故障排除:Azure 点到站点连接问题Troubleshooting: Azure point-to-site connection problems

本文列举了可能会出现的常见点到站点连接问题。This article lists common point-to-site connection problems that you might experience. 此外,还介绍了这些问题的可能原因和解决方案。It also discusses possible causes and solutions for these problems.

VPN 客户端错误:找不到证书。VPN client error: A certificate could not be found

症状Symptom

尝试使用 VPN 客户端连接到 Azure 虚拟网络时,看到以下错误消息:When you try to connect to an Azure virtual network by using the VPN client, you receive the following error message:

找不到可用于此可扩展身份验证协议的证书。(错误 798)A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)

原因Cause

如果 Certificates - Current User\Personal\Certificates 中缺少客户端证书,便会发生此问题。This problem occurs if the client certificate is missing from Certificates - Current User\Personal\Certificates.

解决方案Solution

若要解决该问题,请执行以下步骤:To resolve this problem, follow these steps:

  1. 打开证书管理器:单击“开始”,键入“管理计算机证书”,然后单击搜索结果中的“管理计算机证书”。Open Certificate Manager: Click Start, type manage computer certificates, and then click manage computer certificates in the search result.

  2. 请确保已正确的位置安装下列证书:Make sure that the following certificates are in the correct location:

    证书Certificate 位置Location
    AzureClient.pfxAzureClient.pfx Current User\Personal\CertificatesCurrent User\Personal\Certificates
    AzureRoot.cerAzureRoot.cer Local Computer\Trusted Root Certification AuthoritiesLocal Computer\Trusted Root Certification Authorities
  3. 转到 C:\Users<UserName>\AppData\Roaming\Microsoft\Network\Connections\Cm<GUID>,在用户和计算机存储上手动安装证书(*.cer 文件)。Go to C:\Users<UserName>\AppData\Roaming\Microsoft\Network\Connections\Cm<GUID>, manually install the certificate (*.cer file) on the user and computer's store.

若要详细了解如何安装客户端证书,请参阅为点到站点连接生成并导出证书For more information about how to install the client certificate, see Generate and export certificates for point-to-site connections.

备注

导入客户端证书时,请勿选择“启用强私钥保护”选项。When you import the client certificate, do not select the Enable strong private key protection option.

无法在计算机与 VPN 服务器之间建立网络连接,因为远程服务器不响应The network connection between your computer and the VPN server could not be established because the remote server is not responding

症状Symptom

尝试在 Windows 上使用 IKEv2 连接到 Azure 虚拟网关时,出现以下错误消息:When you try and connect to an Azure virtual network gateway using IKEv2 on Windows, you get the following error message:

无法在计算机与 VPN 服务器之间建立网络连接,因为远程服务器不响应The network connection between your computer and the VPN server could not be established because the remote server is not responding

原因Cause

如果 Windows 版本不支持 IKE 碎片,则会出现此问题The problem occurs if the version of Windows does not have support for IKE fragmentation

解决方案Solution

在 Windows 10 和 Server 2016 上支持 IKEv2。IKEv2 is supported on Windows 10 and Server 2016. 但是,若要使用 IKEv2,必须在本地安装更新并设置注册表项值。However, in order to use IKEv2, you must install updates and set a registry key value locally. Windows 10 以前的 OS 版本不受支持,并且只能使用 SSTP。OS versions prior to Windows 10 are not supported and can only use SSTP.

为运行 IKEv2 准备 Windows 10 或 Server 2016:To prepare Windows 10 or Server 2016 for IKEv2:

  1. 安装更新。Install the update.

    OS 版本OS version DateDate 编号/链接Number/Link
    Windows Server 2016Windows Server 2016
    Windows 10 版本 1607Windows 10 Version 1607
    2018 年 1 月 17 日January 17, 2018 KB4057142KB4057142
    Windows 10 版本 1703Windows 10 Version 1703 2018 年 1 月 17 日January 17, 2018 KB4057144KB4057144
    Windows 10 版本 1709Windows 10 Version 1709 2018 年 3 月 22 日March 22, 2018 KB4089848KB4089848
  2. 设置注册表项值。Set the registry key value. 在注册表中创建 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\ IKEv2\DisableCertReqPayload REG_DWORD 项或将其设置为 1。Create or set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\ IKEv2\DisableCertReqPayload REG_DWORD key in the registry to 1.

