In the last few days I have created some Azure Landingzones. To secure access to Azure resources within the landing zone with different users, customers use a P2S connection through the Azure VPN Gateway using Azure AD for authentication.
Sometimes I see some mistakes in the Azure VPN Point-to-site configuration blade that results in the Error: “Server did not respond properly to vpn control packets” when trying to connect to the VPN Gateway over the Azure VPN Client.
These error messages are often due to incorrect settings in the basic settings. To resolve this issue it is really important to configure the three points: Tenant & Audience & Issuer correctly.
Please pay close attention to the following settings:
- The Tenant field must be specified in the following notation “https://login.microsoftonline.com/your-Azuread-Tenant-ID-here/” at the end do not miss the
- Audience field must be only contains the Enterprise Application ID of the Azure VPN client (this is the same for all Tenants) “41b23e61-6c1e-4545-b367-cd054e0ed4b4” without any other characters or spaces
- The Issuer field must be specified in the following notation “https://sts.windows.net/your-Azuread-Tenant-ID-here/” at the end do not miss the backslash /
Please be aware of the difference between the Tenant- (begins with https://login….) and Issuer field (begins with https://sts.win…).
Please contact me if you have any questions or if you find further errors and solutions 🙂
9 thoughts on “Azure VPN AAD P2S Error Server did not respond properly to vpn control packets resolved”
could you explain, why the slash is so important?
BTW: It’s a forward slash 😉
I can’t say for sure, but I think it is necessary as a separator for the tenant ID.
Thanks for your hint, I have corrected it 🙂
If the syntax is correct try this:
Simon, Thank you!!! worked!!!! time was incorrect on the user’s computer.
Thanks Simon! It worked for me.
didn’t work for me.. the time resync didn’t fix it..
Status = Server did not respond properly to VPN Control Packets. Session State: TLS handshake in progress
both (article and time resync) do not work for your solution? Which VPN Gateway SKU did you enrolled?
I was getting this error and could solve fixing the windows time.
At the command with admin privileges:
net stop w32time
w32tm /config /manualpeerlist:a.ntp.br
net start w32time
I’m using a.ntp.br as peer ntp. please have in mind to use one with your time zone.
Doing that fix my problem.
thanks for your note and your solution on this topic.
I hope this helps other readers.