Always On VPN device tunnel – general error

My script for creating Always On VPN device tunnel stopped working. Microsoft made an update recently on how and where the device tunnel store information on Autoconnect settings. When my script removed the device tunnel, the registry keys did not get removed. Resulting in no new tunnels could be created. The “General Error” message was not much help either.

When creating a device tunnel that will be auto connecting, Windows creates a registry key

HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\DeviceTunnel\

Under that key, there is information for the VPN connection that is configured with auto connect.

To solve the problem, we need to remove that key from registry. I added this to my script to solve the issue:

# Remove old VPN DeviceTunnel Info
Try {$DeviceTunnelInfo = Get-ItemPropertyValue $DeviceTunnelInfoPath -Name AutoTriggerProfileEntryName -ErrorAction stop}
Catch {logwrite -Logstring "No old DeviceTunnelInfo found in registry";$DeviceTunnelInfo=$null}
If ($DeviceTunnelInfo) 
 {Try {Remove-Item $DeviceTunnelInfoPath -Force
  logwrite -Logstring "Found old DeviceTunnelInfo, removed from registry" -type Info}
 catch{logwrite -Logstring "Found old DeviceTunnelInfo, unable to remove from registry" -type warning}}
Else {logwrite -Logstring "No old DeviceTunnelInfo found in registry"} 

So now the script works for creating a device tunnel again.

Always On VPN in Add Remove Programs with PowerShell

I have now updated the device tunnel script so that it works with windows 11. You can find it on my Github.

CHANGELOG

    1.0.2202.1 - Initial Version
    1.1.2207.1 - Solved a problem with uninstall device tunnel from Add Remove Programs
    1.2.2207.2 - Solved Windows 11 problems with CSP over WMI. No blank DNS server list allowed
    1.3.2208.1 - Fixed Version Check
    1.4.2301.1 - Fixed new DeviceTunnelInfo regkey cleanup      
    1.4.2301.2 - Fixed bug in DeviceTunnelInfo regkey cleanup 

Reinstall/Uninstall

The script has three modes: Install, Reinstall and Uninstall. The default is Install, it will install the VPN if missing and update if an old version. If run on a computer with same version it will exit without actions. But what if the VPN has some error and you need to manually update the config. Then it can be reinstalled with the Reinstall switch. And if the VPN connection needs to be removed, just use the uninstall option.

#region ---------------------------------------------------[Script Parameters]-------------------------------------
Param(

    [Parameter(HelpMessage = 'Enter Install, ReInstall or UnInstall.')]    
    [validateset("Install", "ReInstall", "UnInstall")][string]$InstallType = "Install"
)
#endregion

Modifiable Variables

I have some modifiable variables to customize the deployment and VPN configuration. The VPN connection itself is formed in the default XML way. Had some ideas on using variables, but Always On VPN is often formed in that way, so this is probably the easiest way of customizing. Make sure you go through this part and customize it for your environment.

#region ---------------------------------------------------[Modifiable Parameters and defaults]--------------------
# Customizations
$Company = "Coligo"    #Used in VPN ProfileName and registry keys

#Version info
[version]$ConfigVersion   = "1.0.2202.1" #Increment when changing config, stored in registry to check if new config is needed. syntax: 1.1.YYMM.Version (1.1.2001.1)
$AddRemoveProgramEnabled  = $True        #$true register an App in Add Remove Programs for version and uninstall, $false skip registration in Add Remove Programs
$MinWinBuild              = 17763        #17763 will require Windows 1809 to execute

#Log settings
$Global:GuiLogEnabled   = $False       #$true for test of script in manual execution
....

Add Remove Programs

As mentioned before the script will also register in Add Remove Programs with it´s name and version. This is quite nice, then it can be inventoried as any other application installed. This info is also used if the script is updated with a new version or if it is running in reinstall mode. The most tricky part with this was the uninstall part. Finally succeeded so it can also be uninstalled from Add Remove Programs.

Logging

I have built my own logging function that will write to GUI, Event Viewer or File. Whatever the customer prefer. I use the same function it in many of my scripts and it works really good on all targets so far. The GUI logging is mostly used when testing the script, if disabled it will run silent.

INI file update

The script also searches for the INI file (rasphone.pbk) that the VPN connection created. This INI file can sometimes end up in other location than default. Thereby I use some regkeys to try find the path so I can edit the correct file. I have added the settings that sometimes need optimization for Always On VPN.

The Script

I have published the script on my Github. Feel free to use and I just love feedback

About The Author

Mr T-Bone

Torbjörn Tbone Granheden is a Solution Architect for Modern Workplace at Coligo AB. Most Valuable Professional (MVP) on Enterprise Mobility. Certified in most Microsoft technologies and over 23 years as Microsoft Certified Trainer (MCT)

You may also like...