VPN 客户端错误:收到意外或格式不当的消息VPN client error: The message received was unexpected or badly formatted

症状Symptom

尝试使用 VPN 客户端连接到 Azure 虚拟网络时,看到以下错误消息:When you try to connect to an Azure virtual network by using the VPN client, you receive the following error message:

收到意外或格式不当的消息。(错误 0x80090326)The message received was unexpected or badly formatted. (Error 0x80090326)

原因Cause

如果下列一项条件为 true,则会发生此问题:This problem occurs if one of the following conditions is true:

  • 网关子网上使用默认路由的用户定义路由 (UDR) 设置不正确。The use user-defined routes (UDR) with default route on the Gateway Subnet is set incorrectly.
  • 根证书公钥未上传到 Azure VPN 网关。The root certificate public key is not uploaded into the Azure VPN gateway.
  • 密钥已损坏或过期。The key is corrupted or expired.

解决方案Solution

若要解决该问题,请执行以下步骤:To resolve this problem, follow these steps:

  1. 删除网关子网上的 UDR。Remove UDR on the Gateway Subnet. 请确保 UDR 正确地转发所有流量。Make sure UDR forwards all traffic properly.
  2. 请在 Azure 门户中检查根证书的状态,确定它是否已吊销。Check the status of the root certificate in the Azure portal to see whether it was revoked. 如果未吊销,请尝试删除并重新上传根证书。If it is not revoked, try to delete the root certificate and reupload. 有关详细信息,请参阅创建证书For more information, see Create certificates.

VPN 客户端错误:证书链已处理,但被终止VPN client error: A certificate chain processed but terminated

症状Symptom

尝试使用 VPN 客户端连接到 Azure 虚拟网络时,看到以下错误消息:When you try to connect to an Azure virtual network by using the VPN client, you receive the following error message:

已处理证书链,但是在不受信任提供程序信任的根证书中终止。A certificate chain processed but terminated in a root certificate which is not trusted by the trust provider.

解决方案Solution

  1. 请确保已正确的位置安装下列证书:Make sure that the following certificates are in the correct location:

    证书Certificate 位置Location
    AzureClient.pfxAzureClient.pfx Current User\Personal\CertificatesCurrent User\Personal\Certificates
    Azuregateway-GUID.chinacloudapp.cnAzuregateway-GUID.chinacloudapp.cn Current User\Trusted Root Certification AuthoritiesCurrent User\Trusted Root Certification Authorities
    AzureGateway-GUID.chinacloudapp.cn, AzureRoot.cerAzureGateway-GUID.chinacloudapp.cn, AzureRoot.cer Local Computer\Trusted Root Certification AuthoritiesLocal Computer\Trusted Root Certification Authorities
  2. 如果相应位置上已有证书,请尝试删除并重新安装证书。If the certificates are already in the location, try to delete the certificates and reinstall them. azuregateway-GUID.chinacloudapp.cn 证书位于从 Azure 门户下载的 VPN 客户端配置包中。The azuregateway-GUID.chinacloudapp.cn certificate is in the VPN client configuration package that you downloaded from the Azure portal. 可以使用文件存档程序从配置包中提取文件。You can use file archivers to extract the files from the package.

文件下载错误:未指定目标 URIFile download error: Target URI is not specified

症状Symptom

看到以下错误消息:You receive the following error message:

文件下载错误。未指定目标 URI。File download error. Target URI is not specified.

原因Cause

导致此问题发生的原因是网关类型不正确。This problem occurs because of an incorrect gateway type.

解决方案Solution

VPN 网关类型必须是 VPN,VPN 类型必须是 RouteBasedThe VPN gateway type must be VPN, and the VPN type must be RouteBased.

VPN 客户端错误:Azure VPN 自定义脚本失败VPN client error: Azure VPN custom script failed

症状Symptom

尝试使用 VPN 客户端连接到 Azure 虚拟网络时,看到以下错误消息:When you try to connect to an Azure virtual network by using the VPN client, you receive the following error message:

用于更新路由表的自定义脚本失败。(错误 8007026f)Custom script (to update your routing table) failed. (Error 8007026f)

原因Cause

如果尝试使用快捷方式启用站点到点 VPN 连接,可能会出现此问题。This problem might occur if you are trying to open the site-to-point VPN connection by using a shortcut.

