We configured a primary and fallback vpn profile in Windows 10. Users connect to it like they are selecting a wifi network to connect to or they can connect via vpn settings panel.
Some users have reported that the primary vpn will disappear from their settings but fallback will remain.
It’s odd because it occurs randomly to random users. No consistency between impacted users (i.e. Windows version, laptop model, etc.)
Users even report that they experience no issue the day prior almost like they wake up the next day and its gone.
No logs or events showing uninstallation or failures either in event viewer, firewall, etc.
Luckily we have developed a script to restore the vpn profile rather quickly but its just been a headache to figure out.
Any idea why a vpn profile would just suddenly disappear?
Fwiw ive experienced this with Cisco anyconnect, with Cisco asa distributing the profile. We were using smart card based authentication. Had to make sure our root and intermediate certificates were in ise. We would have to clean up the users certificate store, gotta be careful with users with adm accounts logging in or having their adm piv inserted while connecting to vpn.
Interesting. We don’t use intune outside of a byod/mdm type solution where we just managed app data associated with teams, outlook etc on personal phones. Not sure if something in intune is reapplying any time of profile.
As for your questions, the vpn profile has been deployed to all users laptops. Forticlient vpn but we create a profile in vpn settings on Windows 10. Users do not experience any connection drop issues only that one day it shows up as it should and the next day its like the entire profile disappears.
The only powershell script being applied (to my knowledge) is a script to reapply the profile for when this issue occurs but we need to go in manually to run as an admin. Automating the script could be an option as long as we can get based on uac but we are trying to discover the root cause
We do use the forticlient since we are fortinet shop but we create the profile inside the vpn settings in windows. basically we make a user friendly means of connecting. All they do is select the vpn connection like they would if they were to connect to a wifi profile, a duo prompt initiates for 2fa and then they connect.
No logs in Fortinet showing any issues with the vpn connections.