global issue

6- That's where I am. There is a lot of logs when you collect them from the endpoint. Is there some that correspond more to the vpn negotiation?

Ok, so it seems to be an isolated issue. The trac.log usually provides more information, but it’s also worth checking the other .log files. I don’t know all of them in detail, so it’s a good idea to try to reproduce the issue, collect the logs, and send them to TAC for analysis.

In SmartConsole, did you find any relevant logs about this user’s failed authentication attempt? If so, please let us know what they show.

Is the number of Office Mode IPs within limits? Sometimes it can reach the maximum.

When the user tries to authenticate, what error message is shown on the endpoint?

It would be helpful to schedule a new call with the user and collect evidence while they try to connect. Try to capture as many logs as possible at the moment of the error, check them in SmartConsole and in trac.log, and make sure that Enable logging – Extended is enabled when running it️

Totally valid point. @flachance Any way you can have that user reinstall the VPN client, then create vpn site brand new and test? Have them install latest version, E89.10

No seeing anything that looks useful in smartconsole logs. But I just got a new element to the story. This started after the user installed an out of band windows update (Update for Windows (KB5077797)). Someone else also just did that and got the same issue. They uninstalled the update but the issue is still there.

One will connect at work and try a gpupdate. If it fails he'll try uninstall/reinstall.

I'll add updates after they tried

K, fair enough...so, it sounds most likely was a windows update issue. Are they able to uninstall it, reboot and test?

Just as I was ruling out that windows update 😆. The second user who reported the issue actually had a different issue (trouble with his Internet connection). The first one tried to uninstall the update/reboot but still has the issue. I tried installing the update myself and everything works fine. Back to gathering logs...

I dont really believe in life coincidences, but hey, this could have been one of those : - )

Anyway, if it did not happen for you, maybe different processor type? Just a guess...

No we have the exact same laptop model. He did try to uninstall the Windows update and it didn't work. Where you able to make it work by uninstalling the Windows update?

Just uninstalled it from windows update options, from settings.

did the remote access vpn starts working again after you uninstalled the Windows update?

It did, yes.