解决方案Solution

直接打开 VPN 包,而不是通过快捷方式打开。Open the VPN package directly instead of opening it from the shortcut.

无法安装 VPN 客户端Cannot install the VPN client

原因Cause

必须有其他证书,才能信任虚拟网络的 VPN 网关。An additional certificate is required to trust the VPN gateway for your virtual network. 证书包含在通过 Azure 门户生成的 VPN 客户端配置包中。The certificate is included in the VPN client configuration package that is generated from the Azure portal.

解决方案Solution

提取 VPN 客户端配置包,并找到 .cer 文件。Extract the VPN client configuration package, and find the .cer file. 若要安装证书,请执行以下步骤:To install the certificate, follow these steps:

  1. 打开 mmc.exe。Open mmc.exe.
  2. 添加“证书”管理单元。Add the Certificates snap-in.
  3. 选择本地计算机的“计算机”帐户。Select the Computer account for the local computer.
  4. 右键单击“受信任的根证书颁发机构”节点。Right-click the Trusted Root Certification Authorities node. 单击“所有任务” > “导入”,浏览到从 VPN 客户端配置包中提取的 .cer 文件。 Click All-Task > Import, and browse to the .cer file you extracted from the VPN client configuration package.
  5. 重启计算机。Restart the computer.
  6. 尝试安装 VPN 客户端。Try to install the VPN client.

Azure 门户错误:无法保存 VPN 网关,数据无效Azure portal error: Failed to save the VPN gateway, and the data is invalid

症状Symptom

尝试在 Azure 门户中保存 VPN 网关的更改时,看到以下错误消息:When you try to save the changes for the VPN gateway in the Azure portal, you receive the following error message:

无法保存虚拟网络网关 <网关名称>。证书 <证书 ID> 的数据无效。Failed to save virtual network gateway <gateway name>. Data for certificate <certificate ID> is invalid.

原因Cause

如果上传的根证书公钥包含空格等无效字符,可能会出现此问题。This problem might occur if the root certificate public key that you uploaded contains an invalid character, such as a space.

解决方案Solution

请确保证书中的数据不包含换行符(回车符)等无效字符。Make sure that the data in the certificate does not contain invalid characters, such as line breaks (carriage returns). 整个值应为一长行。The entire value should be one long line. 下面为证书示例文本:The following text is a sample of the certificate:

-----BEGIN CERTIFICATE-----
MIIC5zCCAc+gAwIBAgIQFSwsLuUrCIdHwI3hzJbdBjANBgkqhkiG9w0BAQsFADAW
MRQwEgYDVQQDDAtQMlNSb290Q2VydDAeFw0xNzA2MTUwMjU4NDZaFw0xODA2MTUw
MzE4NDZaMBYxFDASBgNVBAMMC1AyU1Jvb3RDZXJ0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAz8QUCWCxxxTrxF5yc5uUpL/bzwC5zZ804ltB1NpPa/PI
sa5uwLw/YFb8XG/JCWxUJpUzS/kHUKFluqkY80U+fAmRmTEMq5wcaMhp3wRfeq+1
G9OPBNTyqpnHe+i54QAnj1DjsHXXNL4AL1N8/TSzYTm7dkiq+EAIyRRMrZlYwije
407ChxIp0stB84MtMShhyoSm2hgl+3zfwuaGXoJQwWiXh715kMHVTSj9zFechYd7
5OLltoRRDyyxsf0qweTFKIgFj13Hn/bq/UJG3AcyQNvlCv1HwQnXO+hckVBB29wE
sF8QSYk2MMGimPDYYt4ZM5tmYLxxxvGmrGhc+HWXzMeQIDAQABozEwLzAOBgNVHQ8B
Af8EBAMCAgQwHQYDVR0OBBYEFBE9zZWhQftVLBQNATC/LHLvMb0OMA0GCSqGSIb3
DQEBCwUAA4IBAQB7k0ySFUQu72sfj3BdNxrXSyOT4L2rADLhxxxiK0U6gHUF6eWz
/0h6y4mNkg3NgLT3j/WclqzHXZruhWAXSF+VbAGkwcKA99xGWOcUJ+vKVYL/kDja
gaZrxHlhTYVVmwn4F7DWhteFqhzZ89/W9Mv6p180AimF96qDU8Ez8t860HQaFkU6
2Nw9ZMsGkvLePZZi78yVBDCWMogBMhrRVXG/xQkBajgvL5syLwFBo2kWGdC+wyWY
U/Z+EK9UuHnn3Hkq/vXEzRVsYuaxchta0X2UNRzRq+o706l+iyLTpe6fnvW6ilOi
e8Jcej7mzunzyjz4chN0/WVF94MtxbUkLkqP
-----END CERTIFICATE-----

