Post date: Mar 24, 2016 9:13:42 AM
There is an issue with Azure Point to Site VPN - Windows 8.1 & Windows 10 while trying to access SMB shares.
Microsoft have no official fix at the moment but have a workaround.
Please see below that will fix this issue. I have tested this and it works.
As explained, this is an unfortunate consequence of the design with no fix planned in the future.
“Here is some background information on the issue:
When the P2S connection is made a certificate is placed in credential manager.
If the certificate is removed (from credential manager) you are able to access the shares over IP, Short DNS and FQDN.
When the VPN Dialer next connects the certificate is re-created in Credential manager and then prevents access to the shares once more.
By changing the following registry key to disable credential manager allows access to all shares over IP, FQDN and NetBIOS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"disabledomaincreds"=dword:00000001
But the consequences of doing this are unmeasured as it could cause problems when the device is taken on-prem.
This article could help to create a custom package using CMAK that runs a script invoked at some specific step during the VPN connection (pre-init/post-init/etc.)
https://technet.microsoft.com/en-us/library/cc732766.aspx - Add Custom Actions
The command could vary depending on the approach. But to modify the UseRasCredentials to value 0 seems the best option. Another alternative based on solutions already documented above are to delete the cached entry in Credentials Manager: cmdkey /delete but the consequences of this are unknown especially when used with mobile devices on-prem.”