VMware Workspace ONE Community
T070118
Contributor
Contributor

Per App VPN stopped working on devices after upgrade from 9.5.09 to 1907.13

Hi Folks,
Anyone ever seen this kind of thing before??  Testing after upgrade worked fine and everything looked good.  However then next day the Tunnel stopped working for users and could not connect.  I created a new version of the Per-App-VPN profile with no changes and sent it down and this seems to have worked. 
We use Samsung devices with KNOX and all apps are put into the container.  Strangely a device we enrolled after the upgrade never stopped working.  Have a ticket open but wanted to know if anyone has seen this kind of behaviour??

Cheers
Dave
Labels (1)
Reply
0 Kudos
4 Replies
Mario_Giese
Enthusiast
Enthusiast

Hi,

there is already a discussion: https://support.workspaceone.com/posts/360033830854
We solved the problem in one environment by changing the API Site URLS from console to Device Service Server.
But we still have the problem in some other environments. Already working on it with support.
If we open the Tunnel Configuration page, we get error messages that the vpn Config doesn't exist. VPN Profiles don't get installed on devices at all.
UAG can't fetch the vpn tunnel config too.
Do you have similar observations?
BR Mario
Reply
0 Kudos
T070118
Contributor
Contributor

Hi Mario,

We are seeing different things.  We had issues seeing the Tunnel Config pages in our Pre-Live environment which was caused by Local Firewalls interfering with traffic.  So we were prepared for the issue when it can to Live.  I also saw similar issues with VPN profile not being installed in Pre-Live but again this was resolved with local Firewall changes.
As above we resolved the issue by creating a new version of the Profile and pushing it so all I'm looking for is a root cause.  Thanks for getting back to me though and I hope you resolve the issues wit your other environments soon.

Cheers
Dave
Reply
0 Kudos
Mario_Giese
Enthusiast
Enthusiast

Hi Dave,

thanks for that.
At the moment we don't see firewall issues. The traffic hits the API/Device Service Server when accessing the tunnel config.
Recreating VPN Profiles and even the Tunnel Proxy and Tunnel Config didn't helped at all. We had one testenvironment in which we got it to work only by changing API URLs to Device Service Server (was pointing to Console before). But that only helped once.
I will post if we can figure out a root cause.
Cheers
Mario
Reply
0 Kudos
Mario_Giese
Enthusiast
Enthusiast

Hi,

we were able to find the solution with the support.
1. We needed to change the Site URLS for REST API to Device Service Server (before it was pointing to console)
2. On the Device and Console Server we entered the servernames in the IIS Binding for the https connection - that caused an error with the vpn config - you need to left the name field empty in the IIS Binding.
3. After that we had to reconfigure Tunnel Config and after that updating the Config on UAG and Update the VPN Profile to repush it to the devices.
After that it works in our environments.
Reply
0 Kudos