Azure 门户错误:无法保存 VPN 网关,资源名称无效Azure portal error: Failed to save the VPN gateway, and the resource name is invalid

症状Symptom

尝试在 Azure 门户中保存 VPN 网关的更改时,看到以下错误消息:When you try to save the changes for the VPN gateway in the Azure portal, you receive the following error message:

无法保存虚拟网络网关 <网关名称>。资源名称 <尝试上传的证书名称> 无效Failed to save virtual network gateway <gateway name>. Resource name <certificate name you try to upload> is invalid.

原因Cause

导致此问题发生的原因是证书名称包含空格等无效字符。This problem occurs because the name of the certificate contains an invalid character, such as a space.

Azure 门户错误:VPN 包文件下载错误 503Azure portal error: VPN package file download error 503

症状Symptom

尝试下载 VPN 客户端配置包时,看到以下错误消息:When you try to download the VPN client configuration package, you receive the following error message:

无法下载文件。错误详细信息: 错误 503。服务器正忙。Failed to download the file. Error details: error 503. The server is busy.

解决方案Solution

导致此错误发生的原因是临时网络问题。This error can be caused by a temporary network problem. 几分钟后,再次尝试下载 VPN 包。Try to download the VPN package again after a few minutes.

Azure VPN 网关升级:所有点到站点的客户端都无法连接Azure VPN Gateway upgrade: All Point to Site clients are unable to connect

原因Cause

如果证书的生存期已过半,证书会进行滚动更新。If the certificate is more than 50 percent through its lifetime, the certificate is rolled over.

解决方案Solution

若要解决此问题,请重新下载并重新部署所有客户端上点到站点的包。To resolve this problem, re-download and redeploy the Point to Site package on all clients.

一次性连接的 VPN 客户端过多Too many VPN clients connected at once

已达到允许的最大连接数。The maximum number of allowable connections is reached. 可以在 Azure 门户中查看连接的客户端总数。You can see the total number of connected clients in the Azure portal.

VPN 客户端无法访问网络文件共享VPN client cannot access network file shares

症状Symptom

VPN 客户端已连接到 Azure 虚拟网络。The VPN client has connected to the Azure virtual network. 不过,客户端无法访问网络共享。However, the client cannot access network shares.

原因Cause

SMB 协议用于文件共享访问。The SMB protocol is used for file share access. 连接启动时,VPN 客户端添加了会话凭据并发生失败。When the connection is initiated, the VPN client adds the session credentials and the failure occurs. 建立连接后,将强制客户端使用缓存凭据进行 Kerberos 身份验证。After the connection is established, the client is forced to use the cache credentials for Kerberos authentication. 此过程会启动查询密钥发行中心(域控制器),以获取令牌。This process initiates queries to the Key Distribution Center (a domain controller) to get a token. 由于客户端通过 Internet 进行连接,因此可能无法访问域控制器。Because the client connects from the Internet, it might not be able to reach the domain controller. 所以,客户端无法从 Kerberos 故障转移到 NTLM。Therefore, the client cannot fail over from Kerberos to NTLM.

仅当客户端具有已加入的域颁发的有效证书(其中 SAN=UPN),才会提示客户端提供凭据。The only time that the client is prompted for a credential is when it has a valid certificate (with SAN=UPN) issued by the domain to which it is joined. 客户端还必须以物理方式连接到域网络。The client also must be physically connected to the domain network. 在这种情况下,客户端尝试使用证书并访问域控制器。In this case, the client tries to use the certificate and reaches out to the domain controller. 然后,密钥分发中心返回“KDC_ERR_C_PRINCIPAL_UNKNOWN”错误。Then the Key Distribution Center returns a "KDC_ERR_C_PRINCIPAL_UNKNOWN" error. 客户端被强制故障转移到 NTLM。The client is forced to fail over to NTLM.

