Azure VPN AAD P2S Error Server did not respond properly to vpn control packets resolved

In the last few days I have created some Azure Landingzones. To secure access to Azure resources within the landing zone with different users, customers use a P2S connection through the Azure VPN Gateway using Azure AD for authentication.

Sometimes I see some mistakes in the Azure VPN Point-to-site configuration blade that results in the Error: “Server did not respond properly to vpn control packets” when trying to connect to the VPN Gateway over the Azure VPN Client.

These error messages are often due to incorrect settings in the basic settings. To resolve this issue it is really important to configure the three points: Tenant & Audience & Issuer correctly.

Please pay close attention to the following settings:

  • The Tenant field must be specified in the following notation “https://login.microsoftonline.com/your-Azuread-Tenant-ID-here/” at the end do not miss the backforwardslash /
  • Audience field must be only contains the Enterprise Application ID of the Azure VPN client (this is the same for all Tenants) “41b23e61-6c1e-4545-b367-cd054e0ed4b4” without any other characters or spaces
  • The Issuer field must be specified in the following notation “https://sts.windows.net/your-Azuread-Tenant-ID-here/” at the end do not miss the backslash /

Please be aware of the difference between the Tenant- (begins with https://login….) and Issuer field (begins with https://sts.win…).

Please contact me if you have any questions or if you find further errors and solutions 🙂

Links

9 thoughts on “Azure VPN AAD P2S Error Server did not respond properly to vpn control packets resolved”

  1. Hi Gregor,
    could you explain, why the slash is so important?
    BTW: It’s a forward slash 😉

    1. Hi Robert,
      I can’t say for sure, but I think it is necessary as a separator for the tenant ID.
      Thanks for your hint, I have corrected it 🙂
      Greetings
      Gregor

  2. didn’t work for me.. the time resync didn’t fix it..

    Status = Server did not respond properly to VPN Control Packets. Session State: TLS handshake in progress

    1. Hi Bryon,
      both (article and time resync) do not work for your solution? Which VPN Gateway SKU did you enrolled?

  3. Hello there.

    I was getting this error and could solve fixing the windows time.

    At the command with admin privileges:

    net stop w32time
    w32tm /config /manualpeerlist:a.ntp.br
    net start w32time
    w32tm /resync

    I’m using a.ntp.br as peer ntp. please have in mind to use one with your time zone.

    Doing that fix my problem.

    1. Hi Vinicius,
      thanks for your note and your solution on this topic.
      I hope this helps other readers.

      Greetings
      Gregor

Leave a Reply to Simon Nielsen Cancel reply

Your email address will not be published. Required fields are marked *