排查 Azure AD 身份验证 VPN 客户端问题Troubleshoot an Azure AD authentication VPN client

本文帮助你排查 VPN 客户端在使用点到站点 VPN 和 Azure Active Directory 身份验证连接到虚拟网络时出现的问题。This article helps you troubleshoot a VPN client to connect to a virtual network using Point-to-Site VPN and Azure Active Directory authentication.

查看状态日志View Status Log

查看状态日志中的错误消息。View the status log for error messages.

日志

  1. 单击客户端窗口右下角的箭头图标以显示“状态日志”。 Click the arrows icon at the bottom-right corner of the client window to show the Status Logs.
  2. 在日志中检查可能指示出现了问题的错误。Check the logs for errors that may indicate the problem.
  3. 错误消息以红色字体显示。Error messages are displayed in red.

清除登录信息Clear sign-in information

清除登录信息。Clear the sign-in information.

登录

  1. 选择Select the … 要排查问题的配置文件旁边的“...”。next to the profile that you want to troubleshoot. 选择“配置”->“清除保存的帐户”。 Select Configure -> Clear Saved Account.
  2. 选择“保存” 。Select Save.
  3. 尝试连接。Try to connect.
  4. 如果连接仍然失败,请转到下一部分。If the connection still fails, continue to the next section.

运行诊断Run diagnostics

在 VPN 客户端上运行诊断。Run diagnostics on the VPN client.

诊断

  1. 在“架构”属性中 Click the 要对其运行诊断的配置文件旁边的“...”。next to the profile that you want to run diagnostics on. 选择“诊断”->“运行诊断”。 Select Diagnose -> Run Diagnosis.

  2. 客户端将运行一系列测试并显示测试结果The client will run a series of tests and display the result of the test

    • Internet 访问 – 检查客户端是否已建立 Internet 连接Internet Access – Checks to see if the client has Internet connectivity
    • 客户端凭据 – 检查是否可访问 Azure Active Directory 身份验证终结点Client Credentials – Check to see if the Azure Active Directory authentication endpoint is reachable
    • 服务器可解析 – 连接 DNS 服务器,解析配置的 VPN 服务器的 IP 地址Server Resolvable – Contacts the DNS server to resolve the IP address of the configured VPN server
    • 服务器可访问 – 检查 VPN 服务器是否做出响应Server Reachable – Checks to see if the VPN server is responding or not
  3. 如果上述任何测试失败,请联系网络管理员来解决问题。If any of the tests fail, contact your network administrator to resolve the issue.

  4. 下一部分介绍如何按需收集日志。The next section shows you how to collect the logs, if needed.

收集客户端日志文件Collect client log files

收集 VPN 客户端日志文件。Collect the VPN client log files. 可以通过所选的方法将日志文件发送给支持人员/管理员。The log files can be sent to support/administrator via a method of your choosing. 例如,通过电子邮件发送。For example, e-mail.

  1. 单击Click the “…” 要对其运行诊断的配置文件旁边的“...”。next to the profile that you want to run diagnostics on. 选择“诊断”->“显示日志目录”。 Select Diagnose -> Show Logs Directory.

    显示日志

  2. Windows 资源管理器中会打开包含日志文件的文件夹。Windows Explorer opens to the folder that contains the log files.

    查看文件

后续步骤Next steps

有关详细信息,请参阅为使用 Azure AD 身份验证的 P2S 开放 VPN 连接创建 Azure Active Directory 租户For more information, see Create an Azure Active Directory tenant for P2S Open VPN connections that use Azure AD authentication.