解决方案Solution

若要解决此问题,请禁止从以下注册表子项缓存域凭据:To work around the problem, disable the caching of domain credentials from the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\DisableDomainCreds - Set the value to 1

重新安装 VPN 客户端后,在 Windows 中找不到点到站点 VPN 连接Cannot find the point-to-site VPN connection in Windows after reinstalling the VPN client

症状Symptom

先删除了点到站点 VPN 连接,再重新安装 VPN 客户端。You remove the point-to-site VPN connection and then reinstall the VPN client. 在这种情况下,VPN 连接未成功配置。In this situation, the VPN connection is not configured successfully. 在 Windows 的“网络连接”设置中看不到 VPN 连接。You do not see the VPN connection in the Network connections settings in Windows.

解决方案Solution

若要解决此问题,请从 C:\Users\UserName\AppData\Roaming\Microsoft\Network\Connections<VirtualNetworkId> 删除旧的 VPN 客户端配置文件,再重新运行 VPN 客户端安装程序。To resolve the problem, delete the old VPN client configuration files from C:\Users\UserName\AppData\Roaming\Microsoft\Network\Connections<VirtualNetworkId>, and then run the VPN client installer again.

点到站点 VPN 客户端无法解析本地域中的资源的 FQDNPoint-to-site VPN client cannot resolve the FQDN of the resources in the local domain

症状Symptom

当客户端使用点到站点 VPN 连接来连接到 Azure 时,它无法解析本地域中的资源的 FQDN。When the client connects to Azure by using point-to-site VPN connection, it cannot resolve the FQDN of the resources in your local domain.

原因Cause

点到站点 VPN 客户端通常使用在 Azure 虚拟网络中配置的 Azure DNS 服务器。Point-to-site VPN client normally uses Azure DNS servers that are configured in the Azure virtual network. 在客户端配置的 Azure DNS 服务器优先于本地 DNS 服务器(除非以太网接口的标准较低),因此所有 DNS 查询都被发送到 Azure DNS 服务器。The Azure DNS servers take precedence over the local DNS servers that are configured in the client (unless the metric of the Ethernet interface is lower), so all DNS queries are sent to the Azure DNS servers. 如果 Azure DNS 服务器中没有本地资源的记录,则查询失败。If the Azure DNS servers do not have the records for the local resources, the query fails.

解决方案Solution

若要解决此问题,请确保在 Azure 虚拟网络上使用的 Azure DNS 服务器可以解析本地资源的 DNS 记录。To resolve the problem, make sure that the Azure DNS servers that used on the Azure virtual network can resolve the DNS records for local resources. 为此,可以使用 DNS 转发器或条件转发器。To do this, you can use DNS Forwarders or Conditional forwarders. 有关详细信息,请参阅使用自己的 DNS 服务器进行名称解析For more information, see Name resolution using your own DNS server

点到站点 VPN 连接已建立,但仍然无法连接到 Azure 资源The point-to-site VPN connection is established, but you still cannot connect to Azure resources

原因Cause

如果 VPN 客户端没有从 Azure VPN 网关获得路由,则可能会发生此问题。This problem may occur if VPN client does not get the routes from Azure VPN gateway.

解决方案Solution

若要解决此问题,请重置 Azure VPN 网关To resolve this problem, reset Azure VPN gateway. 若要确保正在使用新路由,必须在虚拟网络对等互连成功配置之后,再次下载点到站点 VPN 客户端。To make sure that the new routes are being used, the Point-to-Site VPN clients must be downloaded again after virtual network peering has been successfully configured.

错误:“吊销功能无法检查吊销,因为吊销服务器已脱机。(错误 0x80092013)”Error: "The revocation function was unable to check revocation because the revocation server was offline.(Error 0x80092013)"

原因Causes

如果客户端无法访问 http://crl3.digicert.com/ssca-sha2-g1.crlhttp://crl4.digicert.com/ssca-sha2-g1.crl ,则会出现此错误消息。This error message occurs if the client cannot access http://crl3.digicert.com/ssca-sha2-g1.crl and http://crl4.digicert.com/ssca-sha2-g1.crl. 进行吊销检查需要访问这两个站点。The revocation check requires access to these two sites. 此问题通常发生在配置了代理服务器的客户端上。This problem typically happens on the client that has proxy server configured. 在某些环境中,如果请求不通过代理服务器,则在边缘防火墙处会被拒绝。In some environments, if the requests are not going through the proxy server, it will be denied at the Edge Firewall.

