Netextender - Error happens in tunnel negotiation(TZ300)
Hello I'm having a bit of trouble here. A single computer is having issues connecting with the sslvpn. The l2tp works perfectly fine, and in the logs on the firewall it says that the user successfully signs in. However, on the netextender application it hangs on 'connecting' on the client computer then produces this error message. I've tried the same settings and account on other Windows devices as well as Linux and MacOS and it works.
What I've tried so far on the device(Thinkpad X1 Carbon):
- Testing on a different login on the PC
- Disabled TrendM and Windows Defender
- Changing the negotiation between automatic and sslvpn
- No GPOs set that would effect it
- Removed the latest Windows security updates
- Updated the firmware and Windows to 21H2
- Tried on a different Windows account
- Tried the netextender uninstaller tool
- Manually removed it from the registry and C
- Installed the MSI through powershell
- Installed the exe and tried the Mobile Connect from the store
- Disabled ipv6
- Uninstall WAN devices in device manager
- Tried from a hotspot
- Performed a dns flush
- No rras errors on netextender application
- Virus scan performed
I'm sure I tried more than that too, but it was a bit late so forgive me for missing things. Its essentially just goes through all of the dialogues very slowly, then it hangs on 'connecting', freezes momentarily as if its going to crash, then produces the message.
I'm sure that reinstalling Windows on it would resolve everything, and that's usually what I would do, but this is more of an affiliate with the company who's primarily remote so that's not really an option.
Like mentioned, no other VPN or remote connection protocol is giving issues, not even the Sonicwall's l2tp vpn.
What version of Windows? 10 and 11 can have issues with Windows Memory Protection messing about with the NetExtender driver.
Considering it's not even your clients device, let their IT handle it.
Please test using your web browser and the firewall IP
https://Firewall_PubicIP:SSLVPN port (example https://126.96.36.199:4433)
If you see the Virtual office login screen, what happens if you type your credentials on it?
W10. I've seen the core isolation issue and a lot of broken installs on one of our clients that primarily uses Surface devices.
Trust me, normally I wouldn't go this far but the client is a law firm with a few partners being mostly remote. I also saw two installs recently with another client where I got the routing and remote access startup error(seemingly fixed itself). So I'd rather be a bit proactive than have to hear their mouths.
I can login just fine to the virtual office and download the client from there. Like I said the sonicwall itself says that the user account logs in on the logs and doesn't throw a single error.
I'm almost positive its a Windows related issue at this point because I've exhausted everything. What also leads me to believe this is he had access to it for sometime before, and this isn't a laptop that he would use outside of work. In this case I really do believe that it 'just stopped working' and nothing was changed(possibly a small security or firmware related update).
Wouldn't hurt to do low level repair: DISM to repair the Windows image, IP stack reset, maybe even play with ciphers in SCHANNEL.
Let me know if you find a resolution - I'm encountering the same issue. Not having luck rolling back to earlier NetExtender builds either - I've had a couple of Win10 machines in the past that wouldn't work past 10.2.300, but in this case earlier versions don't help.
i had same error, on some ISPs it worked on other not.
Answer Sonicwall Support please ask your provider, but they say it´s not their problem.
My solution was to prefer ip v4 in windows. Just entered following in an administrative command and rebooted PC, after this it connects.
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v DisabledComponents /t REG_DWORD /d "32" /f