08-31-2016 10:49 AM - edited 08-31-2016 10:51 AM
Does anyone else also have problems to access the windows store when connected with global protect vpn?
Actually the problem really only is the windows store app. Everything else works perfectly (internet access, accessing corporate ressources, internal websites, fileshares, ...). The store app only displays that I should check my internet connection and the error code 0x80072EFD.
The firewall has 7.0.6 installed and we have configured the vpn with the default route into the vpn tunnel.
07-17-2018 10:20 AM
Has anybody tried this fix.
we had issues with win 10 and store a while ago, i was playing with various reg settings with some success but not credible as issue would come and go... our win 10 device users, not many, just accept that they need to connect via lan to use the store but our rollout is about to go to 4000 devices, sorry for waffleing on but i now have to look into this again, i found this online which seems to have worked for some... i have yet to try as waiting for test device.
Open up gpedit on your local device
Computer Configuration/Administrator Templates/Network/Network Isolation
Enable Subnet Definitions are authoritative
Private Network ranges for Apps Enable
Then add your internal network subnet range IE 10.0.0.0/8
Restart your device and hopefully your windows store is working
i will be able to test next week so will keep posted...
08-31-2016 11:08 AM
So when you are not using GP windows store work fine?
Did you try "nslookup" from the client with Wireshark PCAP to get more details?
08-31-2016 11:34 AM
exactly, as soon as I disable GP --> the store app is able to connect
08-31-2016 11:46 AM
and I did also capture the traffic with vpn enabled and disabled ... on both captures I can see the dns queries related to the windows store app, but with vpn enabled there are ONLY the dns requests but no store-related https connection attemps
08-31-2016 12:06 PM - edited 08-31-2016 12:12 PM
How about Palo logs? Do you see the traffic from the client (GP Zone) going outside (untrust) to the Microsoft store IP as destination. Threat logs?
08-31-2016 12:21 PM
one of the various fqdn's is storeedgefd.dsx.mp.microsoft.com (when I tried it resolved to 18.104.22.168).
on the firewall I have not one packet towards this ip and also nothing in the threatlog (actually if there was traffic I would be surprised because of the fact that I had no packets in the local packet capture)
08-31-2016 12:28 PM - edited 08-31-2016 12:31 PM
Sure you said before no attempts from the client, my bad. This is strange. Did you try to do PCAP when connected through the GP on the local interface, not GP adapter? This is strange that you getting DNS but the client making desition not to initiate a connection after.
08-31-2016 12:33 PM
Yes, I also captured on that interface. For whatever reason I also see the dns requests there going out directly, but still only the dns requests and no https traffic
08-31-2016 01:03 PM - edited 08-31-2016 01:41 PM
When did you notice this first time, any os update GP? All Windows 10 clients or just you unable to access? l cannot think of anything else what could be an issue. Don't have much experience with GP
08-31-2016 01:33 PM
this problem probably existst since we are testing with windows 10 ...
08-31-2016 01:43 PM
My answer would not help you but l have noticed that Windows 10 causing a lot of issues not just with your case.
09-12-2016 01:55 AM
is really no one using global protect on windows 10? 😛
09-12-2016 08:09 AM
Personally we don't run GP at all and have chosen to just continue to use ASAs for the VPN and have the PA do everything else. The issue with GP had more to do with it not being near as user friendly as AnyConnect has been and given the choice users didn't want to switch.
05-04-2017 09:08 AM
Did you solve this issue?
A customer of mine is having the same, and he pointed me to a checkpoint URL where it states that the microsoft Virtual Adaptor for the VPN tunnel is hiddent by default, and hence prevents the connection to the store.
Let me know...
05-04-2017 12:53 PM
Unfortunately, now we stil haven't solve this issue. We just lowered the priority of this/had to accept that it does not work (actually our users don't really need this store on their working computers, so the problem is not that important)
I tried to adapt the checkpoint solution to the PANGB network adapter. But there the initial "characteristics" value was 81 (129 in decimal). I changed this to "1" but so far I am still not able to access the store when connected with VPN.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!