We are getting randomly bombed by the Azure VPN Client (MSFT Store download version) randomly disconnecting and going into a ‘Reconciling’ mode that seems to hang up the network stack. I can ping out to the internet, but DNS seems to not work. Disconnecting the client does not work, nor does killing the process. Multiple reboots is the only fix. I can find no documentation with this error or functionality at all.
Edit: After 7+ months we closed our case. The only thing MSFT could point to us was to make sure WANARP was running (sc query wanarp in an elevated cmd window). Start it if it is not, then flag it for auto starting. More info in latest comment.
You are not alone, we are seeing this in our environment as well. One thing that appears to “fix” it is to update the network drivers from the manufacturer, in our case Dell. The only reason why I say “fix” is because the issue doesn’t appear to show up afterward but it’s always possible it’s just resetting the clock. In our case this issue took about 4 months to manifest itself.
I opened a case with MSFT and have been working with them. Unfortunately this is the reply from them on that “After doing some research from my side I did not find any documentation of Microsoft on Reconciling status, we´ll need to check your case internally so we can gather further data about this issue you are experiencing”.
I had another user with borked up DNS after ~2 weeks of smooth sailing. After a reboot, auto-connect of the VPN jacked the connection again. The second time I had the user turn off auto-connect and reboot. Everything was good, and was able to connect to VPN without issue. I have had varying results from users and it is not 100% consistent. I will update as I have more info.
Update from MSFT: The Information we could collect regarding the reconciling status was that this issue has been seemed in Point to Site VPN with Cisco Umbrella Agents installed in the machines.
I am not using Cisco Umbrella, but we are using Sophos. We are testing out disabling that currently.
Still nothing from Microsoft… We have an escalation and I am bugging them almost daily. Multiple cases a week with users. Anyone have any breakthroughs?
MSFT has been worthless, even through countless escalations. One thing I noticed though when our users were having the problem, is the DNS server seemed to be the IP of our domain (Website). We looked some more and found we had a wildcard A record. So when the VPN dumped, therefore making the internal DNS servers unavailable, it was trying to utilize that IP for some reason. Once we nuked the wildcard things got MUCH better. This is unconfirmed of course, but so far we have been almost a week without an issue.
After collecting detailed info on every support ticket we logged, it seems like there were 2-3 ‘bad’ releases of the Azure VPN client via the Microsoft Store. We caught on and when a ticket came in for reconciling, failed, DNS issues, etc that was due to Azure VPN our team upgraded the client. We made an assumption (Microsoft wont confirm for some reason) that when the client is connected and it goes out to MSFT Store to update, the installer hangs up the connection and the install. After a restart with auto connect off, we find we are then allowed to upgrade via MSFT store and connect. Since the 2.1986.50.0 release in late June our issues have completely stopped. The closest we can get from MSFT is “there have been multiple previous versions giving issue so we cannot confirm this error is an specific error…” I am pushing multiple channels to get release notes, fixes, or SOMETHING that gives us information but nothing so far. Since it seems to us the updating was causing the issue we are PoC’ing InTune control and deployment in case this is an issue in the future.
fter 7+ months we closed our case. The only thing MSFT could point to us was to make sure WANARP was running (sc query wanarp in an elevated cmd window). Start it if it is not, then flag it for auto starting. This has not fixed it for everyone. However since then there have been 4 new versions of the software through MSFT Store. Support said it was not possible to get release notes of any kind. Azure VPN is working better but now we are having file transfer issues. Had to open another ticket and I have to start over at Tier 1. No bueno.
Hi,
I have the exact same problem. Did you find any cause for this?
I also have this issue, does anyone have any input on this?
Having the exact same issue with one of our client who we recently convinced to switch to Azure VPN rather than another provider and a few users are having this issue. It seems random with the user and time of day it happens.
VPN is set to auto connect in the Windows 10 VPN settings.
Hoping someone was able to sort this out and let me know as it’s driving me crazy and the client is not happy
I haven’t found a cause for it, but usually doing the following resolves it for me. Goto settings > VPN > select the connection > choose Disconnect then uncheck the box to connect automatically. Then I reboot the computer, connect to Azure VPN and turn back on auto-connect. Usually one reboot does the trick
I just ran into this today and here are the steps we took to resolve. Device manager > Network Adapters > WAN Miniport (SSTP) > uninstall > Scan for hardware changes in device manager > Go to Network and sharing center > Change Adapter settings > Check for Azure VPN to be listed> Open up Azure VPN app > import config file > connect. Done.
Makes me feel better knowing we aren’t alone! I couldn’t find a lick on Reconciling. Yes we have been deploying for a month or so and it just cropped up on us. People will work great for 2+ weeks and then stop working. Majority of users have had 0 problems with it.
Any update to your issue?
I’m wondering, has anyone figured out a way to delay the startup of the Azure VPN client? Given it’s a modern app, the typical win32 rules don’t apply. The reason why I’m asking is I suspect the Azure VPN Client is starting before the rest of the network stack comes up, thereby twisting DNS.
I don’t believe that would be the case, our endpoints are using Microsoft’s ecosystem for management and security and the connections are still dropping out.
Got a new update? Please… 
I have been working daily with MSFT support. They have two other teams pulled into it. So far nothing to report. Wish I had better news. We also have no so happy users as well.
i have the exact same issue. so far could not find a fix.