Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, July 17, 2020 6:40 AM | 1 vote
Symptom:
Customer has a VPN connection that uses Secured Password (EAP-MSCHAP v2) for authentication. The VPN has "Allow use my Windows logon user name and password" property enabled by either of below methods:
- VPN is deployed via VPN ProfileXML file, in the XML it contains below VPN property tag:
<UseWinLogonCredentials>true</UseWinLogonCredentials> - manually created VPN connection, and from VPN adapter property window [Security] tab check on [Allow use my Windows logon user name and password (and domain, if any)]
Till Windows 10 v19H2, user is able to connect to the VPN without typing in user name password, but after upgrade to 20H1, once connect to VPN user immediately receives a credential dialog, like below:
User types in random password can still connect to VPN (the actual credential passed on is the user actual logon user name and password, not the info user typed in).
Current situation:
Microsoft has known about this issue but haven’t resolved it yet.
It is being investigated by Microsoft currently.
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
All replies (3)
Monday, August 3, 2020 8:11 AM | 1 vote
I can confirm this bug, we are seeing it on all PC's upgraded to 2004 as well as all new installations.
However, we see some differences. It does not always work with a random password.
For example, one character is not enough, but three random characters works with our RRAS servers running Windows Server 2019. But a RRAS server running Windows Server 2012 R2 which is also a Direct Access server, only accepts the correct user password.
Monday, August 3, 2020 3:01 PM
We found we could enter a single letter in each box but it then broke access to network shared drives as it was then trying to use these single digits to authenticate to those instead of the full username and password on a server 2016 file share
Monday, August 3, 2020 10:13 PM
This error is happening even when the checkbox for "Allow use my Windows logon user name and password" is not checked. We are not using that setting, users have to sign in manually. Ever since feature update to 2004 it behaves as if it is trying to connect using stored credentials, even though none are stored, and then it fails. The VPN server however is not logging a failed connection attempt so even though the appearance on the client side is that it is using invalid credentials and failing, it isn't actually trying to connect on the VPN server side.
After the initial display of a "failed login attempt", if valid credentials are supplied it connects as normal.