解决方案Solution

请检查代理服务器设置,确保客户端可以访问 http://crl3.digicert.com/ssca-sha2-g1.crlhttp://crl4.digicert.com/ssca-sha2-g1.crlCheck the proxy server settings, make sure that the client can access http://crl3.digicert.com/ssca-sha2-g1.crl and http://crl4.digicert.com/ssca-sha2-g1.crl.

从 VPN 网关下载根证书时出现“错误 405”"Error 405" when you download root certificate from VPN Gateway

原因Cause

根证书尚未安装。Root certificate had not been installed. 根证书安装在客户端的可信证书存储中。The root certificate is installed in the client's Trusted certificates store.

VPN 客户端错误:未进行远程连接,因为尝试的 VPN 隧道失败。VPN Client Error: The remote connection was not made because the attempted VPN tunnels failed. (错误 800)(Error 800)

原因Cause

网卡驱动程序已过时。The NIC driver is outdated.

解决方案Solution

更新网卡驱动程序:Update the NIC driver:

  1. 单击“开始”,键入“设备管理器”,然后从结果列表中选择它 。Click Start, type Device Manager, and select it from the list of results. 如果系统提示需要管理员密码或确认,请键入密码或进行确认。If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  2. 在“网络适配器”类别中,找到要更新的 NIC。In the Network adapters categories, find the NIC that you want to update.
  3. 双击设备名称,选择“更新驱动程序”,选择“自动搜索更新的驱动程序软件” 。Double-click the device name, select Update driver, select Search automatically for updated driver software.
  4. 如果 Windows 找不到新的驱动程序,可以尝试在设备制造商的网站上查找,并按照说明执行操作。If Windows doesn't find a new driver, you can try looking for one on the device manufacturer's website and follow their instructions.
  5. 重启计算机并再次尝试连接。Restart the computer and try the connection again.

VPN 客户端错误:拨号 VPN 连接 ,状态 =“VPN 平台未触发连接”VPN Client Error: Dialing VPN connection , Status = VPN Platform did not trigger connection

你可能还会在 RasClient 的事件查看器中看到以下错误:“用户 拨打了一个名为 的连接,该连接已失败。You may also see the following error in Event Viewer from RasClient: "The user dialed a connection named which has failed. 失败时返回的错误代码是 1460。”The error code returned on failure is 1460."

原因Cause

Azure VPN Client 没有在适用于 Windows 的应用设置中启用“后台应用”应用权限。The Azure VPN Client does not have the "Background apps" App Permission enabled in App Settings for Windows.

解决方案Solution

  1. 在 Windows 中,转到“设置”->“隐私”->“后台应用”In Windows, go to Settings -> Privacy -> Background apps
  2. 将“允许应用在后台运行”切换到“开”Toggle the "Let apps run in the background" to On

错误:“文件下载错误,未指定目标 URI”Error: 'File download error Target URI is not specified'

原因Cause

这是因为配置了不正确的网关类型。This is caused by an incorrect gateway type is configured.

解决方案Solution

Azure VPN 网关类型必须是 VPN,VPN 类型必须是 RouteBased。The Azure VPN gateway type must be VPN and the VPN type must be RouteBased.

VPN 包安装程序未完成VPN package installer doesn't complete

原因Cause

此问题可能由以前的 VPN 客户端安装引起。This problem can be caused by the previous VPN client installations.

解决方案Solution

从 C:\Users\UserName\AppData\Roaming\Microsoft\Network\Connections<VirtualNetworkId> 删除旧的 VPN 客户端配置文件,再次运行 VPN 客户端安装程序。Delete the old VPN client configuration files from C:\Users\UserName\AppData\Roaming\Microsoft\Network\Connections<VirtualNetworkId> and run the VPN client installer again.

VPN 客户端在一段时间后进入休眠状态或睡眠状态The VPN client hibernates or sleep after some time

解决方案Solution

在 VPN 客户端运行的计算机中检查睡眠和休眠设置。Check the sleep and hibernate settings in the computer that the VPN client is running on.